12 Commits

17 changed files with 740 additions and 4 deletions

View File

@@ -25,7 +25,9 @@
Now you can access the ESXi dashboard on `192.168.1.5` (or whatever the ip of the hypervisor is).
5. Add a new datastore: ![ESXi Data store](images/esxi_data_store.png)
5. Add a new datastore:
![ESXi Data store](images/esxi_data_store.png)
### Setup Linux Development Environment
@@ -45,7 +47,7 @@ Now you can access the ESXi dashboard on `192.168.1.5` (or whatever the ip of th
- 192.168.1.6/24
routes:
- to: default
via: 192.168.1.1
via: 192.168.1.1
nameservers:
addresses:
- 192.168.1.1
@@ -65,7 +67,9 @@ Now you can access the ESXi dashboard on `192.168.1.5` (or whatever the ip of th
2. Set the permissions of that file with Powershell as admin:
1. `icacls "D:\School\devhost" /inheritance:r`
2. `icacls "D:\School\devhost" /grant:r "$($env:USERNAME):(R)"`
3. Upload the `azure` public key to Azure: ![Upload Azure Public Key](images\azure_upload_ssh_key.png)
3. Upload the `azure` public key to Azure:
![Upload Azure Public Key](images/azure_upload_ssh_key.png)
5. Now you can access the VM via VSCode:
1. Install the Remote Explorer extension.
@@ -76,7 +80,9 @@ Now you can access the ESXi dashboard on `192.168.1.5` (or whatever the ip of th
User student
IdentityFile D:/School/devhost
```
3. Connect to the machine in VSCode: ![Connecting to ssh](images\vscode_connect_ssh.png)
3. Connect to the machine in VSCode:
![Connecting to ssh](images/vscode_connect_ssh.png)
6. Install deps: `sudo apt install git unzip curl sshpass`
@@ -100,6 +106,11 @@ Now you can access the ESXi dashboard on `192.168.1.5` (or whatever the ip of th
2. `echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list`
3. `sudo apt-get update && sudo apt-get install terraform`
10. Install Azure CLI
1. `curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash`
2. Login with `az login`
3. Choose the `2 - HBO ICT` subscription
### Test Connection
Run the following command and enter the password of the `root` user on the ESXi Hypervisor: `ansible -i '192.168.1.5,' -m ping all -u root -k`

43
week-2/opdracht-1/.terraform.lock.hcl generated Normal file
View File

@@ -0,0 +1,43 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/azurerm" {
version = "4.27.0"
constraints = "~> 4.27.0"
hashes = [
"h1:2fs47aLDaEm93ANXXVRdTjlbUBmFBZRsFjyshKoPE3o=",
"zh:0c69edea1995bd3bd9e61980757169c35bf22281b660b5c755b6cb13d08d29d2",
"zh:25b86bf7b9678371d8573983954c571696f3e64a3967133be3b835da36307106",
"zh:49921cff4f26a49bafada60cd07dabb52c5eb35231059ed928a4f4722e269c82",
"zh:4b986166531f9fd1289f01d8220519443e74888a21da512c1b841b006dad6215",
"zh:53fb65b2ca4df637f03e4748a100a7d7fc77249e307c03e294d6259cec0310f6",
"zh:5c0d021a387ca4e2a5a01da009746a08c45f08e971c10d9bda54539d7264d671",
"zh:600043f2b20dc5a45275e43f175c19fe8b6e8e9557a0c884aef018f1f63de90e",
"zh:a0284f6f38912f67bb4cb7829fda3fa75be81fea6a9b21119965c2a839430092",
"zh:a7ac0576e2069ef77557042c6b5157ded364fbd355b2f9bf7f5441622424086e",
"zh:c5db0bcafe986868e28cc6225b68b2d1cf4bf631939d260ca845f17a9aa1677d",
"zh:ce620c0eb71b1fdd925828b30cf232a869abccf1c459180f2f991c4166315251",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
]
}
provider "registry.terraform.io/josenk/esxi" {
version = "1.10.3"
hashes = [
"h1:o78ERC8riDT2nHWCbXECt+S/RKwM98/G5ZojJHRm8fA=",
"zh:208a6a8092fa50d63fe1780447f2c4c3115b1987902a0c986452172c2c35677e",
"zh:3a0755aec960e32dbfbb31be61bba6ee2d11aff0513707e93f4eaebe3d557d93",
"zh:3daef19f36c9438771833dc15ae0eddc95faf9df00f9de9ab143bd031314ce50",
