SlideShare a Scribd company logo

Terraform & Azure

T
tombuildsstuff

The document discusses various tools for provisioning and managing infrastructure on Microsoft Azure using HashiCorp tools like Terraform, Packer, Vault, Nomad and Consul. It provides code examples of provisioning virtual machines on Azure with Vagrant, building images with Packer, provisioning resources with Terraform, integrating with Vault for authentication and secrets, and enabling automatic cluster discovery on Azure with Nomad and Consul. It also outlines some common pitfalls when working with Azure like dynamic IP addresses, resource naming conflicts, and monolithic resources.

Software
1 of 76
Downloaded 27 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
Copyright © 2019 HashiCorp Terraform & Azure Tom Harvey @tombuildsstuff Terraform Engineer, HashiCorp
Terraform & Azure
s Copyright © 2019 HashiCorp What’s the state of play? !3 Azure @ HashiCorp
Terraform & Azure
Terraform & Azure
Copyright © 2019 HashiCorp ▪ Vagrant has an Azure plugin that allows provisioning Vagrant machines in Azure ▪ https://github.com/Azure/vagrant-azure !6 Vagrant & Azure Provisioning a virtual machine in Azure
Copyright © 2019 HashiCorp !7 Provisioning a virtual machine in Azure Vagrant & Azure Vagrant.configure('2') do |config| config.vm.box = 'azure' # use local ssh key to connect to remote vagrant box config.ssh.private_key_path = '~/.ssh/id_rsa' config.vm.provider :azure do |azure, override| # each of the below values will default to use the env vars named as below if not specified explicitly azure.tenant_id = ENV['AZURE_TENANT_ID'] azure.client_id = ENV['AZURE_CLIENT_ID'] azure.client_secret = ENV['AZURE_CLIENT_SECRET'] azure.subscription_id = ENV['AZURE_SUBSCRIPTION_ID'] end end
Copyright © 2019 HashiCorp ▪ Packer Builder for Azure: `azure-arm` ▪ Can produce either a VHD / Managed Disk ▪ Authenticating via a Service Principal / MSI !8 Packer & Azure Building Images with Packer on Azure
Copyright © 2019 HashiCorp !9 Building Images with Packer on Azure Packer & Azure { "variables": {}, "builders": [{ "type": "azure-arm", "resource_group_name": "packer-images", "storage_account": "myexamplestoraccount", "subscription_id": "00000000-0000-0000-0000-000000000000", "os_type": "Linux", "image_publisher": "Canonical", "image_offer": "UbuntuServer", "image_sku": "16.04-LTS", "location": "West US", }], "provisioners": [{ # ... }] }
Copyright © 2019 HashiCorp ▪ Terraform has multiple Providers supporting Azure: ▪ Azure Active Directory ▪ Azure Resource Manager ▪ Azure Stack ▪ Now supports 190 Resources & 59 Data Sources !10 Provisioning Resources on Azure using Terraform Terraform & Azure
Copyright © 2019 HashiCorp provider "azurerm" { version = "=1.22.0" } resource "azurerm_resource_group" "test" { name = "oslo-hug-resources" location = "West Europe" } resource "azurerm_virtual_network" "test" { name = "oslo-hug-network" resource_group_name = "${azurerm_resource_group.test.name}" location = "${azurerm_resource_group.test.location}" address_space = ["10.0.0.0/16"] } !11 Provisioning Resources on Azure using Terraform Terraform & Azure
Terraform & Azure
Copyright © 2019 HashiCorp ▪ Vault supports both an Auth Method and a Secrets Backend ▪ Allows you to verify that a VM/VM Scale Set exists !13 Vault & Azure Supported Integrations
Copyright © 2019 HashiCorp !14 Vault & Azure Auth Method $ vault write auth/azure/login role="dev-role" jwt="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." subscription_id="12345-..." resource_group_name="test-group" vm_name="test-vm"
Copyright © 2019 HashiCorp !15 Vault & Azure Secrets Backend $ vault read azure/creds/my-role Key Value --- ----- lease_id azure/creds/sp_role/1afd0969-ad23-73e2-f974-962f7ac1c2b4 lease_duration 60m lease_renewable true client_id 408bf248-dd4e-4be5-919a-7f6207a307ab client_secret ad06228a-2db9-4e0a-8a5d-e047c7f32594
Copyright © 2019 HashiCorp ▪ Nomad (and Consul) support automatic discovery of other nodes ▪ Documentation: https://www.nomadproject.io/ docs/configuration/server_join.html !16 Automatic discovery of cluster members in Azure Nomad & Azure
Copyright © 2019 HashiCorp !17 Automatic discovery of cluster members in Azure Nomad & Azure log_level = "DEBUG" data_dir = “/var/lib/nomad/server" datacenter = “westeurope” server { enabled = true bootstrap_expect = 3 retry_join = ["provider=azure tag_name="HashiStack" tag_value="OsloDev" client_id="00000000-0000-0000-0000-000000000000" subscription_id="00000000-0000-0000-0000-000000000000" secret_access_key="00000000-0000-0000-0000-000000000000" tenant_id="00000000-0000-0000-0000-000000000000""] }
Copyright © 2019 HashiCorp !18 Automatic discovery of cluster members in Azure Consul & Azure { "bootstrap_expect": 3, "server": true, "encrypt": "zYB6e/vH/P38J8GIgklSlA==", "leave_on_terminate": true, "log_level": "INFO", "rejoin_after_leave": true, "datacenter": "westeurope", "data_dir": "/var/consul", "retry_join": ["provider=azure tag_name="HashiStack" tag_value="OsloDev" client_id="00000000-0000-0000-0000-000000000000" subscription_id="00000000-0000-0000-0000-000000000000" secret_access_key="00000000-0000-0000-0000-000000000000" tenant_id="00000000-0000-0000-0000-000000000000""] }
Terraform & Azure
Terraform & Azure
s Copyright © 2019 HashiCorp Consul, Nomad and Terraform on Azure !21 Demo
s Copyright © 2019 HashiCorp Common stumbling blocks in Azure !22 Common Pitfalls
Copyright © 2019 HashiCorp ▪ Dynamic IP Addresses in Azure aren’t assigned until the VM/LB etc is Running !23 Dynamic IP Addresses Common Pitfalls
