Skip to content

Commit

Permalink
Seeding repo
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexfeig
alexfeig committed Feb 1, 2019
0 parents commit bd3c2c1
Show file tree
Hide file tree
Showing 9 changed files with 445 additions and 0 deletions.
30 changes: 30 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Terraform - Avi Demo Environment
** NOTE: This is meant to be used with [Ansible Demo Spinner](https://github.com/alexfeig/avi-ansible-demo-spinner). If you don't wish to use it, please remove `azure_post_provision.tf` prior to running.

This Terraform environment will spin up:

* All required network security groups, vnets, and other required objects
* An Avi Controller in the version specified
* A user specified number of webservers running Ubuntu and Apache, with an index page indicating which server it is

Once done, it will make a call to Ansible for post provisioning configuration.

## Requirements

* Azure CLI - for OS X, [Homebrew is easiest](https://brew.sh/) is easiest
* SSH key placed in `/keys` that **matches** the value of your project name
* `terraform.tfvars` edited to your liking

## Sample TF Variables
Create a `terraform.tfvars` file with the following:

```avi_username = "alex"
controller_version = "17.2.14"
admin_password = "password"
admin_username = "alex"
project_name = "alex-tf"
ansible_playbook_path = "../ansible/demo_spinner/main.yml"
resource_group = "resource-group"
subscription_id = "1234"
tenant_id = "1234"
```
68 changes: 68 additions & 0 deletions azure_controller.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
resource "azurerm_network_interface" "controller_vnic" {
name = "${var.project_name}_controller"
location = "${var.azure_region}"
resource_group_name = "${var.resource_group}"
network_security_group_id = "${azurerm_network_security_group.nsg_controller.id}"

ip_configuration {
name = "${var.project_name}_controller"

subnet_id = "${element(azurerm_subnet.subnet.*.id, 1)}"
private_ip_address_allocation = "dynamic"
public_ip_address_id = "${azurerm_public_ip.controller_public_ip.id}"
}
}

data "template_file" "userdata" {
template = "${file("files/userdata.json")}"

vars {
password = "${var.admin_password}"
}
}

resource "azurerm_virtual_machine" "controller" {
name = "${var.project_name}_controller"
location = "${var.azure_region}"
resource_group_name = "${var.resource_group}"
network_interface_ids = ["${azurerm_network_interface.controller_vnic.id}"]
vm_size = "${var.controller_instance_size}"
delete_os_disk_on_termination = "true"
delete_data_disks_on_termination = "true"

storage_image_reference {
publisher = "avi-networks"
offer = "avi-vantage-adc"
sku = "avi-vantage-adc-byol"
version = "${var.controller_version}"
}

plan {
name = "avi-vantage-adc-byol"
publisher = "avi-networks"
product = "avi-vantage-adc"
}

storage_os_disk {
name = "${var.project_name}_controller"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Premium_LRS"
}

os_profile {
computer_name = "${var.project_name}-web-${count.index}"
admin_username = "${var.avi_username}"
admin_password = "${var.admin_password}"
custom_data = "${data.template_file.userdata.rendered}"
}

os_profile_linux_config {
disable_password_authentication = false

ssh_keys {
path = "/home/${var.avi_username}/.ssh/authorized_keys"
key_data = "${file("keys/${var.project_name}.pub")}"
}
}
}
21 changes: 21 additions & 0 deletions azure_network.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
resource "azurerm_virtual_network" "vnet" {
name = "${var.project_name}_vnet"
address_space = "${var.vnet_address}"
location = "${var.azure_region}"
resource_group_name = "${var.resource_group}"
}

resource "azurerm_subnet" "subnet" {
name = "${var.project_name}_${count.index}"
resource_group_name = "${var.resource_group}"
virtual_network_name = "${azurerm_virtual_network.vnet.name}"
address_prefix = "10.0.${count.index}.0/24"
count = "${var.web_count}"
}

resource "azurerm_public_ip" "controller_public_ip" {
name = "${var.project_name}_controller"
location = "${var.azure_region}"
resource_group_name = "${var.resource_group}"
public_ip_address_allocation = "dynamic"
}
95 changes: 95 additions & 0 deletions azure_nsg.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
resource "azurerm_network_security_group" "nsg_controller" {
name = "${var.project_name}-controller"
location = "${var.azure_region}"
resource_group_name = "${var.resource_group}"

security_rule {
name = "ssh"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}

security_rule {
name = "http"
priority = 1002
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
}

security_rule {
name = "https"
priority = 1003
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "*"
destination_address_prefix = "*"
}

security_rule {
name = "8443"
priority = 1004
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "8443"
source_address_prefix = "*"
destination_address_prefix = "*"
}

