Submit Search
Upload
Terraform & Azure
•
0 likes
•
483 views
T
tombuildsstuff
Follow
This talk was given at the HashiCorp User Group in Oslo in February 2019
Read less
Read more
Software
Report
Share
Report
Share
1 of 76
Download now
Download to read offline
Recommended
Working with Terraform on Azure
Working with Terraform on Azure
tombuildsstuff
Hadoop ecosystem
Hadoop ecosystem
tfmailru
Azure Large Scale Deployments - Tales from the Trenches
Azure Large Scale Deployments - Tales from the Trenches
Aaron Saikovski
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
Amazon Web Services Korea
Getting Apache Spark Customers to Production
Getting Apache Spark Customers to Production
Cloudera, Inc.
Hybrid Cloud PHPUK2012
Hybrid Cloud PHPUK2012
Combell NV
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with Terraform
Radek Simko
AWS Black Belt Online Seminar AWS CloudFormation アップデート
AWS Black Belt Online Seminar AWS CloudFormation アップデート
Amazon Web Services Japan
Recommended
Working with Terraform on Azure
Working with Terraform on Azure
tombuildsstuff
Hadoop ecosystem
Hadoop ecosystem
tfmailru
Azure Large Scale Deployments - Tales from the Trenches
Azure Large Scale Deployments - Tales from the Trenches
Aaron Saikovski
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
Amazon Web Services Korea
Getting Apache Spark Customers to Production
Getting Apache Spark Customers to Production
Cloudera, Inc.
Hybrid Cloud PHPUK2012
Hybrid Cloud PHPUK2012
Combell NV
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with Terraform
Radek Simko
AWS Black Belt Online Seminar AWS CloudFormation アップデート
AWS Black Belt Online Seminar AWS CloudFormation アップデート
Amazon Web Services Japan
20180322 AWS Black Belt Online Seminar AWS Snowball Edge
20180322 AWS Black Belt Online Seminar AWS Snowball Edge
Amazon Web Services Japan
Terraform at Scale
Terraform at Scale
Calvin French-Owen
Just one-shade-of-openstack
Just one-shade-of-openstack
Roberto Polli
AWS Webinar 23 - Getting Started with AWS - Understanding total cost of owner...
AWS Webinar 23 - Getting Started with AWS - Understanding total cost of owner...
Cobus Bernard
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
Cobus Bernard
Cloudera + MicrosoftでHadoopするのがイイらしい。 #CWT2016
Cloudera + MicrosoftでHadoopするのがイイらしい。 #CWT2016
Cloudera Japan
Terraforming the Kubernetes Land
Terraforming the Kubernetes Land
Radek Simko
Azure Powershell Tips
Azure Powershell Tips
Thangamani Durairaj
Hands-on Lab: Amazon ElastiCache
Hands-on Lab: Amazon ElastiCache
Amazon Web Services
Scaling Redis Workloads with Amazon ElastiCache - AWS Online Tech Talks
Scaling Redis Workloads with Amazon ElastiCache - AWS Online Tech Talks
Amazon Web Services
Terraform in deployment pipeline
Terraform in deployment pipeline
Anton Babenko
Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra
Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra
DataStax Academy
Terraform - Taming Modern Clouds
Terraform - Taming Modern Clouds
Nic Jackson
Running Spark In Production in the Cloud is Not Easy with Nayur Khan
Running Spark In Production in the Cloud is Not Easy with Nayur Khan
Databricks
Black Belt Tips for IT Operations - AWS Summit Sydney 2018
Black Belt Tips for IT Operations - AWS Summit Sydney 2018
Amazon Web Services
Deploying SharePoint @ Cloud
Deploying SharePoint @ Cloud
Juan Andrés Valenzuela
Intro to Terraform
Intro to Terraform
Josh Michielsen
AWS SSA Webinar 32 - Getting Started with databases on AWS: Choosing the righ...
AWS SSA Webinar 32 - Getting Started with databases on AWS: Choosing the righ...
