339 lines
12 KiB
JSON
339 lines
12 KiB
JSON
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"parameters": {
|
|
"artifactsLocation": {
|
|
"metadata": {
|
|
"artifactsBaseUrl": "",
|
|
"description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated."
|
|
},
|
|
"defaultValue": "https://raw.githubusercontent.com/Azure/terraform/master/solution_template/vm-linux-terraform",
|
|
"type": "string"
|
|
},
|
|
"artifactsLocationSasToken": {
|
|
"metadata": {
|
|
"description": "The sasToken required to access artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated."
|
|
},
|
|
"defaultValue": "",
|
|
"type": "securestring"
|
|
},
|
|
"adminPassword": {
|
|
"metadata": {
|
|
"description": "Password for the Virtual Machine. Will be used only if authenticationType is 'password'"
|
|
},
|
|
"defaultValue": "",
|
|
"type": "securestring"
|
|
},
|
|
"adminSSHPublicKey": {
|
|
"metadata": {
|
|
"description": "Public SSH key for the Virtual Machine. Will be used only if authenticationType is 'sshPublicKey'"
|
|
},
|
|
"defaultValue": "",
|
|
"type": "string"
|
|
},
|
|
"adminUserName": {
|
|
"metadata": {
|
|
"description": "User name for the Virtual Machine"
|
|
},
|
|
"type": "string"
|
|
},
|
|
"authenticationType": {
|
|
"metadata": {
|
|
"description": "Authentication type (can be 'password' or 'sshPublicKey')"
|
|
},
|
|
"type": "string"
|
|
},
|
|
"location": {
|
|
"metadata": {
|
|
"description": "Azure location where to deploy the resources"
|
|
},
|
|
"type": "string",
|
|
"defaultValue": "[resourceGroup().location]"
|
|
},
|
|
"vmName": {
|
|
"metadata": {
|
|
"description": "Virtual Machine Name (also used as a prefix for other resources)"
|
|
},
|
|
"type": "string",
|
|
"defaultValue": "terraform"
|
|
},
|
|
"vmSize": {
|
|
"metadata": {
|
|
"description": "Virtual Machine Size"
|
|
},
|
|
"type": "string",
|
|
"defaultValue": "Standard_DS1_v2"
|
|
},
|
|
"storageAccountType": {
|
|
"defaultValue": "Standard_LRS",
|
|
"metadata": {
|
|
"description": "Storage Account Type"
|
|
},
|
|
"type": "string"
|
|
}
|
|
},
|
|
"variables": {
|
|
"dnsLabelPrefix": "[concat('msi',uniquestring(resourceGroup().id))]",
|
|
"infraStorageAccountName": "[take(concat('storeinfra', uniquestring(resourceGroup().id), variables('dnsLabelPrefix')),24)]",
|
|
"stateStorageAccountName": "[take(concat('storestate', uniquestring(resourceGroup().id), variables('dnsLabelPrefix')),24)]",
|
|
"addressPrefix": "10.0.0.0/16",
|
|
"subnetName": "TerraformSubnet",
|
|
"subnetPrefix": "10.0.0.0/24",
|
|
"nicName": "[concat('nic',uniquestring(resourceGroup().id))]",
|
|
"virtualNetworkName": "[concat('vnet',uniquestring(resourceGroup().id))]",
|
|
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
|
|
"publicIPAddressName": "[concat('pip',uniquestring(resourceGroup().id))]",
|
|
"networkSecurityGroupName": "[concat('nsg',uniquestring(resourceGroup().id))]",
|
|
"linuxConfiguration": {
|
|
"disablePasswordAuthentication": true,
|
|
"ssh": {
|
|
"publicKeys": [
|
|
{
|
|
"path": "[concat('/home/', parameters('adminUserName'), '/.ssh/authorized_keys')]",
|
|
"keyData": "[parameters('adminSSHPublicKey')]"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"contributor" : "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
|
|
"installParm1": "[concat(' -u ', parameters('adminUserName'))]",
|
|
"installParm2": "[concat(' -s ', subscription().subscriptionId)]",
|
|
"installParm3": "[concat(' -a ', variables('stateStorageAccountName'))]",
|
|
"installParm4": "[concat(' -t ', subscription().tenantId)]",
|
|
"resourceGuid": "[guid(resourceGroup().id, deployment().name)]"
