HPE-CIHT (1)

1
(No Transcript)
2
Terraform cloud

• Terraform Cloud is a managed service offered by
  HashiCorp that allows you to use Terraform to
  manage your infrastructure in the cloud.
• It provides features such as
• A web-based UI for collaborating on and reviewing
  infrastructure changes.
• A private Terraform module registry for sharing
  and reusing infrastructure code.
• Integration with version control systems (VCS)
  such as Git to track and manage infrastructure
  changes.
• The ability to run Terraform operations, such as
  apply and destroy, remotely.
• A backend for storing Terraform state, which can
  be shared with other team members and used to
  track infrastructure changes.
• Collaboration and governance features, such as
  the ability to set up approval workflows for
  infrastructure changes.

3
VCS

• A version control system (VCS) is a tool that
  allows you to track changes to your code over
  time and collaborate with other developers on
  projects. Terraform is a tool for building,
  changing, and versioning infrastructure
  safely and efficiently.

• There are several ways you can use a VCS with
  Terraform to manage your infrastructure?
• Store Terraform configuration files in a VCS?
• Use Terraform to manage VCS repositories?
• Use a VCS to store Terraform state?
• Use a VCS as a backend for Terraform

4
VCS Workflow

• A VCS-driven workflow provided by Terraform Cloud
  automatically initiates runs in response to
  changes to your VCS repositories. ?
• While the VCS-driven workflow promotes team
  collaboration by designating your shared
  repositories as the source of truth
  for infrastructure configuration, the CLI-driven
  workflow enables you to quickly iterate on your
  setup and work locally.

5
Vault Integration

• Vault is a tool for securely storing and
  accessing secrets, such as API keys, passwords,
  and certificates. It can be integrated into a
  variety of systems and applications to provide
  secure access to sensitive information.

• There are several ways to integrate Vault into
  your system or application?
• Using the Vault API?
• Using the Vault CLI?
• Using Vault integrations?
• Using Vault plugins

6
Case study Vault integration

• HCP Vault
• The managed Vault service from HashiCorp, known
  as HashiCorp Cloud Platform Vault (HCP Vault),
  gives users all the strength and security of
  Vault without the hassle and cost of
  administering it themselves. With this choice,
  users can concentrate on maximising the value of
  Vault Enterprise capabilities rather than
  worrying about downtime, maintenance, or the
  environment. HCP Vault was an easy candidate for
  the integration use case because TCB and
  ServiceNow both operate in the cloud.  
• Terraform Cloud Business (TCB)
• AHEAD and HashiCorp decided to use TCB to host
  the Terraform modules that are in charge of
  creating the Vault Environment and the workload
  during the design phase. This was a logical
  choice for our demo setting given TCB's
  connectivity with ServiceNow. In addition to
  spinning up modules that could automatically
  generate HCP Vault namespaces and configure
  secrets engines (in our instance, the GCP
  engine), we divided our demo environment into a
  number of workspaces.

7
Case study cont.

• To instal the HCP Vault cluster, we used an HCP
  module and the HCP Provider for Terraform created
  by HashiCorp. Following that, we configured the
  admin, namespace, policies, and secrets engine
  using the HashiCorp Vault Provider. As a result,
  we were able to ask HCP Vault for a dynamic
  secret for GCP automatically. We and our clients
  were very interested in demonstrating how dynamic
  secrets might be created, utilised, and removed
  in a predetermined amount of time for
  provisioning infrastructure, and we believe this
  use case will have many applications across cloud
  infrastructure.
• Finally, using TCB, we can demonstrate how
  Auto-Apply and a manual approval procedure differ
  as well as HashiCorp Sentinel's policy as code
  feature, which looks for prohibited GCP machine
  types.

8
CASE STUDY CONT.

• ServiceNow Integration

9
CASE STUDY CONT.

• Creating a custom catalogue item with variables,
  configuring the ServiceNow flow to properly
  transmit the data to the TCB REST API with the
  correct endpoint, and leveraging the Terraform
  Cloud interface for ServiceNow were all steps
  in our ServiceNow workflow. We had to set up the
  flow in the Flow Designer to call the appropriate
  TCB API endpoint in order to configure the
  integration appropriately. We only needed to
  generate a few OAuth tokens and put them on
  the configuration page of the Terraform Cloud
  integration in ServiceNow to handle
  authentication for TCB.
• TCB generates dynamic credentials for GCP
  authentication using HCP Vault, so our process in
  ServiceNow can just concentrate on the user
  interface and obtaining the necessary data from
  the user. Users can choose regions, zones, and
  environment types freely when using dropdowns in
  the catalogue item, whereas administrators and
  developers of Infrastructure as Code can impose
  restrictions on the types of infrastructure that
  users can provision.

10
CASE STUDY CONT.

• For instance, the environment choices (Development
  , Test, and Production) align to a machine_types m
  ap variable in the Terraform module, which looks
  like this
• Users in ServiceNow dont need to know exactly
  how the environments map to the GCP machine
  types, and administrators are free to add or
  update machine type options in TCB with minimal
  changes to the ServiceNow catalog item.