"zh:4cb4ba24aa3975f3928f5f16bc535ce0b18159ede16abaee39f93b3e13c36334",
"zh:56f30098aca0874210c4546530a5bfa5dd49bfad63950f3d9f3623cc6767280b",
"zh:716c62ae2d0cb7c64b5b3328792d7e135c4c0905e399e4b7335b7808508a7027",
"zh:81b0e8fab21088785e51f2d6af518ac31959b104facb2a25b0481d586a6fc692",
"zh:8b415ab7e39ca8e16f923bc73a8af418859faa594d97ed73e3a4aff7a736b08f",
"zh:9072bdd960ef85dc735b82423560b027ebb44790af1e84b122f1014f96acfc91",
"zh:9e6e1c2a7bf93c4705d280cea5b3d6bfb84c4540b92563e64fbc3a20155ef775",
"zh:af14c0e96273470dfb398b1701f575e5ea4963c208a32a4436db5ea0e2f2f385",
"zh:c79e772730ab4ac75c58d368f452c7a76abc738bb3666df0cfb567ac01e32c59",
"zh:d0068e7ca381d4b18df8b0219540733c996dfc69a89673b6bf52e4d69350c09a",
"zh:e188b20664bdcda50c45d071a8d0ba9870368941dac9138cd655f50db4ea15d2",
]
}

71
week-2/opdracht-1/main.tf Normal file
View File

@@ -0,0 +1,71 @@
# ESXi
resource "esxi_guest" "main" {
guest_name = "${var.prefix}-vm"
disk_store = "datastore1"
memsize = "1024"
numvcpus = "1"
power = "on"
ovf_source = "https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.ova"
network_interfaces {
virtual_network = "VM Network"
}
}
# Azure
resource "azurerm_virtual_network" "main" {
name = "${var.prefix}-network"
address_space = ["10.0.0.0/16"]
location = var.azure_location
resource_group_name = var.azure_resourcegroup
}
resource "azurerm_subnet" "main" {
name = "internal"
resource_group_name = var.azure_resourcegroup
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["10.0.2.0/24"]
}
resource "azurerm_network_interface" "main" {
name = "${var.prefix}-nic"
location = var.azure_location
resource_group_name = var.azure_resourcegroup
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.main.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_linux_virtual_machine" "main" {
name = "${var.prefix}-vm"
location = var.azure_location
resource_group_name = var.azure_resourcegroup
network_interface_ids = [
azurerm_network_interface.main.id,
]
size = "Standard_B2ats_v2"
admin_username = "adminuser"
admin_ssh_key {
username = "adminuser"
public_key = data.azurerm_ssh_public_key.azure.public_key
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "ubuntu-24_04-lts"
sku = "server"
version = "latest"
}
}

View File

@@ -0,0 +1,26 @@
terraform {
required_providers {
esxi = {
source = "registry.terraform.io/josenk/esxi"
}
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.27.0"
}
}
}
provider "esxi" {
esxi_hostname = var.esxi_hostname
esxi_hostport = var.esxi_hostport
esxi_hostssl = var.esxi_hostssl
esxi_username = var.esxi_username
esxi_password = var.esxi_password
}
provider "azurerm" {
resource_provider_registrations = "none"
subscription_id = var.azure_subscriptionid
features{}
}

View File

@@ -0,0 +1,5 @@
esxi_hostname = ""
esxi_username = ""
esxi_password = ""
azure_subscriptionid = ""
azure_resourcegroup = ""

View File

@@ -0,0 +1,47 @@
variable "esxi_hostname" {
description = "IP address of the ESXi host"
}
variable "esxi_hostport" {
description = "SSH port of the ESXi host"
default = "22"
}
variable "esxi_hostssl" {
description = "SSL port of the ESXi host"
default = "443"
}
variable "esxi_username" {
description = "Username to connect to the ESXi host"
}
variable "esxi_password" {
description = "Password to connect to the ESXi host"
sensitive = true
}
variable "azure_subscriptionid" {
description = "ID of the Azure Subscription."
sensitive = true
}
variable "azure_resourcegroup" {
description = "Name of the Azure Resource Group."
