Tag: DevOps

What to Expect at HashiConf EU Training Day

What to Expect at HashiConf EU Training Day

In only a few weeks, HashiCorp staff will join infrastructure operators, administrators, developers, and practitioners in Amsterdam for our first full multi-day, multi-track HashiConf event in Europe.

We have doubled the number of training sessions we are offering and several have already sold out. Every course has been updated for recent features to give you a hands-on experience that will help you become confident using HashiCorp infrastructure automation tools.

In each session you will experience:

  • A pre-built personal cloud workstation with credentials for deploying code and creating infrastructure
  • An expert instructor who knows the tools well
  • Several teaching assistants from our engineering department to answer your in-depth questions
  • A copy of the slides, lab exercises, and demo code to take home with you
  • Access to all of our online training materials for advance preparation and continued proficiency

Sign up now to reserve your spot!

Terraform 101: Provision Modern Infrastructure

A full class session has already sold out but a few seats remain in our concurrent second session of Terraform 101. Learn the industry standard Infrastructure as Code tool from scratch. You'll create compute resources and security groups on AWS and will deploy a dynamic web application.

This course has been updated for Terraform 0.12 so you'll learn the most up-to-date syntax.

Sign up now for Terraform 101.

Terraform Enterprise 201: Collaborative Infrastructure Automation

This course has sold out. Sign up now for HashiConf US in Seattle in September.

Vault 101: Secure Applications for Developers

We completely rebuilt our Vault 101 course to meet the needs of developers who want to write applications using Vault for secrets management and encryption as a service. You'll learn about application integration, how to interact with Vault from CLI, API, and web UI. You'll also learn about Vault server architecture so you can build applications confidently.

Sign up now for Vault 101.

Vault 102: Secure Operations with Vault

We have one seat left in our Vault 102 course for operators. If you plan to build a Vault cluster or maintain an existing cluster, this is the course for you. You'll understand Vault architecture from the beginning all the way through to configuration, initialization, unsealing, and Shamir's secret sharing.

From there, you'll go hands on with auto-unseal, rekeying, key rotation, policies, auth methods, ACL templating, and platform integration.

We created this course from scratch this year and many have told us it's exactly what they need.

Sign up for the last seat in Vault 102.

Consul 101: Connect Dynamic Applications

Service mesh is a fast moving target across the industry, and yet Consul has been the reliable standard for service discovery for many years. Consul is downloaded over 1 million times every month, and we've seen datacenters running tens of thousands of nodes of Consul.

In this course, you'll learn about dynamic service discovery, service configuration, and service mesh. You'll access your own Consul cluster and will deploy several microservices which work together resiliently thanks to Consul.

Sign up for Consul 101.

Nomad 101: Run Applications at Scale

Nomad is a simple, yet powerful tool used by companies of all sizes to safely and reliably deploy and scale their applications, whether packaged in containers, shipped as binaries, bundled as JAR files, or delivered as GPU code. After experiencing this course, you'll understand Nomad architecture, how to install and configure Nomad, how to create and run jobs, and how to use rolling updates or blue-green deployments.

Signup for Nomad 101

Conclusion

We realize that, even with the ease of use and power of the HashiCorp stack, a full day hands-on course with an experienced instructor can go a long way toward helping you build proficiency and return to work with the confidence to take these tools into production.

We've created extensive online guides to help you learn on your own, but this is the time to learn with your peers and with the experts at HashiCorp.

Sign up for a course at HashiConf EU today!

from Hashicorp Blog

What We Can All Learn from the Hertz-Accenture News

What We Can All Learn from the Hertz-Accenture News

 

Agile Enterprise Continuous Innovation

This article originally appeared on Medium 

The Hertz digital experience project presents an opportunity to examine continuous improvement and innovation. For those who may have missed the story, a brief background: Hertz hired Accenture to help it create a “world-class digital experience”, most notably to “redefine the customer experience on Hertz’s digital platforms” with a redesigned website and “complementary suite of mobile applications.” Hertz paid more than $32 million, which it is suing to recover. 

