Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working template

Browse Source
This commit is contained in:
Jeffrey Cline 2018-02-02 18:57:19 -08:00
parent 0ba5c18031
commit f3425a7e04
2 changed files with 526 additions and 577 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

427
solution_template/vm-linux-terraform/createUiDefinition.json
View File

@ -1,253 +1,174 @@
{
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
"handler": "Microsoft.Compute.MultiVm",
"version": "0.1.2-preview",
"parameters": {
"basics": [
{
"name": "vmName",
"type": "Microsoft.Common.TextBox",
"label": "Name",
"defaultValue": "terraform",
"toolTip": "",
"constraints": {
"required": true,
"regex": "^[a-z0-9A-Z]{1,54}$",
"validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-54 characters long."
},
"visible": true
},
{
"name": "userName",
"type": "Microsoft.Compute.UserNameTextBox",
"label": "User name",
"defaultValue": "",
"toolTip": "",
"constraints": {
"required": true
},
"osPlatform": "Linux",
"visible": true
},
{
"name": "authType",
"type": "Microsoft.Compute.CredentialsCombo",
"label": {
"authenticationType": "Authentication type",
"password": "Password",
"confirmPassword": "Confirm password",
"sshPublicKey": "SSH public key"
},
"toolTip": {
"authenticationType": "",
"password": "",
"sshPublicKey": ""
},
"constraints": {
"required": true,
"customPasswordRegex": "^(?=.*[A-Za-z])(?=.*\\d)[A-Za-z\\d@#\\$%\\^&\\*-_!+=\\[\\]\\{\\}\\|\\\\:',\\.\\?\\/`~\"\\(\\);]{8,}$",
"customValidationMessage": "The password must contain at least 8 characters, with at least 1 letter and 1 number. Alphanumerical (@#$%^&*-_!+=[]{}|\\:',.?/`~\"();)and special characters are allowed"
},
"options": {
"hideConfirmation": false,
"hidePassword": false
},
"osPlatform": "Linux",
"visible": true
}
],
"steps": [
{
"name": "firstStep",
"label": "Additional Settings",
"bladeTitle": "Additional Settings",
"subLabel": {
"preValidation": "",
"postValidation": "Done"
},
"elements": [
{
"name": "vmSize",
"type": "Microsoft.Compute.SizeSelector",
"label": "Size",
"toolTip": "",
"recommendedSizes": [
"Standard_DS2_v2",
"Standard_DS1_v2",
"Standard_DS11_v2"
],
"osPlatform": "Linux",
"count": 1,
"visible": true
},
{
"name": "vmDiskType",
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"defaultValue": "SSD",
"toolTip": "Premium disks (SSD) are backed by solid state drives and offer consistent, low-latency performance. They provide the best balance between price and performance, and are ideal for I/O-intensive applications and production workloads. Standard disks (HDD) are backed by magnetic drives and are preferable for applications where data is accessed infrequently.",
"constraints": {
"allowedValues": [
{
"label": "SSD",
"value": "Premium_LRS"
},
{
"label": "HDD",
"value": "Standard_LRS"
}
]
},
"visible": true
},
{
"name": "vnet",
"type": "Microsoft.Network.VirtualNetworkCombo",
"label": {
"virtualNetwork": "Virtual network",
"subnets": "Subnets"
},
"toolTip": {
"virtualNetwork": "",
"subnets": ""
},
"defaultValue": {
"name": "terraform-vnet",
"addressPrefixSize": "/16"
},
"constraints": {
"minAddressPrefixSize": "/24"
},
"subnets": {
"subnet1": {
"label": "Subset",
"defaultValue": {
"name": "terraform",
"addressPrefixSize": "/24"
},
"constraints": {
"minAddressPrefixSize": "/30",
"minAddressCount": 1,
"requireContiguousAddresses": true
}
}
}
}
]
},
{
"name": "secondStep",
"label": "Integration Settings",
"bladeTitle": "Terraform Integration Settings",
"subLabel": {
"preValidation": "",
"postValidation": "Done"
},
"elements": [
{
"name": "sptype",
"type": "Microsoft.Common.DropDown",
"label": "Service Pricipal Integration",
"defaultValue": "Auto(MSI)",
"toolTip": "The service pricipal will be added into Terraform as a credential for authenticating with Azure. 'Auto' means that the principal will be created by MSI (Managed Service Identity). 'Manual' means the principal should be created by user and be filled in below.",
"constraints": {
"allowedValues": [
{
"label": "Auto(MSI)",
"value": "msi"
},
{
"label": "Manual",
"value": "manual"
}
]
},
"visible": true
},
{
"name": "spSection",
"type": "Microsoft.Common.Section",
"label": "Service Principal",
"elements": [
{
"name": "principalId",
"type": "Microsoft.Common.TextBox",
"label": "Service Principal ID",
"defaultValue": "",
"toolTip": "",
"constraints": {
"required": true,
"regex": "^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$",
"validationMessage": "Must be a valid UUID."
