Terraform & Azure ❤ GitLab CI — Part 2: Preparing your project
This article is part of a series:
Let’s get started
First, start with a small plan of what you want to create. This can be a document of steps, scribbles on a paper, an Asana/Trello board, whatever you like. This will give you a reference of where you are, which part connects to what and what the end result should be.
If at any point you need reference to working code, please see the demo repository used for this article: rdvansloten/myfirstazurevm
Prepping our Azure Subscription
When logged into the Azure Portal, go to Azure Active Directory — App Registrations. From there, you can create a New Registration and give it a name. After creation, it will redirect you to its settings. You can then go into the Certificates & Secrets in the menu and create a New Client Secret. Remember to store the generated secret somewhere.
Afterwards, search for Subscriptions in the search bar at the top. Write down your Subscription ID, you’ll need it later. Click into your desired subscription and go to Access Control (IAM). From there, Add a role assignment and grant your newly created App Registration the Contributor permissions on your subscription. This will allow your App Registration to read, write, create and delete resources in the subscription.
Creating Azure Storage
We’ll need cloud storage to store our state. Azure Storage Account backends support locking, which protects against conflicts. We’ll go ahead and create one via the Azure Portal. In the search bar at the top, type in Storage Accounts. From the Storage Accounts menu, you should be able to create a new account.
After you’ve created it, make sure you create a blob container under your Storage Account — Containers. Under your Storage Account — Access Keys, take note of one of the Access Keys, you’ll need it later. Terraform will not create a container for you when you enter a name in your state backend, it has to match an existing container.
If you’re contemplating automating this for production/corporate use, set up a separate Terraform pipeline solely for state backends, so that both your projects/client environments and the respective backends are in separate repositories and pipelines. Including the state backend in the resources that it builds creates the risk of it corrupting/deleting itself.
Creating a project in GitLab
This repository will contain our Terraform files and the definition of our pipeline. There are numerous ways to construct your file layout, but let’s keep it simple:
main.tf: The resources we wish to create.variables.tf: Variables to use in our configuration language.outputs.tf: Information you wish to output after the run.providers.tf: Define which providers (e.g. Azure, AWS) you need..gitlab-ci.yml: Configuration that dictates your pipeline’s workings.
These will be all the files we’ll need to create a server and continuously iterate on our desired environment. GitLab has some excellent documentation on creating your first project/repository. When you are done, you should have the following:
- Added your public SSH key to your GitLab account
- Cloned your GitLab project to your workstation
- Created 4 files in the local folder, with the exact names mentioned above.
- Your project opened in an editor, such as Visual Studio Code
Tip: Enable a Terraform extension/plugin for linting/highlighting.
Next up…
When everything is set up, we can start writing and executing some code!
Terraform & Azure ❤ GitLab CI — Part 3: Creating an Azure VM
