Fun with electronics

If you would like to learn more about Linux, programming, networking or just playing around with leds you can purchase a number of books or online courses – the internet is full of them. I created a book to get my children interested in using computers for more than just games.

Getting started with Arduino and Raspberry pi

You can learn more about it here. Consider purchasing it to support the channel.

Posted in Review | Comments Off on Fun with electronics

New technology, new problems

I can barely remember the television when I was a child. It wasn’t too smart but it had color and the channel dial supported 11 channels. Not really sure why as there was only 4,5,9 and 11, oh and that public access channel. When it didn’t work, the solution was sometimes to give the side of the TV a wack or two. This might not have really fixed it and to be honest, what does a little kid know about fixing electronics.

Ok, now some years later I can say that dealing with television problems is a lot more difficult. The problem is our television is all via the internet and there are a lot of individual pieces that can go wrong.

  • Our TV
  • Amazon fire stick
  • Netflix account
  • Wifi
  • Router
  • My internet wiring

Tracking down intermittent issues that cannot be reproduced and might only happen once a week is a pain. I can only imagine my parents running around plugging and unplugging devices. It was a few calculated guesses but in the end my answer was the router was the culprit. Old router out, new router in. I then spent hours changing devices which were connecting to “Fritzbox 7490” SSID.

Lesson learned, have your own different SSID name, but perhaps not as anti-fun such as Vodefone-E635 or WLAN-FMSLDV. This will save hours of changing handheld devices to the new default device name next time. My second lesson is use wires as much as possible. Part of my problem, only learned after the fact, was that my neighbor has upgraded his Wifi and his new Wifi caused some signal interference with my network.

In any case, hitting the side of the TV will not make any difference.

Posted in programming | Leave a comment

A new definition of hospitality

Not all that long ago I visited Minnesota and the nature of air travel usually means a lot more time spent in airports. I guess the Minneapolis International airport is not bad as airports go. There was an obligatory electronics store as well as some shops selling books, magazines and snacks.

I didn’t need a book but I did find a few stickers that would look good on my suitcase. Airports are never the affordable spot to pickup gifts, but you only live once. The item cost didn’t surprise me, but it seems that the Minnesotans had a new trick up their sleeve – hospitality. Hospitality in Minnesota means charging an additional cost of 4% charge an all commerce that takes place in the airport.

It isn’t quite clear to me what new expenses exactly this hospitality charge should cover. The vendors are all paying rent for their space, heat, and building maintenance. The airlines are paying the equivalent rent for each gate and there are additional taxes and fees imposed by airports and governments.

This seems to be a simple cash grab, so much for Minnesota friendly.

Posted in Soapbox | Leave a comment

Right to repair vs ability to repair or perhaps just anti-consumer

It is actually quite odd that despite my first computer being an Apple computer I refuse to purchase any of their devices. This is actually is more due to Apple’s stance on creating a walled garden that makes it difficult or impossible to install software that is not on Apple’s “nice list”.

To be quite honest, I am not all that daring and probably would be happy with the software that is available in their online repository but I don’t like being told how I can use the product that I purchased. Because of this it is easier and easier to become disillusioned at the current state of consumer products, and this is not limited to Apple products.

It was not all that long ago you could own a top end smartphone with an audio jack which could be used for listening to music. You could then purchase a “cheap” set of headphones ranging from ear buds to a full over the ear experience. If you sat on them or wound the wire up too many times so they no longer worked you could then purchase a new pair . This is completely different than the current trend towards wireless ear buds that come in pairs, last for a relatively short period of time and then must be replaced as the rechargable batteries cannot be replaced. To make matters worse, these wireless ear buds, although cool, are quite pricy.

Following this theme, the Samsung Galaxy from a few generations ago made it possible to take the back off of your phone and purchase a new battery – you didn’t even need any tools. That “fix” doesn’t actually offer any new functionality that you might receive when purchasing a new phone but it does extend the life of your phone. You can use it more than two years, this allows you to pass it on to a friend or perhaps to a teenager. (cough cough, perhaps as a starter phone for your 10 year old).

A broken device

A few years ago I used a headset with my laptop and I somehow managed to break the audio jack plug. I was lucky, the laptop was under warranty but it was inconvenient to loose the computer for a few weeks while it was circling the globe getting repaired. Because of that experience I purchased a USB converter so this wouldn’t happen again.

