Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

How should I organize a large number of unrelated Infrastructure as Code projects?

Y
yajahira last edited by

I work at a municipal government with many departments. Teams from these departments request new servers for specific uses/applications. Our environment is currently using VMware VSphere (~1500 VMs, 2 datacenters, 50 hosts/blades) and we'll be migrating gradually to Azure over the next few years.

I'm just starting with Terraform and can build VMs with it, one at a time. Should I create one Terraform project per server? Or is it worth it to group them somehow? Most of the requests are for one or two servers at a time; sometimes up to four at a time. Each request tends to be unrelated to any previous requests.

Is there a source that covers the theory of organizing something on this scale? Or should I just accept that we'll have to maintain 1500 sets of TF project files?
Reply Quote 0
1 Reply Last reply
T
tahishae last edited by

I assume this is what Terragrunt would help to solve. It adds a new layer where you can easily manage complex infrastructure or keep your work DRY.
Reply Quote 0
1 Reply Last reply

2
Posts

0
Views

Suggested Topics

T

DevOps Newbie - How to automate windows infrastructure deployment?
Continuous Integration and Delivery (CI, CD) • vmware terraform packer • • Trenton

2

0
Votes

2
Posts

1
Views

R

The first thing I can recommend for you is to remove all of the manual steps in your deployment pipeline. DevOps is all about automating as much as possible to allow for fast, frequent, and safe deployment of your infrastructure. Second, if you haven't already, I would recommend using a build and deployment tool (Jenkins, Bamboo, GitLabCI, etc.) to compile your binaries and execute your automated deployment/configuration scripts. Having a central location for your deployments allows you to be able to scale more effectively, avoid repetition, and monitor your deployments more accurately. You should also store ALL of your scripts in some form of revision control ASAP (if they are not already). Finally, I recommend you read up more on DevOps best practices and how it can affect your organization. In order for DevOps to be truly effective, your entire development team and company must adopt best practices and be 100% on board with a shift in how you manage your deployments. Some reading I can recommend are: The Phoenix Project by Gene Kim, Kevin Behr, and George Spafford A telling of a fictional, but very realistic story of DevOps transforming a company and the opticals that the team faces to get there. The DevOps Handbook by Gene Kim, Patrick Debois, John Willis, Jez Humble, and John Allspaw Outlines the steps/stages to transform your company into a DevOps organization along with an assortment of real life DevOps transforming case studies. Accelerate by Nicole Forsgren, Jez Humble, and Gene Kim A plethora of empirical data and analysis on how DevOps has improved organizations both within IT and the entire company. Continuous Integration by Paul Duvall, Steve Matayas, and Andrew Glover Lays out the steps to take to move your organization to be able to deploy to the highest standards possible.
How do I install Terraform libvrit_cloudinit?
Continuous Integration and Delivery (CI, CD) • terraform cloud init • • briley

2

0
Votes

2
Posts

1
Views

G

Try to use libvirt_cloudinit_disk instead of libvirt_cloudinit. I think it is deprecated.
A

How to build Java project on existing virtual machine in Azure?
Continuous Integration and Delivery (CI, CD) • java git maven azure devops cicd • • Anderson

2

0
Votes

2
Posts

1
Views

You can use a custom build container image for your pipeline with Maven and all of your other dependencies. You will need to: Create a Dockerfile that installs Maven and all other dependencies that you have Build the image and upload it to a custom Azure Container Registry Modify your YAML pipeline file to reference the new build image Sample: resources: containers: - container: build_container image: demoxyz.azurecr.io/pipeline-build-image:latest endpoint: AzureCR options: '-v /usr/bin/docker:/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock' Here is an article that discusses the topic.
O

How to get code onto aws ec2 instance using terraform and gitlabs
Continuous Integration and Delivery (CI, CD) • amazon web services gitlab terraform amazon ec2 • • Oba22

