{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "artifactsLocation": { "metadata": { "artifactsBaseUrl": "", "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated." }, "defaultValue": "https://raw.githubusercontent.com/Azure/terraform/master/solution_template/vm-linux-terraform", "type": "string" }, "artifactsLocationSasToken": { "metadata": { "description": "The sasToken required to access artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated." }, "defaultValue": "", "type": "securestring" }, "adminPassword": { "metadata": { "description": "Password for the Virtual Machine. Will be used only if authenticationType is 'password'" }, "defaultValue": "", "type": "securestring" }, "adminSSHPublicKey": { "metadata": { "description": "Public SSH key for the Virtual Machine. Will be used only if authenticationType is 'sshPublicKey'" }, "defaultValue": "", "type": "string" }, "adminUserName": { "metadata": { "description": "User name for the Virtual Machine" }, "type": "string" }, "authenticationType": { "metadata": { "description": "Authentication type (can be 'password' or 'sshPublicKey')" }, "type": "string" }, "location": { "metadata": { "description": "Azure location where to deploy the resources" }, "type": "string", "defaultValue": "[resourceGroup().location]" }, "vmName": { "metadata": { "description": "Virtual Machine Name (also used as a prefix for other resources)" }, "type": "string", "defaultValue": "terraform" }, "vmSize": { "metadata": { "description": "Virtual Machine Size" }, "type": "string", "defaultValue": "Standard_DS1_v2" }, "storageAccountType": { "defaultValue": "Standard_LRS", "metadata": { "description": "Storage Account Type" }, "type": "string" } }, "variables": { "dnsLabelPrefix": "[concat('msi',uniquestring(resourceGroup().id))]", "infraStorageAccountName": "[take(concat('storeinfra', uniquestring(resourceGroup().id), variables('dnsLabelPrefix')),24)]", "stateStorageAccountName": "[take(concat('storestate', uniquestring(resourceGroup().id), variables('dnsLabelPrefix')),24)]", "addressPrefix": "10.0.0.0/16", "subnetName": "TerraformSubnet", "subnetPrefix": "10.0.0.0/24", "nicName": "[concat('nic',uniquestring(resourceGroup().id))]", "virtualNetworkName": "[concat('vnet',uniquestring(resourceGroup().id))]", "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]", "publicIPAddressName": "[concat('pip',uniquestring(resourceGroup().id))]", "networkSecurityGroupName": "[concat('nsg',uniquestring(resourceGroup().id))]", "linuxConfiguration": { "disablePasswordAuthentication": true, "ssh": { "publicKeys": [ { "path": "[concat('/home/', parameters('adminUserName'), '/.ssh/authorized_keys')]", "keyData": "[parameters('adminSSHPublicKey')]" } ] } }, "contributor" : "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", "installParm1": "[concat(' -u ', parameters('adminUserName'))]", "installParm2": "[concat(' -s ', subscription().subscriptionId)]", "installParm3": "[concat(' -a ', variables('stateStorageAccountName'))]", "installParm4": "[concat(' -t ', subscription().tenantId)]", "resourceGuid": "[guid(resourceGroup().id, deployment().name)]" }, "resources": [ { "type": "Microsoft.Storage/storageAccounts", "name": "[variables('infraStorageAccountName')]", "apiVersion": "2017-10-01", "location": "[parameters('location')]", "sku": { "name": "Standard_LRS" }, "kind": "Storage", "properties": {} }, { "type": "Microsoft.Storage/storageAccounts", "name": "[variables('stateStorageAccountName')]", "apiVersion": "2017-10-01", "location": "[parameters('location')]", "sku": { "name": "Standard_LRS" }, "kind": "Storage", "properties": {} }, { "apiVersion": "2017-11-01", "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('publicIPAddressName')]", "location": "[parameters('location')]", "properties": { "publicIPAllocationMethod": "Dynamic", "dnsSettings": { "domainNameLabel": "[variables('dnsLabelPrefix')]" } } }, { "apiVersion": "2017-11-01", "type": "Microsoft.Network/virtualNetworks", "name": "[variables('virtualNetworkName')]", "location": "[parameters('location')]", "properties": { "addressSpace": { "addressPrefixes": [ "[variables('addressPrefix')]" ] }, "subnets": [ { "name": "[variables('subnetName')]", "properties": { "addressPrefix": "[variables('subnetPrefix')]" } } ] } }, { "name": "[variables('networkSecurityGroupName')]", "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2017-11-01", "location": "[parameters('location')]", "properties": { "securityRules": [ { "name": "default-allow-ssh", "properties": { "priority": 1000, "sourceAddressPrefix": "*", "protocol": "Tcp", "destinationPortRange": "22", "access": "Allow", "direction": "Inbound", "sourcePortRange": "*", "destinationAddressPrefix": "*" } }, { "name": "rdp-rule", "properties": { "description": "Allow RDP", "protocol": "Tcp", "sourcePortRange": "*", "destinationPortRange": "3389", "sourceAddressPrefix": "Internet", "destinationAddressPrefix": "*", "access": "Allow", "priority": 1001, "direction": "Inbound" } } ] } }, { "apiVersion": "2017-11-01", "type": "Microsoft.Network/networkInterfaces", "name": "[variables('nicName')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]", "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "publicIPAddress": { "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" }, "subnet": { "id": "[variables('subnetRef')]" } } } ], "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" } } }, { "apiVersion": "2017-12-01", "type": "Microsoft.Compute/virtualMachines", "name": "[parameters('vmName')]", "location": "[parameters('location')]", "identity": { "type": "SystemAssigned" }, "properties": { "hardwareProfile": { "vmSize": "[parameters('vmSize')]" }, "osProfile": { "computerName": "[parameters('vmName')]", "adminUsername": "[parameters('adminUserName')]", "adminPassword": "[parameters('adminPassword')]", "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), json('null'), variables('linuxConfiguration'))]" }, "storageProfile": { "imageReference": { "publisher": "Canonical", "offer": "UbuntuServer", "sku": "16.04-LTS", "version": "latest" }, "osDisk": { "createOption": "FromImage", "managedDisk": { "storageAccountType": "[parameters('storageAccountType')]" } } }, "networkProfile": { "networkInterfaces": [ { "id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]" } ] }, "diagnosticsProfile": { "bootDiagnostics": { "enabled": true, "storageUri": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('infraStorageAccountName')),'2016-12-01').primaryEndpoints.blob]" } } } }, { "type": "Microsoft.Compute/virtualMachines/extensions", "name": "[concat(parameters('vmName'),'/MSILinuxExtension')]", "apiVersion": "2017-12-01", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]" ], "properties": { "publisher": "Microsoft.ManagedIdentity", "type": "ManagedIdentityExtensionForLinux", "typeHandlerVersion": "1.0", "autoUpgradeMinorVersion": true, "settings": { "port": 50342 }, "protectedSettings": {} } }, { "apiVersion": "2017-09-01", "name": "[variables('resourceGuid')]", "type": "Microsoft.Authorization/roleAssignments", "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines/extensions/', parameters('vmName'),'MSILinuxExtension')]" ], "properties": { "roleDefinitionId": "[variables('contributor')]", "principalId": "[reference(concat(resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName')),'/providers/Microsoft.ManagedIdentity/Identities/default'),'2015-08-31-PREVIEW').principalId]", "scope": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name)]" } }, { "name": "[concat(parameters('vmName'),'/customscriptextension')]", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2017-03-30", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.Authorization/roleAssignments', variables('resourceGuid'))]" ], "properties": { "publisher": "Microsoft.Azure.Extensions", "type": "CustomScript", "typeHandlerVersion": "2.0", "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ "[concat(parameters('artifactsLocation'), '/scripts/infra.sh', parameters('artifactsLocationSasToken'))]", "[concat(parameters('artifactsLocation'), '/scripts/install.sh', parameters('artifactsLocationSasToken'))]", "[concat(parameters('artifactsLocation'), '/scripts/azureProviderAndCreds.tf', parameters('artifactsLocationSasToken'))]" ] }, "protectedSettings": { "commandToExecute": "[concat('bash infra.sh && bash install.sh ', variables('installParm1'), variables('installParm2'), variables('installParm3'), variables('installParm4'), ' -k ', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('stateStorageAccountName')), '2017-10-01').keys[0].value, ' -l ', reference(concat(resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName')),'/providers/Microsoft.ManagedIdentity/Identities/default'),'2015-08-31-PREVIEW').principalId)]" } } } ], "outputs": { "fqdn": { "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName')),'2017-10-01').dnsSettings.fqdn]", "type": "string" } } }