Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix 201-vmss-jumpbox (#275)

Browse Source 
* Fix 201-vmss-jumpbox
This commit is contained in:
Neil Ye
2023-11-17 17:39:39 +08:00
committed by GitHub
parent a09e5f225b
commit 256f1edff2
3 changed files with 160 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

280
quickstart/201-vmss-jumpbox/main.tf
View File

@@ -1,205 +1,209 @@
terraform { terraform {
required_version = ">=0.12" required_version = ">=0.12"
required_providers { required_providers {
azurerm = { azurerm = {
source = "hashicorp/azurerm" source = "hashicorp/azurerm"
version = "~>2.0" version = "~>2.0"
} }
} }
} }
provider "azurerm" { provider "azurerm" {
features {} features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
} }
resource "azurerm_resource_group" "vmss" { resource "azurerm_resource_group" "vmss" {
name = var.resource_group_name name = var.resource_group_name
location = var.location location = var.location
tags = var.tags tags = var.tags
} }
resource "random_string" "fqdn" { resource "random_string" "fqdn" {
length = 6 length = 6
special = false special = false
upper = false upper = false
number = false number = false
} }
resource "azurerm_virtual_network" "vmss" { resource "azurerm_virtual_network" "vmss" {
name = "vmss-vnet" name = "vmss-vnet"
address_space = ["10.0.0.0/16"] address_space = ["10.0.0.0/16"]
location = var.location location = var.location
resource_group_name = azurerm_resource_group.vmss.name resource_group_name = azurerm_resource_group.vmss.name
tags = var.tags tags = var.tags
} }
resource "azurerm_subnet" "vmss" { resource "azurerm_subnet" "vmss" {
name = "vmss-subnet" name = "vmss-subnet"
resource_group_name = azurerm_resource_group.vmss.name resource_group_name = azurerm_resource_group.vmss.name
virtual_network_name = azurerm_virtual_network.vmss.name virtual_network_name = azurerm_virtual_network.vmss.name
address_prefixes = ["10.0.2.0/24"] address_prefixes = ["10.0.2.0/24"]
} }
resource "azurerm_public_ip" "vmss" { resource "azurerm_public_ip" "vmss" {
name = "vmss-public-ip" name = "vmss-public-ip"
location = var.location location = var.location
resource_group_name = azurerm_resource_group.vmss.name resource_group_name = azurerm_resource_group.vmss.name
allocation_method = "Static" allocation_method = "Static"
domain_name_label = random_string.fqdn.result domain_name_label = random_string.fqdn.result
tags = var.tags tags = var.tags
} }
resource "azurerm_lb" "vmss" { resource "azurerm_lb" "vmss" {
name = "vmss-lb" name = "vmss-lb"
location = var.location location = var.location
resource_group_name = azurerm_resource_group.vmss.name resource_group_name = azurerm_resource_group.vmss.name
frontend_ip_configuration { frontend_ip_configuration {
name = "PublicIPAddress" name = "PublicIPAddress"
public_ip_address_id = azurerm_public_ip.vmss.id public_ip_address_id = azurerm_public_ip.vmss.id
} }
tags = var.tags tags = var.tags
} }
resource "azurerm_lb_backend_address_pool" "bpepool" { resource "azurerm_lb_backend_address_pool" "bpepool" {
loadbalancer_id = azurerm_lb.vmss.id loadbalancer_id = azurerm_lb.vmss.id
name = "BackEndAddressPool" name = "BackEndAddressPool"
} }
resource "azurerm_lb_probe" "vmss" { resource "azurerm_lb_probe" "vmss" {
resource_group_name = azurerm_resource_group.vmss.name resource_group_name = azurerm_resource_group.vmss.name
loadbalancer_id = azurerm_lb.vmss.id loadbalancer_id = azurerm_lb.vmss.id
name = "ssh-running-probe" name = "ssh-running-probe"
port = var.application_port port = var.application_port
} }
resource "azurerm_lb_rule" "lbnatrule" { resource "azurerm_lb_rule" "lbnatrule" {
resource_group_name = azurerm_resource_group.vmss.name resource_group_name = azurerm_resource_group.vmss.name
loadbalancer_id = azurerm_lb.vmss.id loadbalancer_id = azurerm_lb.vmss.id
name = "http" name = "http"
protocol = "Tcp" protocol = "Tcp"
frontend_port = var.application_port frontend_port = var.application_port
backend_port = var.application_port backend_port = var.application_port
backend_address_pool_id = azurerm_lb_backend_address_pool.bpepool.id backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id]
frontend_ip_configuration_name = "PublicIPAddress" frontend_ip_configuration_name = "PublicIPAddress"
probe_id = azurerm_lb_probe.vmss.id probe_id = azurerm_lb_probe.vmss.id
} }
resource "azurerm_virtual_machine_scale_set" "vmss" { resource "azurerm_virtual_machine_scale_set" "vmss" {
name = "vmscaleset" name = "vmscaleset"
