github.com/ticketmaster/terraform@v0.10.0-beta2.0.20170711045249-a12daf5aba4f/examples/azure-openshift-origin/main.tf (about) 1 provider "azurerm" { 2 subscription_id = "${var.subscription_id}" 3 client_id = "${var.aad_client_id}" 4 client_secret = "${var.aad_client_secret}" 5 tenant_id = "${var.tenant_id}" 6 } 7 8 resource "azurerm_resource_group" "rg" { 9 name = "${var.resource_group_name}" 10 location = "${var.resource_group_location}" 11 } 12 13 # ******* NETWORK SECURITY GROUPS *********** 14 15 resource "azurerm_network_security_group" "master_nsg" { 16 name = "${var.openshift_cluster_prefix}-master-nsg" 17 location = "${azurerm_resource_group.rg.location}" 18 resource_group_name = "${azurerm_resource_group.rg.name}" 19 20 security_rule { 21 name = "allow_SSH_in_all" 22 description = "Allow SSH in from all locations" 23 priority = 100 24 direction = "Inbound" 25 access = "Allow" 26 protocol = "Tcp" 27 source_port_range = "*" 28 destination_port_range = "22" 29 source_address_prefix = "*" 30 destination_address_prefix = "*" 31 } 32 33 security_rule { 34 name = "allow_HTTPS_all" 35 description = "Allow HTTPS connections from all locations" 36 priority = 200 37 direction = "Inbound" 38 access = "Allow" 39 protocol = "Tcp" 40 source_port_range = "*" 41 destination_port_range = "443" 42 source_address_prefix = "*" 43 destination_address_prefix = "*" 44 } 45 46 security_rule { 47 name = "allow_OpenShift_console_in_all" 48 description = "Allow OpenShift Console connections from all locations" 49 priority = 300 50 direction = "Inbound" 51 access = "Allow" 52 protocol = "Tcp" 53 source_port_range = "*" 54 destination_port_range = "8443" 55 source_address_prefix = "*" 56 destination_address_prefix = "*" 57 } 58 } 59 60 resource "azurerm_network_security_group" "infra_nsg" { 61 name = "${var.openshift_cluster_prefix}-infra-nsg" 62 location = "${azurerm_resource_group.rg.location}" 63 resource_group_name = "${azurerm_resource_group.rg.name}" 64 65 security_rule { 66 name = "allow_SSH_in_all" 67 description = "Allow SSH in from all locations" 68 priority = 100 69 direction = "Inbound" 70 access = "Allow" 71 protocol = "Tcp" 72 source_port_range = "*" 73 destination_port_range = "22" 74 source_address_prefix = "*" 75 destination_address_prefix = "*" 76 } 77 78 security_rule { 79 name = "allow_HTTPS_all" 80 description = "Allow HTTPS connections from all locations" 81 priority = 200 82 direction = "Inbound" 83 access = "Allow" 84 protocol = "Tcp" 85 source_port_range = "*" 86 destination_port_range = "443" 87 source_address_prefix = "*" 88 destination_address_prefix = "*" 89 } 90 91 security_rule { 92 name = "allow_HTTP_in_all" 93 description = "Allow HTTP connections from all locations" 94 priority = 300 95 direction = "Inbound" 96 access = "Allow" 97 protocol = "Tcp" 98 source_port_range = "*" 99 destination_port_range = "80" 100 source_address_prefix = "*" 101 destination_address_prefix = "*" 102 } 103 } 104 105 resource "azurerm_network_security_group" "node_nsg" { 106 name = "${var.openshift_cluster_prefix}-node-nsg" 107 location = "${azurerm_resource_group.rg.location}" 108 resource_group_name = "${azurerm_resource_group.rg.name}" 109 110 security_rule { 111 name = "allow_SSH_in_all" 112 description = "Allow SSH in from all locations" 113 priority = 100 114 direction = "Inbound" 115 access = "Allow" 116 protocol = "Tcp" 117 source_port_range = "*" 118 destination_port_range = "22" 119 source_address_prefix = "*" 120 destination_address_prefix = "*" 121 } 122 123 security_rule { 124 name = "allow_HTTPS_all" 125 description = "Allow HTTPS connections from all locations" 126 priority = 200 127 direction = "Inbound" 128 access = "Allow" 129 protocol = "Tcp" 130 source_port_range = "*" 131 destination_port_range = "443" 132 source_address_prefix = "*" 133 destination_address_prefix = "*" 134 } 135 136 security_rule { 137 name = "allow_HTTP_in_all" 138 description = "Allow HTTP connections from all locations" 139 priority = 300 140 direction = "Inbound" 141 access = "Allow" 142 protocol = "Tcp" 143 source_port_range = "*" 144 destination_port_range = "80" 145 source_address_prefix = "*" 146 destination_address_prefix = "*" 147 } 148 } 149 150 # ******* STORAGE ACCOUNTS *********** 151 152 resource "azurerm_storage_account" "bastion_storage_account" { 153 name = "${var.openshift_cluster_prefix}bsa" 154 resource_group_name = "${azurerm_resource_group.rg.name}" 155 location = "${azurerm_resource_group.rg.location}" 156 account_type = "${var.storage_account_type_map["${var.bastion_vm_size}"]}" 157 } 158 159 resource "azurerm_storage_account" "master_storage_account" { 160 name = "${var.openshift_cluster_prefix}msa" 161 resource_group_name = "${azurerm_resource_group.rg.name}" 162 location = "${azurerm_resource_group.rg.location}" 163 account_type = "${var.storage_account_type_map["${var.master_vm_size}"]}" 164 } 165 166 resource "azurerm_storage_account" "infra_storage_account" { 167 name = "${var.openshift_cluster_prefix}infrasa" 168 resource_group_name = "${azurerm_resource_group.rg.name}" 169 location = "${azurerm_resource_group.rg.location}" 170 account_type = "${var.storage_account_type_map["${var.infra_vm_size}"]}" 171 } 172 173 resource "azurerm_storage_account" "nodeos_storage_account" { 174 name = "${var.openshift_cluster_prefix}nodeossa" 175 resource_group_name = "${azurerm_resource_group.rg.name}" 176 location = "${azurerm_resource_group.rg.location}" 177 account_type = "${var.storage_account_type_map["${var.node_vm_size}"]}" 178 } 179 180 resource "azurerm_storage_account" "nodedata_storage_account" { 181 name = "${var.openshift_cluster_prefix}nodedatasa" 182 resource_group_name = "${azurerm_resource_group.rg.name}" 183 location = "${azurerm_resource_group.rg.location}" 184 account_type = "${var.storage_account_type_map["${var.node_vm_size}"]}" 185 } 186 187 resource "azurerm_storage_account" "registry_storage_account" { 188 name = "${var.openshift_cluster_prefix}regsa" 189 resource_group_name = "${azurerm_resource_group.rg.name}" 190 location = "${azurerm_resource_group.rg.location}" 191 account_type = "Standard_LRS" 192 } 193 194 resource "azurerm_storage_account" "persistent_volume_storage_account" { 195 name = "${var.openshift_cluster_prefix}pvsa" 196 resource_group_name = "${azurerm_resource_group.rg.name}" 197 location = "${azurerm_resource_group.rg.location}" 198 account_type = "Standard_LRS" 199 } 200 201 # ******* AVAILABILITY SETS *********** 202 203 resource "azurerm_availability_set" "master" { 204 name = "masteravailabilityset" 205 resource_group_name = "${azurerm_resource_group.rg.name}" 206 location = "${azurerm_resource_group.rg.location}" 207 } 208 209 resource "azurerm_availability_set" "infra" { 