terraformingの代わりになるかも知れないのでterraformerを早速試した

f:id:dehio3:20190710094851p:plain

はじめに
インストール
構成情報の取得
terraformingの課題解決できる？

はじめに

クラスメソッドさんが以下の記事を書いていた

dev.classmethod.jp

AWS環境管理の為に、同じようなterraformingというツール使ってるので、比較のため早速試してみる。

インストール

READMEの手順を参考して実施

github.com

# curl -LO https://github.com/GoogleCloudPlatform/terraformer/releases/download/$(curl -s https://api.github.com/repos/GoogleCloudPlatform/terraformer/releases/latest | grep tag_name | cut -d '"' -f 4)/terraformer-darwin-amd64
# chmod +x terraformer-darwin-amd64
# sudo mv terraformer-darwin-amd64 /usr/local/bin/terraformer
# ls -l /usr/local/bin/terraformer
-rwxr-xr-x  1 s04270  CATK\Domain Users  9  7  2 13:54 /usr/local/bin/terraformer*

なんかサイズ小さすぎない？

# file /usr/local/bin/terraformer
/usr/local/bin/terraformer: ASCII text, with no line terminators
# cat /usr/local/bin/terraformer
Not Found%

取れてない。

# curl -s https://api.github.com/repos/GoogleCloudPlatform/terraformer/releases/latest | grep tag_name | cut -d '"' -f 4
#

downloadのtagがちゃんと取れてない。

releasesページ見て、直接ダウンロード

# curl -LO https://github.com/GoogleCloudPlatform/terraformer/releases/download/0.7.5/terraformer-darwin-amd64
# chmod +x terraformer-darwin-amd64
# sudo mv terraformer-darwin-amd64 /usr/local/bin/terraformer
# ls -l /usr/local/bin/terraformer
-rwxr-xr-x  1 s04270  CATK\Domain Users  113765900  7  2 14:00 /usr/local/bin/terraformer*
# file /usr/local/bin/terraformer
/usr/local/bin/terraformer: Mach-O 64-bit executable x86_64
#
# terraformer --help
Usage:
   [command]

Available Commands:
  help        Help about any command
  import      Import current State to terraform configuration
  plan        Plan to import current State to terraform configuration
  version     Print the version number of Terraformer

Flags:
  -h, --help      help for this command
      --version   version for this command

Use " [command] --help" for more information about a command.

インストール完了

構成情報の取得

事前設定

クラスメソッドさんの記事通りに実施

# terraform version  
Terraform v0.11.13

Your version of Terraform is out of date! The latest version
is 0.12.3. You can update by downloading from www.terraform.io/downloads.html
# terraformer --version 
version v0.7.5

# echo 'provider "aws" {}' > init.tf
# terraform init
### ReadOnlyのIAM Userを使う
# export AWS_ACCESS_KEY_ID=***************
# export AWS_SECRET_ACCESS_KEY=******************
### 複数のアカウントあるので念の為、接続先が検証環境である事を確認
# aws s3 ls

importを試す

オプションを確認

$ terraformer import aws --help
Import current State to terraform configuration from aws

Usage:
   import aws [flags]
   import aws [command]

Available Commands:
  list        List supported resources for aws provider

Flags:
  -b, --bucket string         gs://terraform-state
  -c, --connect                (default true)
  -f, --filter strings        aws_elb=id1:id2:id4
  -h, --help                  help for aws
  -o, --path-output string     (default "generated")
  -p, --path-pattern string   {output}/{provider}/custom/{service}/ (default "{output}/{provider}/{service}/")
      --regions strings       eu-west-1,eu-west-2,us-east-1
  -r, --resources strings     vpc,subnet,nacl
  -s, --state string          local or bucket (default "local")

Use " import aws [command] --help" for more information about a command.

