테라폼 스터디를 시작했다.

각설하고 시작.

 

1. 테라폼 환경 구성

# tfenv 설치
brew install tfenv

# 설치 가능 버전 리스트 확인
tfenv list-remote

# 테라폼 1.5.6 버전 설치
tfenv install 1.5.6

# tfenv로 설치한 버전 확인(변경 전)
tfenv list
  1.5.6
* 1.5.1 (set by /usr/local/Cellar/tfenv/3.0.0/version)

# 테라폼 1.5.6 버전 사용 설정 
tfenv use 1.5.6

# tfenv로 설치한 버전 확인(변경 후)
tfenv list
* 1.5.6 (set by /usr/local/Cellar/tfenv/3.0.0/version)
  1.5.1

# 테라폼 버전 정보 확인
terraform version

# 자동완성
terraform -install-autocomplete
## 참고 .zshrc 에 아래 추가됨
cat ~/.zshrc
autoload -U +X bashcompinit && bashcompinit
complete -o nospace -C /usr/local/bin/terraform terraform
더보기

tfenv는 여러 버전의 Terraform 인프라스트럭처 관리 도구를 설치하고 관리하기 위한 도구입니다. Terraform은 인프라스트럭처를 코드로 정의하고 프로비저닝하는 데 사용되는 인기 있는 오픈 소스 도구입니다. tfenv는 다양한 Terraform 버전을 손쉽게 전환하고 관리하기 위해 개발되었습니다.

tfenv를 사용하면 프로젝트 또는 환경마다 다른 Terraform 버전을 사용할 수 있습니다. 이는 여러 프로젝트나 환경에서 서로 다른 Terraform 버전이 필요한 경우 유용합니다. 예를 들어, 하나의 프로젝트는 Terraform v0.12을 사용하고 다른 프로젝트는 Terraform v0.15을 사용하는 등의 상황에서 tfenv는 각 프로젝트에 맞는 Terraform 버전을 관리해 줄 수 있습니다.

tfenv를 사용하면 다음과 같은 작업을 수행할 수 있습니다:

  1. Terraform 버전 설치: tfenv install [version] 명령을 사용하여 원하는 Terraform 버전을 설치할 수 있습니다.
  2. 설치된 Terraform 버전 목록 보기: tfenv list 명령으로 현재 설치된 Terraform 버전 목록을 확인할 수 있습니다.
  3. 사용 중인 Terraform 버전 변경: tfenv use [version] 명령을 통해 프로젝트 또는 환경에서 사용할 Terraform 버전을 변경할 수 있습니다.
  4. 기본 Terraform 버전 설정: tfenv default [version] 명령을 사용하여 기본 Terraform 버전을 설정할 수 있습니다.

이렇게 함으로써 프로젝트 간의 Terraform 버전 충돌을 피하고 각 프로젝트에 적합한 Terraform 버전을 사용할 수 있습니다. tfenv는 rbenv 또는 pyenv와 같은 다른 버전 관리 도구들의 아이디어를 바탕으로 개발되었습니다.

 

 

(권장) 자동저장 설정 : 설정(Command+,) → 일반적으로 사용되는 설정 ⇒ Files: Auto Save 값을 afterDelay 선택 진행

설치할때 특별히 문제나는건 없다. 사전에 테라폼 설치돼있으면 Brew unlink 하고 진행하면된다 ##tfenv가 더 효용성이 좋은듯하니

 

위 파일을 통해 ec2 인스턴스를 생성한다.

 

위와같이 terraform init 명령어로 테라폼을 사용하기 위해 이니셜라이징한다.

 

apply 입력시 다음과 같은 에러 발생.

 

사내에서 사용하는 aws configure 계정에서 진행하여 에러가 났다.

default profile을 study용 계정으로 변경후 다시 진행하니 

정상적으로 생성.

 

 

이번에는 태그를 추가해보았다.

보는것처럼 plan 명령어에서 변경(+)된것을 확인

 

위와같이 tag가 추가된것을 확인할수있다.