|
|
},
|
|
"resources": [
|
|
{
|
|
"type": "Microsoft.Storage/storageAccounts",
|
|
"name": "[variables('infraStorageAccountName')]",
|
|
"apiVersion": "2017-10-01",
|
|
"location": "[parameters('location')]",
|
|
"sku": {
|
|
"name": "Standard_LRS"
|
|
},
|
|
"kind": "Storage",
|
|
"properties": {}
|
|
},
|
|
{
|
|
"type": "Microsoft.Storage/storageAccounts",
|
|
"name": "[variables('stateStorageAccountName')]",
|
|
"apiVersion": "2017-10-01",
|
|
"location": "[parameters('location')]",
|
|
"sku": {
|
|
"name": "Standard_LRS"
|
|
},
|
|
"kind": "Storage",
|
|
"properties": {}
|
|
},
|
|
{
|
|
"apiVersion": "2017-11-01",
|
|
"type": "Microsoft.Network/publicIPAddresses",
|
|
"name": "[variables('publicIPAddressName')]",
|
|
"location": "[parameters('location')]",
|
|
"properties": {
|
|
"publicIPAllocationMethod": "Dynamic",
|
|
"dnsSettings": {
|
|
"domainNameLabel": "[variables('dnsLabelPrefix')]"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"apiVersion": "2017-11-01",
|
|
"type": "Microsoft.Network/virtualNetworks",
|
|
"name": "[variables('virtualNetworkName')]",
|
|
"location": "[parameters('location')]",
|
|
"properties": {
|
|
"addressSpace": {
|
|
"addressPrefixes": [
|
|
"[variables('addressPrefix')]"
|
|
]
|
|
},
|
|
"subnets": [
|
|
{
|
|
"name": "[variables('subnetName')]",
|
|
"properties": {
|
|
"addressPrefix": "[variables('subnetPrefix')]"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "[variables('networkSecurityGroupName')]",
|
|
"type": "Microsoft.Network/networkSecurityGroups",
|
|
"apiVersion": "2017-11-01",
|
|
"location": "[parameters('location')]",
|
|
"properties": {
|
|
"securityRules": [
|
|
{
|
|
"name": "default-allow-ssh",
|
|
"properties": {
|
|
"priority": 1000,
|
|
"sourceAddressPrefix": "*",
|
|
"protocol": "Tcp",
|
|
"destinationPortRange": "22",
|
|
"access": "Allow",
|
|
"direction": "Inbound",
|
|
"sourcePortRange": "*",
|
|
"destinationAddressPrefix": "*"
|
|
}
|
|
},
|
|
{
|
|
"name": "rdp-rule",
|
|
"properties": {
|
|
"description": "Allow RDP",
|
|
"protocol": "Tcp",
|
|
"sourcePortRange": "*",
|
|
"destinationPortRange": "3389",
|
|
"sourceAddressPrefix": "Internet",
|
|
"destinationAddressPrefix": "*",
|
|
"access": "Allow",
|
|
"priority": 1001,
|
|
"direction": "Inbound"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"apiVersion": "2017-11-01",
|
|
"type": "Microsoft.Network/networkInterfaces",
|
|
"name": "[variables('nicName')]",
|
|
"location": "[parameters('location')]",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
|
|
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
|
|
],
|
|
"properties": {
|
|
"ipConfigurations": [
|
|
{
|
|
"name": "ipconfig1",
|
|
"properties": {
|
|
"privateIPAllocationMethod": "Dynamic",
|
|
"publicIPAddress": {
|
|
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]"
|
|
},
|
|
"subnet": {
|
|
"id": "[variables('subnetRef')]"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"networkSecurityGroup": {
|
|
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"apiVersion": "2017-12-01",
|
|
"type": "Microsoft.Compute/virtualMachines",
|
|
"name": "[parameters('vmName')]",
|
|
"location": "[parameters('location')]",
|
|
"identity": {
|
|
"type": "SystemAssigned"
|
|
},
|
|
"properties": {
|
|
"hardwareProfile": {
|
|
"vmSize": "[parameters('vmSize')]"
|
|
},
|
|
"osProfile": {
|
|
"computerName": "[parameters('vmName')]",
|
|
"adminUsername": "[parameters('adminUserName')]",
|
|
"adminPassword": "[parameters('adminPassword')]",
|
|
"linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), json('null'), variables('linuxConfiguration'))]"
|
|
},
|
|
"storageProfile": {
|
|
"imageReference": {
|
|
"publisher": "Canonical",
|
|
"offer": "UbuntuServer",
|
|
"sku": "16.04-LTS",
|
|
"version": "latest"
|
|
},
|
|
"osDisk": {
|
|
"createOption": "FromImage",
|
|
"managedDisk": {
|
|
"storageAccountType": "[parameters('storageAccountType')]"
|
|
}
|
|
}
|
|
},
|
|
"networkProfile": {
|
|
"networkInterfaces": [
|
|
{
|
|
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
|
|
}
|
|
]
|
|
},
|
|
"diagnosticsProfile": {
|
|
"bootDiagnostics": {
|
|
"enabled": true,
|
|
"storageUri": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('infraStorageAccountName')),'2016-12-01').primaryEndpoints.blob]"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Compute/virtualMachines/extensions",
|
|
"name": "[concat(parameters('vmName'),'/MSILinuxExtension')]",
|
|
"apiVersion": "2017-12-01",
|
|
"location": "[parameters('location')]",
|
|
"dependsOn": [
|
|
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
|
|
],
|
|
"properties": {
|
|
"publisher": "Microsoft.ManagedIdentity",
|
|
"type": "ManagedIdentityExtensionForLinux",
|
|
"typeHandlerVersion": "1.0",
|
|
"autoUpgradeMinorVersion": true,
|
|
"settings": {
|
|
"port": 50342
|
|
},
|
|
"protectedSettings": {}
|
|
}
|
|
},
|
|
{
|
|
"apiVersion": "2017-09-01",
|
|
"name": "[variables('resourceGuid')]",
|
|
"type": "Microsoft.Authorization/roleAssignments",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Compute/virtualMachines/extensions/', parameters('vmName'),'MSILinuxExtension')]"
|
|
],
|
|
"properties": {
|
|
"roleDefinitionId": "[variables('contributor')]",
|
|
"principalId": "[reference(concat(resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName')),'/providers/Microsoft.ManagedIdentity/Identities/default'),'2015-08-31-PREVIEW').principalId]",
|
|
"scope": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name)]"
|
|
}
|
|
},
|
|
{
|
|
"name": "[concat(parameters('vmName'),'/customscriptextension')]",
|
|
"type": "Microsoft.Compute/virtualMachines/extensions",
|
|
"apiVersion": "2017-03-30",
|
|
"location": "[parameters('location')]",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Authorization/roleAssignments', variables('resourceGuid'))]"
|
|
],
|
|
"properties": {
|
|
"publisher": "Microsoft.Azure.Extensions",
|
|
"type": "CustomScript",
|
|
"typeHandlerVersion": "2.0",
|
|
"autoUpgradeMinorVersion": true,
|
|
"settings": {
|
|
"fileUris": [
|
|
"[concat(parameters('artifactsLocation'), '/scripts/infra.sh', parameters('artifactsLocationSasToken'))]",
|
|
"[concat(parameters('artifactsLocation'), '/scripts/install.sh', parameters('artifactsLocationSasToken'))]",
|
|
"[concat(parameters('artifactsLocation'), '/scripts/azureProviderAndCreds.tf', parameters('artifactsLocationSasToken'))]"
|
|
]
|
|
},
|
|
"protectedSettings": {
|
|
"commandToExecute": "[concat('bash infra.sh && bash install.sh ', variables('installParm1'), variables('installParm2'), variables('installParm3'), variables('installParm4'), ' -k ', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('stateStorageAccountName')), '2017-10-01').keys[0].value, ' -l ', reference(concat(resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName')),'/providers/Microsoft.ManagedIdentity/Identities/default'),'2015-08-31-PREVIEW').principalId)]"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"outputs": {
|
|
"fqdn": {
|
|
"value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName')),'2017-10-01').dnsSettings.fqdn]",
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|