},
"visible": true
},
{
"name": "spsecret",
"type": "Microsoft.Common.PasswordBox",
"label": {
"password":"Secret",
"confirmPassword": ""
},
"toolTip": "",
"options": {
"hideConfirmation": true
},
"visible": true
}
],
"visible": "[equals(steps('secondStep').sptype,'manual')]"
},
{
"name": "enableCloudAgents",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Cloud Agents",
"defaultValue": "VM",
"toolTip": "Add a default cloud template for agents. ACI: Azure Container Instance, VM: virtual machine.",
"constraints": {
"allowedValues": [
{
"label": "No",
"value": "no"
},
{
"label": "ACI",
"value": "aci"
},
{
"label": "VM",
"value": "vm"
}
]
},
"visible": true
}
]
}
],
"outputs": {
"adminPassword": "[basics('authType').password]",
"adminSSHPublicKey": "[basics('authType').sshPublicKey]",
"adminUserName": "[basics('userName')]",
"authenticationType": "[basics('authType').authenticationType]",
"publicIPName": "[steps('firstStep').publicIP.name]",
"publicIPNewOrExisting": "[steps('firstStep').publicIP.newOrExistingOrNone]",
"publicIPResourceGroup": "[steps('firstStep').publicIP.resourceGroup]",
"storageAccountType": "[steps('firstStep').vmDiskType]",
"vmName": "[basics('vmName')]",
"vmSize": "[steps('firstStep').vmSize]",
"location": "[location()]",
"spType": "[steps('secondStep').sptype]",
"principalId": "[steps('secondStep').spSection.principalId]",
"spSecret": "[steps('secondStep').spSection.spsecret]",
"enableCloudAgents": "[steps('secondStep').enableCloudAgents]",
"vnetName": "[steps('firstStep').vnet.name]",
"vnetResourceGroup": "[steps('firstStep').vnet.resourceGroup]",
"vnetAddressPrefix": "[steps('firstStep').vnet.addressPrefix]",
"vnetNewOrExisting": "[steps('firstStep').vnet.newOrExisting]",
"subnetName": "[steps('firstStep').vnet.subnets.subnet1.name]",
"subnetAddressPrefix": "[steps('firstStep').vnet.subnets.subnet1.addressPrefix]"
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
"handler": "Microsoft.Compute.MultiVm",
"version": "0.1.2-preview",
"parameters": {
"basics": [
{
"name": "vmName",
"type": "Microsoft.Common.TextBox",
"label": "Name",
"defaultValue": "Terraform",
"toolTip": "",
"constraints": {
"required": true,
"regex": "^[a-z0-9A-Z]{1,54}$",
"validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-54 characters long."