 

terraform init이 필요한 이유

terraform init 명령은 Terraform을 사용하여 인프라를 관리하는데 필요한 준비 작업을 수행하는 명령어입니다.

우리가 집을 짓는다고 가정해봅시다. 집을 짓기 전에 필요한 것들이 있습니다. 땅을 사야하고, 벽돌이나 목재 같은 재료를 준비해야 합니다. Terraform도 마찬가지로, 클라우드 환경에서 인프라를 만들기 위해 필요한 도구와 자원들을 미리 준비해야 합니다.

terraform init 명령은 이런 준비 작업을 수행하는 것입니다. Terraform은 인프라를 만들기 위해 여러 제공자(클라우드 서비스 제공자)를 사용하는데요. 이 명령을 실행하면 현재 프로젝트에서 사용할 제공자와 버전을 정확하게 설정하고, 필요한 도구를 내려받아 설치하며, 이 작업을 기록한 파일을 생성합니다. 이렇게 하면 Terraform이 제공자와 도구를 제대로 사용할 수 있고, 인프라를 관리하는데 필요한 기반을 마련할 수 있게 됩니다.

 


terraform validate -no-color - 노컬러 옵션 사용하면 결과값 파싱하기 좋음
terraform validate -json : 또는 json으로 결과값 받기

terraform plan -detailed-exitcode - 결과를 시스템 코드로 받기

 

테라폼도 멱등성을 제공한다.

 

replace 옵션으로 멱등성을 깨고 강제로 복원할수도 있다.

 

immutable ? mutable ?

 


Immutable:
이해하기 쉽게 설명하면, 물건을 한 번 만들면 그 상태를 변경할 수 없는 개념입니다. 예를 들어, 레고 블록으로 집을 만들 때 한 번 블록을 연결하면 그 블록을 다시 떼어내거나 수정할 수 없는 것과 비슷합니다. 마찬가지로 테라폼에서도 인프라를 생성한 후에는 그 인프라의 상태를 직접 변경할 수 없습니다. 대신에 변경 사항을 새로운 버전으로 만들어서 업데이트하는 방식을 사용합니다.


Mutable:
Mutable은 상태를 바로 변경할 수 있는 개념입니다. 예를 들어, 글을 작성할 때 내용을 계속 수정할 수 있는 것과 비슷합니다. 하지만 이러한 변경은 기존의 상태를 덮어쓰기 때문에 원래 상태를 복원할 수 없을 수 있습니다.


요약하면, Immutable과 Mutable은 데이터 변경 방식을 나타내고, Immutable한 시스템이 멱등성을 더 자주 갖는 경향이 있습니다. 이러한 개념을 이해하면 시스템 설계 및 데이터 처리에 대한 이해도를 높일 수 있습니다.

다음 main.tf는 ec2 인스턴스 생성 코드

cat <<EOT > main.tf
provider "aws" {
  region = "ap-northeast-2"
}

resource "aws_instance" "example" {
  ami                    = "ami-0c9c942bd7bf113a2"
  instance_type          = "t2.micro"
  vpc_security_group_ids = [aws_security_group.instance.id]

  user_data = <<-EOF
              #!/bin/bash
              echo "Hello, T101 Study" > index.html
              nohup busybox httpd -f -p 8080 &
              EOF

  tags = {
    Name = "Single-WebSrv"
  }
}

resource "aws_security_group" "instance" {
  name = var.security_group_name

  ingress {
    from_port   = 8080
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

variable "security_group_name" {
  description = "The name of the security group"
  type        = string
  default     = "terraform-example-instance"
}

output "public_ip" {
  value       = aws_instance.example.public_ip
  description = "The public IP of the Instance"
}
EOT

 

  • 백엔드 블록의 구성은 테라폼 실행 시 저장되는 **State(상태 파일)**의 저장 위치를 선언한다. (기본: local)
  • 주의할 점은 하나의 백엔드만 허용한다는 점이다.
  • 테라폼은 State의 데이터를 사용해 코드로 관리된 리소스를 탐색하고 추적한다.
  • 작업자 간의 협업을 고려한다면 테라폼으로 생성한 리소스의 상태 저장 파일을 공유할 수 있는 외부 백엔드 저장소가 필요하다.
  • 그리고 State에는 외부로 노출되면 안 되는 패스워드 또는 인증서 정보 같은 민감한 데이터들이 포함될 수 있으므로 State의 접근 제어 및 안전한 관리방안 대책수립이 필요하다.