2

0
Votes

2
Posts

1
Views

S

Setup a Jenkins server. Please do code checkout using Jenkins. Jenkins supports parameterized build. you can pass selected parameter from Jenkins UI to linux bash. Then use linux's cli command to fire terraform.Terraform supports several workspace. You can use same code for dev, test and prod. terraform workspace new dev Use this command to create new workspace. After that , we can use this workspace name to your code. Below is the content of local.tf locals { env = terraform.workspace } Like below use the same code for multiple env. resource "aws_autoscaling_group" "asg" { name = "${local.env}-${local.project}-demo-asg" } Moreover to save your state file securely , you can use s3 as backend. terraform { backend "s3" { bucket = "tfstate-demo" key = "keyfiles" region = "ap-southeast-1" dynamodb_table = "tfstate-demo" } } To separate backend and frontend service, use best practice of AWS. Create a public ALB for frontend and then move traffic to backend services via private ALB. You can use Ansible as a configuration manager to build your server then create a AMI of that using packer. Later on, use the same AMI in ASG.
Y

Terraform | Upgrade to 0.12 error Reference to "count" in non-counted context
Continuous Integration and Delivery (CI, CD) • terraform • • yajahira

2

0
Votes

2
Posts

1
Views

B

It looks like your underlying goal here is to retrieve the full set of attributes for each of your subnets that are marked as Tier = public. Here's a different way to do that using features from Terraform 0.12.6: data "aws_subnet_ids" "public" { vpc_id = data.aws_vpc.vpc.id tags = { Tier = "public" } } data "aws_subnet" "public" { for_each = data.aws_subnet_ids.public.ids id = each.value } With the above, you should find that data.aws_subnet.public is a map from subnet id to the attributes of that particular subnet. The reason for the error in your case is that you used count.index but didn't set the count argument, and so there is no count index to return. The count-based equivalent of the above, which is more similar to your original example, would be this: data "aws_subnet_ids" "public" { vpc_id = data.aws_vpc.vpc.id tags = { Tier = "public" } } data "aws_subnet" "public" { count = length(data.aws_subnet_ids.public.ids) id = sort(data.aws_subnet_ids.public.ids)[count.index] } The result of this is very similar to the for_each-based example I gave above, but with one significant difference: in this case data.aws_subnet.public will be a list of subnet objects, ordered by the lexical ordering of their subnet ids. That will usually make the result harder to use elsewhere in the configuration, so I'd suggest using the for_each approach unless there's a specific reason why you need a list. (If you use a map and then later find that you need a list in a specific context, you can always use values(data.aws_subnet.public) to take the values from the map, in the same lexical order.)
G

Which organization types are targeted by DevOps transformation?
Continuous Integration and Delivery (CI, CD) • transformation • • guilherme

2

0
Votes

2
Posts

1
Views

K

DevOps applies to Organization Type 2, the Business to Business entity as much if not more than the first Organization type. There are two possible scenarios here: Scenario 1 In the first they are selling a product or service to businesses. In terms of DevOps, this makes them virtually indistinguishable from Organization Type 1. Though their customer is a business/group of individuals, they are providing a product or service to a customer. This customer just happens to be a business instead of a private individual, this is is irrelevant to execution of DevOps. Contracted with specific software goals, clearly defined requirement or otherwise, the best value and customer service will be provided by a DevOps model for reasons that do not need to be restated here. Scenario 2 This scenario happens to be a bit more exceptional as in this case, Organization Type 2 is providing consulting services to a business. Presumably and usually, a business hires a consultant for business assistance within the consultant's domain of expertise. Businesses have technical support for assistance with specific technologies and can contract en engineer for migrations, but when issues such as risk management, overall architectural design, process, flow and high-level questions arise, this is when a consultant is hired for their business advice. This is why it is important to remember that DevOps is not a role. I would argue that DevOps represents a business or organizational management processes - or even a philosophy. It is more or less a specific way of implementing an agile methodology that has been extended well beyond just development to encompass many disciplines and departments. As such, DevOps is a package deal - in order to be successful at DevOps, you have to be committed to a specific business philosophy of organizational management. In fact, in order to illustrate this point, In "The Phoenix Project", Board member Erik Reid repeatedly drags the Book's main character, Bill Palmer, to a parts manufacturing plant in order to illustrate and teach Bill things about technology and software development by drawing business lessons from the manufacturing sector. This is authors Gene Kim, Kevin Behr and George Spafford's way of driving home the point that DevOps is more than just way of doing things, or specific technologies, but is a philosophy of business simply known by various nom de plumes. So, in order to provide the best value to the company to which a consultant is consulting, it is incumbent upon the consultant to demonstrate and explain the value of DevOps and assist a company in successfully executing on this business philosophy and guide the company to specific technologies and ways of doing that. In short, it is the consulting companies job to act as an "Erik Reid" to whatever business has contracted their consulting services. In short, DevOps should be very important to Organization Type 2 because it is their job as a consultant to explain to their customer why it is important - they should always be selling DevOps consulting. Consultants working with a company who refuses to consider DevOps should consider politely suggesting that perhaps they aren't the right fit. their customer can hire a generic code monkey from anywhere if they want to continue to (unsuccessfully) continue to do projects the way they have always done them.
What is the optimum number of people in a weekly oncall schedule?
Continuous Integration and Delivery (CI, CD) • process • • emmalee

