Azure
/
NoOpsAccelerator
зеркало из https://github.com/Azure/NoOpsAccelerator.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Refactor VMs

This commit is contained in:
John Spinella 2023-01-23 11:54:48 -05:00
Родитель cc94580835
Коммит 8501621ebb
37 изменённых файлов: 3110 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
src/terraform/core/overlays/virtualMachines/linux/VERSION Normal file
Просмотреть файл

@ -0,0 +1 @@
v0.12.0

32
src/terraform/core/overlays/virtualMachines/linux/aad-ssh-login.tf Normal file
Просмотреть файл

@ -0,0 +1,32 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#---------------------------------------
# Virtual machine SSH login
#---------------------------------------
resource "azurerm_virtual_machine_extension" "aad_ssh_login" {
for_each = toset(var.aad_ssh_login_enabled ? ["enabled"] : [])
name = "${azurerm_linux_virtual_machine.linux_vm.0.name}-AADSSHLoginForLinux"
publisher = "Microsoft.Azure.ActiveDirectory"
type = "AADSSHLoginForLinux"
type_handler_version = var.aad_ssh_login_extension_version
virtual_machine_id = azurerm_linux_virtual_machine.linux_vm.0.id
auto_upgrade_minor_version = true
tags = merge(local.default_tags, var.extra_tags, var.extensions_extra_tags)
}
resource "azurerm_role_assignment" "rbac_user_login" {
for_each = toset(var.aad_ssh_login_enabled ? var.aad_ssh_login_user_objects_ids : [])
principal_id = each.value
scope = azurerm_linux_virtual_machine.linux_vm.0.id
role_definition_name = "Virtual Machine User Login"
}
resource "azurerm_role_assignment" "rbac_admin_login" {
for_each = toset(var.aad_ssh_login_enabled ? var.aad_ssh_login_admin_objects_ids : [])
principal_id = each.value
scope = azurerm_linux_virtual_machine.linux_vm.0.id
role_definition_name = "Virtual Machine Administrator Login"
}

14
src/terraform/core/overlays/virtualMachines/linux/backup.tf Normal file
Просмотреть файл

@ -0,0 +1,14 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#---------------------------------------
# Virtual machine backup
#---------------------------------------
resource "azurerm_backup_protected_vm" "backup" {
for_each = toset(var.backup_policy_id != null ? ["enabled"] : [])
resource_group_name = local.backup_resource_group_name
recovery_vault_name = local.backup_recovery_vault_name
source_vm_id = azurerm_linux_virtual_machine.linux_vm.0.id
backup_policy_id = var.backup_policy_id
}

31
src/terraform/core/overlays/virtualMachines/linux/dataDisks.tf Normal file
Просмотреть файл

@ -0,0 +1,31 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#---------------------------------------
# Virtual machine data disks
#---------------------------------------
resource "azurerm_managed_disk" "data_disk" {
for_each = var.data_disks
name = coalesce(each.value.name, var.use_caf_naming ? data.azurecaf_name.disk[each.key].result : format("%s-datadisk%s", local.vm_name, each.key))
resource_group_name = var.resource_group_name
location = var.location
storage_account_type = each.value.storage_account_type
create_option = each.value.create_option
disk_size_gb = each.value.disk_size_gb
source_resource_id = contains(["Copy", "Restore"], each.value.create_option) ? each.value.source_resource_id : null
tags = merge({ "ResourceName" = "${local.vm_name}_DataDisk_${each.value.lun}" }, var.tags, )
lifecycle {
ignore_changes = [
tags,
]
}
}
resource "azurerm_virtual_machine_data_disk_attachment" "data_disk" {
for_each = var.data_disks
managed_disk_id = azurerm_managed_disk.data_disk[each.key].id
virtual_machine_id = azurerm_linux_virtual_machine.linux_vm[0].id
lun = coalesce(each.value.lun, index(keys(var.data_disks), each.key))
caching = each.value.caching
}

21
src/terraform/core/overlays/virtualMachines/linux/locals-naming.tf Normal file
Просмотреть файл

@ -0,0 +1,21 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#------------------------------------------------------------
# Local Naming configuration - Default (required).
#------------------------------------------------------------
locals {
# Naming locals/constants
name_prefix = lower(var.name_prefix)
name_suffix = lower(var.name_suffix)
vm_name = coalesce(var.custom_name, data.azurecaf_name.vm.result)
vm_hostname = coalesce(var.custom_computer_name, local.vm_name)
vm_os_disk_name = coalesce(var.os_disk_custom_name, "${local.vm_name}-osdisk")
vm_pub_ip_name = coalesce(var.custom_public_ip_name, data.azurecaf_name.pub_ip.result)
vm_nic_name = coalesce(var.custom_nic_name, data.azurecaf_name.nic.result)
ip_configuration_name = coalesce(var.custom_ipconfig_name, "${local.vm_name}-nic-ipconfig")
dcr_name = coalesce(var.custom_dcr_name, format("dcra-%s", local.vm_name))
}

17
src/terraform/core/overlays/virtualMachines/linux/locals-tags.tf Normal file
Просмотреть файл

@ -0,0 +1,17 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#------------------------------------------------------------
# Local Tags configuration - Default (required).
#------------------------------------------------------------
locals {
default_tags = var.default_tags_enabled ? {
env = var.environment
core = var.workload_name
} : {}
default_vm_tags = var.default_tags_enabled ? {
os_family = "linux"
} : {}
}

11
src/terraform/core/overlays/virtualMachines/linux/locals.tf Normal file
Просмотреть файл

@ -0,0 +1,11 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#------------------------------------------------------------
# Local configuration - Default (required).
#------------------------------------------------------------
locals {
backup_resource_group_name = var.backup_policy_id != null ? split("/", var.backup_policy_id)[4] : null
backup_recovery_vault_name = var.backup_policy_id != null ? split("/", var.backup_policy_id)[8] : null
}

27
src/terraform/core/overlays/virtualMachines/linux/loganalytics.tf Normal file
Просмотреть файл

@ -0,0 +1,27 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#--------------------------------------------------------------
# Azure Log Analytics Workspace Agent Installation for Linux
#--------------------------------------------------------------
resource "azurerm_virtual_machine_extension" "oms_agent_linux" {
count = var.deploy_log_analytics_agent ? var.instances_count : 0
name = var.instances_count == 1 ? "OmsAgentForLinux" : format("%s%s", "OmsAgentForLinux", count.index + 1)
virtual_machine_id = azurerm_linux_virtual_machine.linux_vm[count.index].id
publisher = "Microsoft.EnterpriseCloud.Monitoring"
type = "OmsAgentForLinux"
type_handler_version = "1.13"
auto_upgrade_minor_version = true
settings = <<SETTINGS
{
"workspaceId": "${var.log_analytics_customer_id}"
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"workspaceKey": "${var.log_analytics_workspace_primary_shared_key}"
}
PROTECTED_SETTINGS
}

116
src/terraform/core/overlays/virtualMachines/linux/main.tf Normal file
Просмотреть файл

@ -0,0 +1,116 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# By default, this module will not create a resource group
# provide a name to use an existing resource group, specify the existing resource group name,
# and set the argument to `create_storage_account_resource_group = false`. Location will be same as existing RG.
resource "azurerm_resource_group" "rg" {
count = var.create_vm_resource_group ? 1 : 0
name = var.resource_group_name
location = var.location
tags = merge({ "Name" = format("%s", var.resource_group_name) }, var.tags, )
}
resource "random_password" "passwd" {
count = (var.os_flavor == "linux" && var.disable_password_authentication == false && var.admin_password == null ? 1 : (var.os_flavor == "windows" && var.admin_password == null ? 1 : 0))
length = var.random_password_length
min_upper = 4
min_lower = 2
min_numeric = 4
special = false
keepers = {
admin_password = local.vm_name
}
}
#---------------------------------------------------------------
# Generates SSH2 key Pair for Linux VM's (Dev Environment only)
#---------------------------------------------------------------
resource "tls_private_key" "rsa" {
count = var.generate_admin_ssh_key ? 1 : 0
algorithm = "RSA"
rsa_bits = 4096
}
#---------------------------------------
# Linux Virutal machine
#---------------------------------------
resource "azurerm_linux_virtual_machine" "linux_vm" {
count = var.os_flavor == "linux" ? var.instances_count : 0
name = var.instances_count == 1 ? substr(local.vm_name, 0, 64) : substr(format("%s%s", lower(replace(local.vm_name, "/[[:^alnum:]]/", "")), count.index + 1), 0, 64)
computer_name = local.vm_hostname
resource_group_name = var.resource_group_name
location = var.location
size = var.virtual_machine_size
admin_username = var.admin_username
admin_password = var.admin_password
disable_password_authentication = var.admin_password != null ? false : true
network_interface_ids = [element(concat(azurerm_network_interface.nic.*.id, [""]), count.index)]
source_image_id = var.source_image_id != null ? var.source_image_id : null
provision_vm_agent = true
allow_extension_operations = true
dedicated_host_id = var.dedicated_host_id
custom_data = var.custom_data != null ? var.custom_data : null
availability_set_id = var.enable_vm_availability_set == true ? element(concat(azurerm_availability_set.aset.*.id, [""]), 0) : null
encryption_at_host_enabled = var.enable_encryption_at_host
proximity_placement_group_id = var.enable_proximity_placement_group ? azurerm_proximity_placement_group.appgrp.0.id : null
zone = var.vm_availability_zone
tags = merge({ "ResourceName" = var.instances_count == 1 ? local.vm_name : format("%s%s", lower(replace(local.vm_name, "/[[:^alnum:]]/", "")), count.index + 1) }, var.tags, )
dynamic "admin_ssh_key" {
for_each = var.ssh_public_key != null ? ["fake"] : []
content {
public_key = var.ssh_public_key
username = var.admin_username
}
}
dynamic "source_image_reference" {
for_each = var.source_image_id != null ? [] : [1]
content {
publisher = var.custom_image != null ? var.custom_image["publisher"] : var.linux_distribution_list[lower(var.linux_distribution_name)]["publisher"]
offer = var.custom_image != null ? var.custom_image["offer"] : var.linux_distribution_list[lower(var.linux_distribution_name)]["offer"]
sku = var.custom_image != null ? var.custom_image["sku"] : var.linux_distribution_list[lower(var.linux_distribution_name)]["sku"]
version = var.custom_image != null ? var.custom_image["version"] : var.linux_distribution_list[lower(var.linux_distribution_name)]["version"]
}
}
os_disk {
storage_account_type = var.os_disk_storage_account_type
caching = var.os_disk_caching
disk_encryption_set_id = var.disk_encryption_set_id
disk_size_gb = var.disk_size_gb
write_accelerator_enabled = var.enable_os_disk_write_accelerator
name = var.os_disk_name
}
additional_capabilities {
ultra_ssd_enabled = var.enable_ultra_ssd_data_disk_storage_support
}
dynamic "identity" {
for_each = var.identity != null ? ["fake"] : []
content {
type = var.identity.type
identity_ids = var.identity.identity_ids
}
}
dynamic "boot_diagnostics" {
for_each = var.enable_boot_diagnostics ? [1] : []
content {
storage_account_uri = var.storage_account_uri
}
}
patch_mode = var.patch_mode
patch_assessment_mode = var.patch_mode == "AutomaticByPlatform" ? var.patch_mode : "ImageDefault"
lifecycle {
ignore_changes = [
tags,
]
}
}