Continuous improvement and innovation, learning and teaching are at the heart of an innovative enterprise. While there have been several articles dissecting the lawsuit, I would like to focus on a piece that has been overlooked: how customers can contribute to the success of such projects and empower their vendors. Taking an Agile approach where customer and vendor work collaboratively together with full transparency could have helped avoid these issues. Let’s look at four specific areas where this can be applied:

  1. Learn to fish.
    Hertz notes in its filing that it “did not have the internal expertise or resources to execute such a massive undertaking.” Many companies don’t—especially in today’s tight labor market. As consultants, our experience has taught us that the best customers are the ones who focus on this shortage and make it a priority to upskill their own teams well. At the end of the day, these teams will gain an in-depth understanding of how to extend their solution moving forward while retaining ownership of their IP.

    It’s notable as the lawsuit claims that, “Accenture, not Hertz decided when the design met Hertz’s requirements.” This is often a symptom of a lack of collaboration between the customer and the consultant. Rather than wait to evaluate the design once it is done, a best practice is for the two parties to work together. This is where the customer investing in upskilling really helps make the dialogue rich.

  2. Small, impactful steps trump a ‘big reveal’.
    The lawsuit states that Hertz was aiming for a ‘go live’ date for its new website and mobile apps which was not met. This can be a symptom of targeting a big milestone, rather than incremental improvements with shorter feedback loops. Shorter feedback loops are the best way to achieve progress. They are beneficial as they provide faster feedback cycles which allow you to identify problems (and solutions) faster, create the space for greater flexibility, and allow teams to respond to changing requirements. In our experience, shorter feedback loops increase the ability to deliver the right solution. (In fact, we’ve seen this corroborated by the principles of Little’s Law.) Regardless of the tools you use, frequent reviews and retrospectives are critical to shrinking the feedback loop to the point that improvements can be identified and applied quickly to stay in line with a project’s changing needs.
  3. Transparency is paramount.
    Transparency ensures everyone is in alignment which is why simple steps like conducting daily stand ups and weekly reviews can have a big impact on project successes. Other elements for added transparency could include weekly sprint reviews where teams collaboratively evaluate the working solution, tools like Information Radiators, a Team Working Agreement, Definition of Ready and Definition of Done which can go a long way in ensuring alignment and catching misalignments early.
  4. Consider agile contracts.
    Last, speaking of a project’s changing needs, consider using agile contracts as a means to embed agility, transparency, and collaboration into the process from the start. Agile contracts require both the vendor and customer to jointly define the project — including risks, costs, timeline, scope, joint responsibilities and approvals — and encourage all the things we’ve covered thus far, transparency, frequent check-ins and short feedback loops.

    Agile contracts seek to replace lengthy risk-based language with a transparent project that unearths potential risk as the work progresses and allows teams to dynamically adjust their goals to achieve a functional product. Which leads to the most important point: agile contracts give teams the visibility and flexibility to collaboratively change priorities and/or change the path to a successful project conclusion given roadblocks that may insert themselves along the way. In this way, teams are empowered to focus on the end goal and not just pre-defined contact deliverables.

Agility, transparency, and collaboration are critical legs of the stool as companies work with 3rd party vendors to successfully accomplish important work. In the spirit of learning and continuous innovation, do you have any lessons on your path to digital improvement that you can share here?

Subscribe to the Flux7 Blog

from Flux7 DevOps Blog

Netflix Studio Hack Day — May 2019

Netflix Studio Hack Day — May 2019

Netflix Studio Hack Day — May 2019

By Tom Richards, Carenina Garcia Motion, and Marlee Tart

Hack Days are a big deal at Netflix. They’re a chance to bring together employees from all our different disciplines to explore new ideas and experiment with emerging technologies.

For the most recent hack day, we channeled our creative energy towards our studio efforts. The goal remained the same: team up with new colleagues and have fun while learning, creating, and experimenting. We know even the silliest idea can spur something more.

The most important value of hack days is that they support a culture of innovation. We believe in this work, even if it never ships, and love to share the creativity and thought put into these ideas.

Below, you can find videos made by the hackers of some of our favorite hacks from this event.

Project Rumble Pack

You’re watching your favorite episode of Voltron when, after a suspenseful pause, there’s a huge explosion — and your phone starts to vibrate in your hands.

