Terraform, conditionals, state and VM
azure public ip
- public IP = external access to resources
- SND
- Estáticas/Dinámicas
- Acceso a recursos
resource "azurerm_network_interface" "web_server_nic" {
name = "${var.web_server_name}-nic"
location = "${var.web_server_location}"
resource_group_name = "${azurerm_resource_group.web_server_rg.name}"
ip_configuration {
name = "${var.web_server_name}-ip"
subnet_id = "${azurerm_subnet.web_server_subnet.id}"
private_ip_address_allocation = "dynamic"
public_ip_address_id = "${azurerm_public_ip.web_server_public_ip.id}"
}
}
resource "azurerm_public_ip" "web_server_public_ip" {
name = "${var.web_server_name}-public-ip"
location = "${var.web_server_location}"
resource_group_name = "${azurerm_resource_group.web_server_rg.name}"
public_ip_address_allocation = "dynamic"
}
conditionals
"web_server_location" = "westus2" "web_server_rg" = "web-rg" "resource_prefix" = "web-server" "web_server_address_space" = "1.0.0.0/22" "web_server_address_prefix" = "1.0.1.0/24" "web_server_name" = "web-01" "environment" = "production"
variable "environment" {}
resource "azurerm_public_ip" "web_server_public_ip" {
name = "${var.web_server_name}-public-ip"
location = "${var.web_server_location}"
resource_group_name = "${azurerm_resource_group.web_server_rg.name}"
public_ip_address_allocation = "${var.environment == "production" ? "static" : "dynamic" }"
}
azure Network Security Group
- traffic control
- like firewall
- default rules
- own rules
- scope (network, subnets, resources)
resource "azurerm_network_interface" "web_server_nic" {
name = "${var.web_server_name}-nic"
location = "${var.web_server_location}"
resource_group_name = "${azurerm_resource_group.web_server_rg.name}"
network_security_group_id = "${azurerm_network_security_group.web_server_nsg.id}"
ip_configuration {
name = "${var.web_server_name}-ip"
subnet_id = "${azurerm_subnet.web_server_subnet.id}"
private_ip_address_allocation = "dynamic"
public_ip_address_id = "${azurerm_public_ip.web_server_public_ip.id}"
}
}
resource "azurerm_network_security_rule" "web_server_nsg_rule_rdp" {
name = "RDP Inbound"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.web_server_rg.name}"
network_security_group_name = "${azurerm_network_security_group.web_server_nsg.name}"
}
azure Terraform state
- track and map deployed resources
- terraform.tfstate, terraform.tfstate.backup
- metadata
- stored locally o remotely (to be shared, more security)
- sensitive data!
- don't edit this file, IMPORT
azure Market Place Images
- como obtener datos de las VM
- desde el template, en un RG en el que ya tenemos desplegada una máquina
az vm image list-publishers -l <LOCATION> -o tableaz vm image list-offers -l <LOCATION> -p MicrosoftWindowsServer -o table- MicrosoftWindowsServer lo hemos sacado del comando anterior
az vm image list-skus -l <LOCATION> -p MicrosoftWindowsServer -f WindowsServer -o Table- WindowsServer lo hemos sacado del listado anterior
- esto nos devuelve un listado con las versiones específicas
azure Hardware Models
az vm list-sizes -l <LOCATION> -o table
Azure Virtual Machine
- Hardware model
- Image
- Networking
- Disks
- Availability and Scale Sets
resource "azurerm_virtual_machine" "vm" { name = "${var.web_server_name}-vm" location = "${var.web_server_location}" resource_group_name = "${azurerm_resource_group.web_server_rg.name}" network_interface_ids = ["${azurerm_network_interface.web_server_nic.id}"] vm_size = "Standard_B1s" storage_image_reference { publisher = "MicrosoftWindowsServer" offer = "WindowsServer" sku = "2016-Datacenter-Server-Core-smalldisk" version = "latest" } storage_os_disk { name = "${var.web_server_name}-osdisk" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" } os_profile { computer_name = "${var.web_server_name}-os" admin_username = "webserver" admin_password = "password" } os_profile_windows_config { } }