44
src/terraform/core/overlays/virtualMachines/linux/naming.tf Normal file
Просмотреть файл

@ -0,0 +1,44 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
data "azurecaf_name" "vm" {
name = var.workload_name
resource_type = "azurerm_linux_virtual_machine"
prefixes = var.name_prefix == "" ? null : [local.name_prefix]
suffixes = compact([var.org_name, var.location_short, var.environment, local.name_suffix, var.use_caf_naming ? "" : "vm"])
use_slug = var.use_caf_naming
clean_input = true
separator = "-"
}
data "azurecaf_name" "pub_ip" {
name = var.workload_name
resource_type = "azurerm_public_ip"
prefixes = var.name_prefix == "" ? null : [local.name_prefix]
suffixes = compact([var.org_name, var.location_short, var.environment, local.name_suffix, var.use_caf_naming ? "" : "pubip"])
use_slug = var.use_caf_naming
clean_input = true
separator = "-"
}
data "azurecaf_name" "nic" {
name = var.workload_name
resource_type = "azurerm_network_interface"
prefixes = var.name_prefix == "" ? null : [local.name_prefix]
suffixes = compact([var.org_name, var.location_short, var.environment, local.name_suffix, var.use_caf_naming ? "" : "nic"])
use_slug = var.use_caf_naming
clean_input = true
separator = "-"
}
data "azurecaf_name" "disk" {
for_each = var.data_disks
name = var.workload_name
resource_type = "azurerm_managed_disk"
prefixes = var.name_prefix == "" ? null : [local.name_prefix]
suffixes = compact([var.org_name, var.location_short, var.environment, each.key])
use_slug = var.use_caf_naming
clean_input = true
separator = "-"
}

114
src/terraform/core/overlays/virtualMachines/linux/network.tf Normal file
Просмотреть файл

@ -0,0 +1,114 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#-----------------------------------
# Public IP for Virtual Machine
#-----------------------------------
resource "azurerm_public_ip" "pip" {
count = var.enable_public_ip_address == true ? var.instances_count : 0
name = lower("${local.vm_pub_ip_name}-0${count.index + 1}")
location = var.location
resource_group_name = var.resource_group_name
allocation_method = var.public_ip_allocation_method
sku = var.public_ip_sku
sku_tier = var.public_ip_sku_tier
domain_name_label = coalesce(var.internal_dns_name_label, local.vm_name)
tags = merge(local.default_tags, var.extra_tags, var.public_ip_extra_tags)
lifecycle {
ignore_changes = [
tags,
ip_tags,
]
}
}
#---------------------------------------
# Network Interface for Virtual Machine
#---------------------------------------
resource "azurerm_network_interface" "nic" {
count = var.instances_count
name = var.instances_count == 1 ? lower("nic-${format("vm%s", lower(replace(local.vm_nic_name, "/[[:^alnum:]]/", "")))}") : lower("nic-${format("vm%s%s", lower(replace(local.vm_nic_name, "/[[:^alnum:]]/", "")), count.index + 1)}")
location = var.location
resource_group_name = var.resource_group_name
dns_servers = var.dns_servers
enable_ip_forwarding = var.enable_ip_forwarding
enable_accelerated_networking = var.nic_enable_accelerated_networking
internal_dns_name_label = var.internal_dns_name_label
tags = merge(local.default_tags, var.extra_tags, var.nic_extra_tags)
ip_configuration {
name = lower("ipconig-${format("vm%s%s", lower(replace(local.vm_nic_name, "/[[:^alnum:]]/", "")), count.index + 1)}")
primary = true
subnet_id = var.vm_subnet_id
private_ip_address_allocation = var.static_private_ip == null ? "Dynamic" : "Static"
private_ip_address = var.static_private_ip
public_ip_address_id = var.enable_public_ip_address == true ? element(concat(azurerm_public_ip.pip.*.id, [""]), count.index) : null
}
lifecycle {
ignore_changes = [
tags,
]
}
}
#----------------------------------------------------------------------------------------------------
# Proximity placement group for virtual machines, virtual machine scale sets and availability sets.
#----------------------------------------------------------------------------------------------------
resource "azurerm_proximity_placement_group" "appgrp" {
count = var.enable_proximity_placement_group ? 1 : 0
name = lower("proxigrp-${local.vm_name}-${var.location}")
resource_group_name = var.resource_group_name
location = var.location
tags = merge({ "ResourceName" = lower("proxigrp-${local.vm_name}-${var.location}") }, var.tags, )
lifecycle {
ignore_changes = [
tags,
]
}
}
#-----------------------------------------------------
# Manages an Availability Set for Virtual Machines.
#-----------------------------------------------------
resource "azurerm_availability_set" "aset" {
count = var.enable_vm_availability_set ? 1 : 0
name = lower("avail-${local.vm_name}-${var.location}")
resource_group_name = var.resource_group_name
location = var.location
platform_fault_domain_count = var.platform_fault_domain_count
platform_update_domain_count = var.platform_update_domain_count
proximity_placement_group_id = var.enable_proximity_placement_group ? azurerm_proximity_placement_group.appgrp.0.id : null
managed = true
tags = merge({ "ResourceName" = lower("avail-${local.vm_name}-${var.location}") }, var.tags, )
lifecycle {
ignore_changes = [
tags,
]
}
}
resource "azurerm_network_interface_security_group_association" "nsgassoc" {
count = var.instances_count
network_interface_id = element(concat(azurerm_network_interface.nic.*.id, [""]), count.index)
network_security_group_id = var.existing_network_security_group_id
}
resource "azurerm_network_interface_backend_address_pool_association" "lb_pool_association" {
count = var.attach_load_balancer ? 1 : 0
backend_address_pool_id = var.load_balancer_backend_pool_id
ip_configuration_name = local.ip_configuration_name
network_interface_id = azurerm_network_interface.nic.0.id
}
resource "azurerm_network_interface_application_gateway_backend_address_pool_association" "appgw_pool_association" {
count = var.attach_application_gateway ? 1 : 0
backend_address_pool_id = var.application_gateway_backend_pool_id
ip_configuration_name = local.ip_configuration_name
network_interface_id = azurerm_network_interface.nic.0.id
}

12
src/terraform/core/overlays/virtualMachines/linux/outputs-module.tf Normal file
Просмотреть файл

@ -0,0 +1,12 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
output "terraform_module" {
description = "Information about this Terraform module"
value = {
name = "virtualMachine"
version = file("${path.module}/VERSION")
provider = "azurerm"
maintainer = "microsoft"
}
}

44
src/terraform/core/overlays/virtualMachines/linux/outputs.tf Normal file
Просмотреть файл

@ -0,0 +1,44 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
output "admin_ssh_key_public" {
description = "The generated public key data in PEM format"
value = var.disable_password_authentication == true && var.generate_admin_ssh_key == true && var.os_flavor == "linux" ? tls_private_key.rsa[0].public_key_openssh : null
}
output "admin_ssh_key_private" {
description = "The generated private key data in PEM format"
sensitive = true
value = var.disable_password_authentication == true && var.generate_admin_ssh_key == true && var.os_flavor == "linux" ? tls_private_key.rsa[0].private_key_pem : null
}
output "linux_vm_password" {
description = "Password for the Linux VM"
sensitive = true
value = var.disable_password_authentication == false && var.admin_password == null ? element(concat(random_password.passwd.*.result, [""]), 0) : var.admin_password
}
output "linux_vm_public_ips" {
description = "Public IP's map for the all linux Virtual Machines"
value = var.enable_public_ip_address == true && var.os_flavor == "linux" ? zipmap(azurerm_linux_virtual_machine.linux_vm.*.name, azurerm_linux_virtual_machine.linux_vm.*.public_ip_address) : null
}
output "linux_vm_private_ips" {
description = "Public IP's map for the all linux Virtual Machines"
value = var.os_flavor == "linux" ? zipmap(azurerm_linux_virtual_machine.linux_vm.*.name, azurerm_linux_virtual_machine.linux_vm.*.private_ip_address) : null
}
output "linux_virtual_machine_ids" {
description = "The resource id's of all Linux Virtual Machine."
value = var.os_flavor == "linux" ? concat(azurerm_linux_virtual_machine.linux_vm.*.id, [""]) : null
}
output "network_security_group_ids" {
description = "List of Network security groups and ids"
value = var.existing_network_security_group_id
}
output "vm_availability_set_id" {
description = "The resource ID of Virtual Machine availability set"
value = var.enable_vm_availability_set == true ? element(concat(azurerm_availability_set.aset.*.id, [""]), 0) : null
}

0
src/terraform/core/overlays/virtualMachines/linux/readme.md Normal file
Просмотреть файл

27
src/terraform/core/overlays/virtualMachines/linux/variables-aadsshlogin.tf Normal file
Просмотреть файл

