Skip to content

Instantly share code, notes, and snippets.

@pvandervelde

pvandervelde/cloud_init.yaml

Created August 19, 2020 10:00
Show Gist options
  • Save pvandervelde/0c9a805e83fd4bc6e51fefbf6ee52c51 to your computer and use it in GitHub Desktop.
Save pvandervelde/0c9a805e83fd4bc6e51fefbf6ee52c51 to your computer and use it in GitHub Desktop.
Download ZIP
Terraform configuration for Consul Azure auto-join
Raw
cloud_init.yaml
#cloud-config
write_files:
- content: |
{
"retry_join": [
"provider=azure subscription_id=${subscription} tag_name=consul_server_id tag_value=${environment_id}"
]
}
path: /etc/consul/conf.d/consul_server_location.json
Raw
main.tf
terraform {
backend "local" {
}
}
provider "azurerm" {
features {}
subscription_id = var.subscription_production
version = "~>2.21.0"
}
data "azurerm_subnet" "sn" {
name = "sn-01"
virtual_network_name = "vn-01"
resource_group_name = "rg-vn"
}
#
# RESOURCE GROUP
#
resource "azurerm_resource_group" "rg" {
name = "rg-consul-cloud-join"
location = var.location
}
#
# ROLES
#
resource "azurerm_role_definition" "consul_server_discovery" {
description = "A custom role that allows Consul nodes to discover the server nodes in their environment."
name = "rd-consul-cloud-join"
scope = azurerm_resource_group.rg.id
permissions {
actions = [
"Microsoft.Network/networkInterfaces/read"
]
not_actions = []
}
assignable_scopes = [
azurerm_resource_group.rg.id
]
}
resource "azurerm_role_assignment" "consul_server_discovery" {
principal_id = data.azuread_group.consul_server_discovery.id
role_definition_id = azurerm_role_definition.consul_server_discovery.id
scope = azurerm_resource_group.rg.id
}
#
# CONSUL SERVER
#
locals {
name_consul_server = "consul-server"
consul_id = "Consul-Azure-Auto-Join-Tag"
}
# Locate the existing consul image
data "azurerm_image" "search_consul_server" {
name = "my-consul-image"
resource_group_name = "rg-images"
}
resource "azurerm_network_interface" "nic_consul_server" {
ip_configuration {
name = "nicconf-consul-server"
subnet_id = data.azurerm_subnet.sn.id
private_ip_address_allocation = "dynamic"
}
location = var.location
name = "nic-consul-server"
resource_group_name = azurerm_resource_group.rg.name
tags = merge(
local.common_tags,
local.extra_tags,
var.tags,
{
"consul_server_id" = local.consul_id
} )
}
resource "azurerm_network_interface_security_group_association" "nic_nsg_consul_server" {
count = var.cluster_size
network_interface_id = element(azurerm_network_interface.nic_consul_server.*.id, count.index)
network_security_group_id = data.azurerm_subnet.sn.network_security_group_id
}
resource "azurerm_linux_virtual_machine" "vm_consul_server" {
admin_password = var.admin_password
admin_username = local.admin_username
computer_name = "${local.name_consul_server}"
custom_data = base64encode(templatefile(
"${abspath(path.root)}/cloud_init_server.yaml",
{
environment_id = local.consul_id,
subscription = var.environment == "production" ? var.subscription_production : var.subscription_test,
}))
disable_password_authentication = false
identity {
type = "SystemAssigned"
}
location = var.location
name = "vm-${local.name_consul_server}"
network_interface_ids = azurerm_network_interface.nic_consul_server.id
os_disk {
caching = "ReadWrite"
name = "vm-disk-${local.name_consul_server}-os"
storage_account_type = "Premium_LRS"
}
resource_group_name = azurerm_resource_group.rg.name
size = "Standard_DS1_v2"
source_image_id = data.azurerm_image.search_consul_server.id
}
resource "azuread_group_member" "consul_server_cluster_discovery" {
count = var.cluster_size
group_object_id = data.azuread_group.consul_server_discovery.id
member_object_id = azurerm_linux_virtual_machine.vm_consul_server.identity.0.principal_id
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment