A simple example of using Terraform with custom modules, using vSphere, and Azure providers.
├─ .gitignore
├─ README.md
├─ environments
│ ├─ non-production
│ │ ├─ azure_ad_users
│ │ │ ├─ .terraform.lock.hcl
│ │ │ └─ main.tf
│ │ ├─ key_vault_for_terraform
│ │ │ ├─ .terraform.lock.hcl
│ │ │ ├─ main.tf
│ │ │ ├─ outputs.tf
│ │ │ └─ variables.tf
│ │ ├─ test-vm
│ │ │ ├─ .terraform.lock.hcl
│ │ │ ├─ main.tf
│ │ │ ├─ outputs.tf
│ │ │ └─ variables.tf
│ │ └─ vm-image-builder
│ │ ├─ .terraform.lock.hcl
│ │ └─ main.tf
│ └─ production
│ └─ project-1
│ ├─ .terraform.lock.hcl
│ ├─ main.tf
│ ├─ outputs.tf
│ └─ variables.tf
├─ modules
│ ├─ azure-ad-users
│ │ ├─ main.tf
│ │ ├─ outputs.tf
│ │ ├─ providers.tf
│ │ └─ variables.tf
│ ├─ azure-key-vault-secrets
│ │ ├─ data-sources.tf
│ │ ├─ main.tf
│ │ ├─ providers.tf
│ │ └─ variables.tf
│ ├─ azure-key-vault
│ │ ├─ data-sources.tf
│ │ ├─ main.tf
│ │ ├─ outputs.tf
│ │ ├─ providers.tf
│ │ └─ variables.tf
│ ├─ azure-vm-image-builder
│ │ ├─ data-sources.tf
│ │ ├─ main.tf
│ │ ├─ providers.tf
│ │ └─ variables.tf
│ ├─ default-vm
│ │ ├─ data-sources.tf
│ │ ├─ locals.tf
│ │ ├─ main.tf
│ │ ├─ outputs.tf
│ │ ├─ providers.tf
│ │ └─ variables.tf
│ └─ sql-vm
│ ├─ data-sources.tf
│ ├─ locals.tf
│ ├─ main.tf
│ ├─ outputs.tf
│ ├─ providers.tf
│ └─ variables.tf
└─ template
├─ module
│ ├─ main.tf
│ ├─ outputs.tf
│ ├─ providers.tf
│ └─ variables.tf
└─ project-1
├─ main.tf
├─ outputs.tf
└─ variables.tf
A module is a container of Terraform code for single or multiple resources grouped together, used as means to prevent code duplication in projects.
Sourcing the module is as simple as:
module "<to-be-deployed-resource-name>" {
source = "<path-to-the-module>"
parameter1 = value1
parameter2 = value2
}
In this case, the so called root module is the above, whilst the child module, is the module being sourced.
The variables for all the secrets are retrieved from Azure Key Vault using the azure-rm provider. Name of the secrets are in modules/<module-name>
/variables.tf, you can remove them and remove the data sources if you wish to use plain text format, however creating a key vault and secrets is free.
You must provide the Azure Subscription ID and Tenant ID in providers section under modules/<module-name>
/providers.tf
provider "azurerm" {
features {}
subscription_id = ""
tenant_id = ""
}
You can set-up the key vault and the necessary secrets using the azure-key-vault module in modules/azure-key-vault
and modules/azure-key-vault-secrets
.
-
Switch directory to
environments/non-production/key_vault_for_terraform
. -
In the
main.tf
file, change the:module name
rg_name
key_vault_name
-
Update all of the
secret_value
variables to match your environment. -
Execute.
terraform init
terraform plan
terraform apply -auto-approve
At bare minimum you must edit the modules/<module-name>
/providers.tf with the detail about your vSphere environment and the vm_ variables:
default_vsphere_server
vsphere_datacenter
vsphere_cluster
vsphere_datastore
vsphere_content_library
vsphere_content_library_ovf
- Modify the variables in modules/
<module-name>
/variables.tf in each of the module paths. - Create folder inside projects directory for your new application or service, name it after the application or service.
- Switch to the new directory.
- Copy the
template/project-1
contents. - Modify the amount of VM's to be deployed by duplicating the blocks of code, the module name is the name of the deployed resource Terraform will keep track of, the source is the module to be used.
Example 1
module "sql-001-p-p" {
source = "../../../modules/sql-vm"
vm_computer_name = "sql-001-p-p"
vm_ipv4_address = "192.168.1.221"
vm_ipv4_gateway = "192.168.1.1"
vm_cpus = 1
vsphere_folder = "Terraform Built/Production"
vsphere_content_library_ovf = "windows-server-2019-std-dexp"
}
module "vm-001-p-p" {
source = "../../../modules/default-vm"
vm_computer_name = "vm-001-p-p"
vm_ipv4_address = "192.168.1.222"
vm_ipv4_gateway = "192.168.1.1"
vm_cpus = 1
vsphere_folder = "Terraform Built/Production"
vsphere_content_library_ovf = "windows-server-2019-std-dexp"
}
- Execute
terraform init
terraform plan
terraform apply -auto-approve
This module builds an entire Azure VM Image Builder environment.
Azure subscription.
- For simplicity, switch directory to
./environments/non-production/vm-image-builder
. - Execute
terraform init
terraform plan
terraform apply -auto-approve