SlideShare una empresa de Scribd logo

Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)

Descargar como PPTX, PDF
A
Adin Ermie

In this new presentation, we will cover advanced Terraform topics (full-on DevOps). We will compare the deployment of Terraform using Azure DevOps, GitHub/GitHub Actions, and Terraform Cloud. We wrap everything up with some key takeaway learning resources in your Terraform learning adventure. NOTE: A recording of this presenting is available here: https://www.youtube.com/watch?v=fJ8_ZbOIdto&t=5574s

Tecnología
1 de 38
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition) Full-on DevOps Adin Ermie Cloud Solution Architect (Azure Apps & Infra) Microsoft
Agenda • Deploying Terraform using.. • Azure DevOps (ADO) • GitHub • Terraform Cloud • Resources • General • Certification
Microsoft’s investments in Terraform • Microsoft Team HashiCorp Team • Terraform AzureRM Provider updates • Latest release v2.18.0 (July 10, 2020) • 23 features added (new data sources, resources) • 27 enhancements • 6 bug fixes • 4x releases/updates published in June alone! • Terraform Module Registry • https://registry.terraform.io/browse/modules?provider=azurerm
Roadmap https://github.com/terraform-providers/terraform-provider-azurerm
Terraform v0.13 highlights Support for , , and New syntax Custom command connects a CLI user to the Terraform Cloud app variable "image_id" { type = string description = "The id of the machine image (AMI) to use for the server." validation { condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-" error_message = "The image_id value must be a valid AMI id, starting with "ami-"." terraform { required_providers { azurerm = { source = "hashicorp/azurerm" version = "2.0.0" } } }
Reference code terraform plan … -var-file="Hub.tfvars" -out="HubDeploy.plan"
Deploying Terraform using Azure DevOps Code example repo: https://github.com/AErmie/ADO-IaC-Using-Terraform
Hot off the press! • Announcing the Azure DevOps Provider for Terraform • https://cloudblogs.microsoft.com/opensource/2020/06/18/announ cing-hashicorp-terraform-azure-devops-provider-release/
Configuration  Using Azure DevOps Repo vs GitHub  Yes, you can use GitHub, but I was going for the “full” Azure DevOps (ADO) experience  Integrated with Azure KeyVault (for SPN credentials)  Via Variable Groups in the Pipeline’s Library  Multiple pipelines created  Deploy pipelines (hub/spoke/VNet peering)  Cleanup pipelines (hub/spoke/VNet peering)
Pipeline Triggers trigger: branches: include: - master paths: include: - /deploy-hub.txt # - /Terraform/Networking/Hub/HubNetwork.tf # - /Terraform/Networking/Hub/variables.tf # - /Terraform/Networking/Hub/outputs.tf # - /Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy/HubDeploy.tf # - /Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy/variables.tf # - /Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy/Hub.tfvars
Pipeline Variables variables: - group: Terraform-BuildVariables - name: subscription_id - value: “XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" - name: application_id - value: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" - name: tenant_id - value: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" - name: storage_accounts - value: "azuredevopssa" - name: blob_storage - value: container01-azuredevops - name: state_file - value: tf-statefile-hub.state - name: sa-resource_group - value: AzureDevOps
Pipeline Steps steps: - task: ms-devlabs.custom-terraform-tasks.custom-terraform-installer-task.TerraformInstaller@0 displayName: "Install Terraform" inputs: terraformVersion: '0.12.26' - script: terraform version displayName: "Terraform Version" - script: az login --service-principal -u $(application_id) -p $(spn-azuredevops-password2) --tenant $(tenant_id) displayName: "Log Into Azure" - script: terraform init -backend-config=resource_group_name=$(sa-resource_group) -backend- config="storage_account_name=$(storage_accounts)" -backend-config="container_name=$(blob_storage)" -backend- config="access_key=$(sa01-azdo-accesskey)" -backend-config="key=$(state_file)" displayName: "Terraform Init" workingDirectory: $(System.DefaultWorkingDirectory)/Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy - script: terraform plan -var="client_id=$(application_id)" -var="client_secret=$(spn-azuredevops-password2)" - var="tenant_id=$(tenant_id)" -var="subscription_id=$(subscription_id)" -var-file="Hub.tfvars" -out="HubDeploy.plan" displayName: "Terraform Plan" workingDirectory: $(System.DefaultWorkingDirectory)/Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy - script: terraform apply HubDeploy.plan displayName: "Terraform Apply" workingDirectory: $(System.DefaultWorkingDirectory)/Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy
Pipeline Chaining trigger: none # branches: # include: # - master # paths: # include: # - /Terraform/Networking/Spoke-Prod/Spoke-Prod.tf # - /Terraform/Networking/Spoke-Prod/variables.tf # - /Terraform/Networking/Spoke-Prod/outputs.tf # - /Terraform/Networking/Deployments/Network-Deployment/Spoke-Deploy/SpokeDeploy.tf # - /Terraform/Networking/Deployments/Network-Deployment/Spoke-Deploy/variables.tf # - /Terraform/Networking/Deployments/Network-Deployment/Spoke-Deploy/Spoke.tfvars resources: pipelines: - pipeline: "ADO-Terraform-IAC (Spoke Deploy)" source: "ADO-Terraform-IAC (Hub Deploy)"
Deploying Terraform using GitHub Code example repo: https://github.com/AErmie/Infrastructure-as-Code-IaC-Using-Terraform
Configuration • Using GitHub repo • Leverage GitHub Secrets (for SPN credentials, SAS keys, API tokens) • Multiple workflows (aka pipelines) created • Deploy workflows (hub/spoke/VNet peering) • Cleanup workflows (hub/spoke/VNet peering)
GitHub Actions (aka pipelines) • A JavaScript action that sets up Terraform CLI in your GitHub Actions workflow by: • Downloading a specific version of Terraform CLI and adding it to the PATH • Configuring the Terraform CLI configuration file with a Terraform Cloud/Enterprise hostname and API token • Installing a wrapper script to wrap subsequent calls of the terraform binary and expose its STDOUT, STDERR, and exit code
