Learning Terraform
Embedded Files
By Morgan Lucas
This is a post intended for this site, as a way to get a feel of using it consistently. Older posts are here.
This predates using Terraform with AWS, and Cloud Formation. Someone reached out to me to ask if I could set up Azure for their company as a viable option, with several virtual machines, storage, and security measures in place.
I spearheaded adoption of Azure using Terraform, managing challenges with drift and provisioners, and now they make money with Azure.
Let's see how.
7 Resources Created in Azure using Terraform
7 Resources Created in Azure using Terraform
Virtual Machine
Network Interface
Virtual Network
Security Rule attached to Security Group
Security Group (with outputs)
Subnet
Public IP address
Many of these resources are attached to each other - The Network Interface is attached to the Virtual Machine, and they’re both in a Security Group which has Security Rules attached to it.
The Virtual Network is attached to the Subnet, and the Public IP address is attached to the Network Security Group. This way, The Virtual Machine has internet access, but also has rules about who can access it.
I used 3 variables. Variables are something that isn't hard coded into the code. I can change it in the .var file and it will propagate across the rest of the code, saving time and minimizing human error.
Things to Like About Terraform
Things to Like About Terraform
It clearly tells you what an error is! Troubleshooting was mostly a breeze, and since I wasn't getting [too] annoyed, I could more easily learn where the mistakes where. For instance, the first line in the main code ('provider') - the azurerm part is not a random name;
provider "azurerm" is an actual thing that connects to Azure. There is one for each cloud provider.
Variables make it easier to quickly swap out bits of code that may be account-specific over hardcoding. This way, you don’t need to replace us-east-1 multiple times.
You will need at least 3 files - the main code, the variables file, and the place to establish the variables. The main code is usually called [main.tf] for clarity, but it’s not mandatory.
It doesn't tell you all the errors at once. If you fix one, another pops up after terraform plan is ran once more. It makes troubleshooting easier to deal with when it's one problem at a time. You may prefer a long list of errors to deduce, but I like the step-by-step approach. This minimizes me overextending myself trying to fix 5 steps at once.
Things Terraform Could Improve Upon
Things Terraform Could Improve Upon
if you're a beginner, it can still be difficult to parse. I had to take some code snippets from the demo I used.
In another instance, it couldn't reference a count variable I had placed under another resource.
Why not?
Error: Network Interface “Net-Connection” (Resource Group “Admins”) was not found!
Both aspects are in my code. The resource network interface and the variable that says "Admins is my resource group".
So, what's the actual problem?
What I Thought The Problem Was
What I Thought The Problem Was
I thought my environment was corrupted, as it was looking for created elements that were no longer there. I created a new workspace with terraform workspace new [name] and ran it again.
What The Problem Actually Was
What The Problem Actually Was
It was a phenomenon known as Terraform Drift - When you create things in Terraform and delete them in Azure, Terraform is like "What, where's this resource? HELP ME! I CAN'T CONTINUE."
So while changing the workspace with terraform workspace new [name] did work, I also went into the state file and deleted the no-longer-existent resource which is not good practice, but it's learning practice. I won't be doing it again!
"Mama, Let's Research"
"Mama, Let's Research"
The documentation I've found is a little unclear sometimes. Some parts of the code, It took more context clues to find out what meant what - and I'm still not 100% sure.
resource "azurerm_virtual_machine" "CloudskilsDevVM"
I'm pretty sure the name of the second part ("CloudskilsDevVM") would be the name, however, the next line in the brackets is
name = "cloudskillsvm"
So what is "CloudskilsDevVM"?
I still haven't figured it out, but my code works. So, whoo! This definitely helps when I build out more clould-only companies.
Page updated
Google Sites
Report abuse