tseed
/
redhat_cloudforms_appliance_ha_terraform
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit

main
tseed 2022-10-26 19:01:22 +01:00
commit 2fa134ad20
21 changed files with 1171 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md Normal file
View File

@ -0,0 +1,4 @@
# What is this?
Terraform to build Redhat Cloudforms HA set of nodes in Azure.
Redhat Cloudforms dropped Azure, this was never refined/used.

176
multiple_instance_asg_cfme_modules_v2/01_azure_network/main.tf Executable file
View File

@ -0,0 +1,176 @@
# using local user auth via "azlogin --use-device-code" and suitable rights
provider "azurerm" {
version = "=1.34.0"
skip_provider_registration = true // https://www.terraform.io/docs/providers/azurerm/index.html#skip_provider_registration UON account rights restricted
}
##### create local variables
locals {
resource_prefix = "${var.environment}"
}
##### availability set for virtual machines (ensure vm antifinity rules to hypervisors)
# resource "azurerm_availability_set" "cfme" {
# name = "${local.resource_prefix}-cfme"
# location = "${var.location}"
# resource_group_name = "${var.resource_group}"
# managed = true // must use as vm with custom disk image used i.e manged disk
# }
# resource "azurerm_availability_set" "cfdb" {
# name = "${local.resource_prefix}-cfdb"
# location = "${var.location}"
# resource_group_name = "${var.resource_group}"
# managed = true
# }
##### application security groups
# network security groups have network security rules attached to them
# network security rules can reference application security groups as sources and destinations
# vms are attached to application security groups
# if application security groups are not used, network security rules must use the ip addresses of vms
resource "azurerm_application_security_group" "common" {
name = "${local.resource_prefix}-common"
location = "${var.location}"
resource_group_name = "${var.resource_group}"
}
resource "azurerm_application_security_group" "cfme" {
name = "${local.resource_prefix}-cfme"
location = "${var.location}"
resource_group_name = "${var.resource_group}"
}
##### network security groups
resource "azurerm_network_security_group" "common" {
name = "${local.resource_prefix}-common"
location = "${var.location}"
resource_group_name = "${var.resource_group}"
}
resource "azurerm_network_security_group" "cfme" {
name = "${local.resource_prefix}-cfme"
location = "${var.location}"
resource_group_name = "${var.resource_group}"
}
##### network security group rules
#comment block to stop any inbound ssh
resource "azurerm_network_security_rule" "common_any_ssh_inbound" {
name = "${local.resource_prefix}-common-ssh-inbound"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = 22
source_address_prefix = "*"
destination_application_security_group_ids = ["${azurerm_application_security_group.common.id}"]
resource_group_name = "${var.resource_group}"
network_security_group_name = "${azurerm_network_security_group.common.name}"
}
resource "azurerm_network_security_rule" "common_any_outbound" {
name = "${local.resource_prefix}-common-any-outbound"
priority = 101
direction = "Outbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_application_security_group_ids = ["${azurerm_application_security_group.common.id}"]
destination_address_prefix = "*"
resource_group_name = "${var.resource_group}"
network_security_group_name = "${azurerm_network_security_group.common.name}"
}
# all vms can any outbound, allow all members of common asg inbound, in effect no firewall between all cf machines
resource "azurerm_network_security_rule" "common_members_inbound" {
name = "${local.resource_prefix}-common-members_inbound"
priority = 102
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_application_security_group_ids = ["${azurerm_application_security_group.common.id}"]
destination_application_security_group_ids = ["${azurerm_application_security_group.common.id}"]
resource_group_name = "${var.resource_group}"
network_security_group_name = "${azurerm_network_security_group.common.name}"
}
resource "azurerm_network_security_rule" "cfme_web_inbound" {
name = "${local.resource_prefix}-cfme-web-inbound"
priority = 103 // anything after this can be 103, our lowest priority
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_ranges = [80,443]
source_address_prefix = "*"
destination_application_security_group_ids = ["${azurerm_application_security_group.cfme.id}"]
resource_group_name = "${var.resource_group}"
network_security_group_name = "${azurerm_network_security_group.cfme.name}"
}
# admin group for ocf
resource "azurerm_network_security_rule" "common_admin_inbound" {
name = "${local.resource_prefix}-common-ssh-inbound"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_ranges = [22,80,443,5432]
source_address_prefixes = ["217.155.207.31/32","213.121.193.240/28"]
destination_application_security_group_ids = ["${azurerm_application_security_group.common.id}"]
resource_group_name = "${var.resource_group}"
network_security_group_name = "${azurerm_network_security_group.common.name}"
}
##### outputs
# output "availability_set_cfme_id" {
# value = "${azurerm_availability_set.cfme.id}"
# }
# output "availability_set_cfdb_id" {
# value = "${azurerm_availability_set.cfdb.id}"
# }
output "asg_common_id" {
value = "${azurerm_application_security_group.common.id}"
}
output "asg_cfme_id" {
value = "${azurerm_application_security_group.cfme.id}"
}
data "azurerm_subnet" "subnet_output" {
name = "${var.subnet}"
virtual_network_name = "${var.vnet}"
resource_group_name = "${var.resource_group}"
}
output "subnet_id" {
value = "${data.azurerm_subnet.subnet_output.id}"
}
output "location" {
value = "${var.location}"
}
output "resource_group" {
value = "${var.resource_group}"
}
output "environment" {
value = "${var.environment}"
}