State 잠금 동작

  • 기본적으로 활성화되는 백엔드local이다.
  • 상태를 작업자의 로컬 환경저장하고 관리하는 방식이다.
  • 이 밖의 다른 백엔드 구성은 동시에 여러 작업자가 접근해 사용할 수 있도록 공유 스토리지 같은 개념을 갖는다.
  • 공유되는 백엔드에 State가 관리되면 테라폼이 실행되는 동안 .terraform.tfstate.lock.info 파일이 생성되면서 해당 State를 동시에 사용하지 못하도록 잠금 처리를 한다.

 

 

glab

'job' 카테고리의 다른 글

Kubernetes환경에서의 의존성에 대해서  (0) 2024.01.28
2024년도 devops 추천 도구  (0) 2024.01.11
keycloak 을 broker로, google을 IdP로  (0) 2023.05.23
teleport란  (0) 2023.05.02
keycloak - gitlab 연동1  (0) 2023.04.17

이 글의 목적 : git common flow(gitlab flow)를 제대로 사용할 수 있도록 공식 문서를 번역하고 이해하기

참고 URL : https://commonflow.org/spec/1.0.0-rc.5.html

 

 

Introduction

Common-Flow is an attempt to gather a sensible selection of the most common usage patterns of git into a single and concise specification. It is based on the original variant of GitHub Flow, while taking into account how a lot of open source projects most commonly use git.

In short, Common-Flow is essentially GitHub Flow with the addition of versioned releases, optional release branches, and without the requirement to deploy to production all the time.

 

Git에서 가장 흔히 사용되는 패턴들을 효과적으로 처리할수 있또록 Github flow에 기반하여 다른 브랜치 전략(git flow)의 장점을 모은 브랜치전략이다.

 

Summary

  • The "master" branch is the mainline branch with latest changes, and must not be broken.
  • Changes (features, bugfixes, etc.) are done on "change branches" created from the master branch.
  • Rebase change branches early and often.
  • When a change branch is stable and ready, it is merged back in to master.
  • A release is just a git tag who's name is the exact release version string (e.g. "2.11.4").
  • Release branches can be used to avoid change freezes on master. They are not required, instead they are available if you need them.

"메인 브랜치"는 최신 변경 사항이 있는 메인라인 브랜치이며 중단되면 안됨.

개발작업은 마스터 브랜치에서 생성된 change branch에서 진행.

 

 

 

 

Terminology

  • Master Branch - Must be named "master", must always have passing tests, and is not guaranteed to always work in production environments.
  • Change Branches - Any branch that introduces changes like a new feature, a bug fix, etc.
  • Source Branch - The branch that a change branch was created from. New changes in the source branch should be incorporated into the change branch via rebasing.
  • Merge Target - A branch that is the intended merge target for a change branch. Typically the merge target branch will be the same as the source branch.
  • Pull Request - A means of requesting that a change branch is merged in to its merge target, allowing others to review, discuss and approve the changes.
  • Release - May be considered safe to use in production environments. Is effectively just a git tag named after the version of the release.
  • Release Branches - Used both for short-term preparations of a release, and also for long-term maintenance of older version.

 

 

Git Common-Flow Specification (Common-Flow)

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

  1. TL;DR
    1. Do not break the master branch.
    2. A release is a git tag.

 

  1. The Master Branch
    1. A branch named "master" MUST exist and it MUST be referred to as the "master branch".
    2. The master branch MUST always be in a non-broken state with its test suite passing.
    3. The master branch IS NOT guaranteed to always work in production environments. Despite test suites passing it may at times contain unfinished work. Only releases may be considered safe for production use.
    4. The master branch SHOULD always be in a "as near as possibly ready for release/production" state to reduce any friction with creating a new release.