とりあえずVPCのデータを取得

# terraformer import aws \
  --resources=vpc \
  --regions=ap-northeast-1

2019/07/02 14:23:13 aws importing region ap-northeast-1
2019/07/02 14:23:13 aws importing... vpc
2019/07/02 14:23:21 Refreshing state... aws_vpc.vpc-********
2019/07/02 14:23:21 Refreshing state... aws_vpc.vpc-********
2019/07/02 14:23:22 aws Connecting.... 
2019/07/02 14:23:22 aws save vpc
2019/07/02 14:23:22 [DEBUG] New state was assigned lineage "************************"
2019/07/02 14:23:22 aws save tfstate for vpc

生成されたファイルを確認する

# find ./generated -type f
./generated/aws/vpc/ap-northeast-1/outputs.tf
./generated/aws/vpc/ap-northeast-1/terraform.tfstate
./generated/aws/vpc/ap-northeast-1/provider.tf
./generated/aws/vpc/ap-northeast-1/vpc.tf

全リソースをimportする

取得できるリソースを確認

# terraformer import aws list  
acm
alb
auto_scaling
cloudfront
ec2_instance
elasticache
elb
iam
igw
nacl
rds
route53
s3
sg
subnet
vpc
vpn_connection
vpn_gateway

listで取得できる全てのリソースを指定して実行する

# terraformer import aws \
  --resources=`terraformer import aws list | awk '{if(NR == 1){r = $0}else{ r = r","$0}}END{print r}'` \
  --regions=ap-northeast-1