24
multiple_instance_asg_cfme_modules_v2/01_azure_network/variables.tf Executable file
View File

@ -0,0 +1,24 @@
variable "environment" {
default = "dev"
}
#az resource list -o table
variable "location" {
default = "uksouth"
}
#az resource list -o table
variable "resource_group" {
default = "UI-SPP-DEV-001"
}
#az network vnet list -o table
variable "vnet" {
default = "UI-SPP-DEV-001-vnet"
}
#az network vnet show -g nottsdemo2 -n nottsdemo2-vnet -o table
#az network vnet subnet list -g nottsdemo2 --vnet-name nottsdemo2-vnet -o table
variable "subnet" {
default = "default" #the default subnet is named default, thus we set the default value of the variable to have value default - confusing
}

158
multiple_instance_asg_cfme_modules_v2/02_azure_region/main.tf Executable file
View File

@ -0,0 +1,158 @@
# using local user auth via "azlogin --use-device-code" and suitable rights
provider "azurerm" {
version = "=1.34.0"
skip_provider_registration = true // https://www.terraform.io/docs/providers/azurerm/index.html#skip_provider_registration UON account rights restricted
}
##### set data object from remote state used to build network
data "terraform_remote_state" "network" {
backend = "local"
config = {
path = "../01_azure_network/terraform.tfstate"
}
}
##### create local variables - using to set a meaningful prefix for vms and to load variables from remote state file used to build network
locals {
# availability_set_cfme_id = "${data.terraform_remote_state.network.outputs.availability_set_cfme_id}"
# availability_set_cfdb_id = "${data.terraform_remote_state.network.outputs.availability_set_cfdb_id}"
asg_common_id = "${data.terraform_remote_state.network.outputs.asg_common_id}"
asg_cfme_id = "${data.terraform_remote_state.network.outputs.asg_cfme_id}"
subnet_id = "${data.terraform_remote_state.network.outputs.subnet_id}"
location = "${data.terraform_remote_state.network.outputs.location}"
resource_group = "${data.terraform_remote_state.network.outputs.resource_group}"
environment = "${data.terraform_remote_state.network.outputs.environment}"
resource_prefix = "${local.environment}-${var.cf_region}-${var.cf_zone}"
}
# require image id as we are using our own vhd derived image
data "azurerm_image" "search_os_image" {
name = "${var.os_image}"
resource_group_name = "${local.resource_group}"
}
##### virtual machines, nics and public ips
module "vm_cfme" {
source = "../modules/azure_instance"
resourcecount = "${var.cfme_instance_count}"
prefix = "${local.resource_prefix}-cfme"
location = "${local.location}"
resourcegroup = "${local.resource_group}"
vmsize = "${var.azvm_size}"
imageid = "${data.azurerm_image.search_os_image.id}"
username = "${var.admin_username}"
password = "${var.admin_password}"
sshpubkey = "${var.admin_ssh_pub_key_file}"
subnetid = "${local.subnet_id}"
#applicationsecuritygroupids = ["${azurerm_application_security_group.common.id}","${azurerm_application_security_group.cfme.id}"]
applicationsecuritygroupids = ["${local.asg_common_id}","${local.asg_cfme_id}"]
#availabilitysetid = "${azurerm_availability_set.cfme.id}"
# availabilitysetid = "${local.availability_set_cfme_id}"
}
module "vm_cfdb_active" {
source = "../modules/azure_instance_data_disk"
resourcecount = "${var.cfdb_instance_count}"
prefix = "${local.resource_prefix}-cfdb-active"
location = "${local.location}"
resourcegroup = "${local.resource_group}"
vmsize = "${var.azvm_size}"
imageid = "${data.azurerm_image.search_os_image.id}"
datadisksizegb = 64
username = "${var.admin_username}"
password = "${var.admin_password}"
sshpubkey = "${var.admin_ssh_pub_key_file}"
subnetid = "${local.subnet_id}"
#applicationsecuritygroupids = ["${azurerm_application_security_group.common.id}"]
applicationsecuritygroupids = ["${local.asg_common_id}"]
#availabilitysetid = "${azurerm_availability_set.cfdb.id}"
# availabilitysetid = "${local.availability_set_cfdb_id}"
}
module "vm_cfdb_passive" {
source = "../modules/azure_instance_data_disk"
resourcecount = "${var.cfdb_instance_count}"
prefix = "${local.resource_prefix}-cfdb-passive"
location = "${local.location}"
resourcegroup = "${local.resource_group}"
vmsize = "${var.azvm_size}"
imageid = "${data.azurerm_image.search_os_image.id}"
datadisksizegb = 64
username = "${var.admin_username}"
password = "${var.admin_password}"
sshpubkey = "${var.admin_ssh_pub_key_file}"
subnetid = "${local.subnet_id}"
#applicationsecuritygroupids = ["${azurerm_application_security_group.common.id}"]
applicationsecuritygroupids = ["${local.asg_common_id}"]
#availabilitysetid = "${azurerm_availability_set.cfdb.id}"
# availabilitysetid = "${local.availability_set_cfdb_id}"
}
##### outputs after terraform run
# output "subnet_id" {
# value = "${local.subnet_id}"
# }
# output "os_image_id" {
# value = "${data.azurerm_image.search_os_image.id}"
# }
# output "os_image_size" {
# value = "${data.azurerm_image.search_os_image.os_disk}"
# }
output "cfme_machine_name_list" {
value = "${module.vm_cfme.vmname.*}"
}
output "cfme_private_ip_list" {
value = "${module.vm_cfme.pvtip.*}"
}
output "cfme_public_ip_list" {
value = "${module.vm_cfme.pubip.*}"
}
output "cfdb_active_machine_name_list" {
value = "${module.vm_cfdb_active.vmname.*}"
}
output "cfdb_active_private_ip_list" {
value = "${module.vm_cfdb_active.pvtip.*}"
}
output "cfdb_active_public_ip_list" {
value = "${module.vm_cfdb_active.pubip.*}"
}
output "cfdb_passive_machine_name_list" {
value = "${module.vm_cfdb_passive.vmname.*}"
}
output "cfdb_passive_private_ip_list" {
value = "${module.vm_cfdb_passive.pvtip.*}"
}
output "cfdb_passive_public_ip_list" {
value = "${module.vm_cfdb_passive.pubip.*}"
}
##### render template to create ansible inventory
data "template_file" "cf_inventory" {
template = "${file("../templates/cf_inventory.tpl")}"
vars = {
cfme = "${join("\n", module.vm_cfme.pubip.*)}"
cfdb_active = "${join("\n", module.vm_cfdb_active.pubip.*)}"
cfdb_passive = "${join("\n", module.vm_cfdb_passive.pubip.*)}"
}
}
resource "local_file" "cf_inventory" {
content = "${data.template_file.cf_inventory.rendered}"
filename = "../ansible_inventory/inventory-${local.resource_prefix}.ini"
}

