Terraform! Yeah, it seems like a heavy word, but it is indeed one of the finest infrastructure building tools. Let's get on the word infrastructure.
Terraform is a tool that lets you create and manage your cloud infrastructure using code. Think of it as writing instructions for building a digital worldβlike constructing a virtual house with Lego bricks! π’π§π
OK! It seems tough to understand for beginners. Let me break it down. Terraform is like a digital construction tool. Imagine youβre building a house with Lego bricks. Terraform helps you assemble virtual Lego pieces to create servers, networks, and other cloud resources. Itβs like playing with building blocks for grown-up wizards! π§π’
Yes! you're a wizard here. π€
Now a bit of Azure as well. Azure is a cloud computing platform and an online portal that allows you to access and manage cloud services and resources provided by Microsoft. These services include storing data, transforming it, and more, depending on your requirements.
Why don't we dive in for some hands-on? β¨οΈ
Yes, we can have a hands-on tutorial that will help you understand the concepts more clearly. Also, I am mentioning some prerequisites for this tutorial so we don't mess up.
Prerequisties:
Azure Account with a subscription
A will to learn and build an infrastructure
We are dividing this tutorial into 3 parts:
Part A: Create a remote backed over Azure Cloud.
Part B: Setting and configuring a remote backend through Terraform.
Part C: Creating an Infrastructure through Code.
Diving into Part A:
The image shows the map of Part A, where we are creating a resource group to hold the lock and unlock tfstate lock key.
For this, we have to install the Azure CLI and create the resources from the CLI itself. Yes, one can get to the portal as well; however, it is the native work that can be done from the CLI.
Get to the download page from here. Select your OS and install it.
Now simply login to Azure using the following command:
az login
Please use the sign in interactively method to get access to your Azure portal on your local CLI. π
Hurray! You have successfully signed in and connected to Azure through your local.
Now, Azure executes the things in a protocol. Let me explain it. Azure follows a path to get things done. Our primary task is to create a container to hold our key. Right?
So for that, you need to have a storage account prior to it being of the blob type. In fact, even before a storage account, you need to have a resource group that manages every process on Azure.
Take the reference from the map in Part A. The shell explains every bit of it.
As discussed, we are now creating a Resource group with the name tfbackednrf01.
az group create --name tfbackednrf01 --location eastus
Yes! Please feel free to use our own name. I am using these as references. Now move ahead and create a storage account. ππ½
az storage account create --resource-group tfbackednrf01 --name storagetauqeer007 --location eastus --sku Standard_LRS --kind StorageV2
Wohho!! We are done creating a storage account that is associated with our resource group already. π₯³
In the same fashion, proceed with creating a storage container that will hold our key.
az storage container create --name tfstate --resource-group tfbackednrf01 --account-name storagetauqeer007
Hurray! We are done with Part A, and our storage container is set. The point to catch here is that if you start working with Terraform in a current directory, there will be no terraform.tfstate will be created. As it will be now hosted over Azure.
But what's the point of doing so much for this? Like, seriously, why? π€·ββοΈ
So let me tell you, when we are working in an organisation, we tend to have multiple cloud engineers and DevOps engineers. Together, they will be working on the same infrastructure, which makes the situation more susceptible to vulnerabilities when an engineer overlaps with the work of someone else. So lock file makes it secure when an engineer is working on a current infra.
Diving into Part B:
The image shows how we are setting up and configuring the remote backend in Terraform.
So I would suggest opening up your code editor; I'll go with VS Code. Please install Terraform and their extension in the code editor. It is always a good practice to follow a proper folder structure while performing operations with Terraform.
Maintain a proper record and simply create a backend.tf file that will be used to configure our backend.
Now simply code in the file as per the requirements; don't worry, I've already attached the code. π€
In the context of backend.tf.
terraform {
backend "azurerm" {
resource_group_name = "tfbackednrf01"
storage_account_name = "storagetauqeer007"
container_name = "tfstate"
key = "terraform.tfstate"
}
}
All good? Done. Yes, it's done. Part B was just to create the files and setup the backend.tf file.