11

• Google Cloud Platform Integration
• The last piece to build was the Terraform module
  for the Google Cloud Platform integration. During
  the Terraform run, the Terraform agent logs into
  HCP Vault to retrieve dynamic credentials for use
  in GCP. Once these credentials are retrieved, the
  business logic in the Terraform module is used to
  provision a VPC Network, Subnet, Firewall, VM
  Instance, SSH keys, and finally, execute a remote
  script on the provisioned machine.
• Once the apply has completed successfully,
  Terraform Cloud returns an IP address and
  information for accessing the machine within GCP.
  In our demo environment, we used the
  Terraform remote-exec provisioner to install the
  Apache HTTP Server, kicked off a shell script to
  create a simple HTML page, and spun up the server
  to serve the page when the IP address was
  queried. In an enterprise scenario, configuration
  management might be handled by Chef or Puppet to
  pull down dependencies for business applications.

12
Case study outcome

• This environment serves as a demonstration of the
  effectiveness of Infrastructure as Code utilizing
  Terraform, the power of TCB, HCP Vault, and the
  simplicity with which users can self-serve
  infrastructure. Simply by establishing additional
  secrets engines in HCP Vault and reusing
  Terraform modules for different environments,
  this environment might be expanded in the future
  to employ other cloud providers or infrastructure
  on-premises. Building a framework for connecting
  services with the aim of delivering a smooth user
  experience for providing and updating
  infrastructure as required.

13
Case study conclusion

• The scenario's overview and its construction in
  HCP Vault, Terraform Cloud Business, ServiceNow,
  and Google Cloud Platform have now been covered. 
• Based on business goals and governance standards,
  this notion may be applied to a variety of
  scenarios and enterprise workloads.
• Without the solid cooperation of
  HashiCorpparticularly the Partner Solution
  Engineering team working with AHEADthis
  architecture and configuration of HCP Vault, TCB,
  ServiceNow, and GCP would not have been
  possible. 
• No matter where our customers are in their
  business cloud journey, AHEAD can support them,
  from getting started in the cloud to creating an
  Automation Hub similar to the idea we outlined
  above.

14
Multibranch

• In the context of Terraform, "multi-branch"
  typically refers to a workflow in which different
  branches in a version control system (VCS) are
  used to manage and deploy different environments,
  such as development, staging, and production.

• Here is an example of how a multi-branch workflow
  might work with Terraform?
• Create a VCS repository for your infrastructure
  code and configure it to use Terraform.?
• Create a branch for each environment you want to
  manage with Terraform (e.g., "development",
  "staging", "production").?
• Write Terraform configuration files for each
  environment and commit them to the appropriate
  branch.?
• Use Terraform to deploy each environment by
  specifying the appropriate VCS branch as the
  source for the configuration files.?
• Use the VCS to track and manage changes to the
  infrastructure in each environment.

Lab-Multibranch
15
workspaces

• Terraform workspaces are a way to organize and
  manage multiple instances of infrastructure
  managed by Terraform. You can use workspaces to
  represent different environments (such as
  development, staging, and production), or
  to represent different components of your
  infrastructure (such as front-end and back-end
  systems).

• Here are some key points about Terraform
  workspaces?
• Each workspace is associated with a separate
  Terraform state file, which stores the current
  state of the infrastructure managed by that
  workspace.?
• You can switch between workspaces by using
  the terraform workspace select command. This
  allows you to easily manage and deploy
  different instances of your infrastructure.?

16
Templates

• Terraform templates are configuration files
  written in the HashiCorp Configuration Language
  (HCL) that define infrastructure as code. You can
  use Terraform templates to specify the resources
  you want to create, and the dependencies between
  those resources.

• Here are some key points about Terraform
  templates?
• Terraform templates use a declarative syntax,
  which means you specify the desired end state of
  your infrastructure and Terraform figures out how
  to create it.?
• Terraform templates can be used to manage a wide
  range of infrastructure resources, including
  compute instances, networking resources, storage
  resources, and more.?
• You can use variables in your Terraform templates
  to make them more reusable and flexible. For
  example, you could define a variable for the
  region in which you want to create resources, and
  then use that variable in your template.

17
Ansible tower

• Ansible Tower is the enterprise version of
  Ansible. It allows sysadmins to deploy all the
  benefits of Ansible at scale. 
• Ansible Tower is a web-based application that
  provides a centralized platform for managing and
  automating Ansible infrastructure. 
• It is designed to help organizations automate
  their infrastructure and application deployments,
  as well as manage and monitor the status of their
  environments. 

18
Projects

• One of the key features of Ansible Tower is the
  ability to create and manage projects. 
• A project in Ansible Tower is a collection of
  Ansible playbooks, variables, and other related
  content. 
• It is used to organize and manage the resources
  needed to run your Ansible playbook tasks. You
  can use projects to group your playbooks and
  other content by functionality, environment, or
  any other criteria that makes sense for your
  organization. 

