HOWTO
Differences Between On-Premise, SaaS, PaaS, IaaS
GitHub
Install Terraform on Fedora
https://learn.hashicorp.com/tutorials/terraform/install-cli
sudo dnf install -y dnf-plugins-core
sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
sudo dnf -y install terraform
Install Azure CLI
https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-yum
Verify installation
[dave@dave ~]$ terraform version
Terraform v0.13.5
[dave@dave ~]$ az version
{
"azure-cli": "2.14.2",
"azure-cli-core": "2.14.2",
"azure-cli-telemetry": "1.0.6",
"extensions": {}
}
Login via Azure CLI using own credentials
$ az login
[dave@dave azure]$ az account show
{
"environmentName": "AzureCloud",
"homeTenantId": "23432432423-2342423423",
"id": "3234234234-234234234",
"isDefault": true,
"managedByTenants": [],
"name": "Free Trial",
"state": "Enabled",
"tenantId": "234234234-234234234",
"user": {
"name": "daniel.veselka",
"type": "user"
}
}
Authenticate to Azure using service principal variables
https://docs.microsoft.com/en-us/azure/developer/terraform/get-started-cloud-shell#authenticate-via-azure-service-principal
Get values for service principal and store them into env vars ARM_*
A Service Principal is an application within Azure Active Directory whose authentication tokens can be used as the client_id
, client_secret
, and tenant_id
fields needed by Terraform (subscription_id
can be independently recovered from your Azure account details).
Set subscription to use with Terraform
https://docs.microsoft.com/en-us/azure/developer/terraform/get-started-cloud-shell#set-the-current-azure-subscription
az account set --subscription="<subscription_id>"
Export Azure principle secrets variables
https://www.terraform.io/docs/providers/azurerm/guides/service_principal_client_secret.html
$ export ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000"
$ export ARM_CLIENT_SECRET="00000000-0000-0000-0000-000000000000"
$ export ARM_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000"
$ export ARM_TENANT_ID="00000000-0000-0000-0000-000000000000"
Find Centos OS Azure image
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage
az vm image list -l westeurope --publisher openlogic --offer centos --sku 8 --all -o table
Offer Publisher Sku Urn Version
------------------------- ----------- --------------- ------------------------------------------------------------------ --------------
CentOS OpenLogic 8_3 OpenLogic:CentOS:8_3:8.3.2020120900 8.3.2020120900
CentOS OpenLogic 8_3 OpenLogic:CentOS:8_3:8.3.2021020400 8.3.2021020400
CentOS OpenLogic 8_3-gen2 OpenLogic:CentOS:8_3-gen2:8.3.2020120901 8.3.2020120901
CentOS OpenLogic 8_3-gen2 OpenLogic:CentOS:8_3-gen2:8.3.2021020401 8.3.2021020401
Install VSCode with Terraform extension
For VSCode installation see here https://danielveselka.blogspot.com/2020/11/google-cloud-code-ide-extension.html
https://github.com/hashicorp/vscode-terraform
Choose VM size
https://docs.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable
Create VM
https://docs.microsoft.com/en-us/azure/developer/terraform/create-linux-virtual-machine-with-infrastructure
https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/examples/virtual-machines/linux/basic-ssh/main.tf
https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/examples/virtual-machines/linux/custom-data/main.tf
[dave@dave azure]$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/tls...
- Finding latest version of hashicorp/azurerm...
- Installing hashicorp/tls v3.0.0...
- Installed hashicorp/tls v3.0.0 (signed by HashiCorp)
- Installing hashicorp/azurerm v2.36.0...
- Installed hashicorp/azurerm v2.36.0 (signed by HashiCorp)
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, we recommend adding version constraints in a required_providers block
in your configuration, with the constraint strings suggested below.
