{"id":34,"date":"2017-10-30T17:56:26","date_gmt":"2017-10-30T17:56:26","guid":{"rendered":"https:\/\/nillsf.wordpress.com\/?p=34"},"modified":"2017-10-30T17:56:26","modified_gmt":"2017-10-30T17:56:26","slug":"terraform-and-azure","status":"publish","type":"post","link":"https:\/\/blog.nillsf.com\/index.php\/2017\/10\/30\/terraform-and-azure\/","title":{"rendered":"Terraform and Azure"},"content":{"rendered":"

Have you already played around with Terraform and Azure? Until today, I hadn’t and decided to try it out. A couple of weeks ago Corey Sanders announced<\/a> progress with how Azure and Terraform are integrated; and below you can read on how I tried it out.<\/p>\n

Setting up the infrastructure<\/h2>\n

Terraform is integrated into our Azure cloud shell, but I decided to set it up on a virtual machine (full installation):
\nFirst step is to create a VM to run Terraform on:
\n\"TF1\"
\nInstallation is as simple as downloading a zip file, extracting it and adding that path to your $PATH variable. Easy to do:<\/p>\n

sudo apt-get install unzip -y
\nwget https:\/\/releases.hashicorp.com\/terraform\/0.10.8\/terraform_0.10.8_linux_amd64.zip
\nunzip terraform_0.10.8_linux_amd64.zip
\nrm terraform_0.10.8_linux_amd64.zip
\nmkdir bin
\nmv terraform bin\/terraform
\necho “PATH=$PATH:$HOME\/bin” >> .profile
\nsource .profile<\/p><\/blockquote>\n

Next step is to create a service principal that will have access to the azure APIs. We can create this in the portal, but let’s go ahead and do that via the CLI. First things first: install the CLI.<\/p>\n

echo “deb https:\/\/packages.microsoft.com\/repos\/azure-cli\/ wheezy main” | \\
\nsudo tee \/etc\/apt\/sources.list.d\/azure-cli.list
\necho “deb [arch=amd64] https:\/\/packages.microsoft.com\/repos\/azure-cli\/ wheezy main” | \\
\nsudo tee \/etc\/apt\/sources.list.d\/azure-cli.list
\nsudo apt-key adv –keyserver packages.microsoft.com –recv-keys 52E16F86FEE04B979B07E28DB02C46DF417A0893
\nsudo apt-get install apt-transport-https
\nsudo apt-get update && sudo apt-get install azure-cli<\/p><\/blockquote>\n

With the CLI installed, let’s login and create a service principal.<\/p>\n

az login
\naz ad sp create-for-rbac –role=”Contributor” –scopes=”\/subscriptions\/*SUBCRIPTION ID GOES HERE*”<\/p><\/blockquote>\n

Something weird happened here for me, with a lot of retries happening on the creation of both the SP as on the role assignment. But it worked and returned me the appID and secret. Keep this secret ‘secret’, as it opens the doors to your Azure subscription!
\n\"TF2\"
\nNext step is to create the right environment variables for Terraform to use. I’ve added them to a neat little script, you could also make them part of your login scripts (.profile or .bash_rc).<\/p>\n

#!\/bin\/sh
\necho “Setting environment variables for Terraform”
\nexport ARM_SUBSCRIPTION_ID=your_subscription_id
\nexport ARM_CLIENT_ID=your_appId
\nexport ARM_CLIENT_SECRET=your_password
\nexport ARM_TENANT_ID=your_tenant_id<\/p><\/blockquote>\n

\"TF3\"<\/p>\n

Creating a resource group<\/h2>\n

Next, we’ll create a resource group via TerraForm. Create an empty directory, with a file in there with the following content:<\/p>\n

provider “azurerm” {
\n}
\nresource “azurerm_resource_group” “rg” {
\nname = “TF_created_RG”
\nlocation = “westeurope”
\n}<\/p><\/blockquote>\n

Next steps are to (1) initialise Terraform (2) test our deployment (3) deploy it.<\/p>\n

terraform init
\nterraform plan
\nterraform apply<\/p><\/blockquote>\n

And behold: we have a resource group!
\n\"TF4\"<\/p>\n

Creating a virtual machine (VM)<\/h2>\n

And now, let’s create a VM. I won’t go in all the details, but this documentation article explains more about it: https:\/\/docs.microsoft.com\/en-us\/azure\/virtual-machines\/linux\/terraform-create-complete-vm<\/a>
\nI created the following terraform file and followed the same steps as before:<\/p>\n