@ -0,0 +1,27 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
variable "aad_ssh_login_enabled" {
description = "Enable SSH logins with Azure Active Directory"
type = bool
default = false
}
variable "aad_ssh_login_extension_version" {
description = "VM Extension version for Azure Active Directory SSH Login extension"
type = string
default = "1.0"
}
variable "aad_ssh_login_user_objects_ids" {
description = "Azure Active Directory objects IDs allowed to connect as standard user on the VM."
type = list(string)
default = []
}
variable "aad_ssh_login_admin_objects_ids" {
description = "Azure Active Directory objects IDs allowed to connect as administrator on the VM."
type = list(string)
default = []
}

64
src/terraform/core/overlays/virtualMachines/linux/variables-naming.tf Normal file
Просмотреть файл

@ -0,0 +1,64 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# Generic naming variables
variable "name_prefix" {
description = "Optional prefix for the generated name"
type = string
default = ""
}
variable "name_suffix" {
description = "Optional suffix for the generated name"
type = string
default = ""
}
variable "use_caf_naming" {
description = "Use the Azure CAF naming provider to generate default resource name. `custom_name` override this if set. Legacy default name is used if this is set to `false`."
type = bool
default = true
}
# Custom naming override
variable "custom_name" {
description = "Custom name for the Virtual Machine. Generated if not set."
type = string
default = ""
}
variable "custom_computer_name" {
description = "Custom name for the Virtual Machine Hostname. `vm_name` if not set."
type = string
default = ""
}
variable "custom_public_ip_name" {
description = "Custom name for public IP. Generated if not set."
type = string
default = null
}
variable "custom_nic_name" {
description = "Custom name for the NIC interface. Generated if not set."
type = string
default = null
}
variable "custom_ipconfig_name" {
description = "Custom name for the IP config of the NIC. Generated if not set."
type = string
default = null
}
variable "os_disk_custom_name" {
description = "Custom name for OS disk. Generated if not set."
type = string
default = null
}
variable "custom_dcr_name" {
description = "Custom name for Data collection rule association"
type = string
default = null
}

50
src/terraform/core/overlays/virtualMachines/linux/variables-tags.tf Normal file
Просмотреть файл

@ -0,0 +1,50 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
variable "default_tags_enabled" {
description = "Option to enable or disable default tags."
type = bool
default = true
}
variable "nic_extra_tags" {
description = "Extra tags to set on the network interface."
type = map(string)
default = {}
}
variable "public_ip_extra_tags" {
description = "Extra tags to set on the public IP resource."
type = map(string)
default = {}
}
variable "extra_tags" {
description = "Extra tags to set on each created resource."
type = map(string)
default = {}
}
variable "os_disk_extra_tags" {
description = "Extra tags to set on the OS disk."
type = map(string)
default = {}
}
variable "os_disk_tagging_enabled" {
description = "Should OS disk tagging be enabled? Defaults to `true`."
type = bool
default = true
}
variable "extensions_extra_tags" {
description = "Extra tags to set on the VM extensions."
type = map(string)
default = {}
}
variable "os_disk_overwrite_tags" {
description = "True to overwrite existing OS disk tags instead of merging."
type = bool
default = false
}

926
src/terraform/core/overlays/virtualMachines/linux/variables.tf Normal file
Просмотреть файл

