Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A comprehensive set of questions and answers related to the hashicorp terraform associate certification exam. It covers key concepts such as infrastructure as code (iac), terraform's benefits, idempotency, day 0 and day 1 activities, terraform's advantages, provider configuration, state management, and multi-cloud deployment. Valuable for individuals preparing for the terraform associate exam, offering insights into the core principles and functionalities of terraform.
Typology: Exams
1 / 19
What is Infrastructure as Code? CORRECT ANSWER You write and execute the code to define, deploy, update, and destroy your infrastructure What are the benefits of IaC? CORRECT ANSWER a. Automation -We can bring up the servers with one script and scale up and down based on our load with the same script. b. Reusability of the code - We can reuse the same code c. Versioning - We can check it into version control and we get versioning. Now we can see an incremental history of who changed what, how is our infrastructure actually defined at any given point of time, and we have this transparency of documentation IaC makes changes idempotent, consistent, repeatable, and predictable. How using IaC make it easy to provision infrastructure? CORRECT ANSWER IaC makes it easy to provision and apply infrastructure configurations, saving time. It standardizes workflows across different infrastructure providers (e.g., VMware, AWS, Azure, GCP, etc.) by using a common syntax across all of them. What is Ideompodent in terms of IaC? CORRECT ANSWER The idempotent characteristic provided by IaC tools ensures that, even if the same code is applied multiple times, the result remains the same. What are Day 0 and Day 1 activities? CORRECT ANSWER IaC can be applied throughout the lifecycle, both on the initial build, as well as throughout the life of the infrastructure. Commonly, these are referred to as Day 0 and Day 1 activities. "Day 0" code provisions and configures your initial infrastructure.
"Day 1" refers to OS and application configurations you apply after you've initially built your infrastructure. What are the advantages of Terraform? CORRECT ANSWER Platform Agnostic State Management Operator Confidence Where do you describe all the components or your entire datacenter so that Terraform provision those? CORRECT ANSWER Configuration files ends with *.tf How can Terraform build infrastructure so efficiently? CORRECT ANSWER Terraform builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, Terraform builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure. What is multi-cloud deployment? CORRECT ANSWER Provisioning your infrastructure into multiple cloud providers to increase fault-tolerance of your applications. How multi-cloud deployment is useful? CORRECT ANSWER By using only a single region or cloud provider, fault tolerance is limited by the availability of that provider. Having a multi-cloud deployment allows for more graceful recovery of the loss of a region or entire provider.
What is cloud-agnostic in terms of provisioning tools? CORRECT ANSWER cloud-agnostic and allows a single configuration to be used to manage multiple providers, and to even handle cross-cloud dependencies. What is the use of terraform being cloud-agnostic? CORRECT ANSWER It simplifies management and orchestration, helping operators build large-scale multi-cloud infrastructures. What is the Terraform State? CORRECT ANSWER Every time you run Terraform, it records information about what infrastructure it created in a Terraform state file. By default, when you run Terraform in the folder /some/folder, Terraform creates the file /some/folder/terraform.tfstate. This file contains a custom JSON format that records a mapping from the Terraform resources in your configuration files to the representation of those resources in the real world. What is the purpose of the Terraform State? CORRECT ANSWER Mapping to the Real World - Terraform requires some sort of database to map Terraform config to the real world because you can't find the same functionality in every cloud provider. You need to have some kind of mechanism to be cloud-agnostic Metadata - Terraform must also track metadata such as resource dependencies, pointer to the provider configuration that was most recently used with the resource in situations where multiple aliased providers are present.