 

  1. Change Branches
    1. Each change (feature, bugfix, etc.) MUST be performed on separate branches that SHOULD be referred to as "change branches".
    2. All change branches MUST have descriptive names.
    3. It is RECOMMENDED that you commit often locally, and that you try and keep the commits reasonably structured to avoid a messy and confusing git history.
    4. You SHOULD regularly push your work to the same named branch on the remote server.
    5. You SHOULD create separate change branches for each distinctly different change. You SHOULD NOT include multiple unrelated changes into a single change branch.
    6. When a change branch is created, the branch that it is created from SHOULD be referred to as the "source branch". Each change branch also needs a designated "merge target" branch, typically this will be the same as the source branch.
    7. Change branches MUST be regularly updated with any changes from their source branch. This MUST be done by rebasing the change branch on top of the source branch.
    8. After updating a change branch from its source branch you MUST push the change branch to the remote server. Due to the nature of rebasing, you will be required to do a force push, and you MUST use the "--force-with-lease" git push option when doing so instead of the regular "--force".
    9. If there is a truly valid technical reason to not use rebase when updating change branches, then you can update change branches via merge instead of rebase. The decision to use merge MUST only be taken after all possible options to use rebase have been tried and failed. People not understanding how to use rebase is NOT a valid reason to use merge. If you do decide to use merge instead of rebase, you MUST NOT use a mixture of both methods, pick one and stick to it.

 

  1. Pull Requests
    1. To merge a change branch into its merge target, you MUST open a "pull request" (or equivalent).
    2. The purpose of a pull request is to allow others to review your changes and give feedback. You can then fix any issues, complaints, and more that might arise, and then let people review again.
    3. Before creating a pull request, it is RECOMMENDED that you consider the state of your change branch's commit history. If it is messy and confusing, it might be a good idea to rebase your branch with "git rebase -i" to present a cleaner and easier to follow commit history for your reviewers.
    4. A pull request MUST only be merged when the change branch is up-to-date with its source branch, the test suite is passing, and you and others are happy with the change. This is especially important if the merge target is the master branch.
    5. To get feedback, help, or generally just discuss a change branch with others, it is RECOMMENDED you create a pull request and discuss the changes with others there. This leaves a clear and visible history of how, when, and why the code looks and behaves the way it does.

 

  1. Versioning
    1. A "version string" is a typically mostly numeric string that identifies a specific version of a project. The version string itself MUST NOT have a "v" prefix, but the version string can be displayed with a "v" prefix to indicate it is a version that is being referred to.
    2. The source of truth for a project's version MUST be a git tag with a name based on the version string. This kind of tag MUST be referred to as a "release tag".
    3. It is OPTIONAL, but RECOMMENDED to also keep the version string hard-coded somewhere in the project code-base.
    4. If you hard-code the version string into the code-base, it is RECOMMENDED that you do so in a file called "VERSION" located in the root of the project. But be mindful of the conventions of your programming language and community when choosing if, where and how to hard-code the version string.
    5. If you are using a "VERSION" file in the root of the project, this file MUST only contain the exact version string, meaning it MUST NOT have a "v" prefix. For example "v2.11.4" is bad, and "2.11.4" is good.
    6. It is OPTIONAL, but RECOMMENDED that that the version string follows Semantic Versioning (http://semver.org/).

 

  1. Releases
    1. To create a new release, you MUST create a git tag named as the exact version string of the release. This kind of tag MUST be referred to as a "release tag".
    2. The release tag name can OPTIONALLY be prefixed with "v". For example the tag name can be either "2.11.4" or "v2.11.4". It is however RECOMMENDED that you do not use a "v" prefix. You MUST NOT use a mixture of "v" prefixed and non-prefixed tags. Pick one form and stick to it.
    3. If the version string is hard-coded into the code-base, you MUST create a "version bump" commit which changes the hard-coded version string of the project.
    4. When using version bump commits, the release tag MUST be placed on the version bump commit.
    5. If you are not using a release branch, then the release tag, and if relevant the version bump commit, MUST be created directly on the master branch.
    6. The version bump commit SHOULD have a commit message title of "Bump version to VERSION". For example, if the new version string is "2.11.4", the first line of the commit message SHOULD read: "Bump version to 2.11.4"
    7. It is RECOMMENDED that release tags are lightweight tags, but you can OPTIONALLY use annotated tags if you want to include changelog information in the release tag itself.
    8. If you use annotated release tags, the first line of the annotation SHOULD read "Release VERSION". For example for version "2.11.4" the first line of the tag annotation SHOULD read "Release 2.11.4". The second line MUST be blank, and the changelog MUST start on the third line.