Workflow Triggers name: 'Deploy Hub' on: push: branches: - master paths: - 'deploy-hub.txt' pull_request:
Workflow Variables - name: Terraform Init run: terraform init env: subscription_id: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" application_id: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" tenant_id: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" sa-resource_group: "AzureDevOps" storage_accounts: "azuredevopssa" blob_storage: "container02-azuredevops" state_file: "tf-statefile-hub.state" cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
Workflow Jobs jobs: terraform: name: 'Terraform' runs-on: ubuntu-latest # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: shell: bash working-directory: ./Terraform/Networking/Deployments/Network-Deployment/Hub- Deploy
Workflow Steps # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - name: Setup Terraform uses: hashicorp/setup-terraform@v1 with: # terraform_version: 0.12.25 You can use this to set the specific version of Terraform to target. cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init run: terraform init # Generates an execution plan for Terraform - name: Terraform Plan run: terraform plan -var-file='Hub.tfvars' -out HubDeploy.plan # - name: Terraform Apply # if: github.ref == 'refs/heads/master' && github.event_name == 'push' # run: terraform apply -auto-approve
What you can’t do • Use modules with a relative path! • Known issue #23333 • Specifically when using Terraform Cloud as the remote backend • Trigger another Action/Workflow after a workflow is completed (ie. chaining) • Manually trigger an Action/Workflow • Not apparent you can use an alternative backend (ie. Azure Storage) when using the built-in Terraform GitHub Action module "vnets-SharedServices" { source = "../../../Hub/" … }
Deploying Terraform using Terraform Cloud Code example repo: https://github.com/AErmie/TFCloud-IaC-Using-Terraform
Configuration • Using GitHub repo • Leverage Terraform variables (for SPN credentials) • Multiple workspaces created (1 workspace = 1 state) • Deploy workspace (hub/spoke/VNet peering) • Note: “cleanup” workspaces not required, as the destruction and deletion process is built into the existing one
TF Cloud Workspaces (aka pipelines) • How Terraform Cloud organizes infrastructure • Terraform Cloud manages infrastructure collections with workspaces instead of directories • Contains configuration, state data, variables, etc. • Functions like a completely separate working directory • Each workspace retains backups of its previous state files • Retains a record of all run activity • Summaries, logs, a reference to the changes that caused the run, and user comments
Workspace Triggers • Automatic or path/file change detection • Has to be within the working directory
Workspace Variables • Terraform vs Environment variables • terraform.tfvars did not work for me • Had to use *.auto.tfvars terraform plan -var=“X” -var-file=“Y.tfvars" -out=“Z.plan“
Workspace Runs • Terraform Cloud always performs Terraform runs in the context of a workspace • The workspace serves the same role that a persistent working directory serves when running Terraform locally: • it provides the configuration, state, and variables for the run
Run Triggers • allow runs to queue automatically in this workspace on successful apply of runs in any of the source workspaces NOTE!
Points to remember • You can’t have a custom named .tfvars file, unless you use the *.auto.tfvars naming • Workspace ‘working directory’ controls the root terraform init location, with no option/method to travers directories • Triggering a delete/destroy, will trigger other chained/linked workspaces (ie. delete Hub will trigger deploy Spoke)
Resources For learnin’ stuff
Bonus! TFLint • A part of the GitHub Super Linter • One linter to rule them all • Used to validate against issues • Focused on possible errors, , etc. • Support for all providers • Rules that warn against • AWS = 700+ rules • Azure = 279 rules (Experimental support) • GCP = WIP
Resources • Adin’s personal curated list of Terraform resources • Advanced Tips & Tricks to Optimize your Terraform Code • Terraform: How to Rename (Instead of Deleting) a Resource • The Ultimate Terraform Workflow: Setup Terraform (and Remote State) with GitHub Actions • Automating infrastructure deployments in the Cloud with Terraform and Azure Pipelines • Deploying Terraform Infrastructure using Azure DevOps Pipelines Step by Step Don’t forget about these Visual Studio Code (VS Code) extensions:  Azure Terraform (by Microsoft)  Terraform (by Mikael Olenfalk)  Now owned by HashiCorp!
More resources • Misadventures with Terraform • Azure DevOps Lab - Terraform using GitHub Actions • Terraform GitHub Actions • Getting Started with Terraform Cloud • How to deploy production-grade infrastructure in a fraction of the time using Gruntwork with Terraform Cloud and Terraform Enterprise • Using Modules from the Terraform Cloud Private Module Registry
Certification resources • HashiCorp Terraform Certified Associate Preparation Guide (co-authored by Adin Ermie and Ned Bellavance) • Study Guide - Terraform Associate Certification (HashiCorp official) • Exam Review - Terraform Associate Certification (HashiCorp official) • Sample Questions - Terraform Associate Certification (HashiCorp official)
This is me Adin Ermie • Cloud Solution Architect – Azure Apps & Infra @ Microsoft • Azure Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) • Cloud Management & Security • Azure Monitor, Azure Security Center (ASC) / Azure Sentinel • Cloud Governance • Azure Policy, Blueprints, Management Groups, and Azure Cost Management (ACM) • Business Continuity and Disaster Recovery (BCDR) • Azure Site Recovery (ASR) / Azure Migrate, and Azure Backup • Infrastructure-as-Code (IaC) • Azure Resource Manager (ARM), and Terraform • 5x MVP - Cloud and Datacenter Management (CDM) • 1x HCA – HashiCorp Ambassador Adin.Ermie@outlook.com @AdinErmie https://AdinErmie.com linkedin.com/in/adinermie https://github.com/AErmie

