feat: provision azure vm and enable ssh connection

2025-05-02 20:39:46 +00:00
parent ed7b01b989
commit b01ef8a3ee
2 changed files with 134 additions and 61 deletions
--- a/week-2/opdracht-2/cloudinit-azure.yaml
+++ b/week-2/opdracht-2/cloudinit-azure.yaml
@@ -0,0 +1,16 @@
+#cloud-config
+local-hostname: vm-host-naam
+
+users:
+  - name: iac
+    ssh-authorized-keys:
+      - ${ssh-key}
+    shell: /bin/bash
+
+write_files:
+  - path: /home/iac/hello.txt
+    content: |
+      Hello World  
+    owner: 'iac:iac'
+    permissions: '0644'
+    defer: true
--- a/week-2/opdracht-2/main.tf
+++ b/week-2/opdracht-2/main.tf
@@ -8,14 +8,25 @@ data "local_file" "ssh_key" {
  filename = var.skylab_ssh_public_key_path
 }

-# Render userdata template with SSH key
-data "template_file" "userdata" {
+variable "azure_private_key_path" {
+  default = "/home/student/.ssh/azure"
+}
+
+data "local_file" "azure_private_key" {
+  filename = var.azure_private_key_path
+}
+
+# Render userdata template with skylab SSH key
+data "template_file" "esxi_userdata" {
  template = file("${path.module}/userdata.tftpl")
  vars = {
-    ssh-key = trimspace(data.local_file.ssh_key.content)
+    ssh-key           = trimspace(data.local_file.ssh_key.content)
+    azure-private-key = indent(6, trimspace(data.local_file.azure_private_key.content))
+    azure-vm-ip       = azurerm_linux_virtual_machine.main.public_ip_address
  }
 }

+
 # resource "esxi_vswitch" "myvswitch" {
 #   name = "${var.prefix}-vswitch"
 #   uplink {
@@ -48,7 +59,7 @@ resource "esxi_guest" "webserver" {
      hostname = "${var.prefix}-webserver-${count.index}" # Directly using count.index for hostname
    }))
    "metadata.encoding" = "base64"
-    "userdata"          = base64encode(data.template_file.userdata.rendered)
+    "userdata"          = base64encode(data.template_file.esxi_userdata.rendered)
    "userdata.encoding" = "base64"
  }
 }
@@ -73,79 +84,125 @@ resource "esxi_guest" "databaseserver" {
      hostname = "${var.prefix}-databaseserver-${count.index}" # Directly using count.index for hostname
    }))
    "metadata.encoding" = "base64"
-    "userdata"          = base64encode(data.template_file.userdata.rendered)
+    "userdata"          = base64encode(data.template_file.esxi_userdata.rendered)
    "userdata.encoding" = "base64"
  }
 }

 # Azure

-# resource "azurerm_virtual_network" "main" {
-#   name                = "${var.prefix}-network"
-#   address_space       = ["10.0.0.0/16"]
-#   location            = var.azure_location
-#   resource_group_name = var.azure_resourcegroup
-# }
+resource "azurerm_virtual_network" "main" {
+  name                = "${var.prefix}-network"
+  address_space       = ["10.0.0.0/16"]
+  location            = var.azure_location
+  resource_group_name = var.azure_resourcegroup
+}

-# resource "azurerm_subnet" "main" {
-#   name                 = "internal"
-#   resource_group_name  = var.azure_resourcegroup
-#   virtual_network_name = azurerm_virtual_network.main.name
-#   address_prefixes     = ["10.0.2.0/24"]
-# }
+resource "azurerm_subnet" "main" {
+  name                 = "internal"
+  resource_group_name  = var.azure_resourcegroup
+  virtual_network_name = azurerm_virtual_network.main.name
+  address_prefixes     = ["10.0.2.0/24"]
+}

-# resource "azurerm_network_interface" "main" {
-#   name                = "${var.prefix}-nic"
-#   location            = var.azure_location
-#   resource_group_name = var.azure_resourcegroup
+resource "azurerm_public_ip" "pip" {
+  name                = "${var.prefix}-pip"
+  resource_group_name = var.azure_resourcegroup
+  location            = var.azure_location
+  allocation_method   = "Static"
+}