The Project Rumble Pak hack day project explores how haptics can enhance the content you’re watching. With every explosion, sword clank, and laser blast, you get force feedback to amp up the excitement.

For this project, we synchronized Netflix content with haptic effects using Immersion Corporation technology.

By Hans van de Bruggen and Ed Barker

The Voice of Netflix

Introducing The Voice of Netflix. We trained a neural net to spot words in Netflix content and reassemble them into new sentences on demand. For our stage demonstration, we hooked this up to a speech recognition engine to respond to our verbal questions in the voice of Netflix’s favorite characters. Try it out yourself at blogofsomeguy.com/v!

By Guy Cirino and Carenina Garcia Motion

TerraVision

TerraVision re-envisions the creative process and revolutionizes the way our filmmakers can search and discover filming locations. Filmmakers can drop a photo of a look they like into an interface and find the closest visual matches from our centralized library of locations photos. We are using a computer vision model trained to recognize places to build reverse image search functionality. The model converts each image into a small dimensional vector, and the matches are obtained by computing the nearest neighbors of the query.

By Noessa Higa, Ben Klein, Jonathan Huang, Tyler Childs, Tie Zhong, and Kenna Hasson

Get Out!

Have you ever found yourself needing to give the Evil Eye™ to colleagues who are hogging your conference room after their meeting has ended?

Our hack is a simple web application that allows employees to select a Netflix meeting room anywhere in the world, and press a button to kick people out of their meeting room if they have overstayed their meeting. First, the app looks up calendar events associated with the room and finds the latest meeting in the room that should have already ended. It then automatically calls in to that meeting and plays walk-off music similar to the Oscar’s to not-so-subtly encourage your colleagues to Get Out! We built this hack using Java (Springboot framework), the Google OAuth and Calendar APIs (for finding rooms) and Twilio API (for calling into the meeting), and deployed it on AWS.

By Abi Seshadri and Rachel Rivera

You can also check out highlights from our past events: November 2018, March 2018, August 2017, January 2017, May 2016, November 2015, March 2015, February 2014 & August 2014.

Thanks to all the teams who put together a great round of hacks in 24 hours.


Netflix Studio Hack Day — May 2019 was originally published in Netflix TechBlog on Medium, where people are continuing the conversation by highlighting and responding to this story.

from Netflix TechBlog – Medium https://medium.com/netflix-techblog/netflix-studio-hack-day-may-2019-b4a0ecc629eb?source=rss—-2615bd06b42e—4

Ahead of re:Inforce: Security in the Cloud Operating Model with AWS and HashiCorp

Ahead of re:Inforce: Security in the Cloud Operating Model with AWS and HashiCorp

Secure AWS Environments with Vault

As companies move to the cloud with AWS, the security layer transitions from a fundamentally high-trust world enforced by a strong perimeter and firewall to a low-trust environment with no clear or static perimeter. As a result, the foundational assumption for IT needs to shift from securing based on IP address to using identity to restrict and safeguard access to resources and sensitive information. HashiCorp Vault helps bridge the gap and enables a seamless transition with AWS and will be discussing potential approaches at AWS re:Inforce next week. If you have additional questions on the information in this blog, stop by the HashiCorp booth at re:Inforce, booth 844.

Typically business will want to solve two challenges in this shift: Centralized Secrets Management and Encryption as a Service. For AWS customers, HashiCorp Vault solves for these challenges through a number of specific AWS integrations.

Secrets Engine

Leveraging dynamic secrets reduces the risk of a breach occurring as a result of credentials falling into the wrong hands. Vault offers a dedicated AWS secrets engine for generating EC2/IAM credentials on demand. These credentials can be pre-configured to be used for specific AWS services and then expire after a given interval. More details: https://www.vaultproject.io/docs/secrets/aws/index.html

Authentication Method

Generating dynamic credentials greatly reduces the risk of applications being attacked, especially when using single-use tokens. Vault can automate this process through the EC2/IAM auth method. This enables Vault to generate tokens based on a specified role which are then used to facilitate access to various systems. More details: (https://www.vaultproject.io/docs/auth/aws.html).