 

  1. Short-Term Release Branches
    1. Any branch that has a name starting with "release-" SHOULD be referred to as a "release branch".
    2. Any release branch which has a name ending with a specific version string, MUST be referred to as a "short-term release branch".
    3. Use of short-term release branches are OPTIONAL, and intended to be used to create a specific versioned release.
    4. A short-term release branch is RECOMMENDED if there is a lengthy pre-release verification process to avoid a code freeze on the master branch.
    5. Short-term release branches MUST have a name of "release-VERSION". For example for version "2.11.4" the release branch name MUST be "release-2.11.4".
    6. When using a short-term release branch to create a release, the release tag and if used, version bump commit, MUST be placed directly on the short-term release branch itself.
    7. Only very minor changes should be performed on a short-term release branch directly. Any larger changes SHOULD be done in the master branch, and SHOULD be pulled into the release branch by rebasing it on top of the master branch the same way a change branch pulls in updates from its source branch.
    8. After a release tag has been created, the release branch MUST be merged back into its source branch and then deleted. Typically the source branch will be the master branch.

 

  1. Long-term Release Branches
    1. Any release branch which has a name ending with a non-specific version string, MUST be referred to as a "long-term release branch". For example "release-2.11" is a long-term release branch, while "release-2.11.4" is a short-term release branch.
    2. Use of long-term release branches are OPTIONAL, and intended for work on versions which are not currently part of the master branch. Typically this is useful when you need to create a new maintenance release for a older version.
    3. A long-term release branch MUST have a name with a non-specific version number. For example a long-term release branch for creating new 2.9.x releases MUST be named "release-2.9".
    4. Long-term release branches for maintenance releases of older versions MUST be created from the relevant release tag. For example if the master branch is on version 2.11.4 and there is a security fix for all 2.9.x releases, the latest of which is "2.9.7". Create a new branch called "release-2.9" from the "2.9.7" release tag. The security fix release will then end up being version "2.9.8".
    5. To create a new release from a long-term release branch, you MUST follow the same process as a release from the master branch, except the long-term release branch takes the place of the master branch.
    6. A long-term release branch should be treated with the same respect as the master branch. It is effectively the master branch for the release series in question. Meaning it MUST always be in a non-broken state, MUST NOT be force pushed to, etc.

 

  1. Bug Fixes & Rollback
    1. You MUST NOT under any circumstances force push to the master branch or to long-term release branches.
    2. If a change branch which has been merged into the master branch is found to have a bug in it, the bug fix work MUST be done as a new separate change branch and MUST follow the same workflow as any other change branch.
    3. If a change branch is wrongfully merged into master, or for any other reason the merge must be undone, you MUST undo the merge by reverting the merge commit itself. Effectively creating a new commit that reverses all the relevant changes.

 

  1. Git Best Practices
    1. All commit messages SHOULD follow the Commit Guidelines and format from the official git documentation: https://git-scm.com/book/en/v2/Distributed-Git-Contributing-to-a-Project#_commit_guidelines
    2. You SHOULD never blindly commit all changes with "git commit -a". It is RECOMMENDED you use "git add -i" or "git add -p" to add individual changes to the staging area so you are fully aware of what you are committing.
    3. You SHOULD always use "--force-with-lease" when doing a force push. The regular "--force" option is dangerous and destructive. More information: https://developer.atlassian.com/blog/2015/04/force-with-lease/
    4. You SHOULD understand and be comfortable with rebasing: https://git-scm.com/book/en/v2/Git-Branching-Rebasing
    5. It is RECOMMENDED that you always do "git pull --rebase" instead of "git pull" to avoid unnecessary merge commits. You can make this the default behavior of "git pull" with "git config --global pull.rebase true".
    6. It is RECOMMENDED that all branches be merged using "git merge --no-ff". This makes sure the reference to the original branch is kept in the commits, allows one to revert a merge by reverting a single merge commit, and creates a merge commit to mark the integration of the branch with master.

