Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Terraform for azure: the good, the bad and the ugly -

34 views

Published on

Azure Bootcamp 2019 - Dublin
http://azurebootcampdublin.com/

Published in: Software
  • Be the first to comment

  • Be the first to like this

Terraform for azure: the good, the bad and the ugly -

  1. 1. Terraform for Azure: the good, the bad and the ugly Giulio Vian – DevOps Lead – Glass, Lewis & Co.
  2. 2. Agenda Slides on SlideShare
  3. 3. What is Terraform? Provisioning •Terraform •Azure ARM Template •Azure CLI •Azure Powershell Configuration •Powershell DSC •Chef •Ansible •Packer Deployment •Azure DevOps •Octopus Deploy
  4. 4. What is Terraform? Provisioning •Terraform •Azure ARM Template •Azure CLI •Azure Powershell Configuration •Powershell DSC •Chef •Ansible •Packer Deployment •Azure DevOps •Octopus Deploy
  5. 5. No, what is Terraform? Single executable (kinda) https://www.terraform.io/
  6. 6. The Good,
  7. 7. Terraform DSL resource "azurerm_virtual_machine" "vm_demo" { name = "demovm" location = “northeurope" resource_group_name = "tf-demo" network_interface_ids = ["${azurerm_network_interface.vm_demo.id}"] vm_size = "Standard_B2s" storage_image_reference { publisher = "MicrosoftWindowsServer" offer = "WindowsServerSemiAnnual" sku = "Datacenter-Core-1803-smalldisk" version = "latest" } storage_os_disk { name = "demovm-osdisk" caching = "ReadWrite" create_option = "FromImage" } storage_data_disk { name = "demovm-datadisk" create_option = "Empty" lun = 0 disk_size_gb = "10" } os_profile { computer_name = "DEMOVM" admin_username = "${var.vm_admin_username}" admin_password = "${var.vm_admin_password}" } os_profile_windows_config { provision_vm_agent = true enable_automatic_upgrades = false } }
  8. 8. Why Terraform? ARM Template
  9. 9. Why Terraform? Powershell
  10. 10. How it works Command line tool terraform init terraform plan -out temp.dat terraform apply temp.dat Providers Executables azurerm, azuread, azurestack State (metadata)
  11. 11. Terraform basics
  12. 12. Terraform 0.12 Great promises in a not-so-near future
  13. 13. Tip: Passing credentials resource "azurerm_virtual_machine_extension" "my_vm_dscext" { #... protected_settings = <<PROTECTED_SETTINGS { "configurationArguments": { "someCredential": { "userName": "theUser", "password": "${var.the_user_pass}" } } } PROTECTED_SETTINGS }
  14. 14. Tip: assigning IPs Static addresses cidrsubnet cidrhost
  15. 15. Tip: pulling KeyVault Pre-load KeyVault with secrets data "azurerm_key_vault_secret" "test" { name = "mypassword" vault_uri = "https://yourvault.vault.azure.net/" }
  16. 16. Integration azurerm_virtual_machine_extension Powershell DSC Custom script → bash / Ansible Providers Chef, Docker, Kubernetes Provisioners ssh / WinRM
  17. 17. Automate Permit HTTPS to Internet* Credential (e.g. Service Principal) Get executable on the agent* Run apply There are ready-to use tasks *optional
  18. 18. Scale We have 6 environments with 150+ resources each
  19. 19. Goodies Summary Simple Modular Integrates well with Azure Easy to automate
  20. 20. the Bad,
  21. 21. Language Limits (HCL <0.12) Loops are hard Nested loop almost impossible Ifs are hard or impossible
  22. 22. Catching up Application Gateway story
  23. 23. Simple errors Error: Error applying plan: azurerm_lb_probe.lb_probe_http: Error Creating/Updating LoadBalancer network.LoadBalancersClient#CreateOrUpdate : Failure sending request: StatusCode=0 -- Original Error: Put https://management.azure.com/subscriptions /12345678-9abc-def0-1234- 56789abcdef0/resourceGroups/qa/providers/M icrosoft.Network/loadBalancers/qa- loadbalancer?api-version=2017-09-01: http: ContentLength=1655 with Body length 0
  24. 24. Downside Summary Limited expressive power (<0.12) Debugging can be difficult
  25. 25. and the Ugly
  26. 26. State management Myth: State is map of reality Setup in shared, locked place Azure Storage or AWS S3 Some changes not sensed Learn to use terraform state
  27. 27. Stay organized / repo root modules terraform modules utility general purpose shared common to multiple applications or environments application_name internal or public application non-production can be rebuilt any moment shared common to multiple environments e.g. deploy agents, jumpbox qa Integration test uat User acceptance test perf Load testing production everything here is critical ... details on next slide
  28. 28. Stay organized (cont’d) / repo root production everything here is critical legacy hand made infrastructure e.g. TFS shared common to main and DR e.g. networking live PRODUCTION ENVIRONMENTS network “everlasting” resources data-tier long-lived resources app-tier short-lived resources app_name resources for an app dr Disaster recovery site ... As above
  29. 29. Folders and state Each leaf has a state file Source can refer to existing state files production shared production/shared/terraform.tfstate live network production/live/network/terraform.tfstate app-tier production/live/app-tier/terraform.tfstate
  30. 30. Three steps to import Define as regular resources Add safety clause lifecycle { prevent_destroy = true } Include in state terraform import
  31. 31. Tip: Terraform tips HCL parser idiosyncrasies Regex might be troublesome is not unusual
  32. 32. Unpleasant Summary Low level commands & attributes for state Refactoring impacts state
  33. 33. Wrap-up 33
  34. 34. Succeeded?
  35. 35. Study the book Terraform - Up and Running: Writing Infrastructure as Code — Y.Brikman (O′Reilly)
  36. 36. Bio in pictures 36 giulio.dev@casavian.eu @giulio_vian https://www.slideshare.net/giuliov https://tfsaggregator.github.io http://blog.casavian.eu/ Hardware spec: 1KB RAM (upg. 16KB) 4KB ROM First computer Companies Communities
  37. 37. End of trasmissions 37

×