Download HashiCorp Terraform Associate - Practice Questions 1 2023 new exam update and more Exams Computer Science in PDF only on Docsity! HashiCorp Terraform Associate - Practice Questions 1 2023 new exam update What is Infrastructure as Code? - You write and execute the code to define, deploy, update, and destroy your infrastructure What are the benefits of IaC? - a. AutomationWe can bring up the servers with one script and scale up and down based on our load with the same script. b. Reusability of the codeWe can reuse the same code c. VersioningWe can check it into version control and we get versioning. Now we can see an incremental history of who changed what, how is our infrastructure actually defined at any given point of time, and wehave this transparency of documentation IaC makes changes idempotent, consistent, repeatable, and predictable. How using IaC make it easy to provision infrastructure? - IaC makes it easy to provision and apply infrastructure configurations, saving time. It standardizes workflows across different infrastructure providers (e.g., VMware, AWS, Azure, GCP, etc.) by using a common syntax across all of them. What is Ideompodent in terms of IaC? - The idempotent characteristic provided by IaC tools ensures that, even if the same code is applied multiple times, the result remains the same. What are Day 0 and Day 1 activities? - IaC can be applied throughout the lifecycle, both on the initial build, as well as throughout the life of the infrastructure. Commonly, these are referred to as Day 0 and Day 1 activities. "Day 0" code provisions and configures your initial infrastructure. "Day 1" refers to OS and application configurations you apply after you've initially built your infrastructure. What are the use cases of Terraform? - Heroku App SetupMulti-Tier ApplicationsSelf- Service ClustersSoftware DemosDisposable EnvironmentsSoftware Defined NetworkingResource SchedulersMulti-Cloud Deployment What are the advantages of Terraform? - Platform AgnosticState ManagementOperator Confidence Where do you describe all the components or your entire datacenter so that Terraform provision those? - Configuration files ends with *.tf How can Terraform build infrastructure so efficiently? - Terraform builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, Terraform builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure. What is multi-cloud deployment? - Provisoning your infrastrcutire into multiple cloud providers to increase fault-tolerance of your applications. How multi-cloud deployment is useful? - By using only a single region or cloud provider, fault tolerance is limited by the availability of that provider. Having a multi-cloud deployment allows for more graceful recovery of the loss of a region or entire provider. What is cloud-agnostic in terms of provisioning tools? - cloud-agnostic and allows a single configuration to be used to manage multiple providers, and to even handle cross- cloud dependencies. What is the use of terraform being cloud-agnostic? - It simplifies management and orchestration, helping operators build large-scale multi-cloud infrastructures. What is the Terraform State? - Every time you run Terraform, it records information about what infrastructure it created in a Terraform state file. By default, when you run Terraform in the folder /some/folder, Terraform creates the file /some/folder/terraform.tfstate. This file contains a custom JSON format that records a mapping from the Terraform resources in your configuration files to the representation of those resources in the real world. What is the purpose of the Terraform State? - Mapping to the Real World Terraform requires some sort of database to map Terraform config to the real world because you can't find the same functionality in every cloud provider. You need to have some kind of mechanism to be cloud-agnostic Metadata Terraform must also track metadata such as resource dependencies, pointer to the provider configuration that was most recently used with the resource in situations where multiple aliased providers are present. Performance When running a terraform plan, Terraform must know the current state of resources in order to effectively determine the changes that it needs to make to reach your desired configuration.For larger infrastructures, querying every resource is too slow. Many cloud providers do not provide APIs to query multiple resources at once, and the round trip time for each resource is hundreds of milliseconds. So, Terraform stores a cache of the attribute values for all resources in the state. This is the most optional feature of Terraform state and is done only as a performance improvement. Syncing How do you configure Multiple Provider Instances? - alias You can optionally define multiple configurations for the same provider, and select which one to use on a per-resource or per-module basis. Why do we need Multiple Provider instances? - Some of the example scenarios: a. multiple regions for a cloud platform b. targeting multiple Docker hosts c. multiple Consul hosts, etc. How do we define multiple Provider configurations? - To include multiple configurations for a given provider, include multiple provider blocks with the same provider name, but set the alias meta-argument to an alias name to use for each additional configuration. # The default provider configuration provider "aws" { region = "us-east-1" } # Additional provider configuration for west coast region provider "aws" { alias = "west" region = "us-west-2" } How do you select alternate providers? - By default, resources use a default provider configuration inferred from the first word of the resource type name. For example, a resource of type aws_instance uses the default (un-aliased) aws provider configuration unless otherwise stated. resource "aws_instance" "foo" { provider = aws.west# ... } What is the location of the user plugins directory? - Windows %APPDATA%\terraform.d\plugins All other systems ~/.terraform.d/plugins Third-party plugins should be manually installed. Is that true? - True The command terraform init cannot install third-party plugins? True or false? - True Install third-party providers by placing their plugin executables in the user plugins directory. The user plugins directory is in one of the following locations, depending on the host operating system. Once a plugin is installed, terraform init can initialize it normally. You must run this command from the directory where the configuration files are located. What is the naming scheme for provider plugins? - terraform-provider-<NAME>_vX.Y.Z What is the CLI configuration File? - The CLI configuration file configures per-user settings for CLI behaviors, which apply across all Terraform working directories. It is named either .terraformrc or terraform.rc Where is the location of the CLI configuration File? - On Windows, the file must be named named terraform.rc and placed in the relevant user's %APPDATA% directory. On all other systems, the file must be named .terraformrc (note the leading period) and placed directly in the home directory of the relevant user. The location of the Terraform CLI configuration file can also be specified using the TF_CLI_CONFIG_FILE environment variable. What is Provider Plugin Cache? - By default, terraform init