Azure CLI Setup
Install Azure CLI for windows:
$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; rm .\AzureCLI.msiupgrade az cli version
az upgradeAuthenticating using the Azure CLI
# Azure CLI Login
az login
# List Subscriptions
az account list
# Set Specific Subscription (if we have multiple subscriptions)
az account set --subscription="SUBSCRIPTION_ID"Azure
Before we get started, we need to create a resource group. A resource group is a container that holds related resources for an Azure solution.
az group create -l westus -n terraform-rg
Now, create a service principle and connect to Azure DevOps. An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources.
az ad sp create-for-rbac -n terraform-rg --role contributor --scopes /subscriptions/{subscriptionId}/resourceGroups/terraform-rgCreate with a Contributor role assignments on specified scopes. To retrieve current subscription ID, run `az account show --query id --output tsv`.
Locate to Azure DevOps -> Project -> Settings -> Service Connections and create a new service connection.
Select Azure Resource Manager -> Service principal (automatic) to
Next thing we need to do is to create a blob storage so that we can store their terraform states file.
az storage account create --resource-group terraform-rg --name sktfaccount123 --sku Standard_LRS --encryption-service blobOptional Parameters
–sku
The storage account SKU.
accepted values: Premium_LRS, Premium_ZRS, Standard_GRS, Standard_GZRS, Standard_LRS, Standard_RAGRS, Standard_RAGZRS, Standard_ZRS
default value: Standard_RAGRS
–encryption-services
Specifies which service(s) to encrypt.
accepted values: blob, file, queue, table
Next, we need to grab our key
az storage account keys list --resource-group terraform-rg --account-name sktfaccount123
I’m going to use this key to create our container within the blob. To create the container, use this command:
az storage container create --name sktfcontainer --account-name sktfaccount123 --account-key {key-value}
Next step is creating a repository. Go to Azure DevOps Repos to create it.
Now I need to create a terraform file In order to create the pipeline. Click More action (3 dots) and click new file
I’ll start this off by giving it the provider
provider "azurerm" {
version = "=2.13.0"
features {}
}
# we need to createa backend to store terraform state file
terraform {
backend "azurerm" {
resource_group_name = "tstate"
storage_account_name = "sktfaccount123" # The account I created earlier
container_name = "terraform.tfstate" # specify terraform state file
}
}
data "azurerm_client_config" "current" {}
# Create a simple web service start with resource group
resource "auzrerm_resource_group" "resourcegroup" {
name = "terraform-rg"
location = "west us"
}
resource "azurerm_app_service_plan" "serviceplan" {
name = "terraform-sp"
location = azurerm_resource_group.resourcegroup.location
resource_group_name = azurerm_resource_group.resourcegroup.name
sku {
tier = "standard"
size = "S1"
}
}
resource "azurerm_app_service" "appservice" {
name = "terraform-as"
location = azurerm_resource_group.resourcegroup.location
resource_group_name = azurerm_resource_group.resourcegroup.name
app_service_plan_id = azurerm_app_service_plan.serviceplan.id
}Let’s click commit and install the terraform extension. To do that, go to the marketplace and search for terraform.
Go back to repo, click “set up a build”, and click starter pipeline. For this pipeline, I’m going to use stages for validate the terraform and deploy it.
stages:
- stage: validate
jobs:
- job: validate
continueOnError: false
steps:
define a step section and I can use the assistant for this task. Click “Show assistant” and search for terraform tool installer and add below steps section:
steps:
- task: TerraformInstaller@0
inputs:
terraformVersion: '0.12.26'Next, use the assistant again, click “Terraform”, and follow this:
- Provider: azurerm
- Command: init
- Configuration directory: $(System.DefaultWorkingdirectory)
- Azure subscription: azure-spn
- Resource-group: terraform-rg
- Storage account: sktfaccount123
- Container: sktfcontainer
- Key: terraform.tfstate
Add another task for validate section:
- Provider: azurerm
- Command: validate
- Configuration directory: $(System.DefaultWorkingdirectory)
Finally, the validate stage is created. This is complete code for the first stage:
stages:
- stage: validate
jobs:
- job: validate
continueOnError: false
steps:
- task: TerraformInstaller@
displayName: 'install'
inputs:
terraformVersion: '0.12.26'
- task: TerraformTaskV3@3
displayName: 'init'
inputs:
provider: 'azurerm'
command: 'init'
backendServiceArm: 'azure-spn'
backendAzureRmResourceGroupName: 'terraform-rg'
backendAzureRmStorageAccountName: 'sktfaccount123'
backendAzureRmContainerName: 'sktfcontainer'
backendAzureRmKey: 'terraform.tfstate'
- task: TerraformTaskV3@3
displayName: 'validate'
inputs:
provider: 'azurerm'
command: 'validate'Let’s move on to the deploy stage. I’m going to create tasks include install, init, plan, and apply for the deploy terraform file.