46
multiple_instance_asg_cfme_modules_v2/02_azure_region/variables.tf Executable file
View File

@ -0,0 +1,46 @@
variable "cfme_instance_count" { // active-active cfmes - more can be added for other worker roles
default = 2
}
variable "cfdb_instance_count" { // there are two cfdb's we use this count twice, one for active, one for passive - dont change
default = 1
}
variable "cf_region" {
default = "rAZ"
}
variable "cf_zone"{
default = "zAZ"
}
#az vm list-skus -l westeurope --size Standard_D -o table
variable "azvm_size" {
#default = "Standard_B1ms"
default = "Standard_D4_v3"
}
# az storage blob list -c "disk" -o table
variable "os_image" {
#default = "centos7ocf"
default = "cfme-azure-5.10.11.0-1.x86_64"
}
# set admin user/password/key
variable "admin_username" {
default = "ocfadmin"
}
variable "admin_password" {
default = "UnHh9PEQnC7gDqvKaYZK"
}
# string for multiple pub keys "<key>\n<key>"
variable "admin_ssh_pub_key" {
type = "string"
default = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAm+l9n70tSvow56eOLhDZT8VLCmU9MCjUa7d2v0fH2ix/mdWy+RUo9c24U9WJmBlxpAmMDpSxlFcOpBwk1y+tWC/24YJ+m0/6YGWTzbl84GCjdBfrWcTuV5MFYvkYfq8lx3VESyZrYVmoC9Shwtj825YjfVpWqWvFw2kJznyOHWSGv60j6AJyzoT8rWCt4tSusEVzwup7UWF8TDIB6GXO3hqBZcCo3mfyuWkAswkEbX8SKIXqlNUZWMsxdS5ZpodigG6pj9fIsob8P+PxXF7YQiPo4W1uDHGoh0033oLb2fQULs4VjwqNVUE4dKkruFdNupBNCY3BJWHMT/mDOnUiww=="
}
variable "admin_ssh_pub_key_file" {
default = "~/keys/toby@TOBY-L19.openssh.pub"
}

181
multiple_instance_asg_cfme_modules_v2/03_master_region/main.tf Executable file
View File

