![Function Description Syntax
listKeys Returns the keys of a
storage account.
listKeys (resourceName or
resourceIdentifier, [apiVersion])
reference Used in depends on
section of resource
reference (resourceName or
resourceIdentifier, [apiVersion])
resourceGroup Returns current resource
group
resourceGroup()
resourceId Returns the unique
identifier of a resource
resourceId ([resourceGroupName],
resourceType, resourceName1,
[resourceName2]...)
subscription Returns subscription
details
subscription()
TEMPLATE EXPRESSION AND FUNCTIONS - OTHER](https://image.slidesharecdn.com/gab2018infrastructureascodeforazure-180423142110/85/Infrastructure-as-Code-for-Azure-ARM-or-Terraform-12-320.jpg)
Infrastructure as Code for Azure: ARM or Terraform?
- 1. Infrastructure as Code for Azure: ARM or Terraform?
- 2. • What is “Infrastructure as Code” • Resource group patterns • ARM template structure • Demo: Deploying Infrastructure using ARM + PowerShell • What is terraform • Terraform code lifecycle • Demo: Plan and apply terraform configuration • Q+A Agenda
- 3. Infrastructure as Code evolved to solve the problem of environment drift in the release pipeline. Without IaC, teams must maintain the settings of individual deployment environments. Over time, each environment becomes a snowflake, that is, a unique configuration that cannot be reproduced automatically. Inconsistency among environments leads to issues during deployments. With snowflakes, administration and maintenance of infrastructure involves manual processes which were hard to track and contributed to errors. Infrastructure as Code
- 5. • Azure Portal • ARM Templates + Powershell/Azure CLI • Custom usage of REST API (use any type of sdk) • Terraform Deploying Infrastructure to Azure
- 6. • Resource Group – logically grouped collection of entities that usually share a common lifecycle • Resource Manager Template - declarative JSON file that defines the goal state of a deployment • Deployment - operation which tracks execution of a Resource Manager template • Parameters - values provided by the user executing the deployment to customize deployed resources • Parameter file - JSON file that stores parameter names and values • API Version – used for versioning and backward compatibility CONCEPTS AZURE RESOURCE MANAGEMENT (ARM)
- 7. • Resources can be organized in a Resource Group, a logical container. • Resource can belong to only one Resource Group. Nested resource groups are not supported. • All Azure Services belongs to certain Resource Type. • Resource has common fields and provider specific properties. • Work with Azure Services as with REST Web Services Resources (CRUD). • You can clarify billing for your organization by viewing the rolled-up costs for the entire group. CLOUD SERVICES AS REST RESOURCE AZURE RESOURCE MANAGEMENT (ARM) API
- 8. RESOURCE GROUP PATTERNS - APPLICATION Resource Group as Container for Application Resources Backend Server 01 Backend Server 02 VHD VHD Backend Subnet Backend Resource Group Frontend Resource Group Frontend Server 01 Frontend Server 02 VHD VHD Frontend Subnet
- 9. RESOURCE GROUP PATTERNS - ENVIRONMENT Resource Group as Container for System Environment Backend Servers VHD VHD Virtual Network Development Environment Virtual Network Frontend Servers Backend Servers VHD VHD QA Environment Frontend Servers
- 10. Element Required Description $schema Yes Location of the JSON schema file. contentVersion Yes Version of the template. parameters No Values provided during deployment execution. variables No Internal variables resources Yes Azure services deployed or updated in a resource group outputs No Values that are returned after deployment EASY PROVISIONING - RESOURCE TEMPLATE
- 11. Function Syntax concat concat (arg1, arg2, arg3, ...) replace replace(originalString, oldCharacter, newCharacter) base64 base64 (inputString) padLeft padLeft(stringToPad, totalLength, paddingCharacter) toLower toLower(stringToChange) toUpper toUpper(stringToChange) TEMPLATE EXPRESSION AND FUNCTIONS - STRINGS
- 12. Function Description Syntax listKeys Returns the keys of a storage account. listKeys (resourceName or resourceIdentifier, [apiVersion]) reference Used in depends on section of resource reference (resourceName or resourceIdentifier, [apiVersion]) resourceGroup Returns current resource group resourceGroup() resourceId Returns the unique identifier of a resource resourceId ([resourceGroupName], resourceType, resourceName1, [resourceName2]...) subscription Returns subscription details subscription() TEMPLATE EXPRESSION AND FUNCTIONS - OTHER
- 13. Deploying Infrastructure using ARM Demo https://bit.ly/2EZch0b https://github.com/serhiiabanichev/GAB2018 Git URL
- 14. What is terraform Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions. Configuration files describe to Terraform the components needed to run a single application or your entire datacenter. Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. As the configuration changes, Terraform is able to determine what changed and create incremental execution plans which can be applied.