Recomendados

Best Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformBest Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformDevOps.com
 
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)Adin Ermie
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform TrainingYevgeniy Brikman
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Amazon Web Services
 
Introduce to Terraform
Introduce to TerraformIntroduce to Terraform
Introduce to TerraformSamsung Electronics
 
Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Anton Babenko
 
Terraform
TerraformTerraform
TerraformDiego Pacheco
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructuredAmi Mahloof
 

Recomendados

Best Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformBest Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformDevOps.com
 
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)Adin Ermie
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform TrainingYevgeniy Brikman
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Amazon Web Services
 
Introduce to Terraform
Introduce to TerraformIntroduce to Terraform
Introduce to TerraformSamsung Electronics
 
Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Anton Babenko
 
Terraform
TerraformTerraform
TerraformDiego Pacheco
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructuredAmi Mahloof
 
Terraform
TerraformTerraform
TerraformChristophe Marchal
 
Final terraform
Final terraformFinal terraform
Final terraformGourav Varma
 
Terraform Basics
Terraform BasicsTerraform Basics
Terraform BasicsMohammed Fazuluddin
 
Terraform
TerraformTerraform
TerraformPhil Wilkins
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntAnton Babenko
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on AzureMithun Shanbhag
 
Terraform
TerraformTerraform
TerraformPathum Fernando ☁
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowAnton Babenko
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeMartin Schütte
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraformJulien Pivotto
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on AzureJulien Corioland
 
Hashicorp-Certified-Terraform-Associate-v3-edited.pptx
Hashicorp-Certified-Terraform-Associate-v3-edited.pptxHashicorp-Certified-Terraform-Associate-v3-edited.pptx
Hashicorp-Certified-Terraform-Associate-v3-edited.pptxssuser0d6c88
 
Terraform modules and (some of) best practices
Terraform modules and (some of) best practicesTerraform modules and (some of) best practices
Terraform modules and (some of) best practicesAnton Babenko
 
Terraform: An Overview & Introduction
Terraform: An Overview & IntroductionTerraform: An Overview & Introduction
Terraform: An Overview & IntroductionLee Trout
 
Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformAdin Ermie
 
Advanced Terraform
Advanced TerraformAdvanced Terraform
Advanced TerraformSamsung Electronics
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To TerraformSasitha Iresh
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Microsoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformMicrosoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformAlex Mags
 
Terraform
TerraformTerraform
TerraformAdam Vincze
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...Anton Babenko
 
London HUG 12/4
London HUG 12/4London HUG 12/4
London HUG 12/4London HashiCorp User Group
 