Performance - When running a terraform plan, Terraform must know the current state of resources in order to effectively determine the changes that it needs to make to reach your desired configuration. For larger infrastructures, querying every resource is too slow. Many cloud providers do not provide APIs to query multiple resources at once, and the round trip time for each resource is hundreds of milliseconds. So, Terraform stores a cache of the attribute values for all resources in the state. This is the most optional feature What is the name of the terraform state file? CORRECT ANSWER terraform.tfstate How do you install terraform on different OS? CORRECT ANSWER // Mac OS brew install terraform // Windows choco install terraform Download zip file mv ~/Downloads/terraform /usr/local/bin/terraform Where do you put terraform configurations so that you can configure some behaviors of Terraform itself? CORRECT ANSWER The special terraform configuration block type is used to configure some behaviors of Terraform itself, such as requiring a minimum Terraform version to apply your configuration. terraform {
Only constants are allowed inside the terraform block. Is this correct? CORRECT ANSWER Yes Within a terraform block, only constant values can be used; arguments may not refer to named objects such as resources, input variables, etc, and may not use any of the Terraform language built-in functions. What are the Providers? CORRECT ANSWER A provider is a plugin that Terraform uses to translate the API interactions with the service. A provider is responsible for understanding API interactions and exposing resources. Because Terraform can interact with any API, you can represent almost any infrastructure type as a resource in Terraform. How do you configure a Provider? CORRECT ANSWER provider "google" { project = "acme-app" region = "us-central1" } The name given in the block header ("google" in this example) is the name of the provider to configure. Terraform associates each resource type with a provider by taking the first word of the resource type name (separated by underscores), and so the "google" provider is assumed to be the provider for the resource type name google_compute_instance. The body of the block (between { and }) contains configuration arguments for the provider itself. Most arguments in this section are specified by the provider itself; in this example both project and region are specific to the google provider.
What are the meta-arguments that are defined by Terraform itself and available for all provider blocks? CORRECT ANSWER version: Constraining the allowed provider versions alias: using the same provider with different configurations for different resources What is Provider initialization and why do we need? CORRECT ANSWER Provider initialization is one of the actions of terraform init. Each time a new provider is added to configuration -- either explicitly via a provider block or by adding a resource from that provider -- Terraform must initialize the provider before it can be used. Initialization downloads and installs the provider's plugin so that it can later be executed. When you run terraform init command, all the providers are installed in the current working directory. (True/False) CORRECT ANSWER Providers downloaded by terraform init are only installed for the current working directory; other working directories can have their own installed provider versions. Note that terraform init cannot automatically download providers that are not distributed by HashiCorp. How do you constrain the provider version? CORRECT ANSWER To constrain the provider version as suggested, add a required_providers block inside a terraform block:
terraform { required_providers { aws = "~> 1.0" } } How do you upgrade to the latest acceptable version of the provider? CORRECT ANSWER terraform init --upgrade It upgrade to the latest acceptable version of each providerThis command also upgrades to the latest versions of all Terraform modules. How many ways you can configure provider versions? CORRECT ANSWER 1. With required_providers blocks under terraform block. terraform { required_providers { aws = "~> 1.0" } }
How do you configure Multiple Provider Instances? CORRECT ANSWER alias You can optionally define multiple configurations for the same provider, and select which one to use on a per-resource or per-module basis. Why do we need Multiple Provider instances? CORRECT ANSWER Some of the example scenarios: a. multiple regions for a cloud platform b. targeting multiple Docker hosts c. multiple Consul hosts, etc. How do we define multiple Provider configurations? CORRECT ANSWER To include multiple configurations for a given provider, include multiple provider blocks with the same provider name, but set the alias meta-argument to an alias name to use for each additional configuration.
provider "aws" { region = "us-east-1" }
provider "aws" { alias = "west" region = "us-west-2"
How do you select alternate providers? CORRECT ANSWER By default, resources use a default provider configuration inferred from the first word of the resource type name. For example, a resource of type aws_instance uses the default (un-aliased) aws provider configuration unless otherwise stated. resource "aws_instance" "foo" { provider = aws.west
} What is the location of the user plugins directory? CORRECT ANSWER Windows %APPDATA%\terraform.d\plugins All other systems ~/.terraform.d/plugins The command terraform init cannot install third-party plugins? (True/False) CORRECT ANSWER True Manually install third-party providers by placing their plugin executables in the user plugins directory. The user plugins directory is in one of the following locations, depending on the host operating system Once a plugin is installed, terraform init can initialize it normally. You must run this command from the directory where the configuration files are located. What is the naming scheme for provider plugins? CORRECT ANSWER terraform-provider-