@ -0,0 +1,181 @@
# using local user auth via "azlogin --use-device-code" and suitable rights
provider "azurerm" {
version = "=1.34.0"
skip_provider_registration = true // https://www.terraform.io/docs/providers/azurerm/index.html#skip_provider_registration UON account rights restricted
}
##### set data object from remote state used to build network
data "terraform_remote_state" "network" {
backend = "local"
config = {
path = "../01_azure_network/terraform.tfstate"
}
}
##### create local variables - using to set a meaningful prefix for vms and to load variables from remote state file used to build network
locals {
# availability_set_cfme_id = "${data.terraform_remote_state.network.outputs.availability_set_cfme_id}"
# availability_set_cfdb_id = "${data.terraform_remote_state.network.outputs.availability_set_cfdb_id}"
asg_common_id = "${data.terraform_remote_state.network.outputs.asg_common_id}"
asg_cfme_id = "${data.terraform_remote_state.network.outputs.asg_cfme_id}"
subnet_id = "${data.terraform_remote_state.network.outputs.subnet_id}"
location = "${data.terraform_remote_state.network.outputs.location}"
resource_group = "${data.terraform_remote_state.network.outputs.resource_group}"
environment = "${data.terraform_remote_state.network.outputs.environment}"
resource_prefix = "${local.environment}-${var.cf_region}-${var.cf_zone}"
}
# require image id as we are using our own vhd derived image
data "azurerm_image" "search_os_image" {
name = "${var.os_image}"
resource_group_name = "${local.resource_group}"
}
##### loadbalancer -- all needs cfme in name
module "lb_cfme" {
source = "../modules/azure_lb"
prefix = "${local.resource_prefix}-cfme"
location = "${local.location}"
resourcegroup = "${local.resource_group}"
subnetid = "${local.subnet_id}"
lbport = {
http = ["80", "Tcp", "80"]
https = ["443", "Tcp", "443"]
ssh = ["22", "Tcp", "22"] // to test lb before web services built
}
}
##### virtual machines, nics and public ips
module "vm_cfme" {
source = "../modules/azure_instance"
resourcecount = "${var.cfme_instance_count}"
prefix = "${local.resource_prefix}-cfme"
location = "${local.location}"
resourcegroup = "${local.resource_group}"
vmsize = "${var.azvm_size}"
imageid = "${data.azurerm_image.search_os_image.id}"
username = "${var.admin_username}"
password = "${var.admin_password}"
sshpubkey = "${var.admin_ssh_pub_key_file}"
subnetid = "${local.subnet_id}"
applicationsecuritygroupids = ["${local.asg_common_id}","${local.asg_cfme_id}"]
# availabilitysetid = "${local.availability_set_cfme_id}"
loadbalancerbackendaddresspoolsids = ["${module.lb_cfme.loadbalancerbackendaddresspoolsid}"]
}
module "vm_cfdb_active" {
source = "../modules/azure_instance_data_disk"
resourcecount = "${var.cfdb_instance_count}"
prefix = "${local.resource_prefix}-cfdb-active"
location = "${local.location}"
resourcegroup = "${local.resource_group}"
vmsize = "${var.azvm_size}"
imageid = "${data.azurerm_image.search_os_image.id}"
datadisksizegb = 64
username = "${var.admin_username}"
password = "${var.admin_password}"
sshpubkey = "${var.admin_ssh_pub_key_file}"
subnetid = "${local.subnet_id}"
applicationsecuritygroupids = ["${local.asg_common_id}"]
# availabilitysetid = "${local.availability_set_cfdb_id}"
}
module "vm_cfdb_passive" {
source = "../modules/azure_instance_data_disk"
resourcecount = "${var.cfdb_instance_count}"
prefix = "${local.resource_prefix}-cfdb-passive"
location = "${local.location}"
resourcegroup = "${local.resource_group}"
vmsize = "${var.azvm_size}"
imageid = "${data.azurerm_image.search_os_image.id}"
datadisksizegb = 64
username = "${var.admin_username}"
password = "${var.admin_password}"
sshpubkey = "${var.admin_ssh_pub_key_file}"
subnetid = "${local.subnet_id}"
#applicationsecuritygroupids = ["${azurerm_application_security_group.common.id}"]
applicationsecuritygroupids = ["${local.asg_common_id}"]
#availabilitysetid = "${azurerm_availability_set.cfdb.id}"
#availabilitysetid = "${local.availability_set_cfdb_id}"
}
##### outputs after terraform run
# output "subnet_id" {
# value = "${local.subnet_id}"
# }
# output "os_image_id" {
# value = "${data.azurerm_image.search_os_image.id}"
# }
# output "os_image_size" {
# value = "${data.azurerm_image.search_os_image.os_disk}"
# }
output "cfme_machine_name_list" {
value = "${module.vm_cfme.vmname.*}"
}
output "cfme_private_ip_list" {
value = "${module.vm_cfme.pvtip.*}"
}
output "cfme_public_ip_list" {
value = "${module.vm_cfme.pubip.*}"
}
output "cfdb_active_machine_name_list" {
value = "${module.vm_cfdb_active.vmname.*}"
}
output "cfdb_active_private_ip_list" {
value = "${module.vm_cfdb_active.pvtip.*}"
}
output "cfdb_active_public_ip_list" {
value = "${module.vm_cfdb_active.pubip.*}"
}
output "cfdb_passive_machine_name_list" {
value = "${module.vm_cfdb_passive.vmname.*}"
}
output "cfdb_passive_private_ip_list" {
value = "${module.vm_cfdb_passive.pvtip.*}"
}
output "cfdb_passive_public_ip_list" {
value = "${module.vm_cfdb_passive.pubip.*}"
}
output "cfme_lb_public_ip" {
value = "${module.lb_cfme.pubip}"
}
##### render template to create ansible inventory
data "template_file" "cf_inventory" {
template = "${file("../templates/cf_inventory.tpl")}"
vars = {
cfme = "${join("\n", module.vm_cfme.pubip.*)}"
cfdb_active = "${join("\n", module.vm_cfdb_active.pubip.*)}"
cfdb_passive = "${join("\n", module.vm_cfdb_passive.pubip.*)}"
}
}
resource "local_file" "cf_inventory" {
content = "${data.template_file.cf_inventory.rendered}"
filename = "../ansible_inventory/inventory-${local.resource_prefix}.ini"
}
# TODO
# put in application-gateway/lbl - leave until we have dns zone + fqdn and certificate
# https://github.com/hashicorp/terraform/issues/18664
# https://www.terraform.io/docs/providers/azurerm/r/application_gateway.html

46
multiple_instance_asg_cfme_modules_v2/03_master_region/variables.tf Executable file
View File

