github.com/paybyphone/terraform@v0.9.5-0.20170613192930-9706042ddd51/examples/azure-encrypt-running-linux-vm/main.tf (about) 1 # provider "azurerm" { 2 # subscription_id = "REPLACE-WITH-YOUR-SUBSCRIPTION-ID" 3 # client_id = "REPLACE-WITH-YOUR-CLIENT-ID" 4 # client_secret = "REPLACE-WITH-YOUR-CLIENT-SECRET" 5 # tenant_id = "REPLACE-WITH-YOUR-TENANT-ID" 6 # } 7 8 resource "azurerm_resource_group" "rg" { 9 name = "${var.resource_group}" 10 location = "${var.location}" 11 } 12 13 resource "azurerm_virtual_network" "vnet" { 14 name = "${var.hostname}vnet" 15 location = "${var.location}" 16 address_space = ["${var.address_space}"] 17 resource_group_name = "${azurerm_resource_group.rg.name}" 18 } 19 20 resource "azurerm_subnet" "subnet" { 21 name = "${var.hostname}subnet" 22 virtual_network_name = "${azurerm_virtual_network.vnet.name}" 23 resource_group_name = "${azurerm_resource_group.rg.name}" 24 address_prefix = "${var.subnet_prefix}" 25 } 26 27 resource "azurerm_network_interface" "nic" { 28 name = "nic" 29 location = "${var.location}" 30 resource_group_name = "${azurerm_resource_group.rg.name}" 31 32 ip_configuration { 33 name = "ipconfig" 34 subnet_id = "${azurerm_subnet.subnet.id}" 35 private_ip_address_allocation = "Dynamic" 36 } 37 } 38 39 resource "azurerm_storage_account" "stor" { 40 name = "${var.hostname}stor" 41 resource_group_name = "${azurerm_resource_group.rg.name}" 42 location = "${azurerm_resource_group.rg.location}" 43 account_type = "${var.storage_account_type}" 44 } 45 46 resource "azurerm_virtual_machine" "vm" { 47 name = "${var.hostname}" 48 location = "${var.location}" 49 resource_group_name = "${azurerm_resource_group.rg.name}" 50 vm_size = "${var.vm_size}" 51 network_interface_ids = ["${azurerm_network_interface.nic.id}"] 52 53 storage_image_reference { 54 publisher = "${var.image_publisher}" 55 offer = "${var.image_offer}" 56 sku = "${var.image_sku}" 57 version = "${var.image_version}" 58 } 59 60 storage_os_disk { 61 name = "${var.hostname}osdisk" 62 create_option = "FromImage" 63 disk_size_gb = "15" 64 } 65 66 os_profile { 67 computer_name = "${var.hostname}" 68 admin_username = "${var.admin_username}" 69 admin_password = "${var.admin_password}" 70 } 71 72 os_profile_linux_config { 73 disable_password_authentication = false 74 } 75 } 76 77 resource "azurerm_template_deployment" "linux_vm" { 78 name = "encrypt" 79 resource_group_name = "${azurerm_resource_group.rg.name}" 80 deployment_mode = "Incremental" 81 depends_on = ["azurerm_virtual_machine.vm"] 82 83 template_body = <<DEPLOY 84 { 85 "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", 86 "contentVersion": "1.0.0.0", 87 "parameters": { 88 "aadClientID": { 89 "defaultValue": "${var.aad_client_id}", 90 "type": "string" 91 }, 92 "aadClientSecret": { 93 "defaultValue": "${var.aad_client_secret}", 94 "type": "string" 95 }, 96 "diskFormatQuery": { 97 "defaultValue": "", 98 "type": "string" 99 }, 100 "encryptionOperation": { 101 "allowedValues": [ "EnableEncryption", "EnableEncryptionFormat" ], 102 "defaultValue": "${var.encryption_operation}", 103 "type": "string" 104 }, 105 "volumeType": { 106 "allowedValues": [ "OS", "Data", "All" ], 107 "defaultValue": "${var.volume_type}", 108 "type": "string" 109 }, 110 "keyEncryptionKeyURL": { 111 "defaultValue": "${var.key_encryption_key_url}", 112 "type": "string" 113 }, 114 "keyVaultName": { 115 "defaultValue": "${var.key_vault_name}", 116 "type": "string" 117 }, 118 "keyVaultResourceGroup": { 119 "defaultValue": "${azurerm_resource_group.rg.name}", 120 "type": "string" 121 }, 122 "passphrase": { 123 "defaultValue": "${var.passphrase}", 124 "type": "string" 125 }, 126 "sequenceVersion": { 127 "defaultValue": "${var.sequence_version}", 128 "type": "string" 129 }, 130 "useKek": { 131 "allowedValues": [ 132 "nokek", 133 "kek" 134 ], 135 "defaultValue": "${var.use_kek}", 136 "type": "string" 137 }, 138 "vmName": { 139 "defaultValue": "${azurerm_virtual_machine.vm.name}", 140 "type": "string" 141 }, 142 "_artifactsLocation": { 143 "type": "string", 144 "defaultValue": "${var.artifacts_location}" 145 }, 146 "_artifactsLocationSasToken": { 147 "type": "string", 148 "defaultValue": "${var.artifacts_location_sas_token}" 149 } 150 }, 151 "variables": { 152 "extensionName": "${var.extension_name}", 153 "extensionVersion": "0.1", 154 "keyEncryptionAlgorithm": "RSA-OAEP", 155 "keyVaultURL": "https://${var.key_vault_name}.vault.azure.net/", 156 "keyVaultResourceID": "${var.key_vault_resource_id}", 157 "updateVmUrl": "${var.artifacts_location}/201-encrypt-running-linux-vm/updatevm-${var.use_kek}.json${var.artifacts_location_sas_token}" 158 }, 159 "resources": [ 160 { 161 "type": "Microsoft.Compute/virtualMachines/extensions", 162 "name": "[concat(parameters('vmName'),'/', variables('extensionName'))]", 163 "apiVersion": "2015-06-15", 164 "location": "[resourceGroup().location]", 165 "properties": { 166 "protectedSettings": { 167 "AADClientSecret": "[parameters('aadClientSecret')]", 168 "Passphrase": "[parameters('passphrase')]" 169 }, 170 "publisher": "Microsoft.Azure.Security", 171 "settings": { 172 "AADClientID": "[parameters('aadClientID')]", 173 "DiskFormatQuery": "[parameters('diskFormatQuery')]", 174 "EncryptionOperation": "[parameters('encryptionOperation')]", 175 "KeyEncryptionAlgorithm": "[variables('keyEncryptionAlgorithm')]", 176 "KeyEncryptionKeyURL": "[parameters('keyEncryptionKeyURL')]", 177 "KeyVaultURL": "[variables('keyVaultURL')]", 178 "SequenceVersion": "[parameters('sequenceVersion')]", 179 "VolumeType": "[parameters('volumeType')]" 180 }, 181 "type": "AzureDiskEncryptionForLinux", 182 "typeHandlerVersion": "[variables('extensionVersion')]" 183 } 184 }, 185 { 186 "apiVersion": "2015-01-01", 187 "dependsOn": [ 188 "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('vmName'), variables('extensionName'))]" 189 ], 190 "name": "[concat(parameters('vmName'), 'updateVm')]", 191 "type": "Microsoft.Resources/deployments", 192 "properties": { 193 "mode": "Incremental", 194 "parameters": { 195 "keyEncryptionKeyURL": { 196 "value": "[parameters('keyEncryptionKeyURL')]" 197 }, 198 "keyVaultResourceID": { 199 "value": "[variables('keyVaultResourceID')]" 200 }, 201 "keyVaultSecretUrl": { 202 "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('vmName'), variables('extensionName'))).instanceView.statuses[0].message]" 203 }, 204 "vmName": { 205 "value": "[parameters('vmName')]" 206 } 207 }, 208 "templateLink": { 209 "contentVersion": "1.0.0.0", 210 "uri": "[variables('updateVmUrl')]" 211 } 212 } 213 } 214 ], 215 "outputs": { 216 "BitLockerKey": { 217 "type": "string", 218 "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('vmName'), variables('extensionName'))).instanceView.statuses[0].message]" 219 } 220 } 221 } 222 DEPLOY 223 }