Global Azure Bootcamp 2018 | Kharkiv, UA. By Serhii Abanichev, Senior Systems Engineer @EPAM Ukraine

1. Infrastructure as Code for Azure:
ARM or Terraform?

2. • What is “Infrastructure as Code”
• Resource group patterns
• ARM template structure
• Demo: Deploying Infrastructure using ARM + PowerShell
• What is terraform
• Terraform code lifecycle
• Demo: Plan and apply terraform configuration
• Q+A
Agenda

3. Infrastructure as Code evolved to solve the problem of environment
drift in the release pipeline. Without IaC, teams must maintain the settings
of individual deployment environments. Over time, each environment
becomes a snowflake, that is, a unique configuration that cannot be
reproduced automatically. Inconsistency among environments leads to
issues during deployments. With snowflakes, administration and
maintenance of infrastructure involves manual processes which were hard
to track and contributed to errors.
Infrastructure as Code

5. • Azure Portal
• ARM Templates + Powershell/Azure CLI
• Custom usage of REST API (use any type of sdk)
• Terraform
Deploying Infrastructure to Azure

6. • Resource Group – logically grouped collection of entities that usually share a common lifecycle
• Resource Manager Template - declarative JSON file that defines the goal state of a deployment
• Deployment - operation which tracks execution of a Resource Manager template
• Parameters - values provided by the user executing the deployment to customize deployed resources
• Parameter file - JSON file that stores parameter names and values
• API Version – used for versioning and backward compatibility
CONCEPTS
AZURE RESOURCE MANAGEMENT (ARM)

7. • Resources can be organized in a Resource Group, a logical container.
• Resource can belong to only one Resource Group. Nested resource groups are not supported.
• All Azure Services belongs to certain Resource Type.
• Resource has common fields and provider specific properties.
• Work with Azure Services as with REST Web Services Resources (CRUD).
• You can clarify billing for your organization by viewing the rolled-up costs for the entire group.
CLOUD SERVICES AS REST RESOURCE
AZURE RESOURCE MANAGEMENT (ARM) API

8. RESOURCE GROUP PATTERNS - APPLICATION
Resource Group
as
Container for
Application Resources
Backend Server 01 Backend Server 02
VHD
VHD
Backend Subnet
Backend Resource Group Frontend Resource Group
Frontend Server 01 Frontend Server 02
VHD
VHD
Frontend Subnet

9. RESOURCE GROUP PATTERNS - ENVIRONMENT
Resource Group
as
Container for
System Environment
Backend Servers
VHD VHD
Virtual Network
Development Environment
Virtual Network
Frontend Servers Backend Servers
VHD VHD
QA Environment
Frontend Servers

10. Element Required Description
$schema Yes Location of the JSON schema file.
contentVersion Yes Version of the template.
parameters No Values provided during deployment execution.
variables No Internal variables
resources Yes Azure services deployed or updated in a resource group
outputs No Values that are returned after deployment
EASY PROVISIONING - RESOURCE TEMPLATE

11. Function Syntax
concat concat (arg1, arg2, arg3, ...)
replace replace(originalString, oldCharacter, newCharacter)
base64 base64 (inputString)
padLeft padLeft(stringToPad, totalLength, paddingCharacter)
toLower toLower(stringToChange)
toUpper toUpper(stringToChange)
TEMPLATE EXPRESSION AND FUNCTIONS - STRINGS

12. Function Description Syntax
listKeys Returns the keys of a
storage account.
listKeys (resourceName or
resourceIdentifier, [apiVersion])
reference Used in depends on
section of resource
reference (resourceName or
resourceIdentifier, [apiVersion])
resourceGroup Returns current resource
group
resourceGroup()
resourceId Returns the unique
identifier of a resource
resourceId ([resourceGroupName],
resourceType, resourceName1,
[resourceName2]...)
subscription Returns subscription
details
subscription()
TEMPLATE EXPRESSION AND FUNCTIONS - OTHER

13. Deploying Infrastructure using ARM
Demo
https://bit.ly/2EZch0b
https://github.com/serhiiabanichev/GAB2018
Git URL

14. What is terraform
Terraform is a tool for building, changing, and versioning
infrastructure safely and efficiently. Terraform can manage existing and
popular service providers as well as custom in-house solutions.
Configuration files describe to Terraform the components needed to
run a single application or your entire datacenter. Terraform generates an
execution plan describing what it will do to reach the desired state, and
then executes it to build the described infrastructure. As the configuration
changes, Terraform is able to determine what changed and create
incremental execution plans which can be applied.