2

0
Votes

2
Posts

1
Views

A

well, this is not your answer but I hope it helps ... I lived both situations when I was single and no kids. When the staff was short my boss tried to motivate us by talking about the extra money and giving half day off. (I liked) When the staff of complete I was getting on-call once a month and the money wasn't good enough to pay for the trouble. (I hated it) I recommend to assess where your team is, personally and professionally, and put a few suggestion to be voted by them. Then give them the ability to self manage their schedule.
T

Terraform's local state (the 2 tfstate files) contain very sensitive info
Continuous Integration and Delivery (CI, CD) • terraform secret management • • Trenton

2

0
Votes

2
Posts

1
Views

P

Do not store your state in anything besides remote backend. Even if you store it in a remote backend the secrets will appear in a plain text again, this is an ongoing Terraform limitation. In our case we are using AWS S3 backend ( although we have multi cloud environments ), we've got those key benefits out of the box: Encryption in transit and at rest. Access policy configuration. Durability and availability close to the maximum. Locking capability. Versioning. Please do not go with locally-maintained repos that are redundant as possible.
T

How do developers handle developing large scaled dockerized applications locally?
Continuous Integration and Delivery (CI, CD) • docker kubernetes macos • • Trenton

2

0
Votes

2
Posts

0
Views

J

TL;DR : you need a shared integration environment There are a lot of moving parts here, so giving explicit advice on what to do might be quite impossible. When you're faced with a complex situation, the trick is to know how to think, rather than what to do. This question will invite the criticism of generating opinionated answers, because there are many ways to provide a more stable development environment. A guiding principle may be however the idea of https://12factor.net/dev-prod-parity from the https://12factor.net app which states: Keep development, staging, and production as similar as possible If the development teams on the various components follow independent release cycles (which they should, if the application is properly composed of microservices), then it would make sense to have a shared integration environment to develop against. This could be hosted remotely and provide a single environment for all developers. Of course, this means you need to have access to that shared environment, and hence the network, so you will lose some offline capabilities. However, it seems like the only way to maintain offline development capability would be upgrading each individual member's hardware, so I'm guessing that you will be forced one way or another to do development connected to the network. If you're going to have network access, you might as well have access to a shared integration environment. The tricky part of course is ensuring that this environment stays current and correct. This is where the practice of continuous delivery comes in. If you have, say, 4 teams working on 4 separate components of the application, then changes to each of those 4 components should be properly versioned and continuously delivered to the shared environment. A good starting discussion for for developing robust APIs, I found is https://increment.com/apis/web-api-versioning/ .
M

Can jenkins control baremetal with ipmi
Continuous Integration and Delivery (CI, CD) • jenkins terraform jenkins plugins • • magpie

2

0
Votes

2
Posts

1
Views

O

Generic answer yes, it is possible with a lot of work... Is it something wise to do? In my opinion no, you should convert your bare metal nodes to hypervisors with low maintenance and use common tooling to start slaves Virtual Machines on those hypervisors.
N