Copyright © 2019 HashiCorp resource "azurerm_public_ip" "main" { name = "example-pip" resource_group_name = “example-resources" location = “West Europe” allocation_method = “Dynamic" tags = "${var.tags}" } output "public_ip_address" { value = "${azurerm_public_ip.main.ip_address}" } !24 Dynamic IP Addresses Common Pitfalls
Copyright © 2019 HashiCorp ▪ Dynamic IP Addresses in Azure aren’t assigned until the VM/LB etc is Running ▪ You can use the Data Source to obtain the IP Address once it’s got an IP Address !25 Dynamic IP Addresses Common Pitfalls
Copyright © 2019 HashiCorp resource "azurerm_public_ip" "main" { .. } resource “azurerm_network_interface" "main" { .. } resource “azurerm_virtual_machine” "main" { .. } data “azurerm_public_ip” “main” { name = “${azurerm_public_ip.main.name}” resource_group_name = “${azurerm_public_ip.main.resource_group_name}” depends_on = [“azurerm_virtual_machine.main”] } output "public_ip_address" { value = “${data.azurerm_public_ip.main.ip_address}" } !26 Dynamic IP Addresses Common Pitfalls
Copyright © 2019 HashiCorp ▪ Dynamic IP Addresses in Azure aren’t assigned until the VM/LB etc is Running ▪ You can use the Data Source to obtain the IP Address once it’s got an IP Address ▪ Alternatively you can use a Static IP Address !27 Dynamic IP Addresses Common Pitfalls
Copyright © 2019 HashiCorp ▪ Azure uses the `name` as the unique identifier !28 Resource ID’s Common Pitfalls
Copyright © 2019 HashiCorp ▪ Azure uses the `name` as the unique identifier ▪ However Azure’s API’s are Upserts; meaning if a resource already exists it’ll Update it, if not it’ll Create it. !29 Resource ID’s Common Pitfalls
Copyright © 2019 HashiCorp ▪ Azure uses the `name` as the unique identifier ▪ However Azure’s API’s are Upserts; meaning if a resource already exists it’ll Update it, if not it’ll Create it. ▪ This means provisioning multiple resources with the same `name` can conflict and end up provisioning the same resource !30 Resource ID’s Common Pitfalls
Copyright © 2019 HashiCorp resource “azurerm_resource_group” “test” { name = “example-resources” location = “West Europe” } resource “azurerm_public_ip” “test” { name = “example-pip” location = “${azurerm_resource_group.test.location}” resource_group_name = “${azurerm_resource_group.test.name}” } !31 Resource ID’s Common Pitfalls
Copyright © 2019 HashiCorp resource “azurerm_resource_group” “test” { name = “example-resources” location = “West Europe” } resource “azurerm_public_ip” “test” { count = 3 name = “example-pip” location = “${azurerm_resource_group.test.location}” resource_group_name = “${azurerm_resource_group.test.name}” } !32 Resource ID’s Common Pitfalls
Copyright © 2019 HashiCorp ▪ Solutions: ▪ You can append a unique element (e.g. count) to the `name` to ensure these are unique !33 Resource ID’s Common Pitfalls
Copyright © 2019 HashiCorp resource “azurerm_resource_group” “test” { name = “example-resources” location = “West Europe” } resource “azurerm_public_ip” “test” { count = 3 name = “example-pip-${count.index}” location = “${azurerm_resource_group.test.location}” resource_group_name = “${azurerm_resource_group.test.name}” } !34 Resource ID’s Common Pitfalls
Copyright © 2019 HashiCorp ▪ Solutions: ▪ You can append a unique element (e.g. count) to the `name` to ensure these are unique ▪ v2 of Azure Provider solves this via Requires Imports - more details later. !35 Resource ID’s Common Pitfalls
Copyright © 2019 HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once !36 Monolithic Resources Common Pitfalls
Copyright © 2019 HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once ▪ e.g. Load Balancers, Networks & Virtual Machines !37 Monolithic Resources Common Pitfalls
Copyright © 2019 HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once ▪ e.g. Load Balancers, Networks & Virtual Machines ▪ This means that it can be hard to represent these resources in Terraform, since there’s a circular reference !38 Monolithic Resources Common Pitfalls
Copyright © 2019 HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once ▪ e.g. Load Balancers, Networks & Virtual Machines ▪ This means that it can be hard to represent these resources in Terraform, since there’s a circular reference ▪ We’re creating Virtual Resources where possible, which help resolve the circular reference !39 Monolithic Resources Common Pitfalls
Copyright © 2019 HashiCorp resource "azurerm_resource_group" "test" { ... } resource "azurerm_virtual_network" "test" { ... } resource "azurerm_network_security_group" "test" { ... } resource "azurerm_subnet" "test" { # ... network_security_group_id = "${azurerm_network_security_group.test.id}" } !40 Common Pitfalls Monolithic Resources
Copyright © 2019 HashiCorp resource "azurerm_resource_group" "test" { ... } resource "azurerm_virtual_network" "test" { ... } resource "azurerm_network_security_group" "test" { ... } resource "azurerm_subnet" "test" { # ... network_security_group_id = "${azurerm_network_security_group.test.id}" } resource "azurerm_subnet_network_security_group_association" "test" { subnet_id = "${azurerm_subnet.test.id}" network_security_group_id = "${azurerm_network_security_group.test.id}" } !41 Common Pitfalls Monolithic Resources
Copyright © 2019 HashiCorp resource "azurerm_resource_group" "test" { ... } resource "azurerm_virtual_network" "test" { ... } resource "azurerm_network_security_group" "test" { ... } resource "azurerm_subnet" "test" { ... } resource "azurerm_subnet_network_security_group_association" "test" { subnet_id = "${azurerm_subnet.test.id}" network_security_group_id = "${azurerm_network_security_group.test.id}" } !42 Common Pitfalls Monolithic Resources
 