@ -0,0 +1,926 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
###########################
# Global Configuration ##
###########################
variable "location" {
description = "Azure region in which instance will be hosted"
type = string
}
variable "location_short" {
description = "Azure region short name"
type = string
}
variable "environment" {
description = "Name of the workload's environnement"
type = string
}
variable "workload_name" {
description = "Name of the workload_name"
type = string
}
variable "org_name" {
description = "Name of the organization"
type = string
}
variable "virtual_network_name" {
description = "The name of the virtual network"
default = ""
}
variable "resource_group_name" {
description = "Name of the workload ressource group"
type = string
}
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
}
#######################
# VM Configuration ##
#######################
variable "create_vm_resource_group" {
description = "Should a resource group be created for the VM? Defaults to false"
type = bool
default = false
}
variable "random_password_length" {
description = "The desired length of random password created by this module"
default = 24
}
variable "virtual_machine_name" {
description = "The name of the virtual machine."
default = ""
}
variable "instances_count" {
description = "The number of Virtual Machines required."
default = 1
}
variable "os_flavor" {
description = "Specify the flavor of the operating system image to deploy Virtual Machine. Valid values are `windows` and `linux`"
default = "windows"
}
variable "virtual_machine_size" {
description = "The Virtual Machine SKU for the Virtual Machine, Default is Standard_A2_V2"
default = "Standard_A2_v2"
}
variable "source_image_id" {
description = "The ID of an Image which each Virtual Machine should be based on"
default = null
}
variable "dedicated_host_id" {
description = "The ID of a Dedicated Host where this machine should be run on."
default = null
}
variable "custom_data" {
description = "Base64 encoded file of a bash script that gets run once by cloud-init upon VM creation"
default = null
}
variable "enable_automatic_updates" {
description = "Specifies if Automatic Updates are Enabled for the Windows Virtual Machine."
default = false
}
variable "enable_encryption_at_host" {
description = " Should all of the disks (including the temp disk) attached to this Virtual Machine be encrypted by enabling Encryption at Host?"
default = false
}
variable "license_type" {
description = "Specifies the type of on-premise license which should be used for this Virtual Machine. Possible values are None, Windows_Client and Windows_Server."
default = "None"
}
variable "vm_time_zone" {
description = "Specifies the Time Zone which should be used by the Virtual Machine"
default = null
}
###############################################
# VM Password Authentication Configuration ##
###############################################
variable "disable_password_authentication" {
description = "Should Password Authentication be disabled on this Virtual Machine? Defaults to true."
default = true
}
variable "admin_username" {
description = "The username of the local administrator used for the Virtual Machine."
default = "azureadmin"
}
variable "admin_password" {
description = "The Password which should be used for the local-administrator on this Virtual Machine"
default = null
}
variable "generate_admin_ssh_key" {
description = "Generates a secure private key and encodes it as PEM."
default = false
}
variable "admin_ssh_key_data" {
description = "specify the path to the existing SSH key to authenticate Linux virtual machine"
default = null
}
variable "managed_identity_type" {
description = "The type of Managed Identity which should be assigned to the Linux Virtual Machine. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`"
default = null
}
variable "managed_identity_ids" {
description = "A list of User Managed Identity ID's which should be assigned to the Linux Virtual Machine."
default = null
}
variable "identity" {
description = "Map with identity block informations as described here https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine#identity"
type = object({
type = string
identity_ids = list(string)
})
default = {
type = "SystemAssigned"
identity_ids = []
}
}
###########################
# VM SSH Configuration ##
###########################
variable "ssh_public_key" {
description = "SSH public key"
type = string
default = null
}
variable "ssh_private_key" {
description = "SSH private key"
type = string
default = null
}
###############################
# VM Network Configuration ##
###############################
variable "vm_subnet_id" {
description = "ID of the Subnet in which create the Virtual Machine"
type = string
}
variable "nic_enable_accelerated_networking" {
description = "Should Accelerated Networking be enabled? Defaults to `false`."
type = bool
default = false
}
variable "nic_nsg_id" {
description = "NSG ID to associate on the Network Interface. No association if null."
type = string
default = null
}
variable "static_private_ip" {
description = "Static private IP. Private IP is dynamic if not set."
type = string
default = null
}
###########################
# VM Dns Configuration ##
###########################
variable "domain_name_label" {
description = "Label for the Domain Name. Will be used to make up the FQDN. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system."
default = null
}
variable "dns_servers" {
description = "List of dns servers to use for network interface"
default = []
}
variable "enable_accelerated_networking" {
description = "Should Accelerated Networking be enabled? Defaults to false."
default = false
}
variable "internal_dns_name_label" {
description = "The (relative) DNS Name used for internal communications between Virtual Machines in the same Virtual Network."
default = null
}
###########################
# VM PIP Configuration ##
###########################
variable "enable_public_ip_address" {
description = "Reference to a Public IP Address to associate with the NIC"
default = null
}
variable "enable_ip_forwarding" {
description = "Should IP Forwarding be enabled? Defaults to false"
default = false
}
variable "public_ip_allocation_method" {
description = "Defines the allocation method for this IP address. Possible values are `Static` or `Dynamic`"
default = "Static"
}
variable "public_ip_sku" {
description = "SKU for the public IP attached to the VM. Can be `null` if no public IP needed."
default = "Standard"
}
variable "public_ip_sku_tier" {
description = "The SKU Tier that should be used for the Public IP. Possible values are `Regional` and `Global`"
default = "Regional"
}
variable "public_ip_availability_zone" {
description = "Zones for public IP attached to the VM. Can be `null` if no zone distpatch."
type = list(number)
default = [1, 2, 3]
}
variable "private_ip_address_allocation_type" {
description = "The allocation method used for the Private IP Address. Possible values are Dynamic and Static."
default = "Dynamic"
}
variable "private_ip_address" {
description = "The Static IP Address which should be used. This is valid only when `private_ip_address_allocation` is set to `Static` "
default = null
}
#####################################
# VM Load Balancer Configuration ##
#####################################
variable "attach_load_balancer" {
description = "True to attach this VM to a Load Balancer"
type = bool
default = false
}
variable "load_balancer_backend_pool_id" {
description = "Id of the Load Balancer Backend Pool to attach the VM."
type = string
default = null
}
###########################################
# VM Application Gateway Configuration ##
###########################################
variable "attach_application_gateway" {
description = "True to attach this VM to an Application Gateway"
type = bool
default = false
}
variable "application_gateway_backend_pool_id" {
description = "Id of the Application Gateway Backend Pool to attach the VM."
type = string
default = null
}
####################################
# VM Availability Configuration ##
####################################
variable "enable_vm_availability_set" {
description = "Manages an Availability Set for Virtual Machines."
default = false
}
variable "enable_proximity_placement_group" {
description = "Manages a proximity placement group for virtual machines, virtual machine scale sets and availability sets."
default = false
}
variable "platform_fault_domain_count" {
description = "Specifies the number of fault domains that are used"
default = 3
}
variable "platform_update_domain_count" {
description = "Specifies the number of update domains that are used"
default = 5
}
variable "vm_availability_zone" {
description = "The Zone in which this Virtual Machine should be created. Conflicts with availability set and shouldn't use both"
default = null
}
###########################
# VM NSG Configuration ##
###########################
variable "existing_network_security_group_id" {
description = "The resource id of existing network security group"
default = null
}
#############################
# VM Image Configuration ##
#############################
variable "custom_image" {
description = "Provide the custom image to this module if the default variants are not sufficient"
type = map(object({
publisher = string
offer = string
sku = string
version = string
}))
default = null
}
variable "linux_distribution_list" {
description = "Pre-defined Azure Linux VM images list"
type = map(object({
publisher = string
offer = string
sku = string
version = string
}))
default = {
ubuntu1604 = {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
},
ubuntu1804 = {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
},
ubuntu1904 = {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "19.04"
version = "latest"
},
ubuntu2004 = {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-focal-daily"
sku = "20_04-daily-lts"
version = "latest"
},
ubuntu2004-gen2 = {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-focal-daily"
sku = "20_04-daily-lts-gen2"
version = "latest"
},
centos77 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "7.7"
version = "latest"
},
centos78-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "7_8-gen2"
version = "latest"
},
centos79-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "7_9-gen2"
version = "latest"
},
centos81 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "8_1"
version = "latest"
},
centos81-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "8_1-gen2"
version = "latest"
},
centos82-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "8_2-gen2"
version = "latest"
},
centos83-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "8_3-gen2"
version = "latest"
},
centos84-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "8_4-gen2"
version = "latest"
},
coreos = {
publisher = "CoreOS"
offer = "CoreOS"
sku = "Stable"
version = "latest"
},
rhel78 = {
publisher = "RedHat"
offer = "RHEL"
sku = "7.8"
version = "latest"
},
rhel78-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "78-gen2"
version = "latest"
},
rhel79 = {
publisher = "RedHat"
offer = "RHEL"
sku = "7.9"
version = "latest"
},
rhel79-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "79-gen2"
version = "latest"
},
rhel81 = {
publisher = "RedHat"
offer = "RHEL"
sku = "8.1"
version = "latest"
},
rhel81-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "81gen2"
version = "latest"
},
rhel82 = {
publisher = "RedHat"
offer = "RHEL"
sku = "8.2"
version = "latest"
},
rhel82-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "82gen2"
version = "latest"
},
rhel83 = {
publisher = "RedHat"
offer = "RHEL"
sku = "8.3"
version = "latest"
},
rhel83-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "83gen2"
version = "latest"
},
rhel84 = {
publisher = "RedHat"
offer = "RHEL"
sku = "8.4"
version = "latest"
},
rhel84-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "84gen2"
version = "latest"
},
rhel84-byos = {
publisher = "RedHat"
offer = "rhel-byos"
sku = "rhel-lvm84"
version = "latest"
},
rhel84-byos-gen2 = {
publisher = "RedHat"
offer = "rhel-byos"
sku = "rhel-lvm84-gen2"
version = "latest"
},
mssql2019ent-rhel8 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-rhel8"
sku = "enterprise"
version = "latest"
},
mssql2019std-rhel8 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-rhel8"
sku = "standard"
version = "latest"
},
mssql2019dev-rhel8 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-rhel8"
sku = "sqldev"
version = "latest"
},
mssql2019ent-ubuntu1804 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu1804"
sku = "enterprise"
version = "latest"
},
mssql2019std-ubuntu1804 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu1804"
sku = "standard"
version = "latest"
},
mssql2019dev-ubuntu1804 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu1804"
sku = "sqldev"
version = "latest"
},
mssql2019ent-ubuntu2004 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu2004"
sku = "enterprise"
version = "latest"
},
mssql2019std-ubuntu2004 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu2004"
sku = "standard"
version = "latest"
},
mssql2019dev-ubuntu2004 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu2004"
sku = "sqldev"
version = "latest"
},
}
}
variable "linux_distribution_name" {
default = "ubuntu1804"
description = "Variable to pick an OS flavour for Linux based VM. Possible values include: centos8, ubuntu1804"
}
variable "windows_distribution_list" {
description = "Pre-defined Azure Windows VM images list"
type = map(object({
publisher = string
offer = string
sku = string
version = string
}))
default = {
windows2012r2dc = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2012-R2-Datacenter"
version = "latest"
},
windows2016dc = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter"
version = "latest"
},
windows2019dc = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
},
windows2019dc-gensecond = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-datacenter-gensecond"
version = "latest"
},
windows2019dc-gs = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-datacenter-gs"
version = "latest"
},
windows2019dc-containers = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter-with-Containers"
version = "latest"
},
windows2019dc-containers-g2 = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-datacenter-with-containers-g2"
version = "latest"
},
windows2019dccore = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter-Core"
version = "latest"
},
windows2019dccore-g2 = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-datacenter-core-g2"
version = "latest"
},
windows2016dccore = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter-Server-Core"
version = "latest"
},
mssql2017exp = {
publisher = "MicrosoftSQLServer"
offer = "SQL2017-WS2019"
sku = "express"
version = "latest"
},
mssql2017dev = {
publisher = "MicrosoftSQLServer"
offer = "SQL2017-WS2019"
sku = "sqldev"
version = "latest"
},
mssql2017std = {
publisher = "MicrosoftSQLServer"
offer = "SQL2017-WS2019"
sku = "standard"
version = "latest"
},
mssql2017ent = {
publisher = "MicrosoftSQLServer"
offer = "SQL2017-WS2019"
sku = "enterprise"
version = "latest"
},
mssql2019std = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ws2019"
sku = "standard"
version = "latest"
},
mssql2019dev = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ws2019"
sku = "sqldev"
version = "latest"
},
mssql2019ent = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ws2019"
sku = "enterprise"
version = "latest"
},
mssql2019ent-byol = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ws2019-byol"
sku = "enterprise"
version = "latest"
},
mssql2019std-byol = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ws2019-byol"
sku = "standard"
version = "latest"
}
}
}
variable "windows_distribution_name" {
default = "windows2019dc"
description = "Variable to pick an OS flavour for Windows based VM. Possible values include: winserver, wincore, winsql"
}
#####################################
# VM Data Storage Configuration ##
#####################################
variable "os_disk_storage_account_type" {
description = "The Type of Storage Account which should back this the Internal OS Disk. Possible values include Standard_LRS, StandardSSD_LRS and Premium_LRS."
default = "StandardSSD_LRS"
}
variable "os_disk_caching" {
description = "The Type of Caching which should be used for the Internal OS Disk. Possible values are `None`, `ReadOnly` and `ReadWrite`"
default = "ReadWrite"
}
variable "disk_encryption_set_id" {
description = "The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk. The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault"
default = null
}
variable "disk_size_gb" {
description = "The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine is sourced from."
default = null
}
variable "enable_os_disk_write_accelerator" {
description = "Should Write Accelerator be Enabled for this OS Disk? This requires that the `storage_account_type` is set to `Premium_LRS` and that `caching` is set to `None`."
default = false
}
variable "os_disk_name" {
description = "The name which should be used for the Internal OS Disk"
default = null
}
variable "enable_ultra_ssd_data_disk_storage_support" {
description = "Should the capacity to enable Data Disks of the UltraSSD_LRS storage account type be supported on this Virtual Machine"
default = false
}
variable "winrm_protocol" {
description = "Specifies the protocol of winrm listener. Possible values are `Http` or `Https`"
default = null
}
variable "key_vault_certificate_secret_url" {
description = "The Secret URL of a Key Vault Certificate, which must be specified when `protocol` is set to `Https`"
default = null
}
variable "additional_unattend_content" {
description = "The XML formatted content that is added to the unattend.xml file for the specified path and component."
default = null
}
variable "additional_unattend_content_setting" {
description = "The name of the setting to which the content applies. Possible values are `AutoLogon` and `FirstLogonCommands`"
default = null
}
variable "enable_boot_diagnostics" {
description = "Should the boot diagnostics enabled?"
default = false
}
variable "storage_account_uri" {
description = "The Primary/Secondary Endpoint for the Azure Storage Account which should be used to store Boot Diagnostics, including Console Output and Screenshots from the Hypervisor. Passing a `null` value will utilize a Managed Storage Account to store Boot Diagnostics."
default = null
}
variable "data_disks" {
description = "A list of Data Disks which should be attached to the Virtual Machine. Each Data Disk can be configured with the following properties:"
type = map(object({
name = optional(string)
create_option = optional(string, "Empty")
disk_size_gb = number
lun = optional(number)
caching = optional(string, "ReadWrite")
storage_account_type = optional(string, "StandardSSD_ZRS")
source_resource_id = optional(string)
extra_tags = optional(map(string), {})
}))
default = {}
}
#####################################
# VM log analytics Configuration ##
#####################################
variable "nsg_diag_logs" {
description = "NSG Monitoring Category details for Azure Diagnostic setting"
default = ["NetworkSecurityGroupEvent", "NetworkSecurityGroupRuleCounter"]
}
variable "log_analytics_resource_id" {
description = "The name of log analytics workspace resource id"
default = null
}
variable "log_analytics_customer_id" {
description = "The Workspace (or Customer) ID for the Log Analytics Workspace."
default = null
}
variable "log_analytics_workspace_primary_shared_key" {
description = "The Primary shared key for the Log Analytics Workspace"
default = null
}
variable "storage_account_name" {
description = "The name of the hub storage account to store logs"
default = null
}
variable "deploy_log_analytics_agent" {
description = "Install log analytics agent to windows or linux VM"
default = false
}
##############################
# VM Backup Configuration ##
##############################
variable "backup_policy_id" {
description = "Backup policy ID from the Recovery Vault to attach the Virtual Machine to (value to `null` to disable backup)"
type = string
default = null
}
variable "patch_mode" {
description = "Specifies the mode of in-guest patching to Linux or Windows Virtual Machine. Possible values are `Manual`, `AutomaticByOS` and `AutomaticByPlatform`"
default = "AutomaticByPlatform"
}