Bamboo Group Deploy Projects
Continuous Integration and Delivery (CI, CD) • bamboo • • nishika

2

0
Votes

2
Posts

1
Views

A

There is an improvement issue open for, I think, exactly what you're looking for: Bamboo should be able to group projects: Description I'm mulling over redoing our project heirarchy and grouping things a little more logically, and realize that being able to group projects in Bamboo would be brilliant. It's already stellar that each project can contain multiple build plans. Having project groups (a la Jira) would make my OCD squeal. Any chance of this?
G

Accessing attributes from within recipes
Continuous Integration and Delivery (CI, CD) • configuration configuration management chef infrastructure as code • • gionna

2

0
Votes

2
Posts

1
Views

T

I think that according to chef documentation you should use normal with node data. A normal attribute is a setting that persists in the node object. A normal attribute has a higher attribute precedence than a default attribute. you can read about it here: https://docs.chef.io/attributes.html https://docs.chef.io/knife_node.html some example: "normal": { "ebs": { "devices": [ { "mount_device": "/dev/xvdf", "encrypt": true, "volume_mapping": [ { "device": "/dev/xvdf" } ] } ] }, In you recipe: if node.ebs.devices[0]['mount_device'] == '/dev/xvdf' and node.ebs.devices[0]['encrypt'] ... Another example with node['myattribute'] "normal": { "myattribute": "myvalue" },
J

cosmosdb_account virtual_network_rule for_each
Continuous Integration and Delivery (CI, CD) • azure terraform • • jules

2

0
Votes

2
Posts

0
Views

S

A dynamic block does not use the each keyword, but the value of the iterator argument instead. If omitted, it will use the name of the dynamic block instead. Or as https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks states it: The iterator argument (optional) sets the name of a temporary variable that represents the current element of the complex value. If omitted, the name of the variable defaults to the label of the dynamic block. It's generally fine to omit the iterator argument and just go with the (what should be a) unique name of the block. In your case, replace each.value with virtual_network_rule.value, so you get: dynamic "virtual_network_rule" { for_each = var.virtual_network_subnet_ids content { id = virtual_network_rule.value } } If you do want to use the iterator argument, it would look something like this: dynamic "virtual_network_rule" { for_each = var.virtual_network_subnet_ids iterator = "rule" content { id = rule.value } }
How to avoid a high number of requests for avoiding Amazon AWS EC2 instance AutoScalin?
Continuous Integration and Delivery (CI, CD) • amazon web services amazon ec2 • • Demir

2

0
Votes

2
Posts

1
Views

G

First of all, the number of connections is not a common metric to use for autoscaling. Much more common is CPU utilization or possibly the amount of network traffic. If you are happy with the performance of your application at a certain utilization level, you can modify the corresponding alarms configured in the auto-scaling group, so that autoscaling happens only at higher levels of your metric. Secondly, you can limit auto-scaling to a certain number of instances. When this number is reached, no further scaling will occur. Finally, if your traffic has a significant proportion of GET requests, it may be easiest to ensure caching headers are set appropriately and traffic is routed through a CloudFront distribution before it reaches the load balancer. This will likely eliminate most of the GET requests from the load balancer altogether.
K

Calling a Terraform object in seperate folder
Continuous Integration and Delivery (CI, CD) • azure terraform azure devops • • Kadyn

2

0
Votes

2
Posts

1
Views

G

Using a remote state file and referencing the state from a different state template would be the way I would go. Would need to add an output to resource that needs to be shared as well as configuring remote state storage, access controls, and security. This URL has example of setting up the remote backend in azureRM. https://www.terraform.io/docs/backends/types/azurerm.html

How should I organize a large number of unrelated Infrastructure as Code projects?

