jaakko
1a58324689
- Uusi agentti: Tofuist (gecko-avatar, oranssinkulta #e3a336) - System prompt: HCL-koodi, moduulit, lifecycle, state encryption - docs-kenttä: lataa automaattisesti /docs/tofu-cheatsheet.md referenssiksi - kpnRun: tukee nyt agentin docs-kenttää (haetaan kerran, cachetetaan) - OpenTofu-dokumentaatio haettu GitHubista + tiivistetty cheatsheet - Avatar, gallery-head, värimapit ja pipeline-tuet lisätty Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2.4 KiB
2.4 KiB
OpenTofu Quick Reference
Core Architecture
- Graph-based execution: resources form a DAG, parallel where possible
- Provider plugins communicate via gRPC (plugin protocol v5/v6)
- State tracks resource → real-world mapping (JSON format)
- Plan → Apply workflow: always preview before changing
HCL Essentials
terraform {
required_providers {
aws = { source = "hashicorp/aws", version = "~> 5.0" }
}
}
provider "aws" { region = "eu-north-1" }
resource "aws_instance" "web" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t3.micro"
tags = { Name = "web-server" }
}
variable "env" {
type = string
default = "dev"
}
output "ip" { value = aws_instance.web.public_ip }
data "aws_ami" "latest" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["al2023-ami-*-x86_64"]
}
}
Resource Lifecycle
- create_before_destroy: new resource before destroying old
- prevent_destroy: block accidental deletion
- ignore_changes: skip drift on specified attributes
- replace_triggered_by: force replacement when dependency changes
Destroy Order
- Destroy runs in reverse dependency order
- ForceDestroy needed for resources with dependencies
- Deposed instances cleaned up automatically
State Encryption (OpenTofu-specific)
terraform {
encryption {
key_provider "pbkdf2" "main" {
passphrase = var.state_passphrase
}
method "aes_gcm" "main" {
keys = key_provider.pbkdf2.main
}
state {
method = method.aes_gcm.main
enforced = true
}
}
}
Module Structure
modules/
vpc/
main.tf
variables.tf
outputs.tf
app/
main.tf
variables.tf
outputs.tf
main.tf # root module
variables.tf
outputs.tf
terraform.tfvars
Key Commands
- tofu init: initialize providers and modules
- tofu plan: preview changes
- tofu apply: execute changes
- tofu destroy: remove all resources
- tofu state list/show/mv/rm: state management
- tofu import: bring existing resource under management
Best Practices
- Always use required_providers with version constraints
- Use variables for environment-specific values
- State encryption for sensitive data (OpenTofu feature)
- Modules for reusable infrastructure patterns
- Remote state backend for team collaboration
- Plan file for CI/CD: tofu plan -out=plan.bin && tofu apply plan.bin