This is part 2 of a series of Blog posts about Terraform and Azure Devops Services.
After preparing the required Azure DevOps Services and Visual Studio Code in part 1, we are now ready to deploy the Multi-Stage YAML pipeline.
Table of Contents
Add demo content to repository
CloudFive-IaC/cloud-examples: IaC examples for Cloud deployments (github.com)
The content required for this demo is located in the folder: AzureDevOps-Terraform
Clone repository
- Open ‘Visual Studio Code’
- Open the command palette with the key combination of Ctrl + Shift + P
- At the command palette prompt, type gitcl, select the Git: Clone command, and press Enter
- When prompted for the Repository URL, select clone from GitHub, then press Enter
- If you are asked to sign into GitHub, complete the sign-in process
- Enter https://github.com/CloudFive-IaC/cloud-examples in the Repository URL field
- Select (or create) the local directory into which you want to clone the project.
- When you receive the notification asking if you want to open the cloned repository, select Open
First commit
Now that you have the demo data, copy the contents of the folder to the folder for your Azure DevOps repository created in the previous blog.
When the files are copied you see that source control has items to commit.
- Select ‘Source Control’
- Hit the commit button (checkbox)
- Add tekst that describes the commit and press Enter
Sync the changes by pressing ‘Sync Changes’
Azure DevOps
- Go to the Azure DevOps Portal > https://dev.azure.com/ (First 5 users free)
- Go to your Project
- From within your project navigate to ‘Repos’
Adjust pipeline
I have commented the lines that need to be changed in terraform/pipelines folder (tf-validate-plan-apply-basic.yml), for example:
Stages:
- stage: Validate
jobs:
- job: ValidateInstall
steps:
- task: CmdLine@2
displayName: Terraform Init
inputs:
#replace 'example-key1' with your key from key vault. Pipelines > Library > Variable groups
script: terraform init -backend-config="access_key=$(example-key1)"
workingDirectory: terraform
So here you have to replace ‘example-key1’ with your key from key vault. Which can be found in Pipelines > Library > Variable groups
terraform {
backend "azurerm" {
storage_account_name = "stateterraform184" # Storage account created
container_name = "ct-terraform-state-184" # Container created
key = "demo-tf.tfstate" # Desired name of tfstate file
}
}
terraform/ folder (providers.tf)
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "2.96.0"
}
}
}
provider "azurerm" {
features {}
subscription_id = var.subscription-id # Add your subscription id in "" or add secret in keyvault
client_id = var.spn-client-id
client_secret = var.spn-client-secret
tenant_id = var.spn-tenant-id
}
terraform/ folder (main.tf) here you can add or change data to your preferences, I added modules as an example.
main.tf,variables.tf,outputs.tf. These are the recommended filenames for a minimal module, even if they’re empty.main.tfshould be the primary entrypoint. For a simple module, this may be where all the resources are created. For a complex module, resource creation may be split into multiple files but any nested module calls should be in the main file.variables.tfandoutputs.tfshould contain the declarations for variables and outputs, respectively.
# Create your Resource Group
resource "azurerm_resource_group" "rg" {
name = "rg-tf-main-demo"
location = "West Europe"
}
# Define 'module' for modules in subfolder
module "modules" {
source = "./modules"
}
Create pipeline
- Navigate to ‘Pipelines’ > ‘New pipeline’ > ‘Select Azure Repos Git’
Select your repository and select ‘Existing Azure Pipelines YAML file’
Select: /terraform/pipelines/tf-validate-plan-apply-basic.yml and press ‘Continue’
You are now ready to run your basic pipeline 🙂 Review you pipeline and press ‘Run’
For the first run the pipeline needs permission to access resources. Select ‘View’ and permit.
As you can see the pipeline has 3 stages in this example. Validate, Plan and Apply
- Validate checks if the configuration is valid
- Plan creates an execution plan, which lets you preview the changes that Terraform plans to make to your infrastructure:
- Reads the current state of any already-existing remote objects to make sure that the Terraform state is up-to-date.
- Compares the current configuration to the prior state and noting any differences.
- Proposes a set of change actions that should, if applied, make the remote objects match the configuration.
- Apply the
terraform applycommand executes the actions proposed in a Terraform plan
To view the stages you can click on the stage to see more info, in this example you can see the plan stage and what is going to be created:
Pipeline steps
Validate
Step # | Description |
|---|---|
1. | Initialize job |
2. | Download secrets |
3. | Checkout main branch |
4. | Terraform Init (Initialize modules, backend and providers) |
5. | Validate configuration |
Plan
Step # | Description |
|---|---|
1. | Initialize job |
2. | Download secrets |
3. | Checkout main branch |
4. | Terraform Init (Initialize modules, backend and providers) |
5. | Terraform Plan |
6.. | Copy plan file as artifact |
7. | Publish plan file as artifact |
Apply
Step # | Description |
|---|---|
1. | Initialize job |
2. | Download secrets |
3. | Checkout main branch |
4. | Terraform Init (Initialize modules, backend and providers) |
5. | Download pipeline artifact |
6. | Terraform apply |
All set! Further configuration with branches, reviews and approvals within the pipeline will be in my next post!
TERRAFORM AND AZURE DEVOPS | PART 3
