AMIN CHIVILKAR's blog
Day 87: Terraform Interview Questions

Day 87: Terraform Interview Questions

AMIN CHIVILKAR's photo
AMIN CHIVILKAR
·

13 min read

Introduction:

Terraform is an open-source infrastructure as code (IaC) software tool created by HashiCorp. It enables users to define and provision infrastructure in a declarative configuration language. Instead of manually creating and managing infrastructure resources, Terraform allows you to define the desired state of your infrastructure in code, and then it automatically works to bring the actual infrastructure to that desired state.

Imagine you're building a house. You could manually gather all the materials, lay the foundation, build the walls, install plumbing, and so on. However, this would be time-consuming and error-prone. Now, imagine if you could write down a set of instructions (like a recipe) that describe exactly how your house should be built. Someone else could then follow these instructions to build the house for you.

Terraform is like those instructions, but for setting up and managing your computer servers, databases, and other infrastructure in the digital world. Instead of clicking around in a cloud service or running a bunch of complex commands, you write a set of clear and simple instructions using Terraform.

In simple terms, Terraform helps you build and manage your digital infrastructure by writing down what you want, and then it magically makes it happen for you. It's like having a construction foreman for your digital projects!

  1. What is Terraform and why is it used?

    • Answer: Terraform is an open-source Infrastructure as Code (IaC) tool used for defining, provisioning, and managing infrastructure in a declarative way. It allows users to automate the process of creating and updating infrastructure across various cloud and on-premises environments.

  2. Explain the difference between Terraform plan and apply commands?

    • Answer: The terraform plan command is used to create an execution plan that outlines the changes Terraform will make to the infrastructure. The terraform apply command then executes the plan, applying the proposed changes to the actual infrastructure.

  3. What is the purpose of Terraform state?

    • Answer: Terraform state is a representation of the infrastructure as it exists according to the last applied Terraform configuration. It is used to map real-world resources to the configuration, enabling Terraform to manage and update the infrastructure accurately.

  4. How does Terraform handle dependencies between resources?

    • Answer: Terraform builds a resource graph to manage dependencies. It understands the relationships between resources and ensures that they are created or modified in the correct order based on these dependencies.

  5. What is Terraform's "provider" and why is it important?

    • Answer: A Terraform provider is a plugin that interacts with APIs to manage resources in a specific infrastructure platform (e.g., AWS, Azure). Providers translate the configuration into API calls to create, update, or delete resources.

  6. What is the purpose of Terraform variables?

    • Answer: Terraform variables are used to parameterize the configuration, allowing users to input values dynamically. They enhance reusability and flexibility in configurations by enabling changes without modifying the underlying code.

  7. Explain the concept of Terraform modules.

    • Answer: Terraform modules are a way to organize and reuse Terraform configurations. They encapsulate a set of resources, input variables, and outputs, making it easier to manage and share infrastructure code.

  8. What is Terraform's backend and why is it important?

    • Answer: The Terraform backend is a storage location for Terraform state files. It can be a local file or a remote service. A remote backend is crucial for collaboration, allowing teams to share state and work on infrastructure projects together.

  9. How does Terraform support multi-cloud deployments?

    • Answer: Terraform is provider-agnostic and supports multiple cloud providers. This enables users to write configurations that work across different clouds, promoting flexibility and avoiding vendor lock-in.

  10. What are provisioners in Terraform, and when would you use them?

    • Answer: Provisioners in Terraform are used to execute scripts or commands on a resource after it is created or updated. They are helpful for tasks such as initializing software or configuring resources after creation. However, it's recommended to use provisioners sparingly, as they may lead to less predictable infrastructure changes.

  11. How does Terraform manage sensitive data like API keys or passwords?

    • Answer: Terraform provides several mechanisms for managing sensitive data like API keys or passwords in a secure manner. It's crucial to handle sensitive information appropriately to avoid exposure of credentials in configuration files or version control systems. Here are some common approaches:

      • Variable file

      • Environment variable

      • Hashicorp Vault integration

  12. Explain the concept of Terraform workspaces and when they might be used.

    • Answer: Terraform workspaces allow for multiple instances of the same infrastructure to be managed separately. Workspaces are useful for deploying and managing the same infrastructure with different configurations, such as development and production environments.

  13. How does Terraform handle remote state locking, and why is it important in a team environment?

    • Answer: Terraform uses a remote backend to store state, and it supports state locking to prevent concurrent modifications. Locking ensures that only one user can apply changes to the infrastructure at a time, preventing conflicts in team environments.

  14. Explain the difference between local and remote provisioners in Terraform.

    • Answer: Local provisioners run on the machine where Terraform is executed, while remote provisioners run on the resource itself after creation. Remote provisioners are typically used for tasks that need to be performed on the created resource.

  15. What is the purpose of Terraform data sources, and how are they different from resources?

    • Answer: Terraform data sources allow the retrieval of inform

    • ation from existing resources outside the current Terraform configuration. They are read-only and do not create or manage resources, making them useful for importing existing infrastructure details.

