Terraform
Infrastructure as Code
I think there are several levels of getting infrastructure
- Buy your own server
- Rent a server from somebody else who bought a server
- Rent a virtual server with no 1:1 mapping to real servers
- Pay for services you want to use, e.g. a database
- Use infrastructure as code (IaC) to aquire the virtual servers and services you need.
Installation
https://learn.hashicorp.com/tutorials/terraform/install-cli
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install terraform
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install terraform
terraform -install-autocomplete
Docker
Create a new folder, inside the folder create this file
main.tf
terraform {
required_providers {
docker = {
source = "terraform-providers/docker"
}
}
}
provider "docker" {}
resource "docker_image" "nginx" {
name = "nginx:latest"
keep_locally = false
}
resource "docker_container" "nginx" {
image = docker_image.nginx.latest
name = "tutorial"
ports {
internal = 80
external = 8000
}
}
required_providers {
docker = {
source = "terraform-providers/docker"
}
}
}
provider "docker" {}
resource "docker_image" "nginx" {
name = "nginx:latest"
keep_locally = false
}
resource "docker_container" "nginx" {
image = docker_image.nginx.latest
name = "tutorial"
ports {
internal = 80
external = 8000
}
}
Initialize
terraform init
Change what needs to be done
terraform apply
Destroy everything again
terraform destroy
Azure
az login
Define a Linux server with SSH access
main.tf
# Configure the Microsoft Azure Provider.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 2.26"
}
}
}
provider "azurerm" {
features {}
}
# Create a resource group
resource "azurerm_resource_group" "rg" {
name = "${var.prefix}TFRG"
location = var.location
tags = var.tags
}
# Create virtual network
resource "azurerm_virtual_network" "vnet" {
name = "${var.prefix}TFVnet"
address_space = ["10.0.0.0/16"]
location = var.location
resource_group_name = azurerm_resource_group.rg.name
tags = var.tags
}
# Create subnet
resource "azurerm_subnet" "subnet" {
name = "${var.prefix}TFSubnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# Create public IP
resource "azurerm_public_ip" "publicip" {
name = "${var.prefix}TFPublicIP"
location = var.location
resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Dynamic"
tags = var.tags
}
# Create Network Security Group and rule
resource "azurerm_network_security_group" "nsg" {
name = "${var.prefix}TFNSG"
location = var.location
resource_group_name = azurerm_resource_group.rg.name
tags = var.tags
security_rule {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
# Create network interface
resource "azurerm_network_interface" "nic" {
name = "${var.prefix}NIC"
location = var.location
resource_group_name = azurerm_resource_group.rg.name
tags = var.tags
ip_configuration {
name = "${var.prefix}NICConfg"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "dynamic"
public_ip_address_id = azurerm_public_ip.publicip.id
}
}
# Create a Linux virtual machine
resource "azurerm_virtual_machine" "vm" {
name = "${var.prefix}TFVM"
location = var.location
resource_group_name = azurerm_resource_group.rg.name
network_interface_ids = [azurerm_network_interface.nic.id]
vm_size = "Standard_DS1_v2"
tags = var.tags
storage_os_disk {
name = "${var.prefix}OsDisk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Premium_LRS"
}
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = lookup(var.sku, var.location)
version = "latest"
}
os_profile {
computer_name = "${var.prefix}TFVM"
admin_username = var.admin_username
admin_password = var.admin_password
}
os_profile_linux_config {
disable_password_authentication = false
}
}
data "azurerm_public_ip" "ip" {
name = azurerm_public_ip.publicip.name
resource_group_name = azurerm_virtual_machine.vm.resource_group_name
depends_on = ["azurerm_virtual_machine.vm"]
}
output "os_sku" {
value = lookup(var.sku, var.location)
}
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 2.26"
}
}
}
provider "azurerm" {
features {}
}
# Create a resource group
resource "azurerm_resource_group" "rg" {
name = "${var.prefix}TFRG"
location = var.location
tags = var.tags
}
# Create virtual network
resource "azurerm_virtual_network" "vnet" {
name = "${var.prefix}TFVnet"
address_space = ["10.0.0.0/16"]
location = var.location
resource_group_name = azurerm_resource_group.rg.name
tags = var.tags
}
# Create subnet
resource "azurerm_subnet" "subnet" {
name = "${var.prefix}TFSubnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# Create public IP
resource "azurerm_public_ip" "publicip" {
name = "${var.prefix}TFPublicIP"
location = var.location
resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Dynamic"
tags = var.tags
}
# Create Network Security Group and rule
resource "azurerm_network_security_group" "nsg" {
name = "${var.prefix}TFNSG"
location = var.location
resource_group_name = azurerm_resource_group.rg.name
tags = var.tags
security_rule {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
# Create network interface
resource "azurerm_network_interface" "nic" {
name = "${var.prefix}NIC"
location = var.location
resource_group_name = azurerm_resource_group.rg.name
tags = var.tags
ip_configuration {
name = "${var.prefix}NICConfg"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "dynamic"
public_ip_address_id = azurerm_public_ip.publicip.id
}
}
# Create a Linux virtual machine
resource "azurerm_virtual_machine" "vm" {
name = "${var.prefix}TFVM"
location = var.location
resource_group_name = azurerm_resource_group.rg.name
network_interface_ids = [azurerm_network_interface.nic.id]
vm_size = "Standard_DS1_v2"
tags = var.tags
storage_os_disk {
name = "${var.prefix}OsDisk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Premium_LRS"
}
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = lookup(var.sku, var.location)
version = "latest"
}
os_profile {
computer_name = "${var.prefix}TFVM"
admin_username = var.admin_username
admin_password = var.admin_password
}
os_profile_linux_config {
disable_password_authentication = false
}
}
data "azurerm_public_ip" "ip" {
name = azurerm_public_ip.publicip.name
resource_group_name = azurerm_virtual_machine.vm.resource_group_name
depends_on = ["azurerm_virtual_machine.vm"]
}
output "os_sku" {
value = lookup(var.sku, var.location)
}
Variables to be used in the config
variables.tf
variable "location" {}
variable "admin_username" {
type = string
description = "Administrator user name for virtual machine"
}
variable "admin_password" {
type = string
description = "Password must meet Azure complexity requirements"
}
variable "prefix" {
type = string
default = "my"
}
variable "tags" {
type = map
default = {
Environment = "Terraform GS"
Dept = "Engineering"
}
}
variable "sku" {
default = {
westus2 = "16.04-LTS"
eastus = "18.04-LTS"
}
}
variable "admin_username" {
type = string
description = "Administrator user name for virtual machine"
}
variable "admin_password" {
type = string
description = "Password must meet Azure complexity requirements"
}
variable "prefix" {
type = string
default = "my"
}
variable "tags" {
type = map
default = {
Environment = "Terraform GS"
Dept = "Engineering"
}
}
variable "sku" {
default = {
westus2 = "16.04-LTS"
eastus = "18.04-LTS"
}
}
Values for variables
terraform.tfvars
location = "westus2"
prefix = "tf"
prefix = "tf"
terraform init
terraform plan
terraform apply
terraform show
terraform state list
terraform plan
terraform apply
terraform show
terraform state list