Skip to main content

Terraform - Build Azure VM and provision with shell script

Terraform - Build Azure VM and provision with shell script

Below will be performed
1. Create linux virtual machine
2. Provision virtual machine with shell script using remote-exec

Below is terraform code - main.tf

main.tf


provider "azurerm" {
    # The "feature" block is required for AzureRM provider 2.x.
    # If you're using version 1.x, the "features" block is not allowed.
    version = "=2.0"
   
    features {}
    subscription_id = "xxxxxx"
    client_id       = "xxxxxxx"
    client_secret   = "xxxxxxxxxxxxx"
    tenant_id       = "xxxxxxxxxxxxxxxxx"
}

resource "azurerm_resource_group" "resgrp1" {
    name     = "ajdocker2"
    location = "eastus"

    tags = {
        environment = "Aj project1"
    }
}

resource "azurerm_virtual_network" "vnet1" {
    name                = "ajvnet1"
    address_space       = ["10.0.0.0/16"]
    location            = "eastus"
    resource_group_name = azurerm_resource_group.resgrp1.name

    tags = {
        environment = "Aj project1"
    }
}

resource "azurerm_subnet" "subnet1" {
    name                 = "ajsubnet1"
    resource_group_name  = azurerm_resource_group.resgrp1.name
    virtual_network_name = azurerm_virtual_network.vnet1.name
    address_prefix       = "10.0.2.0/24"
}

resource "azurerm_public_ip" "publicip1" {
    name                         = "ajpub1"
    location                     = "eastus"
    resource_group_name          = azurerm_resource_group.resgrp1.name
    allocation_method            = "Dynamic"

    tags = {
        environment = "Aj project1"
    }
}

resource "azurerm_network_security_group" "nsg1" {
    name                = "ajnsg1"
    location            = "eastus"
    resource_group_name = azurerm_resource_group.resgrp1.name
   
    security_rule {
        name                       = "SSH"
        priority                   = 1001
        direction                  = "Inbound"
        access                     = "Allow"
        protocol                   = "Tcp"
        source_port_range          = "*"
        destination_port_range     = "22"
        source_address_prefix      = "*"
        destination_address_prefix = "*"
    }
    security_rule {
        name                       = "HTTPD"
        priority                   = 1003
        direction                  = "Inbound"
        access                     = "Allow"
        protocol                   = "Tcp"
        source_port_range          = "*"
        destination_port_range     = "80"
        source_address_prefix      = "*"
        destination_address_prefix = "*"
    }

    tags = {
        environment = "Aj project1"
    }
}

resource "azurerm_network_interface" "nic1" {
    name                        = "ajnic1"
    location                    = "eastus"
    resource_group_name         = azurerm_resource_group.resgrp1.name

    ip_configuration {
        name                          = "ajNicConfiguration"
        subnet_id                     = "${azurerm_subnet.subnet1.id}"
        private_ip_address_allocation = "Dynamic"
        public_ip_address_id          = "${azurerm_public_ip.publicip1.id}"
    }

    tags = {
        environment = "Aj project1"
    }
}

resource "azurerm_network_interface_security_group_association" "nsg_assoc" {
    network_interface_id      = azurerm_network_interface.nic1.id
    network_security_group_id = azurerm_network_security_group.nsg1.id
}

resource "azurerm_linux_virtual_machine" "vm1" {
    name                  = "ajvm1"
    location              = "eastus"
    resource_group_name   = azurerm_resource_group.resgrp1.name
    network_interface_ids = [azurerm_network_interface.nic1.id]
    size                  = "Standard_DS1_v2"

    os_disk {
        name              = "myOsDisk"
        caching           = "ReadWrite"
        storage_account_type = "Premium_LRS"
    }

    source_image_reference {
        publisher = "openLogic"
        offer     = "CentOS"
        sku       = "7.3"
        version   = "latest"
    }

    computer_name  = "ajvm1"
    admin_username = "azureuser"
    disable_password_authentication = true
       
    admin_ssh_key {
        username       = "azureuser"
        public_key     = file("my_key.pub")
    }

