github.com/bigcommerce/nomad@v0.9.3-bc/terraform/azure/README.md (about) 1 # Provision a Nomad cluster on Azure 2 3 ## Pre-requisites 4 5 To get started, you will need to [create an Azure account](https://azure.microsoft.com/en-us/free/). 6 7 ## Install the Azure CLI 8 9 Run the following commands to install the Azure CLI. Note that you can use the 10 [Vagrant](../Vagrantfile) included in this repository to bootstrap a staging 11 environment that pre-installs the Azure CLI. 12 13 ```bash 14 $ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | / 15 sudo tee /etc/apt/sources.list.d/azure-cli.list 16 $ sudo apt-key adv --keyserver packages.microsoft.com --recv-keys 417A0893 17 $ sudo apt-get install apt-transport-https 18 $ sudo apt-get update && sudo apt-get install azure-cli 19 ``` 20 21 ## Login to Azure 22 23 Use the `az login` CLI command to log in to Azure: 24 25 ```bash 26 $ az login 27 28 [ 29 { 30 "cloudName": "AzureCloud", 31 "id": "SUBSCRIPTION_ID", 32 "isDefault": true, 33 "name": "Free Trial", 34 "state": "Enabled", 35 "tenantId": "TENANT_ID", 36 "user": { 37 "name": "rob@hashicorp.com", 38 "type": "user" 39 } 40 } 41 ] 42 ``` 43 44 After completing the login process, take note of the values for `id` and 45 `tenantId` in the output above. These will be used to set the 46 `ARM_SUBSCRIPTION_ID` and `ARM_TENANT_ID` environment variables for Packer 47 and Terraform. 48 49 ie. 50 ```bash 51 export ARM_SUBSCRIPTION_ID=SUBSCRIPTION_ID 52 export ARM_TENANT_ID=TENANT_ID 53 ``` 54 55 56 ## Create an Application Id and Password 57 58 Run the following CLI command to create an application Id and password: 59 60 ```bash 61 $ az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/${ARM_SUBSCRIPTION_ID}" 62 63 { 64 "appId": "CLIENT_ID", 65 "displayName": "azure-cli-...", 66 "name": "http://azure-cli-...", 67 "password": "CLIENT_SECRET", 68 "tenant": "TENANT_ID" 69 } 70 ``` 71 72 The values for `appId` and `password` above will be used for the `ARM_CLIENT_ID` 73 and `ARM_CLIENT_SECRET` environment variables. 74 75 ie. 76 ```bash 77 export ARM_CLIENT_ID=CLIENT_ID 78 export ARM_CLIENT_SECRET=CLIENT_SECRET 79 ``` 80 81 ## Create an Azure Resource Group 82 83 Use the following command to create an Azure [resource group](https://docs.microsoft.com/en-us/azure/azure-resource-manager/xplat-cli-azure-resource-manager#create-a-resource-group) for Packer: 84 85 ```bash 86 $ az group create --name packer --location "East US" 87 ``` 88 89 ## Set the Azure Environment Variables 90 91 Upto this point we already have set: 92 93 ```bash 94 export ARM_SUBSCRIPTION_ID=[ARM_SUBSCRIPTION_ID] 95 export ARM_TENANT_ID=[ARM_TENANT_ID] 96 export ARM_CLIENT_ID=[ARM_CLIENT_ID] 97 export ARM_CLIENT_SECRET=[ARM_CLIENT_SECRET] 98 ``` 99 100 We need to add a new one: 101 ```bash 102 export AZURE_RESOURCE_GROUP=packer 103 ``` 104 105 ## Build an Azure machine image with Packer 106 107 [Packer](https://www.packer.io/intro/index.html) is HashiCorp's open source tool 108 for creating identical machine images for multiple platforms from a single 109 source configuration. The machine image created here can be customized through 110 modifications to the [build configuration file](packer.json) and the 111 [shell script](../shared/scripts/setup.sh). 112 113 Use the following command to build the machine image: 114 115 ```bash 116 $ packer build packer.json 117 ``` 118 119 After the Packer build process completes, you can retrieve the image Id using the 120 following CLI command: 121 122 ```bash 123 $ az image list --query "[?tags.Product=='Hashistack'].id" 124 125 [ 126 "/subscriptions/SUBSCRIPTION_ID/resourceGroups/PACKER/providers/Microsoft.Compute/images/hashistack" 127 ] 128 ``` 129 130 The following CLI command can be used to delete the image if necessary: 131 132 ```bash 133 $ az image delete --name hashistack --resource-group packer 134 ``` 135 136 ## Provision a cluster with Terraform 137 138 `cd` to an environment subdirectory: 139 140 ```bash 141 $ cd env/EastUS 142 ``` 143 144 Consul supports a cloud-based auto join feature which includes support for Azure. 145 The feature requires that we create a service principal with the `Reader` role. 146 Run the following command to create an Azure service principal for Consul auto join: 147 148 ```bash 149 $ az ad sp create-for-rbac --role="Reader" --scopes="/subscriptions/[SUBSCRIPTION_ID]" 150 151 { 152 "appId": "CLIENT_ID", 153 "displayName": "azure-cli-...", 154 "name": "http://azure-cli-...", 155 "password": "CLIENT_SECRET", 156 "tenant": "TENANT_ID" 157 } 158 ``` 159 160 Update `terraform.tfvars` with you SUBSCRIPTION_ID, TENANT_ID, CLIENT_ID and CLIENT_SECRET. Use the CLIENT_ID and CLIENT_SECRET created above for the service principal: 161 162 ```bash 163 location = "East US" 164 image_id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/PACKER/providers/Microsoft.Compute/images/hashistack" 165 vm_size = "Standard_DS1_v2" 166 server_count = 1 167 client_count = 4 168 retry_join = "provider=azure tag_name=ConsulAutoJoin tag_value=auto-join subscription_id=SUBSCRIPTION_ID tenant_id=TENANT_ID client_id=CLIENT_ID secret_access_key=CLIENT_SECRET" 169 ``` 170 171 Provision the cluster: 172 173 ```bash 174 $ terraform init 175 $ terraform get 176 $ terraform plan 177 $ terraform apply 178 ``` 179 180 ## Access the cluster 181 182 SSH to one of the servers using its public IP: 183 184 ```bash 185 $ ssh -i azure-hashistack.pem ubuntu@PUBLIC_IP 186 ``` 187 188 `azure-hashistack.pem` above is auto-created during the provisioning process. The 189 infrastructure that is provisioned for this test environment is configured to 190 allow all traffic over port 22. This is obviously not recommended for production 191 deployments. 192 193 ## Next steps 194 195 Click [here](../README.md#test) for next steps.