 
 
 
 Coming in 2.0
s Copyright © 2019 HashiCorp Which resources does Terraform support? !43 What's supported?
Copyright © 2019 HashiCorp ▪ AKS / Kubernetes ▪ App Service ▪ Application Gateway ▪ Application Insights ▪ AutoScale Setting ▪ Automation ▪ AzureAD ▪ Azure Monitor ▪ Batch ▪ CDN ▪ Cognitive Services ▪ Container Instance ▪ Container Registry What's supported in Terraform? !44 ▪ CosmosDB ▪ DNS ▪ Data Lake Analytics ▪ Data Lake Store ▪ DataBricks ▪ Dev Test Labs ▪ DevSpace ▪ EventGrid ▪ EventHub ▪ Express Route ▪ Firewall ▪ Function Apps ▪ IoTHub ▪ Key Vault ▪ Load Balancers ▪ Local Network Gateway ▪ Log Analytics / OMS ▪ Logic Apps ▪ Management Group ▪ Management Locks ▪ MariaDB ▪ MySQL ▪ Networks ▪ Notification Hubs ▪ Policy ▪ PostgreSQL ▪ Recovery Services ▪ Redis ▪ Relay ▪ SQL Azure ▪ Scheduler Job ▪ Search ▪ Security Center ▪ Service Fabric ▪ ServiceBus ▪ SignalR ▪ Storage ▪ VM Scale Sets ▪ Virtual Machines
s Copyright © 2019 HashiCorp What’s coming over the next few months? !45 What’s next?
Terraform & Azure
Terraform & Azure
Copyright © 2019 HashiCorp What’s coming over the next few months? !48 Provider: Azure Active Directory (0.x) ▪ Groups (0.2) ▪ Users (0.3)
Copyright © 2019 HashiCorp What’s coming over the next few months? !49 Provider: AzureRM (1.x) ▪ API Management ▪ CosmosDB Collections ▪ CosmosDB Databases ▪ EventGrid ▪ HDInsights ▪ Subscriptions ▪ Terraform 0.12 support
Terraform & Azure
Terraform & Azure
Copyright © 2019 HashiCorp What’s coming over the next few months? !52 Provider: AzureRM (2.0) ▪ Custom Timeouts
Copyright © 2019 HashiCorp ▪ At the moment all API calls are hard-limited to an hour ▪ v2.0 of the Azure Provider will allow you to specify the timeout on resources !53 Custom Timeouts Azure Provider 2.0
Copyright © 2019 HashiCorp resource "azurerm_resource_group" "test" { name = "example-resource-group" location = "West Europe" } Custom Timeouts Azure Provider 2.0 !54
Copyright © 2019 HashiCorp resource "azurerm_resource_group" "test" { name = "example-resource-group" location = "West Europe" timeouts { create = "10m" delete = "30m" } } Custom Timeouts Azure Provider 2.0 !55
Copyright © 2019 HashiCorp What’s coming over the next few months? !56 Provider: AzureRM (2.0) ▪ Custom Timeouts ▪ Requiring Imports
Copyright © 2019 HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform !57 Requiring Imports Azure Provider 2.0
Copyright © 2019 HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform ▪ However some API’s require that a separate Update API is called when the resource is being changed, as such users can see unhelpful error messages !58 Requiring Imports Azure Provider 2.0
Copyright © 2019 HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform ▪ However some API’s require that a separate Update API is called when the resource is being changed, as such users can see unhelpful error messages ▪ To work around this we’re going to check for an existing resource with the same name as each resource is created, and then require that these resources are Imported !59 Requiring Imports Azure Provider 2.0
Copyright © 2019 HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform ▪ However some API’s require that a separate Update API is called when the resource is being changed, as such users can see unhelpful error messages ▪ To work around this we’re going to check for an existing resource with the same name as each resource is created, and then require that these resources are Imported ▪ You can opt into this behaviour from v1.22 onwards, enhancements to come but will be fully available in 2.0 !60 Requiring Imports Azure Provider 2.0
Copyright © 2019 HashiCorp What’s coming over the next few months? !61 Provider: AzureRM (2.0) ▪ Custom Timeouts ▪ Requiring Imports ▪ New VM / VM Scale Set Resources
Copyright © 2019 HashiCorp resource “azurerm_network_interface” “test” { ... } resource “azurerm_managed_disk” “test” { ... } resource “azurerm_linux_virtual_machine” “test” { name = “example-virtual-machine” location = “westeurope” resource_group_name = “example-resources” network_interfaces = [“${azurerm_network_interface.test.id}”] username = “myuser” ssh_keys = [ “${file(“~/.ssh/id_rsa.pub”)”, ] os_disk { id = “${azurerm_managed_disk.test.id” } } !62 New Virtual Machine / VM Scale Set Resources
 
 
 
