I’ve been talking about Terraform already. Now it’s time for some hands on.
On this post I will show you how to create a simple Linux server using Terraform with Azure.
It’s easier when you use the Azure Cloud Shell Bash experience.
What we are going to do:
- Create a new resource group
- Create a new virtual network
- Create a new Public IP
- Create the network security group
- Create a virtual interface network card
- Create additional storage
- Then we will create the virtual machine
If you have never used the Azure Cloud Bash, we are going to use it now. Please refer to the previous link in order to provision this tool from your Microsoft Azure Console.
After start it, you can check your current version of Terraform. Please notice it’s already installed.
From the Azure Cloud Bash, I want you to first check your SubscriptionID and your TenantID:
az account show --query "{subscriptionId:id, tenantId:tenantId}"
This is going to give you two values. You need to keep these values in order to set the configuration for Terraform.
The next command, you’ll set the subscription with your current value, obtained from the previous command. this is my example:
az account set --subscription="${SUBSCRIPTION_ID}"
And this is my full output so far:
marcello@Azure:~$ marcello@Azure:~$ az account show --query "{subscriptionId:id, tenantId:tenantId}" { "subscriptionId": "82562a2b-2fef-40e1-af4e-0c2085d26f4b", "tenantId": "b1da3de8-1c1e-4482-981a-6101b2765a2a" } marcello@Azure:~$ marcello@Azure:~$ az account set --subscription="82562a2b-2fef-40e1-af4e-0c2085d26f4b"
*The values were changed for this post
Once you have the subscription in place, It’s time to obtain your password. this is my example below:
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}"
This command is going to give you appID, displayName, name, password and tenant. Something like this:
marcello@Azure:~$ az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/82562a2b-2fef-40e1-af4e-0c2085d26f4b" Retrying role assignment creation: 1/36 Retrying role assignment creation: 2/36 { "appId": "Values Removed for this post", "displayName": "Values Removed for this post", "name": "http://Values Removed for this post", "password": "Values Removed for this post", "tenant": "Values Removed for this post" } marcello@Azure:~$
Configuring Terraform environment variables
I’m going to configure Terraform to use my Azure AD service principal. I need to set the following variables:
ARM_SUBSCRIPTION_ID
ARM_CLIENT_ID
ARM_CLIENT_SECRET
ARM_TENANT_ID
ARM_ENVIRONMENT
On this way:
#!/bin/sh echo "Setting environment variables for Terraform" export ARM_SUBSCRIPTION_ID=your_subscription_id export ARM_CLIENT_ID=your_appId export ARM_CLIENT_SECRET=your_password export ARM_TENANT_ID=your_tenant_id # Not needed for public, required for usgovernment, german, china export ARM_ENVIRONMENT=public
Tip: Use variables in order to hide the password from the script 😉
Your first script
crate a new file named group.tf with the content below:
resource "azurerm_resource_group" "myterraformgroup" { name = "myResourceGroup" location = "eastus" tags { environment = "Terraform Demo" } }
Run the script and initialize the Terraform:
terraform init
My output is:
Apply:
terraform apply
This should create the resource group myResourceGroup. You can navigate to ‘Resource Groups’ using the dashboard and check if it’s there:
Moving from here, let’s create all the resources. First of all, you need to create a new ssh key. You can follow my example below:
marcello@Azure:~$ ssh-keygen -t rsa -b 2048 Generating public/private rsa key pair. Enter file in which to save the key (/home/marcello/.ssh/id_rsa): Created directory '/home/marcello/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/marcello/.ssh/id_rsa. Your public key has been saved in /home/marcello/.ssh/id_rsa.pub. The key fingerprint is: SHA256:jdtSrPOMK9qfLghTNsmMx9oMbqthZmerJMwohYdpWrE marcello@cc-50abcf6f-75cb4c46bf-rhjm5 The key's randomart image is:
you have to copy the value from the generated id_rsa.pub file. In order to generate a new VM, you need to set a key for it.
Let’s proceed. you can use this script here from my repo, and thanks Microsoft for this example: https://github.com/MarcelloMorettoni/TerraformAzureTest/blob/master/DefaultExample.tf
Check the parameters on it. Each block creates/manages a different resource.
Please edit this block accordingly to your details:
provider "azurerm" { subscription_id = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" client_id = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" client_secret = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" tenant_id = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" }
Navigate to this block here and change the key_data values:
os_profile_linux_config { disable_password_authentication = true ssh_keys { path = "/home/azureuser/.ssh/authorized_keys" key_data = "ssh-rsa AAAAB3Nz{snip}hwhqT9h" } }
You need to copy the ssh-rsa values from your generated key. Save the script as terraform_azure.tf and run the terraform init command.
You can also run ‘terraform plan’ to check the parameters, file and all the resources.
Once you run ‘terraform apply’, you can see the resources being created.
If you want to connect to the generated box, just use ssh azureuser@PublicIP
cheers!