@ -0,0 +1,46 @@
variable "cfme_instance_count" { // active-active cfmes - more can be added for other worker roles
default = 2
}
variable "cfdb_instance_count" { // there are two cfdb's we use this count twice, one for active, one for passive - dont change
default = 1
}
variable "cf_region" {
default = "rMSTR"
}
variable "cf_zone"{
default = "zMSTR"
}
#az vm list-skus -l westeurope --size Standard_D -o table
variable "azvm_size" {
#default = "Standard_B1ms"
default = "Standard_D4_v3"
}
# az storage blob list -c "disk" -o table
variable "os_image" {
#default = "centos7ocf"
default = "cfme-azure-5.10.11.0-1.x86_64"
}
# set admin user/password/key
variable "admin_username" {
default = "ocfadmin"
}
variable "admin_password" {
default = "UnHh9PEQnC7gDqvKaYZK"
}
# string for multiple pub keys "<key>\n<key>"
variable "admin_ssh_pub_key" {
type = "string"
default = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAm+l9n70tSvow56eOLhDZT8VLCmU9MCjUa7d2v0fH2ix/mdWy+RUo9c24U9WJmBlxpAmMDpSxlFcOpBwk1y+tWC/24YJ+m0/6YGWTzbl84GCjdBfrWcTuV5MFYvkYfq8lx3VESyZrYVmoC9Shwtj825YjfVpWqWvFw2kJznyOHWSGv60j6AJyzoT8rWCt4tSusEVzwup7UWF8TDIB6GXO3hqBZcCo3mfyuWkAswkEbX8SKIXqlNUZWMsxdS5ZpodigG6pj9fIsob8P+PxXF7YQiPo4W1uDHGoh0033oLb2fQULs4VjwqNVUE4dKkruFdNupBNCY3BJWHMT/mDOnUiww=="
}
variable "admin_ssh_pub_key_file" {
default = "~/keys/toby@TOBY-L19.openssh.pub"
}

19
multiple_instance_asg_cfme_modules_v2/README.txt Executable file
View File

@ -0,0 +1,19 @@
This uses the cfme image which doesnt have cloud init, but does have azure agent, thus any custom configuration must be performed via the remote-exec inline function, or local-exec invoking ansible.
Populate the following variables for the target environment, check variables.tf for az cli commands to obtain the required values.
variable "location" {
default = "westeurope"
}
variable "resource_group" {
default = "nottsdemo2"
}
variable "vnet" {
default = "nottsdemo2-vnet"
}
variable "subnet" {
default = "default"
}

78
multiple_instance_asg_cfme_modules_v2/modules/azure_instance/azure_instance.tf Executable file
View File

@ -0,0 +1,78 @@
module "azure_nic" {
source = "../azure_nic"
resourcecount = "${var.resourcecount}"
prefix = "${var.prefix}"
location = "${var.location}"
resourcegroup = "${var.resourcegroup}"
subnetid = "${var.subnetid}"
applicationsecuritygroupids = "${var.applicationsecuritygroupids}"
loadbalancerbackendaddresspoolsids = "${var.loadbalancerbackendaddresspoolsids}"
}
resource "azurerm_virtual_machine" "vminstance" {
count = "${var.resourcecount}"
name = "${var.prefix}${count.index}"
location = "${var.location}"
resource_group_name = "${var.resourcegroup}"
network_interface_ids = ["${element(module.azure_nic.nicid.*, count.index)}"]
vm_size = "${var.vmsize}"
availability_set_id = "${var.availabilitysetid}"
delete_os_disk_on_termination = true
delete_data_disks_on_termination = true
storage_image_reference {
id = "${var.imageid}"
}
storage_os_disk {
name = "${var.prefix}${count.index}-os"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "${var.prefix}${count.index}"
admin_username = "${var.username}"
admin_password = "${var.password}" // not required if azure agent or cloud-init run, a full azure agent populated /etc/sudoers.d/waagent with the admin username
}
os_profile_linux_config {
disable_password_authentication = true // false to login, when true create a service account and ssh keypair
ssh_keys {
path = "/home/${var.username}/.ssh/authorized_keys"
key_data = "${file("${var.sshpubkey}")}"
// key_data = "${var.sshpubkey}" // if embedding keys in string
}
}
provisioner "remote-exec" {
connection {
type = "ssh"
host = "${element(module.azure_nic.pubip.*, count.index)}"
user = "${var.username}"
//password = "${var.password}"
private_key = "${file("~/.ssh/id_rsa")}"
}
// cfme appliance image runs azure agent but not cloud-init, use inline to work around.
inline = [
"hostname -s;hostname -i;whoami",
]
}
}
output "vmname" {
value = "${azurerm_virtual_machine.vminstance.*.name}"
}
output "pvtip" {
value = "${module.azure_nic.pvtip.*}" // chain (child) module outputs up to the calling tf
}
output "pubip" {
value = "${module.azure_nic.pubip.*}" // chain (child) module outputs up to the calling tf
}

16
multiple_instance_asg_cfme_modules_v2/modules/azure_instance/variables.tf Executable file
View File

@ -0,0 +1,16 @@
variable "resourcecount" {}
variable "prefix" {}
variable "location" {}
variable "resourcegroup" {}
variable "vmsize" {}
variable "imageid" {}
variable "username" {}
variable "password" {}
variable "sshpubkey" {}
variable "subnetid" {}
variable "applicationsecuritygroupids" { type = "list" }
variable "availabilitysetid" { default = "" }
variable "loadbalancerbackendaddresspoolsids" {
type = "list"
default = []
}

86
multiple_instance_asg_cfme_modules_v2/modules/azure_instance_data_disk/azure_instance.tf Executable file
View File

