-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
132 lines (109 loc) · 4.02 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
locals {
security_group_id = length(var.security_group_ids) == 0 ? azurerm_network_security_group.dsf_base_sg.id : var.security_group_ids[0]
public_ip = azurerm_linux_virtual_machine.vm.public_ip_address
private_ip = azurerm_linux_virtual_machine.vm.private_ip_address
install_script = templatefile("${path.module}/setup.tftpl", {
vault_name = azurerm_key_vault.vault.name
admin_registration_password_secret_name = azurerm_key_vault_secret.admin_analytics_registration_password.name
admin_ssh_password_secret_name = azurerm_key_vault_secret.ssh_password.name
})
readiness_script = templatefile("${path.module}/readiness.tftpl", {
admin_server_public_ip = try(local.public_ip, local.private_ip)
})
}
resource "azurerm_network_interface" "nic" {
name = var.name
resource_group_name = var.resource_group.name
location = var.resource_group.location
ip_configuration {
name = join("-", [var.name, "nic"])
subnet_id = var.subnet_id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = try(azurerm_public_ip.vm_public_ip[0].id, null)
}
tags = var.tags
}
resource "azurerm_network_interface_security_group_association" "nic_sg_association" {
network_interface_id = azurerm_network_interface.nic.id
network_security_group_id = local.security_group_id
}
resource "azurerm_public_ip" "vm_public_ip" {
count = var.attach_persistent_public_ip ? 1 : 0
name = join("-", [var.name, "public", "ip"])
resource_group_name = var.resource_group.name
location = var.resource_group.location
sku = "Standard"
allocation_method = "Static"
tags = var.tags
}
resource "azurerm_linux_virtual_machine" "vm" {
name = var.name
resource_group_name = var.resource_group.name
location = var.resource_group.location
size = var.instance_size
admin_username = local.vm_user
network_interface_ids = [
azurerm_network_interface.nic.id
]
admin_ssh_key {
public_key = var.ssh_public_key
username = local.vm_user
}
os_disk {
disk_size_gb = var.storage_details.disk_size
caching = var.storage_details.volume_caching
storage_account_type = var.storage_details.storage_account_type
}
source_image_id = local.image_id
identity {
type = "UserAssigned"
identity_ids = [
azurerm_user_assigned_identity.user_assigned_identity.id
]
}
custom_data = base64encode(local.install_script)
# Ignore changes to the custom_data attribute (Don't replace on userdata change)
lifecycle {
ignore_changes = [
custom_data
]
}
tags = var.tags
}
resource "azurerm_user_assigned_identity" "user_assigned_identity" {
name = var.name
location = var.resource_group.location
resource_group_name = var.resource_group.name
}
data "azurerm_subscription" "subscription" {}
resource "azurerm_role_assignment" "vm_identity_role_assignment" {
scope = data.azurerm_subscription.subscription.id
principal_id = azurerm_user_assigned_identity.user_assigned_identity.principal_id
role_definition_name = "Storage Blob Data Reader"
}
module "statistics" {
source = "./_modules/azurerm/statistics"
count = var.send_usage_statistics ? 1 : 0
deployment_name = var.name
product = "DRA"
resource_type = "dra-admin"
artifact = local.image_id
location = var.resource_group.location
}
resource "null_resource" "readiness" {
provisioner "local-exec" {
command = local.readiness_script
interpreter = ["/bin/bash", "-c"]
}
depends_on = [
azurerm_linux_virtual_machine.vm,
module.statistics
]
}
module "statistics_success" {
source = "./_modules/azurerm/statistics"
count = var.send_usage_statistics ? 1 : 0
id = module.statistics[0].id
status = "success"
depends_on = [null_resource.readiness]
}