Cobus Bernard
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modules
Yevgeniy Brikman
Globus toolkit4installationguide
Globus toolkit4installationguide
Adarsh Patil
Flash card introduction to azure vm
Flash card introduction to azure vm
Yoong Seng Lai
Flash Card- Architect Migration, Business Continuity and DR in Azure
Flash Card- Architect Migration, Business Continuity and DR in Azure
Yoong Seng Lai
More Related Content
What's hot
20180322 AWS Black Belt Online Seminar AWS Snowball Edge
20180322 AWS Black Belt Online Seminar AWS Snowball Edge
Amazon Web Services Japan
Terraform at Scale
Terraform at Scale
Calvin French-Owen
Just one-shade-of-openstack
Just one-shade-of-openstack
Roberto Polli
AWS Webinar 23 - Getting Started with AWS - Understanding total cost of owner...
AWS Webinar 23 - Getting Started with AWS - Understanding total cost of owner...
Cobus Bernard
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
Cobus Bernard
Cloudera + MicrosoftでHadoopするのがイイらしい。 #CWT2016
Cloudera + MicrosoftでHadoopするのがイイらしい。 #CWT2016
Cloudera Japan
Terraforming the Kubernetes Land
Terraforming the Kubernetes Land
Radek Simko
Azure Powershell Tips
Azure Powershell Tips
Thangamani Durairaj
Hands-on Lab: Amazon ElastiCache
Hands-on Lab: Amazon ElastiCache
Amazon Web Services
Scaling Redis Workloads with Amazon ElastiCache - AWS Online Tech Talks
Scaling Redis Workloads with Amazon ElastiCache - AWS Online Tech Talks
Amazon Web Services
Terraform in deployment pipeline
Terraform in deployment pipeline
Anton Babenko
Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra
Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra
DataStax Academy
Terraform - Taming Modern Clouds
Terraform - Taming Modern Clouds
Nic Jackson
Running Spark In Production in the Cloud is Not Easy with Nayur Khan
Running Spark In Production in the Cloud is Not Easy with Nayur Khan
Databricks
Black Belt Tips for IT Operations - AWS Summit Sydney 2018
Black Belt Tips for IT Operations - AWS Summit Sydney 2018
Amazon Web Services
Deploying SharePoint @ Cloud
Deploying SharePoint @ Cloud
Juan Andrés Valenzuela
Intro to Terraform
Intro to Terraform
Josh Michielsen
AWS SSA Webinar 32 - Getting Started with databases on AWS: Choosing the righ...
AWS SSA Webinar 32 - Getting Started with databases on AWS: Choosing the righ...
Cobus Bernard
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modules
Yevgeniy Brikman
Globus toolkit4installationguide
Globus toolkit4installationguide
Adarsh Patil
What's hot
(20)
20180322 AWS Black Belt Online Seminar AWS Snowball Edge
20180322 AWS Black Belt Online Seminar AWS Snowball Edge
Terraform at Scale
Terraform at Scale
Just one-shade-of-openstack
Just one-shade-of-openstack
AWS Webinar 23 - Getting Started with AWS - Understanding total cost of owner...
AWS Webinar 23 - Getting Started with AWS - Understanding total cost of owner...
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
Cloudera + MicrosoftでHadoopするのがイイらしい。 #CWT2016
Cloudera + MicrosoftでHadoopするのがイイらしい。 #CWT2016
Terraforming the Kubernetes Land
Terraforming the Kubernetes Land
Azure Powershell Tips
Azure Powershell Tips
Hands-on Lab: Amazon ElastiCache
Hands-on Lab: Amazon ElastiCache
Scaling Redis Workloads with Amazon ElastiCache - AWS Online Tech Talks
Scaling Redis Workloads with Amazon ElastiCache - AWS Online Tech Talks
Terraform in deployment pipeline
Terraform in deployment pipeline
Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra
Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra
Terraform - Taming Modern Clouds
Terraform - Taming Modern Clouds
Running Spark In Production in the Cloud is Not Easy with Nayur Khan
Running Spark In Production in the Cloud is Not Easy with Nayur Khan
Black Belt Tips for IT Operations - AWS Summit Sydney 2018
Black Belt Tips for IT Operations - AWS Summit Sydney 2018
Deploying SharePoint @ Cloud
Deploying SharePoint @ Cloud
Intro to Terraform
Intro to Terraform
AWS SSA Webinar 32 - Getting Started with databases on AWS: Choosing the righ...