19
Playbooks

• Ansible playbooks are files that contain a set of
  instructions or tasks that are executed in order.
  
• They are written in the YAML language and are
  used to automate complex workflows and manage
  infrastructure and applications. 
• Playbooks consist of a series of tasks that are
  executed sequentially.
• Each task can be a single Ansible module or a set
  of modules that perform a specific action, such
  as installing software, configuring systems, or
  deploying applications. 
• Playbooks can be used to manage a wide range of
  environments, including servers, virtual
  machines, cloud instances, and network devices.
• They can be run on a single host or on a group of
  hosts, and they can be scheduled to run at a
  specific time or on a regular basis. 

20
jobs

• In Ansible, a job refers to a task or a set of
  tasks that are executed on one or more managed
  hosts. Jobs can be used to automate a variety of
  tasks, including installing software, configuring
  systems, and deploying applications. 

• There are a few different ways to create and run
  jobs in Ansible, including ?
• Using the "ansible" command ?
• Using playbooks ?
• Using the Ansible Tower web interface

Lab- Creating Projects and managing playbooks
21
Inventory

• In Ansible Tower, an inventory is a collection of
  hosts (i.e., devices or systems) that are managed
  by Ansible. These hosts can be physical servers,
  virtual machines, or cloud instances, and they
  can be managed individually or as part of a
  group.

• Ansible Tower allows you to manage your inventory
  in several ways, including?
• Static inventory?
• Dynamic inventory?
• Cloud inventory

• Ansible Tower allows you to manage your inventory
  in several ways, including?
• Static inventory?
• Dynamic inventory
• ?
• Cloud inventory

22
Dynamic inventory

• Static inventory A static inventory is a list of
  hosts that is stored in a file (e.g., a CSV or
  INI file) and does not change unless the file is
  updated manually. 
• Dynamic inventory A dynamic inventory is a list
  of hosts that is generated dynamically by a
  script or API. This allows you to manage a large
  number of hosts without having to update the
  inventory manually. 
• Cloud inventory Ansible Tower can integrate with
  cloud providers (e.g., Amazon Web Services,
  Microsoft Azure, Google Cloud Platform) and
  automatically discover and manage hosts in those
  environments.

23

• This tab displays a list of the inventories that
  are currently available. The inventory list may
  be sorted and searched by Name or Organization,
  and filtered by inventories with external
  sources, inventories with external sources that
  have failed to update, and inventories whose
  hosts have failed jobs. 

24

• The list of inventories includes 
• Status This includes the status of inventory
  synchronization for inventories configured with
  cloud sources, and the status of recent jobs for
  this inventory. 
• Name The inventory name. Clicking the Inventory
  name navigates to the properties screen for the
  selected inventory, which shows the
  inventorys groups and hosts. (This view is also
  accessible from the Action menu.) 
• Organization The organization to which the
  inventory belongs. 
• Actions The following actions are available for
  the selected inventory 
• Edit Edit the properties for the
  selected inventory 
• Delete Delete the selected inventory. This
  operation cannot be reversed! 

25
Job templates

• In Ansible Tower, a job template is a pre-defined
  configuration for running a job. 
• It specifies the details of the job, such as the
  playbook that should be run, the hosts or groups
  of hosts that the playbook should be applied to,
  and any extra variables or options that should be
  used. 
• Job templates can be created and managed from the
  Ansible Tower web interface.
• They allow you to define the parameters of your
  jobs in a centralized location, making it easier
  to run and manage your jobs on an ongoing basis.

26

• There are a few key benefits to using job
  templates in Ansible Tower?
• Simplified job management?
• Improved efficiency?
• Improved collaboration

Lab- adding a new inventory and scanning job
templates
27
Parallel exec

• Parallel execution in Ansible refers to the
  ability to run multiple tasks or playbooks
  concurrently, rather than sequentially. This can
  be useful for improving the efficiency of your
  Ansible workflow and reducing the time it takes
  to complete tasks.

• There are a few different ways to achieve
  parallel execution in ansible, including?
• Using the "async" and "poll" options?
• Using the "parallel" option?
• Using the "delegate_to" option?
• Using the "run_once" option

28

• Using the "async" and "poll" options These
  options allow you to run a task asynchronously
  and check its status later. This can be useful
  for running tasks in parallel, as you can launch
  multiple tasks at the same time and then check
  their status later. 
• Using the "parallel" option This option allows
  you to specify the number of tasks that should be
  run concurrently. For example, you can use the
  "parallel" option to run three tasks at the same
  time. 
• Using the "delegate_to" option This option
  allows you to specify that a task should be run
  on a specific host. By using the "delegate_to"
  option, you can run tasks on multiple hosts
  concurrently. 
• Using the "run_once" option This option allows
  you to specify that a task should only be run
  once, regardless of how many hosts it is being
  applied to. By using the "run_once" option, you
  can run tasks on multiple hosts concurrently, as
  each task will only be run once.