}
variable "azure_location" {
description = "Location of the Azure resources"
default = "westeurope"
}
variable "prefix" {
description = "The Prefix used for all resources"
default = "week-2-opdracht-1"
}
# Pull the SSH public key from Azure Key Vault
data "azurerm_ssh_public_key" "azure" {
name = "azure"
resource_group_name = var.azure_resourcegroup
}

1
week-2/opdracht-2/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
vm_info.txt

79
week-2/opdracht-2/.terraform.lock.hcl generated Normal file
View File

@@ -0,0 +1,79 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/azurerm" {
version = "4.27.0"
constraints = "~> 4.27.0"
hashes = [
"h1:2fs47aLDaEm93ANXXVRdTjlbUBmFBZRsFjyshKoPE3o=",
"zh:0c69edea1995bd3bd9e61980757169c35bf22281b660b5c755b6cb13d08d29d2",
"zh:25b86bf7b9678371d8573983954c571696f3e64a3967133be3b835da36307106",
"zh:49921cff4f26a49bafada60cd07dabb52c5eb35231059ed928a4f4722e269c82",
"zh:4b986166531f9fd1289f01d8220519443e74888a21da512c1b841b006dad6215",
"zh:53fb65b2ca4df637f03e4748a100a7d7fc77249e307c03e294d6259cec0310f6",
"zh:5c0d021a387ca4e2a5a01da009746a08c45f08e971c10d9bda54539d7264d671",
"zh:600043f2b20dc5a45275e43f175c19fe8b6e8e9557a0c884aef018f1f63de90e",
"zh:a0284f6f38912f67bb4cb7829fda3fa75be81fea6a9b21119965c2a839430092",
"zh:a7ac0576e2069ef77557042c6b5157ded364fbd355b2f9bf7f5441622424086e",
"zh:c5db0bcafe986868e28cc6225b68b2d1cf4bf631939d260ca845f17a9aa1677d",
"zh:ce620c0eb71b1fdd925828b30cf232a869abccf1c459180f2f991c4166315251",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
]
}
provider "registry.terraform.io/hashicorp/local" {
version = "2.5.2"
hashes = [
"h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=",
"zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511",
"zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea",
"zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0",
"zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b",
"zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038",
"zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4",
"zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464",
"zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b",
"zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e",
"zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1",
]
}
provider "registry.terraform.io/hashicorp/template" {
version = "2.2.0"
hashes = [
"h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
"zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
"zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
"zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
"zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
"zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
"zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
"zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
"zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
"zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
"zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
]
}
provider "registry.terraform.io/josenk/esxi" {
version = "1.10.3"
hashes = [
"h1:o78ERC8riDT2nHWCbXECt+S/RKwM98/G5ZojJHRm8fA=",
"zh:208a6a8092fa50d63fe1780447f2c4c3115b1987902a0c986452172c2c35677e",
"zh:3a0755aec960e32dbfbb31be61bba6ee2d11aff0513707e93f4eaebe3d557d93",
"zh:3daef19f36c9438771833dc15ae0eddc95faf9df00f9de9ab143bd031314ce50",
"zh:4cb4ba24aa3975f3928f5f16bc535ce0b18159ede16abaee39f93b3e13c36334",
"zh:56f30098aca0874210c4546530a5bfa5dd49bfad63950f3d9f3623cc6767280b",
"zh:716c62ae2d0cb7c64b5b3328792d7e135c4c0905e399e4b7335b7808508a7027",
"zh:81b0e8fab21088785e51f2d6af518ac31959b104facb2a25b0481d586a6fc692",
"zh:8b415ab7e39ca8e16f923bc73a8af418859faa594d97ed73e3a4aff7a736b08f",
"zh:9072bdd960ef85dc735b82423560b027ebb44790af1e84b122f1014f96acfc91",
"zh:9e6e1c2a7bf93c4705d280cea5b3d6bfb84c4540b92563e64fbc3a20155ef775",
"zh:af14c0e96273470dfb398b1701f575e5ea4963c208a32a4436db5ea0e2f2f385",
"zh:c79e772730ab4ac75c58d368f452c7a76abc738bb3666df0cfb567ac01e32c59",
"zh:d0068e7ca381d4b18df8b0219540733c996dfc69a89673b6bf52e4d69350c09a",
"zh:e188b20664bdcda50c45d071a8d0ba9870368941dac9138cd655f50db4ea15d2",
]
}

111
week-2/opdracht-2/README.md Normal file
View File

@@ -0,0 +1,111 @@
# Terraform Deployment Week 2 Assignment
This repository contains Terraform configurations for provisioning infrastructure on ESXi and Azure.
