forked from sassoftware/viya4-iac-azure
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vms.tf
132 lines (116 loc) · 5.01 KB
/
vms.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
locals {
rwx_filestore_endpoint = ( var.storage_type == "none"
? ""
: var.storage_type == "ha" ? module.netapp.0.netapp_endpoint : module.nfs.0.private_ip_address
)
rwx_filestore_path = ( var.storage_type == "none"
? ""
: var.storage_type == "ha" ? module.netapp.0.netapp_path : "/export"
)
}
data "template_file" "jump-cloudconfig" {
template = file("${path.module}/files/cloud-init/jump/cloud-config")
count = var.create_jump_vm ? 1 : 0
vars = {
mounts = ( var.storage_type == "none"
? "[]"
: jsonencode(
[ "${local.rwx_filestore_endpoint}:${local.rwx_filestore_path}",
"${var.jump_rwx_filestore_path}",
"nfs",
"_netdev,auto,x-systemd.automount,x-systemd.mount-timeout=10,timeo=14,x-systemd.idle-timeout=1min,relatime,hard,rsize=1048576,wsize=1048576,vers=3,tcp,namlen=255,retrans=2,sec=sys,local_lock=none",
"0",
"0"
])
)
rwx_filestore_endpoint = local.rwx_filestore_endpoint
rwx_filestore_path = local.rwx_filestore_path
jump_rwx_filestore_path = var.jump_rwx_filestore_path
vm_admin = var.jump_vm_admin
}
}
data "template_cloudinit_config" "jump" {
count = var.create_jump_vm ? 1 : 0
gzip = true
base64_encode = true
part {
content_type = "text/cloud-config"
content = data.template_file.jump-cloudconfig.0.rendered
}
}
module "jump" {
source = "./modules/azurerm_vm"
count = var.create_jump_vm ? 1 : 0
name = "${var.prefix}-jump"
azure_rg_name = local.aks_rg.name
azure_rg_location = var.location
vnet_subnet_id = module.vnet.subnets["misc"].id
machine_type = var.jump_vm_machine_type
azure_nsg_id = local.nsg.id
tags = var.tags
vm_admin = var.jump_vm_admin
vm_zone = var.jump_vm_zone
ssh_public_key = local.ssh_public_key
cloud_init = data.template_cloudinit_config.jump.0.rendered
create_public_ip = var.create_jump_public_ip
# Jump VM mounts NFS path hence dependency on 'module.nfs'
depends_on = [module.vnet, module.nfs]
}
data "template_file" "nfs-cloudconfig" {
template = file("${path.module}/files/cloud-init/nfs/cloud-config")
count = var.storage_type == "standard" ? 1 : 0
vars = {
aks_cidr_block = module.vnet.subnets["aks"].address_prefixes.0
misc_cidr_block = module.vnet.subnets["misc"].address_prefixes.0
vm_admin = var.nfs_vm_admin
}
}
data "template_cloudinit_config" "nfs" {
count = var.storage_type == "standard" ? 1 : 0
gzip = true
base64_encode = true
part {
content_type = "text/cloud-config"
content = data.template_file.nfs-cloudconfig.0.rendered
}
}
module "nfs" {
source = "./modules/azurerm_vm"
count = var.storage_type == "standard" ? 1 : 0
name = "${var.prefix}-nfs"
azure_rg_name = local.aks_rg.name
azure_rg_location = var.location
proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity.*.id, [""]), 0)
vnet_subnet_id = module.vnet.subnets["misc"].id
machine_type = var.nfs_vm_machine_type
azure_nsg_id = local.nsg.id
tags = var.tags
vm_admin = var.nfs_vm_admin
vm_zone = var.nfs_vm_zone
ssh_public_key = local.ssh_public_key
cloud_init = data.template_cloudinit_config.nfs.0.rendered
create_public_ip = var.create_nfs_public_ip
data_disk_count = 4
data_disk_size = var.nfs_raid_disk_size
data_disk_storage_account_type = var.nfs_raid_disk_type
data_disk_zones = var.nfs_raid_disk_zones
depends_on = [module.vnet]
}
resource "azurerm_network_security_rule" "vm-ssh" {
name = "${var.prefix}-ssh"
description = "Allow SSH from source"
count = ( length(local.vm_public_access_cidrs) > 0
&& (( var.create_jump_public_ip && var.create_jump_vm ) || (var.create_nfs_public_ip && var.storage_type == "standard"))
? 1 : 0
)
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefixes = local.vm_public_access_cidrs
destination_address_prefix = "*"
resource_group_name = local.nsg_rg_name
network_security_group_name = local.nsg.name
}