With the current success of Terraform, the cloud market has a lot of requirements for DevOps engineers with good terraform knowledge as it makes the deployment easy and efficient. If you are interested in securing a terraform job for yourself but are not certain what type of questions are asked in the interview then you are at the correct blog.
In this blog, we have covered the questions that are mostly asked in the terraform related interviews with the role of being a DevOps engineer.
Below questions cover all types of levels:
- Beginner Level Terraform Interview Questions
- Intermediate Level Terraform Interview Questions
- Advanced Level Terraform Interview Questions
What is Terraform?
Terraform is a tool to build an infrastructure safely and efficiently. Terraform can manage leading and popular service providers as well as custom in-house solutions.
The Configuration file in Terraform describes the components needed to run a single application or your entire data centre. Terraform then generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. It creates incremental execution plans which can be applied according to the configuration change.
Check our blog on Terraform Associate Certification to know more.
What is Hashicorp Certified: Terraform Associate?
The Terraform Associate is the Cloud Engineer specializing in operations, IT, or developers who know the basic concepts and skills associated with open source HashiCorp Terraform. This person understands which enterprise features exist and what can and cannot be done using the open-source offering.
Below are some of the most asked Terraform interview questions for a Terraform Associate role:
1. Beginner Level: Terraform Interview Question
Question 1: What do you mean by Terraform?
Answer: Terraform is open-source communication as a system software tool created by HashiCorp. It is an instrument for building, altering, and versioning transportation safely and professionally. Terraform can direct existing and accepted service providers as well as convention in-house solutions.
Question 2: What are the reasons for choosing Terraform for DevOps?
Answer: Below are the reasons for choosing Terraform for DevOps:
- It can do complete orchestration and not just configuration management (like Ansible and Puppet).
- Has amazing support of almost all the popular cloud providers like AWS, Azure, GCP, DigitalOcean etc.
- Easily manages the configuration of an immutable (dynamic) infrastructure.
- Provide immutable infrastructure where configuration changes smoothly.
- Works on HCL (HashiCorp configuration language), which is very easy to learn and understand.
- Easily portable from one provider to another.
- Easy Installation.
Question 3: Define Terraform init?
Answer: Terraform initializes the code using the command terraform init. This command is used to initialize the working directory containing Terraform configuration files. It is safe to run this command multiple times.
You can use the init command for:
- Plugin Installation
- Child Module Installation
- Backend Initialization
Question 4: Name some major competitors of Terraform?
Answer: Some of them are:
- Packer
- Cloud Foundry
- Ansible
- Kubernetes
Question 5: Define Terraform provider?
Answer: Terraform is used to manage and inform infrastructure resources such as bodily machines, VMs, network switches, containers, and more. A provider is accountable for thoughtful API interactions and revealing resources. Terraform supports a large number of cloud providers.
Question 6: How does Terraform work?
Answer: Terraform creates an implementation plan, define what it will do to attain the preferred state, and then executes it to construct the described infrastructure. As the configuration changes, Terraform is talented to decide what changed and generate incremental execution plans which can be practical.
Question 7: Name some major features of Terraform?
Answer: Some of them are:
- Execution Plan
- Change Automation
- Resource Graph
- Infrastructure as code
Question 8: Define IAC?
Answer: IaC is a short form to the term “Infrastructure as Code”. IaC refers to a scheme whereby developers can run and provision the computer data center’s mechanically instead of getting into a physical process. Terraform, for example, is a case tool of IaC.
Question 9: How to check the installed version of Terraform?
Answer: We can use terraform -version of the command to identify the version which we are running.
- Terraform Configuration – It keeps track of the infrastructure detail
- Terraform state – It keeps track of the infrastructure status.
Question 11: What are the key features of Terraform?
Answer: Following are the key features of Terraform:
- Infrastructure as Code: Terraform’s high-level configuration language is used to define your infrastructure in human-readable declarative configuration files.
- You may now create an editable, shareable, and reusable blueprint.
- Terraform generates an execution plan that specifies what it will do and asks for your approval before making any infrastructure alterations. You can assess the modifications before Terraform creates, updates, or destroys infrastructure.
- Terraform creates a resource graph while simultaneously developing or altering non-dependent resources. Terraform can now build resources as quickly as possible while also giving you more information about your infrastructure.
- Terraform’s the automation of change allows you to apply complex changesets to your infrastructure with little to no human interaction. Terraform recognises
Question 12: What are the use cases of Terraform?
- Setting Up a Heroku App:
- Heroku is a popular web application hosting platform as a service (PaaS). Initially, developers create an app, then add add-ons like a database or an email service. One of the best aspects is the ability to flexibly scale the number of dynos or workers. On the other hand, most non-trivial applications quickly demand a huge number of add-ons and external services.
- Terraform may be used to codify a Heroku application’s configuration, ensuring that all necessary add-ons are there, but it can also go beyond, such as configuring DNSimple to set a CNAME or configuring Cloudflare as the app’s CDN. Best of all, Terraform can do all of this in about 30 seconds without using a web interface.
- Clusters of Self-Service:
- At a certain organisational level, a centralised operations team overseeing a large and increasing infrastructure becomes incredibly tough. It becomes more enticing to implement “self-serve” infrastructure, which lets product teams to manage their own infrastructure using tooling provided by the central operations team.
- Terraform configuration can be used to keep track of how to build and scale a service. You may then share these settings with the rest of your company, allowing client teams to use Terraform to manage their services.
- Quick Creation of Environments:
- It is common to have a production environment as well as a staging or quality assurance environment. These environments are little versions of their production equivalents, and they’re used to test new programmes before they’re made public. As the production environment grows larger and more involved, maintaining an up-to-date staging environment becomes increasingly difficult.
- Terraform can be used to codify the production environment and share it with staging, QA, and development. These parameters can be used to quickly establish new testing environments that can be easily discarded. Terraform can help to alleviate the difficulty of maintaining parallel environments by allowing them to be created and destroyed on the fly..
- Schedulers of Resources:
- In large-scale infrastructures, static application assignment to computers becomes increasingly challenging. Borg, Mesos, YARN, and Kubernetes are just a few of the schedulers that can help with this challenge. These can be used to dynamically schedule Docker containers, Hadoop, Spark, and a number of other software applications.
- Terraform isn’t simply for Amazon Web Services or other physical providers. Because resource schedulers can be viewed as providers, Terraform can request resources from them. Terraform may now work in layers, for example, putting up the physical infrastructure that runs the schedulers and provisioning into the scheduled grid.
- Demonstrations of software:
- Software is getting increasingly networked and distributed in today’s world. Although virtualized environments for demos can be created using tools like Vagrant, displaying software on real infrastructure that closely replicates production environments is still tough.
- Software authors can use a Terraform configuration to design, provision, and bootstrap a demo on cloud providers like AWS. End users can simply demo the application on their own infrastructure, and options such as cluster size can be modified to evaluate tools at any scale.
2. Intermediate Level: Terraform Interview Question
Question 1: Explain the uses of Terraform CLI and list some basic CLI commands?
Answer: The command-line interface to Terraform is via the terraform command, which accepts a variety of subcommands such as terraform init or terraform plan.
Common commands:
- terraform init: Prepare your working directory for other commands
- terraform plan: Show changes required by the current configuration
- terraform apply: Create or update infrastructure
- terraform destroy: Destroy previously-created infrastructure
Question 2: How does Terraform help in discovering plugins?
Answer: The authority “Terraform init” helps Terraform interpret configuration files in the operational directory. Then, Terraform finds out the essential plugins and searches for installed plugins in diverse locations. In addition, Terraform also downloads extra plugins at times. Then, it decides the plugin versions to use and writes a security device file for ensuring that Terraform will employ the identical plugin versions.
Question 3: Can I add policies to the open-source or pro version of Terraform enterprise?
Answer: You cannot insert policies to the open-source description of Terraform Enterprise. The equal also goes for the Enterprise Pro version. The finest version of Terraform Enterprise only could contact the lookout policies.
Question 4: Define Modules in Terraform?
Answer: A module in Terraform is a jug for numerous resources that are used jointly. The root module is required for every Terraform that includes resources mentioned in the .tf files.
Question 5: What are the ways to lock Terraform module versions?
Answer: You can use the terraform module registry as a source and provide the attribute as ‘version’ in the module in a terraform configuration file. If you are using the GitHub repository as a source, then you need to specify the branch, version and query string with ‘? ref’.
Question 6: What do you mean by Terraform cloud?
Answer: Terraform Cloud is an application that helps teams use Terraform together. It manages Terraform runs in a consistent and reliable environment, and includes easy access to shared state and secret data, access controls for approving changes to infrastructure, a private registry for sharing Terraform modules, detailed policy controls for governing the contents of Terraform configurations, and more.
Question 7: Define null resource in Terraform?
Answer: The null resource implements the average resource lifecycle but takes no extra action. The trigger argument permits specifying a subjective set of values that, when misrepresented will source the reserve to be replaced.
The primary use-case for the null resource is as a do-nothing container for arbitrary actions taken by a provisioner.
Question 8: Can Terraform be used for on-prem infrastructure?
Answer: Yes, Terraform can be utilized for on-prem infrastructure. There are a lot of obtainable providers. You can decide any one of them which suits you most excellent. Many also build client Terraform providers for themselves; all wanted is just an API.
Answer:
- Terraform -version – to check the installed version of terraform
- Terraform fmt– it is used to rewrite configuration files in canonical styles and format
- Terraform providers – it gives information of providers working in the current configuration.
- GitHub.com
- GitLab.com
- GitHub Enterprise
- GitLab CE and EE
- Bitbucket Cloud and Server
- Azure DevOps Server and Services
Question 11: Explain the command terraform validate in the context of Terraform.
Answer: Version control tools supported by Terraform are:
- GitHub
- GitLab CE
- GitLab EE
- Bucket Cloud
3. Advanced Level: Terraform Interview Question
Question 1: How would you recover from a failed apply in Terraform?
Answer: You can put your configuration in version control and commit before each change, and then you can use your version control system’s features to revert to an older configuration if needed. You always need to make sure that you recommit the previous version code for it to be the new version in the version control system.
Question 2: What do you mean by Terragrunt, list some of its use cases?
Answer: Terragrunt is a thin wrapper that provides extra tools for keeping your configurations DRY, working with multiple Terraform modules, and managing remote states.
Use cases:
- Keep your Terraform code DRY
- Keep your remote state configuration DRY
- Keep your CLI flags DRY
- Execute Terraform commands on multiple modules at once
- Work with multiple AWS accounts
Question 3: What steps should be followed for making an object of one module to be available for the other module at a high level?
Answer: Following are the steps that should be followed for making an object of one module to be available for the other module at a high level:
- First, an output variable is to be defined in a resource configuration. Till you do not declare resource configuration details, the scope of local and to a module.
- Now, you have to declare the output variable of module_A to be used in other modules’ configurations. A brand new and latest key name should be created by you and the value should be kept equivalent to the module_A’s output variable.
- Now, for module_B you have to create a file variable.tf. Establish an input variable inside this file having exactly the same name as was in the key defined by you in module_B. In a module, this particular variable enables the resource’s dynamic configuration. For making this variable available to some other module also, replicate the process. This is because the particular variable established here have its scope restricted to module_B.
Question 4: What is State File Locking?
Answer: State file locking is a mechanism in terraform where operation on a specific state file is blocked to avoid conflicts between multiple users performing the same operation. Once the lock from one user is released, then only any other user can operate on that state file after taking a lock on it. This helps in preventing any corruption of the state file. It is a backend operation, so the acquiring of lock on a state file in the backend. If it takes more time than expected to acquire a lock on the state file, you will get a status message as an output.
Question 5: What is a Remote Backend in Terraform?
Answer: The remote backend in terraform is used to store the state of terraform and can also run operations in terraform cloud. Remote backend multiple terraform commands such as init, plan, apply, destroy (terraform version >= v0.11.12), get, output, providers, state (sub-commands: list, mv, pull, push, rm, show) , taint, untaint, validate and many more. It can work with a single remote terraform cloud workspace or even multiple workspaces. For running remote operations like terraform plan or terraform apply, you can use terraform cloud’s run environment.
Question 6: What is a Tainted Resource?
Answer: Tainted resources are those resources that are forced to be destroyed and recreated on the next apply command. When you mark a resource as tainted, nothing changes on infrastructure but the state file is updated with this information(destroy and create). After marking a resource as tainted, terraform plan out will show that the resource will get destroyed and recreated, and when the next apply happens the changes will get implemented.
Question 8: How to prevent Error Duplicate Resource
Question 9: Explain the workflow of the core terraform.
- Write – Create infrastructure in the form of code.
- Plan – Plan ahead of time to see how the changes will look before they are implemented.
- Apply – Create a repeatable infrastructure.
Question 10: Explain the architecture of Terraform request flow.
Answer: A request in Terraform undergoes the following steps as shown in the diagram:
Command Line Interface (CLI):
CLI (Common Language Interface) (command package)
When a user starts the terraform programme, execution jumps immediately into one of the command package’s “command” implementations, except from some early bootstrapping in the root package (not shown in the diagram). The mapping between user-facing command names and their appropriate command package kinds is stored in the commands.go file in the repository’s root directory.
For these commands, the command implementation’s responsibility is to read and parse any command line arguments, command-line options, and environment variables required for the specified command and utilise them to build a backend.operation object. The operation is subsequently transferred to the currently selected backend.
Backends:
A backend in Terraform is responsible for a number of things:
- Execute operations (e.g. plan, apply)
- Variables defined in the workspace can be saved.
- to store the current state
The local backend uses a state manager (either statemgr.Filesystem if the local backend is being used directly, or an implementation provided by whatever backend is being wrapped) to retrieve the current state for the workspace specified in the operation, and then uses the config loader to load and perform initial processing/validation of the configuration specified in the operation. It then uses these, as well as the other parameters supplied in the process, to create a terraform.context object. Terraform operations are carried out by the main object.
Configuration Loader :
The top-level configuration structure in package configs is represented by model types. A configuration is represented by Config (the root module and all of its child modules). Although the configs package has some low-level functionality for building configuration objects, the main entry point is the configload.Loader located in the configload sub-package. A loader takes care of all the complexity of installing child modules (during terraform init) and then locating those modules when a configuration is loaded by a backend. It takes the path to a root module and recursively loads all of the child modules to produce a single configs.
State Manager:
The state manager is responsible for storing and retrieving snapshots of the Terraform state of a workspace. Each manager implements a subset of the statemgr package’s interfaces, with the majority of managers covering the whole set of statemgr.Full operations. The smaller interfaces are generally used in other function signatures to specify what actions the function might take on the state manager; there’s no reason to create a state manager that doesn’t implement all of statemgr. Full.
Graph Builder:
The terraform.Context method invokes a graph builder. The fundamental phases for that action, as well as the dependencies between them, are represented using a graph builder. Each operation has its own graph builder due to the differences in the graph-building process. A graph must be constructed directly from the configuration for a “plan” operation, but a “apply” action constructs its graph from the set of alterations mentioned in the plan being applied.
Graph Walk:
The graph walking method explores each vertex of the graph in such a way that the graph’s “happens after” edges are respected. Every vertex in the graph is evaluated in such a way that the “happens after” edges are considered. If possible, the graph walk algorithm will evaluate multiple vertices at once.
Vertex Evaluation:
The action taken for each vertex during a graph walk is referred to as execution. Execution carries out a set of random operations that make sense for the vertex type in question. A vertex must be complete correctly before the graph walk can start evaluating other vertices with “happens after” edges. The graph walk is paused when one or more errors occur during evaluation, and the errors are returned to the user. terraform interview questions
Question 11: Differentiate between Terraform and Cloudformation.