All sensitive information (e.g. SSH key files, passwords) and custom values are handled using Terraform variables stored in a separate file.
```mermaid
graph TD
subgraph ESXi omgeving
ESXiNIC[NIC]:::existing
ESXivSwitch[vSwitch]
Portgroup[Portgroup]
ESXivSwitch --> ESXiNIC
ESXiNIC --> Portgroup
Web1[Webserver 1]
Web2[Webserver 2]
DB[Databaseserver]
Portgroup --> Web1
Portgroup --> Web2
Portgroup --> DB
end
subgraph Azure
VNet[Virtual Network]
Subnet[Subnet]
NIC[NIC]
NSG["NSG (SSH open)"]
VM[Linux VM]
PIP[Public IP]
VNet --> Subnet
Subnet --> NIC
NIC --> VM
NSG --> NIC
VM --> PIP
end
subgraph Data
AzurePublicKey["SSH Public Key (azure.pub)"]
AzurePrivateKey["SSH Private Key (azure)"]
SkylabPublicKey["SSH Public Key (skylab.pub)"]
Userdata[Userdata]
AzureCloudInit[Azure Cloudinit]
VMinfo["Output file: vm_info.txt"]
end
SkylabPublicKey --> Userdata
AzurePrivateKey --> Userdata
AzurePublicKey --> AzureCloudInit
Userdata --> Web1
Userdata --> Web2
Userdata --> DB
AzureCloudInit --> VM
Web1 --> VMinfo
Web2 --> VMinfo
DB --> VMinfo
VM --> VMinfo
classDef existing stroke:#268b26
```
## Azure
- Complete network setup:
- Virtual Network
- Subnet
- Network Security Group
- NIC
- One Ubuntu 24.04 VM.
- VM type: `Standard_B2ats_v2`
- Public IP address enabled
- The `iac` user is created using cloud-init
- `azure.pub` is uploaded as public key.
- A file `/home/iac/hello.txt` containing `Hello World` is created using cloud-init
- VM public and private IP address is stored in the `vm_info.txt` file.
## ESXi
- Creates three Ubuntu 24.04 VMs.
- 2 `webserver`
- 1 `databaseserver`
- Each VM is provisioned with 1 vCPU and 2 GB RAM.
- The `skylab` user is created using cloud-init
- `skylab.pub` is uploaded as public key.
- `azure` private key us uploaded to access the Azure VM.
- A SSH config file is created with info for connecting to the Azure VM.
- sudo access.
- no password prompt.
- The packages `wget` and `ntpdate` are installed with cloud-init.
- VM private IP addresses are stored in the `vm_info.txt` file.
## Demo
![demo](iac-week-2.gif)
This demo shows:
1. Applying the Terraform plan
- `terraform apply --auto-approve`
- This shows the ip addresses of the VM's in the output.
