Introduction to Azure with Terraform

I’ve been talking about Terraform already. Now it’s time for some hands on.

On this post I will show you how to create a simple Linux server using Terraform with Azure.

It’s easier when you use the Azure Cloud Shell Bash experience.

What we are going to do:

1. Create a new resource group
2. Create a new virtual network
3. Create a new Public IP
4. Create the network security group
5. Create a virtual interface network card
6. Create additional storage
7. Then we will create the virtual machine

If you have never used the Azure Cloud Bash, we are going to use it now. Please refer to the previous link in order to provision this tool from your Microsoft Azure Console.

After start it, you can check your current version of Terraform. Please notice it’s already installed.

From the Azure Cloud Bash, I want you to first check your SubscriptionID and your TenantID:

az account show --query "{subscriptionId:id, tenantId:tenantId}"

This is going to give you two values. You need to keep these values in order to set the configuration for Terraform.

The next command, you’ll set the subscription with your current value, obtained from the previous command. this is my example:

az account set --subscription="${SUBSCRIPTION_ID}"

And this is my full output so far:

marcello@Azure:~$
marcello@Azure:~$ az account show --query "{subscriptionId:id, tenantId:tenantId}"
{
"subscriptionId": "82562a2b-2fef-40e1-af4e-0c2085d26f4b",
"tenantId": "b1da3de8-1c1e-4482-981a-6101b2765a2a"
}
marcello@Azure:~$
marcello@Azure:~$ az account set --subscription="82562a2b-2fef-40e1-af4e-0c2085d26f4b"

*The values were changed for this post

Once you have the subscription in place, It’s time to obtain your password. this is my example below:

az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}"

This command is going to give you appID, displayName, name, password and tenant. Something like this:

marcello@Azure:~$ az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/82562a2b-2fef-40e1-af4e-0c2085d26f4b"
Retrying role assignment creation: 1/36
Retrying role assignment creation: 2/36
{
"appId": "Values Removed for this post",
"displayName": "Values Removed for this post",
"name": "http://Values Removed for this post",
"password": "Values Removed for this post",
"tenant": "Values Removed for this post"
}
marcello@Azure:~$

Configuring Terraform environment variables

I’m going to configure Terraform to use my Azure AD service principal. I need to set the following variables:

ARM_SUBSCRIPTION_ID
ARM_CLIENT_ID
ARM_CLIENT_SECRET
ARM_TENANT_ID
ARM_ENVIRONMENT

On this way:

#!/bin/sh
echo "Setting environment variables for Terraform"
export ARM_SUBSCRIPTION_ID=your_subscription_id
export ARM_CLIENT_ID=your_appId
export ARM_CLIENT_SECRET=your_password
export ARM_TENANT_ID=your_tenant_id

# Not needed for public, required for usgovernment, german, china
export ARM_ENVIRONMENT=public

Tip: Use variables in order to hide the password from the script 😉

Your first script

crate a new file named group.tf with the content below:

resource "azurerm_resource_group" "myterraformgroup" {
name = "myResourceGroup"
location = "eastus"

tags {
environment = "Terraform Demo"
}

}

Run the script and initialize the Terraform:

terraform init

My output is:

Apply:

terraform apply

This should create the resource group myResourceGroup. You can navigate to ‘Resource Groups’ using the dashboard and check if it’s there:

Moving from here, let’s create all the resources. First of all, you need to create a new ssh key. You can follow my example below:

marcello@Azure:~$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/marcello/.ssh/id_rsa):
Created directory '/home/marcello/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/marcello/.ssh/id_rsa.
Your public key has been saved in /home/marcello/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:jdtSrPOMK9qfLghTNsmMx9oMbqthZmerJMwohYdpWrE marcello@cc-50abcf6f-75cb4c46bf-rhjm5
The key's randomart image is:

you have to copy the value from the generated id_rsa.pub file. In order to generate a new VM, you need to set a key for it.

Let’s proceed. you can use this script here from my repo, and thanks Microsoft for this example: https://github.com/MarcelloMorettoni/TerraformAzureTest/blob/master/DefaultExample.tf

Check the parameters on it. Each block creates/manages a different resource.

Please edit this block accordingly to your details:

provider "azurerm" {
subscription_id = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
client_id = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
client_secret = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
tenant_id = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Navigate to this block here and change the key_data values:

os_profile_linux_config {
disable_password_authentication = true
ssh_keys {
path = "/home/azureuser/.ssh/authorized_keys"
key_data = "ssh-rsa AAAAB3Nz{snip}hwhqT9h"
}
}

You need to copy the ssh-rsa values from your generated key. Save the script as terraform_azure.tf and run the terraform init command.

You can also run ‘terraform plan’ to check the parameters, file and all the resources.

Once you run ‘terraform apply’, you can see the resources being created.

If you want to connect to the generated box, just use ssh azureuser@PublicIP

cheers!

 

Reasons why Oracle chose Terraform

Terraform is becoming an extremely common way to orchestrate cloud infrastructure. It manages state for us. For example, it is helpful in easily adding or removing nodes from your Kubernetes cluster. The existing Terraform provider for Oracle Cloud Infrastructure provides an existing powerful abstraction for managing infrastructure that we can leverage and build upon. This Terraform Kubernetes installer provides a set of Terraform modules and sample base configuration to provision and configure a Virtual Cloud Network, VCN, and subnets, instances for Kubernetes control plane to run on, and load balancers to front end the etc, and Kubernetes master clusters in your tenancy on Oracle Cloud Infrastructure:

The example configuration supports a number of input variables that allow you to specify the Kubernetes master and node shapes, sizes, and how they are placed across the availability domains, ADs. This example Kubernetes cluster configuration includes:

• Three back end etcd instances, one for each availability domain;
• Three back end k8s master instances, one for each availability domain;
• Nine k8s worker instances, three for each availability domain.

The configuration also includes

• Self-signed cluster certificates for authenticating API requests
• Kubernetes RBAC(Role-Based Authorization Control), for authorizing API requests
• Flannel, or CNI, for handling multi-host Container networking

If your requirements extend beyond the base configuration, the modules can be used to form your own customized configuration. You can also add and remove nodes from your cluster using Terraform.

You can follow these steps for a quick setup:

• Download and install Terraform
• Download and install the Oracle Cloud Infrastructure Terraform provider version 2.0.0 or later
• Create a Terraform configuration file at ~/.terraformrc that specifies the path to the Oracle Cloud Infrastructure provider
• Create a terraform.tfvars file in the project root that specifies your API signature or API signing, tenancy, user, and compartment within Oracle Cloud Infrastructure.
• Ensure you have Kubectl installed.

The quickest way to get a Kubernetes cluster up and running on Oracle Cloud Infrastructure is to simply use the base configuration defined in the top level file. The Kubernetes cluster will be running after the configuration is applied successfully and the cluster installation scripts had been given time to finish asynchronously. Typically, this takes around five minutes after Terraform apply and will vary depending on the instance counts and shapes.

If you want to know more:

https://github.com/oracle/terraform-kubernetes-installer

Cheers.