security_rule {
name = "ntp"
priority = 1005
direction = "Inbound"
access = "Allow"
protocol = "Udp"
source_port_range = "*"
destination_port_range = "123"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}

resource "azurerm_network_security_group" "nsg_web" {
name = "${var.project_name}-web"
location = "${var.azure_region}"
resource_group_name = "${var.resource_group}"

security_rule {
name = "ssh"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}

security_rule {
name = "http"
priority = 1002
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
17 changes: 17 additions & 0 deletions azure_post_provision.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
data "azurerm_public_ip" "controller" {
depends_on = ["azurerm_virtual_machine.controller"]
name = "${azurerm_public_ip.controller_public_ip.name}"
resource_group_name = "${var.resource_group}"
}

output "public_ip_address" {
value = "${data.azurerm_public_ip.controller.ip_address}"
}

resource "null_resource" "call_ansible" {
depends_on = ["azurerm_virtual_machine.controller"]

provisioner "local-exec" {
command = "ansible-playbook --ask-vault-pass ${var.ansible_playbook_path} -e cloud=azure -e {'${jsonencode("address")}: ${jsonencode(local.web_addresses)}'} -e avi_controller=${data.azurerm_public_ip.controller.ip_address} -e azure_rg_name=${var.resource_group} -e avi_password=${var.admin_password} -e azure_vnet=${azurerm_virtual_network.vnet.name} -e azure_se_subnet=${azurerm_subnet.subnet.0.name}"
}
}
78 changes: 78 additions & 0 deletions azure_web.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
resource "azurerm_network_interface" "web_vnic" {
name = "${var.project_name}_web_${count.index}"
location = "${var.azure_region}"
resource_group_name = "${var.resource_group}"
network_security_group_id = "${azurerm_network_security_group.nsg_web.id}"
count = "${var.web_count}"

ip_configuration {
name = "${var.project_name}_web_${count.index}"

subnet_id = "${element(azurerm_subnet.subnet.*.id, count.index)}"
private_ip_address_allocation = "dynamic"
}
}

resource "azurerm_virtual_machine" "web" {
name = "${var.project_name}_web_${count.index}"
location = "${var.azure_region}"
resource_group_name = "${var.resource_group}"
network_interface_ids = ["${element(azurerm_network_interface.web_vnic.*.id, count.index)}"]
vm_size = "${var.web_instance_size}"
delete_os_disk_on_termination = "true"
count = "${var.web_count}"

storage_os_disk {
name = "${var.project_name}_web_${count.index}"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Premium_LRS"
}

storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04.0-LTS"
version = "latest"
}

os_profile {
computer_name = "${var.project_name}-web-${count.index}"
admin_username = "${var.admin_username}"
}

os_profile_linux_config {
disable_password_authentication = true

ssh_keys {
path = "/home/${var.admin_username}/.ssh/authorized_keys"
key_data = "${file("keys/${var.project_name}.pub")}"
}
}
}

resource "azurerm_virtual_machine_extension" "apache" {
depends_on = ["azurerm_virtual_machine.web"]
name = "apache"
location = "${var.azure_region}"
resource_group_name = "${var.resource_group}"
virtual_machine_name = "${var.project_name}_web_${count.index}"
publisher = "Microsoft.Azure.Extensions"
type = "CustomScript"
type_handler_version = "2.0"
count = "${var.web_count}"

settings = <<SETTINGS
{
"commandToExecute": "sudo bash -c 'apt-get update && apt-get -y install apache2 && echo ${var.project_name}_web_${count.index} > /var/www/html/index.html'"
}
SETTINGS
}

locals {
web_addresses = "${azurerm_network_interface.web_vnic.*.private_ip_address}"
}

output "addresses" {
value = "${local.web_addresses}"
}
57 changes: 57 additions & 0 deletions files/userdata.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
{
"SystemConfiguration": [
{
"dns_configuration": {
"search_domain": "",
"server_list": [
{
"type": "V4",
"addr": "8.8.8.8"
}
]
},
"ntp_configuration": {
"ntp_servers": [
{
"server": {
"type": "DNS",
"addr": "0.us.pool.ntp.org"
}
},
{
"server": {
"type": "DNS",
"addr": "1.us.pool.ntp.org"
}
},
{
"server": {
"type": "DNS",
"addr": "2.us.pool.ntp.org"
}
},
{
"server": {
"type": "DNS",
"addr": "3.us.pool.ntp.org"
}
}
]
}
}
],
"InitialConfiguration": [
{
"user_initial_setup": false,
"setup_failed": false,
"error_message": ""
}
],

"User": [
{
"username": "admin",
"password": "${password}"
}
]
}
1 change: 1 addition & 0 deletions keys/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Put your SSH keys in here.
Loading

0 comments on commit bd3c2c1

Please sign in to comment.