 

FAQ

Why use Common-Flow instead of Git Flow, and how does it differ?

Common-Flow tries to be a lot less complicated than Git Flow by having fewer types of branches, and simpler rules. Normal day to day development doesn't really change much:

  • You create change branches instead of feature branches, without the need of a "feature/" or "change/" prefix in the branch name.
  • Change branches are typically created from and merged back into "master" instead of "develop".
  • Creating a release is done by simply creating a git tag, typically on the master branch.

 

 

In detail, the main differences between Git Flow and Common-Flow are:

  • There is no "develop" branch, there is only a "master" branch which contains the latest work. In Git Flow the master branch effectively ends up just being a pointer to the latest release, despite the fact that Git Flow includes release tags too. In Common-Flow you just look at the tags to find the latest release.
  • There are no "feature" or "hotfix" branches, there's only "change" branches. Any branch that is not master and introduces changes is a change branch. Change branches also don't have a enforced naming convention, they just have to have a "descriptive name". This makes things simpler and allows more flexibility.
  • Release branches are available, but optional. Instead of enforcing the use of release branches like Git Flow, Common-Flow only recommends the use of release branches when it makes things easier. If creating a new release by tagging "master" works for you, great, do that.

 

 

Why use Common-Flow instead of GitHub Flow, and how does it differ?

Common-Flow is essentially GitHub Flow with the addition of a "Release" concept that uses tags. It also attempts to define how certain common tasks are done, like updating change/feature branches from their source branches for example. This is to help end arguments about how such things are done.

If a deployment/release for you is just getting the latest code in the master branch out, without caring about bumping version numbers or anything, then GitHub Flow is a good fit for you, and you probably don't need the extras of Common-Flow.

However if your deployments/releases have specific version numbers, then Common-Flow gives you a simple set of rules of how to create and manage releases, on top of what GitHub Flow already does.

 

 

What does "descriptive name" mean for change branches?

It means what it sounds like. The name should be descriptive, as in by just reading the name of the branch you should understand what the branch's purpose is and what it does. Here's a few examples:

  • add-2fa-support
  • fix-login-issue
  • remove-sort-by-middle-name-functionality
  • update-font-awesome
  • change-search-behavior
  • improve-pagination-performance
  • tweak-footer-style

Notice how none of these have any prefixes like "feature/" or "hotfix/", they're not needed when branch names are properly descriptive. However there's nothing to say you can't use such prefixes if you want.

You can also add ticket numbers to the branch name if your team/org has that as part of it's process. But it is recommended that ticket numbers are added to the end of the branch name. The ticket number is essentially metadata, so put it at the end and out of the way of humans trying to read the descriptive name from left to right.

 

 

 

How do we release an emergency hotfix when the master branch is broken?

This should ideally never happen, however if it does you can do one of the following:

  • Review why the master branch is broken and revert the changes that caused the issues. Then apply the hotfix and release.
  • Or use a short-term release branch created from the latest release tag instead of the master branch. Apply the hotfix to the release branch, create a release tag on the release branch, and then merge it back into master.

In this situation, it is recommended you try to revert the offending changes that's preventing a new release from master. But if that proves to be a complicated task and you're short on time, a short-term release branch gives you a instant fix to the situation at hand, and let's you resolve the issues with the master branch when you have more time on your hands.

 

 

'job > devops' 카테고리의 다른 글

taskfile  (0) 2024.03.10
kubewarden  (0) 2024.01.20
openfunction  (0) 2023.12.01

+ Recent posts