  

    tags = {
        environment = "Aj project1"
    }
}

resource "null_resource" "ajprovision" {  
  provisioner "file" {
  source = "deploy.sh"
  destination = "/tmp/deploy1.sh"
  connection {
    type         = "ssh"
    user         = "azureuser"
    private_key  = "${file("my_key")}" # private key id_rsa file
    host = "${azurerm_linux_virtual_machine.vm1.public_ip_address}"
  }
}
    provisioner "remote-exec" {
    
     inline = [
      "chmod +x /tmp/deploy1.sh",
      "/tmp/deploy1.sh"
    ]
    connection {
    type         = "ssh"
    user         = "azureuser"
    private_key  = "${file("my_key")}" # private key id_rsa file
    host = "${azurerm_linux_virtual_machine.vm1.public_ip_address}"
  }
  }
}

terraform {  
 backend "azurerm" {    
 storage_account_name  = "tstate14248"    
 container_name        = "tstate"    
 key                   = "docker1v1.tfstate"  
 access_key = "xxxxxxxxxxx"
 }
}
Labels:

Comments

Post a Comment

Popular posts from this blog

Ansible script to stop iptables

 Ansible script to stop iptables and disable during boot Step 1. [root@cluster playbooks]# pwd /root/playbooks [root@cluster playbooks]# cat hosts [webservers] 169.254.41.221 169.254.41.222 Step2. [root@cluster playbooks]# cat iptables.yml --- - name: stop ipatbles and disable   hosts: webservers   tasks:   - name: stop iptables     service: name=iptables state=stopped   - name: disbale on iptable on boot     service: name=iptables enabled=no Step3: [root@cluster playbooks]# ansible-playbook iptables.yml PLAY [stop ipatbles and disable] *********************************************** TASK [setup] ******************************************************************* ok: [169.254.41.222] ok: [169.254.41.221] ok: [localhost] TASK [stop iptables] *********************************************************** changed: [localhost] ok: [169.254.41.221] ok: [169.254.41.222] TASK [disbale on iptable on boot] ********************************************** ok: [169.254.41.222] changed: [localhost
Post a Comment
Read more

Get information about remote hosts using Ansible

Get information about remote hosts using Ansible setup command Below command gives all the information of client hosts which includes memory, server architecture, IP adresses etc. [root@ansible mywork]# ansible all -i hosts -m setup If you need just memory information of remote node then for the above command need to add filter as shown below [root@ansible mywork]# ansible all -i hosts -m setup -a "filter=ansible_*_mb" node01 | SUCCESS => {     "ansible_facts": {         "ansible_memfree_mb": 873,         "ansible_memory_mb": {             "nocache": {                 "free": 919,                 "used": 77             },             "real": {                 "free": 873,                 "total": 996,                 "used": 123             },             "swap": {                 "cached": 0,                 "free": 15
Post a Comment
Read more

connect: Network is unreachable

connect: Network is unreachable If you are getting below error, then probably you have not added gateway address or you have incorrect gateway in config file. [root@cluster ~]# ping google.com connect: Network is unreachable Before: [root@cluster ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth3 DEVICE=eth3 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static IPADDR=192.168.174.130 NETMASK=255.255.255.0 After: [root@cluster ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth3 DEVICE=eth3 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static IPADDR=192.168.174.130 NETMASK=255.255.255.0 GATEWAY=192.168.174.2 [root@cluster ~]# ifdown eth3 [root@cluster ~]# ifup eth3 Determining if ip address 192.168.174.130 is already in use for device eth3... [root@cluster ~]# ping google.com PING google.com (216.58.218.174) 56(84) bytes of data. 64 bytes from dfw06s46-in-f14.1e100.net (216.58.218.174): icmp_seq=1 ttl=128 time=261 ms 6
Post a Comment
Read more