@ -0,0 +1,86 @@
module "azure_nic" {
source = "../azure_nic"
resourcecount = "${var.resourcecount}"
prefix = "${var.prefix}"
location = "${var.location}"
resourcegroup = "${var.resourcegroup}"
subnetid = "${var.subnetid}"
applicationsecuritygroupids = "${var.applicationsecuritygroupids}"
}
resource "azurerm_virtual_machine" "vminstance" {
count = "${var.resourcecount}"
name = "${var.prefix}${count.index}"
location = "${var.location}"
resource_group_name = "${var.resourcegroup}"
network_interface_ids = ["${element(module.azure_nic.nicid.*, count.index)}"]
vm_size = "${var.vmsize}"
availability_set_id = "${var.availabilitysetid}"
delete_os_disk_on_termination = true
delete_data_disks_on_termination = true
storage_image_reference {
id = "${var.imageid}"
}
storage_os_disk {
name = "${var.prefix}${count.index}-os"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
storage_data_disk {
name = "${var.prefix}${count.index}-data"
caching = "ReadWrite"
create_option = "Empty"
disk_size_gb = "${var.datadisksizegb}"
managed_disk_type = "Standard_LRS"
lun = 0
}
os_profile {
computer_name = "${var.prefix}${count.index}"
admin_username = "${var.username}"
admin_password = "${var.password}" // not required if azure agent or cloud-init run, a full azure agent populated /etc/sudoers.d/waagent with the admin username
}
os_profile_linux_config {
disable_password_authentication = true // false to login, when true create a service account and ssh keypair
ssh_keys {
path = "/home/${var.username}/.ssh/authorized_keys"
key_data = "${file("${var.sshpubkey}")}"
// key_data = "${var.sshpubkey}" // if embedding keys in string
}
}
provisioner "remote-exec" {
connection {
type = "ssh"
host = "${element(module.azure_nic.pubip.*, count.index)}"
user = "${var.username}"
//password = "${var.password}"
private_key = "${file("~/.ssh/id_rsa")}"
}
// cfme appliance image runs azure agent but not cloud-init, use inline to work around.
inline = [
"hostname -s;hostname -i;whoami",
]
}
}
output "vmname" {
value = "${azurerm_virtual_machine.vminstance.*.name}"
}
output "pvtip" {
value = "${module.azure_nic.pvtip.*}" // chain (child) module outputs up to the calling tf
}
output "pubip" {
value = "${module.azure_nic.pubip.*}" // chain (child) module outputs up to the calling tf
}

13
multiple_instance_asg_cfme_modules_v2/modules/azure_instance_data_disk/variables.tf Executable file
View File

@ -0,0 +1,13 @@
variable "resourcecount" {}
variable "prefix" {}
variable "location" {}
variable "resourcegroup" {}
variable "vmsize" {}
variable "imageid" {}
variable "datadisksizegb" {}
variable "username" {}
variable "password" {}
variable "sshpubkey" {}
variable "subnetid" {}
variable "applicationsecuritygroupids" { type = "list" }
variable "availabilitysetid" { default = "" }

61
multiple_instance_asg_cfme_modules_v2/modules/azure_lb/azure_lb.tf Executable file
View File

@ -0,0 +1,61 @@
resource "azurerm_public_ip" "lbpubip" {
name = "${var.prefix}-lb"
location = "${var.location}"
resource_group_name = "${var.resourcegroup}"
allocation_method = "Static"
#domain_name_label = "${var.dns_name}" // add fqdn here
}
resource "azurerm_lb" "azlb" {
name = "${var.prefix}-lb"
resource_group_name = "${var.resourcegroup}"
location = "${var.location}"
frontend_ip_configuration {
name = "LoadBalancerFrontEnd"
public_ip_address_id = "${azurerm_public_ip.lbpubip.id}"
}
}
resource "azurerm_lb_backend_address_pool" "azlb" {
resource_group_name = "${var.resourcegroup}"
loadbalancer_id = "${azurerm_lb.azlb.id}"
name = "BackEndAddressPool"
}
resource "azurerm_lb_probe" "azlb" {
count = "${length(var.lbport)}"
resource_group_name = "${var.resourcegroup}"
loadbalancer_id = "${azurerm_lb.azlb.id}"
name = "${element(keys(var.lbport), count.index)}"
protocol = "${element(var.lbport["${element(keys(var.lbport), count.index)}"], 1)}"
port = "${element(var.lbport["${element(keys(var.lbport), count.index)}"], 2)}"
#interval_in_seconds = "${var.lb_probe_interval}"
#number_of_probes = "${var.lb_probe_unhealthy_threshold}"
interval_in_seconds = 5
number_of_probes = 2
}
resource "azurerm_lb_rule" "azlb" {
count = "${length(var.lbport)}"
resource_group_name = "${var.resourcegroup}"
loadbalancer_id = "${azurerm_lb.azlb.id}"
name = "${element(keys(var.lbport), count.index)}"
protocol = "${element(var.lbport["${element(keys(var.lbport), count.index)}"], 1)}"
frontend_port = "${element(var.lbport["${element(keys(var.lbport), count.index)}"], 0)}"
backend_port = "${element(var.lbport["${element(keys(var.lbport), count.index)}"], 2)}"
frontend_ip_configuration_name = "LoadBalancerFrontEnd"
enable_floating_ip = false
backend_address_pool_id = "${azurerm_lb_backend_address_pool.azlb.id}"
idle_timeout_in_minutes = 5
probe_id = "${element(azurerm_lb_probe.azlb.*.id,count.index)}"
depends_on = ["azurerm_lb_probe.azlb"]
}
output "pubip" {
value = "${azurerm_public_ip.lbpubip.*.ip_address}"
}
output "loadbalancerbackendaddresspoolsid" {
value = "${azurerm_lb_backend_address_pool.azlb.id}"
}