AWS SSA Webinar 32 - Getting Started with databases on AWS: Choosing the righ...
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modules
Globus toolkit4installationguide
Globus toolkit4installationguide
Similar to Terraform & Azure
Flash card introduction to azure vm
Flash card introduction to azure vm
Yoong Seng Lai
Flash Card- Architect Migration, Business Continuity and DR in Azure
Flash Card- Architect Migration, Business Continuity and DR in Azure
Yoong Seng Lai
Flash Card-Architect Compute Infrastructure in Azure
Flash Card-Architect Compute Infrastructure in Azure
Yoong Seng Lai
Flash card architect network infra in azure
Flash card architect network infra in azure
Yoong Seng Lai
Flash card architect storage infrastructure in azure
Flash card architect storage infrastructure in azure
Yoong Seng Lai
Demystifying Terraform 012
Demystifying Terraform 012
Stenio Ferreira
2019-11-05 AWS Pretoria Meetup - Setting up your first environment and adding...
2019-11-05 AWS Pretoria Meetup - Setting up your first environment and adding...
Cobus Bernard
Flash Card Module 10-Implement Resource Management Security in Azure
Flash Card Module 10-Implement Resource Management Security in Azure
Yoong Seng Lai
JClouds at San Francisco Java User Group
JClouds at San Francisco Java User Group
Marakana Inc.
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Amazon Web Services
AWS Lambda 내부 동작 방식 및 활용 방법 자세히 살펴 보기 - 김일호 솔루션즈 아키텍트 매니저, AWS :: AWS Summit ...
AWS Lambda 내부 동작 방식 및 활용 방법 자세히 살펴 보기 - 김일호 솔루션즈 아키텍트 매니저, AWS :: AWS Summit ...
Amazon Web Services Korea
Understanding Azure websites
Understanding Azure websites
Nitesh Luharuka
Secure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using Firecracker
Arun Gupta
Identity and access control for custom enterprise applications - SDD412 - AWS...
Identity and access control for custom enterprise applications - SDD412 - AWS...
Amazon Web Services
Develop for Azure storage
Develop for Azure storage
AzureEzy1
AWS에서 Kubernetes 실전 활용하기::유병우::AWS Summit Seoul 2018
AWS에서 Kubernetes 실전 활용하기::유병우::AWS Summit Seoul 2018
Amazon Web Services Korea
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
CodeOps Technologies LLP
Big Data Step-by-Step: Infrastructure 3/3: Taking it to the cloud... easily.....
Big Data Step-by-Step: Infrastructure 3/3: Taking it to the cloud... easily.....
Jeffrey Breen
Machine Learning using Kubernetes - AI Conclave 2019
Machine Learning using Kubernetes - AI Conclave 2019
Arun Gupta
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Stenio Ferreira
Similar to Terraform & Azure
(20)
Flash card introduction to azure vm
Flash card introduction to azure vm
Flash Card- Architect Migration, Business Continuity and DR in Azure
Flash Card- Architect Migration, Business Continuity and DR in Azure
Flash Card-Architect Compute Infrastructure in Azure
Flash Card-Architect Compute Infrastructure in Azure
Flash card architect network infra in azure
Flash card architect network infra in azure
Flash card architect storage infrastructure in azure
Flash card architect storage infrastructure in azure
Demystifying Terraform 012
Demystifying Terraform 012
2019-11-05 AWS Pretoria Meetup - Setting up your first environment and adding...
2019-11-05 AWS Pretoria Meetup - Setting up your first environment and adding...
Flash Card Module 10-Implement Resource Management Security in Azure
Flash Card Module 10-Implement Resource Management Security in Azure
JClouds at San Francisco Java User Group
JClouds at San Francisco Java User Group
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
AWS Lambda 내부 동작 방식 및 활용 방법 자세히 살펴 보기 - 김일호 솔루션즈 아키텍트 매니저, AWS :: AWS Summit ...
AWS Lambda 내부 동작 방식 및 활용 방법 자세히 살펴 보기 - 김일호 솔루션즈 아키텍트 매니저, AWS :: AWS Summit ...
Understanding Azure websites
Understanding Azure websites
Secure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using Firecracker
Identity and access control for custom enterprise applications - SDD412 - AWS...
Identity and access control for custom enterprise applications - SDD412 - AWS...
Develop for Azure storage
Develop for Azure storage
AWS에서 Kubernetes 실전 활용하기::유병우::AWS Summit Seoul 2018
AWS에서 Kubernetes 실전 활용하기::유병우::AWS Summit Seoul 2018
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
Big Data Step-by-Step: Infrastructure 3/3: Taking it to the cloud... easily.....
Big Data Step-by-Step: Infrastructure 3/3: Taking it to the cloud... easily.....
Machine Learning using Kubernetes - AI Conclave 2019
Machine Learning using Kubernetes - AI Conclave 2019
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Recently uploaded
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
shikhaohhpro
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
Fatema Valibhai
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
VICTOR MAESTRE RAMIREZ
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
AxelRicardoTrocheRiq
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
OnePlan Solutions
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
aagamshah0812
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Christina Lin
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
bodapatigopi8531
DNT_Corporate presentation know about us
DNT_Corporate presentation know about us
Dynamic Netsoft
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
stazi3110
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
Evangelist Apps https://twitter.com/EvangelistSW/
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
MyIntelliSource, Inc.
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
OPEN KNOWLEDGE GmbH
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
BradBedford3
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
kalichargn70th171
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
kotipi9215
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
joe51371421
Recently uploaded
(20)
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
DNT_Corporate presentation know about us
DNT_Corporate presentation know about us
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
Terraform & Azure
1.
Copyright © 2019
HashiCorp Terraform & Azure Tom Harvey @tombuildsstuff Terraform Engineer, HashiCorp
2.
3.
s Copyright © 2019
HashiCorp What’s the state of play? !3 Azure @ HashiCorp
4.
5.
6.
Copyright © 2019
HashiCorp ▪ Vagrant has an Azure plugin that allows provisioning Vagrant machines in Azure ▪ https://github.com/Azure/vagrant-azure !6 Vagrant & Azure Provisioning a virtual machine in Azure
7.
Copyright © 2019
HashiCorp !7 Provisioning a virtual machine in Azure Vagrant & Azure Vagrant.configure('2') do |config| config.vm.box = 'azure' # use local ssh key to connect to remote vagrant box config.ssh.private_key_path = '~/.ssh/id_rsa' config.vm.provider :azure do |azure, override| # each of the below values will default to use the env vars named as below if not specified explicitly azure.tenant_id = ENV['AZURE_TENANT_ID'] azure.client_id = ENV['AZURE_CLIENT_ID'] azure.client_secret = ENV['AZURE_CLIENT_SECRET'] azure.subscription_id = ENV['AZURE_SUBSCRIPTION_ID'] end end
8.
Copyright © 2019
HashiCorp ▪ Packer Builder for Azure: `azure-arm` ▪ Can produce either a VHD / Managed Disk ▪ Authenticating via a Service Principal / MSI !8 Packer & Azure Building Images with Packer on Azure
9.
Copyright © 2019
HashiCorp !9 Building Images with Packer on Azure Packer & Azure { "variables": {}, "builders": [{ "type": "azure-arm", "resource_group_name": "packer-images", "storage_account": "myexamplestoraccount", "subscription_id": "00000000-0000-0000-0000-000000000000", "os_type": "Linux", "image_publisher": "Canonical", "image_offer": "UbuntuServer", "image_sku": "16.04-LTS", "location": "West US", }], "provisioners": [{ # ... }] }
10.
Copyright © 2019
HashiCorp ▪ Terraform has multiple Providers supporting Azure: ▪ Azure Active Directory ▪ Azure Resource Manager ▪ Azure Stack ▪ Now supports 190 Resources & 59 Data Sources !10 Provisioning Resources on Azure using Terraform Terraform & Azure
11.