 Disclaimer: Early Days / WIP Azure Provider 2.0
Copyright © 2019 HashiCorp What’s coming over the next few months? !63 Provider: AzureRM (2.0) ▪ Custom Timeouts ▪ Requiring Imports ▪ New VM / VM Scale Set Resources ▪ Removing deprecated fields/resources
Copyright © 2019 HashiCorp What’s coming over the next few months? !64 Terraform 0.12 ▪ Azure Backend Enhancements:
Copyright © 2019 HashiCorp What’s coming over the next few months? !65 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released
Copyright © 2019 HashiCorp What’s coming over the next few months? !66 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI
Copyright © 2019 HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" } } !67 Authenticating using the Azure CLI Terraform 0.12
Copyright © 2019 HashiCorp What’s coming over the next few months? !68 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon)
Copyright © 2019 HashiCorp What’s coming over the next few months? !69 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity
Copyright © 2019 HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" use_msi = true subscription_id = "00000000-0000-0000-0000-000000000000" tenant_id = "00000000-0000-0000-0000-000000000000" } } !70 Authenticating using Managed Service Identity Terraform 0.12
Copyright © 2019 HashiCorp What’s coming over the next few months? !71 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity ▪ Authenticate using a SAS Token
Copyright © 2019 HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" # rather than defining this inline, the SAS Token can also be sourced # from an Environment Variable - more information is available below. sas_token = "abcdefghijklmnopqrstuvwxyz0123456789..." } } !72 Authenticating using a Storage Access Token Terraform 0.12
Copyright © 2019 HashiCorp What’s coming over the next few months? !73 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity ▪ Authenticate using a SAS Token ▪ Support for Azure Stack
Copyright © 2019 HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" environment = "stack" endpoint = "https://management.westus.mycloud.com" } } !74 Support for Azure Stack Terraform 0.12
Copyright © 2019 HashiCorp What’s coming over the next few months? !75 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity ▪ Authenticate using a SAS Token ▪ Support for Azure Stack ▪ Proxy support
Thank you. hello@hashicorp.comwww.hashicorp.com

More Related Content

PDF
Working with Terraform on Azure
tombuildsstuff
 
PPT
Hadoop ecosystem
tfmailru
 
PDF
Azure Large Scale Deployments - Tales from the Trenches
Aaron Saikovski
 
PDF
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
Amazon Web Services Korea
 
PPTX
Getting Apache Spark Customers to Production
Cloudera, Inc.
 
PDF
Hybrid Cloud PHPUK2012
Combell NV
 
PDF
Declarative & workflow based infrastructure with Terraform
Radek Simko
 
PDF
AWS Black Belt Online Seminar AWS CloudFormation アップデート
Amazon Web Services Japan
 
Working with Terraform on Azure
tombuildsstuff
 
Hadoop ecosystem
tfmailru
 
Azure Large Scale Deployments - Tales from the Trenches
Aaron Saikovski
 
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
Amazon Web Services Korea
 
Getting Apache Spark Customers to Production
Cloudera, Inc.
 
Hybrid Cloud PHPUK2012
Combell NV
 
Declarative & workflow based infrastructure with Terraform
Radek Simko
 
AWS Black Belt Online Seminar AWS CloudFormation アップデート
Amazon Web Services Japan
 

What's hot (17)

PDF
20180322 AWS Black Belt Online Seminar AWS Snowball Edge
Amazon Web Services Japan
 
PPTX
Terraform at Scale
Calvin French-Owen
 
PDF
Just one-shade-of-openstack
Roberto Polli
 
PPTX
AWS Webinar 23 - Getting Started with AWS - Understanding total cost of owner...
Cobus Bernard
 
PPTX
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
Cobus Bernard
 
PDF
Cloudera + MicrosoftでHadoopするのがイイらしい。 #CWT2016
Cloudera Japan
 
PDF
Terraforming the Kubernetes Land
Radek Simko
 
PPT
Azure Powershell Tips
Thangamani Durairaj
 
PDF
Terraform in deployment pipeline
Anton Babenko
 
PDF
Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra
DataStax Academy
 
PDF
Terraform - Taming Modern Clouds
Nic Jackson
 
PDF
Running Spark In Production in the Cloud is Not Easy with Nayur Khan
Databricks
 
PDF
Deploying SharePoint @ Cloud
Juan Andrés Valenzuela
 
PDF
Intro to Terraform
Josh Michielsen
 
PPTX
AWS SSA Webinar 32 - Getting Started with databases on AWS: Choosing the righ...
Cobus Bernard
 
PPTX
Reusable, composable, battle-tested Terraform modules
Yevgeniy Brikman
 
PDF
Globus toolkit4installationguide
Adarsh Patil
 
20180322 AWS Black Belt Online Seminar AWS Snowball Edge
Amazon Web Services Japan
 
Terraform at Scale
Calvin French-Owen
 
Just one-shade-of-openstack
Roberto Polli
 
AWS Webinar 23 - Getting Started with AWS - Understanding total cost of owner...
Cobus Bernard
 
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
Cobus Bernard
 
Cloudera + MicrosoftでHadoopするのがイイらしい。 #CWT2016
Cloudera Japan
 
Terraforming the Kubernetes Land
Radek Simko
 
Azure Powershell Tips
Thangamani Durairaj
 
Terraform in deployment pipeline
Anton Babenko
 
Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra
DataStax Academy
 
Terraform - Taming Modern Clouds
Nic Jackson
 
Running Spark In Production in the Cloud is Not Easy with Nayur Khan
Databricks
 
Deploying SharePoint @ Cloud
Juan Andrés Valenzuela
 
Intro to Terraform
Josh Michielsen
 
AWS SSA Webinar 32 - Getting Started with databases on AWS: Choosing the righ...
Cobus Bernard
 
Reusable, composable, battle-tested Terraform modules
Yevgeniy Brikman
 
Globus toolkit4installationguide
Adarsh Patil
 
Ad

Similar to Terraform & Azure (20)

PPTX
Flash card introduction to azure vm
Yoong Seng Lai
 
PPTX
Flash Card- Architect Migration, Business Continuity and DR in Azure
Yoong Seng Lai
 
PPTX
Flash Card-Architect Compute Infrastructure in Azure
Yoong Seng Lai
 
PPTX
Flash card architect network infra in azure
Yoong Seng Lai
 
PPTX
Flash card architect storage infrastructure in azure
Yoong Seng Lai
 
PPTX
Demystifying Terraform 012
Stenio Ferreira
 
PDF
Angelo Mandato: Learn about the benefits with examples how to create and main...
AWS Chicago
 
PPTX
2019-11-05 AWS Pretoria Meetup - Setting up your first environment and adding...
Cobus Bernard
 
PPTX
Flash Card Module 10-Implement Resource Management Security in Azure
Yoong Seng Lai
 
PDF
JClouds at San Francisco Java User Group
Marakana Inc.
 
