EP12: Learn Azure DevOps Pipelines with Terraform Builds
Вставка
- Опубліковано 16 лип 2024
- In this Episode, I’ll show you how to build an Azure Pipeline with Terraform. We will walk-through, how to get started, how Terraform works and then I’ll run through a demo to show how to create your first pipeline and deploy Terraform! I have code in GitHub, which you can clone and get started and there is a bunch of scripts to make your life easier.
You can now show your appreciation and support the channel: www.buymeacoffee.com/some1els...
Download Someone Else's Cloud Wallpapers! Add some vibrant colours and positive energy to your Work from Home environment to keep you amped! ✌️ www.someoneelsescloud.com/epi...
Episode Timecodes:
0:00 Episode Summary
0:14 What we'll cover in this video
0:28 What is Azure Devops?
01:19 Organisations
01:42 Projects
02:08 Azure DevOps Basic Configuration
02:13 Azure Active Directory
02:26 Service Connections
02:52 Azure Pipeline Agents (also known as Build Agents)
03:30 Azure Pipeline Structure
03:55 Stages, Jobs and Steps (or Tasks)
04:48 Terraform Basics (refresher)
05:11 Terraform Commands
05:52 Terraform State File
07:31 Build Terraform Environment (Demo - Summary)
07:55 Azure DevOps Interface - Organisations
08:29 Azure Pipelines Terraform Tasks Extension
09:36 Azure DevOps Interface - Projects
13:12 Creating a New YAML Pipeline
16:13 Terraform Installer (Extension)
16:46 Pipeline Jobs Explained
17:37 Creating a Task with Terraform CLI (Extension)
17:44 Quick Terraform Code Run-through
18:21 Creating a Task with Terraform CLI Part II (Extension)
19:26 Terraform Remote Backend Explained (Extension)
23:30 ThomasThornton.Cloud Blog Inspiration
23:57 Demo Pipeline Code Wall-Through
24:53 Terraform Tasks Extension Limitations Example
25:28 Terraform init Backend Configuration
26:56 Pipeline State Dependancy and Conditions
28:40 Running the Azure Build Pipeline (Terraform Init + Validate)
30:22 Validating Resource Group + Storage Account Creation
31:19 Terraform Plan
32:19 Terraform Apply
33:16 Azure Pipeline Default Working Directories
34:18 Build Successful - Thanks Demo Gods!
34:44 Re-running the Pipeline
34:50 Validating Azure Resources
35:12 Terraform State File (Storage Account)
36:08 Reviewing Azure Pipeline Re-run
37:12 Whats Coming Next?
Episode Resources:
Thomas Thornton - Terraforming from zero to pipelines as code with Azure DevOps: thomasthornton.cloud/2020/11/...
Github Code (Terraform and Pipeline): github.com/someoneelsescloud/...
Create-TFServicePrincipal Script: github.com/someoneelsescloud/...
Terraform Backend Configuration: www.terraform.io/docs/languag...
Terraform: www.terraform.io/
HashiCorp: www.hashicorp.com/
Listen to the Audio Only version:
Google Podcasts: cutt.ly/ogvwqTl
Apple Podcasts: cutt.ly/YgvweNk
Spotify Podcasts: cutt.ly/igvwezs
Stitcher Radio: cutt.ly/ugvwewo
Tunein Radio: cutt.ly/Xgvwwpf
Social Media: / someoneelsescloud
Head on over to the website for Episode notes: www.someoneelsescloud.com
See all links to all platforms here: www.someoneelsescloud.com/links
#azureterraform #azuredevops #azureinfrastructure #terraform #azurepipelines #iac #devops - Наука та технологія
Dude, This is amazing...! I'm currently deploying a new app for my job and this video was so refreshing..!
Awesome! Hope it helps mate ✌️😊
Dude you just nailed it🤑
Thanks mate ✌️
Hi. What’ll happen if you enable trigger to the main branch and make a code change and commit. Will it re-create the same resources? From what I understand it won’t because the current resources will exist in tfstate. Trying to understand how this will work in a prod environment when code changes should deploy new infra. Thanks
If you have created the resources via code in the main branch, then they will be written to the state file. So if you are making inline changes, i.e changing the vm sku size, then the plan should tell you what is it changing, most like a non destructive change with a vm sku size I think. The state file becomes the source of truth. So in this case with PR reviews, you could include plans in the description, that way the reviewer can see if there are destructive changes before approving! I definately would recommend stage gates before just blindly merging code especially to production but in short if you are pushing the same code unchanged and it has already been deployed, then theorectically, no it should tell you there are no changes. Hope that helps!
Hi, I recently did an internal article at my workplace with the exact same topic and approach. I also advocated for the CHarles Zipp extension. One question here: how is the agent or pipeline allowed to write the state to the storage account? I solved this by adding "commandOptions: '-backend-config=access_key=$(storageaccountsecretkey)'" to the terraform init command. And the storageaccountsecretkey is in a variable group, that is linked to an Azure Key Vault.
How does your solution not need the primary key for the storage account?
Hey Seb, so when I create the demos, obviously I do the simplest form especially in a getting started type of video. This "could" be an open ended question! lol
I believe its able to run due to the following reasons??
- Backend configuration is using the standard service principal auth method
- The service principal has contributor access to the storage account
So it comes down to how its setup in your environment? The storage account key is generally required if you are not using a service principal to auth the AzureRM provider "I believe". Obviously I am used again the easiest, which is just a secret for auth. I am using example 1 and you are using example 4: www.terraform.io/docs/language/settings/backends/azurerm.html
Just had a light bulb moment... You might need to create an empty backend block and that could be your problem, see my code: github.com/someoneelsescloud/ep12_terraform_azure_pipelines/blob/master/backend.tf
Hopefully its one of these! lol
Sunny
HI Sunny ,
1. After created something i ran the same pipeline again but it failed and says the resourse already created instead of showing nothing to deploy.
2. How can we destroy the configuration we created above ?
adding the extra stage in yaml file with destroy? Can you explain Thanks in advance!
If it says it already exists, something went wrong with your first run, either it errored during creation and didn't write it to state or maybe even your back end config didn't setup up properly. Hard to just guess.
You can replace the words Apply in the last task with Destroy. But if its related to the above, you might have problems if the resources aren't in your state file as Terraform would not know about them.
@@SomeoneElsesCloud Thanks for the reply and clarificatoin. I am able to resolve it :)
@@srujanmettu out of curiosity, what was your problem??
@@SomeoneElsesCloud I did a mistake within the yaml file and Depends on i kept wrong.
Just a request how can we do the same actions the we perform in release pipelines in yaml file? for example approvers ? Thanks in advance
You are Legend Boss!!!!! Thanks a Lot🤗
got stuck with this error: ##[error]Error: Unable to locate executable file: 'az'. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.
how to add azcli extension in new VM?
note: able to execute in self hosted with azcli installed.
Plz help.
Hey Vinay, sorry what do you mean? Are you trying to run Azure CLI commands in your pipeline on Microsoft hosted agents? If so are you using the Azure CLI task? docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-cli?view=azure-devops
@@SomeoneElsesCloud one more step added to install azcli then it is working fine.
Hey Sonny, how could i reach out to you? Need some help with something. Thanks
Hey mate, send me an email. Link is on the about page! ✌️
@@SomeoneElsesCloud sent mate.