-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathmain.tf
More file actions
213 lines (188 loc) · 7.59 KB
/
Copy pathmain.tf
File metadata and controls
213 lines (188 loc) · 7.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
##############################################################################
# HashiCorp PTFE instlation Demo
#
# This Terraform configuration will create the following:
#
# * Resource group with a virtual network and subnet
# * A HashiCorp ptfe server
# *
##############################################################################
# Shared infrastructure resources
# First we'll create a resource group. In Azure every resource belongs to a
# resource group. Think of it as a container to hold all your resources.
# You can find a complete list of Azure resources supported by Terraform here:
# https://www.terraform.io/docs/providers/azurerm/
#this change doesnt do anything
provider "azurerm" {
features {
}
}
resource "azurerm_resource_group" "ptfe" {
name = var.resource_group
location = var.location
}
# The next resource is a Virtual Network. We can dynamically place it into the
# resource group without knowing its name ahead of time. Terraform handles all
# of that for you, so everything is named consistently every time. Say goodbye
# to weirdly-named mystery resources in your Azure Portal. To see how all this
# works visually, run `terraform graph` and copy the output into the online
# GraphViz tool: http://www.webgraphviz.com/
resource "azurerm_virtual_network" "vnet" {
name = var.virtual_network_name
location = azurerm_resource_group.ptfe.location
address_space = ["${var.address_space}"]
resource_group_name = azurerm_resource_group.ptfe.name
}
# Next we'll build a subnet to run our VMs in. These variables can be defined
# via environment variables, a config file, or command line flags. Default
# values will be used if the user does not override them. You can find all the
# default variables in the variables.tf file. You can customize this demo by
# making a copy of the terraform.tfvars.example file.
resource "azurerm_subnet" "subnet" {
name = "${var.demo_prefix}subnet"
virtual_network_name = azurerm_virtual_network.vnet.name
resource_group_name = azurerm_resource_group.ptfe.name
address_prefixes = [var.subnet_prefix]
}
##############################################################################
# HashiCorp ptfe Server
#
# Now that we have a network, we'll deploy a stand-alone HashiCorp ptfe
# server.
# An Azure Virtual Machine has several components. In this example we'll build
# a security group, a network interface, a public ip address, a storage
# account and finally the VM itself. Terraform handles all the dependencies
# automatically, and each resource is named with user-defined variables.
# Security group to allow inbound access on port 8200,443,80,22 and 9870-9880
resource "azurerm_network_security_group" "ptfe-sg" {
name = "${var.demo_prefix}-sg"
location = var.location
resource_group_name = azurerm_resource_group.ptfe.name
security_rule {
name = "ptfe-https"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "ptfe-setup"
priority = 101
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "8800"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "SSH"
priority = 102
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "HTTP"
priority = 103
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "ptfe-run"
priority = 104
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "9870-9880"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
# A network interface. This is required by the azurerm_virtual_machine
# resource. Terraform will let you know if you're missing a dependency.
resource "azurerm_network_interface" "ptfe-nic" {
name = "${var.demo_prefix}ptfe-nic"
location = var.location
resource_group_name = azurerm_resource_group.ptfe.name
# network_security_group_id = "${azurerm_network_security_group.ptfe-sg.id}"
ip_configuration {
name = "${var.demo_prefix}ipconfig"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.ptfe-pip.id
}
}
# Every Azure Virtual Machine comes with a private IP address. You can also
# optionally add a public IP address for Internet-facing applications and
# demo environments like this one.
resource "azurerm_public_ip" "ptfe-pip" {
name = "${var.demo_prefix}-ip"
location = var.location
resource_group_name = azurerm_resource_group.ptfe.name
allocation_method = "Dynamic"
domain_name_label = var.hostname
}
# And finally we build our ptfe server. This is a standard Ubuntu instance.
# We use the shell provisioner to run a Bash script that configures ptfe for
# the demo environment. Terraform supports several different types of
# provisioners including Bash, Powershell and Chef.
resource "azurerm_virtual_machine" "ptfe" {
name = "${var.hostname}-ptfe"
location = var.location
resource_group_name = azurerm_resource_group.ptfe.name
vm_size = var.vm_size
network_interface_ids = ["${azurerm_network_interface.ptfe-nic.id}"]
delete_os_disk_on_termination = "true"
storage_image_reference {
publisher = var.image_publisher
offer = var.image_offer
sku = var.image_sku
version = var.image_version
}
storage_os_disk {
name = "${var.hostname}-osdisk"
managed_disk_type = "Standard_LRS"
caching = "ReadWrite"
create_option = "FromImage"
disk_size_gb = var.storage_disk_size
}
os_profile {
computer_name = var.hostname
admin_username = var.admin_username
admin_password = var.admin_password
}
os_profile_linux_config {
disable_password_authentication = false
}
# This shell script starts a ptfe install
provisioner "remote-exec" {
inline = [
"curl https://install.terraform.io/ptfe/stable > install_ptfe.sh",
"curl https://get.replicated.com/terraformenterpriseha/stable/kubernetes-init > install_ptfe.sh",
"chmod 500 install_ptfe.sh",
"sudo ./install_ptfe.sh no-proxy bypass-storagedriver-warnings ",
]
connection {
type = "ssh"
user = var.admin_username
password = var.admin_password
host = azurerm_public_ip.ptfe-pip.fqdn
}
}
}