Copyright © 2019
HashiCorp provider "azurerm" { version = "=1.22.0" } resource "azurerm_resource_group" "test" { name = "oslo-hug-resources" location = "West Europe" } resource "azurerm_virtual_network" "test" { name = "oslo-hug-network" resource_group_name = "${azurerm_resource_group.test.name}" location = "${azurerm_resource_group.test.location}" address_space = ["10.0.0.0/16"] } !11 Provisioning Resources on Azure using Terraform Terraform & Azure
12.
13.
Copyright © 2019
HashiCorp ▪ Vault supports both an Auth Method and a Secrets Backend ▪ Allows you to verify that a VM/VM Scale Set exists !13 Vault & Azure Supported Integrations
14.
Copyright © 2019
HashiCorp !14 Vault & Azure Auth Method $ vault write auth/azure/login role="dev-role" jwt="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." subscription_id="12345-..." resource_group_name="test-group" vm_name="test-vm"
15.
Copyright © 2019
HashiCorp !15 Vault & Azure Secrets Backend $ vault read azure/creds/my-role Key Value --- ----- lease_id azure/creds/sp_role/1afd0969-ad23-73e2-f974-962f7ac1c2b4 lease_duration 60m lease_renewable true client_id 408bf248-dd4e-4be5-919a-7f6207a307ab client_secret ad06228a-2db9-4e0a-8a5d-e047c7f32594
16.
Copyright © 2019
HashiCorp ▪ Nomad (and Consul) support automatic discovery of other nodes ▪ Documentation: https://www.nomadproject.io/ docs/configuration/server_join.html !16 Automatic discovery of cluster members in Azure Nomad & Azure
17.
Copyright © 2019
HashiCorp !17 Automatic discovery of cluster members in Azure Nomad & Azure log_level = "DEBUG" data_dir = “/var/lib/nomad/server" datacenter = “westeurope” server { enabled = true bootstrap_expect = 3 retry_join = ["provider=azure tag_name="HashiStack" tag_value="OsloDev" client_id="00000000-0000-0000-0000-000000000000" subscription_id="00000000-0000-0000-0000-000000000000" secret_access_key="00000000-0000-0000-0000-000000000000" tenant_id="00000000-0000-0000-0000-000000000000""] }
18.
Copyright © 2019
HashiCorp !18 Automatic discovery of cluster members in Azure Consul & Azure { "bootstrap_expect": 3, "server": true, "encrypt": "zYB6e/vH/P38J8GIgklSlA==", "leave_on_terminate": true, "log_level": "INFO", "rejoin_after_leave": true, "datacenter": "westeurope", "data_dir": "/var/consul", "retry_join": ["provider=azure tag_name="HashiStack" tag_value="OsloDev" client_id="00000000-0000-0000-0000-000000000000" subscription_id="00000000-0000-0000-0000-000000000000" secret_access_key="00000000-0000-0000-0000-000000000000" tenant_id="00000000-0000-0000-0000-000000000000""] }
19.
20.
21.
s Copyright © 2019
HashiCorp Consul, Nomad and Terraform on Azure !21 Demo
22.
s Copyright © 2019
HashiCorp Common stumbling blocks in Azure !22 Common Pitfalls
23.
Copyright © 2019
HashiCorp ▪ Dynamic IP Addresses in Azure aren’t assigned until the VM/LB etc is Running !23 Dynamic IP Addresses Common Pitfalls
24.
Copyright © 2019
HashiCorp resource "azurerm_public_ip" "main" { name = "example-pip" resource_group_name = “example-resources" location = “West Europe” allocation_method = “Dynamic" tags = "${var.tags}" } output "public_ip_address" { value = "${azurerm_public_ip.main.ip_address}" } !24 Dynamic IP Addresses Common Pitfalls
25.
Copyright © 2019
HashiCorp ▪ Dynamic IP Addresses in Azure aren’t assigned until the VM/LB etc is Running ▪ You can use the Data Source to obtain the IP Address once it’s got an IP Address !25 Dynamic IP Addresses Common Pitfalls
26.
