diff --git a/quickstart/201-vmss-jumpbox/main.tf b/quickstart/201-vmss-jumpbox/main.tf index 15ebf449..d4196ab7 100644 --- a/quickstart/201-vmss-jumpbox/main.tf +++ b/quickstart/201-vmss-jumpbox/main.tf @@ -1,205 +1,209 @@ terraform { required_version = ">=0.12" - + required_providers { azurerm = { - source = "hashicorp/azurerm" + source = "hashicorp/azurerm" version = "~>2.0" } } } provider "azurerm" { - features {} + features { + resource_group { + prevent_deletion_if_contains_resources = false + } + } } resource "azurerm_resource_group" "vmss" { - name = var.resource_group_name - location = var.location - tags = var.tags + name = var.resource_group_name + location = var.location + tags = var.tags } resource "random_string" "fqdn" { - length = 6 - special = false - upper = false - number = false + length = 6 + special = false + upper = false + number = false } resource "azurerm_virtual_network" "vmss" { - name = "vmss-vnet" - address_space = ["10.0.0.0/16"] - location = var.location - resource_group_name = azurerm_resource_group.vmss.name - tags = var.tags + name = "vmss-vnet" + address_space = ["10.0.0.0/16"] + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + tags = var.tags } resource "azurerm_subnet" "vmss" { - name = "vmss-subnet" - resource_group_name = azurerm_resource_group.vmss.name - virtual_network_name = azurerm_virtual_network.vmss.name - address_prefixes = ["10.0.2.0/24"] + name = "vmss-subnet" + resource_group_name = azurerm_resource_group.vmss.name + virtual_network_name = azurerm_virtual_network.vmss.name + address_prefixes = ["10.0.2.0/24"] } resource "azurerm_public_ip" "vmss" { - name = "vmss-public-ip" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name - allocation_method = "Static" - domain_name_label = random_string.fqdn.result - tags = var.tags + name = "vmss-public-ip" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + allocation_method = "Static" + domain_name_label = random_string.fqdn.result + tags = var.tags } resource "azurerm_lb" "vmss" { - name = "vmss-lb" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name + name = "vmss-lb" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name - frontend_ip_configuration { - name = "PublicIPAddress" - public_ip_address_id = azurerm_public_ip.vmss.id - } + frontend_ip_configuration { + name = "PublicIPAddress" + public_ip_address_id = azurerm_public_ip.vmss.id + } - tags = var.tags + tags = var.tags } resource "azurerm_lb_backend_address_pool" "bpepool" { - loadbalancer_id = azurerm_lb.vmss.id - name = "BackEndAddressPool" + loadbalancer_id = azurerm_lb.vmss.id + name = "BackEndAddressPool" } resource "azurerm_lb_probe" "vmss" { - resource_group_name = azurerm_resource_group.vmss.name - loadbalancer_id = azurerm_lb.vmss.id - name = "ssh-running-probe" - port = var.application_port + resource_group_name = azurerm_resource_group.vmss.name + loadbalancer_id = azurerm_lb.vmss.id + name = "ssh-running-probe" + port = var.application_port } resource "azurerm_lb_rule" "lbnatrule" { - resource_group_name = azurerm_resource_group.vmss.name - loadbalancer_id = azurerm_lb.vmss.id - name = "http" - protocol = "Tcp" - frontend_port = var.application_port - backend_port = var.application_port - backend_address_pool_id = azurerm_lb_backend_address_pool.bpepool.id - frontend_ip_configuration_name = "PublicIPAddress" - probe_id = azurerm_lb_probe.vmss.id + resource_group_name = azurerm_resource_group.vmss.name + loadbalancer_id = azurerm_lb.vmss.id + name = "http" + protocol = "Tcp" + frontend_port = var.application_port + backend_port = var.application_port + backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id] + frontend_ip_configuration_name = "PublicIPAddress" + probe_id = azurerm_lb_probe.vmss.id } resource "azurerm_virtual_machine_scale_set" "vmss" { - name = "vmscaleset" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name - upgrade_policy_mode = "Manual" + name = "vmscaleset" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + upgrade_policy_mode = "Manual" - sku { - name = "Standard_DS1_v2" - tier = "Standard" - capacity = 2 - } + sku { + name = "Standard_DS1_v2" + tier = "Standard" + capacity = 2 + } - storage_profile_image_reference { - publisher = "Canonical" - offer = "UbuntuServer" - sku = "16.04-LTS" - version = "latest" - } + storage_profile_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } - storage_profile_os_disk { - name = "" - caching = "ReadWrite" - create_option = "FromImage" - managed_disk_type = "Standard_LRS" - } + storage_profile_os_disk { + name = "" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } - storage_profile_data_disk { - lun = 0 - caching = "ReadWrite" - create_option = "Empty" - disk_size_gb = 10 - } + storage_profile_data_disk { + lun = 0 + caching = "ReadWrite" + create_option = "Empty" + disk_size_gb = 10 + } - os_profile { - computer_name_prefix = "vmlab" - admin_username = var.admin_user - admin_password = var.admin_password - custom_data = file("web.conf") - } + os_profile { + computer_name_prefix = "vmlab" + admin_username = var.admin_user + admin_password = var.admin_password + custom_data = file("web.conf") + } - os_profile_linux_config { - disable_password_authentication = false - } + os_profile_linux_config { + disable_password_authentication = false + } - network_profile { - name = "terraformnetworkprofile" - primary = true + network_profile { + name = "terraformnetworkprofile" + primary = true - ip_configuration { - name = "IPConfiguration" - subnet_id = azurerm_subnet.vmss.id - load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id] - primary = true - } - } + ip_configuration { + name = "IPConfiguration" + subnet_id = azurerm_subnet.vmss.id + load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id] + primary = true + } + } - tags = var.tags + tags = var.tags } resource "azurerm_public_ip" "jumpbox" { - name = "jumpbox-public-ip" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name - allocation_method = "Static" - domain_name_label = "${random_string.fqdn.result}-ssh" - tags = var.tags + name = "jumpbox-public-ip" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + allocation_method = "Static" + domain_name_label = "${random_string.fqdn.result}-ssh" + tags = var.tags } resource "azurerm_network_interface" "jumpbox" { - name = "jumpbox-nic" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name + name = "jumpbox-nic" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name - ip_configuration { - name = "IPConfiguration" - subnet_id = azurerm_subnet.vmss.id - private_ip_address_allocation = "dynamic" - public_ip_address_id = azurerm_public_ip.jumpbox.id - } + ip_configuration { + name = "IPConfiguration" + subnet_id = azurerm_subnet.vmss.id + private_ip_address_allocation = "Dynamic" + public_ip_address_id = azurerm_public_ip.jumpbox.id + } - tags = var.tags + tags = var.tags } resource "azurerm_virtual_machine" "jumpbox" { - name = "jumpbox" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name - network_interface_ids = [azurerm_network_interface.jumpbox.id] - vm_size = "Standard_DS1_v2" + name = "jumpbox" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + network_interface_ids = [azurerm_network_interface.jumpbox.id] + vm_size = "Standard_DS1_v2" - storage_image_reference { - publisher = "Canonical" - offer = "UbuntuServer" - sku = "16.04-LTS" - version = "latest" - } + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } - storage_os_disk { - name = "jumpbox-osdisk" - caching = "ReadWrite" - create_option = "FromImage" - managed_disk_type = "Standard_LRS" - } + storage_os_disk { + name = "jumpbox-osdisk" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } - os_profile { - computer_name = "jumpbox" - admin_username = var.admin_user - admin_password = var.admin_password - } + os_profile { + computer_name = "jumpbox" + admin_username = var.admin_user + admin_password = var.admin_password + } - os_profile_linux_config { - disable_password_authentication = false - } + os_profile_linux_config { + disable_password_authentication = false + } - tags = var.tags -} \ No newline at end of file + tags = var.tags +} diff --git a/quickstart/201-vmss-jumpbox/readme.md b/quickstart/201-vmss-jumpbox/readme.md index df9086d3..48b29072 100644 --- a/quickstart/201-vmss-jumpbox/readme.md +++ b/quickstart/201-vmss-jumpbox/readme.md @@ -27,7 +27,7 @@ This template deploys an Azure virtual machine scale set with a jumpbox. | `tags` | Map of the tags to use for the resources that are deployed | | `application_port` | Port that you want to expose to the external load balancer | | `admin_user` | User name to use as the admin account on the VMs that will be part of the VM scale set | -| `admin_password` | Default password for admin account (NOTE: For security reasons, this value is not set in the plaintext variables.tf file.) | +| `admin_password` | Default password for admin account | ## Example diff --git a/quickstart/201-vmss-jumpbox/variables.tf b/quickstart/201-vmss-jumpbox/variables.tf index 574d720c..54b08854 100644 --- a/quickstart/201-vmss-jumpbox/variables.tf +++ b/quickstart/201-vmss-jumpbox/variables.tf @@ -1,31 +1,33 @@ variable "resource_group_name" { - description = "Name of the resource group in which the resources will be created" - default = "myResourceGroup" + description = "Name of the resource group in which the resources will be created" + default = "myResourceGroup" } variable "location" { - default = "eastus" - description = "Location where resources will be created" + default = "eastus" + description = "Location where resources will be created" } variable "tags" { - description = "Map of the tags to use for the resources that are deployed" - type = map(string) - default = { - environment = "codelab" - } + description = "Map of the tags to use for the resources that are deployed" + type = map(string) + default = { + environment = "codelab" + } } variable "application_port" { - description = "Port that you want to expose to the external load balancer" - default = 80 + description = "Port that you want to expose to the external load balancer" + default = 80 } variable "admin_user" { - description = "User name to use as the admin account on the VMs that will be part of the VM scale set" - default = "azureuser" + description = "User name to use as the admin account on the VMs that will be part of the VM scale set" + default = "azureuser" } variable "admin_password" { - description = "Default password for admin account" -} \ No newline at end of file + description = "Default password for admin account" + default = "ChangeMe123!" + sensitive = true +}