210 name = "infraavailabilityset" 211 resource_group_name = "${azurerm_resource_group.rg.name}" 212 location = "${azurerm_resource_group.rg.location}" 213 } 214 215 resource "azurerm_availability_set" "node" { 216 name = "nodeavailabilityset" 217 resource_group_name = "${azurerm_resource_group.rg.name}" 218 location = "${azurerm_resource_group.rg.location}" 219 } 220 221 # ******* IP ADDRESSES *********** 222 223 resource "azurerm_public_ip" "bastion_pip" { 224 name = "bastionpip" 225 resource_group_name = "${azurerm_resource_group.rg.name}" 226 location = "${azurerm_resource_group.rg.location}" 227 public_ip_address_allocation = "Static" 228 domain_name_label = "${var.openshift_cluster_prefix}-bastion" 229 } 230 231 resource "azurerm_public_ip" "openshift_master_pip" { 232 name = "masterpip" 233 resource_group_name = "${azurerm_resource_group.rg.name}" 234 location = "${azurerm_resource_group.rg.location}" 235 public_ip_address_allocation = "Static" 236 domain_name_label = "${var.openshift_cluster_prefix}" 237 } 238 239 resource "azurerm_public_ip" "infra_lb_pip" { 240 name = "infraip" 241 resource_group_name = "${azurerm_resource_group.rg.name}" 242 location = "${azurerm_resource_group.rg.location}" 243 public_ip_address_allocation = "Static" 244 domain_name_label = "${var.openshift_cluster_prefix}infrapip" 245 } 246 247 # ******* VNETS / SUBNETS *********** 248 249 resource "azurerm_virtual_network" "vnet" { 250 name = "openshiftvnet" 251 location = "${azurerm_resource_group.rg.location}" 252 resource_group_name = "${azurerm_resource_group.rg.name}" 253 address_space = ["10.0.0.0/8"] 254 depends_on = ["azurerm_virtual_network.vnet"] 255 } 256 257 resource "azurerm_subnet" "master_subnet" { 258 name = "mastersubnet" 259 virtual_network_name = "${azurerm_virtual_network.vnet.name}" 260 resource_group_name = "${azurerm_resource_group.rg.name}" 261 address_prefix = "10.1.0.0/16" 262 depends_on = ["azurerm_virtual_network.vnet"] 263 } 264 265 resource "azurerm_subnet" "node_subnet" { 266 name = "nodesubnet" 267 virtual_network_name = "${azurerm_virtual_network.vnet.name}" 268 resource_group_name = "${azurerm_resource_group.rg.name}" 269 address_prefix = "10.2.0.0/16" 270 } 271 272 # ******* MASTER LOAD BALANCER *********** 273 274 resource "azurerm_lb" "master_lb" { 275 name = "masterloadbalancer" 276 resource_group_name = "${azurerm_resource_group.rg.name}" 277 location = "${azurerm_resource_group.rg.location}" 278 depends_on = ["azurerm_public_ip.openshift_master_pip"] 279 280 frontend_ip_configuration { 281 name = "LoadBalancerFrontEnd" 282 public_ip_address_id = "${azurerm_public_ip.openshift_master_pip.id}" 283 } 284 } 285 286 resource "azurerm_lb_backend_address_pool" "master_lb" { 287 resource_group_name = "${azurerm_resource_group.rg.name}" 288 name = "loadBalancerBackEnd" 289 loadbalancer_id = "${azurerm_lb.master_lb.id}" 290 depends_on = ["azurerm_lb.master_lb"] 291 } 292 293 resource "azurerm_lb_probe" "master_lb" { 294 resource_group_name = "${azurerm_resource_group.rg.name}" 295 loadbalancer_id = "${azurerm_lb.master_lb.id}" 296 name = "8443Probe" 297 port = 8443 298 interval_in_seconds = 5 299 number_of_probes = 2 300 protocol = "Tcp" 301 depends_on = ["azurerm_lb.master_lb"] 302 } 303 304 resource "azurerm_lb_rule" "master_lb" { 305 resource_group_name = "${azurerm_resource_group.rg.name}" 306 