181 lines
5.6 KiB
HCL
181 lines
5.6 KiB
HCL
terraform {
|
|
required_providers {
|
|
azurerm = {
|
|
source = "hashicorp/azurerm"
|
|
version = "3.56.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
provider "azurerm" {
|
|
features {}
|
|
}
|
|
|
|
# Define variables
|
|
|
|
variable "region" {
|
|
type = string
|
|
default = "eastus"
|
|
}
|
|
|
|
variable "subscriptionID" {
|
|
type = string
|
|
default = "6a5f35e9-6951-499d-a36b-83c6c6eed44a"
|
|
}
|
|
variable "resourceGroup" {
|
|
type = string
|
|
default = "rg-learn-eastus-001"
|
|
}
|
|
|
|
variable "networkManager" {
|
|
type = string
|
|
default = "nm-learn-eastus-001"
|
|
}
|
|
|
|
variable "networkGroup" {
|
|
type = string
|
|
default = "ng-learn-eastus-001"
|
|
}
|
|
|
|
variable "configurationName" {
|
|
type = string
|
|
default = "connectivityconfig"
|
|
}
|
|
|
|
variable "connectivityTopology" {
|
|
type = string
|
|
default = "Mesh"
|
|
}
|
|
|
|
variable "targetRegion" {
|
|
type = string
|
|
default = "eastus"
|
|
}
|
|
|
|
variable "commitType"{
|
|
type = string
|
|
default = "connectivity"
|
|
}
|
|
|
|
# Create the Resource Group
|
|
|
|
resource "azurerm_resource_group" "rg" {
|
|
name = var.resourceGroup
|
|
location = var.region
|
|
}
|
|
|
|
# Create a Virtual Network Manager instance
|
|
|
|
data "azurerm_subscription" "current" {
|
|
}
|
|
|
|
resource "azurerm_network_manager" "networkManager" {
|
|
name = var.networkManager
|
|
location = var.region
|
|
resource_group_name = var.resourceGroup
|
|
scope {
|
|
subscription_ids = [data.azurerm_subscription.current.id]
|
|
}
|
|
scope_accesses = ["Connectivity", "SecurityAdmin"]
|
|
description = "example network manager"
|
|
tags = {
|
|
foo = "bar"
|
|
}
|
|
}
|
|
|
|
# Create three virtual networks
|
|
resource "azurerm_virtual_network" "vnet_001" {
|
|
name = "vnet-learn-prod-eastus-001"
|
|
resource_group_name = var.resourceGroup
|
|
location = var.region
|
|
address_space = ["10.0.0.0/16"]
|
|
depends_on = [azurerm_resource_group.rg]
|
|
}
|
|
|
|
resource "azurerm_virtual_network" "vnet_002" {
|
|
name = "vnet-learn-prod-eastus-002"
|
|
resource_group_name = var.resourceGroup
|
|
location = var.region
|
|
address_space = ["10.1.0.0/16"]
|
|
depends_on = [azurerm_resource_group.rg]
|
|
}
|
|
|
|
resource "azurerm_virtual_network" "vnet_003" {
|
|
name = "vnet-learn-test-eastus-003"
|
|
resource_group_name = var.resourceGroup
|
|
location = var.region
|
|
address_space = ["10.2.0.0/16"]
|
|
depends_on = [azurerm_resource_group.rg]
|
|
}
|
|
|
|
# Add a subnet to each virtual network
|
|
|
|
resource "azurerm_subnet" "subnet_vnet_001" {
|
|
name = "default"
|
|
virtual_network_name = azurerm_virtual_network.vnet_001.name
|
|
resource_group_name = var.resourceGroup
|
|
address_prefixes = ["10.0.0.0/24"]
|
|
depends_on = [azurerm_virtual_network.vnet_001]
|
|
}
|
|
|
|
resource "azurerm_subnet" "subnet_vnet_002" {
|
|
name = "default"
|
|
virtual_network_name = azurerm_virtual_network.vnet_002.name
|
|
resource_group_name = var.resourceGroup
|
|
address_prefixes = ["10.1.0.0/24"]
|
|
depends_on = [azurerm_virtual_network.vnet_002]
|
|
}
|
|
|
|
resource "azurerm_subnet" "subnet_vnet_003" {
|
|
name = "default"
|
|
virtual_network_name = azurerm_virtual_network.vnet_003.name
|
|
resource_group_name = var.resourceGroup
|
|
address_prefixes = ["10.2.0.0/24"]
|
|
depends_on = [azurerm_virtual_network.vnet_003]
|
|
}
|
|
|
|
# Create a network group
|
|
|
|
resource "null_resource" "ng_create" {
|
|
provisioner "local-exec" {
|
|
command = "az network manager group create --name ${var.networkGroup} --network-manager-name ${var.networkManager} --resource-group ${var.resourceGroup}"
|
|
}
|
|
depends_on = [azurerm_network_manager.networkManager]
|
|
}
|
|
|
|
# Define membership for a mesh configuration
|
|
|
|
resource "null_resource" "static_members"{
|
|
provisioner "local-exec"{
|
|
command="az network manager group static-member create --name vnet-02 --network-group ${var.networkGroup} --network-manager-name ${var.networkManager} --resource-group ${var.resourceGroup} --resource-id /subscriptions/${var.subscriptionID}/resourceGroups/${var.resourceGroup}/providers/Microsoft.Network/virtualnetworks/vnet-learn-prod-eastus-002"
|
|
}
|
|
depends_on=[null_resource.ng_create]
|
|
}
|
|
|
|
resource "null_resource" "static_members01"{
|
|
provisioner "local-exec"{
|
|
command="az network manager group static-member create --name vnet-01 --network-group ${var.networkGroup} --network-manager-name ${var.networkManager} --resource-group ${var.resourceGroup} --resource-id /subscriptions/${var.subscriptionID}/resourceGroups/${var.resourceGroup}/providers/Microsoft.Network/virtualnetworks/vnet-learn-prod-eastus-001"
|
|
}
|
|
depends_on=[null_resource.ng_create]
|
|
}
|
|
|
|
# Create a connectivity configuration
|
|
resource "null_resource" "connectivityConfig"{
|
|
provisioner "local-exec"{
|
|
command="az network manager connect-config create --configuration-name ${var.configurationName} --applies-to-groups network-group-id=/subscriptions/${var.subscriptionID}/resourceGroups/${var.resourceGroup}/providers/Microsoft.Network/networkManagers/myAVNM/networkGroups/${var.networkGroup} --connectivity-topology ${var.connectivityTopology} --network-manager-name ${var.networkManager} --resource-group ${var.resourceGroup}"
|
|
}
|
|
depends_on=[null_resource.ng_create]
|
|
}
|
|
|
|
# Commit deployment
|
|
resource "null_resource" "commitDeployment"{
|
|
provisioner "local-exec"{
|
|
command="az network manager post-commit --network-manager-name ${var.networkManager} --commit-type ${var.commitType} --configuration-ids /subscriptions/${var.subscriptionID}/resourceGroups/${var.resourceGroup}/providers/Microsoft.Network/networkManagers/${var.networkManager}/connectivityConfigurations/${var.configurationName} --target-locations ${var.targetRegion} --resource-group ${var.resourceGroup}"
|
|
}
|
|
depends_on=[null_resource.ng_create]
|
|
}
|
|
|
|
|
|
|
|
|