Friday, June 4, 2021

Create Azure VM using Terraform

HOWTO

 

Differences Between On-Premise, SaaS, PaaS, IaaS

GitHub

 Install Terraform on Fedora

https://learn.hashicorp.com/tutorials/terraform/install-cli

 

sudo dnf install -y dnf-plugins-core

sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo

sudo dnf -y install terraform


Install Azure CLI

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-yum


Verify installation

[dave@dave ~]$ terraform version
Terraform v0.13.5
[dave@dave ~]$ az version
{
  "azure-cli": "2.14.2",
  "azure-cli-core": "2.14.2",
  "azure-cli-telemetry": "1.0.6",
  "extensions": {}
}

Login via Azure CLI using own credentials

https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli

$ az login
[dave@dave azure]$ az account show
{
  "environmentName": "AzureCloud",
  "homeTenantId": "23432432423-2342423423",
  "id": "3234234234-234234234",
  "isDefault": true,
  "managedByTenants": [],
  "name": "Free Trial",
  "state": "Enabled",
  "tenantId": "234234234-234234234",
  "user": {
    "name": "daniel.veselka",
    "type": "user"
  }
}


Authenticate to Azure using service principal variables

https://docs.microsoft.com/en-us/azure/developer/terraform/get-started-cloud-shell#authenticate-via-azure-service-principal

Get values for service principal and store them into env vars ARM_* 

A Service Principal is an application within Azure Active Directory whose authentication tokens can be used as the client_id, client_secret, and tenant_id fields needed by Terraform (subscription_id can be independently recovered from your Azure account details).

Set subscription to use with Terraform

https://docs.microsoft.com/en-us/azure/developer/terraform/get-started-cloud-shell#set-the-current-azure-subscription


az account set --subscription="<subscription_id>"

Export Azure principle secrets variables

 https://www.terraform.io/docs/providers/azurerm/guides/service_principal_client_secret.html

$ export ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000"
$ export ARM_CLIENT_SECRET="00000000-0000-0000-0000-000000000000"
$ export ARM_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000"
$ export ARM_TENANT_ID="00000000-0000-0000-0000-000000000000"


Find Centos OS Azure image

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage

 az vm image list -l westeurope --publisher openlogic --offer centos --sku 8 --all -o table 
Offer                      Publisher    Sku              Urn                                                                 Version
-------------------------  -----------  ---------------  ------------------------------------------------------------------  --------------
CentOS                     OpenLogic    8_3              OpenLogic:CentOS:8_3:8.3.2020120900                                 8.3.2020120900
CentOS                     OpenLogic    8_3              OpenLogic:CentOS:8_3:8.3.2021020400                                 8.3.2021020400
CentOS                     OpenLogic    8_3-gen2         OpenLogic:CentOS:8_3-gen2:8.3.2020120901                            8.3.2020120901
CentOS                     OpenLogic    8_3-gen2         OpenLogic:CentOS:8_3-gen2:8.3.2021020401                            8.3.2021020401

 

Install VSCode with Terraform extension

For VSCode installation see here  https://danielveselka.blogspot.com/2020/11/google-cloud-code-ide-extension.html 

https://github.com/hashicorp/vscode-terraform

 

Choose VM size

https://docs.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable

Create VM

https://docs.microsoft.com/en-us/azure/developer/terraform/create-linux-virtual-machine-with-infrastructure

 https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/examples/virtual-machines/linux/basic-ssh/main.tf

https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/examples/virtual-machines/linux/custom-data/main.tf

[dave@dave azure]$ terraform init

Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/tls...
- Finding latest version of hashicorp/azurerm...
- Installing hashicorp/tls v3.0.0...
- Installed hashicorp/tls v3.0.0 (signed by HashiCorp)
- Installing hashicorp/azurerm v2.36.0...
- Installed hashicorp/azurerm v2.36.0 (signed by HashiCorp)

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, we recommend adding version constraints in a required_providers block
in your configuration, with the constraint strings suggested below.

* hashicorp/azurerm: version = "~> 2.36.0"
* hashicorp/tls: version = "~> 3.0.0"

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.


 Terraform plan

[dave@dave azure]$ terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_linux_virtual_machine.daveterraformvm will be created
  + resource "azurerm_linux_virtual_machine" "daveterraformvm" {
      + admin_username                  = "centos"
      + allow_extension_operations      = true
      + computer_name                   = (known after apply)
      + disable_password_authentication = true
      + extensions_time_budget          = "PT1H30M"
      + id                              = (known after apply)
      + location                        = "westeurope"
      + max_bid_price                   = -1
      + name                            = "dave_terraform_test"
      + network_interface_ids           = (known after apply)
      + platform_fault_domain           = -1
      + priority                        = "Regular"
      + private_ip_address              = (known after apply)
      + private_ip_addresses            = (known after apply)
      + provision_vm_agent              = true
      + public_ip_address               = (known after apply)
      + public_ip_addresses             = (known after apply)
      + resource_group_name             = "rg-dave-terraform-test"
      + size                            = "Standard_DS3_v2"
      + virtual_machine_id              = (known after apply)
      + zone                            = (known after apply)