loadbalancer_id = "${azurerm_lb.master_lb.id}" 307 name = "OpenShiftAdminConsole" 308 protocol = "Tcp" 309 frontend_port = 8443 310 backend_port = 8443 311 frontend_ip_configuration_name = "LoadBalancerFrontEnd" 312 backend_address_pool_id = "${azurerm_lb_backend_address_pool.master_lb.id}" 313 load_distribution = "SourceIP" 314 idle_timeout_in_minutes = 30 315 probe_id = "${azurerm_lb_probe.master_lb.id}" 316 enable_floating_ip = false 317 depends_on = ["azurerm_lb_probe.master_lb", "azurerm_lb.master_lb", "azurerm_lb_backend_address_pool.master_lb"] 318 } 319 320 resource "azurerm_lb_nat_rule" "master_lb" { 321 resource_group_name = "${azurerm_resource_group.rg.name}" 322 loadbalancer_id = "${azurerm_lb.master_lb.id}" 323 name = "${azurerm_lb.master_lb.name}-SSH-${count.index}" 324 protocol = "Tcp" 325 frontend_port = "${count.index + 2200}" 326 backend_port = 22 327 frontend_ip_configuration_name = "LoadBalancerFrontEnd" 328 count = "${var.master_instance_count}" 329 depends_on = ["azurerm_lb.master_lb"] 330 } 331 332 # ******* INFRA LOAD BALANCER *********** 333 334 resource "azurerm_lb" "infra_lb" { 335 name = "infraloadbalancer" 336 resource_group_name = "${azurerm_resource_group.rg.name}" 337 location = "${azurerm_resource_group.rg.location}" 338 depends_on = ["azurerm_public_ip.infra_lb_pip"] 339 340 frontend_ip_configuration { 341 name = "LoadBalancerFrontEnd" 342 public_ip_address_id = "${azurerm_public_ip.infra_lb_pip.id}" 343 } 344 } 345 346 resource "azurerm_lb_backend_address_pool" "infra_lb" { 347 resource_group_name = "${azurerm_resource_group.rg.name}" 348 name = "loadBalancerBackEnd" 349 loadbalancer_id = "${azurerm_lb.infra_lb.id}" 350 depends_on = ["azurerm_lb.infra_lb"] 351 } 352 353 resource "azurerm_lb_probe" "infra_lb_http_probe" { 354 resource_group_name = "${azurerm_resource_group.rg.name}" 355 loadbalancer_id = "${azurerm_lb.infra_lb.id}" 356 name = "httpProbe" 357 port = 80 358 interval_in_seconds = 5 359 number_of_probes = 2 360 protocol = "Tcp" 361 depends_on = ["azurerm_lb.infra_lb"] 362 } 363 364 resource "azurerm_lb_probe" "infra_lb_https_probe" { 365 resource_group_name = "${azurerm_resource_group.rg.name}" 366 loadbalancer_id = "${azurerm_lb.infra_lb.id}" 367 name = "httpsProbe" 368 port = 443 369 interval_in_seconds = 5 370 number_of_probes = 2 371 protocol = "Tcp" 372 } 373 374 resource "azurerm_lb_rule" "infra_lb_http" { 375 resource_group_name = "${azurerm_resource_group.rg.name}" 376 loadbalancer_id = "${azurerm_lb.infra_lb.id}" 377 name = "OpenShiftRouterHTTP" 378 protocol = "Tcp" 379 frontend_port = 80 380 backend_port = 80 381 frontend_ip_configuration_name = "LoadBalancerFrontEnd" 382 backend_address_pool_id = "${azurerm_lb_backend_address_pool.infra_lb.id}" 383 probe_id = "${azurerm_lb_probe.infra_lb_http_probe.id}" 384 depends_on = ["azurerm_lb_probe.infra_lb_http_probe", "azurerm_lb.infra_lb", "azurerm_lb_backend_address_pool.infra_lb"] 385 } 386 387 resource "azurerm_lb_rule" "infra_lb_https" { 388 resource_group_name = "${azurerm_resource_group.rg.name}" 389 loadbalancer_id = "${azurerm_lb.infra_lb.id}" 390 name = "OpenShiftRouterHTTPS" 391 protocol = "Tcp" 392 frontend_port = 443 393 backend_port = 443 394 frontend_ip_configuration_name = "LoadBalancerFrontEnd" 395 backend_address_pool_id = "${azurerm_lb_backend_address_pool.infra_lb.id}" 396 probe_id = "${azurerm_lb_probe.infra_lb_https_probe.id}" 397 depends_on = ["azurerm_lb_probe.infra_lb_https_probe", "azurerm_lb_backend_address_pool.infra_lb"] 398 } 399 400 # ******* NETWORK INTERFACES *********** 401 402 resource "azurerm_network_interface" "bastion_nic" { 403 name = "bastionnic${count.index}" 404 location = "${azurerm_resource_group.rg.location}" 405 resource_group_name = "${azurerm_resource_group.rg.name}" 406 network_security_group_id = "${azurerm_network_security_group.master_nsg.id}" 407 408 ip_configuration { 409 name = "bastionip${count.index}" 410 subnet_id = "${azurerm_subnet.master_subnet.id}" 411 private_ip_address_allocation = "Dynamic" 412 public_ip_address_id = "${azurerm_public_ip.bastion_pip.id}" 413 } 414 } 415 416 resource "azurerm_network_interface" "master_nic" { 417 name = "masternic${count.index}" 418 location = "${azurerm_resource_group.rg.location}" 419 resource_group_name = "${azurerm_resource_group.rg.name}" 420 network_security_group_id = "${azurerm_network_security_group.master_nsg.id}" 421 count = "${var.master_instance_count}" 422 423 ip_configuration { 424 name = "masterip${count.index}" 425 subnet_id = "${azurerm_subnet.master_subnet.id}" 426 private_ip_address_allocation = "Dynamic" 427 load_balancer_backend_address_pools_ids = ["${azurerm_lb_backend_address_pool.master_lb.id}"] 428 load_balancer_inbound_nat_rules_ids = ["${element(azurerm_lb_nat_rule.master_lb.*.id, count.index)}"] 429 } 430 } 431 432 resource "azurerm_network_interface" "infra_nic" { 433 name = "infra_nic${count.index}" 434 location = "${azurerm_resource_group.rg.location}" 435 resource_group_name = "${azurerm_resource_group.rg.name}" 436 network_security_group_id = "${azurerm_network_security_group.infra_nsg.id}" 437 count = "${var.infra_instance_count}" 438 439 ip_configuration { 440 name = "infraip${count.index}" 441 subnet_id = "${azurerm_subnet.master_subnet.id}" 442 private_ip_address_allocation = "Dynamic" 443 load_balancer_backend_address_pools_ids = ["${azurerm_lb_backend_address_pool.infra_lb.id}"] 444 } 445 } 446 447 resource "azurerm_network_interface" "node_nic" { 448 name = "node_nic${count.index}" 449 location = "${azurerm_resource_group.rg.location}" 450 resource_group_name = "${azurerm_resource_group.rg.name}" 451 network_security_group_id = "${azurerm_network_security_group.node_nsg.id}" 452 count = "${var.node_instance_count}" 453 454 ip_configuration { 455 name = "nodeip${count.index}" 456 subnet_id = "${azurerm_subnet.node_subnet.id}" 457 private_ip_address_allocation = "Dynamic" 458 } 459 } 460 461 # ******* Bastion Host ******* 462 463 resource "azurerm_virtual_machine" "bastion" { 464 name = "${var.openshift_cluster_prefix}-bastion-1" 465 location = "${azurerm_resource_group.rg.location}" 466 resource_group_name = "${azurerm_resource_group.rg.name}" 467 network_interface_ids = ["${azurerm_network_interface.bastion_nic.id}"] 468 vm_size = "${var.bastion_vm_size}" 469 delete_os_disk_on_termination = true 470 delete_data_disks_on_termination = true 471 472 tags { 473 displayName = "${var.openshift_cluster_prefix}-bastion VM Creation" 474 } 475 476 os_profile { 477 computer_name = "${var.openshift_cluster_prefix}-bastion-${count.index}" 478 admin_username = "${var.admin_username}" 479 admin_password = "${var.openshift_password}" 480 } 481 482 os_profile_linux_config { 483 disable_password_authentication = true 484 485 ssh_keys { 486 path = "/home/${var.admin_username}/.ssh/authorized_keys" 487 key_data = "${var.ssh_public_key}" 488 } 489 } 490 491 storage_image_reference { 492 publisher = "${lookup(var.os_image_map, join("_publisher", list(var.os_image, "")))}" 493 offer = "${lookup(var.os_image_map, join("_offer", list(var.os_image, "")))}" 494 sku = "${lookup(var.os_image_map, join("_sku", list(var.os_image, "")))}" 495 version = "${lookup(var.os_image_map, join("_version", list(var.os_image, "")))}" 496 } 497 498 storage_os_disk { 499 name = "${var.openshift_cluster_prefix}-master-osdisk${count.index}" 500 vhd_uri = "${azurerm_storage_account.bastion_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-bastion-osdisk.vhd" 501 caching = "ReadWrite" 502 create_option = "FromImage" 503 disk_size_gb = 60 504 } 505 } 506 507 # ******* Master VMs ******* 508 509 resource "azurerm_virtual_machine" "master" { 510 name = "${var.openshift_cluster_prefix}-master-${count.index}" 511 location = "${azurerm_resource_group.rg.location}" 512 resource_group_name = "${azurerm_resource_group.rg.name}" 513 availability_set_id = "${azurerm_availability_set.master.id}" 514 network_interface_ids = ["${element(azurerm_network_interface.master_nic.*.id, count.index)}"] 515 vm_size = "${var.master_vm_size}" 516 delete_os_disk_on_termination = true 517 delete_data_disks_on_termination = true 518 count = "${var.master_instance_count}" 519 depends_on = ["azurerm_virtual_machine.infra", "azurerm_virtual_machine.node"] 520 521 tags { 522 displayName = "${var.openshift_cluster_prefix}-master VM Creation" 523 } 524 525 connection { 526 host = "${azurerm_public_ip.openshift_master_pip.fqdn}" 527 user = "${var.admin_username}" 528 port = 2200 529 private_key = "${file(var.connection_private_ssh_key_path)}" 530 } 531 532 provisioner "file" { 533 source = "${var.openshift_script_path}/masterPrep.sh" 534 destination = "masterPrep.sh" 535 } 536 537 provisioner "file" { 538 source = "${var.openshift_script_path}/deployOpenShift.sh" 539 destination = "deployOpenShift.sh" 540 } 541 542 provisioner "remote-exec" { 543 inline = [ 544 "chmod +x masterPrep.sh", 545 "chmod +x deployOpenShift.sh", 546 "sudo bash masterPrep.sh \"${azurerm_storage_account.persistent_volume_storage_account.name}\" \"${var.admin_username}\" && sudo bash deployOpenShift.sh \"${var.admin_username}\" \"${var.openshift_password}\" \"${var.key_vault_secret}\" \"${var.openshift_cluster_prefix}-master\" \"${azurerm_public_ip.openshift_master_pip.fqdn}\" \"${azurerm_public_ip.openshift_master_pip.ip_address}\" \"${var.openshift_cluster_prefix}-infra\" \"${var.openshift_cluster_prefix}-node\" \"${var.node_instance_count}\" \"${var.infra_instance_count}\" \"${var.master_instance_count}\" \"${var.default_sub_domain_type}\" \"${azurerm_storage_account.registry_storage_account.name}\" \"${azurerm_storage_account.registry_storage_account.primary_access_key}\" \"${var.tenant_id}\" \"${var.subscription_id}\" \"${var.aad_client_id}\" \"${var.aad_client_secret}\" \"${azurerm_resource_group.rg.name}\" \"${azurerm_resource_group.rg.location}\" \"${var.key_vault_name}\"" 547 ] 548 } 549 550 os_profile { 551 computer_name = "${var.openshift_cluster_prefix}-master-${count.index}" 552 admin_username = "${var.admin_username}" 553 admin_password = "${var.openshift_password}" 554 } 555 556 