Terraform Grundkonzepte
Terraform-Grundprinzipien:
Deklarativ: "Was soll existieren?" (nicht "wie baue ich es auf?")
Provider: Plugins fuer Cloud-APIs (AWS, Azure, GCP, etc.)
State: Zustand der echten Infrastruktur gespeichert
Plan: Vorschau was sich aendern wird
Apply: Aenderungen durchfuehren
Workflow:
terraform init → Provider herunterladen
terraform plan → Vorschau anzeigen
terraform apply → Ausfuehren
terraform destroy → Alles loeschen
Dateien:
main.tf → Hauptkonfiguration
variables.tf → Eingabevariablen
outputs.tf → Ausgabewerte
providers.tf → Provider-Konfiguration
backend.tf → State-Backend
Terraform installieren
# Ubuntu/Debian
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor |
tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" |
tee /etc/apt/sources.list.d/hashicorp.list
apt update && apt install terraform
# macOS
brew tap hashicorp/tap && brew install hashicorp/tap/terraform
# Version pruefen
terraform version
Erstes Projekt: Azure VM
# providers.tf
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0"
}
}
backend "azurerm" {
resource_group_name = "rg-terraform-state"
storage_account_name = "tfstate12345"
container_name = "tfstate"
key = "prod.terraform.tfstate"
}
}
provider "azurerm" {
features {}
}
# main.tf
resource "azurerm_resource_group" "main" {
name = "rg-meine-app"
location = "Germany West Central"
}
resource "azurerm_virtual_network" "main" {
name = "vnet-main"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
}
resource "azurerm_subnet" "internal" {
name = "subnet-internal"
resource_group_name = azurerm_resource_group.main.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_linux_virtual_machine" "app" {
name = "vm-app-server"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
size = "Standard_B2s"
admin_username = "azureuser"
network_interface_ids = [azurerm_network_interface.main.id]
admin_ssh_key {
username = "azureuser"
public_key = file("~/.ssh/id_rsa.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Premium_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts"
version = "latest"
}
}
Terraform Plan und Apply
# Azure-Login
az login
# Terraform initialisieren
terraform init
# Plan erstellen (zeigt was passiert)
terraform plan -out=tfplan
# Apply ausfuehren
terraform apply tfplan
# Aenderung: VM-Groesse aendern in main.tf
# size = "Standard_B4ms"
terraform plan # zeigt: ~azurerm_linux_virtual_machine.app will be updated
# Destroy
terraform destroy
FAQ
Was ist der Unterschied zwischen Terraform und Ansible?
Terraform: Infrastruktur provisionieren (VMs, Netzwerke, Services erstellen). Ansible: Konfiguration verwalten (Pakete installieren, Dateien konfigurieren). Optimal: Terraform + Ansible zusammen.
Fazit
Terraform ist der Standard fuer Cloud-IaC: Provider fuer alle grossen Clouds, State-Management und Plan-Preview machen Infrastruktur-Aenderungen reproduzierbar und sicher.
Terraform und IaC fuer KMU in Heidelberg, Mannheim und der Rhein-Neckar-Region. Beratung anfragen.