After years of service it just broke. This item is can be replaced for anywhere from 6 – 10 dollars, and perhaps the replacement is even in higher quality than the original. In almost all cases this particular item would be cheaper to purchase than to get it repaired. Yet this is exactly the same line of thinking that seems to endemic to the repair of many of our daily devices. I have never heard of anyone fixing a blue ray player, tablet, or television despite the fact they are much more expensive.

Weighing the cost of repair vs a new item with warranty can be tough, but it seems that the manufacturers have put their thumb on the scale. More and more manufacturers are making these devices more difficult to repair by how they are constructed, the impossibility to get repair manuals as well coercing their parts suppliers to not sell those replacement parts. Sometimes the reasoning is the condescending statement that “the parts are too small” or “that only an authorized personnel” can make the fix.

Indeed electronics have moved from giant tubes to parts that are not much larger than a letter in this article. I respect that the repair might be challenging or impossible for the average person but the parts and manuals should not be forbidden. As the product owner, I should be able to try and fail, just as the professional repair personnel should not be forced to reverse engineer and scavenge parts from old devices just to repair an item.

USB audio adapter that was repaired for just the cost of a new usb connector

Just because a repair could be difficult for some should not prevent us all from being able to make the attempt. Some items are just not that complicated.

pizza cutter with a blade that could be removed for sharpening or replacement

Fixing items big or small saves some money but also saves the world

Posted in Soapbox | Comments Off on Right to repair vs ability to repair or perhaps just anti-consumer

Buying a company like a 5 year old

Initially it sounded like it was a story from the Onion. Really rich guy wants to purchase software company for 44 billion USD, no real investigation whether the company was worth even half of that but the offer was made nonetheless.

I am not the richest man in the world but it is difficult to see how this deal makes any financial sense. After all, the company of his desire only made money in two years since they were listed on the exchange. Ok, ok, those two years were pretty good with a combined profit of approximately 2.6 billion USD.

In order for this to be a good investment I would expect that the return on this investment would need to be at least 10% to beat inflation and make 1-2% profit. Just earning back the principal excluding inflation would require Twitter to make almost twice the amount in a single year that it made in its 2 best years combined.

Perhaps as a private company Twitter could perhaps thin down on some of their staff or locations but that would be a lot of staff.

It will be interesting to see if the Musk finishes the deal or is forced to finish the deal depending on the how things go in court. Elon has made a number of good calls, will Twitter be another success story or less than success and prove Elon is only human.

Posted in Soapbox | Comments Off on Buying a company like a 5 year old

A cable is a cable is a cable

ethernet cables from big box store

For a lot of users which network cable you hook up to your router is not terribly important. Of course a quality cable ensures uniunshieldednterrupted flow of data at the maximum speed allowed by your equipment. Most if not all Ethernet ports on computers these days are at least 1000 Mbps. This should be more than enough fast enough for a lot of applications.

Actually, this is overkill for a number of applications even video streaming. A regular 1080 or 720 HD video stream will require 5 Mbps while 4k streaming will require at least 25 Mbps. Both of these numbers are less than 100 Mbps. This might explain the quality of the cables that you can purchase either at your big box store or on at your internet retailer.

It was only when I needed to make a few of my own patch cables that the quality of these cables became clear. If shopping at Amazon you can feel assured that Cat 7 cables are a higher quality than Cat 6, while Cat 6 is higher quality than Cat 5.

When looking at a few different options side by side that all proclaim to be Cat 6 you need to take a closer look at the specs.

SpecificationDescription
U/UTPUnshielded, Unshielded twisted pair
F/UTPFoiled, Unshielded twisted pair
S/UTPShielded, Unshielded twisted pair
SF/UTPShielded and Foiled, Unshielded twisted pair
SF/STPShielded and Foiled, Shielded twisted pair
S/FTPShielded, Foiled twisted pair
F/FTPFoiled, Foiled twisted pair
U/FTPUnshielded, Foiled twisted pair

The first portion of the specification, before the slash, refers to the type of shielding that is under the skin of the cable which wraps around the four sets of twisted pair wires. There are three different types, no shielding, an aluminum foil as shielding, or very thin braided wires as shielding.

Further inside the cable are four sets of wires that are twisted together. These pairs of wires can be also be shielded to prevent any cross talk.

If your installation is a single Ethernet cable, even if it is fully unshielded, there is not a likely a lot of electrical signals, but if you have a few cables all laying in the conduit or on the floor shielding is important. Another example of the wires in close proximity would be on a patch panel.