16
src/terraform/core/overlays/virtualMachines/linux/versions.tf Normal file
Просмотреть файл

@ -0,0 +1,16 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
terraform {
required_version = ">= 1.3"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.22"
}
azurecaf = {
source = "aztfmod/azurecaf"
version = "~> 1.2, >= 1.2.22"
}
}
}

1
src/terraform/core/overlays/virtualMachines/windows/VERSION Normal file
Просмотреть файл

@ -0,0 +1 @@
v0.12.0

14
src/terraform/core/overlays/virtualMachines/windows/backup.tf Normal file
Просмотреть файл

@ -0,0 +1,14 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#---------------------------------------
# Virtual machine backup
#---------------------------------------
resource "azurerm_backup_protected_vm" "backup" {
for_each = toset(var.backup_policy_id != null ? ["enabled"] : [])
resource_group_name = local.backup_resource_group_name
recovery_vault_name = local.backup_recovery_vault_name
source_vm_id = azurerm_windows_virtual_machine.windows_vm.0.id
backup_policy_id = var.backup_policy_id
}

31
src/terraform/core/overlays/virtualMachines/windows/dataDisks.tf Normal file
Просмотреть файл

@ -0,0 +1,31 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#---------------------------------------
# Virtual machine data disks
#---------------------------------------
resource "azurerm_managed_disk" "data_disk" {
for_each = var.data_disks
name = coalesce(each.value.name, var.use_caf_naming ? data.azurecaf_name.disk[each.key].result : format("%s-datadisk%s", local.vm_name, each.key))
resource_group_name = var.resource_group_name
location = var.location
storage_account_type = each.value.storage_account_type
create_option = each.value.create_option
disk_size_gb = each.value.disk_size_gb
source_resource_id = contains(["Copy", "Restore"], each.value.create_option) ? each.value.source_resource_id : null
tags = merge({ "ResourceName" = "${local.vm_name}_DataDisk_${each.value.lun}" }, var.tags, )
lifecycle {
ignore_changes = [
tags,
]
}
}
resource "azurerm_virtual_machine_data_disk_attachment" "data_disk" {
for_each = var.data_disks
managed_disk_id = azurerm_managed_disk.data_disk[each.key].id
virtual_machine_id = azurerm_windows_virtual_machine.windows_vm[0].id
lun = coalesce(each.value.lun, index(keys(var.data_disks), each.key))
caching = each.value.caching
}

21
src/terraform/core/overlays/virtualMachines/windows/locals-naming.tf Normal file
Просмотреть файл

@ -0,0 +1,21 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#------------------------------------------------------------
# Local Naming configuration - Default (required).
#------------------------------------------------------------
locals {
# Naming locals/constants
name_prefix = lower(var.name_prefix)
name_suffix = lower(var.name_suffix)
vm_name = coalesce(var.custom_name, data.azurecaf_name.vm.result)
vm_hostname = coalesce(var.custom_computer_name, local.vm_name)
vm_os_disk_name = coalesce(var.os_disk_custom_name, "${local.vm_name}-osdisk")
vm_pub_ip_name = coalesce(var.custom_public_ip_name, data.azurecaf_name.pub_ip.result)
vm_nic_name = coalesce(var.custom_nic_name, data.azurecaf_name.nic.result)
ip_configuration_name = coalesce(var.custom_ipconfig_name, "${local.vm_name}-nic-ipconfig")
dcr_name = coalesce(var.custom_dcr_name, format("dcra-%s", local.vm_name))
}

17
src/terraform/core/overlays/virtualMachines/windows/locals-tags.tf Normal file
Просмотреть файл

@ -0,0 +1,17 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#------------------------------------------------------------
# Local Tags configuration - Default (required).
#------------------------------------------------------------
locals {
default_tags = var.default_tags_enabled ? {
env = var.environment
core = var.workload_name
} : {}
default_vm_tags = var.default_tags_enabled ? {
os_family = "windows"
} : {}
}

11
src/terraform/core/overlays/virtualMachines/windows/locals.tf Normal file
Просмотреть файл

@ -0,0 +1,11 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#------------------------------------------------------------
# Local configuration - Default (required).
#------------------------------------------------------------
locals {
backup_resource_group_name = var.backup_policy_id != null ? split("/", var.backup_policy_id)[4] : null
backup_recovery_vault_name = var.backup_policy_id != null ? split("/", var.backup_policy_id)[8] : null
}

27
src/terraform/core/overlays/virtualMachines/windows/loganalytics.tf Normal file
Просмотреть файл

@ -0,0 +1,27 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#--------------------------------------------------------------
# Azure Log Analytics Workspace Agent Installation for Windows
#--------------------------------------------------------------
resource "azurerm_virtual_machine_extension" "oms_agent_linux" {
count = var.deploy_log_analytics_agent ? var.instances_count : 0
name = var.instances_count == 1 ? "OmsAgentForWindows" : format("%s%s", "OmsAgentForLinux", count.index + 1)
virtual_machine_id = azurerm_windows_virtual_machine.windows_vm[count.index].id
publisher = "Microsoft.EnterpriseCloud.Monitoring"
type = "OmsAgentForWindows"
type_handler_version = "1.13"
auto_upgrade_minor_version = true
settings = <<SETTINGS
{
"workspaceId": "${var.log_analytics_customer_id}"
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"workspaceKey": "${var.log_analytics_workspace_primary_shared_key}"
}
PROTECTED_SETTINGS
}

124
src/terraform/core/overlays/virtualMachines/windows/main.tf Normal file
Просмотреть файл

@ -0,0 +1,124 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# By default, this module will not create a resource group
# provide a name to use an existing resource group, specify the existing resource group name,
# and set the argument to `create_storage_account_resource_group = false`. Location will be same as existing RG.
resource "azurerm_resource_group" "rg" {
count = var.create_vm_resource_group ? 1 : 0
name = var.resource_group_name
location = var.location
tags = merge({ "Name" = format("%s", var.resource_group_name) }, var.tags, )
}
resource "random_password" "passwd" {
count = (var.os_flavor == "windows" && var.disable_password_authentication == false && var.admin_password == null ? 1 : (var.os_flavor == "windows" && var.admin_password == null ? 1 : 0))
length = var.random_password_length
min_upper = 4
min_lower = 2
min_numeric = 4
special = false
keepers = {
admin_password = local.vm_name
}
}
#---------------------------------------------------------------
# Generates SSH2 key Pair for Linux VM's (Dev Environment only)
#---------------------------------------------------------------
resource "tls_private_key" "rsa" {
count = var.generate_admin_ssh_key ? 1 : 0
algorithm = "RSA"
rsa_bits = 4096
}
#---------------------------------------
# Windows Virutal machine
#---------------------------------------
resource "azurerm_windows_virtual_machine" "win_vm" {
count = var.os_flavor == "windows" ? var.instances_count : 0
name = var.instances_count == 1 ? substr(local.vm_hostname, 0, 15) : substr(format("%s%s", lower(replace(local.vm_hostname, "/[[:^alnum:]]/", "")), count.index + 1), 0, 15)
computer_name = var.instances_count == 1 ? substr(local.vm_hostname, 0, 15) : substr(format("%s%s", lower(replace(local.vm_hostname, "/[[:^alnum:]]/", "")), count.index + 1), 0, 15)
resource_group_name = var.resource_group_name
location = var.location
size = var.virtual_machine_size
admin_username = var.admin_username
admin_password = var.admin_password == null ? element(concat(random_password.passwd.*.result, [""]), 0) : var.admin_password
network_interface_ids = [element(concat(azurerm_network_interface.nic.*.id, [""]), count.index)]
source_image_id = var.source_image_id != null ? var.source_image_id : null
provision_vm_agent = true
allow_extension_operations = true
dedicated_host_id = var.dedicated_host_id
custom_data = var.custom_data != null ? var.custom_data : null
enable_automatic_updates = var.enable_automatic_updates
license_type = var.license_type
availability_set_id = var.enable_vm_availability_set == true ? element(concat(azurerm_availability_set.aset.*.id, [""]), 0) : null
encryption_at_host_enabled = var.enable_encryption_at_host
proximity_placement_group_id = var.enable_proximity_placement_group ? azurerm_proximity_placement_group.appgrp.0.id : null
patch_mode = var.patch_mode
zone = var.vm_availability_zone
timezone = var.vm_time_zone
tags = merge({ "ResourceName" = var.instances_count == 1 ? local.vm_hostname : format("%s%s", lower(replace(local.vm_hostname, "/[[:^alnum:]]/", "")), count.index + 1) }, var.tags, )
dynamic "source_image_reference" {
for_each = var.source_image_id != null ? [] : [1]
content {
publisher = var.custom_image != null ? var.custom_image["publisher"] : var.windows_distribution_list[lower(var.windows_distribution_name)]["publisher"]
offer = var.custom_image != null ? var.custom_image["offer"] : var.windows_distribution_list[lower(var.windows_distribution_name)]["offer"]
sku = var.custom_image != null ? var.custom_image["sku"] : var.windows_distribution_list[lower(var.windows_distribution_name)]["sku"]
version = var.custom_image != null ? var.custom_image["version"] : var.windows_distribution_list[lower(var.windows_distribution_name)]["version"]
}
}
os_disk {
storage_account_type = var.os_disk_storage_account_type
caching = var.os_disk_caching
disk_encryption_set_id = var.disk_encryption_set_id
disk_size_gb = var.disk_size_gb
write_accelerator_enabled = var.enable_os_disk_write_accelerator
name = var.os_disk_name
}
additional_capabilities {
ultra_ssd_enabled = var.enable_ultra_ssd_data_disk_storage_support
}
dynamic "identity" {
for_each = var.managed_identity_type != null ? [1] : []
content {
type = var.managed_identity_type
identity_ids = var.managed_identity_type == "UserAssigned" || var.managed_identity_type == "SystemAssigned, UserAssigned" ? var.managed_identity_ids : null
}
}
dynamic "winrm_listener" {
for_each = var.winrm_protocol != null ? [1] : []
content {
protocol = var.winrm_protocol
certificate_url = var.winrm_protocol == "Https" ? var.key_vault_certificate_secret_url : null
}
}
dynamic "additional_unattend_content" {
for_each = var.additional_unattend_content != null ? [1] : []
content {
content = var.additional_unattend_content
setting = var.additional_unattend_content_setting
}
}
dynamic "boot_diagnostics" {
for_each = var.enable_boot_diagnostics ? [1] : []
content {
storage_account_uri = var.storage_account_name != null ? data.azurerm_storage_account.storeacc.0.primary_blob_endpoint : var.storage_account_uri
}
}
lifecycle {
ignore_changes = [
tags,
patch_mode,
]
}
}