-#   ip_configuration {
-#     name                          = "internal"
-#     subnet_id                     = azurerm_subnet.main.id
-#     private_ip_address_allocation = "Dynamic"
-#   }
-# }
+resource "azurerm_network_interface" "main" {
+  name                = "${var.prefix}-nic"
+  location            = var.azure_location
+  resource_group_name = var.azure_resourcegroup

-# resource "azurerm_linux_virtual_machine" "main" {
-#   name                = "${var.prefix}-vm"
-#   location            = var.azure_location
-#   resource_group_name = var.azure_resourcegroup
-#   network_interface_ids = [
-#     azurerm_network_interface.main.id,
-#   ]
-#   size = "Standard_B2ats_v2"
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.main.id
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = azurerm_public_ip.pip.id
+  }
+}

-#   admin_username = "adminuser"
-#   admin_ssh_key {
-#     username   = "adminuser"
-#     public_key = data.azurerm_ssh_public_key.azure.public_key
-#   }
+resource "azurerm_network_security_group" "main" {
+  name                = "${var.prefix}-nsg"
+  location            = var.azure_location
+  resource_group_name = var.azure_resourcegroup
+  security_rule {
+    access                     = "Allow"
+    direction                  = "Inbound"
+    name                       = "tls"
+    priority                   = 100
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    source_address_prefix      = "*"
+    destination_port_range     = "22"
+    destination_address_prefix = azurerm_network_interface.main.private_ip_address
+  }
+}

-#   os_disk {
-#     caching              = "ReadWrite"
-#     storage_account_type = "Standard_LRS"
-#   }
+resource "azurerm_network_interface_security_group_association" "main" {
+  network_interface_id      = azurerm_network_interface.main.id
+  network_security_group_id = azurerm_network_security_group.main.id
+}

-#   source_image_reference {
-#     publisher = "Canonical"
-#     offer     = "ubuntu-24_04-lts"
-#     sku       = "server"
-#     version   = "latest"
-#   }
-# }
+# Render userdata template with skylab SSH key
+data "template_file" "azure_cloudinit" {
+  template = file("${path.module}/cloudinit-azure.yaml")
+  vars = {
+    ssh-key = trimspace(data.azurerm_ssh_public_key.azure.public_key)
+  }
+}
+
+resource "azurerm_linux_virtual_machine" "main" {
+  name                = "${var.prefix}-vm"
+  location            = var.azure_location
+  resource_group_name = var.azure_resourcegroup
+  network_interface_ids = [
+    azurerm_network_interface.main.id,
+  ]
+  size = "Standard_B2ats_v2"
+
+  admin_username = "adminuser"
+  admin_ssh_key {
+    username   = "adminuser"
+    public_key = data.azurerm_ssh_public_key.azure.public_key
+  }
+
+  custom_data = base64encode(data.template_file.azure_cloudinit.rendered)
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "ubuntu-24_04-lts"
+    sku       = "server"
+    version   = "latest"
+  }
+}

 # Write ESXi IP adresses to file
 resource "local_file" "vm_info" {
-  content = join("\n", concat(
-    [
-      for guest in esxi_guest.webserver :
-      "${guest.guest_name} - ${guest.ip_address}"
-    ],
-    [
-      for guest in esxi_guest.databaseserver :
-      "${guest.guest_name} - ${guest.ip_address}"
-    ]
-  ))
+  content = join("\n",
+    ["ESXi VM's Private IP Adresses:"],
+    concat(
+      [
+        for guest in esxi_guest.webserver :
+        "${guest.guest_name} - ${guest.ip_address}"
+      ],
+      [
+        for guest in esxi_guest.databaseserver :
+        "${guest.guest_name} - ${guest.ip_address}"
+        ], [
+        "Azure VM's Private IP Adresses:",
+        "${azurerm_linux_virtual_machine.main.name} - ${azurerm_linux_virtual_machine.main.private_ip_address}",
+        "Azure VM's Public IP Adresses:",
+    "${azurerm_linux_virtual_machine.main.name} - ${azurerm_linux_virtual_machine.main.public_ip_address}"])
+  )

  filename = "${path.module}/vm_info.txt"
 }