Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Terraform for Azure:
the good, the bad and the ugly
Giulio Vian – DevOps Lead – Glass, Lewis & Co.
Agenda
Slides on SlideShare
What is Terraform?
Provisioning
•Terraform
•Azure ARM
Template
•Azure CLI
•Azure
Powershell
Configuration
•Powershell
DSC
...
What is Terraform?
Provisioning
•Terraform
•Azure ARM
Template
•Azure CLI
•Azure
Powershell
Configuration
•Powershell
DSC
...
No, what is Terraform?
Single executable (kinda)
https://www.terraform.io/
The Good,
Terraform DSL
resource "azurerm_virtual_machine" "vm_demo" {
name = "demovm"
location = “northeurope"
resource_group_name ...
Why Terraform?
ARM Template
Why Terraform?
Powershell
How it works
Command line tool
terraform init
terraform plan -out temp.dat
terraform apply temp.dat
Providers
Executables
...
Terraform basics
Terraform 0.12
Great promises
in a not-so-near future
Tip: Passing credentials
resource "azurerm_virtual_machine_extension" "my_vm_dscext"
{
#...
protected_settings = <<PROTECT...
Tip: assigning IPs
Static addresses
cidrsubnet
cidrhost
Tip: pulling KeyVault
Pre-load KeyVault with secrets
data "azurerm_key_vault_secret" "test" {
name = "mypassword"
vault_ur...
Integration
azurerm_virtual_machine_extension
Powershell DSC
Custom script → bash / Ansible
Providers
Chef, Docker, Kubern...
Automate
Permit HTTPS to Internet*
Credential (e.g. Service Principal)
Get executable on the agent*
Run apply
There are re...
Scale
We have 6 environments with 150+ resources
each
Goodies Summary
Simple
Modular
Integrates well with Azure
Easy to automate
the Bad,
Language Limits (HCL <0.12)
Loops are hard
Nested loop almost impossible
Ifs are hard or impossible
Catching up
Application Gateway
story
Simple errors
Error: Error applying plan:
azurerm_lb_probe.lb_probe_http: Error
Creating/Updating LoadBalancer
network.Loa...
Downside Summary
Limited expressive power
(<0.12)
Debugging can be difficult
and the Ugly
State management
Myth: State is map of reality
Setup in shared, locked place
Azure Storage or AWS S3
Some changes not sens...
Stay organized
/ repo root
modules terraform modules
utility general purpose
shared common to multiple applications or env...
Stay organized (cont’d)
/ repo root
production everything here is critical
legacy hand made infrastructure e.g. TFS
shared...
Folders and state
Each leaf has a state file
Source can refer to existing state files
production
shared production/shared/...
Three steps to import
Define as regular resources
Add safety clause
lifecycle {
prevent_destroy = true
}
Include in state
...
Tip: Terraform tips
HCL parser idiosyncrasies
Regex might be troublesome
 is not unusual
Unpleasant Summary
Low level commands
& attributes for state
Refactoring impacts state
Wrap-up
33
Succeeded?
Study the book
Terraform - Up and Running: Writing Infrastructure as Code — Y.Brikman (O′Reilly)
Bio in pictures
36
giulio.dev@casavian.eu
@giulio_vian
https://www.slideshare.net/giuliov
https://tfsaggregator.github.io
...
End of trasmissions
37
Upcoming SlideShare
Loading in …5
×