},
"visible": true
},
{
"name": "userName",
"type": "Microsoft.Compute.UserNameTextBox",
"label": "User name",
"defaultValue": "",
"toolTip": "",
"constraints": {
"required": true
},
"osPlatform": "Linux",
"visible": true
},
{
"name": "authType",
"type": "Microsoft.Compute.CredentialsCombo",
"label": {
"authenticationType": "Authentication type",
"password": "Password",
"confirmPassword": "Confirm password",
"sshPublicKey": "SSH public key"
},
"toolTip": {
"authenticationType": "",
"password": "",
"sshPublicKey": ""
},
"constraints": {
"required": true,
"customPasswordRegex": "^(?=.*[A-Za-z])(?=.*\\d)[A-Za-z\\d@#\\$%\\^&\\*-_!+=\\[\\]\\{\\}\\|\\\\:',\\.\\?\\/`~\"\\(\\);]{8,}$",
"customValidationMessage": "The password must contain at least 8 characters, with at least 1 letter and 1 number. Alphanumerical (@#$%^&*-_!+=[]{}|\\:',.?/`~\"();)and special characters are allowed"
},
"options": {
"hideConfirmation": false,
"hidePassword": false
},
"osPlatform": "Linux",
"visible": true
}
],
"steps": [
{
"name": "firstStep",
"label": "Virtual Machine Settings",
"bladeTitle": "Virtual Machine Settings",
"subLabel": {
"preValidation": "",
"postValidation": "Done"
},
"elements": [
{
"name": "vmSize",
"type": "Microsoft.Compute.SizeSelector",
"label": "Size",
"toolTip": "",
"recommendedSizes": [
"Standard_DS2_v2",
"Standard_DS1_v2",
"Standard_DS11_v2"
],
"osPlatform": "Linux",
"count": 1,
"visible": true
},
{
"name": "vmDiskType",
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"defaultValue": "SSD",
"toolTip": "Premium disks (SSD) are backed by solid state drives and offer consistent, low-latency performance. They provide the best balance between price and performance, and are ideal for I/O-intensive applications and production workloads. Standard disks (HDD) are backed by magnetic drives and are preferable for applications where data is accessed infrequently.",
"constraints": {
"allowedValues": [
{
"label": "SSD",
"value": "Premium_LRS"
},
{
"label": "HDD",
"value": "Standard_LRS"
}
]
},
"visible": true
},
{
"name": "sptype",
"type": "Microsoft.Common.DropDown",
"label": "Service Principal Integration",
"defaultValue": "Auto(MSI)",
"toolTip": "The service pricipal will be added into Terraform as a credential for authenticating with Azure. 'Auto' means that the principal will be created by MSI (Managed Service Identity). 'Manual' means the principal should be created by user and be filled in below.",
"constraints": {
"allowedValues": [
{
"label": "Auto(MSI)",
"value": "msi"
},
{
"label": "Manual",
"value": "manual"
}
]
},
"visible": true
},
{
"name": "spSection",
"type": "Microsoft.Common.Section",
"label": "Service Principal",
"elements": [
{
"name": "principalId",
"type": "Microsoft.Common.TextBox",
"label": "Application ID",
"defaultValue": "",
"toolTip": "",
"constraints": {
"required": true,
"regex": "^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$",
"validationMessage": "Must be a valid UUID."
},
"visible": true
},
{
"name": "spsecret",
"type": "Microsoft.Common.PasswordBox",
"label": {
"password":"Secret",
"confirmPassword": ""
},
"toolTip": "",
"options": {
"hideConfirmation": true
},
"visible": true
}
],
"visible": "[equals(steps('firstStep').sptype,'manual')]"
}
]
}
],
"outputs": {
"adminPassword": "[basics('authType').password]",
"adminSSHPublicKey": "[basics('authType').sshPublicKey]",
"adminUserName": "[basics('userName')]",
"authenticationType": "[basics('authType').authenticationType]",
"storageAccountType": "[steps('firstStep').vmDiskType]",
"vmName": "[basics('vmName')]",
"vmSize": "[steps('firstStep').vmSize]",
"location": "[location()]",
"spType": "[steps('firstStep').sptype]",
"principalId": "[steps('firstStep').spSection.principalId]",
"spSecret": "[steps('firstStep').spSection.spsecret]"
}
}
}

676
solution_template/vm-linux-terraform/mainTemplate.json
View File

@ -1,324 +1,352 @@
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"userName": {
"type": "string",
"metadata": {
"description": "Username for the Virtual Machine."
}
},
"authenticationType": {
"type": "string",
"defaultValue": "password",
"allowedValues": [
"password",
"sshPublicKey"
],
"metadata": {
"description": "Authentication type"
}
},
"adminPassword": {
"type": "securestring",
"defaultValue": "",
"metadata": {
"description": "Password for the Virtual Machine."
}
},
"sshPublicKey": {
"type": "securestring",
"defaultValue": "",
"metadata": {
"description": "ssh key for the Virtual Machine."
}
},
"vmSize": {
"type": "string",
"metadata": {
"description": "The size of the VM to create"
},
"defaultValue": "Standard_D1_V2"
},
"desktopInstall": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Installs Ubuntu Mate desktop GUI"
}
},
"_artifactsLocation": {
"type": "string",
"metadata": {
"description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated."
