Terraform for azure: the good, the bad and the ugly -
Download as PPTX, PDF1 like339 views
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. The presenter discusses the good, bad, and ugly aspects of using Terraform with Azure. The good includes its simple configuration language and ability to integrate with Azure and automate deployments. The bad includes limitations in its language and some errors being difficult to debug. The ugly involves challenges around managing state files and keeping infrastructure definitions well organized. Overall, Terraform provides benefits but also requires understanding its quirks and handling state carefully.
![Terraform DSL
resource "azurerm_virtual_machine" "vm_demo" {
name = "demovm"
location = “northeurope"
resource_group_name = "tf-demo"
network_interface_ids =
["${azurerm_network_interface.vm_demo.id}"]
vm_size = "Standard_B2s"
storage_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServerSemiAnnual"
sku = "Datacenter-Core-1803-smalldisk"
version = "latest"
}
storage_os_disk {
name = "demovm-osdisk"
caching = "ReadWrite"
create_option = "FromImage"
}
storage_data_disk {
name = "demovm-datadisk"
create_option = "Empty"
lun = 0
disk_size_gb = "10"
}
os_profile {
computer_name = "DEMOVM"
admin_username = "${var.vm_admin_username}"
admin_password = "${var.vm_admin_password}"
}
os_profile_windows_config {
provision_vm_agent = true
enable_automatic_upgrades = false
}
}](https://image.slidesharecdn.com/terraformforazure-thegoodthebadandtheugly-190427170417/85/Terraform-for-azure-the-good-the-bad-and-the-ugly-7-320.jpg)
Terraform for azure: the good, the bad and the ugly -
- 1. Terraform for Azure: the good, the bad and the ugly Giulio Vian – DevOps Lead – Glass, Lewis & Co.
- 3. What is Terraform? Provisioning •Terraform •Azure ARM Template •Azure CLI •Azure Powershell Configuration •Powershell DSC •Chef •Ansible •Packer Deployment •Azure DevOps •Octopus Deploy
- 4. What is Terraform? Provisioning •Terraform •Azure ARM Template •Azure CLI •Azure Powershell Configuration •Powershell DSC •Chef •Ansible •Packer Deployment •Azure DevOps •Octopus Deploy
- 5. No, what is Terraform? Single executable (kinda) https://www.terraform.io/
- 6. The Good,
- 7. Terraform DSL resource "azurerm_virtual_machine" "vm_demo" { name = "demovm" location = “northeurope" resource_group_name = "tf-demo" network_interface_ids = ["${azurerm_network_interface.vm_demo.id}"] vm_size = "Standard_B2s" storage_image_reference { publisher = "MicrosoftWindowsServer" offer = "WindowsServerSemiAnnual" sku = "Datacenter-Core-1803-smalldisk" version = "latest" } storage_os_disk { name = "demovm-osdisk" caching = "ReadWrite" create_option = "FromImage" } storage_data_disk { name = "demovm-datadisk" create_option = "Empty" lun = 0 disk_size_gb = "10" } os_profile { computer_name = "DEMOVM" admin_username = "${var.vm_admin_username}" admin_password = "${var.vm_admin_password}" } os_profile_windows_config { provision_vm_agent = true enable_automatic_upgrades = false } }
- 10. How it works Command line tool terraform init terraform plan -out temp.dat terraform apply temp.dat Providers Executables azurerm, azuread, azurestack State (metadata)
- 11. Terraform basics
- 12. Terraform 0.12 Great promises in a not-so-near future
- 13. Tip: Passing credentials resource "azurerm_virtual_machine_extension" "my_vm_dscext" { #... protected_settings = <<PROTECTED_SETTINGS { "configurationArguments": { "someCredential": { "userName": "theUser", "password": "${var.the_user_pass}" } } } PROTECTED_SETTINGS }
- 14. Tip: assigning IPs Static addresses cidrsubnet cidrhost
- 15. Tip: pulling KeyVault Pre-load KeyVault with secrets data "azurerm_key_vault_secret" "test" { name = "mypassword" vault_uri = "https://yourvault.vault.azure.net/" }
- 16. Integration azurerm_virtual_machine_extension Powershell DSC Custom script → bash / Ansible Providers Chef, Docker, Kubernetes Provisioners ssh / WinRM
- 17. Automate Permit HTTPS to Internet* Credential (e.g. Service Principal) Get executable on the agent* Run apply There are ready-to use tasks *optional
- 18. Scale We have 6 environments with 150+ resources each
- 19. Goodies Summary Simple Modular Integrates well with Azure Easy to automate
- 20. the Bad,
- 21. Language Limits (HCL <0.12) Loops are hard Nested loop almost impossible Ifs are hard or impossible
- 23. Simple errors Error: Error applying plan: azurerm_lb_probe.lb_probe_http: Error Creating/Updating LoadBalancer network.LoadBalancersClient#CreateOrUpdate : Failure sending request: StatusCode=0 -- Original Error: Put https://management.azure.com/subscriptions /12345678-9abc-def0-1234- 56789abcdef0/resourceGroups/qa/providers/M icrosoft.Network/loadBalancers/qa- loadbalancer?api-version=2017-09-01: http: ContentLength=1655 with Body length 0
- 24. Downside Summary Limited expressive power (<0.12) Debugging can be difficult
- 25. and the Ugly
- 26. State management Myth: State is map of reality Setup in shared, locked place Azure Storage or AWS S3 Some changes not sensed Learn to use terraform state
- 27. Stay organized / repo root modules terraform modules utility general purpose shared common to multiple applications or environments application_name internal or public application non-production can be rebuilt any moment shared common to multiple environments e.g. deploy agents, jumpbox qa Integration test uat User acceptance test perf Load testing production everything here is critical ... details on next slide
- 28. Stay organized (cont’d) / repo root production everything here is critical legacy hand made infrastructure e.g. TFS shared common to main and DR e.g. networking live PRODUCTION ENVIRONMENTS network “everlasting” resources data-tier long-lived resources app-tier short-lived resources app_name resources for an app dr Disaster recovery site ... As above
- 29. Folders and state Each leaf has a state file Source can refer to existing state files production shared production/shared/terraform.tfstate live network production/live/network/terraform.tfstate app-tier production/live/app-tier/terraform.tfstate
- 30. Three steps to import Define as regular resources Add safety clause lifecycle { prevent_destroy = true } Include in state terraform import
- 31. Tip: Terraform tips HCL parser idiosyncrasies Regex might be troublesome is not unusual
- 32. Unpleasant Summary Low level commands & attributes for state Refactoring impacts state
- 33. Wrap-up 33
- 34. Succeeded?
- 35. Study the book Terraform - Up and Running: Writing Infrastructure as Code — Y.Brikman (O′Reilly)
- 36. Bio in pictures 36 giulio.dev@casavian.eu @giulio_vian https://www.slideshare.net/giuliov https://tfsaggregator.github.io http://blog.casavian.eu/ Hardware spec: 1KB RAM (upg. 16KB) 4KB ROM First computer Companies Communities