44
src/terraform/core/overlays/virtualMachines/windows/naming.tf Normal file
Просмотреть файл

@ -0,0 +1,44 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
data "azurecaf_name" "vm" {
name = var.workload_name
resource_type = "azurerm_windows_virtual_machine"
prefixes = var.name_prefix == "" ? null : [local.name_prefix]
suffixes = compact([var.org_name, var.location_short, var.environment, local.name_suffix, var.use_caf_naming ? "" : "vm"])
use_slug = var.use_caf_naming
clean_input = true
separator = "-"
}
data "azurecaf_name" "pub_ip" {
name = var.workload_name
resource_type = "azurerm_public_ip"
prefixes = var.name_prefix == "" ? null : [local.name_prefix]
suffixes = compact([var.org_name, var.location_short, var.environment, local.name_suffix, var.use_caf_naming ? "" : "pubip"])
use_slug = var.use_caf_naming
clean_input = true
separator = "-"
}
data "azurecaf_name" "nic" {
name = var.workload_name
resource_type = "azurerm_network_interface"
prefixes = var.name_prefix == "" ? null : [local.name_prefix]
suffixes = compact([var.org_name, var.location_short, var.environment, local.name_suffix, var.use_caf_naming ? "" : "nic"])
use_slug = var.use_caf_naming
clean_input = true
separator = "-"
}
data "azurecaf_name" "disk" {
for_each = var.data_disks
name = var.workload_name
resource_type = "azurerm_managed_disk"
prefixes = var.name_prefix == "" ? null : [local.name_prefix]
suffixes = compact([var.org_name, var.location_short, var.environment, each.key])
use_slug = var.use_caf_naming
clean_input = true
separator = "-"
}

114
src/terraform/core/overlays/virtualMachines/windows/network.tf Normal file
Просмотреть файл

@ -0,0 +1,114 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#-----------------------------------
# Public IP for Virtual Machine
#-----------------------------------
resource "azurerm_public_ip" "pip" {
count = var.enable_public_ip_address == true ? var.instances_count : 0
name = lower("${local.vm_pub_ip_name}-0${count.index + 1}")
location = var.location
resource_group_name = var.resource_group_name
allocation_method = var.public_ip_allocation_method
sku = var.public_ip_sku
sku_tier = var.public_ip_sku_tier
domain_name_label = coalesce(var.internal_dns_name_label, local.vm_name)
tags = merge(local.default_tags, var.extra_tags, var.public_ip_extra_tags)
lifecycle {
ignore_changes = [
tags,
ip_tags,
]
}
}
#---------------------------------------
# Network Interface for Virtual Machine
#---------------------------------------
resource "azurerm_network_interface" "nic" {
count = var.instances_count
name = var.instances_count == 1 ? lower("nic-${format("vm%s", lower(replace(local.vm_nic_name, "/[[:^alnum:]]/", "")))}") : lower("nic-${format("vm%s%s", lower(replace(local.vm_nic_name, "/[[:^alnum:]]/", "")), count.index + 1)}")
location = var.location
resource_group_name = var.resource_group_name
dns_servers = var.dns_servers
enable_ip_forwarding = var.enable_ip_forwarding
enable_accelerated_networking = var.nic_enable_accelerated_networking
internal_dns_name_label = var.internal_dns_name_label
tags = merge(local.default_tags, var.extra_tags, var.nic_extra_tags)
ip_configuration {
name = lower("ipconig-${format("vm%s%s", lower(replace(local.vm_nic_name, "/[[:^alnum:]]/", "")), count.index + 1)}")
primary = true
subnet_id = var.vm_subnet_id
private_ip_address_allocation = var.static_private_ip == null ? "Dynamic" : "Static"
private_ip_address = var.static_private_ip
public_ip_address_id = var.enable_public_ip_address == true ? element(concat(azurerm_public_ip.pip.*.id, [""]), count.index) : null
}
lifecycle {
ignore_changes = [
tags,
]
}
}
#----------------------------------------------------------------------------------------------------
# Proximity placement group for virtual machines, virtual machine scale sets and availability sets.
#----------------------------------------------------------------------------------------------------
resource "azurerm_proximity_placement_group" "appgrp" {
count = var.enable_proximity_placement_group ? 1 : 0
name = lower("proxigrp-${local.vm_name}-${var.location}")
resource_group_name = var.resource_group_name
location = var.location
tags = merge({ "ResourceName" = lower("proxigrp-${local.vm_name}-${var.location}") }, var.tags, )
lifecycle {
ignore_changes = [
tags,
]
}
}
#-----------------------------------------------------
# Manages an Availability Set for Virtual Machines.
#-----------------------------------------------------
resource "azurerm_availability_set" "aset" {
count = var.enable_vm_availability_set ? 1 : 0
name = lower("avail-${local.vm_name}-${var.location}")
resource_group_name = var.resource_group_name
location = var.location
platform_fault_domain_count = var.platform_fault_domain_count
platform_update_domain_count = var.platform_update_domain_count
proximity_placement_group_id = var.enable_proximity_placement_group ? azurerm_proximity_placement_group.appgrp.0.id : null
managed = true
tags = merge({ "ResourceName" = lower("avail-${local.vm_name}-${var.location}") }, var.tags, )
lifecycle {
ignore_changes = [
tags,
]
}
}
resource "azurerm_network_interface_security_group_association" "nsgassoc" {
count = var.instances_count
network_interface_id = element(concat(azurerm_network_interface.nic.*.id, [""]), count.index)
network_security_group_id = var.existing_network_security_group_id
}
resource "azurerm_network_interface_backend_address_pool_association" "lb_pool_association" {
count = var.attach_load_balancer ? 1 : 0
backend_address_pool_id = var.load_balancer_backend_pool_id
ip_configuration_name = local.ip_configuration_name
network_interface_id = azurerm_network_interface.nic.0.id
}
resource "azurerm_network_interface_application_gateway_backend_address_pool_association" "appgw_pool_association" {
count = var.attach_application_gateway ? 1 : 0
backend_address_pool_id = var.application_gateway_backend_pool_id
ip_configuration_name = local.ip_configuration_name
network_interface_id = azurerm_network_interface.nic.0.id
}

12
src/terraform/core/overlays/virtualMachines/windows/outputs-module.tf Normal file
Просмотреть файл

@ -0,0 +1,12 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
output "terraform_module" {
description = "Information about this Terraform module"
value = {
name = "virtualMachine"
version = file("${path.module}/VERSION")
provider = "azurerm"
maintainer = "microsoft"
}
}

44
src/terraform/core/overlays/virtualMachines/windows/outputs.tf Normal file
Просмотреть файл

@ -0,0 +1,44 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
output "admin_ssh_key_public" {
description = "The generated public key data in PEM format"
value = var.disable_password_authentication == true && var.generate_admin_ssh_key == true && var.os_flavor == "linux" ? tls_private_key.rsa[0].public_key_openssh : null
}
output "admin_ssh_key_private" {
description = "The generated private key data in PEM format"
sensitive = true
value = var.disable_password_authentication == true && var.generate_admin_ssh_key == true && var.os_flavor == "linux" ? tls_private_key.rsa[0].private_key_pem : null
}
output "windows_vm_password" {
description = "Password for the windows VM"
sensitive = true
value = var.os_flavor == "windows" ? element(concat(random_password.passwd.*.result, [""]), 0) : null
}
output "windows_vm_public_ips" {
description = "Public IP's map for the all windows Virtual Machines"
value = var.enable_public_ip_address == true && var.os_flavor == "windows" ? zipmap(azurerm_windows_virtual_machine.win_vm.*.name, azurerm_windows_virtual_machine.win_vm.*.public_ip_address) : null
}
output "windows_vm_private_ips" {
description = "Public IP's map for the all windows Virtual Machines"
value = var.os_flavor == "windows" ? zipmap(azurerm_windows_virtual_machine.win_vm.*.name, azurerm_windows_virtual_machine.win_vm.*.private_ip_address) : null
}
output "windows_virtual_machine_ids" {
description = "The resource id's of all Windows Virtual Machine."
value = var.os_flavor == "windows" ? concat(azurerm_windows_virtual_machine.win_vm.*.id, [""]) : null
}
output "existing_network_security_group_id" {
description = "List of Network security groups and ids"
value = var.existing_network_security_group_id
}
output "vm_availability_set_id" {
description = "The resource ID of Virtual Machine availability set"
value = var.enable_vm_availability_set == true ? element(concat(azurerm_availability_set.aset.*.id, [""]), 0) : null
}

0
src/terraform/core/overlays/virtualMachines/windows/readme.md Normal file
Просмотреть файл

27
src/terraform/core/overlays/virtualMachines/windows/variables-aadsshlogin.tf Normal file
Просмотреть файл

@ -0,0 +1,27 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
variable "aad_ssh_login_enabled" {
description = "Enable SSH logins with Azure Active Directory"
type = bool
default = false
}
variable "aad_ssh_login_extension_version" {
description = "VM Extension version for Azure Active Directory SSH Login extension"
type = string
default = "1.0"
}
variable "aad_ssh_login_user_objects_ids" {
description = "Azure Active Directory objects IDs allowed to connect as standard user on the VM."
type = list(string)
default = []
}
variable "aad_ssh_login_admin_objects_ids" {
description = "Azure Active Directory objects IDs allowed to connect as administrator on the VM."
type = list(string)
default = []
}

