This repository has been archived by the owner on Jan 20, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
/
020-vm-mssql-win.tf
112 lines (100 loc) · 4.45 KB
/
020-vm-mssql-win.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# Database server virtual machine
resource "azurerm_windows_virtual_machine" "vm_mssql_win" {
name = var.vm_mssql_win_name
resource_group_name = var.resource_group_name
location = var.location
size = var.vm_mssql_win_size
admin_username = data.azurerm_key_vault_secret.adminuser.value
admin_password = data.azurerm_key_vault_secret.adminpassword.value
network_interface_ids = [azurerm_network_interface.vm_mssql_win_nic_01.id]
enable_automatic_updates = true
patch_mode = "AutomaticByOS"
tags = var.tags
os_disk {
caching = "ReadWrite"
storage_account_type = var.vm_mssql_win_storage_account_type
}
source_image_reference {
publisher = var.vm_mssql_win_image_publisher
offer = var.vm_mssql_win_image_offer
sku = var.vm_mssql_win_image_sku
version = var.vm_mssql_win_image_version
}
# Apply configuration using Azure Automation DSC
# Note: To view provisioner output, use the Terraform nonsensitive() function when referencing key vault secrets or variables marked 'sensitive'
provisioner "local-exec" {
command = <<EOT
$params = @{
TenantId = "${var.aad_tenant_id}"
SubscriptionId = "${var.subscription_id}"
ResourceGroupName = "${var.resource_group_name}"
Location = "${var.location}"
AutomationAccountName = "${var.automation_account_name}"
VirtualMachineName = "${var.vm_mssql_win_name}"
AppId = "${var.arm_client_id}"
AppSecret = "${nonsensitive(var.arm_client_secret)}"
DscConfigurationName = "MssqlVmConfig"
}
${path.root}/aadsc-register-node.ps1 @params
EOT
interpreter = ["pwsh", "-Command"]
}
}
# Nics
resource "azurerm_network_interface" "vm_mssql_win_nic_01" {
name = "nic-${var.vm_mssql_win_name}-1"
location = var.location
resource_group_name = var.resource_group_name
tags = var.tags
ip_configuration {
name = "ipc-${var.vm_mssql_win_name}-1"
subnet_id = var.vnet_app_01_subnets["snet-db-01"].id
private_ip_address_allocation = "Dynamic"
}
}
# Data disks
resource "azurerm_managed_disk" "vm_mssql_win_data_disks" {
for_each = var.vm_mssql_win_data_disk_config
name = "disk-${var.vm_mssql_win_name}-${each.value.name}"
location = var.location
resource_group_name = var.resource_group_name
storage_account_type = var.vm_mssql_win_storage_account_type
create_option = "Empty"
disk_size_gb = each.value.disk_size_gb
tags = var.tags
}
resource "azurerm_virtual_machine_data_disk_attachment" "vm_mssql_win_data_disk_attachments" {
for_each = var.vm_mssql_win_data_disk_config
managed_disk_id = azurerm_managed_disk.vm_mssql_win_data_disks[each.key].id
virtual_machine_id = azurerm_windows_virtual_machine.vm_mssql_win.id
lun = each.value.lun
caching = each.value.caching
}
# Virtual machine extensions
resource "azurerm_virtual_machine_extension" "vm_mssql_win_postdeploy_script" {
name = "vmext-${azurerm_windows_virtual_machine.vm_mssql_win.name}-postdeploy-script"
virtual_machine_id = azurerm_windows_virtual_machine.vm_mssql_win.id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.10"
auto_upgrade_minor_version = true
depends_on = [
azurerm_virtual_machine_data_disk_attachment.vm_mssql_win_data_disk_attachments
]
settings = <<SETTINGS
{
"fileUris": [
"${var.vm_mssql_win_post_deploy_script_uri}",
"${var.vm_mssql_win_sql_startup_script_uri}"
],
"commandToExecute":
"powershell.exe -ExecutionPolicy Unrestricted -File \"./${var.vm_mssql_win_post_deploy_script}\" -Domain \"${var.adds_domain_name}\" -Username \"${data.azurerm_key_vault_secret.adminuser.value}\" -UsernameSecret \"${data.azurerm_key_vault_secret.adminpassword.value}\""
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"storageAccountName": "${var.storage_account_name}",
"storageAccountKey": "${data.azurerm_key_vault_secret.storage_account_key.value}"
}
PROTECTED_SETTINGS
}