},
"defaultValue": "https://raw.githubusercontent.com/Azure/terraform/master/solution_template/vm-linux-terraform"
},
"_artifactsLocationSasToken": {
"type": "securestring",
"metadata": {
"description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated."
},
"defaultValue": ""
}
},
"variables": {
"dnsLabelPrefix": "[concat('msi',uniquestring(resourceGroup().id))]",
"infraStorageAccountName": "[take(concat('storeinfra', uniquestring(resourceGroup().id), variables('dnsLabelPrefix')),24)]",
"stateStorageAccountName": "[take(concat('storestate', uniquestring(resourceGroup().id), variables('dnsLabelPrefix')),24)]",
"nicName": "[concat('nic',uniquestring(resourceGroup().id))]",
"networkSecurityGroupName": "[concat('nsg',uniquestring(resourceGroup().id))]",
"addressPrefix": "10.0.0.0/16",
"subnetName": "Subnet",
"subnetPrefix": "10.0.0.0/24",
"publicIPAddressName": "[concat('pip',uniquestring(resourceGroup().id))]",
"vmName": "[concat('vm',uniquestring(resourceGroup().id))]",
"virtualNetworkName": "[concat('vnet',uniquestring(resourceGroup().id))]",
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[concat('/home/', parameters('userName'), '/.ssh/authorized_keys')]",
"keyData": "[parameters('sshPublicKey')]"
}
]
}
},
"contributor" : "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
"installParm1": "[concat(' -u ', parameters('userName'))]",
"installParm2": "[concat(' -s ', subscription().subscriptionId)]",
"installParm3": "[concat(' -a ', variables('stateStorageAccountName'))]",
"installParm4": "[if(equals(parameters('desktopInstall'), bool('true')), concat(' -d ', parameters('desktopInstall')), '')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('infraStorageAccountName')]",
"apiVersion": "2017-10-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
},
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('stateStorageAccountName')]",
"apiVersion": "2017-10-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
},
{
"apiVersion": "2017-11-01",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[resourceGroup().location]",
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "[variables('dnsLabelPrefix')]"
}
}
},
{
"apiVersion": "2017-11-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]"
}
}
]
}
},
{
"name": "[variables('networkSecurityGroupName')]",
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2017-11-01",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": [
{
"name": "default-allow-ssh",
"properties": {
"priority": 1000,
"sourceAddressPrefix": "*",
"protocol": "Tcp",
"destinationPortRange": "22",
"access": "Allow",
"direction": "Inbound",
"sourcePortRange": "*",
"destinationAddressPrefix": "*"
}
},
{
"name": "rdp-rule",
"properties": {
"description": "Allow RDP",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "Internet",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1001,
"direction": "Inbound"
}
}
]
}
},
{
"apiVersion": "2017-11-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
}
}
},
{
"apiVersion": "2017-12-01",
"type": "Microsoft.Compute/virtualMachines",
"name": "[variables('vmName')]",
"location": "[resourceGroup().location]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('userName')]",
"adminPassword": "[parameters('adminPassword')]",
"linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), json('null'), variables('linuxConfiguration'))]"
},
"storageProfile": {
"imageReference": {
"publisher": "Canonical",
"offer": "UbuntuServer",
"sku": "17.10",
"version": "latest"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('infraStorageAccountName')),'2016-12-01').primaryEndpoints.blob]"
}
}
}
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(variables('vmName'),'/MSILinuxExtension')]",
"apiVersion": "2017-12-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
],
"properties": {
"publisher": "Microsoft.ManagedIdentity",
"type": "ManagedIdentityExtensionForLinux",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"port": 50342
