create full-func vm

Signed-off-by: karim mdmirajul <karim.mdmirajul@unikie.com>
tiiuae · Nov 6, 2023 · c83f2a3 · c83f2a3
1 parent d1e7be6
commit c83f2a3
Show file tree

Hide file tree

Showing 4 changed files with 110 additions and 31 deletions.
diff --git a/terraform/azure-ghaf-infra.tf b/terraform/azure-ghaf-infra.tf
@@ -1,36 +1,57 @@
 # SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII)
 #
 # SPDX-License-Identifier: Apache-2.0
-
 # Resource group
-resource "azurerm_resource_group" "rg" {
-  name     = "ghaf-infra-terraform-dev"
+resource "azurerm_resource_group" "ghaf_infra_tf_dev" {
+  name     = "ghaf-infra-tf-dev"
   location = var.resource_group_location
 }
-# Create  VN
-resource "azurerm_virtual_network" "ghaf-infra-vnet" {
-  name                = "ghaf-infra-terraform-dev-vnet"
-  address_space       = ["10.3.0.0/24"]
-  location            = azurerm_resource_group.rg.location
-  resource_group_name = azurerm_resource_group.rg.name
-}
-
-
-# Create public IPs
-resource "azurerm_public_ip" "ghafhydra_terraform_public_ip" {
-  name                = "ghaf-infra-terraform-dev-ip"
-  location            = azurerm_resource_group.rg.location
-  resource_group_name = azurerm_resource_group.rg.name
+# Create VN
+resource "azurerm_virtual_network" "ghaf_infra_tf_vnet" {
+  name                = "ghaf-infra-tf-vnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = var.resource_group_location
+  resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name
+}
+# Create Subnet
+resource "azurerm_subnet" "ghaf_infra_tf_subnet" {
+  name                 = "ghaf-infra-tf-subnet"
+  resource_group_name  = azurerm_resource_group.ghaf_infra_tf_dev.name
+  virtual_network_name = azurerm_virtual_network.ghaf_infra_tf_vnet.name
+  address_prefixes     = ["10.0.2.0/24"]
+}
+# Network interface
+resource "azurerm_network_interface" "ghaf_infra_tf_network_interface" {
+  name                = "ghaf-infratf286-z1"
+  location            = var.resource_group_location
+  resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name
+  ip_configuration {
+    name                          = "my_nic_configuration"
+    subnet_id                     = azurerm_subnet.ghaf_infra_tf_subnet.id
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = azurerm_public_ip.ghaf_infra_tf_public_ip.id
+  }
+}
+# Create Availability Set
+resource "azurerm_availability_set" "ghaf_infra_tf_availability_set" {
+  name                         = "ghaf-infra-tf-availability-set"
+  location                     = var.resource_group_location
+  resource_group_name          = azurerm_resource_group.ghaf_infra_tf_dev.name
+  platform_fault_domain_count  = 2
+  platform_update_domain_count = 2
+}
+# Create Public IPs
+resource "azurerm_public_ip" "ghaf_infra_tf_public_ip" {
+  name                = "ghaf-infra-tf-public-ip"
+  location            = var.resource_group_location
+  resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name
   allocation_method   = "Dynamic"
 }
-
-
-# Create Network SG and rule
-resource "azurerm_network_security_group" "ghafhydra_terraform_nsg" {
-  name                = "ghaf-infra-terraform-dev-nsg"
-  location            = azurerm_resource_group.rg.location
-  resource_group_name = azurerm_resource_group.rg.name
-
+# Create Network Security Group and rule
+resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" {
+  name                = "ghaf-infra-tf-nsg"
+  location            = var.resource_group_location
+  resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name
   security_rule {
     name                       = "SSH"
     priority                   = 300
@@ -43,4 +64,62 @@ resource "azurerm_network_security_group" "ghafhydra_terraform_nsg" {