PDF
Azure Administrator Interview Questions By ScholarHat
Scholarhat
 
PDF
AWS Lambda 내부 동작 방식 및 활용 방법 자세히 살펴 보기 - 김일호 솔루션즈 아키텍트 매니저, AWS :: AWS Summit ...
Amazon Web Services Korea
 
PPTX
Understanding Azure websites
Nitesh Luharuka
 
PPTX
Secure and Fast microVM for Serverless Computing using Firecracker
Arun Gupta
 
PDF
Develop for Azure storage
AzureEzy1
 
PDF
AWS에서 Kubernetes 실전 활용하기::유병우::AWS Summit Seoul 2018
Amazon Web Services Korea
 
PDF
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
CodeOps Technologies LLP
 
PDF
Big Data Step-by-Step: Infrastructure 3/3: Taking it to the cloud... easily.....
Jeffrey Breen
 
PPTX
Machine Learning using Kubernetes - AI Conclave 2019
Arun Gupta
 
PPTX
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Stenio Ferreira
 
Flash card introduction to azure vm
Yoong Seng Lai
 
Flash Card- Architect Migration, Business Continuity and DR in Azure
Yoong Seng Lai
 
Flash Card-Architect Compute Infrastructure in Azure
Yoong Seng Lai
 
Flash card architect network infra in azure
Yoong Seng Lai
 
Flash card architect storage infrastructure in azure
Yoong Seng Lai
 
Demystifying Terraform 012
Stenio Ferreira
 
Angelo Mandato: Learn about the benefits with examples how to create and main...
AWS Chicago
 
2019-11-05 AWS Pretoria Meetup - Setting up your first environment and adding...
Cobus Bernard
 
Flash Card Module 10-Implement Resource Management Security in Azure
Yoong Seng Lai
 
JClouds at San Francisco Java User Group
Marakana Inc.
 
Azure Administrator Interview Questions By ScholarHat
Scholarhat
 
AWS Lambda 내부 동작 방식 및 활용 방법 자세히 살펴 보기 - 김일호 솔루션즈 아키텍트 매니저, AWS :: AWS Summit ...
Amazon Web Services Korea
 
Understanding Azure websites
Nitesh Luharuka
 
Secure and Fast microVM for Serverless Computing using Firecracker
Arun Gupta
 
Develop for Azure storage
AzureEzy1
 
AWS에서 Kubernetes 실전 활용하기::유병우::AWS Summit Seoul 2018
Amazon Web Services Korea
 
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
CodeOps Technologies LLP
 
Big Data Step-by-Step: Infrastructure 3/3: Taking it to the cloud... easily.....
Jeffrey Breen
 
Machine Learning using Kubernetes - AI Conclave 2019
Arun Gupta
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Stenio Ferreira
 
Ad

Recently uploaded (20)

PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PPTX
assetexplorer- product-overview - presentation
nonameist3434
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PPTX
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
PPTX
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
PDF
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
assetexplorer- product-overview - presentation
nonameist3434
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
System and Network Administration Chapter 2
jaramharo
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
Transform Your Business with a Software ERP System
Canada Software Company
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Introduction Database Management System for Course Database
ReinertYosua
 