CAT7

In addition to all of the different shielding options is one other difference. The difference is the actual diameter of the twisted pair wires. When I was looking at purchasing raw Cat 7 cable I could see that some of the cables had thicker or thinner twisted cable wires. Cat 7 cables with their solid twisted pair wires are not as flexible and are more appropriate for connecting wiring center to a wallplate,

CAT6

The difference between Cat 7 and the lessor standards is typically that these other cables use strand wire. These are much more flexible and are often used between the computer network interface and the wallplate.

Posted in Review, Soapbox | Comments Off on A cable is a cable is a cable

War in Ukraine, Gas from Russia and shoes from China

A few years ago it was pointed out that Germany was reliant on Russian natural gas for 60-70% of their energy imports.

This is not quite correct. Indeed Russia does supply a large amount of natural gas but natural gas only makes up a relatively small portion of Germany’s overall energy usage. Ever since the “Russian excursion” into Ukraine has caused Russia to move from Santa’s and pretty much everybody else’s “nice list” to “naughty list”. I guess that Vladimir Putin doesn’t like being on anybody’s naughty list. This is purely an assumption due to all of the problems that have recently popped up preventing the delivery of natural gas. To someone who is more cynical than I am might even think that this is Russia lashing out at other countries who are are taking a stand against his special military operation.

Nobody except for Vladimir Putin really knows if these gas delivery problems are due to the sanctions and technical problems or because Russia can reduce their natural gas in an attempt to get sanctions lifted.

The only thing that can be said with certainty is that as recently as a few years ago, it was in the international news that relying on Russian gas should be considered a strategic risk. Now, it is a few years later, and regardless of the reason for the disruption Germany (and Europe) is heading into a winter that could be punctuated with natural gas shortages. This will affect consumers but it will also affect industry. This one fact makes the early shutdown of Germany’s nuclear power facilities seem a bit premature.

But this blog post is not about Russia nor about the Ukraine. It is not even about natural gas but rather it is about shoes. Just recently I visited a shoe store to purchase a pair of shoes. I was a bit dismayed about the relative disorder inside of the store as it make the search process for shoes my size longer and more difficult. I guess the disorder could have been pandemic related due to uneven receipt of new merchandise as well as too few staff to put the shoes on the shelves. The actual result was unopened shipping boxes sitting in the corner of the store. From looking at the outside of the boxes you could see that these shoes did come a long way to be sold in Minnesota.

  • China
  • Thailand
  • Vietnam

The boxes were from the far east but the majority of them were from China. It is not a secret that China is perhaps the worlds largest manufacturer of things. These things might be medications, these things might be electronics or electrical items, or even simple medical masks.

Global trade does enrich both partners in the transaction, but it is possible to create counterparty risk if one party becomes too dependent on the other. The situation between Germany and Russia is over natural gas. If one partner cannot or will not deliver the other partner is in a pretty precarious situation. This might seem like an obvious statement especially in light of the difficulties currently going on in Europe but what about shoes or electronics?

If China cannot or will not deliver some or all of the merchandise that America requires at some point in the future what happens? This might mean a populace that has old shoes that are falling parts who are forced to use last years electronic gadgets. Furthermore it could mean that consumers who require generic medicines might have to pay more for medications sourced from another location or may not receive the medications at all.

This probably seems like a very unlikely situation until you remember that China feels very strongly about Taiwan and wants to “bring them back into the fold” despite the people of Taiwan not being that interested in being formally merged back into China. The United States has promised to defend Taiwan if this happens but if a skirmish were to break out this could cause disruptions between the US and China as well as any imports from China, Taiwan or even the far east to the rest of the world.

The United States is not very reliant on Russian energy which is why there has been very little disruptions due to the Ukraine situation but if there were any serious trading difficulties between the US and China there would be a very large impact both on businesses and the average consumer.

USA trade with Russia in 2019 was approx. 34 billion USD

USA trade with China in 2020 was approx. 615 billion USD

It is impossible to force companies to not invest in China as their manufacturing location but it seems reasonable that the USA might want to take a closer look at what strategic items are being produced abroad and encourage at least some of them be locally manufactured. In addition to this it might want to craft some legislation that to encourage companies to spread some of their manufacturing across multiple geographic areas to prevent this risky scenario, perhaps even produce their goods at home.

The global supply chain works great, well, until it doesn’t.

