terraform-azure/solution_template/vm-linux-terraform/scripts/install.sh

#!/bin/bash

# Script Name: install.sh
# Author: Greg Oliver - Microsoft github:(sebastus)
# Version: 0.1
# Last Modified By: Jeffrey Cline
# Description:
#  This script configures authentication for Terraform and remote state for Terraform.
# Parameters :
#  1 - s: Azure subscription ID
#  2 - t: Azure tenant ID
#  3 - a: Storage account name
#  4 - k: Storage account key (password)
#  5 - l: MSI client id (principal id)
#  6 - u: User account name
#  7 - d: Ubuntu Desktop GUI for developement 
#  8 - h: help
# Note : 
# This script has only been tested on Ubuntu 12.04 LTS & 14.04 LTS and must be root

set -e

logger -t devvm "Install started: $?"

help()
{
    echo "This script sets up a node, and configures pre-installed Splunk Enterprise"
    echo "Usage: "
    echo "Parameters:"
    echo "- s: Azure subscription ID"
    echo "- t: Azure tenant ID"
    echo "- a: Storage account name"
    echo "- k: Storage account key (password)"
    echo "- l: MSI client id (principal id)"
    echo "- u: User account name"
    echo "- d: Ubuntu Desktop GUI"
    echo "- h: help"
}

# Log method to control log output
log()
{
    echo "`date`: $1"
}

# You must be root to run this script
if [ "${UID}" -ne 0 ];
then
    log "Script executed without root permissions"
    echo "You must be root to run this program." >&2
    exit 3
fi

# Arguments
while getopts :s:t:a:k:l:u:d: optname; do
  if [[ $optname != 'e' && $optname != 'k' ]]; then
    log "Option $optname set with value ${OPTARG}"
  fi
  case $optname in
    s) #azure subscription id
      SUBSCRIPTION_ID=${OPTARG}
      ;;
    t) #azure tenant id 
      TENANT_ID=${OPTARG}
      ;;
    a) #storage account name
      STORAGE_ACCOUNT_NAME=${OPTARG}
      ;;
    k) #storage account key
      STORAGE_ACCOUNT_KEY=${OPTARG}
      ;;
    l) #PrincipalId of the MSI identity
      MSI_PRINCIPAL_ID=${OPTARG}
      ;;
    u) #user account name
      USERNAME=${OPTARG}
      ;;
    d) #Desktop installation
      DESKTOPINSTALL=${OPTARG}
      ;;
    h) #Show help
      help
      exit 2
      ;;
    \?) #Unrecognized option - show help
      echo -e \\n"Option -${BOLD}$OPTARG${NORM} not allowed."
      help
      exit 2
      ;;
  esac
done

TEMPLATEFOLDER="/home/$USERNAME/tfTemplate"
REMOTESTATEFILE="$TEMPLATEFOLDER/remoteState.tf"
TFENVFILE="/home/$USERNAME/tfEnv.sh"
CREDSFILE="$TEMPLATEFOLDER/azureProviderAndCreds.tf"
PROFILEFILE="/home/$USERNAME/.profile"

mkdir $TEMPLATEFOLDER

cp ./azureProviderAndCreds.tf $TEMPLATEFOLDER
chmod 666 $CREDSFILE

touch $REMOTESTATEFILE
echo "terraform {"                                          >> $REMOTESTATEFILE
echo " backend \"azurerm\" {"                               >> $REMOTESTATEFILE
echo "  storage_account_name = \"$STORAGE_ACCOUNT_NAME\""   >> $REMOTESTATEFILE
echo "  container_name       = \"terraform-state\""         >> $REMOTESTATEFILE
echo "  key                  = \"prod.terraform.tfstate\""  >> $REMOTESTATEFILE
echo "  access_key           = \"$STORAGE_ACCOUNT_KEY\""    >> $REMOTESTATEFILE
echo "  }"                                                  >> $REMOTESTATEFILE
echo "}"                                                    >> $REMOTESTATEFILE
chmod 666 $REMOTESTATEFILE

chown -R $USERNAME:$USERNAME /home/$USERNAME/tfTemplate

# Set these variables in the profile
echo "export ARM_SUBSCRIPTION_ID=\"$SUBSCRIPTION_ID\""                                     >> $PROFILEFILE
echo "export ARM_CLIENT_ID=\"$MSI_PRINCIPAL_ID\""                                          >> $PROFILEFILE
echo "export ARM_USE_MSI=true"                                                             >> $PROFILEFILE
echo "export ARM_MSI_ENDPOINT=\"http://169.254.169.254/metadata/identity/oauth2/token\""   >> $PROFILEFILE
echo "export ARM_TENANT_ID=\"$TENANT_ID\""                                                 >> $PROFILEFILE

# Add contributor permissions to the MSI for entire subscription
touch $TFENVFILE
echo "az login"                                             >> $TFENVFILE
echo "az role assignment create  --assignee \"$MSI_PRINCIPAL_ID\" --role 'b24988ac-6180-42a0-ab88-20f7382dd24c'  --scope /subscriptions/\"$SUBSCRIPTION_ID\""  >> $TFENVFILE
chmod 755 $TFENVFILE
chown $USERNAME:$USERNAME $TFENVFILE

# create the container for remote state
logger -t devvm "Creating the container for remote state"
az login --identity
az storage container create -n terraform-state --account-name $STORAGE_ACCOUNT_NAME --account-key $STORAGE_ACCOUNT_KEY
logger -t devvm "Container for remote state created: $?"