Terraform & Azure

  • 1. Copyright © 2019 HashiCorp Terraform & Azure Tom Harvey @tombuildsstuff Terraform Engineer, HashiCorp
  • 3. s Copyright © 2019 HashiCorp What’s the state of play? !3 Azure @ HashiCorp
  • 6. Copyright © 2019 HashiCorp ▪ Vagrant has an Azure plugin that allows provisioning Vagrant machines in Azure ▪ https://github.com/Azure/vagrant-azure !6 Vagrant & Azure Provisioning a virtual machine in Azure
  • 7. Copyright © 2019 HashiCorp !7 Provisioning a virtual machine in Azure Vagrant & Azure Vagrant.configure('2') do |config| config.vm.box = 'azure' # use local ssh key to connect to remote vagrant box config.ssh.private_key_path = '~/.ssh/id_rsa' config.vm.provider :azure do |azure, override| # each of the below values will default to use the env vars named as below if not specified explicitly azure.tenant_id = ENV['AZURE_TENANT_ID'] azure.client_id = ENV['AZURE_CLIENT_ID'] azure.client_secret = ENV['AZURE_CLIENT_SECRET'] azure.subscription_id = ENV['AZURE_SUBSCRIPTION_ID'] end end
  • 8. Copyright © 2019 HashiCorp ▪ Packer Builder for Azure: `azure-arm` ▪ Can produce either a VHD / Managed Disk ▪ Authenticating via a Service Principal / MSI !8 Packer & Azure Building Images with Packer on Azure
  • 9. Copyright © 2019 HashiCorp !9 Building Images with Packer on Azure Packer & Azure { "variables": {}, "builders": [{ "type": "azure-arm", "resource_group_name": "packer-images", "storage_account": "myexamplestoraccount", "subscription_id": "00000000-0000-0000-0000-000000000000", "os_type": "Linux", "image_publisher": "Canonical", "image_offer": "UbuntuServer", "image_sku": "16.04-LTS", "location": "West US", }], "provisioners": [{ # ... }] }
  • 10. Copyright © 2019 HashiCorp ▪ Terraform has multiple Providers supporting Azure: ▪ Azure Active Directory ▪ Azure Resource Manager ▪ Azure Stack ▪ Now supports 190 Resources & 59 Data Sources !10 Provisioning Resources on Azure using Terraform Terraform & Azure
  • 11. Copyright © 2019 HashiCorp provider "azurerm" { version = "=1.22.0" } resource "azurerm_resource_group" "test" { name = "oslo-hug-resources" location = "West Europe" } resource "azurerm_virtual_network" "test" { name = "oslo-hug-network" resource_group_name = "${azurerm_resource_group.test.name}" location = "${azurerm_resource_group.test.location}" address_space = ["10.0.0.0/16"] } !11 Provisioning Resources on Azure using Terraform Terraform & Azure
  • 13. Copyright © 2019 HashiCorp ▪ Vault supports both an Auth Method and a Secrets Backend ▪ Allows you to verify that a VM/VM Scale Set exists !13 Vault & Azure Supported Integrations
  • 14. Copyright © 2019 HashiCorp !14 Vault & Azure Auth Method $ vault write auth/azure/login role="dev-role" jwt="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." subscription_id="12345-..." resource_group_name="test-group" vm_name="test-vm"
  • 15. Copyright © 2019 HashiCorp !15 Vault & Azure Secrets Backend $ vault read azure/creds/my-role Key Value --- ----- lease_id azure/creds/sp_role/1afd0969-ad23-73e2-f974-962f7ac1c2b4 lease_duration 60m lease_renewable true client_id 408bf248-dd4e-4be5-919a-7f6207a307ab client_secret ad06228a-2db9-4e0a-8a5d-e047c7f32594
  • 16. Copyright © 2019 HashiCorp ▪ Nomad (and Consul) support automatic discovery of other nodes ▪ Documentation: https://www.nomadproject.io/ docs/configuration/server_join.html !16 Automatic discovery of cluster members in Azure Nomad & Azure
  • 17. Copyright © 2019 HashiCorp !17 Automatic discovery of cluster members in Azure Nomad & Azure log_level = "DEBUG" data_dir = “/var/lib/nomad/server" datacenter = “westeurope” server { enabled = true bootstrap_expect = 3 retry_join = ["provider=azure tag_name="HashiStack" tag_value="OsloDev" client_id="00000000-0000-0000-0000-000000000000" subscription_id="00000000-0000-0000-0000-000000000000" secret_access_key="00000000-0000-0000-0000-000000000000" tenant_id="00000000-0000-0000-0000-000000000000""] }
  • 18. Copyright © 2019 HashiCorp !18 Automatic discovery of cluster members in Azure Consul & Azure { "bootstrap_expect": 3, "server": true, "encrypt": "zYB6e/vH/P38J8GIgklSlA==", "leave_on_terminate": true, "log_level": "INFO", "rejoin_after_leave": true, "datacenter": "westeurope", "data_dir": "/var/consul", "retry_join": ["provider=azure tag_name="HashiStack" tag_value="OsloDev" client_id="00000000-0000-0000-0000-000000000000" subscription_id="00000000-0000-0000-0000-000000000000" secret_access_key="00000000-0000-0000-0000-000000000000" tenant_id="00000000-0000-0000-0000-000000000000""] }
  • 21. s Copyright © 2019 HashiCorp Consul, Nomad and Terraform on Azure !21 Demo
  • 22. s Copyright © 2019 HashiCorp Common stumbling blocks in Azure !22 Common Pitfalls
  • 23. Copyright © 2019 HashiCorp ▪ Dynamic IP Addresses in Azure aren’t assigned until the VM/LB etc is Running !23 Dynamic IP Addresses Common Pitfalls
  • 24. Copyright © 2019 HashiCorp resource "azurerm_public_ip" "main" { name = "example-pip" resource_group_name = “example-resources" location = “West Europe” allocation_method = “Dynamic" tags = "${var.tags}" } output "public_ip_address" { value = "${azurerm_public_ip.main.ip_address}" } !24 Dynamic IP Addresses Common Pitfalls
  • 25. Copyright © 2019 HashiCorp ▪ Dynamic IP Addresses in Azure aren’t assigned until the VM/LB etc is Running ▪ You can use the Data Source to obtain the IP Address once it’s got an IP Address !25 Dynamic IP Addresses Common Pitfalls
