Create an Azure virtual machine scale set from a Packer custom image by using Terraform
Terraform enables the definition, preview, and deployment of cloud infrastructure. Using Terraform, you create configuration files using HCL syntax. The HCL syntax allows you to specify the cloud provider - such as Azure - and the elements that make up your cloud infrastructure. After you create your configuration files, you create an execution plan that allows you to preview your infrastructure changes before they're deployed. Once you verify the changes, you apply the execution plan to deploy the infrastructure.
Azure virtual machine scale sets allow you to configure identical VMs. The number of VM instances can adjust based on demand or a schedule. For more information, see Automatically scale a virtual machine scale set in the Azure portal.
In this article, you learn how to:
- Set up your Terraform deployment
- Use variables and outputs for Terraform deployment
- Create and deploy a network infrastructure
- Create a custom virtual machine image by using Packer
- Create and deploy a virtual machine scale set by using the custom image
- Create and deploy a jumpbox
1. Configure your environment
- Azure subscription: If you don't have an Azure subscription, create a free account before you begin.
Configure Terraform: If you haven't already done so, configure Terraform using one of the following options:
2. Create a Packer image
-
Key points:
- To confirm that you have access to the Packer executable, run the following command:
packer -v. - Depending on your environment, you might need to set your path and reopen the command-line.
- To confirm that you have access to the Packer executable, run the following command:
Run az group create to create a resource group to hold the Packer image.
az group create -n myPackerImages -l eastusRun az ad sp create-for-rbac to enable Packer to authenticate to Azure using a service principal.
az ad sp create-for-rbac --role Contributor --scopes /subscriptions/<subscription_id> --query "{ client_id: appId, client_secret: password, tenant_id: tenant }"Key points:
- Make note of the output values (
appId,client_secret,tenant_id).
- Make note of the output values (
Run az account show to display the current Azure subscription.
az account show --query "{ subscription_id: id }"Create a Packer template variables file named
ubuntu.pkr.hcland insert the following code. Update the highlighted lines with your service principal and Azure subscription information.packer { required_plugins { azure = { source = "github.com/hashicorp/azure" version = "~> 2" } } } variable client_id { type = string default = null } variable client_secret { type = string default = null } variable subscription_id { type = string default = null } variable tenant_id { type = string default = null } variable location { default = "eastus" } variable "image_resource_group_name" { description = "Name of the resource group in which the Packer image will be created" default = "myPackerImages" } variable "oidc_request_url" { default = null } variable "oidc_request_token" { default = null } # arm builder source "azure-arm" "builder" { client_id = var.client_id client_secret = var.client_secret image_offer = "UbuntuServer" image_publisher = "canonical" image_sku = "16.04-LTS" location = var.location managed_image_name = "myPackerImage" managed_image_resource_group_name = var.image_resource_group_name os_type = "Linux" subscription_id = var.subscription_id tenant_id = var.tenant_id oidc_request_url = var.oidc_request_url oidc_request_token = var.oidc_request_token vm_size = "Standard_DS2_v2" azure_tags = { "dept" : "Engineering", "task" : "Image deployment", } } build { sources = ["source.azure-arm.builder"] provisioner "shell" { execute_command = "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'" inline = [ "apt-get update", "apt-get upgrade -y", "apt-get -y install nginx", "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync", ] } }Key points:
- Set the
client_id,client_secret, andtenant_idfields to the respective values from your service principal. - Set the
subscription_idfield to your Azure subscription ID.
- Set the
Build the Packer image.
packer build ubuntu.json
3. Implement the Terraform code
Create a directory in which to test the sample Terraform code and make it the current directory.
