By Jason ZondagIn Orchestration, Automation, Proxmox, Terraform, Best Practices6 Minutes

Terraform - Getting Started

Getting Started with Terraform

Terraform by HashiCorp is a rapid deployment (to scale) application using Infrastructure as Code (IaC).

From HashiCorp:  Terraform is an infrastructure as code tool that lets you build, change, and version cloud and on-prem resources safely and efficiently.  Terraform is for ALL infrastructure components, so VMs, but also VNETs, users, groups, DNS Zones, host pools, virtual appliances… pretty much anything there’s a provider for.

But, what can you do with it?  To find out I set up a home lab.  I’ll create a series of posts that describe what I did and how I did it, which should give you a technical/non-technical guide to its practical use.

Used in combination with Packer and Ansible, Terraform completes the toolset.

    • Packer – create golden images for deployment
    • Terraform – deploy from your images with custom scripts to provide all necessary details
    • Ansible – modify, manage, and maintain your deployments

Terraform is an opensource binary you can install.  You can get those here:  https://developer.hashicorp.com/terraform/install

For my use, I find Linux to be the most efficient method.  I can very cheaply run a small Linux distro with a dedicated purpose that won’t cost me a Windows license.  If you’re building it into your infrastructure, this would be the recommended way to do it (dedicated is almost always more secure).  In my case, I’m using CentOS 10 “Cloud”, the upstream for RHEL 10.

Terraform functionality is pretty simple.  You create a series of .tf files, each with a purpose, linking Providers (think Proxmox, Azure, AWS, Google, vSphere, each with it’s own product).  You can find most if not all of the providers (code) here:  https://registry.terraform.io/

Some examples I will be using:

Proxmox (bpg provider):

    • VMs
    • LXC containers
    • SDN zones/vnets
    • Storage pools
    • User/permissions
    • Cluster firewall rules

Azure:

    • VMs, VMSS, AVD hostpools
    • VNets, subnets, peering
    • NSGs, firewalls, load balancers
    • Storage accounts
    • Key Vault
    • DNS zones
    • Entra ID apps/service principals
    • Log Analytics, App Insights

Other providers you might use:

    • Cloudflare (DNS, tunnels)
    • UniFi (network config)
    • Active Directory
    • Docker
    • Kubernetes
    • GitHub (repos, teams, permissions)

To use terraform, once the binary is installed, start with creating a logical folder structure based on your project, then fill in those folders with the required files for each project, and execute.

In its simplest form, you basically create your files, then plan execution (terraform plan) which validates the files giving you an opportunity to see what’s going to be deployed, then terraform apply, to execute the plan.

Having knowledge of the commands in advance is extremely helpful.

Here’s a few of the common ones:

Core Workflow Commands:

  • terraform init: Initializes a Terraform working directory, downloading necessary providers and setting up the backend.
  • terraform validate: Checks the syntax and configuration of your Terraform files for correctness.
  • terraform fmt: Formats your Terraform configuration files to adhere to a canonical style.
  • terraform plan: Generates an execution plan, showing the changes Terraform will make to your infrastructure without actually applying them.
    • terraform plan -out=tf_plan.out: Saves the execution plan to a file for later application.
  • terraform apply: Applies the changes defined in your configuration or a saved plan file, creating or updating infrastructure.
    • terraform apply tf_plan.out: Applies changes using a previously saved plan file.
    • terraform apply -auto-approve: Applies changes without prompting for manual confirmation. 
  • terraform destroy: Destroys all infrastructure managed by the current Terraform configuration.
    • terraform destroy -auto-approve: Destroys infrastructure without prompting for manual confirmation.

State Management Commands:

  • terraform state list: Lists all resources currently tracked in the Terraform state file.
  • terraform state show <resource_address>: Displays detailed information about a specific resource in the state.
  • terraform state pull: Downloads the current remote state file and outputs it to standard output.
  • terraform state push <path_to_state_file>: Uploads a local state file to the remote backend.
  • terraform import <resource_address> <resource_id>: Imports an existing infrastructure resource into Terraform management. 

Utility Commands:

  • terraform show: Displays the current state or a saved plan in a human-readable format.
  • terraform output: Prints the output values defined in your Terraform configuration.
  • terraform workspace new <workspace_name>: Creates a new workspace.
  • terraform workspace select <workspace_name>: Switches to an existing workspace.
  • terraform taint <resource_address>: Marks a resource for recreation on the next terraform apply.
  • terraform untaint <resource_address>: Removes a taint from a resource.
  • terraform graph: Generates a visual dependency graph of your infrastructure.
  • terraform console: Provides an interactive console to evaluate Terraform expressions and interpolations.

One huge advantage with terraform is as quickly as you can build up infrastructure, you can also destroy it – either entirely or specific resources.  If you deployed a complex infrastructure but a segment isn’t working as expected, or you need to recreate to expand or contract resources, you can selectively destroy targets and plan for redeployment.

Next Post – Setup Terraform to work with Proxmox

Privacy Preference Center

Privacy Preferences