      + admin_ssh_key {
          + public_key = <<-EOT
                ssh-rsa ererererererer dave@dave
            EOT
          + username   = "centos"
        }

      + os_disk {
          + caching                   = "ReadWrite"
          + disk_size_gb              = (known after apply)
          + name                      = (known after apply)
          + storage_account_type      = "Premium_LRS"
          + write_accelerator_enabled = false
        }

      + source_image_reference {
          + offer     = "CentOS"
          + publisher = "OpenLogic"
          + sku       = "8_3"
          + version   = "latest"
        }
    }

  # azurerm_network_interface.daveterraformnic will be created
  + resource "azurerm_network_interface" "daveterraformnic" {
      + applied_dns_servers           = (known after apply)
      + dns_servers                   = (known after apply)
      + enable_accelerated_networking = false
      + enable_ip_forwarding          = false
      + id                            = (known after apply)
      + internal_dns_name_label       = (known after apply)
      + internal_domain_name_suffix   = (known after apply)
      + location                      = "westeurope"
      + mac_address                   = (known after apply)
      + name                          = "daveNIC"
      + private_ip_address            = (known after apply)
      + private_ip_addresses          = (known after apply)
      + resource_group_name           = "rg-dave-terraform-test"
      + tags                          = {
          + "environment" = "Terraform Demo"
        }
      + virtual_machine_id            = (known after apply)

      + ip_configuration {
          + name                          = "daveNicConfiguration"
          + primary                       = (known after apply)
          + private_ip_address            = (known after apply)
          + private_ip_address_allocation = "dynamic"
          + private_ip_address_version    = "IPv4"
          + public_ip_address_id          = (known after apply)
          + subnet_id                     = (known after apply)
        }
    }

  # azurerm_network_interface_security_group_association.dave will be created
  + resource "azurerm_network_interface_security_group_association" "dave" {
      + id                        = (known after apply)
      + network_interface_id      = (known after apply)
      + network_security_group_id = (known after apply)
    }

  # azurerm_network_security_group.daveterraformnsg will be created
  + resource "azurerm_network_security_group" "daveterraformnsg" {
      + id                  = (known after apply)
      + location            = "westeurope"
      + name                = "daveNetworkSecurityGroup"
      + resource_group_name = "rg-dave-terraform-test"
      + security_rule       = [
          + {
              + access                                     = "Allow"
              + description                                = ""
              + destination_address_prefix                 = "*"
              + destination_address_prefixes               = []
              + destination_application_security_group_ids = []
              + destination_port_range                     = "22"
              + destination_port_ranges                    = []
              + direction                                  = "Inbound"
              + name                                       = "SSH"
              + priority                                   = 1001
              + protocol                                   = "Tcp"
              + source_address_prefix                      = "*"
              + source_address_prefixes                    = []
              + source_application_security_group_ids      = []
              + source_port_range                          = "*"
              + source_port_ranges                         = []
            },
        ]
      + tags                = {
          + "environment" = "Terraform Demo"
        }
    }

  # azurerm_public_ip.daveterraformpublicip will be created
  + resource "azurerm_public_ip" "daveterraformpublicip" {
      + allocation_method       = "Dynamic"
      + fqdn                    = (known after apply)
      + id                      = (known after apply)
      + idle_timeout_in_minutes = 4
      + ip_address              = (known after apply)
      + ip_version              = "IPv4"
      + location                = "westeurope"
      + name                    = "davePublicIP"
      + resource_group_name     = "rg-dave-terraform-test"
      + sku                     = "Basic"
      + tags                    = {
          + "environment" = "Terraform Demo"
        }
    }

  # azurerm_resource_group.daveterraformgroup will be created
  + resource "azurerm_resource_group" "daveterraformgroup" {
      + id       = (known after apply)
      + location = "westeurope"
      + name     = "rg-dave-terraform-test"
      + tags     = {
          + "environment" = "Terraform Demo"
        }
    }

  # azurerm_subnet.daveterraformsubnet will be created
  + resource "azurerm_subnet" "daveterraformsubnet" {
      + address_prefix                                 = (known after apply)
      + address_prefixes                               = [
          + "10.0.1.0/24",
        ]
      + enforce_private_link_endpoint_network_policies = false
      + enforce_private_link_service_network_policies  = false
      + id                                             = (known after apply)
      + name                                           = "daveSubnet"
      + resource_group_name                            = "rg-dave-terraform-test"
      + virtual_network_name                           = "daveVnet"
    }

  # azurerm_virtual_network.daveterraformnetwork will be created
  + resource "azurerm_virtual_network" "daveterraformnetwork" {
      + address_space         = [
          + "10.0.0.0/16",
        ]
      + guid                  = (known after apply)
      + id                    = (known after apply)
      + location              = "westeurope"
      + name                  = "daveVnet"
      + resource_group_name   = "rg-dave-terraform-test"
      + subnet                = (known after apply)
      + tags                  = {
          + "environment" = "Terraform Demo"
        }
      + vm_protection_enabled = false
    }

Plan: 8 to add, 0 to change, 0 to destroy.