Suggested Topics

DevOps Newbie - How to automate windows infrastructure deployment? Continuous Integration and Delivery (CI, CD) • vmware terraform packer • • Trenton

How do I install Terraform libvrit_cloudinit? Continuous Integration and Delivery (CI, CD) • terraform cloud init • • briley

How to build Java project on existing virtual machine in Azure? Continuous Integration and Delivery (CI, CD) • java git maven azure devops cicd • • Anderson

How to get code onto aws ec2 instance using terraform and gitlabs Continuous Integration and Delivery (CI, CD) • amazon web services gitlab terraform amazon ec2 • • Oba22

Terraform | Upgrade to 0.12 error Reference to "count" in non-counted context Continuous Integration and Delivery (CI, CD) • terraform • • yajahira

Which organization types are targeted by DevOps transformation? Continuous Integration and Delivery (CI, CD) • transformation • • guilherme

What is the optimum number of people in a weekly oncall schedule? Continuous Integration and Delivery (CI, CD) • process • • emmalee

Terraform's local state (the 2 tfstate files) contain very sensitive info Continuous Integration and Delivery (CI, CD) • terraform secret management • • Trenton

How do developers handle developing large scaled dockerized applications locally? Continuous Integration and Delivery (CI, CD) • docker kubernetes macos • • Trenton

Can jenkins control baremetal with ipmi Continuous Integration and Delivery (CI, CD) • jenkins terraform jenkins plugins • • magpie

Bamboo Group Deploy Projects Continuous Integration and Delivery (CI, CD) • bamboo • • nishika

Accessing attributes from within recipes Continuous Integration and Delivery (CI, CD) • configuration configuration management chef infrastructure as code • • gionna

cosmosdb_account virtual_network_rule for_each Continuous Integration and Delivery (CI, CD) • azure terraform • • jules

How to avoid a high number of requests for avoiding Amazon AWS EC2 instance AutoScalin? Continuous Integration and Delivery (CI, CD) • amazon web services amazon ec2 • • Demir

Calling a Terraform object in seperate folder Continuous Integration and Delivery (CI, CD) • azure terraform azure devops • • Kadyn

DevOps Newbie - How to automate windows infrastructure deployment?
Continuous Integration and Delivery (CI, CD) • vmware terraform packer • • Trenton

How do I install Terraform libvrit_cloudinit?
Continuous Integration and Delivery (CI, CD) • terraform cloud init • • briley

How to build Java project on existing virtual machine in Azure?
Continuous Integration and Delivery (CI, CD) • java git maven azure devops cicd • • Anderson

How to get code onto aws ec2 instance using terraform and gitlabs
Continuous Integration and Delivery (CI, CD) • amazon web services gitlab terraform amazon ec2 • • Oba22

Terraform | Upgrade to 0.12 error Reference to "count" in non-counted context
Continuous Integration and Delivery (CI, CD) • terraform • • yajahira

Which organization types are targeted by DevOps transformation?
Continuous Integration and Delivery (CI, CD) • transformation • • guilherme

What is the optimum number of people in a weekly oncall schedule?
Continuous Integration and Delivery (CI, CD) • process • • emmalee

Terraform's local state (the 2 tfstate files) contain very sensitive info
Continuous Integration and Delivery (CI, CD) • terraform secret management • • Trenton

How do developers handle developing large scaled dockerized applications locally?
Continuous Integration and Delivery (CI, CD) • docker kubernetes macos • • Trenton

Can jenkins control baremetal with ipmi
Continuous Integration and Delivery (CI, CD) • jenkins terraform jenkins plugins • • magpie

Bamboo Group Deploy Projects
Continuous Integration and Delivery (CI, CD) • bamboo • • nishika

Accessing attributes from within recipes
Continuous Integration and Delivery (CI, CD) • configuration configuration management chef infrastructure as code • • gionna

cosmosdb_account virtual_network_rule for_each
Continuous Integration and Delivery (CI, CD) • azure terraform • • jules

How to avoid a high number of requests for avoiding Amazon AWS EC2 instance AutoScalin?
Continuous Integration and Delivery (CI, CD) • amazon web services amazon ec2 • • Demir

Calling a Terraform object in seperate folder
Continuous Integration and Delivery (CI, CD) • azure terraform azure devops • • Kadyn