Data Encryption

Encryption can solve the risk to data in motion and at rest to an extent, but trusting application developers to properly encrypt and decrypt data could lead to gaps in security. HashiCorp Vault addresses this by encrypting and decrypting data for developers via the transit secrets engine. More details: https://www.vaultproject.io/docs/secrets/transit/index.html)

HashiCorp is a sponsor at this year's AWS re:Inforce in Boston. Our team will be there to provide insights and answer questions about how Vault helps enterprises solve security in AWS environments. We look forward to seeing you at booth 844.

To learn more about HashiCorp's approach to security in the Cloud Operating Model, please read this whitepaper: https://www.hashicorp.com/cloud-operating-model

For more information about HashiCorp Vault, please visit the Vault product page.

from Hashicorp Blog

Flux7 Named a 2019 Gartner Cool Vendor in Business and IT Services

Flux7 Named a 2019 Gartner Cool Vendor in Business and IT Services

Gartner Names Flux7 Cool Vendor in Business and IT Services

Each year Gartner announces Cool Vendors in a variety of technology categories. We are honored to be recognized as one of five Cool Vendors named in the Gartner report, Cool Vendors in Business and IT Services, published May 14, 2019. (Gartner subscribers can access the report here.)

Gartner, the world’s leading research and advisory company, notes in the report, “These Cool Vendors are specialist business and IT service providers that offer innovative and disruptive approaches with value propositions that align with evolving requirements in a digital business world. They reflect the game-changing technologies in CIO agendas for 2019.”

We are proud to be recognized among vendors that are innovative, impactful and intriguing! At Flux7, we embrace innovation as one of our core values, operating like an innovation lab for our customers, helping drive digital transformation to create an Agile Enterprise. We help address enterprises digital transformation by providing a framework and technology platform to quickly and securely adopt, implement, operate and scale enterprise IT platforms.

Specifically, Flux7 Landing Zones on AWS provide enterprise companies with a secure foundation, configuration-as-code, automated provisioning, infrastructure design and deployment guidance to enable organizations to start application migration to the cloud and gain valuable skills through comprehensive training in days, and automated processes in minutes. The Flux7 solution also helps enterprises establish standardized reusable design patterns on their public cloud infrastructure to simplify ongoing management, eliminate deployment bottlenecks, improve stability and quality, and reduce DevOps adoption costs.

Flux7 has also recently been ranked by Growjo among the fastest growing companies in the Austin area. Flux7 is #88 is based on growth indicators and a predictive analysis algorithm unique to Growjo. In addition, we saw customer contracts grow 247% year-over-year in the first quarter of 2019. 2019 growth closely follows our 2018 year-ending cumulative three-year revenue growth of 547%.

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Want to grow with us? Check out our Career opportunities here: https://www.flux7.com/careers/ Interested in having our DevOps consulting team help with your IT modernization project? Reach out to us today. Or, stay in touch by subscribing to our blog below.

Subscribe to the Flux7 Blog

from Flux7 DevOps Blog

IT Modernization and DevOps News Week in Review

IT Modernization and DevOps News Week in Review

IT Modernization DevOps News 9

The annual Jetbrains State of the Developer Ecosystem survey found that 45% of developers are now using a DevOps continuous integration / continuous delivery tool of some sort. And, interestingly, 63% of respondents felt that AI would replace developers — at least partially — in the future. The survey also found that 43% of responding developers are not using a configuration management tool, while the majority of those who do (27%) use a custom solution.

To stay up-to-date on DevOps automation, Container Consulting Services, and IT Modernization subscribe to our blog:
Subscribe to the Flux7 Blog

Other DevOps findings include the fact that 90% of developers who use a server templating tool use Docker while the infrastructure provisioning solution of choice is Terraform (16%) with CloudFormation a close second (14%). Last, as we would expect, Kubernetes use has grown rapidly over last year’s survey, with almost one-third (29%) using it as their production container orchestration service.

