Skip to content

Udpdate terraform code to use unique identifiers #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: devel
Choose a base branch
from
Open

Udpdate terraform code to use unique identifiers #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4608c6d
Udpdate terraform code to use unique identifiers
mfortin Jun 9, 2024
0051ed5
typo
mfortin Jun 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
134 changes: 60 additions & 74 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,70 +5,60 @@ terraform {
source = "hashicorp/azurerm"
version = "~> 2.65"
}
random = {
source = "hashicorp/random"
version = "~>3.5"
}
tls = {
source = "hashicorp/tls"
version = "~>4.0"
local = {
source = "hashicorp/local"
version = "~> 2.5"
}
}
required_version = ">= 1.1.0"
}

provider "azurerm" {
features {}
locals {
name_prefix = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-${var.run_job_id}"
# Read Username and password from file
win_credentials = jsondecode(file("sensitive_info.json"))
tags = {
Environment = var.tagname
Name = "${var.OS_version}-${var.benchmark_type}"
Repository = var.repository
}
}

#Read Username and password from file
data "external" "win_account" {
program = ["cat", "./sensitive_info.json"]
provider "azurerm" {
features {}
}

resource "azurerm_resource_group" "main" {
name = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-RG"
name = "${local.name_prefix}-RG"
location = var.location
tags = {
Environment = "${var.tagname}"
Name = "${var.OS_version}-${var.benchmark_type}"
Repository = "${var.repository}"
}
tags = local.tags
}

resource "azurerm_virtual_network" "main" {
name = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-network"
name = "${local.name_prefix}-network"
address_space = ["172.16.0.0/16"]
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
tags = {
Environment = "${var.tagname}"
Name = "${var.OS_version}-${var.benchmark_type}"
Repository = "${var.repository}"
}
tags = local.tags
}

resource "azurerm_subnet" "internal" {
name = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-intip"
name = "${local.name_prefix}-intip"
resource_group_name = azurerm_resource_group.main.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["172.16.101.0/24"]
}

resource "azurerm_public_ip" "main" {
name = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-pubip"
name = "${local.name_prefix}-pubip"
location = var.location
resource_group_name = azurerm_resource_group.main.name
allocation_method = "Static"
tags = {
Environment = "${var.tagname}"
Name = "${var.OS_version}-${var.benchmark_type}"
Repository = "${var.repository}"
}
tags = local.tags
}

resource "azurerm_network_interface" "main" {
name = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-nic"
name = "${local.name_prefix}-nic"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location

Expand All @@ -79,15 +69,11 @@ resource "azurerm_network_interface" "main" {
public_ip_address_id = azurerm_public_ip.main.id
}

tags = {
Environment = "${var.tagname}"
Name = "${var.OS_version}-${var.benchmark_type}"
Repository = "${var.repository}"
}
tags = local.tags
}

resource "azurerm_network_security_group" "secgroup" {
name = "${var.prefix}-${var.OS_version}-${var.benchmark_type}-secgroup"
name = "${local.name_prefix}-secgroup"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
security_rule {
Expand All @@ -112,11 +98,7 @@ resource "azurerm_network_security_group" "secgroup" {
source_address_prefix = "Internet"
destination_address_prefix = "*"
}
tags = {
Environment = "${var.tagname}"
Name = "${var.OS_version}-${var.benchmark_type}"
Repository = "${var.repository}"
}
tags = local.tags
}

# Associate subnet and network security group
Expand All @@ -126,12 +108,12 @@ resource "azurerm_subnet_network_security_group_association" "secgroup-assoc" {
}

resource "azurerm_windows_virtual_machine" "main" {
name = "${var.hostname}-${var.OS_version}-${var.benchmark_type}"
name = local.name_prefix
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
size = var.system_size
admin_username = data.external.win_account.result.username
admin_password = data.external.win_account.result.password
admin_username = local.win_credentials["username"]
admin_password = local.win_credentials["password"]
network_interface_ids = [
azurerm_network_interface.main.id,
]
Expand All @@ -148,11 +130,7 @@ resource "azurerm_windows_virtual_machine" "main" {
caching = "ReadWrite"
}

tags = {
Environment = "${var.tagname}"
Name = "${var.OS_version}-${var.benchmark_type}"
Repository = "${var.repository}"
}
tags = local.tags
}

## Install the custom script VM extension to each VM. When the VM comes up,
Expand All @@ -166,36 +144,44 @@ resource "azurerm_virtual_machine_extension" "enablewinrm" {
type = "CustomScriptExtension" ## az vm extension image list --location eastus Only use CustomScriptExtension here
type_handler_version = "1.10" ## az vm extension image list --location eastus
auto_upgrade_minor_version = true
settings = <<SETTINGS
settings = jsonencode(
{
"fileUris": ["https://raw.githubusercontent.com/ansible-lockdown/github_windows_IaC/devel/scripts/ConfigureRemotingForAnsible.ps1"],
"commandToExecute": "powershell -ExecutionPolicy Unrestricted -File ConfigureRemotingForAnsible.ps1"
fileUris = [
"https://raw.githubusercontent.com/ansible-lockdown/github_windows_IaC/devel/scripts/ConfigureRemotingForAnsible.ps1"
]
commandToExecute = "powershell -ExecutionPolicy Unrestricted -File ConfigureRemotingForAnsible.ps1"
}
SETTINGS
)
}

// generate inventory file
resource "local_file" "inventory" {
filename = "./hosts.yml"
directory_permission = "0755"
file_permission = "0644"
content = <<EOF
# benchmark host
all:
hosts:
${var.hostname}:
ansible_host: ${azurerm_public_ip.main.ip_address}
vars:
ansible_user: "${data.external.win_account.result.username}"
ansible_password: "${data.external.win_account.result.password}"
setup_audit: true
run_audit: true
system_is_ec2: true
audit_git_version: devel
win_skip_for_test: true
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
ansible_winrm_operation_timeout_sec: 120
ansible_winrm_read_timeout_sec: 180
EOF
content = yamlencode(
{
# benchmark host
all = {
hosts = {
(var.hostname) = {
ansible_host = azurerm_public_ip.main.ip_address
}
}
vars = {
ansible_user = local.win_credentials["username"]
ansible_password = local.win_credentials["password"]
setup_audit = true
run_audit = true
system_is_ec2 = true
audit_git_version = "devel"
win_skip_for_test = true
ansible_connection = "winrm"
ansible_winrm_server_cert_validation = "ignore"
ansible_winrm_operation_timeout_sec = 120
ansible_winrm_read_timeout_sec = 180
}
}
}
)
}
6 changes: 6 additions & 0 deletions vars.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,9 @@ variable "repository" {
description = "The repository thats being tested"
type = string
}

variable "run_job_id" {
description = "The Run Job ID from Github"
type = string
default = "0"
}