- User-friendliness: Terraform supports a wide range of Cloud Service Providers, including AWS, Azure, Google Cloud Platform, and others, whereas CloudFormation is restricted to AWS services. The majority of AWS resources are covered by Terraform.
- Depending on the language: CloudFormation uses either JSON or YAML. CloudFormation is now easy to understand and use. AWS developers, on the other hand, are prohibited from generating CloudFormation templates that are larger than 51MB. If a template’s size surpasses this limit, the developers must create a layered stack for it.
Terraform, on the other hand, employs Hashicorp’s proprietary HCL programming language (Hashicorp Configuration Language). This language is JSON-compatible as well. - State-management:
- Because CloudFormation is an AWS managed service, it inspects the infrastructure on a regular basis to ensure that the provisioned infrastructure is in excellent working order. CloudFormation receives a detailed response if anything changes.
Terraform, on the other hand, saves the infrastructure’s state on the provisioning machine, which can be a virtual machine or a remote computer. Terraform uses the state as a map to define the resources it maintains, which is recorded as a JSON file. - To summarise, CloudFormation manages Cloudformation’s state out-of-the-box, preventing conflicting changes. Terraform saves the state to a local disc, making state synchronisation easy. Terraform states can also be saved in storage services such as S3, which is another recommended state management strategy. This must be defined on the backend to facilitate and secure management.
- Because CloudFormation is an AWS managed service, it inspects the infrastructure on a regular basis to ensure that the provisioned infrastructure is in excellent working order. CloudFormation receives a detailed response if anything changes.
- Cost:
- The best thing about both of these programmes is that they are absolutely free. Both of these technologies have large communities that offer a wealth of information and examples. Cloudformation is a totally free service. Consumers just have to pay for the AWS service that CloudFormation delivers. Terraform is an open-source application that is absolutely free to use. Terraform, on the other hand, offers a paid enterprise version with additional collaboration and governance capabilities.
- Integration of Multiple Clouds:
- If you want to provide services across many cloud platforms, Terraform is the way to go. While Terraform may be used with a variety of cloud providers such as AWS, GCP, Azure, and others, CloudFormation is only available on AWS. If you have several cloud installations, Cloudformation is not for you. You should use Cloudformation if you’re using AWS resources like EC2, S3, and so on.
Question 12: Differentiate between Terraform and Ansible.
| Terraform | Ansible |
|---|---|
| Terraform is a tool for provisioning. | Ansible is a tool for managing configurations. |
| It uses a declarative Infrastructure as Code methodology. | It takes a procedural method. |
| It’s ideal for orchestrating cloud services and building cloud infrastructure from the ground up. | It is mostly used to configure servers with the appropriate software and to update resources that have previously been configured. |
| By default, Terraform does not allow bare metal provisioning. | The provisioning of bare metal servers is supported by Ansible. |
| In terms of packing and templating, it does not provide better support. | It includes complete packaging and templating support. |
| It is strongly influenced by lifecycle or state management. | It doesn’t have any kind of lifecycle management. It does not store the state. |
Conclusion
Terraform questions can be a little tricky sometimes so having knowledge about terraform is very crucial before going for an interview. To test your knowledge on terraform, the best way is to appear for the certification which will prepare you with some good questions and you will also earn a certification. More importantly, it will add credibility to your resume as well as give your confidence a boost.
Related/References
- HashiCorp Infrastructure Automation Certification: Terraform Associate
- HashiCorp Certified Terraform Associate-Step By Step Activity Guides
- Hashicorp: Terraform Certified Associate – 2020 – Tricks & Tips Of Terraform
- Install Terraform in Linux, Mac, Windows
- Why Terraform? Not Chef, Ansible, Puppet, CloudFormation?
- Terraform Providers Overview
- Terraform Variables – Terraform Variable Types
Join FREE Masterclass
Join our FREE Masterclass to know more about Terraform and get access to all Hands-On labs that you must perform to clear the Terraform Certified Associate certification exam.
Click on the below image to Register Our FREE Masterclass Now!
The post Top Terraform Interview Questions & Answers appeared first on Cloud Training Program.