DevOps News

  • VMware buys Avi Networks, a multi-cloud application delivery company, for an undisclosed amount. “Combining Avi Networks with VMware NSX will further enable organizations to respond to new opportunities and threats, create new business models, and deliver services to all applications and data, wherever they are located,” VMware’s Tom Gillis said in a statement
  • In other acquisition news, CloudBees acquired Rollout, a secure feature management company providing software specifically targeted for developers and product teams. According to a press release, the companies say that the deal, “further strengthens CloudBees’ leadership in the continuous integration and continuous delivery pipeline market, giving customers the ability to deliver new features safely, securely and quickly into production.”
  • Our DevOps Consulting team suggested this read containing (pun intended) three strategies for implementing a microservices architecture.
  • Last, we enjoyed this article by Astasia Myers summarizing 3 Themes from the Velocity Conference 2019 — most notably that talk of Kubernetes is alive and well and that skill development remains a limiting factor for cloud-native infrastructure adoption.

AWS News

  • A provider of managed database and cloud services, RDX announced at AWS Summit last week the availability of its new clckwrk Refactoring Service for Oracle. The new service enables enterprises to migrate apps using Oracle databases to Amazon Aurora, Amazon’s PostgreSQL open-source relational database.
  • AWS announced GA of Amazon Personalize, its fully-managed service that allows operators to create private, customized personalization recommendations for applications. This same technology that is used on Amazon.com is now available to developers to incorporate into their own applications. As AWS notes, it’s “like having your own Amazon.com machine learning personalization team at your beck and call, 24 hours a day.”
  • As of this week, AWS CodeCommit now supports two additional merge strategies for pull requests: squash merges and three-way merges. AWS also introduced a conflict resolution editor that allows developers to manually resolve conflicts from the console at the time of a merge.
  • Our AWS Consulting team enjoyed this guest AWS Blog by Alice Xiao, Data Analyst at State Street who shared how the Financial Services company uses CloudWatch Logs Insights to support their innovation process of rapidly converting business ideas into client-centered applications.

Flux7 News

  • Read CEO Dr. Suleman’s InforamtionWeek article, Five-Step Action Plan for DevOps at Scale in which he discusses how DevOps is achievable at enterprise scale if you start small, create a dedicated team and effectively use technology patterns and platforms.
  • Also published this week is Dr. Suleman’s take on Servant Leadership, as published in Forbes. In Why CIOs Should Have A Servant-Leadership Approach he shares why CIOs shouldn’t be in a position where they end up needing to justify their efforts. Read the article for the reason why. (No, it isn’t the brash conclusion you might think it is.)

Subscribe to the Flux7 Blog

Written by Flux7 Labs

Flux7 is the only Sherpa on the DevOps journey that assesses, designs, and teaches while implementing a holistic solution for its enterprise customers, thus giving its clients the skills needed to manage and expand on the technology moving forward. Not a reseller or an MSP, Flux7 recommendations are 100% focused on customer requirements and creating the most efficient infrastructure possible that automates operations, streamlines and enhances development, and supports specific business goals.

from Flux7 DevOps Blog

Major Wholesaler Grows Uptime by Refactoring eComm Apps for AWS DevOps

Major Wholesaler Grows Uptime by Refactoring eComm Apps for AWS DevOps

AWS Case Study Ecommerce Cloud Refactor

A recent IDC survey of the Fortune 1000 found that the average cost of an infrastructure failure is $100,000 per hour and the average total cost of unplanned application downtime per year is between $1.25 billion and $2.5 billion. Our most recent customer relies heavily on its eCommerce site for business and knowing the extreme costs of infrastructure failure to its business, turned to the benefits of cloud-based DevOps. The firm sought to increase uptime, scalability, and security for its eCommerce applications by refactoring them for AWS DevOps.

What is Refactoring?

Refactoring involves an advanced process of re-architecting and often re-coding some portion of an existing application to take advantage of cloud-native frameworks and functionality. While this approach can be time-consuming and resource-intensive, it offers low monthly cloud spend as organizations that refactor are able to modify their applications and infrastructure to take full advantage of cloud-native features and thereby maximize operational cost efficiencies in the cloud.

AWS DevOps Refactoring

Employing the DevOps consulting team at Flux7 to help architect and build a DevOps platform solution, the team’s first goal was to ensure that the applications were architected for high availability at all levels in order to meet the company’s aggressive SLA goals. Here, the first step was to build a common DevOps platform for the company’s eCommerce applications and migrate the underlying technology to a common stack consisting of ECS, CloudFormation, and GoCD, an open source build and release tool from ThoughtWorks. (In the process, the team migrated one of the two applications from Kubernetes and Terraform to the new technology stack.)

