An alternative way to landscaping in Azure… Terraform!

Introduction

In the past I’ve noticed a lot of people are afraid of “Azure Resource Manager Templates“. I can imagine that a bulk of JSON code isn’t always that user friendly… So today we’ll take a look at another IaC (Infrastructure-as-Code) approach you might like. We’re going to do a small demo where we’ll be using “Terraform” to deploy a network on Azure. So how to get started?

  • We’ll be creating a kind of service user in Azure which Terraform will use to log in.
  • We’ll be authoring a small configuration file that will serve as the input for our network
  • We’ll be applying that configuration file.

2017-03-01-11_48_07-select-windows-powershell

Seem simple enough? Let’s get started!

 

Setting up your subscription : Creating a “Service”-user

The first thing we’ll be doing is to create the “service”-user. If you are not familiar with that part, browse to your Azure Active Directory. Then “App Registrations”, and click “Add”

2017-03-01-11_35_53-app-registrations-microsoft-azure

 

Now create a “Web app / API”-application registration for Terraform ;

2017-03-01-11_35_21-create-microsoft-azure

Once created, select it…

2017-03-01-11_36_15-app-registrations-microsoft-azure

And browse to “keys” ;

2017-03-01-11_36_38-keys-microsoft-azure

Here you’ll be creating a “secret” (aka “password”) for this application ;

2017-03-01-11_36_59-keys-microsoft-azure

Once you press “Save”, you’ll see the “password” ;

2017-03-01-11_37_41-keys-microsoft-azure

Note down this password, as you won’t be able to see it afterwards anymore! Also note down the Application ID from the earlier blade. And don’t forget to note down the tenant id from your Azure Active Directory too…

2017-03-01-11_38_20-properties-microsoft-azure

 

Setting up your subscription : Granting privileges to our “Service”-user

Next up, we’ll be granting this service user the rights to do the magic later on… Go to your subscription (and note down the subscription id too!)  ;

2017-03-01-11_39_23-msdn-kvaes-personal-microsoft-azure

Browse to “Access control (IAM)” and press “Add” ;

2017-03-01-11_39_43-users-microsoft-azure

 

Browse for our “Terraform”-user ;

2017-03-01-11_40_07-add-users-microsoft-azure

And grant it “contributor” rights. (In the screenshot I selected “Owner”, which is also capable of granting rights to users).

 

Sample Configuration File

Now that we have our service user, let’s create a configuration file

 

# Configure the Microsoft Azure Provider
provider "azurerm" {
  subscription_id = "your-subscription-id"
  client_id       = "your-application-d"
  client_secret   = "your-application-password"
  tenant_id       = "your-tenant-id"
}

resource "azurerm_resource_group" "RGNETPRD" {
  name     = "kvaes-network-production"
  location = "West Europe"

  tags {
    environment = "Production"
  }
}

resource "azurerm_virtual_network" "VNETPRD001" {
  name                = "VNETPRD001"
  resource_group_name = "${azurerm_resource_group.RGNETPRD.name}"
  address_space       = ["10.0.0.0/16"]
  location            = "West Europe"
  dns_servers         = ["10.0.0.254", "10.0.0.253"]

  subnet {
    name           = "SUBNET001"
    address_prefix = "10.0.1.0/24"
  }

  subnet {
    name           = "SUBNET002"
    address_prefix = "10.0.2.0/24"
  }

  subnet {
    name           = "SUBNET003"
    address_prefix = "10.0.3.0/24"
  }

  tags {
    environment = "Production"
  }
}

Let’s save this piece as code as “test.tf” for later on.

How did I come by this syntax? By reading the straight forward documentation… 😉

 

Test Run

The proof of te pudding is in the eating… Yeah, an annoying expression, but let’s get down to testing this! I’m assuming you already installed Terraform itself. For windows it’s just a binary, where you can leave it anywhere, just as long as it’s in your “PATH”.

Navigate to the directory where you stored your “test.tf”-file. Now execute the following command there ; “terraform plan”.

2017-03-01-12_27_23-select-windows-powershell

This will generate a plan which can be executed (“applied”). Here you’ll also get a summary of what will be done… I’m happy with what is suggested, so I’m going to apply it. We can do this by executing the following command “terraform apply” ;

2017-03-01-11_48_07-select-windows-powershell
Here we can see our apply was complete. Let’s verify if all went well in the Azure portal…

2017-03-01-11_46_52-subnets-microsoft-azure

That looks just like we wanted it! Even the tags were set…
2017-03-01-12_29_39-tags-microsoft-azure
In addition, we’ll also notice that some new files were created.

2017-03-01-12_30_17-open

The backup will have the config from just before our apply

2017-03-01-12_30_35-c__users_kavs_desktop_terraform-tfstate-backup-notepad

and the tfstate will represent the state after our apply…

2017-03-01-12_30_42-c__users_kavs_desktop_terraform-tfstate-notepad

 

Closing Thoughts

Terraform looks very nice! The syntax / DSL is very clean and easy to comprehend. There are other “providers” (plugins, extensions, … whatever) available for other technologies too ; like for instance vSphere. So the technology investment you make can be leveraged later on for other things too.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s