Más contenido relacionado

La actualidad más candente

Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntAnton Babenko
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowAnton Babenko
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeMartin Schütte
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraformJulien Pivotto
 
Hashicorp-Certified-Terraform-Associate-v3-edited.pptx
Hashicorp-Certified-Terraform-Associate-v3-edited.pptxHashicorp-Certified-Terraform-Associate-v3-edited.pptx
Hashicorp-Certified-Terraform-Associate-v3-edited.pptxssuser0d6c88
 
Terraform modules and (some of) best practices
Terraform modules and (some of) best practicesTerraform modules and (some of) best practices
Terraform modules and (some of) best practicesAnton Babenko
 
Terraform: An Overview & Introduction
Terraform: An Overview & IntroductionTerraform: An Overview & Introduction
Terraform: An Overview & IntroductionLee Trout
 
Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformAdin Ermie
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To TerraformSasitha Iresh
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Microsoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformMicrosoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformAlex Mags
 

La actualidad más candente (20)

Terraform
TerraformTerraform
Terraform
 
Final terraform
Final terraformFinal terraform
Final terraform
 
Terraform Basics
Terraform BasicsTerraform Basics
Terraform Basics
 
Terraform
TerraformTerraform
Terraform
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + Terragrunt
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on Azure
 
Terraform
TerraformTerraform
Terraform
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps Krakow
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as Code
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraform
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on Azure
 
Hashicorp-Certified-Terraform-Associate-v3-edited.pptx
Hashicorp-Certified-Terraform-Associate-v3-edited.pptxHashicorp-Certified-Terraform-Associate-v3-edited.pptx
Hashicorp-Certified-Terraform-Associate-v3-edited.pptx
 
Terraform modules and (some of) best practices
Terraform modules and (some of) best practicesTerraform modules and (some of) best practices
Terraform modules and (some of) best practices
 
Terraform: An Overview & Introduction
Terraform: An Overview & IntroductionTerraform: An Overview & Introduction
Terraform: An Overview & Introduction
 
Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using Terraform
 
Advanced Terraform
Advanced TerraformAdvanced Terraform
Advanced Terraform
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To Terraform
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
 
Microsoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformMicrosoft Azure IaaS and Terraform
Microsoft Azure IaaS and Terraform
 
Terraform
TerraformTerraform
Terraform
 

Similar a Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)

"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...Anton Babenko
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Katherine Golovinova
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentZane Williamson
 
Terraform day 1
Terraform day 1Terraform day 1
Terraform day 1Kalkey
 
Introduction to Apache Mesos
Introduction to Apache MesosIntroduction to Apache Mesos
Introduction to Apache MesosJoe Stein
 
Debasihish da final.ppt
Debasihish da final.pptDebasihish da final.ppt
Debasihish da final.pptKalkey
 
How Many Ohs? (An Integration Guide to Apex & Triple-o)
How Many Ohs? (An Integration Guide to Apex & Triple-o)How Many Ohs? (An Integration Guide to Apex & Triple-o)
How Many Ohs? (An Integration Guide to Apex & Triple-o)OPNFV
 
leboncoin DataEngineering / Terraform - beginner to advanced
leboncoin DataEngineering / Terraform - beginner to advancedleboncoin DataEngineering / Terraform - beginner to advanced
leboncoin DataEngineering / Terraform - beginner to advancedleboncoin engineering
 
Hadoop 20111117
Hadoop 20111117Hadoop 20111117
Hadoop 20111117exsuns
 
Terraform infraestructura como código
Terraform infraestructura como códigoTerraform infraestructura como código
Terraform infraestructura como códigoVictor Adsuar
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices Nebulaworks
 
Introduction to Laravel Framework (5.2)
Introduction to Laravel Framework (5.2)Introduction to Laravel Framework (5.2)
Introduction to Laravel Framework (5.2)Viral Solani
 
Container Days Boston - Kubernetes in production
Container Days Boston - Kubernetes in productionContainer Days Boston - Kubernetes in production
Container Days Boston - Kubernetes in productionMike Splain
 
Terraform Abstractions for Safety and Power
Terraform Abstractions for Safety and PowerTerraform Abstractions for Safety and Power
Terraform Abstractions for Safety and PowerCalvin French-Owen
 

Similar a Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition) (20)

"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...
 
London HUG 12/4
London HUG 12/4London HUG 12/4
London HUG 12/4
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?
 
