github.com/anuvu/nomad@v0.8.7-atom1/terraform/azure/README.md (about) 1 # Provision a Nomad cluster on Azure 2 3 ## Pre-requisites 4 5 To get started, you will need to [create an Azure account](https://azure.microsoft.com/en-us/free/). 6 7 ## Install the Azure CLI 8 9 Run the following commands to install the Azure CLI. Note that you can use the 10 [Vagrant](../Vagrantfile) included in this repository to bootstrap a staging 11 environment that pre-installs the Azure CLI. 12 13 ```bash 14 $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | / 15 sudo tee /etc/apt/sources.list.d/azure-cli.list 16 $ sudo apt-key adv --keyserver packages.microsoft.com --recv-keys 417A0893 17 $ sudo apt-get install apt-transport-https 18 $ sudo apt-get update && sudo apt-get install azure-cli 19 ``` 20 21 ## Login to Azure 22 23 Use the `az login` CLI command to log in to Azure: 24 25 ```bash 26 $ az login 27 28 [ 29 { 30 "cloudName": "AzureCloud", 31 "id": "SUBSCRIPTION_ID", 32 "isDefault": true, 33 "name": "Free Trial", 34 "state": "Enabled", 35 "tenantId": "TENANT_ID", 36 "user": { 37 "name": "rob@hashicorp.com", 38 "type": "user" 39 } 40 } 41 ] 42 ``` 43 44 After completing the login process, take note of the values for `id` and 45 `tenantId` in the output above. These will be used to set the 46 `ARM_SUBSCRIPTION_ID` and `ARM_TENANT_ID` environment variables for Packer 47 and Terraform. 48 49 ## Create an Application Id and Password 50 51 Run the following CLI command to create an application Id and password: 52 53 ```bash 54 $ az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}" 55 56 { 57 "appId": "CLIENT_ID", 58 "displayName": "azure-cli-...", 59 "name": "http://azure-cli-...", 60 "password": "CLIENT_SECRET", 61 "tenant": "TENANT_ID" 62 } 63 ``` 64 65 The values for `appId` and `password` above will be used for the `ARM_CLIENT_ID` 66 and `ARM_CLIENT_SECRET` environment variables. 67 68 ## Create an Azure Resource Group 69 70 Use the following command to create an Azure [resource group](https://docs.microsoft.com/en-us/azure/azure-resource-manager/xplat-cli-azure-resource-manager#create-a-resource-group) for Packer: 71 72 ```bash 73 $ az group create --name packer --location "East US" 74 ``` 75 76 ## Set the Azure Environment Variables 77 78 ```bash 79 export ARM_SUBSCRIPTION_ID=[ARM_SUBSCRIPTION_ID] 80 export ARM_TENANT_ID=[ARM_TENANT_ID] 81 export ARM_CLIENT_ID=[ARM_CLIENT_ID] 82 export ARM_CLIENT_SECRET=[ARM_CLIENT_SECRET] 83 export AZURE_RESOURCE_GROUP=packer 84 ``` 85 86 ## Build an Azure machine image with Packer 87 88 [Packer](https://www.packer.io/intro/index.html) is HashiCorp's open source tool 89 for creating identical machine images for multiple platforms from a single 90 source configuration. The machine image created here can be customized through 91 modifications to the [build configuration file](packer.json) and the 92 [shell script](../shared/scripts/setup.sh). 93 94 Use the following command to build the machine image: 95 96 ```bash 97 $ packer build packer.json 98 ``` 99 100 After the Packer build process completes, you can retrieve the image Id using the 101 following CLI command: 102 103 ```bash 104 $ az image list --query "[?tags.Product=='Hashistack'].id" 105 106 [ 107 "/subscriptions/SUBSCRIPTION_ID/resourceGroups/PACKER/providers/Microsoft.Compute/images/hashistack" 108 ] 109 ``` 110 111 The following CLI command can be used to delete the image if necessary: 112 113 ```bash 114 $ az image delete --name hashistack --resource-group packer 115 ``` 116 117 ## Provision a cluster with Terraform 118 119 `cd` to an environment subdirectory: 120 121 ```bash 122 $ cd env/EastUS 123 ``` 124 125 Consul supports a cloud-based auto join feature which includes support for Azure. 126 The feature requires that we create a service principal with the `Reader` role. 127 Run the following command to create an Azure service principal for Consul auto join: 128 129 ```bash 130 $ az ad sp create-for-rbac --role="Reader" --scopes="/subscriptions/[SUBSCRIPTION_ID]" 131 132 { 133 "appId": "CLIENT_ID", 134 "displayName": "azure-cli-...", 135 "name": "http://azure-cli-...", 136 "password": "CLIENT_SECRET", 137 "tenant": "TENANT_ID" 138 } 139 ``` 140 141 Update `terraform.tfvars` with you SUBSCRIPTION_ID, TENANT_ID, CLIENT_ID and CLIENT_SECRET. Use the CLIENT_ID and CLIENT_SECRET created above for the service principal: 142 143 ```bash 144 location = "East US" 145 image_id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/PACKER/providers/Microsoft.Compute/images/hashistack" 146 vm_size = "Standard_DS1_v2" 147 server_count = 1 148 client_count = 4 149 retry_join = "provider=azure tag_name=ConsulAutoJoin tag_value=auto-join subscription_id=SUBSCRIPTION_ID tenant_id=TENANT_ID client_id=CLIENT_ID secret_access_key=CLIENT_SECRET" 150 ``` 151 152 Provision the cluster: 153 154 ```bash 155 $ terraform init 156 $ terraform get 157 $ terraform plan 158 $ terraform apply 159 ``` 160 161 ## Access the cluster 162 163 SSH to one of the servers using its public IP: 164 165 ```bash 166 $ ssh -i azure-hashistack.pem ubuntu@PUBLIC_IP 167 ``` 168 169 `azure-hashistack.pem` above is auto-created during the provisioning process. The 170 infrastructure that is provisioned for this test environment is configured to 171 allow all traffic over port 22. This is obviously not recommended for production 172 deployments. 173 174 ## Next steps 175 176 Click [here](../README.md#test) for next steps.