feat: provision azure vm and enable ssh connection

2025-05-02 20:39:46 +00:00
parent ed7b01b989
commit b01ef8a3ee
2 changed files with 134 additions and 61 deletions
--- a/week-2/opdracht-2/cloudinit-azure.yaml
+++ b/week-2/opdracht-2/cloudinit-azure.yaml
@@ -0,0 +1,16 @@
 #cloud-config
 local-hostname: vm-host-naam
 users:
  - name: iac
    ssh-authorized-keys:
      - ${ssh-key}
    shell: /bin/bash
 write_files:
  - path: /home/iac/hello.txt
    content: |
      Hello World  
    owner: 'iac:iac'
    permissions: '0644'
    defer: true
--- a/week-2/opdracht-2/main.tf
+++ b/week-2/opdracht-2/main.tf
@@ -8,14 +8,25 @@ data "local_file" "ssh_key" {
  filename = var.skylab_ssh_public_key_path
 }
-# Render userdata template with SSH key
+variable "azure_private_key_path" {
-data "template_file" "userdata" {
+  default = "/home/student/.ssh/azure"
 }
 data "local_file" "azure_private_key" {
  filename = var.azure_private_key_path
 }
 # Render userdata template with skylab SSH key
 data "template_file" "esxi_userdata" {
  template = file("${path.module}/userdata.tftpl")
  vars = {
-    ssh-key = trimspace(data.local_file.ssh_key.content)
+    ssh-key           = trimspace(data.local_file.ssh_key.content)
    azure-private-key = indent(6, trimspace(data.local_file.azure_private_key.content))
    azure-vm-ip       = azurerm_linux_virtual_machine.main.public_ip_address
  }
 }
 # resource "esxi_vswitch" "myvswitch" {
 #   name = "${var.prefix}-vswitch"
 #   uplink {
@@ -48,7 +59,7 @@ resource "esxi_guest" "webserver" {
      hostname = "${var.prefix}-webserver-${count.index}" # Directly using count.index for hostname
    }))
    "metadata.encoding" = "base64"
-    "userdata"          = base64encode(data.template_file.userdata.rendered)
+    "userdata"          = base64encode(data.template_file.esxi_userdata.rendered)
    "userdata.encoding" = "base64"
  }
 }
@@ -73,79 +84,125 @@ resource "esxi_guest" "databaseserver" {
      hostname = "${var.prefix}-databaseserver-${count.index}" # Directly using count.index for hostname
    }))
    "metadata.encoding" = "base64"
-    "userdata"          = base64encode(data.template_file.userdata.rendered)
+    "userdata"          = base64encode(data.template_file.esxi_userdata.rendered)
    "userdata.encoding" = "base64"
  }
 }
 # Azure
-# resource "azurerm_virtual_network" "main" {
+resource "azurerm_virtual_network" "main" {
-#   name                = "${var.prefix}-network"
+  name                = "${var.prefix}-network"
-#   address_space       = ["10.0.0.0/16"]
+  address_space       = ["10.0.0.0/16"]
-#   location            = var.azure_location
+  location            = var.azure_location
-#   resource_group_name = var.azure_resourcegroup
+  resource_group_name = var.azure_resourcegroup
-# }
+}
-# resource "azurerm_subnet" "main" {
+resource "azurerm_subnet" "main" {
-#   name                 = "internal"
+  name                 = "internal"
-#   resource_group_name  = var.azure_resourcegroup
+  resource_group_name  = var.azure_resourcegroup
-#   virtual_network_name = azurerm_virtual_network.main.name
+  virtual_network_name = azurerm_virtual_network.main.name
-#   address_prefixes     = ["10.0.2.0/24"]
+  address_prefixes     = ["10.0.2.0/24"]
-# }
+}
-# resource "azurerm_network_interface" "main" {
+resource "azurerm_public_ip" "pip" {
-#   name                = "${var.prefix}-nic"
+  name                = "${var.prefix}-pip"
-#   location            = var.azure_location
+  resource_group_name = var.azure_resourcegroup
-#   resource_group_name = var.azure_resourcegroup
+  location            = var.azure_location
  allocation_method   = "Static"
 }
-#   ip_configuration {
+resource "azurerm_network_interface" "main" {
-#     name                          = "internal"
+  name                = "${var.prefix}-nic"
-#     subnet_id                     = azurerm_subnet.main.id