Diving into Part C:
I know you all have been waiting for the setting up of your infrastructure. Great! We are just a few codes away from it.
Now open up your main.tf and create the code setting up the virtual machine, resource group (the most important thing), and network configurations.
Use this code in main.tf
resource "azurerm_resource_group" "my_rg" {
name = "my-ubuntu-rg"
location = "East US" # Change this to your desired location
}
resource "azurerm_virtual_network" "my_vnet" {
name = "my-ubuntu-vnet"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.my_rg.location
resource_group_name = azurerm_resource_group.my_rg.name
}
resource "azurerm_subnet" "my_subnet" {
name = "my-subnet"
virtual_network_name = azurerm_virtual_network.my_vnet.name
resource_group_name = azurerm_resource_group.my_rg.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_public_ip" "my_public_ip" {
name = "my-ubuntu-ip"
location = azurerm_resource_group.my_rg.location
resource_group_name = azurerm_resource_group.my_rg.name
allocation_method = "Dynamic"
}
data "azurerm_public_ip" "example" {
name = azurerm_public_ip.my_public_ip.name
resource_group_name = azurerm_linux_virtual_machine.my_vm.resource_group_name
}
resource "azurerm_network_interface" "my_nic" {
name = "my-nic"
location = azurerm_resource_group.my_rg.location
resource_group_name = azurerm_resource_group.my_rg.name
ip_configuration {
name = "my-nic-ipconfig"
subnet_id = azurerm_subnet.my_subnet.id
private_ip_address_allocation = "Dynamic" # or "Static" if you want a specific IP
}
}
// creating a vm
resource "azurerm_linux_virtual_machine" "my_vm" {
name = "my-ubuntu-vm"
resource_group_name = azurerm_resource_group.my_rg.name
location = azurerm_resource_group.my_rg.location
size = "Standard_D2s_v3" # Choose an appropriate VM size
disable_password_authentication = false
admin_username = "tauqeer"
admin_password = "iwillnottellyou" # Replace with your own password
network_interface_ids = [azurerm_network_interface.my_nic.id]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-focal"
sku = "20_04-lts-gen2"
version = "latest"
}
}
Remember: We're creating a simple Ubuntu-based virtual machine.
Go for providers.tf
terraform {
required_version = ">=1.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.0"
}
random = {
source = "hashicorp/random"
version = "~>3.0"
}
}
}
provider "azurerm" {
features {}
}
Please set up your variables.tf
variable "location" {
description = "Azure region where resources will be deployed"
type = string
default = "East US"
}
variable "vm_size" {
description = "Azure VM Size that will be used"
type = string
default = "Standard_D2s_v3"
}
Now set up your terraform.tfvars. This file contains your environment variables. So make sure it is not pushed on GitHub. I am sharing this here for learning purposes.
location = "West Europe"
vm_size = "Standard_D2s_v3"
Let's show our results using output.tf.
output "public_ip" {
description = "Public IP address of the VM"
value = azurerm_public_ip.my_public_ip.ip_address
}
Ok! let's boom! High time to use the code. Let's initialize it the infra-az folder.
terraform init
You will get an output like this. Congo! backend is initialized, and let's plan and apply our infrastructure.
terraform plan
terraform apply
Good! You've successfully created a VM over the Azure Cloud through Terraform. Before we end the discussion, I want to pin point that while triggering terraform apply command the terraform.tfstate gets locked and gets unlocked when apply process is completed.
This helps in saving multiple users or processes trying to apply changes simultaneously. Terraform ensures only one operation proceeds at a time.
Go to Storage Account > Yourstoragename > Container > tfstate
When terraform apply is being used. Other operations are held to be locked.
When applied, the Lease status is set to Unlocked.
Also, if you no longer need infra or resources, make sure to destroy them. Use the following command to destroy.
terraform destroy
So here we are concluding our tutorial on setting up Azure with Terraform and a remote backend. π
Docs and References: π
Azure CLI:https://learn.microsoft.com/en-us/cli/azure/
Terraform Docs:https://developer.hashicorp.com/terraform/docs
Azure Portal: https://portal.azure.com/#home