DevOps

DEVOPS
CLOUD INFRASTRUCTURES
WITH TERRAFORM
Yassine BOUFENNECHE
Enseignant en Informatique
yassine.boufenneche@esme.fr
CLOUD INFRASTRUCTURES WITH TERRAFORM
In this course
❑ What is Terraform ?
❑ Install Terraform
❑ Configuring Terraform for Azure
❑ Provisioning Azure cloud infrastructure with Terraform
2
Definition & Installation of Terraform
3
What is Terraform ?
❑ An open-source infrastructure as code (IaC) tool developed by HashiCorp.

❑ Allows us to describe and manage infrastructures (networks, servers, storage, etc.) using
a simple and declarative configuration language.
❑ It supports a wide variety of cloud and infrastructure providers
➢ Azure
➢ AWS
➢ Google Cloud Platform
➢ VMware
4
Install Terraform (Linux)
❑ Download Terraform
➢ https://releases.hashicorp.com/terraform/1.3.9/terraform_1.3.9_linux_amd64.zip
❑ Unzip the archive
➢ unzip terraform_1.3.9_linux_amd64.zip
❑ Move the resulting folder to /usr/local/bin
➢ mv terraform /usr/local/bin
❑ Check the installation
➢ terraform version
Installation guide for other operating systems:

https://developer.hashicorp.com/terraform/install
5
Configuring Terraform for Azure
6

Before writing the Terraform code to provision a cloud infrastructure, we must configure
Terraform to allow the manipulation of resources in an Azure subscription
➢ We need to create a new Azure Service Principal (SP) in Azure Active Directory (AD),
▪ An application user who has permission to manage Azure resources.
➢ For this Azure SP, we have to assign to it the contributing permissions on the
subscription in which we will create resources
7

➢ Creating the Azure SP (1 / 3)
❑ We use az cli to create an Azure SP

❑ Install az cli (https://learn.microsoft.com/en-us/cli/azure/install-azure-cli)
➢ For Linux: curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
➢ Docs: https://learn.microsoft.com/fr-fr/cli/azure/reference-index?view=azure-cli-latest
❑ We can use the following template az cli script to create an SP
8
➢ Creating the Azure SP (2 / 3)
❑ Exemple:
❑ This sample script:

➢ creates a new SP, named SPForTerraform, and
➢ gives it the contributor permission on the subscription ID: 8921-1444-...
We just created a SP in Azure AD, and
we have given it permissions to
manipulate the resources of our Azure
subscriptions.
9
10
There are three main parts in Terraform project:
➢ main.tf
▪ File that has all the code to build up infrastructure (simple project);
▪ For bigger projects: use several files based on the functionalities.
➢ variables.tf
▪ Stores the declarations for the variables referenced in main.tf.
➢ terraform.tfvars
▪ Define the default values of the variables.
✓ The configuration files written in HashiCorp Configuration Language (HCL)

✓ They describe the resources and components which are required to run your application.
11
Configuring the Terraform provider 1/2
To set Terraform configuration to connect to Azure using our SP:
1. Create a provider.tf which contains the following code:
➢ The provider we are using is azurerm.

➢ The authentication information to Azure is the SP
that has been created.
➢ features block can be used to customize the
behavior of the Azure provider resources.
2. Create file variables.tf:
3. Create file terraform.tfvars:
12
Configuring the Terraform provider 2/2
Note: instead of putting azure credentials in files variables.tf and terraform.tfvars, we can put them
into specific Terraform environment variables ARM_SUBSCRIPTION_ID, ARM_CLIENT_ID,
ARM_CLIENT_SECRET and ARM_TENANT_ID as follows:
Example on Linux:
export ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000"
export ARM_CLIENT_SECRET="12345678-0000-0000-0000-000000000000"
export ARM_TENANT_ID="10000000-0000-0000-0000-000000000000"
export ARM_SUBSCRIPTION_ID="20000000-0000-0000-0000-000000000000"
Example on PowerShell:
$env:ARM_CLIENT_ID = "00000000-0000-0000-0000-000000000000"
$env:ARM_CLIENT_SECRET = "12345678-0000-0000-0000-000000000000"
$env:ARM_TENANT_ID = "10000000-0000-0000-0000-000000000000"
$env:ARM_SUBSCRIPTION_ID = "20000000-0000-0000-0000-000000000000"
13
Writing Terraform scripts to deploy an Azure infrastructure
14
Terraform scripts to deploy an Azure infrastructure
To do this, we will create a rg.tf, network.tf and compute.tf files (in the
same folder that contains provider.tf) with the code of the followings:
➢ An Azure resource group.