64
src/terraform/core/overlays/virtualMachines/windows/variables-naming.tf Normal file
Просмотреть файл

@ -0,0 +1,64 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# Generic naming variables
variable "name_prefix" {
description = "Optional prefix for the generated name"
type = string
default = ""
}
variable "name_suffix" {
description = "Optional suffix for the generated name"
type = string
default = ""
}
variable "use_caf_naming" {
description = "Use the Azure CAF naming provider to generate default resource name. `custom_name` override this if set. Legacy default name is used if this is set to `false`."
type = bool
default = true
}
# Custom naming override
variable "custom_name" {
description = "Custom name for the Virtual Machine. Generated if not set."
type = string
default = ""
}
variable "custom_computer_name" {
description = "Custom name for the Virtual Machine Hostname. `vm_name` if not set."
type = string
default = ""
}
variable "custom_public_ip_name" {
description = "Custom name for public IP. Generated if not set."
type = string
default = null
}
variable "custom_nic_name" {
description = "Custom name for the NIC interface. Generated if not set."
type = string
default = null
}
variable "custom_ipconfig_name" {
description = "Custom name for the IP config of the NIC. Generated if not set."
type = string
default = null
}
variable "os_disk_custom_name" {
description = "Custom name for OS disk. Generated if not set."
type = string
default = null
}
variable "custom_dcr_name" {
description = "Custom name for Data collection rule association"
type = string
default = null
}

50
src/terraform/core/overlays/virtualMachines/windows/variables-tags.tf Normal file
Просмотреть файл

@ -0,0 +1,50 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
variable "default_tags_enabled" {
description = "Option to enable or disable default tags."
type = bool
default = true
}
variable "nic_extra_tags" {
description = "Extra tags to set on the network interface."
type = map(string)
default = {}
}
variable "public_ip_extra_tags" {
description = "Extra tags to set on the public IP resource."
type = map(string)
default = {}
}
variable "extra_tags" {
description = "Extra tags to set on each created resource."
type = map(string)
default = {}
}
variable "os_disk_extra_tags" {
description = "Extra tags to set on the OS disk."
type = map(string)
default = {}
}
variable "os_disk_tagging_enabled" {
description = "Should OS disk tagging be enabled? Defaults to `true`."
type = bool
default = true
}
variable "extensions_extra_tags" {
description = "Extra tags to set on the VM extensions."
type = map(string)
default = {}
}
variable "os_disk_overwrite_tags" {
description = "True to overwrite existing OS disk tags instead of merging."
type = bool
default = false
}

926
src/terraform/core/overlays/virtualMachines/windows/variables.tf Normal file
Просмотреть файл