Terraform for azure: the good, the bad and the ugly -

Azure Bootcamp 2019 - Dublin
http://azurebootcampdublin.com/

  • Be the first to comment

  • Be the first to like this

Terraform for azure: the good, the bad and the ugly -

  1. 1. Terraform for Azure: the good, the bad and the ugly Giulio Vian – DevOps Lead – Glass, Lewis & Co.
  2. 2. Agenda Slides on SlideShare
  3. 3. What is Terraform? Provisioning •Terraform •Azure ARM Template •Azure CLI •Azure Powershell Configuration •Powershell DSC •Chef •Ansible •Packer Deployment •Azure DevOps •Octopus Deploy
  4. 4. What is Terraform? Provisioning •Terraform •Azure ARM Template •Azure CLI •Azure Powershell Configuration •Powershell DSC •Chef •Ansible •Packer Deployment •Azure DevOps •Octopus Deploy
  5. 5. No, what is Terraform? Single executable (kinda) https://www.terraform.io/
  6. 6. The Good,
  7. 7. Terraform DSL resource "azurerm_virtual_machine" "vm_demo" { name = "demovm" location = “northeurope" resource_group_name = "tf-demo" network_interface_ids = ["${azurerm_network_interface.vm_demo.id}"] vm_size = "Standard_B2s" storage_image_reference { publisher = "MicrosoftWindowsServer" offer = "WindowsServerSemiAnnual" sku = "Datacenter-Core-1803-smalldisk" version = "latest" } storage_os_disk { name = "demovm-osdisk" caching = "ReadWrite" create_option = "FromImage" } storage_data_disk { name = "demovm-datadisk" create_option = "Empty" lun = 0 disk_size_gb = "10" } os_profile { computer_name = "DEMOVM" admin_username = "${var.vm_admin_username}" admin_password = "${var.vm_admin_password}" } os_profile_windows_config { provision_vm_agent = true enable_automatic_upgrades = false } }
  8. 8. Why Terraform? ARM Template
  9. 9. Why Terraform? Powershell
  10. 10. How it works Command line tool terraform init terraform plan -out temp.dat terraform apply temp.dat Providers Executables azurerm, azuread, azurestack State (metadata)
  11. 11. Terraform basics
  12. 12. Terraform 0.12 Great promises in a not-so-near future
  13. 13. Tip: Passing credentials resource "azurerm_virtual_machine_extension" "my_vm_dscext" { #... protected_settings = <<PROTECTED_SETTINGS { "configurationArguments": { "someCredential": { "userName": "theUser", "password": "${var.the_user_pass}" } } } PROTECTED_SETTINGS }
  14. 14. Tip: assigning IPs Static addresses cidrsubnet cidrhost
  15. 15. Tip: pulling KeyVault Pre-load KeyVault with secrets data "azurerm_key_vault_secret" "test" { name = "mypassword" vault_uri = "https://yourvault.vault.azure.net/" }
  16. 16. Integration azurerm_virtual_machine_extension Powershell DSC Custom script → bash / Ansible Providers Chef, Docker, Kubernetes Provisioners ssh / WinRM
  17. 17. Automate Permit HTTPS to Internet* Credential (e.g. Service Principal) Get executable on the agent* Run apply There are ready-to use tasks *optional
  18. 18. Scale We have 6 environments with 150+ resources each
  19. 19. Goodies Summary Simple Modular Integrates well with Azure Easy to automate
  20. 20. the Bad,
  21. 21. Language Limits (HCL <0.12) Loops are hard Nested loop almost impossible Ifs are hard or impossible
  22. 22. Catching up Application Gateway story
  23. 23. Simple errors Error: Error applying plan: azurerm_lb_probe.lb_probe_http: Error Creating/Updating LoadBalancer network.LoadBalancersClient#CreateOrUpdate : Failure sending request: StatusCode=0 -- Original Error: Put https://management.azure.com/subscriptions /12345678-9abc-def0-1234- 56789abcdef0/resourceGroups/qa/providers/M icrosoft.Network/loadBalancers/qa- loadbalancer?api-version=2017-09-01: http: ContentLength=1655 with Body length 0
  24. 24. Downside Summary Limited expressive power (<0.12) Debugging can be difficult
  25. 25. and the Ugly
  26. 26. State management Myth: State is map of reality Setup in shared, locked place Azure Storage or AWS S3 Some changes not sensed Learn to use terraform state
  27. 27. Stay organized / repo root modules terraform modules utility general purpose shared common to multiple applications or environments application_name internal or public application non-production can be rebuilt any moment shared common to multiple environments e.g. deploy agents, jumpbox qa Integration test uat User acceptance test perf Load testing production everything here is critical ... details on next slide
  28. 28. Stay organized (cont’d) / repo root production everything here is critical legacy hand made infrastructure e.g. TFS shared common to main and DR e.g. networking live PRODUCTION ENVIRONMENTS network “everlasting” resources data-tier long-lived resources app-tier short-lived resources app_name resources for an app dr Disaster recovery site ... As above
  29. 29. Folders and state Each leaf has a state file Source can refer to existing state files production shared production/shared/terraform.tfstate live network production/live/network/terraform.tfstate app-tier production/live/app-tier/terraform.tfstate
  30. 30. Three steps to import Define as regular resources Add safety clause lifecycle { prevent_destroy = true } Include in state terraform import
  31. 31. Tip: Terraform tips HCL parser idiosyncrasies Regex might be troublesome is not unusual
  32. 32. Unpleasant Summary Low level commands & attributes for state Refactoring impacts state
  33. 33. Wrap-up 33
  34. 34. Succeeded?
  35. 35. Study the book Terraform - Up and Running: Writing Infrastructure as Code — Y.Brikman (O′Reilly)
  36. 36. Bio in pictures 36 giulio.dev@casavian.eu @giulio_vian https://www.slideshare.net/giuliov https://tfsaggregator.github.io http://blog.casavian.eu/ Hardware spec: 1KB RAM (upg. 16KB) 4KB ROM First computer Companies Communities
  37. 37. End of trasmissions 37

×