2. Opening an SSH session to one of the ESXi VMs
- `ssh -i /home/student/.ssh/skylab skylab@192.168.1.115`
3. Opening an SSH session to one of the Azure VMs
- `ssh azurevm` (using SSH config file)
4. Showing the content of the `hello.txt` file.
- `cat hello.txt`

View File

@@ -0,0 +1,16 @@
#cloud-config
local-hostname: vm-host-naam
users:
- name: iac
ssh-authorized-keys:
- ${azure-ssh-key}
shell: /bin/bash
write_files:
- path: /home/iac/hello.txt
content: |
Hello World
owner: 'iac:iac'
permissions: '0644'
defer: true

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.6 MiB

212
week-2/opdracht-2/main.tf Normal file
View File

@@ -0,0 +1,212 @@
# ESXi
variable "skylab_ssh_public_key_path" {
default = "/home/student/.ssh/skylab.pub"
}
data "local_file" "ssh_key" {
filename = var.skylab_ssh_public_key_path
}
variable "azure_private_key_path" {
default = "/home/student/.ssh/azure"
}
data "local_file" "azure_private_key" {
filename = var.azure_private_key_path
}
# Render userdata template with skylab SSH key
data "template_file" "esxi_userdata" {
template = file("${path.module}/userdata.tftpl")
vars = {
skylab-ssh-key = trimspace(data.local_file.ssh_key.content)
azure-private-key = indent(6, trimspace(data.local_file.azure_private_key.content))
azure-vm-ip = azurerm_linux_virtual_machine.main.public_ip_address
}
}
# resource "esxi_vswitch" "myvswitch" {
# name = "${var.prefix}-vswitch"
# uplink {
# name = "vmnic0"
# }
# }
resource "esxi_portgroup" "week-2-opdracht-2" {
name = "${var.prefix}-network"
vswitch = "vSwitch0"
}
resource "esxi_guest" "webserver" {
guest_name = "${var.prefix}-webserver-${count.index}"
disk_store = "datastore1"
count = 2
memsize = "2048"
numvcpus = "1"
power = "on"
ovf_source = "https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.ova"
network_interfaces {
virtual_network = esxi_portgroup.week-2-opdracht-2.name
}
guestinfo = {
"metadata" = base64encode(templatefile("${path.module}/metadata.yaml", {
hostname = "${var.prefix}-webserver-${count.index}" # Directly using count.index for hostname
}))
"metadata.encoding" = "base64"
"userdata" = base64encode(data.template_file.esxi_userdata.rendered)
"userdata.encoding" = "base64"
}
}
resource "esxi_guest" "databaseserver" {
guest_name = "${var.prefix}-databaseserver-${count.index}"
disk_store = "datastore1"
count = 1
memsize = "2048"
numvcpus = "1"
power = "on"
ovf_source = "https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.ova"
network_interfaces {
virtual_network = esxi_portgroup.week-2-opdracht-2.name
}
guestinfo = {
"metadata" = base64encode(templatefile("${path.module}/metadata.yaml", {
hostname = "${var.prefix}-databaseserver-${count.index}" # Directly using count.index for hostname
}))
"metadata.encoding" = "base64"
"userdata" = base64encode(data.template_file.esxi_userdata.rendered)
"userdata.encoding" = "base64"
}
}
# Azure
resource "azurerm_virtual_network" "main" {
name = "${var.prefix}-network"
address_space = ["10.0.0.0/16"]
location = var.azure_location
resource_group_name = var.azure_resourcegroup
}
resource "azurerm_subnet" "main" {
name = "internal"
resource_group_name = var.azure_resourcegroup
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["10.0.2.0/24"]
}
resource "azurerm_public_ip" "pip" {
name = "${var.prefix}-pip"
resource_group_name = var.azure_resourcegroup
location = var.azure_location
allocation_method = "Static"
}
resource "azurerm_network_interface" "main" {
name = "${var.prefix}-nic"
location = var.azure_location
resource_group_name = var.azure_resourcegroup
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.main.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.pip.id
}
}
resource "azurerm_network_security_group" "main" {
name = "${var.prefix}-nsg"
location = var.azure_location
resource_group_name = var.azure_resourcegroup
security_rule {
access = "Allow"
direction = "Inbound"
name = "tls"
priority = 100
protocol = "Tcp"
source_port_range = "*"
source_address_prefix = "*"
destination_port_range = "22"