As business-critical applications for the future of the retailer, the eCommerce applications needed to provide greater uptime scalability and data security than the legacy, on-premises applications from which they were refactored. As a result, the AWS experts at Flux7 built a CI/CD platform using AWS DevOps best practices, effectively reducing manual tasks and thereby increasing the team’s ability to focus on strategic work.

Further, the Flux7 DevOps team worked alongside the retailer’s team to:

  • Migrate the refactored applications to new AWS Accounts using the new CI/CD platform;
  • Automate remediation, recovering from failures faster;
  • Create AWS Identity and Access Management (IaM) resources as infrastructure as code (IaC);
  • Deliver the new applications in a Docker container-based microservices environment;
  • Deploy CloudWatch and Splunk for security and log management; and
  • Create DR procedures for the new applications to further ensure uptime and availability.

Moving forward, application updates will be rolled out via a blue-green deployment process that Flux7 helped the firm establish in order to achieve its zero downtime goals.

Business Benefits

While the customer team is a very advanced developer team, they were able to further their skills, learning through Flux7 knowledge transfer sessions how to enable DevOps best practices and continue to accelerate the new AWS DevOps platform adoption. At an estimated downtime cost of 6x the industry average, this firm couldn’t withstand the financial or reputational impact of a downtime event. As a result, the team is happy to report that it is meeting its zero downtime SLA objectives, enabling continuous system availability and with it growing customer satisfaction.

Subscribe to the Flux7 Blog
 

from Flux7 DevOps Blog

AWS Case Study: Energy Leader Digitizes Library for Analytics, Compliance

AWS Case Study: Energy Leader Digitizes Library for Analytics, Compliance

AWS Case Study Energy Leader Textract

The oil and gas industry has a rich history and one that is deeply intertwined with regulation — with Federal and State rules that regulate everything from exploration to production and transportation to workplace safety. As a result, our latest customer had amassed millions of paper documents to ensure its ability to prove compliance. It also maintained files with vast amounts of geological data, that served as the backbone of its intellectual property.

With over seven million physical documents saved and filed in deep storage, this oil and gas industry leader called the AWS consulting services team at Flux7 for its help digitizing its vast document library. In the process, it also wanted to make it easy to archive documents moving forward, and ensure that its operators could easily search for and find data.

Read the full AWS Case Study here.

Working with AWS Consulting Partner Flux7, the company created a working plan to digitize and catalog its vast document library. AWS had recently announced at re:Invent a new tool, Amazon Textract, which although still in preview mode, was the ideal tool for the task.

What is Textract?

For those of you unfamiliar with Amazon Textract, it is a new service that uses machine learning to automatically extract text and data from scanned documents. Unlike Optical Character Recognition (OCR) solutions, it also identifies the contents of fields in forms and information stored in tables, which allows users to conduct full data analytics on documents once they are digitized.

The Textract Proof of Concept

The proof of concept included several dozen physical documents that were scanned and uploaded to S3. From here, Lambda functions were triggered which launched Textract. In addition to the data being presented to Kibana, URLs for specific documents are presented to users.

As Amazon Textract automatically detects the key elements in a document or data relationships in forms and tables, it is able to extract data within the context it was originally created. With a core set of key parameters, such as revision date, extracted by Textract, operators will be able to search by key business parameters.

Analytics and Compliance

Interfacing with the data via Kibana, end users can now create smart search indexes which allow them to quickly and easily find key business data. Moreover, operators can build automated approval workflows and better meet document archival rules for regulatory compliance. Moreover, no longer does the company need to send an employee in their car to retrieve files from the warehouse, saving time from a labor-intensive task.

At Flux7, we relish the ability to help organizations apply automation and free their employees from manual tasks, replacing it with time to focus on strategic, business-impacting work. Read more Energy industry AWS case studies for best practices in cloud-based DevOps automation for enterprise agility.

For five tips on how to apply DevOps in your Oil, Gas or Energy enterprise, check out this article our CEO, Dr. Suleman, recently wrote for Oilman magazine. (Note that a free subscription is required.) Or, download the full case study here today.