Copyright © 2019
HashiCorp resource "azurerm_public_ip" "main" { .. } resource “azurerm_network_interface" "main" { .. } resource “azurerm_virtual_machine” "main" { .. } data “azurerm_public_ip” “main” { name = “${azurerm_public_ip.main.name}” resource_group_name = “${azurerm_public_ip.main.resource_group_name}” depends_on = [“azurerm_virtual_machine.main”] } output "public_ip_address" { value = “${data.azurerm_public_ip.main.ip_address}" } !26 Dynamic IP Addresses Common Pitfalls
27.
Copyright © 2019
HashiCorp ▪ Dynamic IP Addresses in Azure aren’t assigned until the VM/LB etc is Running ▪ You can use the Data Source to obtain the IP Address once it’s got an IP Address ▪ Alternatively you can use a Static IP Address !27 Dynamic IP Addresses Common Pitfalls
28.
Copyright © 2019
HashiCorp ▪ Azure uses the `name` as the unique identifier !28 Resource ID’s Common Pitfalls
29.
Copyright © 2019
HashiCorp ▪ Azure uses the `name` as the unique identifier ▪ However Azure’s API’s are Upserts; meaning if a resource already exists it’ll Update it, if not it’ll Create it. !29 Resource ID’s Common Pitfalls
30.
Copyright © 2019
HashiCorp ▪ Azure uses the `name` as the unique identifier ▪ However Azure’s API’s are Upserts; meaning if a resource already exists it’ll Update it, if not it’ll Create it. ▪ This means provisioning multiple resources with the same `name` can conflict and end up provisioning the same resource !30 Resource ID’s Common Pitfalls
31.
Copyright © 2019
HashiCorp resource “azurerm_resource_group” “test” { name = “example-resources” location = “West Europe” } resource “azurerm_public_ip” “test” { name = “example-pip” location = “${azurerm_resource_group.test.location}” resource_group_name = “${azurerm_resource_group.test.name}” } !31 Resource ID’s Common Pitfalls
32.
Copyright © 2019
HashiCorp resource “azurerm_resource_group” “test” { name = “example-resources” location = “West Europe” } resource “azurerm_public_ip” “test” { count = 3 name = “example-pip” location = “${azurerm_resource_group.test.location}” resource_group_name = “${azurerm_resource_group.test.name}” } !32 Resource ID’s Common Pitfalls
33.
Copyright © 2019
HashiCorp ▪ Solutions: ▪ You can append a unique element (e.g. count) to the `name` to ensure these are unique !33 Resource ID’s Common Pitfalls
34.
Copyright © 2019
HashiCorp resource “azurerm_resource_group” “test” { name = “example-resources” location = “West Europe” } resource “azurerm_public_ip” “test” { count = 3 name = “example-pip-${count.index}” location = “${azurerm_resource_group.test.location}” resource_group_name = “${azurerm_resource_group.test.name}” } !34 Resource ID’s Common Pitfalls
35.
Copyright © 2019
HashiCorp ▪ Solutions: ▪ You can append a unique element (e.g. count) to the `name` to ensure these are unique ▪ v2 of Azure Provider solves this via Requires Imports - more details later. !35 Resource ID’s Common Pitfalls
36.
Copyright © 2019
HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once !36 Monolithic Resources Common Pitfalls
37.
Copyright © 2019
HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once ▪ e.g. Load Balancers, Networks & Virtual Machines !37 Monolithic Resources Common Pitfalls
38.
Copyright © 2019
HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once ▪ e.g. Load Balancers, Networks & Virtual Machines ▪ This means that it can be hard to represent these resources in Terraform, since there’s a circular reference !38 Monolithic Resources Common Pitfalls
39.
Copyright © 2019
HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once ▪ e.g. Load Balancers, Networks & Virtual Machines ▪ This means that it can be hard to represent these resources in Terraform, since there’s a circular reference ▪ We’re creating Virtual Resources where possible, which help resolve the circular reference !39 Monolithic Resources Common Pitfalls
40.
Copyright © 2019
HashiCorp resource "azurerm_resource_group" "test" { ... } resource "azurerm_virtual_network" "test" { ... } resource "azurerm_network_security_group" "test" { ... } resource "azurerm_subnet" "test" { # ... network_security_group_id = "${azurerm_network_security_group.test.id}" } !40 Common Pitfalls Monolithic Resources
41.