 

Terraform apply

Create VM using https://github.com/dveselka/devops-terraform/blob/master/azure/main.tf

$ terraform apply
azurerm_resource_group.daveterraformgroup: Refreshing state... [id=/subscriptions/3434343-334/resourceGroups/rg-dave-terraform-test]
azurerm_virtual_network.daveterraformnetwork: Refreshing state... [id=/subscriptions/43443-434-3434/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet]
azurerm_network_security_group.daveterraformnsg: Refreshing state... [id=/subscriptions/434343-43-43/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/networkSecurityGroups/daveNetworkSecurityGroup]
azurerm_public_ip.daveterraformpublicip: Refreshing state... [id=/subscriptions/343434-43434/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/publicIPAddresses/davePublicIP]
azurerm_subnet.daveterraformsubnet: Refreshing state... [id=/subscriptions/343434-43434/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet/subnets/daveSubnet]
azurerm_network_interface.daveterraformnic: Refreshing state... [id=/subscriptions/3434-434343/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/networkInterfaces/daveNIC]
azurerm_network_interface_security_group_association.dave: Refreshing state... [id=/subscriptions/3434-434343/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/....

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply":


Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond
to these changes.

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_linux_virtual_machine.daveterraformvm will be created
  + resource "azurerm_linux_virtual_machine" "daveterraformvm" {
      + admin_username                  = "centos"
      + allow_extension_operations      = true
      + computer_name                   = (known after apply)
      + disable_password_authentication = true
      + extensions_time_budget          = "PT1H30M"
      + id                              = (known after apply)
      + location                        = "westeurope"
      + max_bid_price                   = -1
      + name                            = "dave-terraform-test"
      + network_interface_ids           = [
          + "/subscriptions/45454-54-54-545/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/networkInterfaces/daveNIC",
        ]
      + platform_fault_domain           = -1
      + priority                        = "Regular"
      + private_ip_address              = (known after apply)
      + private_ip_addresses            = (known after apply)
      + provision_vm_agent              = true
      + public_ip_address               = (known after apply)
      + public_ip_addresses             = (known after apply)
      + resource_group_name             = "rg-dave-terraform-test"
      + size                            = "Standard_A2_v2"
      + virtual_machine_id              = (known after apply)
      + zone                            = (known after apply)

      + admin_ssh_key {
          + public_key = <<-eot 0="" 1="" 2m49s="" above.="" accepted="" actions="" add="" added="" after="" apply="" approve.="" artrterteteteterte="" azure="" azurerm_linux_virtual_machine.daveterraformvm:="" be="" caching="ReadWrite" change="" changed="" code="" complete="" creating...="" creation="" dave="" described="" destroy.="" destroyed.="" disk_size_gb="(known" do="" elapsed="" eot="" id="/subscriptions/e535613a-7524-4b38-8915-ad04b02fe3d0/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Compute/virtualMachines/dave-terraform-test]" m0s="" m10s="" m20s="" m30s="" m40s="" m50s="" name="(known" offer="CentOS" only="" os_disk="" perform="" plan:="" publisher="OpenLogic" resources:="" s="" sku="8_3" source_image_reference="" ssh-rsa="" still="" storage_account_type="Standard_LRS" terraform="" the="" these="" to="" username="centos" version="latest" want="" will="" write_accelerator_enabled="false" yes="" you="">
azurerm_linux_virtual_machine.daveterraformvm: Creating... azurerm_linux_virtual_machine.daveterraformvm: Still creating... [10s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [20s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [30s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [40s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [50s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m0s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m10s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m20s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m30s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m40s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m50s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [2m0s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [2m10s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [2m20s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [2m30s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Still creating... [2m40s elapsed] azurerm_linux_virtual_machine.daveterraformvm: Creation complete after 2m49s [id=/subscriptions/34343-4343/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Compute/virtualMachines/dave-terraform-test] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. [dave@dave azure]$

 

 Check VM in Azure Console

https://portal.azure.com/



SSH into VM
[dave@dave azure]$ ssh centos@20.73.164.213
The authenticity of host '20.73.164.213 (20.73.164.213)' can't be established.
ECDSA key fingerprint is SHA256:ovtXmI52ndfouGE97PX4foS099J2lj91xie4cRQz8w8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '20.73.164.213' (ECDSA) to the list of known hosts.
Activate the web console with: systemctl enable --now cockpit.socket

[centos@dave-terraform-test ~]$ more /etc/redhat-release
CentOS Linux release 8.3.2011


No comments:

Post a Comment