Terraform training 🎒 - Basic
Terraform training 🎒 - BasicTerraform training 🎒 - Basic
Terraform training 🎒 - Basic
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous Deployment
 
Terraform day 1
Terraform day 1Terraform day 1
Terraform day 1
 
Introduction to Apache Mesos
Introduction to Apache MesosIntroduction to Apache Mesos
Introduction to Apache Mesos
 
Debasihish da final.ppt
Debasihish da final.pptDebasihish da final.ppt
Debasihish da final.ppt
 
Terraform Cosmos DB
Terraform Cosmos DBTerraform Cosmos DB
Terraform Cosmos DB
 
How Many Ohs? (An Integration Guide to Apex & Triple-o)
How Many Ohs? (An Integration Guide to Apex & Triple-o)How Many Ohs? (An Integration Guide to Apex & Triple-o)
How Many Ohs? (An Integration Guide to Apex & Triple-o)
 
leboncoin DataEngineering / Terraform - beginner to advanced
leboncoin DataEngineering / Terraform - beginner to advancedleboncoin DataEngineering / Terraform - beginner to advanced
leboncoin DataEngineering / Terraform - beginner to advanced
 
Hadoop 20111117
Hadoop 20111117Hadoop 20111117
Hadoop 20111117
 
Terraform infraestructura como código
Terraform infraestructura como códigoTerraform infraestructura como código
Terraform infraestructura como código
 
Iniciando com Terraform
Iniciando com TerraformIniciando com Terraform
Iniciando com Terraform
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices
 
Introduction to Laravel Framework (5.2)
Introduction to Laravel Framework (5.2)Introduction to Laravel Framework (5.2)
Introduction to Laravel Framework (5.2)
 
Test driven infrastructure
Test driven infrastructureTest driven infrastructure
Test driven infrastructure
 
Container Days Boston - Kubernetes in production
Container Days Boston - Kubernetes in productionContainer Days Boston - Kubernetes in production
Container Days Boston - Kubernetes in production
 
Terraform Abstractions for Safety and Power
Terraform Abstractions for Safety and PowerTerraform Abstractions for Safety and Power
Terraform Abstractions for Safety and Power
 
Terraform day1
Terraform day1Terraform day1
Terraform day1
 

Último

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Último (20)

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)