Copyright © 2019
HashiCorp resource "azurerm_resource_group" "test" { ... } resource "azurerm_virtual_network" "test" { ... } resource "azurerm_network_security_group" "test" { ... } resource "azurerm_subnet" "test" { # ... network_security_group_id = "${azurerm_network_security_group.test.id}" } resource "azurerm_subnet_network_security_group_association" "test" { subnet_id = "${azurerm_subnet.test.id}" network_security_group_id = "${azurerm_network_security_group.test.id}" } !41 Common Pitfalls Monolithic Resources
42.
Copyright © 2019
HashiCorp resource "azurerm_resource_group" "test" { ... } resource "azurerm_virtual_network" "test" { ... } resource "azurerm_network_security_group" "test" { ... } resource "azurerm_subnet" "test" { ... } resource "azurerm_subnet_network_security_group_association" "test" { subnet_id = "${azurerm_subnet.test.id}" network_security_group_id = "${azurerm_network_security_group.test.id}" } !42 Common Pitfalls Monolithic Resources Coming in 2.0
43.
s Copyright © 2019
HashiCorp Which resources does Terraform support? !43 What's supported?
44.
Copyright © 2019
HashiCorp ▪ AKS / Kubernetes ▪ App Service ▪ Application Gateway ▪ Application Insights ▪ AutoScale Setting ▪ Automation ▪ AzureAD ▪ Azure Monitor ▪ Batch ▪ CDN ▪ Cognitive Services ▪ Container Instance ▪ Container Registry What's supported in Terraform? !44 ▪ CosmosDB ▪ DNS ▪ Data Lake Analytics ▪ Data Lake Store ▪ DataBricks ▪ Dev Test Labs ▪ DevSpace ▪ EventGrid ▪ EventHub ▪ Express Route ▪ Firewall ▪ Function Apps ▪ IoTHub ▪ Key Vault ▪ Load Balancers ▪ Local Network Gateway ▪ Log Analytics / OMS ▪ Logic Apps ▪ Management Group ▪ Management Locks ▪ MariaDB ▪ MySQL ▪ Networks ▪ Notification Hubs ▪ Policy ▪ PostgreSQL ▪ Recovery Services ▪ Redis ▪ Relay ▪ SQL Azure ▪ Scheduler Job ▪ Search ▪ Security Center ▪ Service Fabric ▪ ServiceBus ▪ SignalR ▪ Storage ▪ VM Scale Sets ▪ Virtual Machines
45.
s Copyright © 2019
HashiCorp What’s coming over the next few months? !45 What’s next?
46.
47.
48.
Copyright © 2019
HashiCorp What’s coming over the next few months? !48 Provider: Azure Active Directory (0.x) ▪ Groups (0.2) ▪ Users (0.3)
49.
Copyright © 2019
HashiCorp What’s coming over the next few months? !49 Provider: AzureRM (1.x) ▪ API Management ▪ CosmosDB Collections ▪ CosmosDB Databases ▪ EventGrid ▪ HDInsights ▪ Subscriptions ▪ Terraform 0.12 support
50.
51.
52.
Copyright © 2019
HashiCorp What’s coming over the next few months? !52 Provider: AzureRM (2.0) ▪ Custom Timeouts
53.
Copyright © 2019
HashiCorp ▪ At the moment all API calls are hard-limited to an hour ▪ v2.0 of the Azure Provider will allow you to specify the timeout on resources !53 Custom Timeouts Azure Provider 2.0
54.
Copyright © 2019
HashiCorp resource "azurerm_resource_group" "test" { name = "example-resource-group" location = "West Europe" } Custom Timeouts Azure Provider 2.0 !54
55.
Copyright © 2019
HashiCorp resource "azurerm_resource_group" "test" { name = "example-resource-group" location = "West Europe" timeouts { create = "10m" delete = "30m" } } Custom Timeouts Azure Provider 2.0 !55
56.
Copyright © 2019
HashiCorp What’s coming over the next few months? !56 Provider: AzureRM (2.0) ▪ Custom Timeouts ▪ Requiring Imports
57.
Copyright © 2019
HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform !57 Requiring Imports Azure Provider 2.0
58.
Copyright © 2019
HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform ▪ However some API’s require that a separate Update API is called when the resource is being changed, as such users can see unhelpful error messages !58 Requiring Imports Azure Provider 2.0
59.
Copyright © 2019
HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform ▪ However some API’s require that a separate Update API is called when the resource is being changed, as such users can see unhelpful error messages ▪ To work around this we’re going to check for an existing resource with the same name as each resource is created, and then require that these resources are Imported !59 Requiring Imports Azure Provider 2.0
60.
Copyright © 2019
HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform ▪ However some API’s require that a separate Update API is called when the resource is being changed, as such users can see unhelpful error messages ▪ To work around this we’re going to check for an existing resource with the same name as each resource is created, and then require that these resources are Imported ▪ You can opt into this behaviour from v1.22 onwards, enhancements to come but will be fully available in 2.0 !60 Requiring Imports Azure Provider 2.0
61.
Copyright © 2019
HashiCorp What’s coming over the next few months? !61 Provider: AzureRM (2.0) ▪ Custom Timeouts ▪ Requiring Imports ▪ New VM / VM Scale Set Resources
62.
Copyright © 2019
HashiCorp resource “azurerm_network_interface” “test” { ... } resource “azurerm_managed_disk” “test” { ... } resource “azurerm_linux_virtual_machine” “test” { name = “example-virtual-machine” location = “westeurope” resource_group_name = “example-resources” network_interfaces = [“${azurerm_network_interface.test.id}”] username = “myuser” ssh_keys = [ “${file(“~/.ssh/id_rsa.pub”)”, ] os_disk { id = “${azurerm_managed_disk.test.id” } } !62 New Virtual Machine / VM Scale Set Resources Disclaimer: Early Days / WIP Azure Provider 2.0
63.
Copyright © 2019
HashiCorp What’s coming over the next few months? !63 Provider: AzureRM (2.0) ▪ Custom Timeouts ▪ Requiring Imports ▪ New VM / VM Scale Set Resources ▪ Removing deprecated fields/resources
64.
Copyright © 2019
HashiCorp What’s coming over the next few months? !64 Terraform 0.12 ▪ Azure Backend Enhancements:
65.
Copyright © 2019
HashiCorp What’s coming over the next few months? !65 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released
66.
Copyright © 2019
HashiCorp What’s coming over the next few months? !66 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI
67.
Copyright © 2019
HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" } } !67 Authenticating using the Azure CLI Terraform 0.12
68.
Copyright © 2019
HashiCorp What’s coming over the next few months? !68 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon)
69.
Copyright © 2019
HashiCorp What’s coming over the next few months? !69 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity
70.
Copyright © 2019
HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" use_msi = true subscription_id = "00000000-0000-0000-0000-000000000000" tenant_id = "00000000-0000-0000-0000-000000000000" } } !70 Authenticating using Managed Service Identity Terraform 0.12
71.
Copyright © 2019
HashiCorp What’s coming over the next few months? !71 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity ▪ Authenticate using a SAS Token
72.
Copyright © 2019
HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" # rather than defining this inline, the SAS Token can also be sourced # from an Environment Variable - more information is available below. sas_token = "abcdefghijklmnopqrstuvwxyz0123456789..." } } !72 Authenticating using a Storage Access Token Terraform 0.12
73.
Copyright © 2019
HashiCorp What’s coming over the next few months? !73 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity ▪ Authenticate using a SAS Token ▪ Support for Azure Stack
74.
Copyright © 2019
HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" environment = "stack" endpoint = "https://management.westus.mycloud.com" } } !74 Support for Azure Stack Terraform 0.12
75.
Copyright © 2019
HashiCorp What’s coming over the next few months? !75 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity ▪ Authenticate using a SAS Token ▪ Support for Azure Stack ▪ Proxy support
76.
Thank you. hello@hashicorp.comwww.hashicorp.com
Download now