Deploying to Azure Using Azure DevOps and Terraform
Azure DevOps is a Software as a service (SaaS) platform from Microsoft that provides a DevOps toolchain for developing and deploying software.
Today software not only needs to be released on the market faster but also needs to be continually adapted to ensure that it meets the needs of its end users. This is where Azure DevOps come into play, by providing a set of devOps tools that allows teams to collaborate and work together.
The Terraform Code
First of all, we will be creating a Project in our Azure DevOps instance before uploading any code. You can find the following button in the initial screen:
Let’s clone this repo to our machine for us to upload our Terraform code:
You can do this by using the following command:
git clone <project-url>We‘ll use the following Terraform code in this tutorial:
This will deploy a resource group, a VNET, a virtual machine and an Azure Container Registry.
In the main.tf file, don’t forget to create and replace resource group name, storage account name and container name beforehand, this will be used to store Terraform state:
Having replaced everything correctly, you can now upload the code to your repo by running the following:
git add . #Add all files to staged area
git commit -m "Initial Commit" #Commit the files
git push # Push the new commit to the repo
Creating the Service Principal in Azure
To be able to connect to Azure via pipeline, it’s recommended that you create a service principal to do so, and that’s exactly what we will be doing here.
Go to your Azure subscription and find your subscription id. Open a Powershell session and make sure you have AZ CLI installed on your machine, and then run the following commands:
$SubscriptionId = "XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
az login
az account set --subscription $subscriptionId
az ad sp create-for-rbac --role="Contributor" --scopes="subscriptions/$subscriptionId" --name "id-terraformtest"This command will create a service principal on your Azure Active Directory that has contributor access to the subscription you want to deploy the resources, this is more than enough to provision everything successfully.
Also, an output will be generated, make sure you save this information elsewhere, you won’t be able to see the service principal password again:
Creating a Service Connection To Connect to Azure
With that service principal created, all we have to do now is to create a service connection that will connect our pipeline to Azure using the service principal identity. To do so, in the main page, select the engine icon >> service connections >> Create service connection:
Select Azure Resource Manager type:
Because we already have the account that we want to link to Azure, we will select the “manual” method:
Here you have to fill out all the information with your recently created Service Principal account. Enter the subscription Id >>Subscription Name >>Service Principal ID >>Service principal secret (from the output in the last section) >> Tenant ID >> Validate the identity >> Give it a name >> Save it:
Done, your connection has been created:
Preparing the Release Pipeline
A release pipeline is a process by which we take committed code into production. But for our testing purposes here, we’ll have only one environment. A release pipeline will be started every time a commit is made to our code.
Go to pipelines >> Releases >> New Pipeline:
Here we want to add our repo as an artifact to be used by this pipeline. Click “+Add” , select “Azure repo” option, the project that you’ve created before, the repo itself, as well as the master branch and then hit “add” button:
It’s time to configure the pipelines stages.
Click on Stage 1 and select Empty Job:
Now that you have the empty job, you can click on the plus sign in the agent job to select the tasks that the agent should run. Select Terraform tool installer to install Terraform, if you don’t have it yet, add it through the marketplace, as highlighted in red in the following image:
This first step will make sure that the agent will install Terraform’s latest version, you can leave all the default option as is, they are suffice for our purposes:
Add the second task, which will initialize Terraform, to install dependencies and modules, and don’t forget to select the configuration directory, which will be the root of your project, in my case it’s called “_Terraform Test”:
Here you have to enter the information about the service connection you’ve created earlier, as well as a resource group and a storage account that you’ve created beforehand for this task, to store the Terraform state. The “key” is the name of the state file, so you can choose anything you want:
Clone the Init task by right-clicking on it and selecting clone task, then fill out like the following:
The command arguments tells Terraform that it needs to use the variables.tfvars file as the variable file, and to output a file called main.tfplan, this plan will be used by the last task, which will apply the plan that contains in that file.
For the last task, clone the previous one, rename it to Terraform Apply, select validate and apply command, pass the tfplan file name created by the previous task and select the service connection:
Your pipeline will look like the following. Don’t forget to give a nice name to the Stage, and after that click to create your first release on the right-hand side of the screen:
In this screen, you’ll be able to select a stage to be manual, this is useful when you need to validate things before running a specific stage. You can also select the commit that you want to deploy for this project in the artifact section, this is useful if you want to deploy earlier commits for example:
You can now check how your deploy is behaving by entering in the logs in the stages section:
As you can see, all the stages were succeeded:
If we expand the Terraform apply job, we can see that all the resources were created according to the plan:
It basically says that all the 06 resources were created properly as we can confirm if we go in the portal:
Wrap UP
In this post, you have learned how to deploy Terraform Code through Azure Devops pipeline. This seems to be tricky at first, but when you learn it, it makes your job easir and your deployments faster.
You can also do the same with Gitlab, I explain all the processes here in this post:
If you have any questions, let us know in the comments. Happy Studying!