destination_address_prefix = azurerm_network_interface.main.private_ip_address
}
}
resource "azurerm_network_interface_security_group_association" "main" {
network_interface_id = azurerm_network_interface.main.id
network_security_group_id = azurerm_network_security_group.main.id
}
# Render userdata template with skylab SSH key
data "template_file" "azure_cloudinit" {
template = file("${path.module}/cloudinit-azure.yaml")
vars = {
azure-ssh-key = trimspace(data.azurerm_ssh_public_key.azure.public_key)
}
}
resource "azurerm_linux_virtual_machine" "main" {
name = "${var.prefix}-vm"
location = var.azure_location
resource_group_name = var.azure_resourcegroup
network_interface_ids = [
azurerm_network_interface.main.id,
]
size = "Standard_B2ats_v2"
admin_username = "adminuser"
admin_ssh_key {
username = "adminuser"
public_key = data.azurerm_ssh_public_key.azure.public_key
}
custom_data = base64encode(data.template_file.azure_cloudinit.rendered)
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "ubuntu-24_04-lts"
sku = "server"
version = "latest"
}
}
# Write ESXi IP adresses to file
resource "local_file" "vm_info" {
content = join("\n",
["ESXi VM's Private IP Adresses:"],
concat(
[
for guest in esxi_guest.webserver :
"${guest.guest_name} - ${guest.ip_address}"
],
[
for guest in esxi_guest.databaseserver :
"${guest.guest_name} - ${guest.ip_address}"
], [
"Azure VM's Private IP Adresses:",
"${azurerm_linux_virtual_machine.main.name} - ${azurerm_linux_virtual_machine.main.private_ip_address}",
"Azure VM's Public IP Adresses:",
"${azurerm_linux_virtual_machine.main.name} - ${azurerm_linux_virtual_machine.main.public_ip_address}"])
)
filename = "${path.module}/vm_info.txt"
}
output "ip_addresses" {
value = local_file.vm_info.content
}

View File

@@ -0,0 +1,2 @@
#cloud-config
local-hostname: ${hostname}

View File

@@ -0,0 +1,26 @@
terraform {
required_providers {
esxi = {
source = "registry.terraform.io/josenk/esxi"
}
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.27.0"
}
}
}
provider "esxi" {
esxi_hostname = var.esxi_hostname
esxi_hostport = var.esxi_hostport
esxi_hostssl = var.esxi_hostssl
esxi_username = var.esxi_username
esxi_password = var.esxi_password
}
provider "azurerm" {
resource_provider_registrations = "none"
subscription_id = var.azure_subscriptionid
features {}
}

View File

@@ -0,0 +1,5 @@
esxi_hostname = ""
esxi_username = ""
esxi_password = ""
azure_subscriptionid = ""
azure_resourcegroup = ""

View File

@@ -0,0 +1,34 @@
#cloud-config
users:
- name: skylab
ssh-authorized-keys:
- ${skylab-ssh-key}
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
write_files:
- path: /home/skylab/.ssh/azure
content: |
${azure-private-key}
permissions: '0600'
owner: skylab:skylab
defer: true
- path: /home/skylab/.ssh/config
content: |
Host azurevm
HostName ${azure-vm-ip}
User iac
IdentityFile ~/.ssh/azure
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
permissions: '0600'
owner: skylab:skylab
defer: true
packages:
- wget
- ntpdate
runcmd:
- ntpdate pool.ntp.org

View File

@@ -0,0 +1,47 @@
variable "esxi_hostname" {
description = "IP address of the ESXi host"
}
variable "esxi_hostport" {
description = "SSH port of the ESXi host"
default = "22"
}
variable "esxi_hostssl" {
description = "SSL port of the ESXi host"
default = "443"
}
variable "esxi_username" {
description = "Username to connect to the ESXi host"
}
variable "esxi_password" {
description = "Password to connect to the ESXi host"
sensitive = true
}
variable "azure_subscriptionid" {
description = "ID of the Azure Subscription."
sensitive = true
}
variable "azure_resourcegroup" {
description = "Name of the Azure Resource Group."
}
variable "azure_location" {
description = "Location of the Azure resources"
default = "westeurope"
}
variable "prefix" {
description = "The Prefix used for all resources"
default = "week-2-opdracht-2"
}
# Pull the SSH public key from Azure Key Vault
data "azurerm_ssh_public_key" "azure" {
name = "azure"
resource_group_name = var.azure_resourcegroup
}