  16. How does Terraform handle drift in infrastructure state, and what are the implications of drift?

    • Answer: Drift occurs when the actual infrastructure state deviates from the Terraform state. Terraform can detect drift during the terraform plan phase, and users must reconcile the differences either by applying the changes or updating the Terraform configuration.

  17. Explain the concept of remote backends with Terraform and the benefits of using a remote backend.

    • Answer: Remote backends store the Terraform state remotely, enabling collaboration and state sharing among team members. Benefits include centralized state management, improved security, and support for locking in multi-user environments.

  18. How does Terraform support the rolling updates of instances in an Auto Scaling Group (ASG)?

    • Answer: Terraform supports rolling updates of instances in an Auto Scaling Group (ASG) through the use of the aws_autoscaling_group resource and its associated parameters.

    • Terraform can leverage the desired_capacity attribute in an Auto Scaling Group to gradually update instances. By incrementally adjusting the desired capacity, Terraform achieves rolling updates without impacting the availability of the application.

  19. What are some best practices for organizing and structuring Terraform code in a large project?

    • Answer: Best practices include using modules for reusability, dividing configurations based on environments, employing variable files, and leveraging version control. Additionally, naming conventions and documentation contribute to code maintainability in larger projects.

  20. Explain what the puppet provisioner does in Terraform.

    • Answer: The Puppet provisioner in Terraform is used to apply Puppet manifests on remote machines after resource creation. It connects to the provisioned instances and triggers Puppet runs to configure and manage the software on those instances according to the specified Puppet manifests.

  21. Explain what the habitat provisioner does in Terraform.

    • Answer: The Habitat provisioner in Terraform integrates with Chef Habitat, allowing users to package, deploy, and manage applications using the Habitat framework. It enables the deployment of applications along with their dependencies and configurations in a consistent and reproducible manner.

  22. Explain what the file provisioner does in Terraform.

    • Answer: The file provisioner in Terraform is used to copy files or directories from the local machine to a remote resource after its creation. This provisioner is helpful for transferring configuration files, scripts, or other artifacts needed for the proper functioning of the provisioned resource.

  23. Explain what the chef provisioner does in Terraform.

    • Answer: The Chef provisioner in Terraform integrates with Chef, a configuration management tool. It allows the execution of Chef recipes on remote machines after resource creation, enabling the configuration and management of software on those instances according to the specified Chef recipes.

  24. Explain what local-exec does in Terraform.

    • Answer: The local-exec provisioner in Terraform is used to run commands on the machine where Terraform is executed (the local machine). It is typically employed for tasks that need to be performed on the machine running Terraform, such as initializing software or executing local scripts.

  25. Explain what remote-exec does.

    • Answer: The remote-exec provisioner in Terraform is used to run commands on remote instances after they have been created. It connects to the provisioned machines and executes specified commands, making it useful for tasks like software installation or configuration on the remote resource.

  26. What command is used to destroy managed infrastructure?

    • Answer: The command used to destroy managed infrastructure in Terraform is terraform destroy. This command prompts the user to confirm the destruction of the resources defined in the Terraform configuration and removes them from the infrastructure.

  27. List few Terraform applications

    • Answer: Some popular Terraform applications include:

      • Terraform Cloud

      • Terraform Enterprise

      • Sentinel (Policy as Code framework for Terraform)

  28. What are the main Terraform architecture components?

    • Answer: The main Terraform architecture components include:

      • Terraform CLI (Command-Line Interface)

      • Providers (responsible for interacting with APIs of infrastructure platforms)

      • Terraform Core (handles configuration parsing, resource graph building, and execution planning)

      • Remote Backends (store and share Terraform state remotely)

  29. What are sub-graphs in Terraform?

    • Answer: Sub-graphs in Terraform refer to portions of the resource graph that represent a subset of the infrastructure. Terraform divides the resource graph into sub-graphs based on dependencies, allowing for parallelization of resource creation and modification.

  30. What is an expression evaluation in Terraform?

    • Answer: Expression evaluation in Terraform involves the computation of expressions written in the HashiCorp Configuration Language (HCL). Expressions can include variables, functions, and operators, and they are evaluated to produce a value. These expressions are commonly used in Terraform configurations for dynamic values and calculations.

  31. What is a vertex evaluation in Terraform?

    • Answer: In Terraform, a vertex evaluation is the process of determining the relationships and dependencies between resources in the resource graph. During this evaluation, Terraform identifies the order in which resources should be created or updated based on their dependencies.

  32. What is the graph walk feature in Terraform?

    • Answer: The graph walk feature in Terraform refers to the process of traversing the resource graph. Terraform performs a graph walk during the planning phase to identify dependencies and create an execution plan that specifies the order in which resources will be provisioned or modified.

  33. What is the graph builder feature in Terraform?

    • Answer: The graph builder feature in Terraform is responsible for constructing the resource graph. It analyzes the relationships and dependencies specified in the Terraform configurations to build a representation of the infrastructure, determining how resources depend on each other.

  34. What is the state manager feature in Terraform?

    • Answer: The state manager feature in Terraform is responsible for maintaining the state of the infrastructure. It keeps track of the actual state of resources created or managed by Terraform, allowing for accurate comparisons between the desired state and the current state during subsequent runs.

