Project:Infrastructure/Terraform

From Gentoo Wiki
Jump to:navigation Jump to:search

Infra-as-code

Gentoo uses some Terraform to manage various components that have terraform support; this helps support infra-as-code which we feel is important to manage infrastructure. For infra members, check out git+ssh://git@git.gentoo.org/infra/infra-as-code.

Pushing updates

Currently terraform can control our onprem gitlab and our AWS deployment. Pushing updates requires two credentials:

- An AWS credential to access terraform state (s3, dynamodb).
- A credential for the target system (currently an AWS or gitlab credential.)

We will document how to get both.

AWS

infra-as-code/aws/accounts/$ARN/ is our aws control segment.

Gitlab

infra-as-code/gitlab/ is our gitlab control segment.

It stores terraform state on AWS; to use terraform apply you will need AWS creds. export AWS_SECRET_KEY_ID and AWS_SECRET_ACCESS_KEY for your role.