provider “azurerm” {
\n}
\nresource “azurerm_resource_group” “rg” {
\nname = “TF_created_RG”
\nlocation = “westeurope”
\n}
\nresource “azurerm_virtual_network” “myterraformnetwork” {
\nname\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “TF_Vnet”
\naddress_space\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = [“10.0.0.0\/16”]
\nlocation\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “${azurerm_resource_group.rg.location}”
\nresource_group_name = “${azurerm_resource_group.rg.name}”
\ntags {
\nenvironment = “Terraform Demo”
\n}
\n}
\nresource “azurerm_subnet” “myterraformsubnet” {
\nname\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “TF_Subnet”
\nresource_group_name\u00a0 = “${azurerm_resource_group.rg.name}”
\nvirtual_network_name = “${azurerm_virtual_network.myterraformnetwork.name}”
\naddress_prefix\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “10.0.2.0\/24”
\n}
\nresource “azurerm_public_ip” “myterraformpublicip” {
\nname\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “TF_publicIP”
\nlocation\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “${azurerm_resource_group.rg.location}”
\nresource_group_name\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “${azurerm_resource_group.rg.name}”
\npublic_ip_address_allocation = “dynamic”
\ntags {
\nenvironment = “Terraform Demo”
\n}
\n}
\nresource “azurerm_network_interface” “myterraformnic” {
\nname\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “TF_NIC”
\nlocation\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “${azurerm_resource_group.rg.location}”
\nresource_group_name = “${azurerm_resource_group.rg.name}”
\nip_configuration {
\nname\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “TF_NicConfiguration”
\nsubnet_id\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “${azurerm_subnet.myterraformsubnet.id}”
\nprivate_ip_address_allocation = “dynamic”
\npublic_ip_address_id\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “${azurerm_public_ip.myterraformpublicip.id}”
\n}
\ntags {
\nenvironment = “Terraform Demo”
\n}
\n}
\nresource “random_id” “randomId” {
\nkeepers = {
\n# Generate a new ID only when a new resource group is defined
\nresource_group = “${azurerm_resource_group.rg.name}”
\n}
\nbyte_length = 8
\n}
\nresource “azurerm_storage_account” “mystorageaccount” {
\nname\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “diag${random_id.randomId.hex}”
\nresource_group_name = “${azurerm_resource_group.rg.name}”
\nlocation\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “${azurerm_resource_group.rg.location}”
\naccount_replication_type = “LRS”
\naccount_tier = “Standard”
\ntags {
\nenvironment = “Terraform Demo”
\n}
\n}
\nresource “azurerm_virtual_machine” “myterraformvm” {
\nname\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “myVM”
\nlocation\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “${azurerm_resource_group.rg.location}”
\nresource_group_name\u00a0\u00a0 = “${azurerm_resource_group.rg.name}”
\nnetwork_interface_ids = [“${azurerm_network_interface.myterraformnic.id}”]
\nvm_size\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “Standard_DS1_v2”
\nstorage_os_disk {
\nname\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “myOsDisk”
\ncaching\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “ReadWrite”
\ncreate_option\u00a0\u00a0\u00a0\u00a0 = “FromImage”
\nmanaged_disk_type = “Premium_LRS”
\n}
\nstorage_image_reference {
\npublisher = “Canonical”
\noffer\u00a0\u00a0\u00a0\u00a0 = “UbuntuServer”
\nsku\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = “16.04.0-LTS”
\nversion\u00a0\u00a0 = “latest”
\n}
\nos_profile {
\ncomputer_name\u00a0 = “TFvm”
\nadmin_username = “nilfranadmin”
\n}
\nos_profile_linux_config {
\ndisable_password_authentication = true
\nssh_keys {
\npath\u00a0\u00a0\u00a0\u00a0 = “\/home\/nilfranadmin\/.ssh\/authorized_keys”
\nkey_data = “ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAslS5LnoCJlj8OE4VncUK2iP6YhVT\/RmeNkvP3VTd\/GbiZd384wrD0rzr3MwEgMm4ZkjUQno54x+bpRhIFDha4Kj89cs7LwuPHZSkXLF+aVydxy2nu464TmflnhVVW71wLE9E3bCUxmh5+IZ3sJ8is2XQMuC1IHiIoEMFc+buMTG+kVc3f+VaJ5ZT+bFPjqs816YBPTSZRmUjzfwRcLIRXvlVxlFsMckhSTa7xCCxunsGKITOnqmlk\/vIWr\/bKfev6RD+qV8DFquM0zxquwcSv5ERXE384m6ESJ\/YJ4IN5P14CDWT3pdZtwM1jOaL\/zPyMHbamk5iTPLfuPao740plQ==”
\n}
\n}
\nboot_diagnostics {
\nenabled\u00a0\u00a0\u00a0\u00a0 = “true”
\nstorage_uri = “${azurerm_storage_account.mystorageaccount.primary_blob_endpoint}”
\n}
\ntags {
\nenvironment = “Terraform Demo”
\n}
\n}<\/p><\/blockquote>\n

This created my VM (with all the surrounding elements):
\n\"TF5\"<\/p>\n

What I learned today:<\/h2>\n
    \n
  • How to use Terraform to create Azure resources.<\/li>\n
  • Although Terraform is cloud agnostic, the drivers to each cloud are specific. You can’t ‘simply’ swap a parameter ‘AWS’ to ‘Azure’ and re-use the same template. #I didn’t know that before. I was mistakenly thinking that within Terraform you created a ‘unbranded’ resources; which got translated to the right provider. I was wrong.<\/li>\n
  • The syntax is surprisingly simple and straightforward, if you understand what needs to happen under the covers (aka if you know what you need to create on Azure).<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

    Have you already played around with Terraform and Azure? Until today, I hadn’t and decided to try it out. A couple of weeks ago Corey Sanders announced progress with how Azure and Terraform are integrated; and below you can read on how I tried it out.<\/p>\n","protected":false},"author":1,"featured_media":32,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2,3,5],"tags":[],"class_list":["post-34","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","category-devops","category-open-source"],"jetpack_featured_media_url":"https:\/\/nillsfblog.blob.core.windows.net\/media\/2017\/10\/tf5.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/posts\/34","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/comments?post=34"}],"version-history":[{"count":0,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/posts\/34\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/media\/32"}],"wp:attachment":[{"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/media?parent=34"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/categories?post=34"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/tags?post=34"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}