- 16. Configuration HCL (HashiCorp Configuration Language) is a configuration language built by HashiCorp. The goal of HCL is to build a structured configuration language that is both human and machine friendly for use with command-line tools, but specifically targeted towards DevOps tools, servers, etc. The set of files used to describe infrastructure in Terraform is simply known as a Terraform configuration. provider "azurerm" { subscription_id = "f7424aaf-****-****-****-*********" client_id = "c404e1a2-****-****-****-*********" client_secret = "************" tenant_id = "b41b72d-****-****-****-*********" } # Create a Resource Group resource "azurerm_resource_group" "main" { name = "${var.resource_group}" location = "${var.location}" }
- 17. Initialization The first command to run for a new configuration - or after checking out an existing configuration from version control - is terraform init, which initializes various local settings and data that will be used by subsequent commands. Terraform uses a plugin based architecture to support the numerous infrastructure and service providers available. As of Terraform version 0.10.0, each "Provider" is its own encapsulated binary distributed separately from Terraform itself. The terraform init command will automatically download and install any Provider binary for the providers in use within the configuration, which in this case is just the azurerm provider: c:GAB2018TF> terraform init Initializing provider plugins... - Checking for available provider plugins on https://releases.hashicorp.com... - Downloading plugin for provider "azurerm" (1.3.3)... The following providers do not have any version constraints in configuration, so the latest version was installed. * provider.azurerm: version = "~> 1.3" Terraform has been successfully initialized!
- 18. Plan changes c:GAB2018TF> terraform plan -out=GAB Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions:……. The terraform plan command is used to create an execution plan. Terraform performs a refresh, unless explicitly disabled, and then determines what actions are necessary to achieve the desired state specified in the configuration files. This command is a convenient way to check whether the execution plan for a set of changes matches your expectations without making any changes to real resources or to the state. For example, terraform plan might be run before committing a change to version control, to create confidence that it will behave as expected.
- 19. Apply configuration c:GAB2018TF>terraform apply "GAB„ azurerm_resource_group.main: Creating... location: "" => "eastus" name: "" => "GAB-TF" tags.%: "" => "<computed>" azurerm_resource_group.main: Creation complete after 2s (ID: /subscriptions/f7424*********) azurerm_virtual_network.main: Creating... address_space.#: "" => "1" address_space.0: "" => "12.0.0.0/24" location: "" => "eastus" name: "" => "GAB-TF-vnet" resource_group_name: "" => "GAB-TF" subnet.#: "" => "<computed>" tags.%: "" => "<computed>" azurerm_public_ip.main: Creating... The terraform apply command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a terraform plan execution plan.
- 20. Apply configuration c:GAB2018TF>terraform apply "GAB„ azurerm_resource_group.main: Creating... location: "" => "eastus" name: "" => "GAB-TF" tags.%: "" => "<computed>" azurerm_resource_group.main: Creation complete after 2s (ID: /subscriptions/f7424*********) azurerm_virtual_network.main: Creating... address_space.#: "" => "1" address_space.0: "" => "12.0.0.0/24" location: "" => "eastus" name: "" => "GAB-TF-vnet" resource_group_name: "" => "GAB-TF" subnet.#: "" => "<computed>" tags.%: "" => "<computed>" azurerm_public_ip.main: Creating... The terraform apply command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a terraform plan execution plan.
- 21. Plan and apply terraform configuration Demo
- 22. Pros and Cons Great implementation of Infrastructure as Code concept. Declarative syntax Ability to "plan" and "apply" configs. Apply actually executes the changes. Supports various cloud providers Uses it's own DSL called the Hashicorp Configuration Language State files store secrets in plain text which is a bad idea when you push it to version-control. Product is still maturing and there are some design limitation