os_profile_linux_config { 557 disable_password_authentication = true 558 559 ssh_keys { 560 path = "/home/${var.admin_username}/.ssh/authorized_keys" 561 key_data = "${var.ssh_public_key}" 562 } 563 } 564 565 storage_image_reference { 566 publisher = "${lookup(var.os_image_map, join("_publisher", list(var.os_image, "")))}" 567 offer = "${lookup(var.os_image_map, join("_offer", list(var.os_image, "")))}" 568 sku = "${lookup(var.os_image_map, join("_sku", list(var.os_image, "")))}" 569 version = "${lookup(var.os_image_map, join("_version", list(var.os_image, "")))}" 570 } 571 572 storage_os_disk { 573 name = "${var.openshift_cluster_prefix}-master-osdisk${count.index}" 574 vhd_uri = "${azurerm_storage_account.master_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-master-osdisk${count.index}.vhd" 575 caching = "ReadWrite" 576 create_option = "FromImage" 577 disk_size_gb = 60 578 } 579 580 storage_data_disk { 581 name = "${var.openshift_cluster_prefix}-master-docker-pool${count.index}" 582 vhd_uri = "${azurerm_storage_account.master_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-master-docker-pool${count.index}.vhd" 583 disk_size_gb = "${var.data_disk_size}" 584 create_option = "Empty" 585 lun = 0 586 } 587 } 588 589 # ******* Infra VMs ******* 590 591 resource "azurerm_virtual_machine" "infra" { 592 name = "${var.openshift_cluster_prefix}-infra-${count.index}" 593 location = "${azurerm_resource_group.rg.location}" 594 resource_group_name = "${azurerm_resource_group.rg.name}" 595 availability_set_id = "${azurerm_availability_set.infra.id}" 596 network_interface_ids = ["${element(azurerm_network_interface.infra_nic.*.id, count.index)}"] 597 vm_size = "${var.infra_vm_size}" 598 delete_os_disk_on_termination = true 599 delete_data_disks_on_termination = true 600 count = "${var.infra_instance_count}" 601 602 tags { 603 displayName = "${var.openshift_cluster_prefix}-infra VM Creation" 604 } 605 606 connection { 607 type = "ssh" 608 bastion_host = "${azurerm_public_ip.bastion_pip.fqdn}" 609 bastion_user = "${var.admin_username}" 610 bastion_private_key = "${file(var.connection_private_ssh_key_path)}" 611 host = "${element(azurerm_network_interface.infra_nic.*.private_ip_address, count.index)}" 612 user = "${var.admin_username}" 613 private_key = "${file(var.connection_private_ssh_key_path)}" 614 } 615 616 provisioner "file" { 617 source = "${var.openshift_script_path}/nodePrep.sh" 618 destination = "nodePrep.sh" 619 } 620 621 provisioner "remote-exec" { 622 inline = [ 623 "chmod +x nodePrep.sh", 624 "sudo bash nodePrep.sh", 625 ] 626 } 627 628 os_profile { 629 computer_name = "${var.openshift_cluster_prefix}-infra-${count.index}" 630 admin_username = "${var.admin_username}" 631 admin_password = "${var.openshift_password}" 632 } 633 634 os_profile_linux_config { 635 disable_password_authentication = true 636 637 ssh_keys { 638 path = "/home/${var.admin_username}/.ssh/authorized_keys" 639 key_data = "${var.ssh_public_key}" 640 } 641 } 642 643 storage_image_reference { 644 publisher = "${lookup(var.os_image_map, join("_publisher", list(var.os_image, "")))}" 645 offer = "${lookup(var.os_image_map, join("_offer", list(var.os_image, "")))}" 646 sku = "${lookup(var.os_image_map, join("_sku", list(var.os_image, "")))}" 647 version = "${lookup(var.os_image_map, join("_version", list(var.os_image, "")))}" 648 } 649 