Terraform and Azure DevOps – Delivering a continuous and automated deployment | DevOps Lab

>>Hi. On the next
episode of DevOps Lab, join us as April Edwards shows us how to use Terraform
in your pipelines. [MUSIC].>>Welcome to the DevOps Lab. Today we are joined by a very special guest April Edwards
again. How are you doing April?>>Awesome Abel, great to be back.>>Yes. So recently we’ve been talking a lot about Terraform right?>>We have.>>You’ve even shown me
some really cool stuff that we can do with Terraform, all good. All through the command
line which again, I love. But at some point, I’m going to want to make
this a real-world type of application with a
real-world type of pipeline.>>Yeah.>>Which means is there
a way for me to shoe horn all of this
Terraform goodness into my pipeline so that I can provision my infrastructure through my
pipelines using Terraform?>>Yes we can. Funny you should ask.>>I know hysterical. I wonder how I knew
I should ask that.>>Azure DevOps might you ask about. So yes, we can do
this in Azure DevOps.>>Okay.>>So the reason why I say
Azure DevOps is we want multi-Cloud any platform
any code right?>>Sure.>>That’s what we boast in Azure
DevOps and we can prove it. So we can deploy on-prem, we can deploy it to the other Clouds, and we can deploy it to
Microsoft Azure with ease.>>Yes. So everything in a
pipeline starts from the Build. I check in code that’s
going to kick off a Build?>>Yes.>>So is that the same
thing with Terraform?>>Yes it does. In
fact, I’ll show you what I have already
pre-built for us okay?>>Okay. Perfect.>>So my code is actually
sitting in an Azure Reposed Git. Just by default again you can
call from GitHub or Bitbucket. But I’ve just put the Azure
Repo Git for ease today. So what we’re building
is a web app in Azure.>>It looks like a.Net
Core application?>>Correct. It is.>>Okay.>>So our first agent job is running the build of
our.Net Core application, and then what it’s doing is
it’s copying all those files to an artifact and publishing that. So far we can then go into release. So we make changes to our code. It will kick off the build cycle, and we have our continuous
integration done.>>Yes.>>Then it will kick off
continuous deployment, and then deploy into
our other environments.>>Okay. So just to be
sure in our Git repo, we’ve got the source code for
our.Net Core application. We also have all the Terraform files as well as infrastructure as code.>>Yes. So with those
same main.tf file. Those variable files
are all in there. Yes, so we can go
into our source code just upload it again. We
can upload to GitHub. Connect into Azure
DevOps and say, “Right. I want to change something
in my application, and it kicks off the build
with our main file.”>>Excellent. Now looking
through your pipeline, it looks like what it saying
right now is is going to go ahead and create for me my.Net Core application create
the binaries for me, and then we’re going to use
that as our built artifacts. It’s also copying the Terraform file. So then it’s part of
the build artifacts, I’ve got my web code
mobile embed web binaries, but it will also copy my Terraform
files from there as well.>>Yes it will because.>>So that’s ready to be consumed
by our release pipeline?>>Right. So before when I
did everything manually, I went into PowerShell and launch, you can do bash, you can do it from Azure Cloud shell you do
wherever you want, that’s great. Well, what if we didn’t
have to type stuff in and remember the lines
and do all that stuff. We have little pretty
pictures here to execute that for us
and automate it right?>>Fantastic.>>Version controller which
is even more important.>>Yeah. So it looks like if this build runs, it’s
going to build my web, it’s going to grab
my Terraform files, it’s going to have them
as build artifacts. It’s ready for my Release Pipeline. Let’s take a look at
the Release Pipeline.>>Sure. Absolutely. So I’ve
already ran a couple builds. So if I go into my Release Pipeline, you can see that I’ve done a
couple of releases already. Let’s create another release.>>Sure.>>Because what you can see is I have three different environments. I have Dev, Test, and Prod and it shows
the artifacts here. Now I’ve already set mine
to do the latest artifact. But I have another version in here. I could call that previous version if I wanted to and release that.>>Cool.>>So that artifact drop has
the Terraform main file in it, and has all my.Net changes in it. But I want to call the latest, and we can go right let’s
kick off a new release.>>So hold on a second. If you chose let’s say a later an
earlier built I’m sorry. According to what I’m thinking is going to happen is when you start provisioning with Terraform is
going to access the state file, and it’s going to say, “Your infrastructure it needs to change because it needs to be
the old infrastructure.” So we’ll massage my
infrastructure till it looks like the old infrastructure then
deploy the web app on there.>>Yes, it will it has to change