* hashicorp/azurerm: version = "~> 2.36.0"
* hashicorp/tls: version = "~> 3.0.0"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Terraform plan
[dave@dave azure]$ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_linux_virtual_machine.daveterraformvm will be created
+ resource "azurerm_linux_virtual_machine" "daveterraformvm" {
+ admin_username = "centos"
+ allow_extension_operations = true
+ computer_name = (known after apply)
+ disable_password_authentication = true
+ extensions_time_budget = "PT1H30M"
+ id = (known after apply)
+ location = "westeurope"
+ max_bid_price = -1
+ name = "dave_terraform_test"
+ network_interface_ids = (known after apply)
+ platform_fault_domain = -1
+ priority = "Regular"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ provision_vm_agent = true
+ public_ip_address = (known after apply)
+ public_ip_addresses = (known after apply)
+ resource_group_name = "rg-dave-terraform-test"
+ size = "Standard_DS3_v2"
+ virtual_machine_id = (known after apply)
+ zone = (known after apply)
+ admin_ssh_key {
+ public_key = <<-EOT
ssh-rsa ererererererer dave@dave
EOT
+ username = "centos"
}
+ os_disk {
+ caching = "ReadWrite"
+ disk_size_gb = (known after apply)
+ name = (known after apply)
+ storage_account_type = "Premium_LRS"
+ write_accelerator_enabled = false
}
+ source_image_reference {
+ offer = "CentOS"
+ publisher = "OpenLogic"
+ sku = "8_3"
+ version = "latest"
}
}
# azurerm_network_interface.daveterraformnic will be created
+ resource "azurerm_network_interface" "daveterraformnic" {
+ applied_dns_servers = (known after apply)
+ dns_servers = (known after apply)
+ enable_accelerated_networking = false
+ enable_ip_forwarding = false
+ id = (known after apply)
+ internal_dns_name_label = (known after apply)
+ internal_domain_name_suffix = (known after apply)
+ location = "westeurope"
+ mac_address = (known after apply)
+ name = "daveNIC"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ resource_group_name = "rg-dave-terraform-test"
+ tags = {
+ "environment" = "Terraform Demo"
}
+ virtual_machine_id = (known after apply)
+ ip_configuration {
+ name = "daveNicConfiguration"
+ primary = (known after apply)
+ private_ip_address = (known after apply)
+ private_ip_address_allocation = "dynamic"
+ private_ip_address_version = "IPv4"
+ public_ip_address_id = (known after apply)
+ subnet_id = (known after apply)
}
}
# azurerm_network_interface_security_group_association.dave will be created
+ resource "azurerm_network_interface_security_group_association" "dave" {
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ network_security_group_id = (known after apply)
}
# azurerm_network_security_group.daveterraformnsg will be created
+ resource "azurerm_network_security_group" "daveterraformnsg" {
+ id = (known after apply)
+ location = "westeurope"
+ name = "daveNetworkSecurityGroup"
+ resource_group_name = "rg-dave-terraform-test"
+ security_rule = [
+ {
+ access = "Allow"
+ description = ""
+ destination_address_prefix = "*"
+ destination_address_prefixes = []
+ destination_application_security_group_ids = []
+ destination_port_range = "22"
+ destination_port_ranges = []
+ direction = "Inbound"
+ name = "SSH"
+ priority = 1001
+ protocol = "Tcp"
+ source_address_prefix = "*"
+ source_address_prefixes = []
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
]
+ tags = {
+ "environment" = "Terraform Demo"
}
}
# azurerm_public_ip.daveterraformpublicip will be created
+ resource "azurerm_public_ip" "daveterraformpublicip" {
+ allocation_method = "Dynamic"
+ fqdn = (known after apply)
+ id = (known after apply)
+ idle_timeout_in_minutes = 4
+ ip_address = (known after apply)
+ ip_version = "IPv4"
+ location = "westeurope"
+ name = "davePublicIP"
+ resource_group_name = "rg-dave-terraform-test"
+ sku = "Basic"
+ tags = {
+ "environment" = "Terraform Demo"
}
}
# azurerm_resource_group.daveterraformgroup will be created
+ resource "azurerm_resource_group" "daveterraformgroup" {
+ id = (known after apply)
+ location = "westeurope"
+ name = "rg-dave-terraform-test"
+ tags = {
+ "environment" = "Terraform Demo"
}
}
# azurerm_subnet.daveterraformsubnet will be created
+ resource "azurerm_subnet" "daveterraformsubnet" {
+ address_prefix = (known after apply)
+ address_prefixes = [
+ "10.0.1.0/24",
]
+ enforce_private_link_endpoint_network_policies = false
+ enforce_private_link_service_network_policies = false
+ id = (known after apply)
+ name = "daveSubnet"
+ resource_group_name = "rg-dave-terraform-test"
+ virtual_network_name = "daveVnet"
}
# azurerm_virtual_network.daveterraformnetwork will be created
+ resource "azurerm_virtual_network" "daveterraformnetwork" {
+ address_space = [
+ "10.0.0.0/16",
]
+ guid = (known after apply)
+ id = (known after apply)
+ location = "westeurope"
+ name = "daveVnet"
+ resource_group_name = "rg-dave-terraform-test"
+ subnet = (known after apply)
+ tags = {
+ "environment" = "Terraform Demo"
}
+ vm_protection_enabled = false
}
Plan: 8 to add, 0 to change, 0 to destroy.
