From c83f2a323524406aa5ed6564bdc60842b53eeebb Mon Sep 17 00:00:00 2001 From: karim mdmirajul Date: Mon, 6 Nov 2023 17:17:09 +0200 Subject: [PATCH] create full-func vm Signed-off-by: karim mdmirajul --- terraform/azure-ghaf-infra.tf | 131 +++++++++++++++++++++++++++------- terraform/outputs.tf | 4 +- terraform/providers.tf | 4 +- terraform/variables.tf | 2 +- 4 files changed, 110 insertions(+), 31 deletions(-) diff --git a/terraform/azure-ghaf-infra.tf b/terraform/azure-ghaf-infra.tf index 0724b253..580dab5e 100644 --- a/terraform/azure-ghaf-infra.tf +++ b/terraform/azure-ghaf-infra.tf @@ -1,36 +1,57 @@ # SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) # # SPDX-License-Identifier: Apache-2.0 - # Resource group -resource "azurerm_resource_group" "rg" { - name = "ghaf-infra-terraform-dev" +resource "azurerm_resource_group" "ghaf_infra_tf_dev" { + name = "ghaf-infra-tf-dev" location = var.resource_group_location } -# Create VN -resource "azurerm_virtual_network" "ghaf-infra-vnet" { - name = "ghaf-infra-terraform-dev-vnet" - address_space = ["10.3.0.0/24"] - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name -} - - -# Create public IPs -resource "azurerm_public_ip" "ghafhydra_terraform_public_ip" { - name = "ghaf-infra-terraform-dev-ip" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name +# Create VN +resource "azurerm_virtual_network" "ghaf_infra_tf_vnet" { + name = "ghaf-infra-tf-vnet" + address_space = ["10.0.0.0/16"] + location = var.resource_group_location + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name +} +# Create Subnet +resource "azurerm_subnet" "ghaf_infra_tf_subnet" { + name = "ghaf-infra-tf-subnet" + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name + virtual_network_name = azurerm_virtual_network.ghaf_infra_tf_vnet.name + address_prefixes = ["10.0.2.0/24"] +} +# Network interface +resource "azurerm_network_interface" "ghaf_infra_tf_network_interface" { + name = "ghaf-infratf286-z1" + location = var.resource_group_location + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name + ip_configuration { + name = "my_nic_configuration" + subnet_id = azurerm_subnet.ghaf_infra_tf_subnet.id + private_ip_address_allocation = "Dynamic" + public_ip_address_id = azurerm_public_ip.ghaf_infra_tf_public_ip.id + } +} +# Create Availability Set +resource "azurerm_availability_set" "ghaf_infra_tf_availability_set" { + name = "ghaf-infra-tf-availability-set" + location = var.resource_group_location + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name + platform_fault_domain_count = 2 + platform_update_domain_count = 2 +} +# Create Public IPs +resource "azurerm_public_ip" "ghaf_infra_tf_public_ip" { + name = "ghaf-infra-tf-public-ip" + location = var.resource_group_location + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name allocation_method = "Dynamic" } - - -# Create Network SG and rule -resource "azurerm_network_security_group" "ghafhydra_terraform_nsg" { - name = "ghaf-infra-terraform-dev-nsg" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - +# Create Network Security Group and rule +resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" { + name = "ghaf-infra-tf-nsg" + location = var.resource_group_location + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name security_rule { name = "SSH" priority = 300 @@ -43,4 +64,62 @@ resource "azurerm_network_security_group" "ghafhydra_terraform_nsg" { destination_address_prefix = "*" } } - +# Create Storage Account +resource "azurerm_storage_account" "ghafinfra_tf_storage_account" { + name = "ghafinfrastorage" + location = var.resource_group_location + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name + account_tier = "Standard" + account_replication_type = "LRS" +} +# Create Linux Virtual Machine +resource "azurerm_linux_virtual_machine" "ghafinfra_tf" { + name = "ghafinfratf" + location = var.resource_group_location + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name + availability_set_id = azurerm_availability_set.ghaf_infra_tf_availability_set.id + network_interface_ids = [ + azurerm_network_interface.ghaf_infra_tf_network_interface.id + ] + size = "Standard_B8ms" + os_disk { + name = "ghafinfratfdisk1" + caching = "ReadWrite" + storage_account_type = "Premium_LRS" + disk_size_gb = 512 + } + source_image_reference { + publisher = "canonical" + offer = "0001-com-ubuntu-server-jammy" + sku = "22_04-lts-gen2" + version = "latest" + } + admin_username = "karim" + disable_password_authentication = true + admin_ssh_key { + username = "karim" + public_key = file("~/.ssh/id_rsa_nixos.pub") + } +} +# Create Custom Script Extension +resource "azurerm_virtual_machine_extension" "customScript" { + name = "customScript" + virtual_machine_id = azurerm_linux_virtual_machine.ghafinfra_tf.id + publisher = "Microsoft.Azure.Extensions" + type = "CustomScript" + type_handler_version = "2.1" + settings = jsonencode({ + commandToExecute = <<-SCRIPT + #!/bin/bash + sudo apt-get update + sudo apt-get install -y apache2 + mkdir -p /home/karim/.ssh + echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDe5L8iOqhNPsYz5eh9Bz/URYguG60JjMGmKG0wwLIb6Gf2M8Txzk24ESGbMR/F5RYsV1yWYOocL47ngDWQIbO6MGJ7ftUr7slWoUA/FSVwh/jsG681mRqIuJXjKM/YQhBkI9k6+eVxRfLDTs5XZfbwdm7T4aP8ZI2609VY0guXfa/F7DSE1BxN7IJMn0CWLQJanBpoYUxqyQXCUXgljMokdPjTrqAxlBluMsVTP+ZKDnjnpHcVE/hCKk5BxaU6K97OdeIOOEWXAd6uEHssomjtU7+7dhiZzjhzRPKDiSJDF9qtIw50kTHz6ZTdH8SAZmu0hsS6q8OmmDTAnt24dFJV karim@nixos' >> /home/karim/.ssh/authorized_keys + chown -R karim:karim /home/karim/.ssh + chmod 700 /home/karim/.ssh + chmod 600 /home/karim/.ssh/authorized_keys + sed -i 's/\s*PasswordAuthentication\s\+yes/PasswordAuthentication no/' /etc/ssh/sshd_config + systemctl restart sshd + SCRIPT + }) +} \ No newline at end of file diff --git a/terraform/outputs.tf b/terraform/outputs.tf index 5689a6ba..0720668f 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -3,9 +3,9 @@ # SPDX-License-Identifier: Apache-2.0 output "resource_group_name" { - value = azurerm_resource_group.rg.name + value = azurerm_resource_group.ghaf_infra_tf_dev.name } output "resource_group_location" { - value = azurerm_resource_group.rg.location + value = var.resource_group_location } diff --git a/terraform/providers.tf b/terraform/providers.tf index 6e9e9206..8f976809 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -9,10 +9,10 @@ provider "azurerm" { terraform { required_providers { azurerm = { - source = "hashicorp/azurerm" + source = "hashicorp/azurerm" } sops = { - source = "carlpett/sops" + source = "carlpett/sops" } } } diff --git a/terraform/variables.tf b/terraform/variables.tf index f60249f2..0f408c7b 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -11,7 +11,7 @@ variable "resource_group_location" { variable "resourcegroup" { description = "The Azure Resource Group Name within your Subscription in which this resource will be created." - default = "ghaf-infra-swe" + default = "ghaf-infra-swe" } variable "resource_group_name_prefix" {