diff --git a/quickstart/201-vmss-jumpbox/main.tf b/quickstart/201-vmss-jumpbox/main.tf index 15ebf449b..1f69ec4b8 100644 --- a/quickstart/201-vmss-jumpbox/main.tf +++ b/quickstart/201-vmss-jumpbox/main.tf @@ -1,9 +1,9 @@ terraform { required_version = ">=0.12" - + required_providers { azurerm = { - source = "hashicorp/azurerm" + source = "hashicorp/azurerm" version = "~>2.0" } } @@ -14,192 +14,190 @@ provider "azurerm" { } resource "azurerm_resource_group" "vmss" { - name = var.resource_group_name - location = var.location - tags = var.tags + name = var.resource_group_name + location = var.location + tags = var.tags } resource "random_string" "fqdn" { - length = 6 - special = false - upper = false - number = false + length = 6 + special = false + upper = false + number = false } resource "azurerm_virtual_network" "vmss" { - name = "vmss-vnet" - address_space = ["10.0.0.0/16"] - location = var.location - resource_group_name = azurerm_resource_group.vmss.name - tags = var.tags + name = "vmss-vnet" + address_space = ["10.0.0.0/16"] + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + tags = var.tags } resource "azurerm_subnet" "vmss" { - name = "vmss-subnet" - resource_group_name = azurerm_resource_group.vmss.name - virtual_network_name = azurerm_virtual_network.vmss.name - address_prefixes = ["10.0.2.0/24"] + name = "vmss-subnet" + resource_group_name = azurerm_resource_group.vmss.name + virtual_network_name = azurerm_virtual_network.vmss.name + address_prefixes = ["10.0.2.0/24"] } resource "azurerm_public_ip" "vmss" { - name = "vmss-public-ip" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name - allocation_method = "Static" - domain_name_label = random_string.fqdn.result - tags = var.tags + name = "vmss-public-ip" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + allocation_method = "Static" + domain_name_label = random_string.fqdn.result + tags = var.tags } resource "azurerm_lb" "vmss" { - name = "vmss-lb" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name + name = "vmss-lb" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name - frontend_ip_configuration { - name = "PublicIPAddress" - public_ip_address_id = azurerm_public_ip.vmss.id - } + frontend_ip_configuration { + name = "PublicIPAddress" + public_ip_address_id = azurerm_public_ip.vmss.id + } - tags = var.tags + tags = var.tags } resource "azurerm_lb_backend_address_pool" "bpepool" { - loadbalancer_id = azurerm_lb.vmss.id - name = "BackEndAddressPool" + loadbalancer_id = azurerm_lb.vmss.id + name = "BackEndAddressPool" } resource "azurerm_lb_probe" "vmss" { - resource_group_name = azurerm_resource_group.vmss.name - loadbalancer_id = azurerm_lb.vmss.id - name = "ssh-running-probe" - port = var.application_port + loadbalancer_id = azurerm_lb.vmss.id + name = "ssh-running-probe" + port = var.application_port } resource "azurerm_lb_rule" "lbnatrule" { - resource_group_name = azurerm_resource_group.vmss.name - loadbalancer_id = azurerm_lb.vmss.id - name = "http" - protocol = "Tcp" - frontend_port = var.application_port - backend_port = var.application_port - backend_address_pool_id = azurerm_lb_backend_address_pool.bpepool.id - frontend_ip_configuration_name = "PublicIPAddress" - probe_id = azurerm_lb_probe.vmss.id + loadbalancer_id = azurerm_lb.vmss.id + name = "http" + protocol = "Tcp" + frontend_port = var.application_port + backend_port = var.application_port + backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id] + frontend_ip_configuration_name = "PublicIPAddress" + probe_id = azurerm_lb_probe.vmss.id } resource "azurerm_virtual_machine_scale_set" "vmss" { - name = "vmscaleset" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name - upgrade_policy_mode = "Manual" - - sku { - name = "Standard_DS1_v2" - tier = "Standard" - capacity = 2 - } - - storage_profile_image_reference { - publisher = "Canonical" - offer = "UbuntuServer" - sku = "16.04-LTS" - version = "latest" - } - - storage_profile_os_disk { - name = "" - caching = "ReadWrite" - create_option = "FromImage" - managed_disk_type = "Standard_LRS" - } - - storage_profile_data_disk { - lun = 0 - caching = "ReadWrite" - create_option = "Empty" - disk_size_gb = 10 - } - - os_profile { - computer_name_prefix = "vmlab" - admin_username = var.admin_user - admin_password = var.admin_password - custom_data = file("web.conf") - } - - os_profile_linux_config { - disable_password_authentication = false - } - - network_profile { - name = "terraformnetworkprofile" - primary = true - - ip_configuration { - name = "IPConfiguration" - subnet_id = azurerm_subnet.vmss.id - load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id] - primary = true - } - } - - tags = var.tags + name = "vmscaleset" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + upgrade_policy_mode = "Manual" + + sku { + name = "Standard_DS1_v2" + tier = "Standard" + capacity = 2 + } + + storage_profile_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } + + storage_profile_os_disk { + name = "" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + storage_profile_data_disk { + lun = 0 + caching = "ReadWrite" + create_option = "Empty" + disk_size_gb = 10 + } + + os_profile { + computer_name_prefix = "vmlab" + admin_username = var.admin_user + admin_password = var.admin_password + custom_data = file("web.conf") + } + + os_profile_linux_config { + disable_password_authentication = false + } + + network_profile { + name = "terraformnetworkprofile" + primary = true + + ip_configuration { + name = "IPConfiguration" + subnet_id = azurerm_subnet.vmss.id + load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id] + primary = true + } + } + + tags = var.tags } resource "azurerm_public_ip" "jumpbox" { - name = "jumpbox-public-ip" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name - allocation_method = "Static" - domain_name_label = "${random_string.fqdn.result}-ssh" - tags = var.tags + name = "jumpbox-public-ip" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + allocation_method = "Static" + domain_name_label = "${random_string.fqdn.result}-ssh" + tags = var.tags } resource "azurerm_network_interface" "jumpbox" { - name = "jumpbox-nic" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name - - ip_configuration { - name = "IPConfiguration" - subnet_id = azurerm_subnet.vmss.id - private_ip_address_allocation = "dynamic" - public_ip_address_id = azurerm_public_ip.jumpbox.id - } - - tags = var.tags + name = "jumpbox-nic" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + + ip_configuration { + name = "IPConfiguration" + subnet_id = azurerm_subnet.vmss.id + private_ip_address_allocation = "Dynamic" + public_ip_address_id = azurerm_public_ip.jumpbox.id + } + + tags = var.tags } resource "azurerm_virtual_machine" "jumpbox" { - name = "jumpbox" - location = var.location - resource_group_name = azurerm_resource_group.vmss.name - network_interface_ids = [azurerm_network_interface.jumpbox.id] - vm_size = "Standard_DS1_v2" - - storage_image_reference { - publisher = "Canonical" - offer = "UbuntuServer" - sku = "16.04-LTS" - version = "latest" - } - - storage_os_disk { - name = "jumpbox-osdisk" - caching = "ReadWrite" - create_option = "FromImage" - managed_disk_type = "Standard_LRS" - } - - os_profile { - computer_name = "jumpbox" - admin_username = var.admin_user - admin_password = var.admin_password - } - - os_profile_linux_config { - disable_password_authentication = false - } - - tags = var.tags -} \ No newline at end of file + name = "jumpbox" + location = var.location + resource_group_name = azurerm_resource_group.vmss.name + network_interface_ids = [azurerm_network_interface.jumpbox.id] + vm_size = "Standard_DS1_v2" + + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "16.04-LTS" + version = "latest" + } + + storage_os_disk { + name = "jumpbox-osdisk" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "jumpbox" + admin_username = var.admin_user + admin_password = var.admin_password + } + + os_profile_linux_config { + disable_password_authentication = false + } + + tags = var.tags +} diff --git a/quickstart/201-vmss-jumpbox/readme.md b/quickstart/201-vmss-jumpbox/readme.md index df9086d37..48b29072b 100644 --- a/quickstart/201-vmss-jumpbox/readme.md +++ b/quickstart/201-vmss-jumpbox/readme.md @@ -27,7 +27,7 @@ This template deploys an Azure virtual machine scale set with a jumpbox. | `tags` | Map of the tags to use for the resources that are deployed | | `application_port` | Port that you want to expose to the external load balancer | | `admin_user` | User name to use as the admin account on the VMs that will be part of the VM scale set | -| `admin_password` | Default password for admin account (NOTE: For security reasons, this value is not set in the plaintext variables.tf file.) | +| `admin_password` | Default password for admin account | ## Example diff --git a/quickstart/201-vmss-jumpbox/variables.tf b/quickstart/201-vmss-jumpbox/variables.tf index 574d720c8..54b088544 100644 --- a/quickstart/201-vmss-jumpbox/variables.tf +++ b/quickstart/201-vmss-jumpbox/variables.tf @@ -1,31 +1,33 @@ variable "resource_group_name" { - description = "Name of the resource group in which the resources will be created" - default = "myResourceGroup" + description = "Name of the resource group in which the resources will be created" + default = "myResourceGroup" } variable "location" { - default = "eastus" - description = "Location where resources will be created" + default = "eastus" + description = "Location where resources will be created" } variable "tags" { - description = "Map of the tags to use for the resources that are deployed" - type = map(string) - default = { - environment = "codelab" - } + description = "Map of the tags to use for the resources that are deployed" + type = map(string) + default = { + environment = "codelab" + } } variable "application_port" { - description = "Port that you want to expose to the external load balancer" - default = 80 + description = "Port that you want to expose to the external load balancer" + default = 80 } variable "admin_user" { - description = "User name to use as the admin account on the VMs that will be part of the VM scale set" - default = "azureuser" + description = "User name to use as the admin account on the VMs that will be part of the VM scale set" + default = "azureuser" } variable "admin_password" { - description = "Default password for admin account" -} \ No newline at end of file + description = "Default password for admin account" + default = "ChangeMe123!" + sensitive = true +}