  • 26. Copyright © 2019 HashiCorp resource "azurerm_public_ip" "main" { .. } resource “azurerm_network_interface" "main" { .. } resource “azurerm_virtual_machine” "main" { .. } data “azurerm_public_ip” “main” { name = “${azurerm_public_ip.main.name}” resource_group_name = “${azurerm_public_ip.main.resource_group_name}” depends_on = [“azurerm_virtual_machine.main”] } output "public_ip_address" { value = “${data.azurerm_public_ip.main.ip_address}" } !26 Dynamic IP Addresses Common Pitfalls
  • 27. Copyright © 2019 HashiCorp ▪ Dynamic IP Addresses in Azure aren’t assigned until the VM/LB etc is Running ▪ You can use the Data Source to obtain the IP Address once it’s got an IP Address ▪ Alternatively you can use a Static IP Address !27 Dynamic IP Addresses Common Pitfalls
  • 28. Copyright © 2019 HashiCorp ▪ Azure uses the `name` as the unique identifier !28 Resource ID’s Common Pitfalls
  • 29. Copyright © 2019 HashiCorp ▪ Azure uses the `name` as the unique identifier ▪ However Azure’s API’s are Upserts; meaning if a resource already exists it’ll Update it, if not it’ll Create it. !29 Resource ID’s Common Pitfalls
  • 30. Copyright © 2019 HashiCorp ▪ Azure uses the `name` as the unique identifier ▪ However Azure’s API’s are Upserts; meaning if a resource already exists it’ll Update it, if not it’ll Create it. ▪ This means provisioning multiple resources with the same `name` can conflict and end up provisioning the same resource !30 Resource ID’s Common Pitfalls
  • 31. Copyright © 2019 HashiCorp resource “azurerm_resource_group” “test” { name = “example-resources” location = “West Europe” } resource “azurerm_public_ip” “test” { name = “example-pip” location = “${azurerm_resource_group.test.location}” resource_group_name = “${azurerm_resource_group.test.name}” } !31 Resource ID’s Common Pitfalls
  • 32. Copyright © 2019 HashiCorp resource “azurerm_resource_group” “test” { name = “example-resources” location = “West Europe” } resource “azurerm_public_ip” “test” { count = 3 name = “example-pip” location = “${azurerm_resource_group.test.location}” resource_group_name = “${azurerm_resource_group.test.name}” } !32 Resource ID’s Common Pitfalls
  • 33. Copyright © 2019 HashiCorp ▪ Solutions: ▪ You can append a unique element (e.g. count) to the `name` to ensure these are unique !33 Resource ID’s Common Pitfalls
  • 34. Copyright © 2019 HashiCorp resource “azurerm_resource_group” “test” { name = “example-resources” location = “West Europe” } resource “azurerm_public_ip” “test” { count = 3 name = “example-pip-${count.index}” location = “${azurerm_resource_group.test.location}” resource_group_name = “${azurerm_resource_group.test.name}” } !34 Resource ID’s Common Pitfalls
  • 35. Copyright © 2019 HashiCorp ▪ Solutions: ▪ You can append a unique element (e.g. count) to the `name` to ensure these are unique ▪ v2 of Azure Provider solves this via Requires Imports - more details later. !35 Resource ID’s Common Pitfalls
  • 36. Copyright © 2019 HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once !36 Monolithic Resources Common Pitfalls
  • 37. Copyright © 2019 HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once ▪ e.g. Load Balancers, Networks & Virtual Machines !37 Monolithic Resources Common Pitfalls
  • 38. Copyright © 2019 HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once ▪ e.g. Load Balancers, Networks & Virtual Machines ▪ This means that it can be hard to represent these resources in Terraform, since there’s a circular reference !38 Monolithic Resources Common Pitfalls
  • 39. Copyright © 2019 HashiCorp ▪ Many of Azure’s resources are Monolithic, and only allow one thing to change at once ▪ e.g. Load Balancers, Networks & Virtual Machines ▪ This means that it can be hard to represent these resources in Terraform, since there’s a circular reference ▪ We’re creating Virtual Resources where possible, which help resolve the circular reference !39 Monolithic Resources Common Pitfalls
  • 40. Copyright © 2019 HashiCorp resource "azurerm_resource_group" "test" { ... } resource "azurerm_virtual_network" "test" { ... } resource "azurerm_network_security_group" "test" { ... } resource "azurerm_subnet" "test" { # ... network_security_group_id = "${azurerm_network_security_group.test.id}" } !40 Common Pitfalls Monolithic Resources
  • 41. Copyright © 2019 HashiCorp resource "azurerm_resource_group" "test" { ... } resource "azurerm_virtual_network" "test" { ... } resource "azurerm_network_security_group" "test" { ... } resource "azurerm_subnet" "test" { # ... network_security_group_id = "${azurerm_network_security_group.test.id}" } resource "azurerm_subnet_network_security_group_association" "test" { subnet_id = "${azurerm_subnet.test.id}" network_security_group_id = "${azurerm_network_security_group.test.id}" } !41 Common Pitfalls Monolithic Resources
  • 42. Copyright © 2019 HashiCorp resource "azurerm_resource_group" "test" { ... } resource "azurerm_virtual_network" "test" { ... } resource "azurerm_network_security_group" "test" { ... } resource "azurerm_subnet" "test" { ... } resource "azurerm_subnet_network_security_group_association" "test" { subnet_id = "${azurerm_subnet.test.id}" network_security_group_id = "${azurerm_network_security_group.test.id}" } !42 Common Pitfalls Monolithic Resources
 
