Thomas Thornton – Microsoft Azure MVP – HashiCorp Ambassador

Microsoft Azure Blog – Microsoft MVP

My thoughts on why you should use Terraform Provisioners as a final option

on by Leave a comment

In today’s world, Infrastructure as Code (IaC) has become a fundamental part of managing and deploying cloud infrastructure. Terraform is a widely used IaC tool that enables us to define our infrastructure as code, store it in version control, and use it to provision and manage our cloud resources. Provisioners in Terraform are used to execute scripts or commands on a resource after it has been created. Provisioners can be used to configure and bootstrap resources after creation.

In this blog post, we will discuss Terraform Provisioners with Azure examples and why I consider using them as a final option within your Infrastructure As Code.

What are Terraform Provisioners?

Terraform Provisioners are used to execute scripts or commands on a resource after it has been created. Provisioners can be used to configure and bootstrap resources after creation. There are two types of provisioners in Terraform:

  • Local-exec provisioners: Executes a command locally on the machine running Terraform.
  • Remote-exec provisioners: Executes a command on a remote resource, typically after it has been created.

Provisioners in Terraform can be useful for various tasks such as installing software, configuring settings, or running custom scripts.

Terraform Provisioner usage examples

Terraform Provisioners with Azure Examples

Here are some examples of how you can use Terraform Provisioners with Azure:

  1. Local-Exec Provisioners
resource "azurerm_linux_virtual_machine" "example" {
  # ...
}

provisioner "local-exec" {
  command = "echo 'Virtual Machine created'"
}

In this example, we create a Linux Virtual Machine in Azure using the azurerm_linux_virtual_machine resource. After the Virtual Machine has been created, the local-exec provisioner runs a command to echo a message.

  1. Remote-Exec Provisioners
Copy code
resource "azurerm_virtual_machine" "example" {
  # ...
}

provisioner "remote-exec" {
  inline = [
    "sudo apt-get update",
    "sudo apt-get install -y nginx",
    "sudo systemctl start nginx"
  ]
}

In this example, we create a Virtual Machine in Azure using the azurerm_virtual_machine resource. After the Virtual Machine has been created, the remote-exec provisioner runs a series of commands to update the machine, install the Nginx web server, and start the server.

The final option to use – why?

I do recommend to avoid using provisioners wherever possible and use other tools and techniques instead. Here are some reasons why Terraform Provisioners should be a last resort:

  • Dependencies and Requirements

Provisioners may require specific software or tools to be installed on the local machine or remote resource, which can introduce additional dependencies to the Terraform code. For example, if you need to install software on a resource using a provisioner, you may need to have that software installed on the local machine running Terraform or the remote resource. This can make it harder to manage and test the code, especially when you are working with multiple cloud providers or environments.

  • Adds Complexity

Provisioners can add complexity to the Terraform code and make it harder to understand, troubleshoot, and maintain. When you have multiple resources that require different provisioners, the complexity of the code can increase significantly. As your infrastructure grows, the complexity of your provisioners may also increase, making them harder to manage. This can impact the readability of your Terraform code, and make it harder for others to understand the configuration.

  • Possibility of performance issues

Provisioners can be slow, especially when running on remote resources. This can cause delays in the provisioning process and impact the overall performance of your infrastructure. Provisioners can also impact the performance of the local machine running Terraform, as they may consume significant resources when executing. This can impact your ability to work on other tasks while Terraform is running.

  • Reliability

Provisioners can fail or cause errors, especially when running on remote resources that may be slow or unstable. This can cause issues with your infrastructure and require manual intervention to resolve. Provisioners can also cause issues with the ordering of resource creation, which can lead to unpredictable results. If a provisioner fails or causes an error, you may need to rerun the entire Terraform configuration, which can be time-consuming and impact your productivity.

  • Not Portable

Provisioners may not be portable across different cloud providers or operating systems, which can lead to vendor lock-in and create dependencies on specific tools and technologies.

  • Limited Error Handling

Provisioners have limited error handling capabilities and may not be able to handle complex scenarios or errors gracefully. This can cause issues in the infrastructure that may be hard to troubleshoot and fix.

Alternatives to Terraform Provisioners

  1. Configuration Management Tools

Configuration Management Tools, such as Ansible or Chef, can be used to manage the configuration of resources after they have been created. These tools can be used to install software, configure settings, or run custom scripts. Configuration Management Tools can provide a more flexible and scalable approach to configuring resources, as they are not tied to the Terraform code. They can also be used across different cloud providers and environments.

  1. Custom Scripts

Custom scripts can be used to perform tasks on resources after they have been created. Custom scripts can be written in any language, making them flexible and scalable. Custom scripts can also be used to automate tasks that cannot be performed using Terraform Provisioners, such as interacting with APIs or external services. Custom scripts can also be used across different cloud providers and environments.

Finishing off

Terraform Provisioners can be a powerful tool for configuring and bootstrapping resources after creation. However, they are typically considered a last resort because they can introduce complexity and dependencies to your Terraform code, impacting its maintainability and scalability. There are alternative approaches, such as Configuration Management Tools or Custom Scripts, that can provide a more flexible and scalable approach to managing resources. When using Terraform Provisioners, it is essential to test them thoroughly and ensure their reliability and stability to minimize the risk of issues with your

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s