生成されたファイルを確認する

# find ./generated -type f    
./generated/aws/s3/ap-northeast-1/outputs.tf
./generated/aws/s3/ap-northeast-1/terraform.tfstate
./generated/aws/s3/ap-northeast-1/provider.tf
./generated/aws/s3/ap-northeast-1/s3_bucket.tf
./generated/aws/igw/ap-northeast-1/outputs.tf
./generated/aws/igw/ap-northeast-1/terraform.tfstate
./generated/aws/igw/ap-northeast-1/variables.tf
./generated/aws/igw/ap-northeast-1/provider.tf
./generated/aws/igw/ap-northeast-1/internet_gateway.tf
./generated/aws/vpn_gateway/ap-northeast-1/terraform.tfstate
./generated/aws/vpn_gateway/ap-northeast-1/variables.tf
./generated/aws/vpn_gateway/ap-northeast-1/provider.tf
./generated/aws/cloudfront/ap-northeast-1/terraform.tfstate
./generated/aws/cloudfront/ap-northeast-1/provider.tf
./generated/aws/alb/ap-northeast-1/outputs.tf
./generated/aws/alb/ap-northeast-1/terraform.tfstate
./generated/aws/alb/ap-northeast-1/lb.tf
./generated/aws/alb/ap-northeast-1/lb_target_group.tf
./generated/aws/alb/ap-northeast-1/lb_listener.tf
./generated/aws/alb/ap-northeast-1/lb_target_group_attachment.tf
./generated/aws/alb/ap-northeast-1/variables.tf
./generated/aws/alb/ap-northeast-1/provider.tf
./generated/aws/alb/ap-northeast-1/lb_listener_rule.tf
./generated/aws/auto_scaling/ap-northeast-1/outputs.tf
./generated/aws/auto_scaling/ap-northeast-1/terraform.tfstate
./generated/aws/auto_scaling/ap-northeast-1/autoscaling_group.tf
./generated/aws/auto_scaling/ap-northeast-1/variables.tf
./generated/aws/auto_scaling/ap-northeast-1/provider.tf
./generated/aws/auto_scaling/ap-northeast-1/launch_configuration.tf
./generated/aws/elb/ap-northeast-1/terraform.tfstate
./generated/aws/elb/ap-northeast-1/variables.tf
./generated/aws/elb/ap-northeast-1/provider.tf
./generated/aws/iam/ap-northeast-1/outputs.tf
./generated/aws/iam/ap-northeast-1/terraform.tfstate
./generated/aws/iam/ap-northeast-1/iam_role_policy.tf
./generated/aws/iam/ap-northeast-1/iam_policy.tf
./generated/aws/iam/ap-northeast-1/iam_user_policy.tf
./generated/aws/iam/ap-northeast-1/iam_user.tf
./generated/aws/iam/ap-northeast-1/provider.tf
./generated/aws/iam/ap-northeast-1/iam_policy_attachment.tf
./generated/aws/sg/ap-northeast-1/outputs.tf
./generated/aws/sg/ap-northeast-1/terraform.tfstate
./generated/aws/sg/ap-northeast-1/security_group.tf
./generated/aws/sg/ap-northeast-1/provider.tf
./generated/aws/nacl/ap-northeast-1/network_acl.tf
./generated/aws/nacl/ap-northeast-1/outputs.tf
./generated/aws/nacl/ap-northeast-1/terraform.tfstate
./generated/aws/nacl/ap-northeast-1/variables.tf
./generated/aws/nacl/ap-northeast-1/provider.tf
./generated/aws/ec2_instance/ap-northeast-1/outputs.tf
./generated/aws/ec2_instance/ap-northeast-1/terraform.tfstate
./generated/aws/ec2_instance/ap-northeast-1/provider.tf
./generated/aws/ec2_instance/ap-northeast-1/instance.tf
./generated/aws/vpc/ap-northeast-1/outputs.tf
./generated/aws/vpc/ap-northeast-1/terraform.tfstate
./generated/aws/vpc/ap-northeast-1/provider.tf
./generated/aws/vpc/ap-northeast-1/vpc.tf
./generated/aws/vpn_connection/ap-northeast-1/terraform.tfstate
./generated/aws/vpn_connection/ap-northeast-1/variables.tf
./generated/aws/vpn_connection/ap-northeast-1/provider.tf
./generated/aws/elasticache/ap-northeast-1/terraform.tfstate
./generated/aws/elasticache/ap-northeast-1/variables.tf
./generated/aws/elasticache/ap-northeast-1/provider.tf
./generated/aws/subnet/ap-northeast-1/outputs.tf
./generated/aws/subnet/ap-northeast-1/terraform.tfstate
./generated/aws/subnet/ap-northeast-1/variables.tf
./generated/aws/subnet/ap-northeast-1/provider.tf
./generated/aws/subnet/ap-northeast-1/subnet.tf
./generated/aws/rds/ap-northeast-1/outputs.tf
./generated/aws/rds/ap-northeast-1/terraform.tfstate
./generated/aws/rds/ap-northeast-1/variables.tf
./generated/aws/rds/ap-northeast-1/provider.tf
./generated/aws/rds/ap-northeast-1/db_parameter_group.tf
./generated/aws/rds/ap-northeast-1/db_instance.tf
./generated/aws/rds/ap-northeast-1/db_subnet_group.tf
./generated/aws/acm/ap-northeast-1/outputs.tf
./generated/aws/acm/ap-northeast-1/terraform.tfstate
./generated/aws/acm/ap-northeast-1/acm_certificate.tf
./generated/aws/acm/ap-northeast-1/provider.tf
./generated/aws/route53/ap-northeast-1/outputs.tf
./generated/aws/route53/ap-northeast-1/terraform.tfstate
./generated/aws/route53/ap-northeast-1/route53_zone.tf
./generated/aws/route53/ap-northeast-1/route53_record.tf
./generated/aws/route53/ap-northeast-1/provider.tf

terraformingの課題解決できる？

terraformingでtfファイルを生成すると、aws_network_interfaceの表示順が変わるので、リソースの変更をしていなくてもファイルとしての差分が毎回でる。 terraformingをスケジュール実行し、生成されたファイルをGitHubに自動でpushする事で、ファイル差分（環境変更）が発生した履歴を確認してるけど、上記だと毎回必ず差分が出てる・・

# grep -r aws_network_interface ./*
#

そもそもaws_network_interfaceリソースは生成されてなかった。。

今後に期待！！

dehio3’s diary

仕事、生活、趣味のメモ