Create a file named
main.tfand insert the following code:terraform { required_version = ">=0.12" required_providers { azurerm = { source = "hashicorp/azurerm" version = "~>3.0" } azapi = { source = "Azure/azapi" version = "~> 1.0" } local = { source = "hashicorp/local" version = "2.4.0" } random = { source = "hashicorp/random" version = "3.5.1" } tls = { source = "hashicorp/tls" version = "4.0.4" } } } provider "azurerm" { features { resource_group { prevent_deletion_if_contains_resources = false } } } resource "random_pet" "id" {} resource "azurerm_resource_group" "vmss" { name = coalesce(var.resource_group_name, "201-vmss-packer-jumpbox-${random_pet.id.id}") location = var.location tags = var.tags } resource "random_string" "fqdn" { length = 6 special = false upper = false numeric = false } resource "azurerm_virtual_network" "vmss" { name = "vmss-vnet" address_space = ["10.0.0.0/16"] location = var.location resource_group_name = azurerm_resource_group.vmss.name tags = var.tags } resource "azurerm_subnet" "vmss" { name = "vmss-subnet" resource_group_name = azurerm_resource_group.vmss.name virtual_network_name = azurerm_virtual_network.vmss.name address_prefixes = ["10.0.2.0/24"] } resource "azurerm_public_ip" "vmss" { name = "vmss-public-ip" location = var.location resource_group_name = azurerm_resource_group.vmss.name allocation_method = "Static" domain_name_label = random_string.fqdn.result tags = var.tags } resource "azurerm_lb" "vmss" { name = "vmss-lb" location = var.location resource_group_name = azurerm_resource_group.vmss.name frontend_ip_configuration { name = "PublicIPAddress" public_ip_address_id = azurerm_public_ip.vmss.id } tags = var.tags } resource "azurerm_lb_backend_address_pool" "bpepool" { loadbalancer_id = azurerm_lb.vmss.id name = "BackEndAddressPool" } resource "azurerm_lb_probe" "vmss" { loadbalancer_id = azurerm_lb.vmss.id name = "ssh-running-probe" port = var.application_port } resource "azurerm_lb_rule" "lbnatrule" { loadbalancer_id = azurerm_lb.vmss.id name = "http" protocol = "Tcp" frontend_port = var.application_port backend_port = var.application_port backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id] frontend_ip_configuration_name = "PublicIPAddress" probe_id = azurerm_lb_probe.vmss.id } data "azurerm_resource_group" "image" { name = var.packer_resource_group_name } data "azurerm_image" "image" { name = var.packer_image_name resource_group_name = data.azurerm_resource_group.image.name } resource "azapi_resource" "ssh_public_key" { type = "Microsoft.Compute/sshPublicKeys@2022-11-01" name = random_pet.id.id location = azurerm_resource_group.vmss.location parent_id = azurerm_resource_group.vmss.id } resource "azapi_resource_action" "ssh_public_key_gen" { type = "Microsoft.Compute/sshPublicKeys@2022-11-01" resource_id = azapi_resource.ssh_public_key.id action = "generateKeyPair" method = "POST" response_export_values = ["publicKey", "privateKey"] } resource "random_password" "password" { count = var.admin_password == null ? 1 : 0 length = 20 } locals { admin_password = try(random_password.password[0].result, var.admin_password) } resource "azurerm_virtual_machine_scale_set" "vmss" { name = "vmscaleset" location = var.location resource_group_name = azurerm_resource_group.vmss.name upgrade_policy_mode = "Manual" sku { name = "Standard_DS1_v2" tier = "Standard" capacity = 2 } storage_profile_image_reference { id = data.azurerm_image.image.id } storage_profile_os_disk { name = "" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" } storage_profile_data_disk { lun = 0 caching = "ReadWrite" create_option = "Empty" disk_size_gb = 10 } os_profile { computer_name_prefix = "vmlab" admin_username = var.admin_user admin_password = local.admin_password } os_profile_linux_config { disable_password_authentication = true ssh_keys { path = "/home/azureuser/.ssh/authorized_keys" key_data = azapi_resource_action.ssh_public_key_gen.output.publicKey } } network_profile { name = "terraformnetworkprofile" primary = true ip_configuration { name = "IPConfiguration" subnet_id = azurerm_subnet.vmss.id load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id] primary = true } } tags = var.tags } resource "azurerm_public_ip" "jumpbox" { name = "jumpbox-public-ip" location = var.location resource_group_name = azurerm_resource_group.vmss.name allocation_method = "Static" domain_name_label = "${random_string.fqdn.result}-ssh" tags = var.tags } resource "azurerm_network_interface" "jumpbox" { name = "jumpbox-nic" location = var.location resource_group_name = azurerm_resource_group.vmss.name ip_configuration { name = "IPConfiguration" subnet_id = azurerm_subnet.vmss.id private_ip_address_allocation = "Dynamic" public_ip_address_id = azurerm_public_ip.jumpbox.id } tags = var.tags } resource "azurerm_virtual_machine" "jumpbox" { name = "jumpbox" location = var.location resource_group_name = azurerm_resource_group.vmss.name network_interface_ids = [azurerm_network_interface.jumpbox.id] vm_size = "Standard_DS1_v2" storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" } storage_os_disk { name = "jumpbox-osdisk" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" } os_profile { computer_name = "jumpbox" admin_username = var.admin_user admin_password = local.admin_password } os_profile_linux_config { disable_password_authentication = true ssh_keys { path = "/home/azureuser/.ssh/authorized_keys" key_data = azapi_resource_action.ssh_public_key_gen.output.publicKey } } tags = var.tags }Create a file named