 
 
 
 Coming in 2.0
  • 43. s Copyright © 2019 HashiCorp Which resources does Terraform support? !43 What's supported?
  • 44. Copyright © 2019 HashiCorp ▪ AKS / Kubernetes ▪ App Service ▪ Application Gateway ▪ Application Insights ▪ AutoScale Setting ▪ Automation ▪ AzureAD ▪ Azure Monitor ▪ Batch ▪ CDN ▪ Cognitive Services ▪ Container Instance ▪ Container Registry What's supported in Terraform? !44 ▪ CosmosDB ▪ DNS ▪ Data Lake Analytics ▪ Data Lake Store ▪ DataBricks ▪ Dev Test Labs ▪ DevSpace ▪ EventGrid ▪ EventHub ▪ Express Route ▪ Firewall ▪ Function Apps ▪ IoTHub ▪ Key Vault ▪ Load Balancers ▪ Local Network Gateway ▪ Log Analytics / OMS ▪ Logic Apps ▪ Management Group ▪ Management Locks ▪ MariaDB ▪ MySQL ▪ Networks ▪ Notification Hubs ▪ Policy ▪ PostgreSQL ▪ Recovery Services ▪ Redis ▪ Relay ▪ SQL Azure ▪ Scheduler Job ▪ Search ▪ Security Center ▪ Service Fabric ▪ ServiceBus ▪ SignalR ▪ Storage ▪ VM Scale Sets ▪ Virtual Machines
  • 45. s Copyright © 2019 HashiCorp What’s coming over the next few months? !45 What’s next?
  • 48. Copyright © 2019 HashiCorp What’s coming over the next few months? !48 Provider: Azure Active Directory (0.x) ▪ Groups (0.2) ▪ Users (0.3)
  • 49. Copyright © 2019 HashiCorp What’s coming over the next few months? !49 Provider: AzureRM (1.x) ▪ API Management ▪ CosmosDB Collections ▪ CosmosDB Databases ▪ EventGrid ▪ HDInsights ▪ Subscriptions ▪ Terraform 0.12 support
  • 52. Copyright © 2019 HashiCorp What’s coming over the next few months? !52 Provider: AzureRM (2.0) ▪ Custom Timeouts
  • 53. Copyright © 2019 HashiCorp ▪ At the moment all API calls are hard-limited to an hour ▪ v2.0 of the Azure Provider will allow you to specify the timeout on resources !53 Custom Timeouts Azure Provider 2.0
  • 54. Copyright © 2019 HashiCorp resource "azurerm_resource_group" "test" { name = "example-resource-group" location = "West Europe" } Custom Timeouts Azure Provider 2.0 !54
  • 55. Copyright © 2019 HashiCorp resource "azurerm_resource_group" "test" { name = "example-resource-group" location = "West Europe" timeouts { create = "10m" delete = "30m" } } Custom Timeouts Azure Provider 2.0 !55
  • 56. Copyright © 2019 HashiCorp What’s coming over the next few months? !56 Provider: AzureRM (2.0) ▪ Custom Timeouts ▪ Requiring Imports
  • 57. Copyright © 2019 HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform !57 Requiring Imports Azure Provider 2.0
  • 58. Copyright © 2019 HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform ▪ However some API’s require that a separate Update API is called when the resource is being changed, as such users can see unhelpful error messages !58 Requiring Imports Azure Provider 2.0
  • 59. Copyright © 2019 HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform ▪ However some API’s require that a separate Update API is called when the resource is being changed, as such users can see unhelpful error messages ▪ To work around this we’re going to check for an existing resource with the same name as each resource is created, and then require that these resources are Imported !59 Requiring Imports Azure Provider 2.0
  • 60. Copyright © 2019 HashiCorp ▪ As seen earlier - Azure using the `name` as the Resource ID and having API’s which are Upserts means it’s possible to intentionally import an existing resource into Terraform ▪ However some API’s require that a separate Update API is called when the resource is being changed, as such users can see unhelpful error messages ▪ To work around this we’re going to check for an existing resource with the same name as each resource is created, and then require that these resources are Imported ▪ You can opt into this behaviour from v1.22 onwards, enhancements to come but will be fully available in 2.0 !60 Requiring Imports Azure Provider 2.0
  • 61. Copyright © 2019 HashiCorp What’s coming over the next few months? !61 Provider: AzureRM (2.0) ▪ Custom Timeouts ▪ Requiring Imports ▪ New VM / VM Scale Set Resources
  • 62. Copyright © 2019 HashiCorp resource “azurerm_network_interface” “test” { ... } resource “azurerm_managed_disk” “test” { ... } resource “azurerm_linux_virtual_machine” “test” { name = “example-virtual-machine” location = “westeurope” resource_group_name = “example-resources” network_interfaces = [“${azurerm_network_interface.test.id}”] username = “myuser” ssh_keys = [ “${file(“~/.ssh/id_rsa.pub”)”, ] os_disk { id = “${azurerm_managed_disk.test.id” } } !62 New Virtual Machine / VM Scale Set Resources
 
 
 
 Disclaimer: Early Days / WIP Azure Provider 2.0
  • 63. Copyright © 2019 HashiCorp What’s coming over the next few months? !63 Provider: AzureRM (2.0) ▪ Custom Timeouts ▪ Requiring Imports ▪ New VM / VM Scale Set Resources ▪ Removing deprecated fields/resources
  • 64. Copyright © 2019 HashiCorp What’s coming over the next few months? !64 Terraform 0.12 ▪ Azure Backend Enhancements:
  • 65. Copyright © 2019 HashiCorp What’s coming over the next few months? !65 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released
  • 66. Copyright © 2019 HashiCorp What’s coming over the next few months? !66 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI
  • 67. Copyright © 2019 HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" } } !67 Authenticating using the Azure CLI Terraform 0.12
  • 68. Copyright © 2019 HashiCorp What’s coming over the next few months? !68 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon)
  • 69. Copyright © 2019 HashiCorp What’s coming over the next few months? !69 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity
  • 70. Copyright © 2019 HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" use_msi = true subscription_id = "00000000-0000-0000-0000-000000000000" tenant_id = "00000000-0000-0000-0000-000000000000" } } !70 Authenticating using Managed Service Identity Terraform 0.12
  • 71. Copyright © 2019 HashiCorp What’s coming over the next few months? !71 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity ▪ Authenticate using a SAS Token
  • 72. Copyright © 2019 HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" # rather than defining this inline, the SAS Token can also be sourced # from an Environment Variable - more information is available below. sas_token = "abcdefghijklmnopqrstuvwxyz0123456789..." } } !72 Authenticating using a Storage Access Token Terraform 0.12
  • 73. Copyright © 2019 HashiCorp What’s coming over the next few months? !73 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity ▪ Authenticate using a SAS Token ▪ Support for Azure Stack
  • 74. Copyright © 2019 HashiCorp terraform { backend "azurerm" { storage_account_name = "abcd1234" container_name = "tfstate" key = "prod.terraform.tfstate" environment = "stack" endpoint = "https://management.westus.mycloud.com" } } !74 Support for Azure Stack Terraform 0.12
  • 75. Copyright © 2019 HashiCorp What’s coming over the next few months? !75 Terraform 0.12 ▪ Azure Backend Enhancements: ▪ Fixes a bug where the lock wouldn’t be released ▪ Authenticate using the Azure CLI ▪ Authenticate using a Service Principal with a Client Certificate (soon) ▪ Authenticate using Managed Service Identity ▪ Authenticate using a SAS Token ▪ Support for Azure Stack ▪ Proxy support