Posted in Germany, Soapbox | Comments Off on War in Ukraine, Gas from Russia and shoes from China

Do not reuse too much – a computer upgrade story

My computer has been hanging on but just barely. Recently it has taken multiple restarts and the occasional CMOS reset to get it to boot. When it was new, the hardware was pretty good.

Asrock 990FX Extreme4
AMD FX-8350 Black Edition
32GB Corsair 1333 Mhz
Nvidia GTX 650

My friend helped me to choose the parts and he was a AMD fanboy. The processor did have 8 cores but probably won’t go down in history as AMD’s best design – but it is easy to pick on this from the side lines a decade later.

Picking out the parts to last a long time but also not breaking the bank was tricky but only because I needed a single feature on my motherboard. The one feature i really had to have was a 7 segment display to help debug any setup difficulties I may encounter. There are probably hundreds of websites that can help but after my research I settled on the following.

Gigabyte Aorus Z690
32gb 4400mhz DDR5
Noctua NH-D15
Intel Core i7-12700F
750 Watt be quiet! power supply

The parts are not a complete computer but rather just enough to upgrade most of it. I didn’t want to upgrade my graphic card in the middle of cryptocoin induced tech winter. I thought my existing card should be enough for the time being – wow was I wrong.

The GTX 650 is indeed a graphic card and it can pass on the video signal to a monitor or a television but there is one thing this card cannot do.

Unable to boot into the bios

It was simply not possible to boot into the bios to make any changes or select a different boot device. There were a few other people on the internet that also had this problem. They solved this by connecting the HDMI output to a newer monitor.

My monitor was not super but is only 1 year old, but that did not help. I tried connecting the computer to my television which is a higher quality than my monitor but no luck. With the GTX 650 I was only able to boot directly into the operating system.

I had heard that other people were able to modify the bios settings to once they were connected to another monitor and then were able to use their original hardware. I was able to boot into the bios once using a borrowed GTX 1650 OC which was not stone age old. With this graphics card I was able to boot into the bios and modify the settings.

I did not have the same luck as others who were able to use their old hardware. In the end I was compelled to get a newer card – Nvidia 1660 super.

Posted in corona times, Review | Comments Off on Do not reuse too much – a computer upgrade story

Terraform tutorial part 3

Infrastructure is not only virtual machines or load balancers but also the virtual private cloud that allows everything to communicate with each other. What is also quite convenient is that it can be defined in Terraform and AWS with only a few lines.

main.tf
resource “aws_vpc” “cgd-default-vpc” {
cidr_block = var.vpc_cidr
enable_dns_hostnames = “true”
tags = { Name = "${var.environment}-webproject" }
}
Configuration for a VPC

I have created a variable vpc_cidr which will hold the CIDR for this VPC. It is defaulted 172.16.0.0/16 which is a tiny network but it can be set to a different value if a larger network is required. This default value is being overridden with 10.10.0.0/16 which is a huge network.

The VPC is defined using two different variables, vpc_cidr and environment. It is rather nifty that you can create more complex values with constants and variables like is being used in the tags definition.

One more important note for the tags is the tag Name is special and is display in all lists as a user friendly name for the AWS element. The output from the terraform apply, just like the plan command will show what changes need to be made but then will make the changes.

terraform apply -var-file=development.tfvars –auto-approve
Acquiring state lock. This may take a few moments…
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create

Terraform will perform the following actions:

# aws_vpc.cgd-default-vpc will be created
+ resource “aws_vpc” “cgd-default-vpc” { arn = (known after apply)
+ cidr_block = “10.10.0.0/16”
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = “default”
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ “Name” = “development-webproject”
}
+ tags_all = {
+ “Name” = “development-webproject”
}
}

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
+ _environment = “development”
+ awskey = “don’t display this”
+ awssecret = “don’t display this”
+ region = “us-east-1”
+ vpc_cidr = “10.10.0.0/16”
+ vpc_id = (known after apply)
+ vpc_tags = {
+ “Name” = “development-webproject”
}

aws_vpc.cgd-default-vpc: Creating…
aws_vpc.cgd-default-vpc: Still creating… [10s elapsed]
aws_vpc.cgd-default-vpc: Creation complete after 13s [id=vpc-091d490dc7a1d6407]
Releasing state lock. This may take a few moments…

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:
_environment = “development”
region = “us-east-1”
vpc_cidr = “10.10.0.0/16”
vpc_id = “vpc-091d490dc7a1d6407”
vpc_tags = tomap({
“Name” = “development-webproject”
})

