CONSTRUIRE
SON PROVIDER TERRAFORM
Avantages de l’Infrastructure as Code
Maxime Coulombe
Développeur Logiciel R&D, Coveo�
André Thériault
Chef d’Équipe R&D, Coveo�
1
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Coveo is a provider of intelligent and predictive search technologies (sometimes known as Insight Engines) that can index information stored in diverse repositories throughout the company, perform usage analytics and metadata enrichment on the indexed content, and make the content findable through search-driven interfaces.
2
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Infrastructure imposante à maintenir
▶ 2000+ serveurs en Production sur plusieurs régions�▶ Plusieurs déploiements par jour�▶ Plusieurs clusters Kubernetes & ECS�▶ Douzaines de databases�▶ 30+ micro-services��
3
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Construire et maintenir une infrastructure �“the old fashioned way”
4
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Qu’est-ce que infrastructure as code ?�
resource "digitalocean_droplet" "web" {
name = "web"
size = "512mb",
image = "centos-5-8-x32"
region = "frk1"
}
5
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Avantages de l’infrastructure as code ?
▶ “C’est pas ma faute, ça fonctionnait en dev”� - Permet de réduire l’asymétrie entre les environnements� - Dry-runs empêchent des erreurs qui affectent les clients
�▶ “J’pourrai pas avancer mes features cette avant-midi, on a un déploiement à faire”� - Déploiement en une seule (ou plusieurs) commande(s)� - Facilité d’intégration avec les systèmes de CI
▶ “Le gars qui sait comment ça marche est en vacances”� - Documentation avec sa syntaxe déclarative� - Pull-requests facilitent le transfert de connaissances
�▶ “Qu’est-ce tu veux dire par roll-back? C’est pas comme ça ça marche de l’infra”� - Infrastructure versionnée� - Souvent facile de revenir en arrière�����
6
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
7
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Comment ça fonctionne ?
▶ Création du plan (> terraform plan)
▶ Execution du plan (> terraform apply)
�▶ Destruction du plan (> terraform destroy)� ��
▶ Écriture du code terraform
resource "digitalocean_droplet" "web" {
name = "web"
size = "512mb",
image = "centos-5-8-x32"
region = "frk1"
}
Terraform will perform the following actions:
+ digitalocean_droplet.web
id: <computed>
image: "centos-5-8-x32"
ipv4_address: <computed>
region: "frk1"
Plan: 1 to add, 0 to change, 0 to destroy.
8
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Ne pas se limiter à son Cloud Provider
Providers
Resources
▶ Amazon AWS, Microsoft Azure, ...�▶ Docker, Kubernetes, Nomad, …�▶ Github, Gitlab, Bitbucket�▶ Datadog, Grafana, Logentries�▶ PostgresSQL, MySQL�
▶ Instances, Serveurs, Load Balancers�▶ Services, Pods, Network�▶ Projet, Repositories�▶ Account, Monitors, Dashboards�▶ Databases, Schema, Roles�
9
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
DEMO
10
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Les 4 phases de la gestion des “secrets” de votre application
11
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Circle of life
12
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Types de secrets
Types
Automatisation
▶ Clefs SSH�▶ Comptes utilisateurs de DB�▶ Clefs d’encryptions�▶ Clefs d’API, OAuth Secret Keys�
▶ ssh-keygen -t rsa -C "email@email"�▶ CREATE ROLE david LOGIN;�▶ openssl rand -base64 32�▶ POST http://remote-system/apikey�
13
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Types de secrets
Types
Terraform
▶ Clefs SSH�▶ Comptes utilisateurs de DB�▶ Clefs d’encryptions�▶ Clefs d’API, OAuth Secret Keys�
▶ null_resource / local-exec�▶ MySQL / PostgreSQL Provider�▶ Random Provider�▶ Dépend du système�
14
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Terraform + Golang = Custom Provider
In Terraform, a Provider is the logical abstraction of an upstream API. This guide details how to build a custom provider for Terraform.
�Terraform supports a plugin model, and all providers are actually plugins. Plugins are distributed as Go binaries.�
15
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Création de son provider
Un provider est tout simplement un objet, contenant des resources
package main
import (
"github.com/hashicorp/terraform/helper/schema"
)
func Provider() *schema.Provider {
return &schema.Provider{
ResourcesMap: map[string]*schema.Resource{},
}
}
16
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Création de ses resources
Une resource est la représentation d’une composante de notre provider.
func resourceServer() *schema.Resource {
return &schema.Resource{
Create: resourceServerCreate,
Read: resourceServerRead,
Update: resourceServerUpdate,
Delete: resourceServerDelete,
Schema: map[string]*schema.Schema{
"address": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
[...]
17
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Création de son “provider”
Une resource peut invoquer 4* actions: “Create”, “Read”, “Update” et “Delete”
func resourceServerCreate(d *schema.ResourceData, m interface{}) error {
return resourceServerRead(d, m)
}
func resourceServerRead(d *schema.ResourceData, m interface{}) error {
return nil
}
func resourceServerUpdate(d *schema.ResourceData, m interface{}) error {
return resourceServerRead(d, m)
}
func resourceServerDelete(d *schema.ResourceData, m interface{}) error {
return nil
}
18
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Planification de notre provider Coveo�
Organisation
▶ Source de documents
▶ Utilisateurs
▶ Rapports
▶ [...]
▶ Clefs API
19
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Planification de notre provider Coveo�
Provider - Coveo
Resource - Organization
▶ Id
▶ Nom
Resource - Clef API
▶ Nom
▶ Description
▶ Valeur
▶ Permissions
20
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
DEMO
21
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL
Merci
▶ Notre blog technique source.coveo.com�▶ Nos projets github.com/coveo�▶ Providers Terraform terraform.io/docs/providers/�▶ Référence custom provider terraform.io/docs/extend/��
22
Copyright © 2018 Coveo Solutions Inc. All rights reserved. Proprietary and CONFIDENTIAL