location = var.location location = var.location
resource_group_name = azurerm_resource_group.vmss.name resource_group_name = azurerm_resource_group.vmss.name
upgrade_policy_mode = "Manual" upgrade_policy_mode = "Manual"
sku { sku {
name = "Standard_DS1_v2" name = "Standard_DS1_v2"
tier = "Standard" tier = "Standard"
capacity = 2 capacity = 2
} }
storage_profile_image_reference { storage_profile_image_reference {
publisher = "Canonical" publisher = "Canonical"
offer = "UbuntuServer" offer = "UbuntuServer"
sku = "16.04-LTS" sku = "16.04-LTS"
version = "latest" version = "latest"
} }
storage_profile_os_disk { storage_profile_os_disk {
name = "" name = ""
caching = "ReadWrite" caching = "ReadWrite"
create_option = "FromImage" create_option = "FromImage"
managed_disk_type = "Standard_LRS" managed_disk_type = "Standard_LRS"
} }
storage_profile_data_disk { storage_profile_data_disk {
lun = 0 lun = 0
caching = "ReadWrite" caching = "ReadWrite"
create_option = "Empty" create_option = "Empty"
disk_size_gb = 10 disk_size_gb = 10
} }
os_profile { os_profile {
computer_name_prefix = "vmlab" computer_name_prefix = "vmlab"
admin_username = var.admin_user admin_username = var.admin_user
admin_password = var.admin_password admin_password = var.admin_password
custom_data = file("web.conf") custom_data = file("web.conf")
} }
os_profile_linux_config { os_profile_linux_config {
disable_password_authentication = false disable_password_authentication = false
} }
network_profile { network_profile {
name = "terraformnetworkprofile" name = "terraformnetworkprofile"
primary = true primary = true
ip_configuration { ip_configuration {
name = "IPConfiguration" name = "IPConfiguration"
subnet_id = azurerm_subnet.vmss.id subnet_id = azurerm_subnet.vmss.id
load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id] load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id]
primary = true primary = true
} }
} }
tags = var.tags tags = var.tags
} }
resource "azurerm_public_ip" "jumpbox" { resource "azurerm_public_ip" "jumpbox" {
name = "jumpbox-public-ip" name = "jumpbox-public-ip"
location = var.location location = var.location
resource_group_name = azurerm_resource_group.vmss.name resource_group_name = azurerm_resource_group.vmss.name
allocation_method = "Static" allocation_method = "Static"
domain_name_label = "${random_string.fqdn.result}-ssh" domain_name_label = "${random_string.fqdn.result}-ssh"
tags = var.tags tags = var.tags
} }
resource "azurerm_network_interface" "jumpbox" { resource "azurerm_network_interface" "jumpbox" {
name = "jumpbox-nic" name = "jumpbox-nic"
location = var.location location = var.location
resource_group_name = azurerm_resource_group.vmss.name resource_group_name = azurerm_resource_group.vmss.name
ip_configuration { ip_configuration {
name = "IPConfiguration" name = "IPConfiguration"
subnet_id = azurerm_subnet.vmss.id subnet_id = azurerm_subnet.vmss.id
private_ip_address_allocation = "dynamic" private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.jumpbox.id public_ip_address_id = azurerm_public_ip.jumpbox.id
} }
tags = var.tags tags = var.tags
} }
resource "azurerm_virtual_machine" "jumpbox" { resource "azurerm_virtual_machine" "jumpbox" {
name = "jumpbox" name = "jumpbox"
location = var.location location = var.location
resource_group_name = azurerm_resource_group.vmss.name resource_group_name = azurerm_resource_group.vmss.name
network_interface_ids = [azurerm_network_interface.jumpbox.id] network_interface_ids = [azurerm_network_interface.jumpbox.id]
vm_size = "Standard_DS1_v2" vm_size = "Standard_DS1_v2"
storage_image_reference { storage_image_reference {
publisher = "Canonical" publisher = "Canonical"
offer = "UbuntuServer" offer = "UbuntuServer"
sku = "16.04-LTS" sku = "16.04-LTS"
version = "latest" version = "latest"
} }
storage_os_disk { storage_os_disk {
name = "jumpbox-osdisk" name = "jumpbox-osdisk"
caching = "ReadWrite" caching = "ReadWrite"
create_option = "FromImage" create_option = "FromImage"
managed_disk_type = "Standard_LRS" managed_disk_type = "Standard_LRS"
} }
os_profile { os_profile {
computer_name = "jumpbox" computer_name = "jumpbox"
admin_username = var.admin_user admin_username = var.admin_user
admin_password = var.admin_password admin_password = var.admin_password
} }
os_profile_linux_config { os_profile_linux_config {
disable_password_authentication = false disable_password_authentication = false
} }
tags = var.tags tags = var.tags
} }

