open-nomad/terraform/azure/modules/hashistack/hashistack.tf

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

259 lines
8.2 KiB
Terraform
Raw Permalink Normal View History

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
2017-11-01 21:07:13 +00:00
variable "location" {}
variable "image_id" {}
variable "vm_size" {}
variable "server_count" {}
variable "client_count" {}
variable "retry_join" {}
2017-11-15 19:37:32 +00:00
resource "tls_private_key" "main" {
algorithm = "RSA"
2017-11-01 21:07:13 +00:00
}
2017-11-15 19:37:32 +00:00
resource "null_resource" "main" {
provisioner "local-exec" {
command = "echo \"${tls_private_key.main.private_key_pem}\" > azure-hashistack.pem"
}
provisioner "local-exec" {
command = "chmod 600 azure-hashistack.pem"
}
}
resource "azurerm_resource_group" "hashistack" {
name = "hashistack"
location = "${var.location}"
}
resource "azurerm_virtual_network" "hashistack-vn" {
name = "hashistack-vn"
2017-11-01 21:07:13 +00:00
address_space = ["10.0.0.0/16"]
2017-11-15 19:37:32 +00:00
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
2017-11-01 21:07:13 +00:00
}
2017-11-15 19:37:32 +00:00
resource "azurerm_subnet" "hashistack-sn" {
name = "hashistack-sn"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
virtual_network_name = "${azurerm_virtual_network.hashistack-vn.name}"
address_prefixes = ["10.0.2.0/24"]
2017-11-01 21:07:13 +00:00
}
2017-11-15 19:37:32 +00:00
resource "azurerm_network_security_group" "hashistack-sg" {
name = "hashistack-sg"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
}
2017-11-01 21:07:13 +00:00
2017-11-15 19:37:32 +00:00
resource "azurerm_network_security_rule" "hashistack-sgr-22" {
name = "hashistack-sgr-22"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
network_security_group_name = "${azurerm_network_security_group.hashistack-sg.name}"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_address_prefix = "*"
source_port_range = "*"
destination_port_range = "22"
destination_address_prefix = "*"
2017-11-01 21:07:13 +00:00
}
2017-11-15 19:37:32 +00:00
resource "azurerm_network_security_rule" "hashistack-sgr-4646" {
name = "hashistack-sgr-4646"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
network_security_group_name = "${azurerm_network_security_group.hashistack-sg.name}"
priority = 101
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_address_prefix = "*"
source_port_range = "*"
destination_port_range = "4646"
destination_address_prefix = "*"
2017-11-01 21:07:13 +00:00
}
2017-11-15 19:37:32 +00:00
resource "azurerm_network_security_rule" "hashistack-sgr-8500" {
name = "hashistack-sgr-8500"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
network_security_group_name = "${azurerm_network_security_group.hashistack-sg.name}"
priority = 102
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_address_prefix = "*"
source_port_range = "*"
destination_port_range = "8500"
destination_address_prefix = "*"
2017-11-01 21:07:13 +00:00
}
2017-11-15 19:37:32 +00:00
resource "azurerm_public_ip" "hashistack-server-public-ip" {
count = "${var.server_count}"
name = "hashistack-server-ip-${count.index}"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
allocation_method = "Static"
2017-11-15 19:37:32 +00:00
}
resource "azurerm_network_interface" "hashistack-server-ni" {
count = "${var.server_count}"
name = "hashistack-server-ni-${count.index}"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
network_security_group_id = "${azurerm_network_security_group.hashistack-sg.id}"
ip_configuration {
name = "hashistack-ipc"
subnet_id = "${azurerm_subnet.hashistack-sn.id}"
private_ip_address_allocation = "dynamic"
public_ip_address_id = "${element(azurerm_public_ip.hashistack-server-public-ip.*.id, count.index)}"
2017-11-01 21:07:13 +00:00
}
tags = {
2017-11-15 19:37:32 +00:00
ConsulAutoJoin = "auto-join"
