Ninth Flashcards Preview

P211A000N02F > Ninth > Flashcards

Flashcards in Ninth Deck (5)
Loading flashcards...
1

Where is saved the terraform state if a backend block definition has not been declared into the TerraformCode?

A. Is saved in the $HOME directory as local.tfstate
B. Is saved on the root path of the module as terraform.tfstate
C. Is saved on the root path of the module as local.tfstate
D. Is saved in the $HOME directory as state.tfstate

B. Is saved on the root path of the module as terraform.tfstate

If a backend definition has not been declared, Terraform will be used the local backend by default and saved on the relative root path of the module as terraform.tfstate

A, C and D are incorrect because the default state is not the name assigned by default when you don’t specify a backend configuration. Also, $HOME is not fully accurate if you are executing your terraform outside from $HOME

https://www.terraform.io/docs/language/settings/backends/local.html#configuration-variables

2

You are a DevOps Engineer using AWS. What is the best way to prevent inconsistent states when several engineers are doing changes to the infrastructure using the same Terraform Code and executing locally in their local computers?

A. There is no need to do anything else. Terraform automatically will merge all the changes into the common state
B. You have to configure the State Locking in your backend configuration
C. Execute terraform apply --lock=false
D. Execute terraform force-unlock LockId

B. You have to configure the State Locking in your backend configuration

Using AWS as a Cloud Provider, you can use S3 to store the terraform state and DynamoDB to lock the state and prevent others to execute in parallel over the same state. This will prevent having an inconsistent state.

A is incorrect because terraform doesn’t have this option by default

C is incorrect because if locking is supported in your backend configuration, we should use terraform apply --lock=true

D is incorrect because this is used when there is an error acquiring the lock and you need to unlock the State. This option is not recommended

https://www.terraform.io/docs/language/settings/backends/s3.html
https://www.terraform.io/docs/cli/commands/force-unlock.html#usage

3

What is the best, most secure place to store the State to improve the collaboration between teams?

A. Store the terraform state into your Source Code Control Version
B. Store the terraform state into an NFS shared between the members
C. Store the terraform state into a remote Backend such as s3, artifactory, etc
D. All the above are valid options

C. Store the terraform state into a remote Backend such as s3, artifactory, etc

The best way to collaborate between teams and have the Terraform State safe and store secretinformation outside from local instances is to use a remote Backend.

A is incorrect because this could cause Merge conflicts of the Terraform State

B is incorrect as sensitive information can be stored as plain text in an NFS server which could be accessed and read by other members

D is incorrect as A and B are incorrect

https://learn.hashicorp.com/tutorials/terraform/aws-remote

4

You are a Lead DevOps Engineer and you know that engineers from your organization have applied changes manually into the resources created by Terraform. Those changes are not consolidated in your state.

What is the best way to consolidate the Terraform State?

A. terraform refresh
B. terraform plan. Look at the changes, and rewrite the code, and then execute terraform apply
C. terraform reload
D. terraform init

A. terraform refresh

To consolidate the real world infrastructure with the state, terraform refresh will write into the terraform state

B is incorrect because is not consolidating the state with the real-world infrastructure, is modifying the code with the changes that were applied manually.

C is incorrect because terraform reload doesn’t exist

D is incorrect because terraform init is used to initialize the working directory with plugins, backend, providers, etc, but not to consolidate the possible drifts between the real-world and the state file

https://www.terraform.io/docs/cli/commands/refresh.html

5

You have the following code:

resource "aws_db_instance" "example" {
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t3.micro"
name = "whizlabs"
username = whizlabs
password = my_course_password
}

How the terraform state will be stored?

A. Sensitive values are encrypted by default for Terraform using AES-256
B. Terraform Cloud stored the terraform state encrypted at rest and using TLS in transit
C. Terraform will store the values as plain text in a JSON file.
D. B & C

D. B & C

D is the correct answer because:
- Terraform cloud store the state encrypted at rest and using TLS in transit
- The terraform state file is a JSON file with not encoding or encryption by default

A is incorrect because Terraform can’t identify which data is sensitive or not.

https://www.terraform.io/docs/language/state/sensitive-data.html