@ -0,0 +1,926 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
###########################
# Global Configuration ##
###########################
variable "location" {
description = "Azure region in which instance will be hosted"
type = string
}
variable "location_short" {
description = "Azure region short name"
type = string
}
variable "environment" {
description = "Name of the workload's environnement"
type = string
}
variable "workload_name" {
description = "Name of the workload_name"
type = string
}
variable "org_name" {
description = "Name of the organization"
type = string
}
variable "virtual_network_name" {
description = "The name of the virtual network"
default = ""
}
variable "resource_group_name" {
description = "Name of the workload ressource group"
type = string
}
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
}
#######################
# VM Configuration ##
#######################
variable "create_vm_resource_group" {
description = "Should a resource group be created for the VM? Defaults to false"
type = bool
default = false
}
variable "random_password_length" {
description = "The desired length of random password created by this module"
default = 24
}
variable "virtual_machine_name" {
description = "The name of the virtual machine."
default = ""
}
variable "instances_count" {
description = "The number of Virtual Machines required."
default = 1
}
variable "os_flavor" {
description = "Specify the flavor of the operating system image to deploy Virtual Machine. Valid values are `windows` and `linux`"
default = "windows"
}
variable "virtual_machine_size" {
description = "The Virtual Machine SKU for the Virtual Machine, Default is Standard_A2_V2"
default = "Standard_A2_v2"
}
variable "source_image_id" {
description = "The ID of an Image which each Virtual Machine should be based on"
default = null
}
variable "dedicated_host_id" {
description = "The ID of a Dedicated Host where this machine should be run on."
default = null
}
variable "custom_data" {
description = "Base64 encoded file of a bash script that gets run once by cloud-init upon VM creation"
default = null
}
variable "enable_automatic_updates" {
description = "Specifies if Automatic Updates are Enabled for the Windows Virtual Machine."
default = false
}
variable "enable_encryption_at_host" {
description = " Should all of the disks (including the temp disk) attached to this Virtual Machine be encrypted by enabling Encryption at Host?"
default = false
}
variable "license_type" {
description = "Specifies the type of on-premise license which should be used for this Virtual Machine. Possible values are None, Windows_Client and Windows_Server."
default = "None"
}
variable "vm_time_zone" {
description = "Specifies the Time Zone which should be used by the Virtual Machine"
default = null
}
###############################################
# VM Password Authentication Configuration ##
###############################################
variable "disable_password_authentication" {
description = "Should Password Authentication be disabled on this Virtual Machine? Defaults to true."
default = true
}
variable "admin_username" {
description = "The username of the local administrator used for the Virtual Machine."
default = "azureadmin"
}
variable "admin_password" {
description = "The Password which should be used for the local-administrator on this Virtual Machine"
default = null
}
variable "generate_admin_ssh_key" {
description = "Generates a secure private key and encodes it as PEM."
default = false
}
variable "admin_ssh_key_data" {
description = "specify the path to the existing SSH key to authenticate Linux virtual machine"
default = null
}
variable "managed_identity_type" {
description = "The type of Managed Identity which should be assigned to the Linux Virtual Machine. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`"
default = null
}
variable "managed_identity_ids" {
description = "A list of User Managed Identity ID's which should be assigned to the Linux Virtual Machine."
default = null
}
variable "identity" {
description = "Map with identity block informations as described here https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine#identity"
type = object({
type = string
identity_ids = list(string)
})
default = {
type = "SystemAssigned"
identity_ids = []
}
}
###########################
# VM SSH Configuration ##
###########################
variable "ssh_public_key" {
description = "SSH public key"
type = string
default = null
}
variable "ssh_private_key" {
description = "SSH private key"
type = string
default = null
}
###############################
# VM Network Configuration ##
###############################
variable "vm_subnet_id" {
description = "ID of the Subnet in which create the Virtual Machine"
type = string
}
variable "nic_enable_accelerated_networking" {
description = "Should Accelerated Networking be enabled? Defaults to `false`."
type = bool
default = false
}
variable "nic_nsg_id" {
description = "NSG ID to associate on the Network Interface. No association if null."
type = string
default = null
}
variable "static_private_ip" {
description = "Static private IP. Private IP is dynamic if not set."
type = string
default = null
}
###########################
# VM Dns Configuration ##
###########################
variable "domain_name_label" {
description = "Label for the Domain Name. Will be used to make up the FQDN. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system."
default = null
}
variable "dns_servers" {
description = "List of dns servers to use for network interface"
default = []
}
variable "enable_accelerated_networking" {
description = "Should Accelerated Networking be enabled? Defaults to false."
default = false
}
variable "internal_dns_name_label" {
description = "The (relative) DNS Name used for internal communications between Virtual Machines in the same Virtual Network."
default = null
}
###########################
# VM PIP Configuration ##
###########################
variable "enable_public_ip_address" {
description = "Reference to a Public IP Address to associate with the NIC"
default = null
}
variable "enable_ip_forwarding" {
description = "Should IP Forwarding be enabled? Defaults to false"
default = false
}
variable "public_ip_allocation_method" {
description = "Defines the allocation method for this IP address. Possible values are `Static` or `Dynamic`"
default = "Static"
}
variable "public_ip_sku" {
description = "SKU for the public IP attached to the VM. Can be `null` if no public IP needed."
default = "Standard"
}
variable "public_ip_sku_tier" {
description = "The SKU Tier that should be used for the Public IP. Possible values are `Regional` and `Global`"
default = "Regional"
}
variable "public_ip_availability_zone" {
description = "Zones for public IP attached to the VM. Can be `null` if no zone distpatch."
type = list(number)
default = [1, 2, 3]
}
variable "private_ip_address_allocation_type" {
description = "The allocation method used for the Private IP Address. Possible values are Dynamic and Static."
default = "Dynamic"
}
variable "private_ip_address" {
description = "The Static IP Address which should be used. This is valid only when `private_ip_address_allocation` is set to `Static` "
default = null
}
#####################################
# VM Load Balancer Configuration ##
#####################################
variable "attach_load_balancer" {
description = "True to attach this VM to a Load Balancer"
type = bool
default = false
}
variable "load_balancer_backend_pool_id" {
description = "Id of the Load Balancer Backend Pool to attach the VM."
type = string
default = null
}
###########################################
# VM Application Gateway Configuration ##
###########################################
variable "attach_application_gateway" {
description = "True to attach this VM to an Application Gateway"
type = bool
default = false
}
variable "application_gateway_backend_pool_id" {
description = "Id of the Application Gateway Backend Pool to attach the VM."
type = string
default = null
}
####################################
# VM Availability Configuration ##
####################################
variable "enable_vm_availability_set" {
description = "Manages an Availability Set for Virtual Machines."
default = false
}
variable "enable_proximity_placement_group" {
description = "Manages a proximity placement group for virtual machines, virtual machine scale sets and availability sets."
default = false
}
variable "platform_fault_domain_count" {
description = "Specifies the number of fault domains that are used"
default = 3
}
variable "platform_update_domain_count" {
description = "Specifies the number of update domains that are used"
default = 5
}
variable "vm_availability_zone" {
description = "The Zone in which this Virtual Machine should be created. Conflicts with availability set and shouldn't use both"
default = null
}
###########################
# VM NSG Configuration ##
###########################
variable "existing_network_security_group_id" {
description = "The resource id of existing network security group"
default = null
}
#############################
# VM Image Configuration ##
#############################
variable "custom_image" {
description = "Provide the custom image to this module if the default variants are not sufficient"
type = map(object({
publisher = string
offer = string
sku = string
version = string
}))
default = null
}
variable "linux_distribution_list" {
description = "Pre-defined Azure Linux VM images list"
type = map(object({
publisher = string
offer = string
sku = string
version = string
}))
default = {
ubuntu1604 = {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
},
ubuntu1804 = {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
},
ubuntu1904 = {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "19.04"
version = "latest"
},
ubuntu2004 = {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-focal-daily"
sku = "20_04-daily-lts"
version = "latest"
},
ubuntu2004-gen2 = {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-focal-daily"
sku = "20_04-daily-lts-gen2"
version = "latest"
},
centos77 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "7.7"
version = "latest"
},
centos78-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "7_8-gen2"
version = "latest"
},
centos79-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "7_9-gen2"
version = "latest"
},
centos81 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "8_1"
version = "latest"
},
centos81-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "8_1-gen2"
version = "latest"
},
centos82-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "8_2-gen2"
version = "latest"
},
centos83-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "8_3-gen2"
version = "latest"
},
centos84-gen2 = {
publisher = "OpenLogic"
offer = "CentOS"
sku = "8_4-gen2"
version = "latest"
},
coreos = {
publisher = "CoreOS"
offer = "CoreOS"
sku = "Stable"
version = "latest"
},
rhel78 = {
publisher = "RedHat"
offer = "RHEL"
sku = "7.8"
version = "latest"
},
rhel78-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "78-gen2"
version = "latest"
},
rhel79 = {
publisher = "RedHat"
offer = "RHEL"
sku = "7.9"
version = "latest"
},
rhel79-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "79-gen2"
version = "latest"
},
rhel81 = {
publisher = "RedHat"
offer = "RHEL"
sku = "8.1"
version = "latest"
},
rhel81-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "81gen2"
version = "latest"
},
rhel82 = {
publisher = "RedHat"
offer = "RHEL"
sku = "8.2"
version = "latest"
},
rhel82-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "82gen2"
version = "latest"
},
rhel83 = {
publisher = "RedHat"
offer = "RHEL"
sku = "8.3"
version = "latest"
},
rhel83-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "83gen2"
version = "latest"
},
rhel84 = {
publisher = "RedHat"
offer = "RHEL"
sku = "8.4"
version = "latest"
},
rhel84-gen2 = {
publisher = "RedHat"
offer = "RHEL"
sku = "84gen2"
version = "latest"
},
rhel84-byos = {
publisher = "RedHat"
offer = "rhel-byos"
sku = "rhel-lvm84"
version = "latest"
},
rhel84-byos-gen2 = {
publisher = "RedHat"
offer = "rhel-byos"
sku = "rhel-lvm84-gen2"
version = "latest"
},
mssql2019ent-rhel8 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-rhel8"
sku = "enterprise"
version = "latest"
},
mssql2019std-rhel8 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-rhel8"
sku = "standard"
version = "latest"
},
mssql2019dev-rhel8 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-rhel8"
sku = "sqldev"
version = "latest"
},
mssql2019ent-ubuntu1804 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu1804"
sku = "enterprise"
version = "latest"
},
mssql2019std-ubuntu1804 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu1804"
sku = "standard"
version = "latest"
},
mssql2019dev-ubuntu1804 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu1804"
sku = "sqldev"
version = "latest"
},
mssql2019ent-ubuntu2004 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu2004"
sku = "enterprise"
version = "latest"
},
mssql2019std-ubuntu2004 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu2004"
sku = "standard"
version = "latest"
},
mssql2019dev-ubuntu2004 = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ubuntu2004"
sku = "sqldev"
version = "latest"
},
}
}
variable "linux_distribution_name" {
default = "ubuntu1804"
description = "Variable to pick an OS flavour for Linux based VM. Possible values include: centos8, ubuntu1804"
}
variable "windows_distribution_list" {
description = "Pre-defined Azure Windows VM images list"
type = map(object({
publisher = string
offer = string
sku = string
version = string
}))
default = {
windows2012r2dc = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2012-R2-Datacenter"
version = "latest"
},
windows2016dc = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter"
version = "latest"
},
windows2019dc = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
},
windows2019dc-gensecond = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-datacenter-gensecond"
version = "latest"
},
windows2019dc-gs = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-datacenter-gs"
version = "latest"
},
windows2019dc-containers = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter-with-Containers"
version = "latest"
},
windows2019dc-containers-g2 = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-datacenter-with-containers-g2"
version = "latest"
},
windows2019dccore = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter-Core"
version = "latest"
},
windows2019dccore-g2 = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-datacenter-core-g2"
version = "latest"
},
windows2016dccore = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter-Server-Core"
version = "latest"
},
mssql2017exp = {
publisher = "MicrosoftSQLServer"
offer = "SQL2017-WS2019"
sku = "express"
version = "latest"
},
mssql2017dev = {
publisher = "MicrosoftSQLServer"
offer = "SQL2017-WS2019"
sku = "sqldev"
version = "latest"
},
mssql2017std = {
publisher = "MicrosoftSQLServer"
offer = "SQL2017-WS2019"
sku = "standard"
version = "latest"
},
mssql2017ent = {
publisher = "MicrosoftSQLServer"
offer = "SQL2017-WS2019"
sku = "enterprise"
version = "latest"
},
mssql2019std = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ws2019"
sku = "standard"
version = "latest"
},
mssql2019dev = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ws2019"
sku = "sqldev"
version = "latest"
},
mssql2019ent = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ws2019"
sku = "enterprise"
version = "latest"
},
mssql2019ent-byol = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ws2019-byol"
sku = "enterprise"
version = "latest"
},
mssql2019std-byol = {
publisher = "MicrosoftSQLServer"
offer = "sql2019-ws2019-byol"
sku = "standard"
version = "latest"
}
}
}
variable "windows_distribution_name" {
default = "windows2019dc"
description = "Variable to pick an OS flavour for Windows based VM. Possible values include: winserver, wincore, winsql"
}
#####################################
# VM Data Storage Configuration ##
#####################################
variable "os_disk_storage_account_type" {
description = "The Type of Storage Account which should back this the Internal OS Disk. Possible values include Standard_LRS, StandardSSD_LRS and Premium_LRS."
default = "StandardSSD_LRS"
}
variable "os_disk_caching" {
description = "The Type of Caching which should be used for the Internal OS Disk. Possible values are `None`, `ReadOnly` and `ReadWrite`"
default = "ReadWrite"
}
variable "disk_encryption_set_id" {
description = "The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk. The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault"
default = null
}
variable "disk_size_gb" {
description = "The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine is sourced from."
default = null
}
variable "enable_os_disk_write_accelerator" {
description = "Should Write Accelerator be Enabled for this OS Disk? This requires that the `storage_account_type` is set to `Premium_LRS` and that `caching` is set to `None`."
default = false
}
variable "os_disk_name" {
description = "The name which should be used for the Internal OS Disk"
default = null
}
variable "enable_ultra_ssd_data_disk_storage_support" {
description = "Should the capacity to enable Data Disks of the UltraSSD_LRS storage account type be supported on this Virtual Machine"
default = false
}
variable "winrm_protocol" {
description = "Specifies the protocol of winrm listener. Possible values are `Http` or `Https`"
default = null
}
variable "key_vault_certificate_secret_url" {
description = "The Secret URL of a Key Vault Certificate, which must be specified when `protocol` is set to `Https`"
default = null
}
variable "additional_unattend_content" {
description = "The XML formatted content that is added to the unattend.xml file for the specified path and component."
default = null
}
variable "additional_unattend_content_setting" {
description = "The name of the setting to which the content applies. Possible values are `AutoLogon` and `FirstLogonCommands`"
default = null
}
variable "enable_boot_diagnostics" {
description = "Should the boot diagnostics enabled?"
default = false
}
variable "storage_account_uri" {
description = "The Primary/Secondary Endpoint for the Azure Storage Account which should be used to store Boot Diagnostics, including Console Output and Screenshots from the Hypervisor. Passing a `null` value will utilize a Managed Storage Account to store Boot Diagnostics."
default = null
}
variable "data_disks" {
description = "A list of Data Disks which should be attached to the Virtual Machine. Each Data Disk can be configured with the following properties:"
type = map(object({
name = optional(string)
create_option = optional(string, "Empty")
disk_size_gb = number
lun = optional(number)
caching = optional(string, "ReadWrite")
storage_account_type = optional(string, "StandardSSD_ZRS")
source_resource_id = optional(string)
extra_tags = optional(map(string), {})
}))
default = {}
}
#####################################
# VM log analytics Configuration ##
#####################################
variable "nsg_diag_logs" {
description = "NSG Monitoring Category details for Azure Diagnostic setting"
default = ["NetworkSecurityGroupEvent", "NetworkSecurityGroupRuleCounter"]
}
variable "log_analytics_resource_id" {
description = "The name of log analytics workspace resource id"
default = null
}
variable "log_analytics_customer_id" {
description = "The Workspace (or Customer) ID for the Log Analytics Workspace."
default = null
}
variable "log_analytics_workspace_primary_shared_key" {
description = "The Primary shared key for the Log Analytics Workspace"
default = null
}
variable "storage_account_name" {
description = "The name of the hub storage account to store logs"
default = null
}
variable "deploy_log_analytics_agent" {
description = "Install log analytics agent to windows or linux VM"
default = false
}
##############################
# VM Backup Configuration ##
##############################
variable "backup_policy_id" {
description = "Backup policy ID from the Recovery Vault to attach the Virtual Machine to (value to `null` to disable backup)"
type = string
default = null
}
variable "patch_mode" {
description = "Specifies the mode of in-guest patching to Linux or Windows Virtual Machine. Possible values are `Manual`, `AutomaticByOS` and `AutomaticByPlatform`"
default = "AutomaticByPlatform"
}

16
src/terraform/core/overlays/virtualMachines/windows/versions.tf Normal file
Просмотреть файл

@ -0,0 +1,16 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
terraform {
required_version = ">= 1.3"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.22"
}
azurecaf = {
source = "aztfmod/azurecaf"
version = "~> 1.2, >= 1.2.22"
}
}
}