2017-11-01 21:07:13 +00:00
}
}
resource "azurerm_virtual_machine" "server" {
name = "hashistack-server-${count.index}"
2017-11-15 19:37:32 +00:00
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
network_interface_ids = ["${element(azurerm_network_interface.hashistack-server-ni.*.id, count.index)}"]
2017-11-01 21:07:13 +00:00
vm_size = "${var.vm_size}"
count = "${var.server_count}"
# Uncomment this line to delete the OS disk automatically when deleting the VM
delete_os_disk_on_termination = true
# Uncomment this line to delete the data disks automatically when deleting the VM
delete_data_disks_on_termination = true
storage_image_reference {
id = "${var.image_id}"
}
storage_os_disk {
2017-11-15 19:37:32 +00:00
name = "hashistack-server-osdisk-${count.index}"
2017-11-01 21:07:13 +00:00
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "hashistack-server-${count.index}"
admin_username = "ubuntu"
admin_password = "none"
custom_data = "${base64encode(data.template_file.user_data_server.rendered)}"
}
os_profile_linux_config {
disable_password_authentication = true
ssh_keys {
path = "/home/ubuntu/.ssh/authorized_keys"
key_data = "${tls_private_key.main.public_key_openssh}"
}
}
}
data "template_file" "user_data_server" {
template = "${file("${path.root}/user-data-server.sh")}"
vars = {
2017-11-15 19:37:32 +00:00
server_count = "${var.server_count}"
retry_join = "${var.retry_join}"
}
}
resource "azurerm_public_ip" "hashistack-client-public-ip" {
count = "${var.client_count}"
name = "hashistack-client-ip-${count.index}"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
allocation_method = "Static"
2017-11-15 19:37:32 +00:00
}
resource "azurerm_network_interface" "hashistack-client-ni" {
count = "${var.client_count}"
name = "hashistack-client-ni-${count.index}"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
network_security_group_id = "${azurerm_network_security_group.hashistack-sg.id}"
ip_configuration {
name = "hashistack-ipc"
subnet_id = "${azurerm_subnet.hashistack-sn.id}"
private_ip_address_allocation = "dynamic"
public_ip_address_id = "${element(azurerm_public_ip.hashistack-client-public-ip.*.id, count.index)}"
2017-11-15 19:37:32 +00:00
}
tags = {
2017-11-15 19:37:32 +00:00
ConsulAutoJoin = "auto-join"
}
}
resource "azurerm_virtual_machine" "client" {
name = "hashistack-client-${count.index}"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.hashistack.name}"
network_interface_ids = ["${element(azurerm_network_interface.hashistack-client-ni.*.id, count.index)}"]
2017-11-15 19:37:32 +00:00
vm_size = "${var.vm_size}"
count = "${var.client_count}"
depends_on = ["azurerm_virtual_machine.server"]
# Uncomment this line to delete the OS disk automatically when deleting the VM
delete_os_disk_on_termination = true
# Uncomment this line to delete the data disks automatically when deleting the VM
delete_data_disks_on_termination = true
storage_image_reference {
id = "${var.image_id}"
}
storage_os_disk {
name = "hashistack-client-osdisk-${count.index}"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "hashistack-client-${count.index}"
admin_username = "ubuntu"
admin_password = "none"
custom_data = "${base64encode(data.template_file.user_data_client.rendered)}"
}
os_profile_linux_config {
disable_password_authentication = true
ssh_keys {
path = "/home/ubuntu/.ssh/authorized_keys"
key_data = "${tls_private_key.main.public_key_openssh}"
}
}
}
data "template_file" "user_data_client" {
template = "${file("${path.root}/user-data-client.sh")}"
vars = {
2017-11-15 19:37:32 +00:00
retry_join = "${var.retry_join}"
2017-11-01 21:07:13 +00:00
}
}
2017-11-15 19:37:32 +00:00
output "server_public_ips" {
value = ["${azurerm_public_ip.hashistack-server-public-ip.*.ip_address}"]
}
output "client_public_ips" {
value = ["${azurerm_public_ip.hashistack-client-public-ip.*.ip_address}"]
}