by Jake Walsh, CTA

This post is a follow up to a recent CUGC User Share Webinar (available here), where we discussed an overview of Terraform, how it works, some getting started tips, and then discussed the use cases for the Citrix Administrator.

Within this post, I’ll aim to answer some of the questions that came up and include additional links and resources to help you get started and learn more about Terraform.

Getting Started:

Within the webinar overview of Terraform, many of the questions were around getting started with Terraform, and understanding that initial process for things like installation, creating code, and getting started the right way (follow best practice for example).

To help with this, I’ve broken this down into 5 simple steps – with some links and resources to guide you:

1. Tooling Setup – this step is really important, and ensures you have everything in place to work with Terraform. To follow the examples in the Webinar, you will need the following installed:
   • Terraform
   • Azure CLI
   • Visual Studio Code

As I mentioned during the overview of Terraform webinar, I use Chocolatey (https://chocolatey.org/) to install these on my machine – and a script to do this for you is available here (just run this PowerShell script as Admin, and it will install Chocolatey and the above apps): https://github.com/jakewalsh90/Terraform-Azure/blob/main/Chocolatey-Setup/TerraformApps.ps1

2. Prepare your Cloud Environment – in my case, this is Microsoft Azure. Before running Terraform, ensure that you have a Subscription to deploy into, and the necessary permissions (both in terms of RBAC, and to actually use the Subscription!). When ready to deploy, you’ll need to use a few Azure CLI Commands – these are outlined and explained below:
   • Az Login – this will open a browser and allow you to log into Azure
   • Az account set – subscription “my subscription ID or name” – this will set the required Subscription. Note, if you only have 1 Subscription, you can skip this step.

3. Start with a Template. This one is really important too. I would recommend starting with a pre-made template you can deploy and learn from. No need to spend hours creating something – just deploy a known working template that you can use to learn and understand the process (the code understanding will come later but understanding the process around it first is a good way to start.)
   • To make things easier – I have a range of environments within a GitHub Repo. I would recommend deploying this one, called “Single Region Azure BaseLab”: https://github.com/jakewalsh90/Terraform-Azure/tree/main/Single-Region-Azure-BaseLab

The above template will give you a ready to go Azure environment, similar to the one below:

4. This is the most important step – have fun! Here’s a few things you can try that will help you learn more and gain an understanding of the code:
   • Try adjusting Resources – changing names, sizes, configurations, variables etc.
   • Add additional Resources – template only has 1 VM? Set yourself a challenge to make it two.
   • Modify Templates – try adjusting templates and becoming familiar with modification.
   • Create your own – start small and expand gradually with your own environment and testing.

5. Finally – an important step, remember to destroy lab resources when you are finished. This helps keep lab environment costs down and avoids unexpected bills due to forgotten resources. Using Terraform like this allows you to have a cost-effective deployment – particularly when learning.

Webinar Questions:

A few specific questions came up in the overview of Terraform Webinar, so I will do my best to answer those below!

Q: Can you reverse engineer an environment that is already built using Terraform?
A: At the current time, there is no way to import a whole environment and generate code automatically within Terraform. However, you can import Resources into your State File. (Check out this link which explains the import command: https://www.terraform.io/cli/commands/import). Some third party options to do exist though – there is a tool call Azure Terrafy, which can import from Azure and generate a configuration – I’ve previously blogged on this and it works really well: https://jakewalsh.co.uk/testing-out-azure-terrafy/

Q: Can you run configurations in a “try” mode to see what will happen?
A: Yes, you can! This would be covered by the Terraform Plan command (https://www.terraform.io/cli/commands/plan) which will outline all of the changes that Terraform will carry out, if you run apply. It’s worth noting you can also use Plan with an output – so that changes will be logged to a file and can be reviewed and applied at a later date.

Q: Is there a way to secure, for example, an NSG automatically with your own Public IP?
A: Yes! And this is something I would absolutely recommend looking into for lab environments in particular. Often with lab and learning environments, to save costs, some services (Think of things like Jump Hosts, Firewalls, Azure Bastion etc.) may be omitted to save costs. So, building in basic security controls becomes evermore important. Within Terraform there is a Resource we can utilise for this, which can pull HTTP data from a specified source – and then use that data within our Code.

In my example, I have used a website that tells you your public IP address, and then uses that information within a Network Security Group in Azure – https://github.com/jakewalsh90/Terraform-Azure/tree/main/Automatic-ClientIP-NSG

Q: Can you use Terraform to automatically split Virtual Networks, Subnets, and assign Static IP addresses?
A: Once again, yes you can! There are two main functions you will need to use for this – cidrhost and cidrsubnet. These allow you to generate Static IP addresses and Network Ranges from a single network range (which is often provided as a variable). In the following examples, from a single Variable (which is used as the CIDR Range for a whole Azure Region) I can generate Virtual Network and Subnet Ranges, and Static IP Addresses for various elements too. See https://github.com/jakewalsh90/Terraform-Azure/tree/main/CIDRSubnet-Demo and https://github.com/jakewalsh90/Terraform-Azure/tree/main/CIDRHost-Demo.

Keep on Learning:

• Terraform Getting Started Blog Series – https://jakewalsh.co.uk/category/terraform-getting-started/
• A range of Sample Environments I have created – https://github.com/jakewalsh90/Terraform-Azure
• HashiCorp Learn – this is an awesome place to learn more! https://learn.hashicorp.com/
• If you like Terraform, and are working with the creation of images – I would recommend also checking out Packer: https://www.packer.io/

Thanks!

Thanks for reading through – we will hopefully have more Webinars on Terraform soon, in the meantime, check out the awesome list of upcoming CUGC Events – https://mycugc.org/events

Suggested post: https://blogs.mycugc.org/2022/02/03/windows-build-automation-with-packer-powershell-2022-redux/ by CTA Owen Reynolds.