Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Terraform for azure: the good, the bad and the ugly -

59 visualizaciones

Publicado el

Azure Bootcamp 2019 - Dublin
http://azurebootcampdublin.com/

Publicado en: Software
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Terraform for azure: the good, the bad and the ugly -

  1. 1. Terraform for Azure: the good, the bad and the ugly Giulio Vian – DevOps Lead – Glass, Lewis & Co.
  2. 2. Agenda Slides on SlideShare
  3. 3. What is Terraform? Provisioning •Terraform •Azure ARM Template •Azure CLI •Azure Powershell Configuration •Powershell DSC •Chef •Ansible •Packer Deployment •Azure DevOps •Octopus Deploy
  4. 4. What is Terraform? Provisioning •Terraform •Azure ARM Template •Azure CLI •Azure Powershell Configuration •Powershell DSC •Chef •Ansible •Packer Deployment •Azure DevOps •Octopus Deploy
  5. 5. No, what is Terraform? Single executable (kinda) https://www.terraform.io/
  6. 6. The Good,
  7. 7. Terraform DSL resource "azurerm_virtual_machine" "vm_demo" { name = "demovm" location = “northeurope" resource_group_name = "tf-demo" network_interface_ids = ["${azurerm_network_interface.vm_demo.id}"] vm_size = "Standard_B2s" storage_image_reference { publisher = "MicrosoftWindowsServer" offer = "WindowsServerSemiAnnual" sku = "Datacenter-Core-1803-smalldisk" version = "latest" } storage_os_disk { name = "demovm-osdisk" caching = "ReadWrite" create_option = "FromImage" } storage_data_disk { name = "demovm-datadisk" create_option = "Empty" lun = 0 disk_size_gb = "10" } os_profile { computer_name = "DEMOVM" admin_username = "${var.vm_admin_username}" admin_password = "${var.vm_admin_password}" } os_profile_windows_config { provision_vm_agent = true enable_automatic_upgrades = false } }
  8. 8. Why Terraform? ARM Template
  9. 9. Why Terraform? Powershell
  10. 10. How it works Command line tool terraform init terraform plan -out temp.dat terraform apply temp.dat Providers Executables azurerm, azuread, azurestack State (metadata)
  11. 11. Terraform basics
  12. 12. Terraform 0.12 Great promises in a not-so-near future
  13. 13. Tip: Passing credentials resource "azurerm_virtual_machine_extension" "my_vm_dscext" { #... protected_settings = <<PROTECTED_SETTINGS { "configurationArguments": { "someCredential": { "userName": "theUser", "password": "${var.the_user_pass}" } } } PROTECTED_SETTINGS }
  14. 14. Tip: assigning IPs Static addresses cidrsubnet cidrhost
  15. 15. Tip: pulling KeyVault Pre-load KeyVault with secrets data "azurerm_key_vault_secret" "test" { name = "mypassword" vault_uri = "https://yourvault.vault.azure.net/" }
  16. 16. Integration azurerm_virtual_machine_extension Powershell DSC Custom script → bash / Ansible Providers Chef, Docker, Kubernetes Provisioners ssh / WinRM
  17. 17. Automate Permit HTTPS to Internet* Credential (e.g. Service Principal) Get executable on the agent* Run apply There are ready-to use tasks *optional
  18. 18. Scale We have 6 environments with 150+ resources each
  19. 19. Goodies Summary Simple Modular Integrates well with Azure Easy to automate
  20. 20. the Bad,
  21. 21. Language Limits (HCL <0.12) Loops are hard Nested loop almost impossible Ifs are hard or impossible
  22. 22. Catching up Application Gateway story
  23. 23. Simple errors Error: Error applying plan: azurerm_lb_probe.lb_probe_http: Error Creating/Updating LoadBalancer network.LoadBalancersClient#CreateOrUpdate : Failure sending request: StatusCode=0 -- Original Error: Put https://management.azure.com/subscriptions /12345678-9abc-def0-1234- 56789abcdef0/resourceGroups/qa/providers/M icrosoft.Network/loadBalancers/qa- loadbalancer?api-version=2017-09-01: http: ContentLength=1655 with Body length 0
  24. 24. Downside Summary Limited expressive power (<0.12) Debugging can be difficult
  25. 25. and the Ugly
  26. 26. State management Myth: State is map of reality Setup in shared, locked place Azure Storage or AWS S3 Some changes not sensed Learn to use terraform state
  27. 27. Stay organized / repo root modules terraform modules utility general purpose shared common to multiple applications or environments application_name internal or public application non-production can be rebuilt any moment shared common to multiple environments e.g. deploy agents, jumpbox qa Integration test uat User acceptance test perf Load testing production everything here is critical ... details on next slide
  28. 28. Stay organized (cont’d) / repo root production everything here is critical legacy hand made infrastructure e.g. TFS shared common to main and DR e.g. networking live PRODUCTION ENVIRONMENTS network “everlasting” resources data-tier long-lived resources app-tier short-lived resources app_name resources for an app dr Disaster recovery site ... As above
  29. 29. Folders and state Each leaf has a state file Source can refer to existing state files production shared production/shared/terraform.tfstate live network production/live/network/terraform.tfstate app-tier production/live/app-tier/terraform.tfstate
  30. 30. Three steps to import Define as regular resources Add safety clause lifecycle { prevent_destroy = true } Include in state terraform import
  31. 31. Tip: Terraform tips HCL parser idiosyncrasies Regex might be troublesome is not unusual
  32. 32. Unpleasant Summary Low level commands & attributes for state Refactoring impacts state
  33. 33. Wrap-up 33
  34. 34. Succeeded?
  35. 35. Study the book Terraform - Up and Running: Writing Infrastructure as Code — Y.Brikman (O′Reilly)
  36. 36. Bio in pictures 36 giulio.dev@casavian.eu @giulio_vian https://www.slideshare.net/giuliov https://tfsaggregator.github.io http://blog.casavian.eu/ Hardware spec: 1KB RAM (upg. 16KB) 4KB ROM First computer Companies Communities
  37. 37. End of trasmissions 37

×