Skip to main content

Totally Terraform (Or, Introducing Terraform DevOps Cloud Engineer Proceedures to A Company) [Updated March 2022]

 Want to share this post easily? Here's a Notion page!

 9/20: Terraform is now OpenTofu 


I got to teach myself Terraform, but that's what this entire blog is about; Teaching myself things and hoping for work sometimes to make money and being employed by multiple people.

You can be the next one!

Anyway, what do I like about Terraform? A lot. Including all the troubleshooting and digging into new things.

The Numbers on What Was Made:

Project: 1

Resources created: 7

  • Virtual Machine
  • Network Interface
  • Virtual Network
  • Security Rule attached to Security Group
  • Security Group (with outputs)
  • Subnet
  • Public IP address

Many of these resources are attached to each other - The Network Interface is attached to the Virtual Machine, and they’re both in a Security Group which has Security Rules attached to it.

The Virtual Network is attached to the Subnet, and the Public IP address is attached to the Network Security Group. This way, The Virtual Machine has internet access, but also has rules about who can access it.

Variables Used: 3

TLDR? Check out the code on GitHub. There are even tiny bonuses, like bits that can be activated later. As of March 2022, It's been cleaned up to be easily readable, with added outputs.

Likes:

It clearly tells you what an error is! Troubleshooting was mostly a breeze, and since I wasn't getting [too] annoyed, I could more easily learn where the mistakes where. For instance, the first line in the main code ('provider') - the azurerm part is not a random name;

provider "azurerm" is an actual thing that connects to Azure. There is one for each cloud provider.

Variables make it easier to quickly swap out bits of code that may be account-specific over hardcoding. This way, you don’t need to replace us-east-1 multiple times.

You will need at least 3 files - the main code, the variables file, and the place to establish the variables. The main code is usually called [main.tf] for clarity, but it’s not mandatory.

It doesn't tell you all the errors at once. If you fix one, another pops up after terraform plan is ran once more. It makes troubleshooting easier to deal with when it's one problem at a time. You may prefer a long list of errors to deduce, so this is case by case.

Dislikes:

if you're a beginner, it can still be difficult to parse. I had to take some code snippets from the demo I used.

In another instance, it couldn't reference a count variable I had placed under another resource.

Why not? Keep reading below:

Troubleshooting:

Check out my live-post troubleshooting on a specific issue here.

Error: Network Interface “Net-Connection” (Resource Group “Admins”) was not found!

You look at this and think "Well, that's obvious."

Then you look at my code and see both aspects are there. The resource network interface and the variable that says "Admins is my resource group".

So, what's the actual problem?

  • What I initially thought was the problem (it wasn’t)

    My environment was corrupted; It was looking for elements that weren't there, and wasn't trying to create them as it should.

    I had to make a new one with terraform workspace new [name].

    The fix was easy, but the error message was lacking.

It was a phenomenon known as Terraform Drift - When you create things in Terraform and delete them in Azure, Terraform is like "What, where's this resource? HELP ME! I CAN'T CONTINUE."

So while changing the workspace with terraform workspace new [name] did work, I also went into the state file and deleted the no-longer-existent resource which is not good practice, but it's learning practice.

Read my notes about solving the issue here.

Further Research Needed

The documentation I've found is a little unclear sometimes. Some parts of the code, It took more context clues to find out what meant what - and I'm still not 100% sure.

resource "azurerm_virtual_machine" "CloudskilsDevVM"

I'm pretty sure the name of the second part ("CloudskilsDevVM") would be the name, however, the next line in the brackets is

name = "cloudskillsvm"

So what is "CloudskilsDevVM"?

I still haven't figured it out, but my code works. So, whoo! Can't wait to learn more. This will come in handy when I build out Azure Companies.

 

 

Comments

Popular posts from this blog

Connecting IoT Devices to a Registration Server (Packet Tracer, Cisco)

 If you're seeing this post, I'm helping you, and you probably have LI presence: React and share this post to help me in return.   In Packet Tracer, a demo software made by Cisco Systems. It certainly has changed a lot since 2016. It's almost an Olympic feat to even get started with it now, but it does look snazzy. This is for the new CCNA, that integrates, among other things, IoT and Automation, which I've worked on here before. Instructions here . I don't know if this is an aspect of "Let's make sure people are paying attention and not simply following blindly", or an oversight - The instructions indicate a Meraki Server, when a regular one is the working option here. I have to enable the IoT service on this server. Also, we assign the server an IPv4 address from a DHCP pool instead of giving it a static one. For something that handles our IoT business, perhaps that's safer; Getting a new IPv4 address every week or so is a minimal step against an...

Create a Simple Network (Packet Tracer) + A Walkthrough

Again; I've done this, but now there's so many new things, I'm doing it again. The truly new portions were...everything on the right side of this diagram; The cloud needed a coax connector and a copper Ethernet connector. It's all easy to install, turn off the cloud (Weird), install the modules. Getting the Cable section of Connections was an unusual struggle - The other drop down menu had nothing within. It required going into the Ethernet options and setting the Provider Network to 'cable', which is the next step AFTER the drop-downs. The rest was typical DHCP and DNS setups, mainly on the Cisco server down there. The post is rather short - How about adding a video to it? Find out what A Record means - This site says 'Maps a name to an IP address', which is DNS. So it's another name for DNS? You can change them (presumably in a local context) to associate an IP address to another name.

Securing Terraform and You Part 1 -- rego, Tfsec, and Terrascan

9/20: The open source version of Terraform is now  OpenTofu     Sometimes, I write articles even when things don't work. It's about showing a learning process.  Using IaC means consistency, and one thing you don't want to do is have 5 open S3 buckets on AWS that anyone on the internet can reach.  That's where tools such as Terrascan and Tfsec come in, where we can make our own policies and rules to be checked against our code before we init.  As this was contract work, I can't show you the exact code used, but I can tell you that this blog post by Cesar Rodriguez of Cloud Security Musings was quite helpful, as well as this one by Chris Ayers . The issue is using Rego; I found a cool VS Code Extension; Terrascan Rego Editor , as well as several courses on Styra Academy; Policy Authoring and Policy Essentials . The big issue was figuring out how to tell Terrascan to follow a certain policy; I made it, put it in a directory, and ran the program while in that ...