2
quickstart/201-vmss-jumpbox/readme.md
View File

@@ -27,7 +27,7 @@ This template deploys an Azure virtual machine scale set with a jumpbox.
| `tags` | Map of the tags to use for the resources that are deployed | | `tags` | Map of the tags to use for the resources that are deployed |
| `application_port` | Port that you want to expose to the external load balancer | | `application_port` | Port that you want to expose to the external load balancer |
| `admin_user` | User name to use as the admin account on the VMs that will be part of the VM scale set | | `admin_user` | User name to use as the admin account on the VMs that will be part of the VM scale set |
| `admin_password` | Default password for admin account (NOTE: For security reasons, this value is not set in the plaintext variables.tf file.) | | `admin_password` | Default password for admin account |
## Example ## Example

32
quickstart/201-vmss-jumpbox/variables.tf
View File

@@ -1,31 +1,33 @@
variable "resource_group_name" { variable "resource_group_name" {
description = "Name of the resource group in which the resources will be created" description = "Name of the resource group in which the resources will be created"
default = "myResourceGroup" default = "myResourceGroup"
} }
variable "location" { variable "location" {
default = "eastus" default = "eastus"
description = "Location where resources will be created" description = "Location where resources will be created"
} }
variable "tags" { variable "tags" {
description = "Map of the tags to use for the resources that are deployed" description = "Map of the tags to use for the resources that are deployed"
type = map(string) type = map(string)
default = { default = {
environment = "codelab" environment = "codelab"
} }
} }
variable "application_port" { variable "application_port" {
description = "Port that you want to expose to the external load balancer" description = "Port that you want to expose to the external load balancer"
default = 80 default = 80
} }
variable "admin_user" { variable "admin_user" {
description = "User name to use as the admin account on the VMs that will be part of the VM scale set" description = "User name to use as the admin account on the VMs that will be part of the VM scale set"
default = "azureuser" default = "azureuser"
} }
variable "admin_password" { variable "admin_password" {
description = "Default password for admin account" description = "Default password for admin account"
} default = "ChangeMe123!"
sensitive = true
}