Terraform apply
Create VM using https://github.com/dveselka/devops-terraform/blob/master/azure/main.tf
$ terraform apply
azurerm_resource_group.daveterraformgroup: Refreshing state... [id=/subscriptions/3434343-334/resourceGroups/rg-dave-terraform-test]
azurerm_virtual_network.daveterraformnetwork: Refreshing state... [id=/subscriptions/43443-434-3434/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet]
azurerm_network_security_group.daveterraformnsg: Refreshing state... [id=/subscriptions/434343-43-43/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/networkSecurityGroups/daveNetworkSecurityGroup]
azurerm_public_ip.daveterraformpublicip: Refreshing state... [id=/subscriptions/343434-43434/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/publicIPAddresses/davePublicIP]
azurerm_subnet.daveterraformsubnet: Refreshing state... [id=/subscriptions/343434-43434/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet/subnets/daveSubnet]
azurerm_network_interface.daveterraformnic: Refreshing state... [id=/subscriptions/3434-434343/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/networkInterfaces/daveNIC]
azurerm_network_interface_security_group_association.dave: Refreshing state... [id=/subscriptions/3434-434343/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/....
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply":
Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond
to these changes.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_linux_virtual_machine.daveterraformvm will be created
+ resource "azurerm_linux_virtual_machine" "daveterraformvm" {
+ admin_username = "centos"
+ allow_extension_operations = true
+ computer_name = (known after apply)
+ disable_password_authentication = true
+ extensions_time_budget = "PT1H30M"
+ id = (known after apply)
+ location = "westeurope"
+ max_bid_price = -1
+ name = "dave-terraform-test"
+ network_interface_ids = [
+ "/subscriptions/45454-54-54-545/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/networkInterfaces/daveNIC",
]
+ platform_fault_domain = -1
+ priority = "Regular"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ provision_vm_agent = true
+ public_ip_address = (known after apply)
+ public_ip_addresses = (known after apply)
+ resource_group_name = "rg-dave-terraform-test"
+ size = "Standard_A2_v2"
+ virtual_machine_id = (known after apply)
+ zone = (known after apply)
+ admin_ssh_key {
+ public_key = <<-eot 0="" 1="" 2m49s="" above.="" accepted="" actions="" add="" added="" after="" apply="" approve.="" artrterteteteterte="" azure="" azurerm_linux_virtual_machine.daveterraformvm:="" be="" caching="ReadWrite" change="" changed="" code="" complete="" creating...="" creation="" dave="" described="" destroy.="" destroyed.="" disk_size_gb="(known" do="" elapsed="" eot="" id="/subscriptions/e535613a-7524-4b38-8915-ad04b02fe3d0/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Compute/virtualMachines/dave-terraform-test]" m0s="" m10s="" m20s="" m30s="" m40s="" m50s="" name="(known" offer="CentOS" only="" os_disk="" perform="" plan:="" publisher="OpenLogic" resources:="" s="" sku="8_3" source_image_reference="" ssh-rsa="" still="" storage_account_type="Standard_LRS" terraform="" the="" these="" to="" username="centos" version="latest" want="" will="" write_accelerator_enabled="false" yes="" you="">-eot>
azurerm_linux_virtual_machine.daveterraformvm: Creating...
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [10s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [20s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [30s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [40s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [50s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m0s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m10s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m20s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m30s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m40s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [1m50s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [2m0s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [2m10s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [2m20s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [2m30s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Still creating... [2m40s elapsed]
azurerm_linux_virtual_machine.daveterraformvm: Creation complete after 2m49s [id=/subscriptions/34343-4343/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Compute/virtualMachines/dave-terraform-test]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
[dave@dave azure]$
Check VM in Azure Console
https://portal.azure.com/
SSH into VM
[dave@dave azure]$ ssh centos@20.73.164.213
The authenticity of host '20.73.164.213 (20.73.164.213)' can't be established.
ECDSA key fingerprint is SHA256:ovtXmI52ndfouGE97PX4foS099J2lj91xie4cRQz8w8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '20.73.164.213' (ECDSA) to the list of known hosts.
Activate the web console with: systemctl enable --now cockpit.socket
[centos@dave-terraform-test ~]$ more /etc/redhat-release
CentOS Linux release 8.3.2011