What is the CLI configuration File? CORRECT ANSWER The CLI configuration file configures per-user settings for CLI behaviors, which apply across all Terraform working directories. It is named either .terraformrc (placed directly in the home directory of the relevant user) or terraform.rc (placed in the relevant Windows user's %APPDATA% directory). What is Provider Plugin Cache? CORRECT ANSWER By default, terraform init downloads plugins into a subdirectory of the working directory so that each working directory is self-contained. As a consequence, if you have multiple configurations that use the same provider then a separate copy of its plugin will be downloaded for each configuration. Given that provider plugins can be quite large (on the order of hundreds of megabytes), this default behavior can be inconvenient for those with slow or metered Internet connections. Therefore Terraform optionally allows the use of a local directory as a shared plugin cache, which then allows each distinct plugin binary to be downloaded only once. How do you enable Provider Plugin Cache? CORRECT ANSWER To enable the plugin cache, use the plugin_cache_dir setting in the CLI configuration file. plugin_cache_dir = "$HOME/.terraform.d/plugin-cache"
Alternatively, the TF_PLUGIN_CACHE_DIR environment variable can be used to enable caching or to override an existing cache directory within a particular shell session: When you are using plugin cache you end up growing cache directory with different versions. Whose responsibility to clean it? CORRECT ANSWER User Terraform will never itself delete a plugin from the plugin cache once it's been placed there. Over time, as plugins are upgraded, the cache directory may grow to contain several unused versions which must be manually deleted. What is the command to initialize the directory? CORRECT ANSWER terraform init If different teams are working on the same configuration. How do you make files to have consistent formatting? CORRECT ANSWER terraform fmt This command applies a subset of the Terraform language style conventions, along with other minor adjustments for readability and consistency. By default, fmt scans the current directory for configuration files. If the dir argument is provided then it will scan that given directory instead. If different teams are working on the same configuration. How do you make files to have syntactically valid and internally consistent? CORRECT ANSWER terraform validate This command will check and report errors within modules, attribute names, and value types.
Validate your configuration. If your configuration is valid, Terraform will return a success message. What is the command to create infrastructure? CORRECT ANSWER terraform apply What is the command to show the execution plan and not apply? CORRECT ANSWER terraform plan How do you inspect the current state of the infrastructure applied? CORRECT ANSWER terraform show When you applied your configuration, Terraform wrote data into a file called terraform.tfstate. This file now contains the IDs and properties of the resources Terraform created so that it can manage or destroy those resources going forward. If your state file is too big and you want to list the resources from your state. What is the command? CORRECT ANSWER terraform state list What is plug-in based architecture? CORRECT ANSWER Defining additional features as plugins to your core platform or core application. This provides extensibility, flexibility and isolation What are Provisioners? CORRECT ANSWER If you need to do some initial setup on your instances, then provisioners let you upload files, run shell scripts, or install and trigger other software like configuration management tools, etc.
How do you define provisioners? CORRECT ANSWER resource "aws_instance" "example" { ami = "ami-b374d5a5" instance_type = "t2.micro" provisioner "local-exec" { command = "echo hello > hello.txt" } } Provisioner block within the resource block. Multiple provisioner blocks can be added to define multiple provisioning steps. Terraform supports multiple provisioners What are the types of provisioners? CORRECT ANSWER local-exec remote-exec What is a local-exec provisioner and when do we use it? CORRECT ANSWER The local-exec provisioner executing a command locally on your machine running Terraform. We use this when we need to do something on our local machine without needing any external URL What is a remote-exec provisioner and when do we use it? CORRECT ANSWER The remote-exec provisioner invokes a script on a remote resource after it is created.
This can be used to run a configuration management tool, bootstrap into a cluster, etc. Are provisioners runs only when the resource is created or destroyed? CORRECT ANSWER Provisioners are only run when a resource is created or destroyed. Provisioners that are run while destroying are Destroy provisioners. They are not a replacement for configuration management and changing the software of an already-running server, and are instead just meant as a way to bootstrap a server. What do we need to use a remote-exec? CORRECT ANSWER In order to use a remote-exec provisioner, you must choose an ssh or winrm connection in the form of a connection block within the provisioner. When terraform mark the resources are tainted? CORRECT ANSWER If a resource successfully creates but fails during provisioning, Terraform will error and mark the resource as "tainted". A resource that is tainted has been physically created, but can't be considered safe to use since provisioning failed. You applied the infrastructure with terraform apply and you have some tainted resources. You run an execution plan now what happens to those tainted resources? CORRECT ANSWER When you generate your next execution plan, Terraform will not attempt to restart provisioning on the same resource because it isn't guaranteed to be safe.
