Terraform is a wonderful tool! It helps simplify DevOps work. It turns the thorny bramble of delicate networking, users, databases, and virtual machines into a simple and well-running machine. It allows us to chant "infrastructure as code" to the amusement of well-meaning technologists. Best of all: it lets us have consistent environments. A dev can wreak havoc, learn things, then create a Terraform patch that applies to the entire collection of systems, making everything just a little bit cleaner and better understood.
Terraform, although being a moderately baked and flexible tool, has a few warts. One challenge is that it doesn't play with manually-created resources very well. If you create some users in Terraform, and some users in the AWS Console, applying Terraform later will try to delete the manual users. Terraform imagines that it is the alpha and omega, and that all things are as it thinks they are.
Additionally, Terraform isn't very smart about importing manually-created resources. Traditionally we have to use a third-party tool, terraforming, to do this task. The combination of terraform (to create/update resources) and terraforming (to import manually-created resources) is useful.
Example: here's how to import all the SNS Topics ("snst") to a Terraform file:
$ AWS_PROFILE=myprofile terraforming snst --region=myregion | tee temp-sns.tf
resource "aws_sns_topic" "dynamodb" {
name = "dynamodb"
display_name = ""
policy = ...
}
Now, edit the temp-sns.tf file to make things more clear and regular, then plan and apply with Terraform as per usual.
In AWS, users aren't just users, they're defined in several different types of Identity and Access Management (IAM) resources. Here's how to import just the simple user records:
AWS_PROFILE=myprofile terraforming iamu --region=myregion | tee temp-iamu.tf
resource "aws_iam_user" "john" {
name = "john@johntellsall.com"
path = "/"
}
In practice, users aren't useful except as combined with Roles, Groups, and Policies. It's a whole thing. Fortunately, here's a bit of code which imports all AWS IAM user-related permissions into a single Terraform file:
terraforming help | egrep -o 'iam\w+' | AWS_PROFILE=myprofile xargs -I{} -t terraforming {} --region=myregion >> temp-users.tf
Now, you'll be left with a 1,000-line Terraform file for further editing. This isn't that fun, however once you're done, you can move this file into its own module, and apply the same users/groups/permissions on all your environments!
Terraform is a wonderful tool, and in combination with Terraforming and a bit of work, will make your DevOps work a lot simpler!
Wednesday, November 21, 2018
Thursday, November 15, 2018
Docker leads to so much win (psql ftw)
Containers are an incredibly effective way to be more productive. I'd put it on the same order of convenience as version control: a bit of effort to learn but each technology allows tremendous flexibility and safety and enjoyment out of programming.
Just now I wanted to verify my backups. I didn't want to run Postgres directly on my macOS, as I'm going to nuke the database after a few tests. So instead I started one in its own container. I ran it on a weird port so I couldn't accidentally use the wrong database/proxy:
$ docker run --name temp_postgres -p 5555:5432 -d postgres:9.6
Next I verify my new database is up and answering commands:
$ PGPASSWORD='' psql postgresql://postgres@localhost:5555/postgres -c 'select now()'
now
-------------------------------
2018-11-16 00:32:31.104194+00
(1 row)
The commands worked on the first try! Now I can go ahead and do my real work of verifying backups, then my task will be finished and I'll move on to the next one. Win!
Just now I wanted to verify my backups. I didn't want to run Postgres directly on my macOS, as I'm going to nuke the database after a few tests. So instead I started one in its own container. I ran it on a weird port so I couldn't accidentally use the wrong database/proxy:
$ docker run --name temp_postgres -p 5555:5432 -d postgres:9.6
Next I verify my new database is up and answering commands:
$ PGPASSWORD='' psql postgresql://postgres@localhost:5555/postgres -c 'select now()'
now
-------------------------------
2018-11-16 00:32:31.104194+00
(1 row)
The commands worked on the first try! Now I can go ahead and do my real work of verifying backups, then my task will be finished and I'll move on to the next one. Win!
Sunday, November 11, 2018
fast searches with custom search engines
I do a lot of learning, which today means tons of searching on different websites. I've found a trick which makes my job a lot faster -- custom search aliases. In the URL bar, I can type "k explain" to automatically go to the Kubernetes.io site, search for "explain", and give me the results. When I need another cat image for one of my presentations, I type "gis cat" into the URL bar to ask Google Image Search for some inspirational furriness. Man.cx has all the Linux manpages. Python.org has all the Python modules carefully documented. I have aliases for all of the above and use them constantly.
Here's how to make your daily searches much, much easier:
1. go to site, do search. Example: https://kubernetes.io, search for "explain"
2. URL has term in bar. Replace it with "%s". For the above example you'll get https://kubernetes.io/docs/search/?q=%s
3. copy URL
4. right click URL, select "Edit Search Engines"
5. under Other Search Engines, click Add button
6. type something for Search Engine ("kubernetes"), then a short alias ("k"), and for the URL, paste the URL with "%s" in it
7. click Add
In URL bar, type alias then another search term. e.g. "k beer". The resulting page will be a Search Results page, with your new term in it.
Here's how to make your daily searches much, much easier:
Easy, very fast keyword searches
1. go to site, do search. Example: https://kubernetes.io, search for "explain"
2. URL has term in bar. Replace it with "%s". For the above example you'll get https://kubernetes.io/docs/search/?q=%s
3. copy URL
4. right click URL, select "Edit Search Engines"
5. under Other Search Engines, click Add button
6. type something for Search Engine ("kubernetes"), then a short alias ("k"), and for the URL, paste the URL with "%s" in it
7. click Add
Testing
In URL bar, type alias then another search term. e.g. "k beer". The resulting page will be a Search Results page, with your new term in it.
Compatibility
The above instructions are for Google Chrome, but all browsers support something like this.
Subscribe to:
Posts (Atom)