Subscribe to the Flux7 Blog
 

from Flux7 DevOps Blog

Using Terraform Cloud Remote State Management

Using Terraform Cloud Remote State Management

We recently announced Terraform 0.12 and Terraform Cloud Remote State Management. Both these releases provide Terraform users a better experience writing and collaborating on Infrastructure as Code. This blog post will look at some motivations for using Terraform Cloud and describe how it works.

What is Terraform State?

To explain the value of Terraform Cloud, it’s important to understand the concept of state in Terraform. Terraform uses state to map your Terraform code to the real-world resources that it provisions. For example, you could use the following code to create an AWS EC2 instance:

hcl
resource "aws_instance" "web" {
ami = "ami-e6d9d68c"
instance_type = "t2.micro"
}

When you run terraform apply on this configuration file, Terraform will make an API call to AWS to create an EC2 instance and AWS will return the unique ID of that instance (ex. i-0ad17607e5ee026d0). Terraform needs to record that ID somewhere so that later, it can make API calls to change or delete that instance.

To store this information, Terraform uses a state file. For the above code, the state file will look something like:

hcl
{
...
"resources": {
"aws_instance.web": {
"type": "aws_instance",
"primary": {
"id": "i-0ad17607e5ee026d0",
...
}

Here you can see that the resource aws_instance.web from the Terraform code is mapped to the instance ID i-0ad17607e5ee026d0.

Remote State

By default, Terraform writes its state file to your local filesystem. This works well for personal projects, but once you start working with a team, things start to get more challenging. In a team, you need to make sure everyone has an up to date version of the state file and ensure that two people aren’t making concurrent changes.

Remote state solves those challenges. Remote state is simply storing that state file remotely, rather than on your local filesystem. With a single state file stored remotely, teams can ensure they always have the most up to date state file. With remote state, Terraform can also lock the state file while changes are being made. This ensures all changes are captured, even if concurrent changes are being attempted.

Configuring remote state in Terraform has always been an involved process. For example, you can store state in an S3 bucket, but you need to create the bucket, properly configure it, set up permissions, create a DynamoDB table for locking, and then ensure everyone has proper credentials to write to it.

As a result, setting up remote state can be a stumbling block as teams adopt Terraform.

Easy Remote State Set Up with Terraform Cloud

Unlike other remote state solutions that require complicated setup, Terraform Cloud offers an easy way to get started with remote state:

  • Step 0 — Sign up for a Terraform Cloud account here

  • Step 1 —  An email will be sent to you, follow the link to activate your free Terraform Cloud account.

  • Step 2 — When you log in, you’ll land on a page where you can create your organization or join an existing one if invited by a colleague.

[](

  • Step 3 — Next, go into User Settings and generate a token.

  • Step 4 — Take this token and create a local ~/.terraformrc file:


credentials "app.terraform.io" {
token = "mhVn15hHLylFvQ.atlasv1.jAH..."
}

  • Step 5 — Configure Terraform Cloud as your backend

In your Terraform project, add a terraform block to configure your backend:


terraform {
backend "remote" {
organization = "my-org" # org name from step 2.
workspaces {
name = "my-app" # name for your app's state.
}
}
}

  • Step 6— Run terraform init and you’re done.

Your state is now being stored in Terraform Cloud. You can see the state in the UI:

Fully Featured State Viewer

Terraform Cloud offers a fully featured state viewer to gain insight into the state of your infrastructure:

This maintains versions of your Terraform state allowing you to download an old version if needed. Likewise, it provides audit logs to know who changed what and when.

You can view the full state file at each point in time:

You can also see the diff of what changed:

Manual Locking

Terraform Cloud also includes the ability to manually lock your state. This is useful if you’re making large changes to your infrastructure and you want to prevent coworkers from modifying that infrastructure while you’re in the middle of your work.

You can lock and unlock states directly in the UI:

While the state is locked, Terraform operations will receive an error:

Conclusion

We’re pleased to offer Remote State Management with Terraform Cloud free to our users. Sign up for an account here: https://app.terraform.io/signup

from Hashicorp Blog

IT Modernization and DevOps News Week in Review

IT Modernization and DevOps News Week in Review

IT Modernization DevOps News 12

The Uptime Institute announced findings of its ninth annual Data Center Survey, unveiling several interesting — and important — data points. Underscoring what many in the industry are feeling about the skill gap, the survey found that 61% of respondents said they had difficulty retaining or recruiting staff — up from 55% a year earlier. And, according to the synopsis, “while the lack of women working in data centers is well-known, the extent of the imbalance is notable” with one-quarter of respondents saying they had no women at all on their design, build or operations teams.