},
"protectedSettings": {}
}
},
{
"apiVersion": "2017-09-01",
"name": "[guid(resourceGroup().id)]",
"type": "Microsoft.Authorization/roleAssignments",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines/extensions/', variables('vmName'),'MSILinuxExtension')]"
],
"properties": {
"roleDefinitionId": "[variables('contributor')]",
"principalId": "[reference(concat(resourceId('Microsoft.Compute/virtualMachines/', variables('vmName')),'/providers/Microsoft.ManagedIdentity/Identities/default'),'2015-08-31-PREVIEW').principalId]",
"scope": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name)]"
}
},
{
"name": "[concat(variables('vmName'),'/customscriptextension')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2017-03-30",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Authorization/roleAssignments', guid(resourceGroup().id))]"
],
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"typeHandlerVersion": "2.0",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": [
"[concat(parameters('_artifactsLocation'), '/scripts/infra.sh', parameters('_artifactsLocationSasToken'))]",
"[concat(parameters('_artifactsLocation'), '/scripts/install.sh', parameters('_artifactsLocationSasToken'))]",
"[concat(parameters('_artifactsLocation'), '/scripts/desktop.sh', parameters('_artifactsLocationSasToken'))]",
"[concat(parameters('_artifactsLocation'), '/scripts/azureProviderAndCreds.tf', parameters('_artifactsLocationSasToken'))]"
]
},
"protectedSettings": {
"commandToExecute": "[concat('bash infra.sh && bash install.sh ', variables('installParm1'), variables('installParm2'), variables('installParm3'), variables('installParm4'), ' -k ', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('stateStorageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value, ' -l ', reference(concat(resourceId('Microsoft.Compute/virtualMachines/', variables('vmName')),'/providers/Microsoft.ManagedIdentity/Identities/default'),'2015-08-31-PREVIEW').principalId)]"
}
}
}
],
"outputs": {
"fqdn": {
"value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName')),'2017-10-01').dnsSettings.fqdn]",
"type": "string"
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"artifactsLocation": {
"metadata": {
"artifactsBaseUrl": "",
"description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated."
},
"defaultValue": "https://raw.githubusercontent.com/Azure/terraform/vm-linux-terraform",
"type": "string"
},
"artifactsLocationSasToken": {
"metadata": {
"description": "The sasToken required to access artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated."
},
"defaultValue": "",
"type": "securestring"
},
"adminPassword": {
"metadata": {
"description": "Password for the Virtual Machine. Will be used only if authenticationType is 'password'"
},
"defaultValue": "",
"type": "securestring"
},
"adminSSHPublicKey": {
"metadata": {
"description": "Public SSH key for the Virtual Machine. Will be used only if authenticationType is 'sshPublicKey'"
},
"defaultValue": "",
"type": "string"
},
"adminUserName": {
"metadata": {
"description": "User name for the Virtual Machine"
},
"type": "string"
},
"authenticationType": {
"metadata": {
"description": "Authentication type (can be 'password' or 'sshPublicKey')"
},
"type": "string"
},
"location": {
"metadata": {
"description": "Azure location where to deploy the resources"
},
"type": "string",
"defaultValue": "[resourceGroup().location]"
},
"storageAccountType": {
"defaultValue": "Standard_LRS",
"metadata": {
"description": "Storage Account Type"
},
"type": "string"
},
"principalId":{
"defaultValue": "",
"metadata": {
"description": "The Service Principal Id"
},
"type": "string"
},
"spSecret":{
"defaultValue": "",
"metadata": {
"description": "The Service Principal secret"
},
"type": "string"
},
"spType":{
"defaultValue": "msi",
"metadata": {
"description": "The type of service principal injected into Terraform (can be 'msi' or 'manual')."