5
multiple_instance_asg_cfme_modules_v2/modules/azure_lb/variables.tf Executable file
View File

@ -0,0 +1,5 @@
variable "prefix" {}
variable "location" {}
variable "resourcegroup" {}
variable "subnetid" {}
variable "lbport" {}

40
multiple_instance_asg_cfme_modules_v2/modules/azure_nic/azure_nic.tf Executable file
View File

@ -0,0 +1,40 @@
module "azure_pubip" {
source = "../azure_pubip"
resourcecount = "${var.resourcecount}"
prefix = "${var.prefix}"
location = "${var.location}"
resourcegroup = "${var.resourcegroup}"
}
resource "azurerm_network_interface" "nic" {
count = "${var.resourcecount}"
name = "${var.prefix}${count.index}"
location = "${var.location}"
resource_group_name = "${var.resourcegroup}"
ip_configuration {
name = "${var.prefix}${count.index}"
subnet_id = "${var.subnetid}"
private_ip_address_allocation = "Dynamic"
public_ip_address_id = "${element(module.azure_pubip.pubipid.*, count.index)}"
application_security_group_ids = "${var.applicationsecuritygroupids}"
load_balancer_backend_address_pools_ids = "${var.loadbalancerbackendaddresspoolsids}"
#load_balancer_backend_address_pools_ids = ["${}"]
#loadbalancer = ${var.type == "public" ? 1 : 0}
}
}
output "nicid" {
value = "${azurerm_network_interface.nic.*.id}"
}
output "pvtip" {
value = "${azurerm_network_interface.nic.*.private_ip_address}"
}
output "pubip" {
value = "${module.azure_pubip.pubip.*}" // chain (child) module outputs up to the calling tf
}

10
multiple_instance_asg_cfme_modules_v2/modules/azure_nic/variables.tf Executable file
View File

@ -0,0 +1,10 @@
variable "resourcecount" {}
variable "prefix" {}
variable "location" {}
variable "resourcegroup" {}
variable "subnetid" {}
variable "applicationsecuritygroupids" { type = "list" }
variable "loadbalancerbackendaddresspoolsids" {
type = "list"
default = []
}

15
multiple_instance_asg_cfme_modules_v2/modules/azure_pubip/azure_pubip.tf Executable file
View File

@ -0,0 +1,15 @@
resource "azurerm_public_ip" "pubip" {
count = "${var.resourcecount}"
name = "${var.prefix}${count.index}"
location = "${var.location}"
resource_group_name = "${var.resourcegroup}"
allocation_method = "Static"
#domain_name_label = "${var.dns_name}" // add fqdn here
}
output "pubipid" {
value = "${azurerm_public_ip.pubip.*.id}"
}
output "pubip" {
value = "${azurerm_public_ip.pubip.*.ip_address}"
}

4
multiple_instance_asg_cfme_modules_v2/modules/azure_pubip/variables.tf Executable file
View File

@ -0,0 +1,4 @@
variable "resourcecount" {}
variable "prefix" {}
variable "location" {}
variable "resourcegroup" {}

6
multiple_instance_asg_cfme_modules_v2/templates/cf_inventory.tpl Executable file
View File

@ -0,0 +1,6 @@
[cfme]
${cfme}
[cfdb_active]
${cfdb_active}
[cfdb_passive]
${cfdb_passive}