To stay up-to-date on DevOps automation, Cloud and Container Security, and IT Modernization subscribe to our blog:

Subscribe to the Flux7 Blog

When it comes to downtime, outages continue to cause significant problems. Without much improvement over the past year, 34% of respondents said they had an outage or severe IT service degradation in the past year. 10% said their most significant outage cost more than $1 million. When it comes to public cloud, 20% of operators reported that they would be more likely to put workloads in a public cloud if there were more visibility. While 50% of respondents already using public cloud for mission-critical applications said that they do not have adequate visibility.

DevOps News

  • Atlassian has announced Status Embed, a service designed to boost customer experience and communication by displaying the current state of services where customers are most likely to see it, such as your homepage, app or help center.
  • GitHub has brought to market repository templates to make boilerplate code management and distribution a “first-class citizen” on GitHub, according to the company.
  • HashiCorp announced the availability of Hashicorp Nomad 0.9.2, a workload orchestrator for deploying containerized and legacy apps across multiple regions or cloud providers. Nomad 09.9.2 includes preemption capabilities for service and batch jobs.
  • SDXCentral reports that, “VMware is developing a multi-cloud management tool that Joe Kinsella, chief technology officer of CloudHealth at VMware, describes as ‘Google docs for IT management, which is the ability to collaborate and share across an organization.’”

AWS News

  • Amazon announced that AWS Organizations now support tagging and untagging of AWS Accounts, allowing operators to assign custom attributes, or tags, to the AWS accounts they manage with AWS Organizations. According to AWS, the ability to attach tags such as owner name, project, business group, cost center, environment, and other values directly to an AWS account makes it easier for people in the organization to get information on particular AWS accounts without having to refer to a separate spreadsheet or other out-of-band method for tracking your AWS accounts.
  • Also introduced this week is AWS Systems Manager OpsCenter which is designed to help operators view, investigate, and resolve operational issues related to their environment from a central location.
  • Amazon has launched a new service to enhance recovery. Host Recovery for Amazon EC2 will now automatically restart instances on a new host in the event of an unexpected hardware failure on a Dedicated Host. Host Recovery will reduce the need for manual intervention, minimize recovery time and lower the operational burden for instances running on Dedicated Hosts. As a bonus, it has built-in integration with AWS License Manager to automatically track and manage licenses. There are no additional EC2 charges for using Host Recovery.
  • Last, our AWS Consulting team thought this foundational blog on Getting started with serverless was a good read for those of you looking to build serverless applications to take advantage of its agility and reduced TCO.

Flux7 News

  • Join AWS and Flux7 as they present a one day workshop on how Serverless Technology is impacting business now (and what you need to get started). Serverless technology on AWS is enabling companies by building modern applications with increased agility and lower total cost of ownership. Find additional information and register here.
  • Read CEO Dr. Suleman’s InformationWeek article, Five-Step Action Plan for DevOps at Scale in which he discusses how DevOps is achievable at enterprise scale if you start small, create a dedicated team and effectively use technology patterns and platforms.
  • Also published this week is Dr. Suleman’s take on Servant Leadership, as published in Forbes. In Why CIOs Should Have A Servant-Leadership Approach he shares why CIOs shouldn’t be in a position where they end up needing to justify their efforts. Read the article for the reason why. (No, it isn’t the brash conclusion you might think it is.)

Subscribe to the Flux7 Blog

Written by Flux7 Labs

Flux7 is the only Sherpa on the DevOps journey that assesses, designs, and teaches while implementing a holistic solution for its enterprise customers, thus giving its clients the skills needed to manage and expand on the technology moving forward. Not a reseller or an MSP, Flux7 recommendations are 100% focused on customer requirements and creating the most efficient infrastructure possible that automates operations, streamlines and enhances development, and supports specific business goals.

from Flux7 DevOps Blog