downloads plugins into a subdirectory of the working directory so that each working directory is self-contained. As a consequence, if you have multiple configurations that use the same provider then a separate copy of its plugin will be downloaded for each configuration. Given that provider plugins can be quite large (on the order of hundreds of megabytes), this default behavior can be inconvenient for those with slow or metered Internet connections. Therefore Terraform optionally allows the use of a local directory as a shared plugin cache, which then allows each distinct plugin binary to be downloaded only once. How do you enable Provider Plugin Cache? - To enable the plugin cache, use the plugin_cache_dir setting in the CLI configuration file. plugin_cache_dir = "$HOME/.terraform.d/plugin-cache" Alternatively, the TF_PLUGIN_CACHE_DIR environment variable can be used to enable caching or to override an existing cache directory within a particular shell session: When you are using plugin cache you end up growing cache directory with different versions. Whose responsibility to clean it? - User Terraform will never itself delete a plugin from the plugin cache once it's been placed there. Over time, as plugins are upgraded, the cache directory may grow to contain several unused versions which must be manually deleted. Why do we need to initialize the directory? - When you create a new configuration — or check out an existing configuration from version control — you need to initialize the directory. Initializing a configuration directory downloads and installs providers used in the configuration, which in this case is the aws provider. Subsequent commands will use local settings and data during initialization. What is the command to initialize the directory? - terraform init If different teams are working on the same configuration. How do you make files to have consistent formatting? - terraform fmt This command automatically updates configurations in the current directory for easy readability and consistency. If different teams are working on the same configuration. How do you make files to have syntactically valid and internally consistent? - terraform validate This command will check and report errors within modules, attribute names, and value types. Validate your configuration. If your configuration is valid, Terraform will return a success message. What is the command to create infrastructure? - terraform apply What is the command to show the execution plan and not apply? - terraform plan How do you inspect the current state of the infrastructure applied? - terraform show When you applied your configuration, Terraform wrote data into a file called terraform.tfstate. This file now contains the IDs and properties of the resources Terraform created so that it can manage or destroy those resources going forward. If your state file is too big and you want to list the resources from your state. What is the command? - terraform state list What is plug-in based architecture? - Defining additional features as plugins to your core platform or core application. This provides extensibility, flexibility and isolation What are Provisioners? - If you need to do some initial setup on your instances, then provisioners let you upload files, run shell scripts, or install and trigger other software like configuration management tools, etc. How do you define provisioners? - resource "aws_instance" "example" { ami = "ami-b374d5a5" instance_type = "t2.micro" provisioner "local-exec" { command = "echo hello > hello.txt" } } Provisioner block within the resource block. Multiple provisioner blocks can be added to define multiple provisioning steps. Terraform supports multiple provisioners. What are the types of provisioners? - local-exec remote-exec You want to create a parallel, distinct copy of a set of infrastructure in order to test a set of changes before modifying the main production infrastructure. How do you achieve that? - Workspaces What is the command state? - The terraform state command is used for advanced state management. You are working on terraform files and you want to list all the resources. What is the command you should use? - terraform state list How do you do debugging terraform? - Terraform has detailed logs which can be enabled by setting the TF_LOG environment variable to any value. You can set TF_LOG to one of the log levels TRACE, DEBUG, INFO, WARN or ERROR to change the verbosity of the logs. TRACE is the most verbose and it is the default if TF_LOG is set to something other than a log level name. If terraform crashes where should you see the logs? - crash.log What is the first thing you should do when the terraform crashes? - panic message You are building infrastructure for different environments for example test and dev. How do you maintain separate states? - There are two primary methods to separate state between environments: directories workspaces What is the difference between directory-separated and workspace-separated environments? - Directory separated environments rely on duplicate Terraform code, which may be useful if your deployments need differ, for example to test infrastructure changes in development. But they can run the risk of creating drift between the environments over time. Workspace-separated environments use the same Terraform code but have different state files, which is useful if you want your environments to stay as similar to each other as possible, for example if you are providing development infrastructure to a team that wants to simulate running in production. Where do you find and explore terraform Modules? - Terraform Registry What is the Core Terraform workflow? - The core Terraform workflow has three steps: 1. Write - Author infrastructure as code. 2. Plan - Preview changes before applying. 3. Apply - Provision reproducible infrastructure. What is the flag you should use to upgrade modules and plugins a part of their respective installation steps? - upgrade terraform init -upgrade When you are doing initialization with terraform init, you want to skip backend initialization. What should you do? - terraform init -backend=false How do you update the state prior to checking differences when you run a terraform plan? - terraform plan -refresh=true What does the command refresh do? - The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. This can be used to detect any drift from the last-known state, and to update the state file. What are the data types for the variables? - string number bool list(<TYPE>) set(<TYPE>) map(<TYPE>) object({<ATTR NAME> = <TYPE>, ... }) tuple([<TYPE>, ...]) What is the benefit of Sentinel? - Codifying policy removes the need for ticketing queues, without sacrificing enforcement. One of the other benefits of Sentinel is that it also has a full testing framework. Avoiding a ticketing workflow allows organizations to provide more self-service capabilities and end-to-end automation, minimizing the friction for developers and operators. What is the Private Module Registry? - Terraform Cloud's private module registry helps you share Terraform modules across your organization. It includes support for module versioning, a searchable and filterable list of available modules, and a configuration designer to help you build new workspaces faster.