133
single_instance/main.tf Executable file
View File

@ -0,0 +1,133 @@
# using service principle - need to create this "service account to use this"
# provider "azurerm" {
# environment = "public"
# subscription_id = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
# client_id = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
# client_secret = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
# tenant_id = "e790ea08-42f3-46fa-8819-aca5c465e424"
# }
# using local user auth
provider "azurerm" {
version = "=1.34.0"
skip_provider_registration = true // https://www.terraform.io/docs/providers/azurerm/index.html#skip_provider_registration UON account rights restricted
}
locals {
virtual_machine_pub_ip = "${var.customer}-cfme-pub-ip"
virtual_machine_name = "${var.customer}-cfme"
virtual_machine_nic = "${var.customer}-cfme-nic"
virtual_machine_disk = "${var.customer}-osdisk"
}
# find image id from image name as we are using our own vhd derived image
data "azurerm_image" "search_os_image" {
name = "${var.os_image}"
resource_group_name = "${var.resource_group}"
}
# output "os_image_id" {
# value = "${data.azurerm_image.search_os_image.id}"
# }
resource "azurerm_public_ip" "pubip" {
name = "${local.virtual_machine_pub_ip}"
location = "${var.location}"
resource_group_name = "${var.resource_group}"
allocation_method = "Static"
}
resource "azurerm_network_interface" "nic" {
name = "${var.customer}-nic"
location = "${var.location}"
resource_group_name = "${var.resource_group}"
ip_configuration {
name = "${var.customer}-configuration"
subnet_id = "${data.azurerm_subnet.subnet_output.id}"
private_ip_address_allocation = "Dynamic"
public_ip_address_id = "${azurerm_public_ip.pubip.id}"
}
}
resource "azurerm_virtual_machine" "cfme" {
name = "${local.virtual_machine_name}"
location = "${var.location}"
resource_group_name = "${var.resource_group}"
network_interface_ids = ["${azurerm_network_interface.nic.id}"]
#vm_size = "Standard_B1ms"
vm_size = "Standard_D4_v3"
delete_os_disk_on_termination = true
# storage_image_reference {
# publisher = "Canonical"
# offer = "UbuntuServer"
# sku = "16.04-LTS"
# version = "latest"
# }
storage_image_reference {
id = "${data.azurerm_image.search_os_image.id}"
}
storage_os_disk {
name = "${local.virtual_machine_disk}"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile { // use azure agent to setup admin user, this also adds sudoers rule by default
computer_name = "${local.virtual_machine_name}"
admin_username = "${var.admin_username}"
admin_password = "${var.admin_password}"
}
os_profile_linux_config { // use azure agent to install ssh key
disable_password_authentication = false
ssh_keys {
path = "/home/${var.admin_username}/.ssh/authorized_keys"
#key_data = "${file("~/keys/toby@TOBY-L19.openssh.pub")}"
#key_data = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAm+l9n70tSvow56eOLhDZT8VLCmU9MCjUa7d2v0fH2ix/mdWy+RUo9c24U9WJmBlxpAmMDpSxlFcOpBwk1y+tWC/24YJ+m0/6YGWTzbl84GCjdBfrWcTuV5MFYvkYfq8lx3VESyZrYVmoC9Shwtj825YjfVpWqWvFw2kJznyOHWSGv60j6AJyzoT8rWCt4tSusEVzwup7UWF8TDIB6GXO3hqBZcCo3mfyuWkAswkEbX8SKIXqlNUZWMsxdS5ZpodigG6pj9fIsob8P+PxXF7YQiPo4W1uDHGoh0033oLb2fQULs4VjwqNVUE4dKkruFdNupBNCY3BJWHMT/mDOnUiww=="
# either use a local file or use an inline key, maybe required with UON
key_data = "${file("${var.admin_ssh_pub_key_file}")}"
#key_data = "${var.admin_ssh_pub_key}"
}
}
# remote exec onto host using password
provisioner "remote-exec" {
connection {
type = "ssh"
host = "${azurerm_public_ip.pubip.ip_address}"
user = "${var.admin_username}"
password = "${var.admin_password}"
}
inline = [
"ls -la",
]
}
}
# lookup subnet id using the subnet name
data "azurerm_subnet" "subnet_output" {
name = "${var.subnet}"
virtual_network_name = "${var.vnet}"
resource_group_name = "${var.resource_group}"
}
output "subnet_id" {
value = "${data.azurerm_subnet.subnet_output.id}"
}
# get publlc ip
data "azurerm_public_ip" "output_pub_ip" {
name = "${azurerm_public_ip.pubip.name}"
resource_group_name = "${azurerm_virtual_machine.cfme.resource_group_name}"
}
output "public_ip_address" {
value = "${data.azurerm_public_ip.output_pub_ip.ip_address}"
}

50
single_instance/variables.tf Executable file
View File

@ -0,0 +1,50 @@
#az resource list -o table
variable "location" {
default = "uksouth"
}
#az resource list -o table
variable "resource_group" {
default = "UI-SPP-DEV-001"
}
#az network vnet list -o table
variable "vnet" {
default = "UI-SPP-DEV-001-vnet"
}
#az network vnet show -g nottsdemo2 -n nottsdemo2-vnet | jq .addressSpace.addressPrefixes
#az network vnet show -g nottsdemo2 -n nottsdemo2-vnet -o table
#az network vnet subnet list -g nottsdemo2 --vnet-name nottsdemo2-vnet -o table
variable "subnet" {
default = "default" #the default subnet is named default, thus we set the default value of the variable to have value default - confusing
}
# az storage blob list -c "disk" -o table
variable "os_image" {
#default = "centos7ocf"
default = "cfme-azure-5.10.11.0-1.x86_64"
}
# set admin user/password/key
variable "admin_username" {
default = "ocfadmin"
}
variable "admin_password" {
default = "Password1234!"
}
variable "admin_ssh_pub_key" {
type = "string"
default = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAm+l9n70tSvow56eOLhDZT8VLCmU9MCjUa7d2v0fH2ix/mdWy+RUo9c24U9WJmBlxpAmMDpSxlFcOpBwk1y+tWC/24YJ+m0/6YGWTzbl84GCjdBfrWcTuV5MFYvkYfq8lx3VESyZrYVmoC9Shwtj825YjfVpWqWvFw2kJznyOHWSGv60j6AJyzoT8rWCt4tSusEVzwup7UWF8TDIB6GXO3hqBZcCo3mfyuWkAswkEbX8SKIXqlNUZWMsxdS5ZpodigG6pj9fIsob8P+PxXF7YQiPo4W1uDHGoh0033oLb2fQULs4VjwqNVUE4dKkruFdNupBNCY3BJWHMT/mDOnUiww=="
}
variable "admin_ssh_pub_key_file" {
default = "~/keys/toby@TOBY-L19.openssh.pub"
}
# variables to differentiate resource names and environments
variable "customer" {
default = "UONtest"
}