},
"type": "string"
},
"vmName": {
"metadata": {
"description": "Virtual Machine Name (also used as a prefix for other resources)"
},
"type": "string",
"defaultValue": "terraform"
},
"vmSize": {
"metadata": {
"description": "Virtual Machine Size"
},
"type": "string",
"defaultValue": "Standard_DS1_v2"
}
},
"variables": {
"dnsLabelPrefix": "[concat('msi',uniquestring(resourceGroup().id))]",
"infraStorageAccountName": "[take(concat('storeinfra', uniquestring(resourceGroup().id), variables('dnsLabelPrefix')),24)]",
"stateStorageAccountName": "[take(concat('storestate', uniquestring(resourceGroup().id), variables('dnsLabelPrefix')),24)]",
"addressPrefix": "10.0.0.0/16",
"subnetName": "TerraformSubnet",
"subnetPrefix": "10.0.0.0/24",
"nicName": "[concat('nic',uniquestring(resourceGroup().id))]",
"virtualNetworkName": "[concat('vnet',uniquestring(resourceGroup().id))]",
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
"publicIPAddressName": "[concat('pip',uniquestring(resourceGroup().id))]",
"networkSecurityGroupName": "[concat('nsg',uniquestring(resourceGroup().id))]",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[concat('/home/', parameters('adminUserName'), '/.ssh/authorized_keys')]",
"keyData": "[parameters('adminSSHPublicKey')]"
}
]
}
},
"contributor" : "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
"installParm1": "[concat(' -u ', parameters('adminUserName'))]",
"installParm2": "[concat(' -s ', subscription().subscriptionId)]",
"installParm3": "[concat(' -a ', variables('stateStorageAccountName'))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('infraStorageAccountName')]",
"apiVersion": "2017-10-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
},
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('stateStorageAccountName')]",
"apiVersion": "2017-10-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
},
{
"apiVersion": "2017-11-01",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[resourceGroup().location]",
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "[variables('dnsLabelPrefix')]"
}
}
},
{
"apiVersion": "2017-11-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]"
}
}
]
}
},
{
"name": "[variables('networkSecurityGroupName')]",
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2017-11-01",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": [
{
"name": "default-allow-ssh",
"properties": {
"priority": 1000,
"sourceAddressPrefix": "*",
"protocol": "Tcp",
"destinationPortRange": "22",
"access": "Allow",
"direction": "Inbound",
"sourcePortRange": "*",
"destinationAddressPrefix": "*"
}
},
{
"name": "rdp-rule",
"properties": {
"description": "Allow RDP",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "Internet",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1001,
"direction": "Inbound"
}
}
]
}
},
{
"apiVersion": "2017-11-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
}
}
},
{
"apiVersion": "2017-12-01",
"type": "Microsoft.Compute/virtualMachines",
"name": "[parameters('vmName')]",
"location": "[resourceGroup().location]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[parameters('vmName')]",
"adminUsername": "[parameters('adminUserName')]",
"adminPassword": "[parameters('adminPassword')]",
"linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), json('null'), variables('linuxConfiguration'))]"
},
"storageProfile": {
"imageReference": {
"publisher": "Canonical",
"offer": "UbuntuServer",
"sku": "17.10",
"version": "latest"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('infraStorageAccountName')),'2016-12-01').primaryEndpoints.blob]"
}
}
}
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vmName'),'/MSILinuxExtension')]",
"apiVersion": "2017-12-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"properties": {
"publisher": "Microsoft.ManagedIdentity",
"type": "ManagedIdentityExtensionForLinux",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"port": 50342
},
"protectedSettings": {}
}
},
{
"apiVersion": "2017-09-01",
"name": "[guid(resourceGroup().id)]",
"type": "Microsoft.Authorization/roleAssignments",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines/extensions/', parameters('vmName'),'MSILinuxExtension')]"
],
"properties": {
"roleDefinitionId": "[variables('contributor')]",
"principalId": "[reference(concat(resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName')),'/providers/Microsoft.ManagedIdentity/Identities/default'),'2015-08-31-PREVIEW').principalId]",
"scope": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name)]"
}
},
{
"name": "[concat(parameters('vmName'),'/customscriptextension')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2017-03-30",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Authorization/roleAssignments', guid(resourceGroup().id))]"
],
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"typeHandlerVersion": "2.0",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": [
"[concat(parameters('artifactsLocation'), '/scripts/infra.sh', parameters('artifactsLocationSasToken'))]",
"[concat(parameters('artifactsLocation'), '/scripts/install.sh', parameters('artifactsLocationSasToken'))]",
"[concat(parameters('artifactsLocation'), '/scripts/desktop.sh', parameters('artifactsLocationSasToken'))]",
"[concat(parameters('artifactsLocation'), '/scripts/azureProviderAndCreds.tf', parameters('artifactsLocationSasToken'))]"
]
},
"protectedSettings": {
"commandToExecute": "[concat('bash infra.sh && bash install.sh ', variables('installParm1'), variables('installParm2'), variables('installParm3'), ' -k ', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('stateStorageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value, ' -l ', reference(concat(resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName')),'/providers/Microsoft.ManagedIdentity/Identities/default'),'2015-08-31-PREVIEW').principalId)]"
}
}
}
],
"outputs": {
"fqdn": {
"value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName')),'2017-10-01').dnsSettings.fqdn]",
"type": "string"
}
}
}