+  location            = var.azure_location
-#     private_ip_address_allocation = "Dynamic"
+  resource_group_name = var.azure_resourcegroup
 #   }
 # }
-# resource "azurerm_linux_virtual_machine" "main" {
+  ip_configuration {
-#   name                = "${var.prefix}-vm"
+    name                          = "internal"
-#   location            = var.azure_location
+    subnet_id                     = azurerm_subnet.main.id
-#   resource_group_name = var.azure_resourcegroup
+    private_ip_address_allocation = "Dynamic"
-#   network_interface_ids = [
+    public_ip_address_id          = azurerm_public_ip.pip.id
-#     azurerm_network_interface.main.id,
+  }
-#   ]
+}
 #   size = "Standard_B2ats_v2"
-#   admin_username = "adminuser"
+resource "azurerm_network_security_group" "main" {
-#   admin_ssh_key {
+  name                = "${var.prefix}-nsg"
-#     username   = "adminuser"
+  location            = var.azure_location
-#     public_key = data.azurerm_ssh_public_key.azure.public_key
+  resource_group_name = var.azure_resourcegroup
-#   }
+  security_rule {
    access                     = "Allow"
    direction                  = "Inbound"
    name                       = "tls"
    priority                   = 100
    protocol                   = "Tcp"
    source_port_range          = "*"
    source_address_prefix      = "*"
    destination_port_range     = "22"
    destination_address_prefix = azurerm_network_interface.main.private_ip_address
  }
 }
-#   os_disk {
+resource "azurerm_network_interface_security_group_association" "main" {
-#     caching              = "ReadWrite"
+  network_interface_id      = azurerm_network_interface.main.id
-#     storage_account_type = "Standard_LRS"
+  network_security_group_id = azurerm_network_security_group.main.id
-#   }
+}
-#   source_image_reference {
+# Render userdata template with skylab SSH key
-#     publisher = "Canonical"
+data "template_file" "azure_cloudinit" {
-#     offer     = "ubuntu-24_04-lts"
+  template = file("${path.module}/cloudinit-azure.yaml")
-#     sku       = "server"
+  vars = {
-#     version   = "latest"
+    ssh-key = trimspace(data.azurerm_ssh_public_key.azure.public_key)
-#   }
+  }
-# }
+}
 resource "azurerm_linux_virtual_machine" "main" {
  name                = "${var.prefix}-vm"
  location            = var.azure_location
  resource_group_name = var.azure_resourcegroup
  network_interface_ids = [
    azurerm_network_interface.main.id,
  ]
  size = "Standard_B2ats_v2"
  admin_username = "adminuser"
  admin_ssh_key {
    username   = "adminuser"
    public_key = data.azurerm_ssh_public_key.azure.public_key
  }
  custom_data = base64encode(data.template_file.azure_cloudinit.rendered)
  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }
  source_image_reference {
    publisher = "Canonical"
    offer     = "ubuntu-24_04-lts"
    sku       = "server"
    version   = "latest"
  }
 }
 # Write ESXi IP adresses to file
 resource "local_file" "vm_info" {
-  content = join("\n", concat(
+  content = join("\n",
-    [
+    ["ESXi VM's Private IP Adresses:"],
-      for guest in esxi_guest.webserver :
+    concat(
-      "${guest.guest_name} - ${guest.ip_address}"
+      [
-    ],
+        for guest in esxi_guest.webserver :
-    [
+        "${guest.guest_name} - ${guest.ip_address}"
-      for guest in esxi_guest.databaseserver :
+      ],
-      "${guest.guest_name} - ${guest.ip_address}"
+      [
-    ]
+        for guest in esxi_guest.databaseserver :
-  ))
+        "${guest.guest_name} - ${guest.ip_address}"
        ], [
        "Azure VM's Private IP Adresses:",
        "${azurerm_linux_virtual_machine.main.name} - ${azurerm_linux_virtual_machine.main.private_ip_address}",
        "Azure VM's Public IP Adresses:",
    "${azurerm_linux_virtual_machine.main.name} - ${azurerm_linux_virtual_machine.main.public_ip_address}"])
  )
  filename = "${path.module}/vm_info.txt"
 }