Home - ezra-buckingham/terry-the-terraformer GitHub Wiki
Disclaimer ⚠️
Before adding to Terry, you must read and understand all the design paradigms that went into building Terry as some of them will directly impact how you add to the project. You will need accounts and API credentials with the cloud providers you want to use.
Development Paradigms
When developing Terry, I took the liberty of defining the following design paradigms:
- All sensitive credential values will be set as environment variables for downstream dependencies to access, like Terraform and Ansible (even if erroneously defined in the configuration file by a user that hates security)
- Variables and naming of files must be consistently named across the entire project
- Terraform should not do any host configuration
- The sole purpose of Terraform is to build a specific resource using a provider (of which can be a SSH key, domain record, serverless function, server, etc)
- Terry can and should be able to read sensitive values from either command line arguments, environment variables, the configuration file, or from standard input (in that order of precedence). The choice of which to use should be up to the operator
- Since all cloud providers have similar offerings, resources should be abstracted from the provider
- For example, AWS has EC2 for creating virtual machines. But at the core, it is just a server. Terry will expect that you call it a server and not an EC2 instance when creating the resource file for that provider
Deployed Resource Design Paradigms
When deploying repeatable infrastructure, I took the liberty of defining the following deployment paradigms:
- Servers use UFW as a host-based firewall so that we are abstracted away from the cloud provider's implementation of a firewall
- Ensure you have one IP address in the
default_userslist that will never change or else you could lose access to a server if your IP address changes from your ISP
- Ensure you have one IP address in the
- Ansible playbooks assume you are running a recent version of Debian
- All software installed on a server is located at
/opt/<software_name> - Installed software that normally needs to be started manually via the command line is installed as a service
- For example, a DNS redirector uses
socatfor redirection. To make life easier, Terry will create adns-redirector.serviceservice so thatsocatcan run in the background
- For example, a DNS redirector uses
- All containers are deployed to
/opt/container/<container_name>
Wow, you are still reading? That is impressive considering that was boring stuff. What do you say we get started? Yeah, let's do it! Head on over to the Getting Started Page!