15. Terraform lifecycle
Azure Azure

16. Configuration
HCL (HashiCorp Configuration Language) is a configuration language built by
HashiCorp. The goal of HCL is to build a structured configuration language that is both human
and machine friendly for use with command-line tools, but specifically targeted towards
DevOps tools, servers, etc.
The set of files used to describe infrastructure in Terraform is simply known as a
Terraform configuration.
provider "azurerm" {
subscription_id = "f7424aaf-****-****-****-*********"
client_id = "c404e1a2-****-****-****-*********"
client_secret = "************"
tenant_id = "b41b72d-****-****-****-*********"
}
# Create a Resource Group
resource "azurerm_resource_group" "main" {
name = "${var.resource_group}"
location = "${var.location}"
}

17. Initialization
The first command to run for a new configuration - or after checking out an existing
configuration from version control - is terraform init, which initializes various local
settings and data that will be used by subsequent commands.
Terraform uses a plugin based architecture to support the numerous infrastructure and
service providers available. As of Terraform version 0.10.0, each "Provider" is its own
encapsulated binary distributed separately from Terraform itself. The terraform
init command will automatically download and install any Provider binary for the providers
in use within the configuration, which in this case is just the azurerm provider:
c:GAB2018TF> terraform init
Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "azurerm" (1.3.3)...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
* provider.azurerm: version = "~> 1.3"
Terraform has been successfully initialized!

18. Plan changes
c:GAB2018TF> terraform plan -out=GAB
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:…….
The terraform plan command is used to create an execution plan. Terraform
performs a refresh, unless explicitly disabled, and then determines what actions are necessary to
achieve the desired state specified in the configuration files.
This command is a convenient way to check whether the execution plan for a set of
changes matches your expectations without making any changes to real resources or to the
state. For example, terraform plan might be run before committing a change to version control,
to create confidence that it will behave as expected.

19. Apply configuration
c:GAB2018TF>terraform apply "GAB„
azurerm_resource_group.main: Creating...
location: "" => "eastus"
name: "" => "GAB-TF"
tags.%: "" => "<computed>"
azurerm_resource_group.main: Creation complete after 2s (ID: /subscriptions/f7424*********)
azurerm_virtual_network.main: Creating...
address_space.#: "" => "1"
address_space.0: "" => "12.0.0.0/24"
location: "" => "eastus"
name: "" => "GAB-TF-vnet"
resource_group_name: "" => "GAB-TF"
subnet.#: "" => "<computed>"
tags.%: "" => "<computed>"
azurerm_public_ip.main: Creating...
The terraform apply command is used to apply the changes required to reach the
desired state of the configuration, or the pre-determined set of actions generated by
a terraform plan execution plan.

20. Apply configuration
c:GAB2018TF>terraform apply "GAB„
azurerm_resource_group.main: Creating...
location: "" => "eastus"
name: "" => "GAB-TF"
tags.%: "" => "<computed>"
azurerm_resource_group.main: Creation complete after 2s (ID: /subscriptions/f7424*********)
azurerm_virtual_network.main: Creating...
address_space.#: "" => "1"
address_space.0: "" => "12.0.0.0/24"
location: "" => "eastus"
name: "" => "GAB-TF-vnet"
resource_group_name: "" => "GAB-TF"
subnet.#: "" => "<computed>"
tags.%: "" => "<computed>"
azurerm_public_ip.main: Creating...
The terraform apply command is used to apply the changes required to reach the
desired state of the configuration, or the pre-determined set of actions generated by
a terraform plan execution plan.

21. Plan and apply terraform configuration
Demo

22. Pros and Cons
Great implementation of Infrastructure
as Code concept.
Declarative syntax
Ability to "plan" and "apply" configs.
Apply actually executes the changes.
Supports various cloud providers
Uses it's own DSL called the Hashicorp
Configuration Language
State files store secrets in plain text which is a
bad idea when you push it to version-control.
Product is still maturing and there are some
design limitation

24. CONTACT ME
serhii_abanichev@epam.com
serhii_abanichev
serhii_abanichev
sergej.abanichev