rtyler
/
azure
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial work on prototyping terraform for managing Azure resources

This commit is contained in:
R. Tyler Croy 2016-11-16 14:02:58 -08:00
parent 9cf990aeaa
commit acdddb1a1e
No known key found for this signature in database
GPG Key ID: 1426C7DC3F51E16F
6 changed files with 104 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -3,3 +3,5 @@
*.tfstate.backup
*.html
.ruby-*
*.sw*
.*.json

70
HACKING.adoc Normal file
View File

@ -0,0 +1,70 @@
= Azure tooling setup
This document is meant to outline how you can set up your local environment for
hacking on the Azure tooling for the Jenkins project infrastructure.
All examples below for setting up Azure resources are done with the
link:https://github.com/azure/azure-cli[azure-cli].
== Setting up Terraform
link:http://terraform.io[Terraform]
can be used via the
link:https://www.terraform.io/docs/providers/azurerm/index.html[AzureRM provider]
which comes built in with recent versions of Terraform.
In order to authenticate against Azure, you must create some Azure Active
Directory and other related authentication and authorization objects.
*Generate an authentication token*
[source]
----
openssl rand -base64 24
----
This will be needed later, so don't lose it!
*Creating an OAuth Application*
[source]
----
az ad app create --display-name jenkins-terraform \
--homepage http://example.com/jenkins-terraform \
--identifier-uris http://example.com/jenkins-terraform \
--password $GENERATED_TOKEN
----
We can then retrieve the Application's ID, this assumes the
link:https://stedolan.github.io/jq/[jq]
tool is installed:
[source]
----
az ad app list -o json | jq -r '.[] | select(.displayName | contains("jenkins-terraform")) | .appId'
----
Since permissions cannot be directly granted to an application, we must create a
Service Principle associated with the application and grant permissions to that.
*Creating a Service Principle*
[source]
----
az ad sp create --id $(az ad app list -o json | jq -r '.[] | select(.displayName | contains("jenkins-terraform")) | .appId')
----
Once a Service Principle exists, we can grant the permissions on it:
[source]
----
----

6
Makefile Normal file
View File

@ -0,0 +1,6 @@
terraform:
$(MAKE) -C plans
.PHONY: terraform

13
plans/Makefile Normal file
View File

@ -0,0 +1,13 @@
VARFILE=../.azure-terraform.json
TERRAFORM=terraform
plan: validate
$(TERRAFORM) plan --var-file=$(VARFILE) .
validate:
$(TERRAFORM) validate --var-file=$(VARFILE) *.tf
.PHONY: validate plan

9
plans/releases-storage.tf Normal file
View File

@ -0,0 +1,9 @@
#
provider "azurerm" {
subscription_id = "${var.subscription_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
tenant_id = "${var.tenant_id}"
}

4
plans/variables.tf Normal file
View File

@ -0,0 +1,4 @@
variable "subscription_id" {}
variable "client_id" {}
variable "client_secret" {}
variable "tenant_id" {}