Instead, Terraform will remove any tainted resources and create new resources, attempting to provision them again after creation. Terraform also does not automatically roll back and destroy the resource during the apply when the failure happens. Why? CORRECT ANSWER Terraform also does not automatically roll back and destroy the resource during the apply when the failure happens, because that would go against the execution plan: the execution plan would've said a resource will be created, but does not say it will ever be deleted. If you create an execution plan with a tainted resource, however, the plan will clearly state that the resource will be destroyed because it is tainted. How do you manually taint a resource? CORRECT ANSWER terraform taint resource.id The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply. This command will not modify infrastructure, but does modify the state file in order to mark a resource as tainted. Once a resource is marked as tainted, the next plan will show that the resource will be destroyed and recreated and the next apply will implement this change. By default, provisioners that fail will also cause the Terraform apply itself to fail. (True/False) CORRECT ANSWER True By default, provisioners that fail will also cause the Terraform apply itself to fail. How do you change this? CORRECT ANSWER The on_failure setting can be used to change this. The allowed values are:
continue: Ignore the error and continue with creation or destruction. fail: Raise an error and stop applying (the default behavior). If this is a creation provisioner, taint the resource. // Example resource "aws_instance" "web" {
provisioner "local-exec" { command = "echo The server's IP address is ${self.private_ip}" on_failure = "continue" } } How do you define destroy provisioner and give an example? CORRECT ANSWER You can define destroy provisioner with the parameter when provisioner "remote-exec" { when = "destroy"
} How do you apply constraints for the provider versions? CORRECT ANSWER The required_providers setting is a map specifying a version constraint for each provider required by your configuration.
terraform { required_providers { aws = ">= 2.7.0" } } What should you use to set both a lower and upper bound on versions for each provider? CORRECT ANSWER By using ~> terraform { required_providers { aws = "~> 1.0" } } Any version more than 1.0 and less than 2. When does the terraform does not recommend using provisions? CORRECT ANSWER Passing data into virtual machines and other compute resources. Running configuration management software Expressions in provisioner blocks cannot refer to their parent resource by name. (True/False) CORRECT ANSWER True The self object represents the provisioner's parent resource, and has all of that resource's attributes.
For example, use self.public_ip to reference an aws_instance's public_ip attribute. Terraform CLI versions and provider versions are independent of each other. (True/False) CORRECT ANSWER True How do you configure the required version of Terraform CLI can be used with your configuration? CORRECT ANSWER The required_version setting can be used to constrain which versions of the Terraform CLI can be used with your configuration. If the running version of Terraform doesn't match the constraints specified, Terraform will produce an error and exit without taking any further actions. You are configuring aws provider and it is always recommended to hard code aws credentials in *.tf files. (True/False) CORRECT ANSWER False HashiCorp recommends that you never hard-code credentials into *.tf configuration files. We are explicitly defining the default AWS config profile here to illustrate how Terraform should access sensitive credentials. If you leave out your AWS credentials, Terraform will automatically search for saved API credentials (for example, in ~/.aws/credentials) or IAM instance profile credentials. This is cleaner when .tf files are checked into source control or if there is more than one admin user You are provisioning the infrastructure with the command terraform apply and you noticed one of the resources failed. How do you remove that resource without affecting the whole infrastructure? CORRECT ANSWER You can taint the resource and the next apply will destroy the resource.
terraform taint <resource.id> You are formatting the configuration files and what is the flag you should use to see the differences? CORRECT ANSWER terraform fmt -diff You are formatting the configuration files and what is the flag you should use to process the subdirectories as well? CORRECT ANSWER terraform fmt -recursive You are formatting configuration files in a lot of directories and you don't want to see the list of file changes. What is the flag that you should use? CORRECT ANSWER terraform fmt -list=false When you are tainting a resource terraform reads the default state file terraform.tfstate. What is the flag you should use to read from a different path? CORRECT ANSWER terraform taint -state=path Give an example of tainting a single resource? CORRECT ANSWER terraform taint aws_security_group.allow_all The resource aws_security_group.allow_all in the module root has been marked as tainted. Give an example of tainting a resource within a module? CORRECT ANSWER terraform taint "module.couchbase.aws_instance.cb_node[9] Resource instance module.couchbase.aws_instance.cb_node[9] has been marked as tainted.