+

Terraform 101
A beginners guide to Terraform on Cisco

Stuart Traynor - Systems Engineer @sttrayno

June 2021
Agenda
• What’s a Terraform?
• Sounds good, what do I need to know?
• Now what’s this got to do with network and infrastructure
engineering?
• Terraform Cloud / Terraform CLI? What’s the difference?
• Demo / Hand—on labs

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
 The Network Automation Engineers Tool Chest
Source Control

Continuous Integration Artifact Repository

Network Service and Configuration Management Network Verification

Network Device Interfaces Network Controllers

Network Virtualization / Simulation Platforms

Security Services Infrastructure Services Telemetry & Monitoring

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
 The Network Automation Engineers Tool Chest
Source Control

Continuous Integration Artifact Repository

Network Service and Configuration Management tools enable Network

Network Service and Configuration Management
as Code and ensure the desired state of the network. Network Verification

Network Device Interfaces Network Controllers

Network Service and Configuration

Network Management
Virtualization / Simulation Platforms

Security Services Infrastructure Services Telemetry & Monitoring

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
What is Terraform?

• Popular configuration and orchestration

tool, built and maintained by Hashicorp
• Started off as a cloud automation tool
• Define a desired state and Terraform works
to ensure that state is maintained
• Allows you to define infrastructure through
repeatable templates
Network and Infra and App
• Manages all resources through APIs, Segmentation Deployment
Access Control Monitoring
and
abstracted by a providers Assurance

• Terraform Open Source / Terraform Cloud

for Business
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Cisco + Hashicorp

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Terraform Fundamentals

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
 Terraform config file
• Resources are declared through a
series of text files in Terraforms
own configuration language HCL
• Uses text files with a .tf extension
• Can be as simple as a single file,
like so…
• You might have multiple files
including variable files (.tfvars)
• Would typically be stored in some
kind of source control
• You probably wouldn’t put
usernames/passwords like I have
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Terraform state

• The state tracks what’s been created by

Terraform
• Diff is made against the config and state to
decide which resources are to be created
• State becomes an issue when it’s large
and must be shared…
• Resources not created by Terraform
can be imported and managed
• Terraform only knows about what it’s
created, this can be a challenge

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Terraform Modules
• Goes one step further on the concept
of resources
• Rather than define multiple resources
in config we define our architecture
• Typically these are resources which
would depend on each other
• Will consist of inputs, outputs and
resources

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Terraform Programming Constructs
Count
JSON Encode

For Each

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Terraform Providers

• Providers are the plugins to Terraform that

allow us to interact with remote systems
• They define resources that Terraform can
create or data sources which it can call from
• They all use the systems API’s
• You can find a list of publicly available
providers on the Terraform registry (with the
documentation how to use them
• Providers fall into a category of: Official,
Verified, Community and Archived
• Normally written in Go
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Terraform Workflow
• Single workflow to plan, provision and teardown
resources
• Providers allow you to abstract away from the individual
processes and technology

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Ansible vs Terraform

• Very much focused towards • More focused to cloud automation

infrastructure automation • Lends itself better to API first platforms
• Modules (written in Python) • Providers (written in Go)
• Define playbooks in YAML • Define a Terraform config in HCL
• Stateless (by default) – push out (HashiCorp configuration language)
the intent of a playbook on run • Stateful – keeps a state and looks to
• Imperative ensure the config matches the state
• Declarative

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Ansible and Terraform – Simple example

Provision CSR1000v image in public cloud

Render config template to the device

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

SEMCLD-2001 15
 Cisco’s Terraform Providers

• Cisco Application Centric

Infrastructure (ACI) / Cisco • Cisco ASA • Cisco Intersight
Multi-site Orchestrator • Provision on-premise
• More traditional
(MSO) perimeter-based access servers and workloads
• Define network policy and control • Across bare metal, virtual
segmentation • Traditional IP based machines, containers
• Across on-premise and filtering • Manage on premise
cloud networks • Can be spun up in virtual infrastructure from a
form factor at the edge, single control point
public or private cloud

Community Providers / Build your own

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Cloud Networking – ACI and MSO

• Abstracted method of networking leans itself well to Terraform

• Extend policy from data center network to the cloud from a single touchpoint (one policy
multiple DC’s and clouds)
• Simplifies network deployment by creating reusable architecture patterns
• Allows network to be deployed in repeatable patterns

Infrastructure teams define

Terraform config for tenants,
bridge domain, subnets and As changes are made to the
reusable architecture patterns Terraform configurations by the
separate teams, they are
applied to the infrastructure
Application/DevOps team define
Terraform config for applications, EPGs,
contracts etc as required in self service
manner

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

SEMCLD-2001 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Terraform CLI / Terraform Cloud – Free vs Paid
Terraform OSS Terraform Cloud for business
Where most engineers probably will start SaaS based Terraform
off
Enterprise level support– are you going
Free, open source to run production with Terraform OSS?
Community driven

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Demo

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Summary
• Terraform is becoming an increasingly popular tool for infrastructure automation,
particularly the line between cloud and on-premise starts to blur
• As people look to adopt Infrastructure as Code principles Terraform can be a good
place to start
• Cisco has providers across the portfolio
• Get hands on, anyone can: http://github.com/sttrayno/Terraform-Lab-Guide
• DevNet sandboxes are available to support you in testing

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

SEMCLD-2001 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Documentation and Resources
Installing Terraform - https://learn.hashicorp.com/tutorials/terraform/install-cli
Intersight user guide - https://github.com/cisco-intersight/terraform-
provider-intersight/blob/master/USERGUIDE.md
Intersight examples - https://github.com/cisco-intersight/terraform-provider-
intersight/tree/master/examples
Cisco ASA documentation -
https://registry.terraform.io/providers/hashicorp/ciscoasa/latest/docs
Multi Site Orchestrator (MSO) documentation -
https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs
Application Centric Infrastructure (ACI) documentation
https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

SEMCLD-2001 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 21