➢ A network configuration: a virtual network and a subnet.
➢ In the subnet, we will create a virtual machine that has a public IP address to be
publicly available.
Documentation regarding the Terraform syntax:
https://developer.hashicorp.com/terraform/language/v1.1.x/configuration-0-11/resources
15
1. The code that provides the resource group: [ file rg.tf]
Any piece of Terraform code is composed of the same syntax model:

▪ A type of resource or data block
▪ A name of the resource to be managed (azurerm_resource_group)
▪ An internal Terraform ID (rg)
▪ A list of properties that correspond to the real properties of the
resource (that is, name and location)
This code uses the azurerm_resource_group Terraform resource and will provision a resource
group, named devopsRg, that will be stored in the West Europe location.
16
2. The code for the network part: [ file network.tf]
▪ we create the code for a VNet, devops-vnet,

and inside it, we create a subnet called
devops-subnet
▪ The VNet and subnet are the property of the
resource group with
azurerm_resource_group.rg.name, which tells
Terraform that the VNet and subnet will be created
just after the resource group.
▪ The subnet is dependent on its VNet with the use
of the azurerm_virtual_network.vnet.name value.
➢ https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network
17
3. Writing the code of the virtual machine, which is composed of the following:
a. A network interface b. A public IP address
c. An Azure Storage object for the diagnostic boot (boot information logs) d. A virtual machine
3.a Code for the network interface: [ file compute.tf]
➢ We use an azurerm_network_interface
block. For it:
▪ We configure the the name, region, resource
group, and IP configuration with the
dynamic IP address of the network interface.
https://www.terraform.io/docs/providers/azurerm/r/network_interface
18
3.b Code for the public IP address: [ file compute.tf]
➢ We use an azurerm_public_ip block.

For it, we
▪ configure the dynamic allocation of the IP
address and the DNS label.
➢ https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip
19
3.c Code for the storage account: [ file compute.tf]
LRS: Local Redundant Storage

Data is locally replicated in an Azure
datacenter
➢ We use an azurerm_storage_account block. In it, we

➢ configure the name, region, resource group, and type of storage, which, in our case, is Standard LRS.
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_blob
20
3.c code for the Ubuntu virtual machine : [ file compute.tf]
▪ contains the ID of the network interface created earlier
➢ We use an azurerm_virtual_machine block.

For it:
➢ we configure the name, size (Standard_B1s),
reference to the network_interface
Terraform object, and the type of virtual
machine operating system (Ubuntu).
https://registry.terraform.io/providers/hashic
orp/azurerm/latest/docs/resources/virtual_m
achine
// Code of the next page goes here …

21
3. Writing the code of the virtual machine (continued):
storage_os_disk {
name = "devops-osdisk"
managed_disk_type = "Standard_LRS"
caching = "ReadWrite"
create_option = "FromImage"
}
os_profile {
computer_name = "VMDEVOPS"
admin_username = "esmeuser"
admin_password = "esme123*"
}
os_profile_linux_config {
disable_password_authentication = false
}
boot_diagnostics {
enabled = true
storage_uri = azurerm_storage_account.stor.primary_blob_endpoint
}
}
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine 22
Running Terraform for deployment
23
❑ Before execution, first, we need to provide authentication (if it’s not done yet) with the Azure SP
to ensure that Terraform can manage the Azure resources.
➢ We can either set the environment variables specific to Terraform to contain the information of the SP
created earlier in the Configuring Terraform for Azure section
➢ Or we can use an az cli script.
❑ The following script exports the four Terraform environment variables in the Linux OS:
24
❑ Initialization
➢ terraform init
25
❑ Previewing the changes

➢ terraform plan
The role of this step is to preview the

changes made to the infrastructure before
applying them.
26
❑ Applying the changes

➢ terraform apply
This command let us apply the changes to

our infrastructure.
27
Exercise
Using Terraform and azurerm:
1. Create a resource group named labRG and identified by rgroup

2. Create a virtual network labNetwork with address space 10.0.0.0/16
3. Create two subnets named subnet1 and subnet2, identified by sn1 and sn2. The subnets should
have addresses 10.0.1.0/24 and 10.0.2.0/24
4. Create in each subnet an Ubuntu VM
5. Turn on one VM and send a PING request for it
6. Login to a VM using SSH and credentials you configured for accessing it
7. Shut down the VM
8. Delete the entire resource group you created, and the one created automatically also.
Note: do not create a storage account.
28

DevOps - Cloud Infrastructures With Terraform

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DevOps - Cloud Infrastructures With Terraform

Uploaded by

Copyright:

Available Formats

Definition & Installation of Terraform

❑ An open-source infrastructure as code (IaC) tool developed by HashiCorp.

Install Terraform (Linux)

Installation guide for other operating systems:

Configuring Terraform for Azure

Configuring Terraform for Azure

Configuring Terraform for Azure

❑ We use az cli to create an Azure SP

❑ This sample script:

Configuring Terraform for Azure

✓ The configuration files written in HashiCorp Configuration Language (HCL)

➢ The provider we are using is azurerm.

3. Create file terraform.tfvars:

Writing Terraform scripts to deploy an Azure infrastructure

➢ An Azure resource group.

Documentation regarding the Terraform syntax:

1. The code that provides the resource group: [ file rg.tf]

Any piece of Terraform code is composed of the same syntax model:

▪ we create the code for a VNet, devops-vnet,

3.b Code for the public IP address: [ file compute.tf]

➢ We use an azurerm_public_ip block.

3.c Code for the storage account: [ file compute.tf]

LRS: Local Redundant Storage

➢ We use an azurerm_storage_account block. In it, we

➢ We use an azurerm_virtual_machine block.

// Code of the next page goes here …

Running Terraform for deployment

❑ Previewing the changes

The role of this step is to preview the

❑ Applying the changes

This command let us apply the changes to

Using Terraform and azurerm:

1. Create a resource group named labRG and identified by rgroup

Note: do not create a storage account.

You might also like