Introduction
Terraform is an open-source Infrastructure as Code (IaC) tool created by HashiCorp. It allows you to define and provision data center infrastructure using a high-level configuration language.
In this lab, you will learn how to install Terraform on an Ubuntu 22.04 system. We will follow the official HashiCorp guide, which involves adding the HashiCorp GPG key and the official package repository. This method ensures that you can easily install and update Terraform using the standard apt package manager.
Update system and install gnupg and software-properties-common packages
In this step, you will update your system's package list and install the necessary prerequisite packages. This is a crucial first step to ensure your system is up-to-date and has the tools required to add and manage new software repositories.
First, update the apt package index. This command downloads the package information from all configured sources.
sudo apt-get update
Next, install gnupg, software-properties-common, and wget.
gnupgis required to verify the GPG signature of the HashiCorp repository.software-properties-commonprovides helpful scripts for managing software sources.wgetis a utility to download files from the internet, which we will use to get the GPG key.
Execute the following command to install these packages:
sudo apt-get install -y gnupg software-properties-common wget
You will see output as apt downloads and installs the packages and their dependencies. A successful installation will end without any error messages.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
...
Setting up gnupg ([version]) ...
Setting up software-properties-common ([version]) ...
...
Now that the prerequisites are installed, you are ready to add the HashiCorp GPG key.
Download and install HashiCorp GPG key using wget and gpg --dearmor
In this step, you will download the HashiCorp GPG key and add it to your system's keyring. This key is used by apt to verify that the packages you download from the HashiCorp repository are authentic and have not been tampered with.
We will use a single command that chains together wget, gpg, and tee to accomplish this.
wget -O- ...downloads the key from the URL and prints it to standard output.gpg --dearmorprocesses the key from standard input and converts it to the binary format thataptexpects.sudo tee ...takes the binary key from standard input and writes it to the file/usr/share/keyrings/hashicorp-archive-keyring.gpg. We useteewithsudobecause this directory requires root permissions to write to.
Install HashiCorp's GPG key.
wget -O- https://apt.releases.hashicorp.com/gpg \
| gpg --dearmor \
| sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg > /dev/null
If the command is successful, it will output the binary content of the GPG key to your terminal while also writing it to the specified file. You may see a stream of characters that are not human-readable; this is expected.
--[timestamp]-- https://apt.releases.hashicorp.com/gpg
Resolving apt.releases.hashicorp.com (apt.releases.hashicorp.com)... [server IPs]
Connecting to apt.releases.hashicorp.com (apt.releases.hashicorp.com)|[IP]|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: [size] ([size_human]) [binary/octet-stream]
Saving to: 'STDOUT'
- 100%[===================>] [size] --.-KB/s in 0s
[timestamp] ([speed]) - written to stdout [[size]/[size]]
... (binary output from gpg) ...
The key is now stored on your system, ready to be used by apt.
Verify HashiCorp GPG key fingerprint with gpg --fingerprint
In this step, you will verify the fingerprint of the GPG key you just downloaded. This is an important security practice to confirm that you have the correct, official key from HashiCorp and not a malicious one.
You can display the fingerprint of the key using the gpg command, pointing it to the keyring file we created in the previous step.
Run the following command:
gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
The command will display the key details, including its fingerprint.
/usr/share/keyrings/hashicorp-archive-keyring.gpg
-------------------------------------------------
pub rsa4096 [creation_date] [SC] [expires: [expiry_date]]
[FINGERPRINT]
uid [ unknown] HashiCorp Security (HashiCorp Package Signing) <security+packaging@hashicorp.com>
sub rsa4096 [creation_date] [S] [expires: [expiry_date]]
You should verify that the pub key fingerprint matches the one published by HashiCorp. The fingerprint should be a 40-character hexadecimal string. Since the output matches the expected fingerprint, you can be confident that you have the correct key.
Add HashiCorp repository to apt sources and update apt
In this step, you will add the official HashiCorp repository to your system's list of apt sources. This tells the package manager where to look for Terraform packages.
Add the official HashiCorp repository to your system.
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
This command should not produce any output. Now that the new repository has been added, you must update the apt package list again so it becomes aware of the packages available from the HashiCorp source.
sudo apt update
In the output, you should see a line indicating that apt is getting packages from https://apt.releases.hashicorp.com.
Hit:1 http://[mirror]/ubuntu jammy InRelease
Hit:2 http://[mirror]/ubuntu jammy-updates InRelease
Hit:3 http://[mirror]/ubuntu jammy-backports InRelease
Hit:4 http://[mirror]/ubuntu jammy-security InRelease
Get:5 https://apt.releases.hashicorp.com jammy InRelease [[size] kB]
Get:6 https://apt.releases.hashicorp.com jammy/main amd64 Packages [[size] kB]
Fetched [total] kB in [time] ([speed] kB/s)
Reading package lists... Done
Your system is now configured to install software from the official HashiCorp repository.
Install Terraform package using apt-get install terraform
In this final step, you will install Terraform. With the GPG key and repository configured, you can now use the standard apt-get install command. apt will automatically find the Terraform package in the HashiCorp repository, verify its signature, and install it.
Run the following command to install Terraform:
sudo apt-get install terraform
apt will show you the packages that will be installed and ask for confirmation. Since we are in a non-interactive environment, the installation will proceed automatically.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
terraform
[upgrade_info]
Need to get [size] MB of archives.
After this operation, [disk_space] MB of additional disk space will be used.
Get:1 https://apt.releases.hashicorp.com jammy/main amd64 terraform amd64 [version]-1 [[size] MB]
...
Setting up terraform ([version]-1) ...
Once the installation is complete, you can verify that Terraform is installed correctly by checking its version.
terraform -v
This command should print the installed Terraform version.
Terraform v[version]
on linux_amd64
Congratulations! You have successfully installed Terraform on your system.
Summary
In this lab, you have successfully installed Terraform on an Ubuntu system using the official HashiCorp package repository.
You learned how to:
- Update your system and install prerequisite packages like
gnupgandwget. - Download and add the official HashiCorp GPG key to ensure package authenticity.
- Verify the GPG key's fingerprint as a security measure.
- Add the HashiCorp
aptrepository to your system's software sources. - Install the Terraform package using the
apt-getcommand. - Verify the installation by checking the Terraform version.
By following these steps, you have set up a clean and manageable Terraform installation that can be easily updated in the future using standard system commands.