For this tutorial we are expecting one item to be created, the first time it is run, and we can see the 1 resource will be added. The last few lines under Outputs shows the values that were setup in the output.tf file.

development.tfvars
region = “us-east-1”
environment = “development”
vpc_cidr = “10.10.0.0/16”
Variables with new vpc_cidr variable

inputs.tf
variable “vpc_cidr” {
type = string
description = “virtual private network”
default = “172.16.0.0/16”
}
Variable to hold the VPC CIDR

output.tf
output “vpc_id” {
value = aws_vpc.cgd-default-vpc.id
}
output “vpc_tags” {
value = aws_vpc.cgd-default-vpc.tags
}
output “vpc_cidr” {
value = aws_vpc.cgd-default-vpc.cidr_block
}
Additions to output to display info about VPC

Creating a VPC really does not show off too much of what you can do with Terraform. However, it is the overarching network that will be filled in and where we can launch our own EC2’s.

This will be demonstrated in the next blog.

Posted in programming | Comments Off on Terraform tutorial part 3

Terraform tutorial part 2

When running the terraform init command it will store the current state locally in files. This is pretty convenient but if that file is stored on your workstation that makes it impossible to share the build process between multiple developers. This would also make it impossible to add this to a CI/CD pipeline if the actual state was dependent on a specific pc.

Clever scripts could be done to save this information on a networked drive but why bother when this same information could be saved within AWS itself. With a small bit of configuration it is possible to save the infrastructure state in a S3 bucket. To ensure that only one person can work on the infrastructure at a time the AWS dynamo database would be used to store the locking state.

Setting up Dynamodb table

Once the dynamodb table created with the Partition key equal to “LockID” and with the S3 bucket created all the AWS backend setup is complete. Simply refer to this table and this bucket in your configuration.

main.tf
provider “aws” {
region = var.region
access_key = var.AWS_ACCESS_KEY_ID
secret_key = var.AWS_SECRET_ACCESS_KEY
}
terraform {
backend “s3” {
bucket = “cgd.development.terraform.state”
key = “terraform.tfstate”
region = “us-east-1”
dynamodb_table = “cgd-development-dynamodb-table”
}
}
Backend setup using AWS as the backend

However, it does not matter if the Terraform state is saved locally or saved in S3 the first step still needs to be the initialization with the “terraform init” command.

Initializing the backend…

Successfully configured the backend “s3”! Terraform will automatically
use this backend unless the backend configuration changes.


Initializing provider plugins…
– Finding latest version of hashicorp/aws…
– Installing hashicorp/aws v4.20.0…
– Installed hashicorp/aws v4.20.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run “terraform init” in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running “terraform plan” to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

The output from the initialization in this scenario is quite similar to the local case but taking a careful look we can see that the S3 bucket is being used.

The configuration is identical the previous blog with the exception of the backend configuration and the changes to the output.

output.tf
output “region” {
value = var.region
}
output “_environment” {
value = var.environment
}
output “awskey” {
value = “don’t display this”
}
output “awssecret” {
value = “don’t display this”
}

This configuration for Terraform still doesn’t create any AWS infrastructure but it is the perfect starting point to be included into a CI/CD pipeline.

Posted in programming, Setup From Scratch | Comments Off on Terraform tutorial part 2

A simplifed Terraform and AWS tutorial

A lot of tutorials and youtube videos about Terraform go through the process of downloading and installing Terraform. This process is essentially to download a single executable and make sure that this executable is in your path. This process is rather well described and so I will not waste any time on this setup.

If you are not somewhat familiar with Terraform it may be a surprise to learn Terraform is a command line program. There is no GUI, just a few basic commands that can be used but the lack of a GUI is a strength not a weakness. This makes it possible to use Terraform in batch processes. One obvious and common process would be to add Terraform as part of a CI/CD pipeline.

Terraform as previously mentioned allows you to create scripts that will describe your desired infrastructure. Running Terraform will compare your desired state against what is actually setup. This middleware layer does slightly abstract you from the underlying platform. It might not be totally clear from reading other articles but this abstraction doesn’t allow you to transparently and automatically change between AWS and Azure backend. The scripts are rather specific to which underlying platform you are writing them for. Yet, if you write your applications in a rather independent way, they can run on any cloud platform you choose.