  • 1. Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition) Full-on DevOps Adin Ermie Cloud Solution Architect (Azure Apps & Infra) Microsoft
  • 2. Agenda • Deploying Terraform using.. • Azure DevOps (ADO) • GitHub • Terraform Cloud • Resources • General • Certification
  • 3. Microsoft’s investments in Terraform • Microsoft Team HashiCorp Team • Terraform AzureRM Provider updates • Latest release v2.18.0 (July 10, 2020) • 23 features added (new data sources, resources) • 27 enhancements • 6 bug fixes • 4x releases/updates published in June alone! • Terraform Module Registry • https://registry.terraform.io/browse/modules?provider=azurerm
  • 5. Terraform v0.13 highlights Support for , , and New syntax Custom command connects a CLI user to the Terraform Cloud app variable "image_id" { type = string description = "The id of the machine image (AMI) to use for the server." validation { condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-" error_message = "The image_id value must be a valid AMI id, starting with "ami-"." terraform { required_providers { azurerm = { source = "hashicorp/azurerm" version = "2.0.0" } } }
  • 6. Reference code terraform plan … -var-file="Hub.tfvars" -out="HubDeploy.plan"
  • 7. Deploying Terraform using Azure DevOps Code example repo: https://github.com/AErmie/ADO-IaC-Using-Terraform
  • 8. Hot off the press! • Announcing the Azure DevOps Provider for Terraform • https://cloudblogs.microsoft.com/opensource/2020/06/18/announ cing-hashicorp-terraform-azure-devops-provider-release/
  • 9. Configuration  Using Azure DevOps Repo vs GitHub  Yes, you can use GitHub, but I was going for the “full” Azure DevOps (ADO) experience  Integrated with Azure KeyVault (for SPN credentials)  Via Variable Groups in the Pipeline’s Library  Multiple pipelines created  Deploy pipelines (hub/spoke/VNet peering)  Cleanup pipelines (hub/spoke/VNet peering)
  • 10. Pipeline Triggers trigger: branches: include: - master paths: include: - /deploy-hub.txt # - /Terraform/Networking/Hub/HubNetwork.tf # - /Terraform/Networking/Hub/variables.tf # - /Terraform/Networking/Hub/outputs.tf # - /Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy/HubDeploy.tf # - /Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy/variables.tf # - /Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy/Hub.tfvars
  • 11. Pipeline Variables variables: - group: Terraform-BuildVariables - name: subscription_id - value: “XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" - name: application_id - value: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" - name: tenant_id - value: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" - name: storage_accounts - value: "azuredevopssa" - name: blob_storage - value: container01-azuredevops - name: state_file - value: tf-statefile-hub.state - name: sa-resource_group - value: AzureDevOps
  • 12. Pipeline Steps steps: - task: ms-devlabs.custom-terraform-tasks.custom-terraform-installer-task.TerraformInstaller@0 displayName: "Install Terraform" inputs: terraformVersion: '0.12.26' - script: terraform version displayName: "Terraform Version" - script: az login --service-principal -u $(application_id) -p $(spn-azuredevops-password2) --tenant $(tenant_id) displayName: "Log Into Azure" - script: terraform init -backend-config=resource_group_name=$(sa-resource_group) -backend- config="storage_account_name=$(storage_accounts)" -backend-config="container_name=$(blob_storage)" -backend- config="access_key=$(sa01-azdo-accesskey)" -backend-config="key=$(state_file)" displayName: "Terraform Init" workingDirectory: $(System.DefaultWorkingDirectory)/Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy - script: terraform plan -var="client_id=$(application_id)" -var="client_secret=$(spn-azuredevops-password2)" - var="tenant_id=$(tenant_id)" -var="subscription_id=$(subscription_id)" -var-file="Hub.tfvars" -out="HubDeploy.plan" displayName: "Terraform Plan" workingDirectory: $(System.DefaultWorkingDirectory)/Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy - script: terraform apply HubDeploy.plan displayName: "Terraform Apply" workingDirectory: $(System.DefaultWorkingDirectory)/Terraform/Networking/Deployments/Network-Deployment/Hub-Deploy
  • 13. Pipeline Chaining trigger: none # branches: # include: # - master # paths: # include: # - /Terraform/Networking/Spoke-Prod/Spoke-Prod.tf # - /Terraform/Networking/Spoke-Prod/variables.tf # - /Terraform/Networking/Spoke-Prod/outputs.tf # - /Terraform/Networking/Deployments/Network-Deployment/Spoke-Deploy/SpokeDeploy.tf # - /Terraform/Networking/Deployments/Network-Deployment/Spoke-Deploy/variables.tf # - /Terraform/Networking/Deployments/Network-Deployment/Spoke-Deploy/Spoke.tfvars resources: pipelines: - pipeline: "ADO-Terraform-IAC (Spoke Deploy)" source: "ADO-Terraform-IAC (Hub Deploy)"
  • 14.
  • 15. Deploying Terraform using GitHub Code example repo: https://github.com/AErmie/Infrastructure-as-Code-IaC-Using-Terraform
  • 16. Configuration • Using GitHub repo • Leverage GitHub Secrets (for SPN credentials, SAS keys, API tokens) • Multiple workflows (aka pipelines) created • Deploy workflows (hub/spoke/VNet peering) • Cleanup workflows (hub/spoke/VNet peering)
  • 17. GitHub Actions (aka pipelines) • A JavaScript action that sets up Terraform CLI in your GitHub Actions workflow by: • Downloading a specific version of Terraform CLI and adding it to the PATH • Configuring the Terraform CLI configuration file with a Terraform Cloud/Enterprise hostname and API token • Installing a wrapper script to wrap subsequent calls of the terraform binary and expose its STDOUT, STDERR, and exit code
  • 18. Workflow Triggers name: 'Deploy Hub' on: push: branches: - master paths: - 'deploy-hub.txt' pull_request:
  • 19. Workflow Variables - name: Terraform Init run: terraform init env: subscription_id: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" application_id: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" tenant_id: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" sa-resource_group: "AzureDevOps" storage_accounts: "azuredevopssa" blob_storage: "container02-azuredevops" state_file: "tf-statefile-hub.state" cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
  • 20. Workflow Jobs jobs: terraform: name: 'Terraform' runs-on: ubuntu-latest # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: shell: bash working-directory: ./Terraform/Networking/Deployments/Network-Deployment/Hub- Deploy
  • 21. Workflow Steps # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - name: Setup Terraform uses: hashicorp/setup-terraform@v1 with: # terraform_version: 0.12.25 You can use this to set the specific version of Terraform to target. cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init run: terraform init # Generates an execution plan for Terraform - name: Terraform Plan run: terraform plan -var-file='Hub.tfvars' -out HubDeploy.plan # - name: Terraform Apply # if: github.ref == 'refs/heads/master' && github.event_name == 'push' # run: terraform apply -auto-approve
  • 22. What you can’t do • Use modules with a relative path! • Known issue #23333 • Specifically when using Terraform Cloud as the remote backend • Trigger another Action/Workflow after a workflow is completed (ie. chaining) • Manually trigger an Action/Workflow • Not apparent you can use an alternative backend (ie. Azure Storage) when using the built-in Terraform GitHub Action module "vnets-SharedServices" { source = "../../../Hub/" … }
  • 23.
  • 24. Deploying Terraform using Terraform Cloud Code example repo: https://github.com/AErmie/TFCloud-IaC-Using-Terraform
  • 25. Configuration • Using GitHub repo • Leverage Terraform variables (for SPN credentials) • Multiple workspaces created (1 workspace = 1 state) • Deploy workspace (hub/spoke/VNet peering) • Note: “cleanup” workspaces not required, as the destruction and deletion process is built into the existing one
  • 26. TF Cloud Workspaces (aka pipelines) • How Terraform Cloud organizes infrastructure • Terraform Cloud manages infrastructure collections with workspaces instead of directories • Contains configuration, state data, variables, etc. • Functions like a completely separate working directory • Each workspace retains backups of its previous state files • Retains a record of all run activity • Summaries, logs, a reference to the changes that caused the run, and user comments
  • 27. Workspace Triggers • Automatic or path/file change detection • Has to be within the working directory
  • 28. Workspace Variables • Terraform vs Environment variables • terraform.tfvars did not work for me • Had to use *.auto.tfvars terraform plan -var=“X” -var-file=“Y.tfvars" -out=“Z.plan“
  • 29. Workspace Runs • Terraform Cloud always performs Terraform runs in the context of a workspace • The workspace serves the same role that a persistent working directory serves when running Terraform locally: • it provides the configuration, state, and variables for the run
  • 30. Run Triggers • allow runs to queue automatically in this workspace on successful apply of runs in any of the source workspaces NOTE!
  • 31. Points to remember • You can’t have a custom named .tfvars file, unless you use the *.auto.tfvars naming • Workspace ‘working directory’ controls the root terraform init location, with no option/method to travers directories • Triggering a delete/destroy, will trigger other chained/linked workspaces (ie. delete Hub will trigger deploy Spoke)
  • 32.
  • 34. Bonus! TFLint • A part of the GitHub Super Linter • One linter to rule them all • Used to validate against issues • Focused on possible errors, , etc. • Support for all providers • Rules that warn against • AWS = 700+ rules • Azure = 279 rules (Experimental support) • GCP = WIP
  • 35. Resources • Adin’s personal curated list of Terraform resources • Advanced Tips & Tricks to Optimize your Terraform Code • Terraform: How to Rename (Instead of Deleting) a Resource • The Ultimate Terraform Workflow: Setup Terraform (and Remote State) with GitHub Actions • Automating infrastructure deployments in the Cloud with Terraform and Azure Pipelines • Deploying Terraform Infrastructure using Azure DevOps Pipelines Step by Step Don’t forget about these Visual Studio Code (VS Code) extensions:  Azure Terraform (by Microsoft)  Terraform (by Mikael Olenfalk)  Now owned by HashiCorp!
  • 36. More resources • Misadventures with Terraform • Azure DevOps Lab - Terraform using GitHub Actions • Terraform GitHub Actions • Getting Started with Terraform Cloud • How to deploy production-grade infrastructure in a fraction of the time using Gruntwork with Terraform Cloud and Terraform Enterprise • Using Modules from the Terraform Cloud Private Module Registry
  • 37. Certification resources • HashiCorp Terraform Certified Associate Preparation Guide (co-authored by Adin Ermie and Ned Bellavance) • Study Guide - Terraform Associate Certification (HashiCorp official) • Exam Review - Terraform Associate Certification (HashiCorp official) • Sample Questions - Terraform Associate Certification (HashiCorp official)
  • 38. This is me Adin Ermie • Cloud Solution Architect – Azure Apps & Infra @ Microsoft • Azure Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) • Cloud Management & Security • Azure Monitor, Azure Security Center (ASC) / Azure Sentinel • Cloud Governance • Azure Policy, Blueprints, Management Groups, and Azure Cost Management (ACM) • Business Continuity and Disaster Recovery (BCDR) • Azure Site Recovery (ASR) / Azure Migrate, and Azure Backup • Infrastructure-as-Code (IaC) • Azure Resource Manager (ARM), and Terraform • 5x MVP - Cloud and Datacenter Management (CDM) • 1x HCA – HashiCorp Ambassador Adin.Ermie@outlook.com @AdinErmie https://AdinErmie.com linkedin.com/in/adinermie https://github.com/AErmie

