From b01ef8a3eed1f1685cbabd986aebcee2c5f98e6c Mon Sep 17 00:00:00 2001 From: Ditmar Visser Date: Fri, 2 May 2025 20:39:46 +0000 Subject: [PATCH] feat: provision azure vm and enable ssh connection --- week-2/opdracht-2/cloudinit-azure.yaml | 16 +++ week-2/opdracht-2/main.tf | 179 ++++++++++++++++--------- 2 files changed, 134 insertions(+), 61 deletions(-) create mode 100644 week-2/opdracht-2/cloudinit-azure.yaml diff --git a/week-2/opdracht-2/cloudinit-azure.yaml b/week-2/opdracht-2/cloudinit-azure.yaml new file mode 100644 index 0000000..f711e8c --- /dev/null +++ b/week-2/opdracht-2/cloudinit-azure.yaml @@ -0,0 +1,16 @@ +#cloud-config +local-hostname: vm-host-naam + +users: + - name: iac + ssh-authorized-keys: + - ${ssh-key} + shell: /bin/bash + +write_files: + - path: /home/iac/hello.txt + content: | + Hello World + owner: 'iac:iac' + permissions: '0644' + defer: true \ No newline at end of file diff --git a/week-2/opdracht-2/main.tf b/week-2/opdracht-2/main.tf index 468efdb..e740c3d 100644 --- a/week-2/opdracht-2/main.tf +++ b/week-2/opdracht-2/main.tf @@ -8,14 +8,25 @@ data "local_file" "ssh_key" { filename = var.skylab_ssh_public_key_path } -# Render userdata template with SSH key -data "template_file" "userdata" { +variable "azure_private_key_path" { + default = "/home/student/.ssh/azure" +} + +data "local_file" "azure_private_key" { + filename = var.azure_private_key_path +} + +# Render userdata template with skylab SSH key +data "template_file" "esxi_userdata" { template = file("${path.module}/userdata.tftpl") vars = { - ssh-key = trimspace(data.local_file.ssh_key.content) + ssh-key = trimspace(data.local_file.ssh_key.content) + azure-private-key = indent(6, trimspace(data.local_file.azure_private_key.content)) + azure-vm-ip = azurerm_linux_virtual_machine.main.public_ip_address } } + # resource "esxi_vswitch" "myvswitch" { # name = "${var.prefix}-vswitch" # uplink { @@ -48,7 +59,7 @@ resource "esxi_guest" "webserver" { hostname = "${var.prefix}-webserver-${count.index}" # Directly using count.index for hostname })) "metadata.encoding" = "base64" - "userdata" = base64encode(data.template_file.userdata.rendered) + "userdata" = base64encode(data.template_file.esxi_userdata.rendered) "userdata.encoding" = "base64" } } @@ -73,79 +84,125 @@ resource "esxi_guest" "databaseserver" { hostname = "${var.prefix}-databaseserver-${count.index}" # Directly using count.index for hostname })) "metadata.encoding" = "base64" - "userdata" = base64encode(data.template_file.userdata.rendered) + "userdata" = base64encode(data.template_file.esxi_userdata.rendered) "userdata.encoding" = "base64" } } # Azure -# resource "azurerm_virtual_network" "main" { -# name = "${var.prefix}-network" -# address_space = ["10.0.0.0/16"] -# location = var.azure_location -# resource_group_name = var.azure_resourcegroup -# } +resource "azurerm_virtual_network" "main" { + name = "${var.prefix}-network" + address_space = ["10.0.0.0/16"] + location = var.azure_location + resource_group_name = var.azure_resourcegroup +} -# resource "azurerm_subnet" "main" { -# name = "internal" -# resource_group_name = var.azure_resourcegroup -# virtual_network_name = azurerm_virtual_network.main.name -# address_prefixes = ["10.0.2.0/24"] -# } +resource "azurerm_subnet" "main" { + name = "internal" + resource_group_name = var.azure_resourcegroup + virtual_network_name = azurerm_virtual_network.main.name + address_prefixes = ["10.0.2.0/24"] +} -# resource "azurerm_network_interface" "main" { -# name = "${var.prefix}-nic" -# location = var.azure_location -# resource_group_name = var.azure_resourcegroup +resource "azurerm_public_ip" "pip" { + name = "${var.prefix}-pip" + resource_group_name = var.azure_resourcegroup + location = var.azure_location + allocation_method = "Static" +} -# ip_configuration { -# name = "internal" -# subnet_id = azurerm_subnet.main.id -# private_ip_address_allocation = "Dynamic" -# } -# } +resource "azurerm_network_interface" "main" { + name = "${var.prefix}-nic" + location = var.azure_location + resource_group_name = var.azure_resourcegroup -# resource "azurerm_linux_virtual_machine" "main" { -# name = "${var.prefix}-vm" -# location = var.azure_location -# resource_group_name = var.azure_resourcegroup -# network_interface_ids = [ -# azurerm_network_interface.main.id, -# ] -# size = "Standard_B2ats_v2" + ip_configuration { + name = "internal" + subnet_id = azurerm_subnet.main.id + private_ip_address_allocation = "Dynamic" + public_ip_address_id = azurerm_public_ip.pip.id + } +} -# admin_username = "adminuser" -# admin_ssh_key { -# username = "adminuser" -# public_key = data.azurerm_ssh_public_key.azure.public_key -# } +resource "azurerm_network_security_group" "main" { + name = "${var.prefix}-nsg" + location = var.azure_location + resource_group_name = var.azure_resourcegroup + security_rule { + access = "Allow" + direction = "Inbound" + name = "tls" + priority = 100 + protocol = "Tcp" + source_port_range = "*" + source_address_prefix = "*" + destination_port_range = "22" + destination_address_prefix = azurerm_network_interface.main.private_ip_address + } +} -# os_disk { -# caching = "ReadWrite" -# storage_account_type = "Standard_LRS" -# } +resource "azurerm_network_interface_security_group_association" "main" { + network_interface_id = azurerm_network_interface.main.id + network_security_group_id = azurerm_network_security_group.main.id +} -# source_image_reference { -# publisher = "Canonical" -# offer = "ubuntu-24_04-lts" -# sku = "server" -# version = "latest" -# } -# } +# Render userdata template with skylab SSH key +data "template_file" "azure_cloudinit" { + template = file("${path.module}/cloudinit-azure.yaml") + vars = { + ssh-key = trimspace(data.azurerm_ssh_public_key.azure.public_key) + } +} + +resource "azurerm_linux_virtual_machine" "main" { + name = "${var.prefix}-vm" + location = var.azure_location + resource_group_name = var.azure_resourcegroup + network_interface_ids = [ + azurerm_network_interface.main.id, + ] + size = "Standard_B2ats_v2" + + admin_username = "adminuser" + admin_ssh_key { + username = "adminuser" + public_key = data.azurerm_ssh_public_key.azure.public_key + } + + custom_data = base64encode(data.template_file.azure_cloudinit.rendered) + + os_disk { + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + } + + source_image_reference { + publisher = "Canonical" + offer = "ubuntu-24_04-lts" + sku = "server" + version = "latest" + } +} # Write ESXi IP adresses to file resource "local_file" "vm_info" { - content = join("\n", concat( - [ - for guest in esxi_guest.webserver : - "${guest.guest_name} - ${guest.ip_address}" - ], - [ - for guest in esxi_guest.databaseserver : - "${guest.guest_name} - ${guest.ip_address}" - ] - )) + content = join("\n", + ["ESXi VM's Private IP Adresses:"], + concat( + [ + for guest in esxi_guest.webserver : + "${guest.guest_name} - ${guest.ip_address}" + ], + [ + for guest in esxi_guest.databaseserver : + "${guest.guest_name} - ${guest.ip_address}" + ], [ + "Azure VM's Private IP Adresses:", + "${azurerm_linux_virtual_machine.main.name} - ${azurerm_linux_virtual_machine.main.private_ip_address}", + "Azure VM's Public IP Adresses:", + "${azurerm_linux_virtual_machine.main.name} - ${azurerm_linux_virtual_machine.main.public_ip_address}"]) + ) filename = "${path.module}/vm_info.txt" }