This script actually doesn’t really create anything. Terraform uses the AWS CLI tools and so it is important to have these credentials available. The could be hard coded in a script, defined as a Terraform variable or even defined as an environment variable.

provider “aws” {
region = “eu-central-1”
access_key = var.AWS_ACCESS_KEY_ID
secret_key = var.AWS_SECRET_ACCESS_KEY
}

This example shows the access_key and secret_key being assigned from a variable. These values are typically saved in the .aws directory of the users home directory. The AWS CLI setup is not described here as there is plenty of documentation available from Amazon itself.

The first time you run Terraform you may see the following message.

> terraform plan

│ Error: Inconsistent dependency lock file

│ The following dependency selections recorded in the lock file are inconsistent with the current configuration:
│ – provider registry.terraform.io/hashicorp/aws: required by this configuration but no version is selected

│ To make the initial dependency selections that will initialize the dependency lock file, run:
│ terraform init
Terraform error if not properly initialized

This error is because Terraform either did not have the proper underlying provider defined or because the initialization using that provider was not done. The important first step once the provider has been defined is to run the initialization command.

Terraform init

The initialization step will produce output similar to the following.

Initializing the backend…
Initializing provider plugins…
– Finding latest version of hashicorp/aws…
– Installing hashicorp/aws v4.20.0…
– Installed hashicorp/aws v4.20.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run “terraform init” in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running “terraform plan” to see any changes that are required for your infrastructure. All Terraform commands should now work.
If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
Output from Terraform initialize

First Terraform scripts

A lot of tutorials on Terraform start with a few scripts with all the values hard coded. I have even seen a few where the AWS CLI credentials are hard coded. These examples do explain quite a bit about Terraform but most do not go back and correct the credentials to a proper secure state. I would rather start with a slightly more complicated solution that is secure from the beginning.

In this tutorial there is a named development.tf where variables for a single environment can be defined. The file will contain all setup for creating a development environment. By separating the values for each environment into a separate file it is possible to have a single infrastructure setup defined which can be parameterized with differing infrastructure attributes. This makes it trivial to have a test environment that is identical to production or perhaps to create multiple but slightly smaller development environments – one for each developer.

When you separate out various infrastructure values as variables they can be passed to Terraform one by one but what is more common is to pass an entire file full of variables.

terraform plan -var-file=development.tfvars

The output of this command will show what, if any, changes will be performed. If the standard output does not alway provide enough information but it is possible to add additional types of output. This is an example with a few additional values being displayed in the output.

Changes to Outputs:
_environment = “development”
awskey = “AKI YOURKEYHERE PFZ9”
awssecret = “tnd your secret would be here 26362383 DS3Wk9C”
region = “us-east-1”
You can apply this plan to save these new output values to the Terraform state, without changing any real
infrastructure.
──────────────────────────────────────────────────────────────────────────
Note: You didn’t use the -out option to save this plan, so Terraform can’t guarantee to take exactly these actions if
you run “terraform apply” now.
Output from Terraform plan command

It is important to note, that setting up environment variables to hold the AWS key and AWS secret is super for security but displaying it like above is a totally bad idea in real life. It was done this way simply to show off an example of how to display Terraform variables.

Below is the example code. This example doesn’t actually create any infrastructure but does show everything necessary for using the AWS key and secret information from the environment. Yet, in order for this to work it is necessary to have two environment variables.

TF_VAR_AWS_ACCESS_KEY_ID
TF_VAR_AWS_SECRET_ACCESS_KEY

The TF_VAR is the key to allow Terraform to know which environment variables should be passed through to the scripts.

The next blog post will use this as the basis to build actual infrastructure.

main.tf
provider “aws” {
region = var.region
access_key = var.AWS_ACCESS_KEY_ID
secret_key = var.AWS_SECRET_ACCESS_KEY
}
inputs.tf
variable “environment” {
type = string
description = “what env we are using”
default = “Development”
}
variable “region” {
type = string
description = “in which region we will do all of our work”
default = “eu-central-1”
}
variable “AWS_ACCESS_KEY_ID” {
type = string
description = “user access_key”
}
variable “AWS_SECRET_ACCESS_KEY” {
type = string
description = “user secret access key”
}
output.tf
output “region” {
value = var.region
}
output “_environment” {
value = var.environment
}
output “awskey” {
value = var.AWS_ACCESS_KEY_ID
}
output “awssecret” {
value = var.AWS_SECRET_ACCESS_KEY
}
development.tfvars
region = “us-east-1”
environment = “development”
Posted in Setup From Scratch | Comments Off on A simplifed Terraform and AWS tutorial