Notas del editor

  1. There are 2 types of Triggers: Continuous integration (CI), and Pull request (PR) Continuous integration (CI) triggers cause a pipeline to run whenever you push an update to the specified branches or you push specified tags. You can reference a branch (ie. master), use wildcards (ie. releases/*), use exclude (ie. releases/old), tags (on branches) Note: You cannot use variables in triggers, as variables are evaluated at runtime (after the trigger has fired). Note: If you specify an exclude clause without an include clause, then it is equivalent to specifying * in the include clause. Note: When you specify paths, you must explicitly specify branches to trigger on. You can't trigger a pipeline with only a path filter; you must also have a branch filter, and the changed files that match the path filter must be from a branch that matches the branch filter.
  2. The ‘Terraform-BuildVariables’ is the from the Pipeline > Library > Variable Group (which is integrated with Azure KeyVault) User-defined variables System variables Environment variables System and user-defined variables also get injected as environment variables for your platform. When variables are turned into environment variables, variable names become uppercase, and periods turn into underscores. 
  3. Note that if you do not include the ‘inputs’ ‘terraformVersion’ it will NOT install the latest version, but rather, version 0.12.3! Notice that we’re passing through the command-line the backend config for using Azure Storage as the remote State store On the terraform plan command, you can augment it by including a ‘var-file’ reference, and output the plan file Tasks are versioned, and you must specify the major version of the task used in your pipeline In YAML, you specify the major version using @ in the task name (ie. TerraformInstaller@0)
  4. I want to kick-off the Spoke pipeline after the Hub pipeline has completed Notice the ‘trigger’ is set to ‘none’, and we have a ‘resources’ ‘pipelines’ code block pipeline: BLAH specifies the name of the pipeline resource source: BLAH specifies the name of the triggering pipeline
  5. To date, there are 28 “terraform” GitHub Actions There is one official HashiCorp – Setup Terraform action Workflows are custom automated processes that you can set up in your repository to build, test, package, release, or deploy any code project on GitHub. With GitHub Actions you can build end-to-end continuous integration (CI) and continuous deployment (CD) capabilities directly in your repository. GitHub Actions powers GitHub's built-in continuous integration service.
  6. The name of the GitHub event that triggers the workflow.  You can provide a single event string, array of events, array of event types, or an event configuration map that schedules a workflow or restricts the execution of a workflow to specific files, tags, or branch changes.  You can configure a workflow to start once: An event on GitHub occurs, such as when someone pushes a commit to a repository or when an issue or pull request is created. A scheduled event begins.An external event occurs. To trigger a workflow after an event happens on GitHub, add on: and an event value after the workflow name.
  7. Encrypted secrets Environment variables GitHub sets default environment variables that are available to every step in a workflow run. Environment variables are case-sensitive.
  8. A workflow run is made up of one or more jobs. Jobs run in parallel by default. To run jobs sequentially, you can define dependencies on other jobs using the jobs.<job_id>.needs keyword. Note the ‘working-directory’ and how the path is set (it does not use the double-dot-slash ..\, but rather a single) A workflow run is made up of one or more jobs. Jobs run in parallel by default. To run jobs sequentially, you can define dependencies on other jobs using the jobs.<job_id>.needs keyword.
  9. Note: There is an error when terraform plan tries to use “var-file” and “out” This may be due to the state pointing to Terraform Cloud vs an Azure Storage Account This means you cannot use “-out” to produce a .plan file as an artifact This also means you cannot pass in a “-var-file”, it looks for “*.auto.tfvars” instead A job contains a sequence of tasks called steps. Not all steps run actions, but all actions run as a step. Because steps run in their own process, changes to environment variables are not preserved between steps
  10. Trigger an action upon completion of another action: https://github.community/t/trigger-an-action-upon-completion-of-another-action/17642 Triggering a new workflow from another workflow: https://github.community/t/triggering-a-new-workflow-from-another-workflow/16250
  11. At first, I thought I should use the Environment Variables for Subscription ID, Client ID/Secret, and Tenant ID. But apparently this is not the case, as no value is passed from any key in the ‘Environment Variables’ In short, if you want to use it as part of a terraform command-line (ie. terraform plan -var=“X” -var-file=“Y.tfvars" -out=“Z.plan“ then you need to use the Terraform Variables Terraform Cloud workspaces can set values for two kinds of variables: Terraform input variables, which define the parameters of a Terraform configuration. Shell environment variables, which many providers can use for credentials and other data. Terraform Cloud passes variables to Terraform by writing a terraform.tfvars file and passing the -var-file=terraform.tfvars option to the Terraform command.
  12. Terraform runs managed by Terraform Cloud are called remote operations.  Remote runs can be initiated by webhooks from your VCS provider, by UI controls within Terraform Cloud, by API calls, or by Terraform CLI. In a workspace linked to a VCS repo, runs start automatically when you merge or commit changes to version control. A workspace is linked to one branch of its repository, and ignores changes to other branches. Workspaces can also ignore some changes within their branch: if a Terraform working directory is configured, Terraform Cloud assumes that only some of the content in the repository is relevant to Terraform, and ignores changes outside of that content.
  13. Note that a successful APPLY needs to happen in the source workspace first before it triggers the next one Note the auto-apply warning! This means you cannot actually successfully “fully” deploy an entire environment in an automated way; human interaction is required! You can connect your workspace to up to 20 source workspaces.