= Terraform, conditionals, state and VM
== azure public ip
* public IP = external access to resources
* SND
* Estáticas/Dinámicas
* Acceso a recursos
resource "azurerm_network_interface" "web_server_nic" {
name = "${var.web_server_name}-nic"
location = "${var.web_server_location}"
resource_group_name = "${azurerm_resource_group.web_server_rg.name}"
ip_configuration {
name = "${var.web_server_name}-ip"
subnet_id = "${azurerm_subnet.web_server_subnet.id}"
private_ip_address_allocation = "dynamic"
public_ip_address_id = "${azurerm_public_ip.web_server_public_ip.id}"
}
}
resource "azurerm_public_ip" "web_server_public_ip" {
name = "${var.web_server_name}-public-ip"
location = "${var.web_server_location}"
resource_group_name = "${azurerm_resource_group.web_server_rg.name}"
public_ip_address_allocation = "dynamic"
}
== conditionals
"web_server_location" = "westus2"
"web_server_rg" = "web-rg"
"resource_prefix" = "web-server"
"web_server_address_space" = "1.0.0.0/22"
"web_server_address_prefix" = "1.0.1.0/24"
"web_server_name" = "web-01"
"environment" = "production"
variable "environment" {}
resource "azurerm_public_ip" "web_server_public_ip" {
name = "${var.web_server_name}-public-ip"
location = "${var.web_server_location}"
resource_group_name = "${azurerm_resource_group.web_server_rg.name}"
public_ip_address_allocation = "${var.environment == "production" ? "static" : "dynamic" }"
}
== azure Network Security Group
* traffic control
* like firewall
* default rules
* own rules
* scope (network, subnets, resources)
resource "azurerm_network_interface" "web_server_nic" {
name = "${var.web_server_name}-nic"
location = "${var.web_server_location}"
resource_group_name = "${azurerm_resource_group.web_server_rg.name}"
network_security_group_id = "${azurerm_network_security_group.web_server_nsg.id}"
ip_configuration {
name = "${var.web_server_name}-ip"
subnet_id = "${azurerm_subnet.web_server_subnet.id}"
private_ip_address_allocation = "dynamic"
public_ip_address_id = "${azurerm_public_ip.web_server_public_ip.id}"
}
}
resource "azurerm_network_security_rule" "web_server_nsg_rule_rdp" {
name = "RDP Inbound"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.web_server_rg.name}"
network_security_group_name = "${azurerm_network_security_group.web_server_nsg.name}"
}
== azure Terraform state
* track and map deployed resources
* **terraform.tfstate**, **terraform.tfstate.backup**
* metadata
* stored locally o remotely (to be shared, more security)
* sensitive data!
* don't edit this file, IMPORT
* [[https://resources.azure.com|Azure Resource Explorer]]
== azure Market Place Images
* como obtener datos de las VM
* desde el template, en un RG en el que ya tenemos desplegada una máquina
* ''az vm image list-publishers -l -o table''
* ''az vm image list-offers -l -p MicrosoftWindowsServer -o table''
* **MicrosoftWindowsServer** lo hemos sacado del comando anterior
* ''az vm image list-skus -l -p MicrosoftWindowsServer -f WindowsServer -o Table''
* **WindowsServer** lo hemos sacado del listado anterior
* esto nos devuelve un listado con las versiones específicas
== azure Hardware Models
* [[https://docs.microsoft.com/en-us/azure/virtual-machines/sizes-general]]
* [[https://azure.microsoft.com/en-us/pricing/calculator/]]
* ''az vm list-sizes -l -o table''
== Azure Virtual Machine
* Hardware model
* Image
* Networking
* Disks
* Availability and Scale Sets
* resource "azurerm_virtual_machine" "vm" {
name = "${var.web_server_name}-vm"
location = "${var.web_server_location}"
resource_group_name = "${azurerm_resource_group.web_server_rg.name}"
network_interface_ids = ["${azurerm_network_interface.web_server_nic.id}"]
vm_size = "Standard_B1s"
storage_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter-Server-Core-smalldisk"
version = "latest"
}
storage_os_disk {
name = "${var.web_server_name}-osdisk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "${var.web_server_name}-os"
admin_username = "webserver"
admin_password = "password"
}
os_profile_windows_config {
}
}