  35. What is a configuration loader in Terraform?

    • Answer: The configuration loader in Terraform is responsible for reading and parsing Terraform configuration files. It loads the configuration files, creates an abstract syntax tree (AST), and provides the necessary information for further processing by Terraform components.

  36. What is the CLI in Terraform?

    • Answer: The CLI (Command-Line Interface) in Terraform is the set of commands and tools used for interacting with Terraform. It includes commands like terraform init, terraform plan, and terraform apply for initializing, planning, and applying infrastructure changes. The CLI is the primary interface for Terraform users.

  37. When would you use sentinel policies in Terraform?

    • Answer: Sentinel policies in Terraform are used to enforce governance and compliance rules on infrastructure configurations. They are employed to ensure that Terraform configurations adhere to organizational standards, security policies, and best practices during the planning and execution phases.

  38. What is an advisory sentinel enforcement?

    • Answer: Advisory sentinel enforcement in Terraform means that the policy violations identified by Sentinel policies are provided as recommendations rather than strict mandates. Advisory enforcement allows users to receive guidance on best practices without preventing the application of Terraform configurations.

  39. What is the soft mandatory sentinel enforcement?

    • Answer: Soft mandatory sentinel enforcement in Terraform means that certain policy violations are flagged as warnings but do not prevent the application of Terraform configurations. Users receive notifications about non-compliant configurations, allowing them to proceed with caution.

  40. What is the hard mandatory sentinel enforcement?

    • Answer: Hard mandatory sentinel enforcement in Terraform means that policy violations act as strict mandates, preventing the application of Terraform configurations that do not comply with the defined policies. This ensures that configurations meet specified governance and compliance requirements.

  41. What is Terragrunt?

    • Answer: Terragrunt is an open-source tool that acts as a thin wrapper for Terraform, providing additional features and best practices. It simplifies the management of Terraform configurations, especially in large projects, by offering features like remote state management, locking, and environment-specific configurations.

  42. What Terragrunt is used for?

    • Answer: Terragrunt is used for managing Terraform configurations efficiently. It simplifies and enhances Terraform workflows by addressing common challenges such as remote state management, code reuse, and handling multiple environments. Terragrunt enables a cleaner and more maintainable organization of Terraform code.

  43. What does state file locking mean?

    • Answer: State file locking in Terraform prevents multiple users or processes from concurrently modifying the Terraform state. Locking is crucial in a team environment to avoid conflicts and ensure that only one user can apply changes at a time, preventing unintended modifications to the infrastructure.

  44. What does “tainted resource” mean?

    • Answer: A "tainted resource" in Terraform refers to a resource instance that has been marked as tainted. Tainting a resource indicates that it is in a potentially corrupt or undesired state. When Terraform detects a tainted resource during the next run, it recreates that resource to bring it back to the desired state.

  45. Explain how to lock module versions in Terraform.

    • Answer: Module versions can be locked in Terraform by specifying version constraints in the module source URL or by using a version attribute in the module block. This ensures that a specific version of the module is used, preventing unintended changes when running terraform init or terraform get.

  46. Explain Terraform Core?

    • Answer: Terraform Core is the main execution engine of Terraform responsible for processing Terraform configurations and interacting with providers. It includes components for parsing configurations, building the resource graph, creating execution plans, and applying changes to infrastructure.

  47. Name four responsibilities of Terraform Core.

    • Answer:

      • Parsing Terraform configurations and creating an abstract syntax tree (AST).

      • Building a resource graph based on dependencies between resources.

      • Generating execution plans to determine the sequence of operations needed to achieve the desired state.

      • Applying changes to the infrastructure based on the execution plan.

  48. Which method would you use to upgrade Terraform plugins?

    • Answer: To upgrade Terraform plugins, the recommended method is to use the terraform init command. Running terraform init downloads the latest versions of the required plugins specified in the configuration, ensuring that the project uses the most up-to-date plugin versions.

  49. Which method would you use to control rollbacks?

    • Answer: To control rollbacks in Terraform, the terraform state command can be used. Specifically, you can use terraform state list to identify the state versions available, and then use terraform state show to inspect the details of a specific version. Additionally, version control systems like Git can be employed to manage and revert changes.

  50. Which method would you use to import existing resources in Terraform?

    • Answer: The terraform import command is used to import existing resources into Terraform. This command associates a Terraform resource with an existing infrastructure resource, allowing Terraform to manage and track changes to that resource in subsequent runs.

Conclusion:

The blog provides a quick insight into Terraform, a powerful Infrastructure as Code (IaC) tool. It automates infrastructure setup through clear configurations, emphasizing key concepts like dependency management and state tracking. With features like variables and modules, Terraform offers flexibility, and the blog touches on best practices and advanced tools. It's a brief yet comprehensive guide suitable for all users.
Additionally, the blog introduces Terragrunt as a tool that enhances Terraform workflows, addressing challenges in managing configurations, state, and environments. It touches on the concept of tainted resources, state file locking, and the method of locking module versions.

Hope you like my post. Don't forget to like, comment, and share.

#90daysofdevopsTerraform