Maestro Integration With Terraform

As we all know, self-service is one of the main focuses of Maestro. For the sake of effective self-service, Maestro supports the Infrastructure as Code (IaC) approach that allows preparing stack templates and employing these templates when creating new resources.

One of the IaC tools taken on board by Maestro is Terraform by HashiCorp – a cross-platform solution that allows managing complex infrastructures hosted in multiple clouds.

Why Terraform?

Main advantages of Terraform as an IaC tool are wide functionality, cross-platformity, and separated phases of planning and execution that give time and space for the users to review their infrastructure and make them confident in the results.

Main strengths of the Terraform solution incorporated by Maestro are
  • Integration with GitHub
  • Catalog of templates
  • Lock the Template option
  • Extended functionality for reviewing stacks
These tools and actions are available in both web and mobile versions of Maestro Orchestrator.

Below, you can find a brief overview of Maestro IaC tools and templates processing, on Terraform example:


 

How does Maestro integrate Terraform with GitHub?

In earlier versions, all the templates were manually added to and stored directly in Maestro. Now you can store your Terraform templates on GitHub and use them for creating your resources in Maestro.
GitHub-based Terraform templates are not uploaded to Maestro and are not stored anywhere on the Maestro side: Maestro only reviews and registers them for the future use and then applies on request.
Once your Terraform template is on GitHub, you must specify these parameters to register it on Maestro:
  • source type (GitHub) – only after this, the necessary input field will appear,
  • your GitHub username and password,
  • URI of the relevant GitHub repository and its branch,
  • folder where your Terraform templates are stored,
  • (optional) Terraform variables and their values to be used as default ones when the template is applied.
You must also select what actions Maestro will take once the template is updated in the GitHub repository (None, Auto plan, or Auto apply):
Once registered, your GitHub-based Terraform templates can be reviewed in the Catalog page with any version of Maestro Orchestrator.
Terraform templates stored on GitHub are updated and validated automatically once they are changed in git – you do not need to do it specifically for Maestro.

What is Catalog and why do I need it?

Catalog page lists the available templates, their details, and verification results. You can easily find this page in both web and mobile versions of Maestro Orchestrator.
In the Catalog page, you can review and manage all the existing templates (including the Terraform ones):

Provided information:
  • name and description of the Terraform template, its type, and status;
  • template code;
  • validation status and validation logs,
  • events related to the template;
  • default values of the template parameters.
Possible actions:
  • run the Terraform template and view application logs;
  • plan the template’s execution and view planning logs;
  • lock the template.

Why is it useful to lock templates?

When anybody changes and applies Terraform templates, they change the existing infrastructure and these changes can be crucial.
If you want to be 100% sure that nobody interferes with your work, you can lock the necessary template or templates in the Content View on the Catalog page:
If the template is locked, 
  • Only the user who has locked it will be able to modify it, plan, or apply. All other users will get the notification that the template is locked.
  • Its related stacks cannot be destroyed in the Stacks page (though this does not influence the management of these stacks in the Management page or via native cloud consoles).
  • Auto Plan and Auto Apply actions will fail with the respective notification (for GitHub-stored templates).

Where can I review and manage my stacks?

Maestro has revised its stack-related functionality and created the specific space for managing stacks – the Stacks page of the Maestro Orchestrator:
The Stacks page includes three logical sections:
  • Main Table where you can find all the created stacks and review their basic information including the stack name and owner; its creation date; the name and type of the template that was used to create the stack; the status of the stack.
  • Stack Resources section where you can review the resources created or affected by the stack (is opened by clicking the arrow button).
  • Content View section where you can view the additional details on the stack, see the stack-related audit events, and destroy the stack.
Thus, the Stacks page is the consolidated page where you review all the available stacks regardless of when, how, and by whom it was created. It is also the easiest way for destroying unnecessary stacks – by clicking the Destroy button in the Content View section of the selected stack.

Conclusions

Terraform integration with Maestro is a powerful solution that allows cloud users to quickly and easily manage their cloud resources in terms of self-service. By creating Terraform templates and locating them on GitHub, you make sure that your resources are created, managed, and stored in the safest possible but still a low-effort way, whereas the Catalog and Stacks pages gather and provide all the related information in one place.

We have also prepared a set of blog post comparing Terraform Enterprise vs Maestro Terraform as a Service. Take a look for more details: Part I, Part II, Part III

Comments

Post a Comment

Popular posts from this blog

Maestro Analytics: Essentials at the Fingertips

Image
Infrastructure analytics is one of the cornerstones for effective cloud management. Each cloud provider offers its own set of features and services for such purpose. We can say that AWS QuickSight, Google Data Studio, and Microsoft BI are among the top of the native analytics and BI offerings. They are deeply integrated into their native infrastructures, provide the detailed review of the infrastructure state, events and cost, and allow to take a deep dive into details, being powered by strong internal mechanisms and AI/ML engines. However, in many cases they provide a huge volume of data which needs a BI expert to cope with, as well as may have limited customization possibilities in terms of the covered data scope. Also, if you use more than one cloud, or have private datacenters, the fact that each of these tools is limited to its vendor, may be a reason for you to find a third-party analytics tool. Here is where you may consider solutions such as CloudHealth, AppOptics, or IBM C
Read more

Maestro: Greeting the Green Dragon

Image
The year is coming to the end, and it's high time for our traditional lookback on Maestro evolution, changes, and important events. The year of 2023 has been dynamic and full of updates, both technical and strategic.  We kept to our previous commitments , meanwhile adjusting to the new trends in Cloud and technologies in general.  We met our user's expectation and need for  cross-cloud FinOps, automated infrastructure analytics, security assessment and the "Fix it" button , aimed to simplify issues remediation. We also took into account the rising demand for  Open Stack-based resources, Cloud Native approaches,  AI/ML integrations .  As a result, we came up with our standard "six release per year" cycle, highlighted with the following milestones: Maestro Insights With the ML technologies growth, the amount of services offering infrastructure recommendations and analytics, grow. This is true for the public cloud providers' native services, as well as thir
Read more

Maestro Orchestrator: Product? SaaS? Framework!

Image
In 2012, EPAM Cloud Orchestrator was created as a cloud solution for the EPAM Systems community. It appeared when the issue of redesigning the growing infrastructure of more than 500 projects became critical. After a thorough analysis of the existing solutions, EPAM experts had to admit that none of them fit the company needs. However, that was not a problem but a challenge. If no perfect solution existed, EPAM created its own from scratch. In six years, EPAM Cloud Orchestrator evolved into a true hybrid cloud with over 8000 virtual machines in hundreds of projects. In addition to its basic function - hosting virtual resources - it supports a number of related components helping the users to be in full control of their virtual infrastructures, such as audit, monitoring, billing, reporting. Meanwhile, a time has come to go out of the box of an enterprise solution and meet the market. This is how the new generation of EPAM Cloud Orchestrator - Maestro was born. Maestro is
Read more