- stage: deploy
jobs:
- deployment: deploy_terraform
continueOnError: false
environment: 'dev'
strategy:
runOnce:
deploy:
steps:
- checkout: self # check out this repo otherwise they won't find the terraform fileAfter this code, I’m going to use the assistant again for the install task:
- task: TerraformInstaller@0
displayName: 'install'
inputs:
terraformVersion: '0.12.16'Add init task and follow this:
- Provider: azurerm
- Command: init
- Configuration directory: $(System.DefaultWorkingdirectory)
- Azure subscription: azure-spn
- Resource-group: terraform-rg
- Storage account: sktfaccount123
- Container: sktfcontainer
- Key: terraform.tfstate
- task: TerraformTaskV3@3
displayName: 'init'
inputs:
provider: 'azurerm'
command: 'init'
backendServiceArm: 'azure-spn'
backendAzureRmResourceGroupName: 'terraform-rg'
backendAzureRmStorageAccountName: 'sktfaccount123'
backendAzureRmContainerName: 'sktfcontainer'
backendAzureRmKey: 'terraform.tfstate'Add plan task and follow this:
- Provider: azurerm
- Command: plan
- Azure subscription: azure-spn
- task: TerraformTaskV3@3
displayName: 'plan'
inputs:
provider: 'azurerm'
command: 'plan'
environmentServiceNameAzureRM: 'azure-spn'Add apply task and follow this:
- Provider: azurerm
- Command: apply
- Azure subscription: azure-spn
- task: TerraformTaskV3@3
displayName: 'apply'
inputs:
provider: 'azurerm'
command: 'apply'
environmentServiceNameAzureRM: 'azure-spn'Save and run if you complete adding all task. The code should be like this:
stages:
- stage: validate
jobs:
- job: validate
continueOnError: false
steps:
- task: TerraformInstaller@0
displayName: 'install'
inputs:
terraformVersion: '0.12.26'
- task: TerraformTaskV3@3
displayName: 'init'
inputs:
provider: 'azurerm'
command: 'init'
backendServiceArm: 'azure-spn'
backendAzureRmResourceGroupName: 'terraform-rg'
backendAzureRmStorageAccountName: 'sktfaccount123'
backendAzureRmContainerName: 'sktfcontainer'
backendAzureRmKey: 'terraform.tfstate'
- task: TerraformTaskV3@3
displayName: 'validate'
inputs:
provider: 'azurerm'
command: 'validate'
- stage: deploy
jobs:
- deployment: deploy_terraform
continueOnError: false
environment: 'dev'
strategy:
runOnce:
deploy:
steps:
- checkout: self
- task: TerraformInstaller@0
displayName: 'install'
inputs:
terraformVersion: '0.12.16'
- task: TerraformTaskV3@3
displayName: 'init'
inputs:
provider: 'azurerm'
command: 'init'
backendServiceArm: 'azure-spn'
backendAzureRmResourceGroupName: 'terraform-rg'
backendAzureRmStorageAccountName: 'sktfaccount123'
backendAzureRmContainerName: 'sktfcontainer'
backendAzureRmKey: 'terraform.tfstate'
- task: TerraformTaskV3@3
displayName: 'plan'
inputs:
provider: 'azurerm'
command: 'plan'
environmentServiceNameAzureRM: 'azure-spn'
- task: TerraformTaskV3@3
displayName: 'apply'
inputs:
provider: 'azurerm'
command: 'apply'
environmentServiceNameAzureRM: 'azure-spn'