variables.tfto contain the project variables and insert the following code:variable "packer_resource_group_name" { description = "Name of the resource group in which the Packer image will be created" default = "myPackerImages" } variable "packer_image_name" { description = "Name of the Packer image" default = "myPackerImage" } variable "resource_group_name" { description = "Name of the resource group in which the Packer image will be created" default = null } variable "location" { default = "eastus" description = "Location where resources will be created" } variable "tags" { description = "Map of the tags to use for the resources that are deployed" type = map(string) default = { environment = "codelab" } } variable "application_port" { description = "Port that you want to expose to the external load balancer" default = 80 } variable "admin_user" { description = "User name to use as the admin account on the VMs that will be part of the VM scale set" default = "azureuser" } variable "admin_password" { description = "Default password for admin account" default = null }Create a file named
output.tfto specify what values Terraform displays and insert the following code:output "vmss_public_ip_fqdn" { value = azurerm_public_ip.vmss.fqdn } output "jumpbox_public_ip_fqdn" { value = azurerm_public_ip.jumpbox.fqdn } output "jumpbox_public_ip" { value = azurerm_public_ip.jumpbox.ip_address }
4. Initialize Terraform
Run terraform init to initialize the Terraform deployment. This command downloads the Azure provider required to manage your Azure resources.
terraform init -upgrade
Key points:
- The
-upgradeparameter upgrades the necessary provider plugins to the newest version that complies with the configuration's version constraints.
5. Create a Terraform execution plan
Run terraform plan to create an execution plan.
terraform plan -out main.tfplan
Key points:
- The
terraform plancommand creates an execution plan, but doesn't execute it. Instead, it determines what actions are necessary to create the configuration specified in your configuration files. This pattern allows you to verify whether the execution plan matches your expectations before making any changes to actual resources. - The optional
-outparameter allows you to specify an output file for the plan. Using the-outparameter ensures that the plan you reviewed is exactly what is applied.
6. Apply a Terraform execution plan
Run terraform apply to apply the execution plan to your cloud infrastructure.
terraform apply main.tfplan
Key points:
- The example
terraform applycommand assumes you previously ranterraform plan -out main.tfplan. - If you specified a different filename for the
-outparameter, use that same filename in the call toterraform apply. - If you didn't use the
-outparameter, callterraform applywithout any parameters.
7. Verify the results
From the output of the
terraform applycommand, you see values for the following:- Virtual machine FQDN
- Jumpbox FQDN
- Jumpbox IP address
Browse to the virtual machine URL to confirm a default page with the text Welcome to nginx!.
Use SSH to connect to the jumpbox VM using the user name defined in the variables file and the password you specified when you ran
terraform apply. For example:ssh azureuser@<ip_address>.
8. Clean up resources
Delete virtual machine scale set
When you no longer need the resources created via Terraform, do the following steps:
Run terraform plan and specify the
destroyflag.terraform plan -destroy -out main.destroy.tfplanKey points:
- The
terraform plancommand creates an execution plan, but doesn't execute it. Instead, it determines what actions are necessary to create the configuration specified in your configuration files. This pattern allows you to verify whether the execution plan matches your expectations before making any changes to actual resources. - The optional
-outparameter allows you to specify an output file for the plan. Using the-outparameter ensures that the plan you reviewed is exactly what is applied.
- The
Run terraform apply to apply the execution plan.
terraform apply main.destroy.tfplan
Delete Packer image and resource group
Run az group delete to delete the resource group used to contain the Packer image. The Packer image is also deleted.
az group delete --name myPackerImages --yes
Troubleshoot Terraform on Azure
Troubleshoot common problems when using Terraform on Azure