lulzzz / terraform Goto Github PK

Simple and Powerful

HashiCorp Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

Share Terraform custom modules with the community with the following guidelines :

• a module is dedicated to one action : create network interfaces, create an Azure recovery vault, ...
• a module doesn't contain any static values
• a module is called using variables

The following sample will launch all the modules to show the reader how they are called. My advice is that the reader pick up the module he wants and calls it how it's shown in the root "main.tf" file.

With your Terraform template created, the first step is to initialize Terraform. This step ensures that Terraform has all the prerequisites to build your template in Azure.

terraform init -backend-config="backend-jdld-sand1.tfvars" -backend-config="secret/backend-jdld-sand1.tfvars"

The next step is to have Terraform review and validate the template. This step compares the requested resources to the state information saved by Terraform and then outputs the planned execution. Resources are not created in Azure.

terraform plan -var-file="main-jdld-sand1.tfvars" -var-file="secret/main-jdld-sand1.tfvars"

If all is ok with the proposal you can now apply the configuration.

terraform apply -var-file="main-jdld-sand1.tfvars" -var-file="secret/main-jdld-sand1.tfvars"

• Terraform 0.10.x
• AzureRM Terraform Provider
• AzureRM Terraform Provider - Authentication
• The called "Infra" Azure Service Principal has the following privileges :
  • Owner privilege at Azure Subscription level (mandatory to create custom roles)
  • Read directory data on Windows Azure Active Directory (mandatory to assign custom roles)

• Always use Terraform implicit dependency, evict the use of the depends_on argument, see Terraform dependencies article for more info
• Use remote backends to save your Terraform state, see Terraform remote backends article for more info

• Terraform authentication to AzureRM via Service Principal & certificate
• Use condition to decide wether or not a NIC should be linked to a Load Balancer, ticket raised here
• Feature Request: resource azurerm_automation_variable, ticket raised here
• Currently there is no Terraform resource for AzureRm recovery services, that's why I used the Terraform resource azurerm_template_deployment. Improvment has been requested here for info
  • Recovery Services provisionning is being studied here
  • VM enrollment to a Recovery Service vault is being studied here
• Couldn't find any option to set the BackupStorageRedundancy paremeter (LRS or GRS) in the RecoveryServices/vaults template, Microsoft.RecoveryServices/vaults template reference

• Use multiple Azure service principal through the provider AzureRm, ticket raised here
  • Solution : usage of provider.azurerm v1.6.0