that infrastructure first. So if I go into my Release
Pipeline that I’ve created, I’ll show you exactly
how I’ve done it.>>Sure.>>Now let’s go into the Dev
workload into the tasks. So on the agent job
that is all my web app. So first thing I’ve done is it’s using Azure CLI to deploy
our Azure resources. So we talked about
securing our resources, and we need that state file. It’s going to go and create it as a storage account in our first step. So we’re going to make sure our
state files inner storage account. It’s going to check that it’s there.>>Cool. So that very first line of code
you’re just saying provision from the storage account, and in the storage
account is going to hold my Terraform state file.>>Correct. So we have
an inline script here. So I talked to you earlier about, we can script the creation of this, we can also automate it
in our Release Pipeline. So we put that in there, it creates a storage containers, creates a storage
account and the keys. So we talked about keys because
we need to secure this. So in the next step
it gets the keys for that storage account and puts them in as a variable in Azure DevOps. So instead of using Keeble, we’re using Azure DevOps
to hold that variable.>>Got it.>>So again, my organization
will have access to deploy this, but actually can’t see the keys. I don’t have to release
the keys to anyone. It’s secured and it automates the whole thing and no one has to go and retrieve the keys
every time right?>>Sure.>>So yeah. So those are the
first couple steps there. Next steps you’re
replacing your tokens. So I’m guessing now is
going to be placed to all the tokens that you need
in your Terraform file.>>Correct. It’s going to
replace those in for us, and then what it does
is it’s also running version 0.12.3 of Terraform.>>Okay.>>So the one thing we
have to be careful of is when Terraform versions change, your code has to change.>>Yes.>>So if you have to
match what version you’re calling here to
the code you’ve written.>>Yeah.>>The other thing is to Azure DevOps may not support the latest code. So it’s always really important to do the version that you know works
with your code. That’s step 1. So we can put in here like the
latest version of Terraform, but if your code in Terraform doesn’t write that, it will all fail. So deploy to the latest version or the version that you’re
currently working to encoding.>>Got it, and these are the
built-in tasks from Terraform?>>Yes these are. So all we
need to do it’s really simple. I go to run an agent job. We have this in our marketplace. So I type in Terraform, and we have different Terrafform
modules that we can call. So these are all pre-built. We don’t have to write anything
makes it really easy to adopt Azure DevOps because we’ve written it in the
marketplace for you.>>Yeah.>>Yeah.>>This is just the same thing that you were doing
before [inaudible]>>Exactly that, and you know what? It’s running for our initialize
our plan, and again, we have record and
versioning of this now, and that’s the advantage of
doing this in Azure DevOps. We can version what we’re doing
and we have record of it. We have logging, we have all
those great features built in. It’s awesome. I love it. This gets me really excited because customers want to enable logging. They want to track. They
want to use borders. The project managers want
to know what’s going on. It’s all right here in this tool, and we can integrate with Terraform, and it’s pretty serious.>>Yeah. It looks really simple too. Like if I have my infrastructure
as code written in Terraform to put it into
the pipeline simple enough, and then you provision
using Terraform, just use your Terraform tasks, and then when that’s
done, you just deploy your application into the
infrastructure. How [inaudible]>>Exactly. So this is now
going into my infrastructure. So the really cool
thing about Terraform. So before when we’re
authenticating to deploy code, we have to login to the portal. There are different ways to allow authentication into our portal to deploy those Terraform bits of code. I’m actually just, I’ve
created a service principle from Azure DevOps in to Azure. So when I go to login
and deploy this, I can actually choose what
subscription I have access to. So I’ve already pre-configured
the service connection. I’ve already authorized it.>>Sure.>>So you can deploy it to
multiple subscriptions. But I know this one works, I create a service principle, and it’s a secure
connection to our Cloud.>>Yes fantastic. This is really cool stuff. I had no idea. It was this easy to use Terraform
in your pipelines.>>Yeah absolutely.
It’s easy to build. It go the marketplace, select it, put it in and just call your
main file. There you go.>>Yeah super, super simple. Thank you so much April.>>Thank you Abel.>>All right. So developers
again if you’re using Terraform, let’s start sticking Terraform
into our pipelines. Thank you-all. [MUSIC]

Norman Bunn

Leave a Reply

Your email address will not be published. Required fields are marked *