Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Some documentation to help understand how to get started with building an IAAS environment with Terraform

Pre-requsites

mkdir -p ~/bin
cd ~/bin
sudo apt update && sudo apt install unzip

Install AzureCLI

Source

curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/azure-cli.list > /dev/null
sudo apt update && sudo apt install azure-cli

Install Kubectl in WSL

Source

curl -sLO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod 755 kubectl

Install Terraform in WSL

Source

curl -sLO $(curl https://www.terraform.io/downloads.html | grep "linux_amd64.zip" | cut -d\" -f 2) && unzip terraform*.zip && rm terraform*.zip && chmod 755 terraform

Install terraform extension for VSCode

https://marketplace.visualstudio.com/items?itemName=mauve.terraform

Define bash as Default VSCode Shell

Source

  1. ctrl+shift+p (Command palete)
  2. Type: default shell and select Terminal: Select Default Shell
  3. Choose "WSL Bash"
data "http" "icanhazip" {
url = "http://ipv4.icanhazip.com"
}
provider "azurerm" {
}
resource "azurerm_resource_group" "rg" {
name = var.resource_group_name
location = var.location
}
resource "azurerm_virtual_network" "vnet" {
name = var.vnet_name
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["10.0.0.0/16"]
dns_servers = ["8.8.8.8", "8.8.4.4"]
}
# If the VNET already exists, use
#data "azurerm_virtual_network" "vnet" {
# name = "some_vnet_name"
# resource_group_name = "owner_rg_for_vnet"
#}
resource "azurerm_subnet" "subnet" {
name = var.subnet_name
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefix = "10.0.1.0/24"
}
resource "azurerm_network_security_group" "iaasnsg" {
name = "iaas-nsg"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
}
resource "azurerm_network_security_rule" "iaasnsgr" {
name = "iaas-nsg-100"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "${trimspace(data.http.icanhazip.body)}/32"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.iaasnsg.name
}
resource "azurerm_public_ip" "iaaspubip" {
name = "iaas-pubip"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Dynamic"
domain_name_label = var.dns_prefix
}
resource "azurerm_network_interface" "iaasnic" {
name = "iaas-nic"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
network_security_group_id = azurerm_network_security_group.iaasnsg.id
ip_configuration {
name = "iaas-nic-ip"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.iaaspubip.id
}
}
resource "azurerm_virtual_machine" "main" {
name = "iaas-vm"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
network_interface_ids = [azurerm_network_interface.iaasnic.id]
vm_size = "Standard_DS1_v2"
delete_os_disk_on_termination = true
delete_data_disks_on_termination = true
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
storage_os_disk {
name = "iaas-os-disk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "iaas"
admin_username = var.ssh_user
admin_password = var.ssh_password
}
os_profile_linux_config {
disable_password_authentication = false
}
provisioner "remote-exec" {
inline = ["mkdir /tmp/ansible"]
connection {
host = azurerm_public_ip.iaaspubip.fqdn
user = var.ssh_user
password = var.ssh_password
}
}
provisioner "file" {
source = "ansible/"
destination = "/tmp/ansible"
connection {
host = azurerm_public_ip.iaaspubip.fqdn
user = var.ssh_user
password = var.ssh_password
}
}
provisioner "remote-exec" {
inline = [
"sudo apt update > /tmp/apt_update || cat /tmp/apt_update",
"sudo apt install -y python3-pip > /tmp/apt_install_python3_pip || cat /tmp/apt_install_python3_pip",
"sudo -H pip3 install ansible > /tmp/pip_install_ansible || cat /tmp/pip_install_ansible",
"ansible-playbook /tmp/ansible/main.yml"
]
connection {
host = azurerm_public_ip.iaaspubip.fqdn
user = var.ssh_user
password = var.ssh_password
}
}
}
output "host" {
value = "${azurerm_public_ip.iaaspubip.fqdn}"
}
variable "os_disk_size" {
default = 30
}
variable "ssh_user" {
default = "tf_admin"
}
variable "ssh_password" {
default = "Sup3rS3cr3t-"
}
variable "dns_prefix" {
default = "MyFirstIaaSOnTerraform"
}
variable resource_group_name {
default = "MFIOT201906"
}
variable vnet_name {
default = "MFIOT201906_vnet"
}
variable subnet_name {
default = "MFIOT201906_subnet"
}
variable location {
default = "UK South"
}
terraform {
required_version = ">= 0.12"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.