     destination_address_prefix = "*"
   }
 }
-
+# Create Storage Account
+resource "azurerm_storage_account" "ghafinfra_tf_storage_account" {
+  name                     = "ghafinfrastorage"
+  location                 = var.resource_group_location
+  resource_group_name      = azurerm_resource_group.ghaf_infra_tf_dev.name
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
+# Create Linux Virtual Machine
+resource "azurerm_linux_virtual_machine" "ghafinfra_tf" {
+  name                = "ghafinfratf"
+  location            = var.resource_group_location
+  resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name
+  availability_set_id = azurerm_availability_set.ghaf_infra_tf_availability_set.id
+  network_interface_ids = [
+    azurerm_network_interface.ghaf_infra_tf_network_interface.id
+  ]
+  size = "Standard_B8ms"
+  os_disk {
+    name                 = "ghafinfratfdisk1"
+    caching              = "ReadWrite"
+    storage_account_type = "Premium_LRS"
+    disk_size_gb         = 512
+  }
+  source_image_reference {
+    publisher = "canonical"
+    offer     = "0001-com-ubuntu-server-jammy"
+    sku       = "22_04-lts-gen2"
+    version   = "latest"
+  }
+  admin_username                  = "karim"
+  disable_password_authentication = true
+  admin_ssh_key {
+    username   = "karim"
+    public_key = file("~/.ssh/id_rsa_nixos.pub")
+  }
+}
+# Create Custom Script Extension
+resource "azurerm_virtual_machine_extension" "customScript" {
+  name                 = "customScript"
+  virtual_machine_id   = azurerm_linux_virtual_machine.ghafinfra_tf.id
+  publisher            = "Microsoft.Azure.Extensions"
+  type                 = "CustomScript"
+  type_handler_version = "2.1"
+  settings = jsonencode({
+    commandToExecute = <<-SCRIPT
+      #!/bin/bash
+      sudo apt-get update
+      sudo apt-get install -y apache2
+      mkdir -p /home/karim/.ssh
+      echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDe5L8iOqhNPsYz5eh9Bz/URYguG60JjMGmKG0wwLIb6Gf2M8Txzk24ESGbMR/F5RYsV1yWYOocL47ngDWQIbO6MGJ7ftUr7slWoUA/FSVwh/jsG681mRqIuJXjKM/YQhBkI9k6+eVxRfLDTs5XZfbwdm7T4aP8ZI2609VY0guXfa/F7DSE1BxN7IJMn0CWLQJanBpoYUxqyQXCUXgljMokdPjTrqAxlBluMsVTP+ZKDnjnpHcVE/hCKk5BxaU6K97OdeIOOEWXAd6uEHssomjtU7+7dhiZzjhzRPKDiSJDF9qtIw50kTHz6ZTdH8SAZmu0hsS6q8OmmDTAnt24dFJV karim@nixos' >> /home/karim/.ssh/authorized_keys
+      chown -R karim:karim /home/karim/.ssh
+      chmod 700 /home/karim/.ssh
+      chmod 600 /home/karim/.ssh/authorized_keys
+      sed -i 's/\s*PasswordAuthentication\s\+yes/PasswordAuthentication no/' /etc/ssh/sshd_config
+      systemctl restart sshd
+    SCRIPT
+  })
+}
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -3,9 +3,9 @@
 # SPDX-License-Identifier: Apache-2.0
 
 output "resource_group_name" {
-  value = azurerm_resource_group.rg.name
+  value = azurerm_resource_group.ghaf_infra_tf_dev.name
 }
 
 output "resource_group_location" {
-  value = azurerm_resource_group.rg.location
+  value = var.resource_group_location
 }
diff --git a/terraform/providers.tf b/terraform/providers.tf
@@ -9,10 +9,10 @@ provider "azurerm" {
 terraform {
   required_providers {
     azurerm = {
-      source  = "hashicorp/azurerm"
+      source = "hashicorp/azurerm"
     }
     sops = {
-      source  = "carlpett/sops"
+      source = "carlpett/sops"
     }
   }
 }

diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -11,7 +11,7 @@ variable "resource_group_location" {
 
 variable "resourcegroup" {
   description = "The Azure Resource Group Name within your Subscription in which this resource will be created."
-   default     = "ghaf-infra-swe"
+  default     = "ghaf-infra-swe"
 }
 
 variable "resource_group_name_prefix" {