650 storage_os_disk { 651 name = "${var.openshift_cluster_prefix}-infra-osdisk${count.index}" 652 vhd_uri = "${azurerm_storage_account.infra_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-infra-osdisk${count.index}.vhd" 653 caching = "ReadWrite" 654 create_option = "FromImage" 655 } 656 657 storage_data_disk { 658 name = "${var.openshift_cluster_prefix}-infra-docker-pool" 659 vhd_uri = "${azurerm_storage_account.infra_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-infra-docker-pool${count.index}.vhd" 660 disk_size_gb = "${var.data_disk_size}" 661 create_option = "Empty" 662 lun = 0 663 } 664 } 665 666 # ******* Node VMs ******* 667 668 resource "azurerm_virtual_machine" "node" { 669 name = "${var.openshift_cluster_prefix}-node-${count.index}" 670 location = "${azurerm_resource_group.rg.location}" 671 resource_group_name = "${azurerm_resource_group.rg.name}" 672 availability_set_id = "${azurerm_availability_set.node.id}" 673 network_interface_ids = ["${element(azurerm_network_interface.node_nic.*.id, count.index)}"] 674 vm_size = "${var.node_vm_size}" 675 delete_os_disk_on_termination = true 676 delete_data_disks_on_termination = true 677 count = "${var.node_instance_count}" 678 679 tags { 680 displayName = "${var.openshift_cluster_prefix}-node VM Creation" 681 } 682 683 connection { 684 type = "ssh" 685 bastion_host = "${azurerm_public_ip.bastion_pip.fqdn}" 686 bastion_user = "${var.admin_username}" 687 bastion_private_key = "${file(var.connection_private_ssh_key_path)}" 688 host = "${element(azurerm_network_interface.node_nic.*.private_ip_address, count.index)}" 689 user = "${var.admin_username}" 690 private_key = "${file(var.connection_private_ssh_key_path)}" 691 } 692 693 provisioner "file" { 694 source = "${var.openshift_script_path}/nodePrep.sh" 695 destination = "nodePrep.sh" 696 } 697 698 provisioner "remote-exec" { 699 inline = [ 700 "chmod +x nodePrep.sh", 701 "sudo bash nodePrep.sh", 702 ] 703 } 704 705 os_profile { 706 computer_name = "${var.openshift_cluster_prefix}-node-${count.index}" 707 admin_username = "${var.admin_username}" 708 admin_password = "${var.openshift_password}" 709 } 710 711 os_profile_linux_config { 712 disable_password_authentication = true 713 714 ssh_keys { 715 path = "/home/${var.admin_username}/.ssh/authorized_keys" 716 key_data = "${var.ssh_public_key}" 717 } 718 } 719 720 storage_image_reference { 721 publisher = "${lookup(var.os_image_map, join("_publisher", list(var.os_image, "")))}" 722 offer = "${lookup(var.os_image_map, join("_offer", list(var.os_image, "")))}" 723 sku = "${lookup(var.os_image_map, join("_sku", list(var.os_image, "")))}" 724 version = "${lookup(var.os_image_map, join("_version", list(var.os_image, "")))}" 725 } 726 727 storage_os_disk { 728 name = "${var.openshift_cluster_prefix}-node-osdisk" 729 vhd_uri = "${azurerm_storage_account.nodeos_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-node-osdisk${count.index}.vhd" 730 caching = "ReadWrite" 731 create_option = "FromImage" 732 } 733 734 storage_data_disk { 735 name = "${var.openshift_cluster_prefix}-node-docker-pool${count.index}" 736 vhd_uri = "${azurerm_storage_account.nodeos_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-node-docker-pool${count.index}.vhd" 737 disk_size_gb = "${var.data_disk_size}" 738 create_option = "Empty" 739 lun = 0 740 } 741 } 742 743 # ******* VM EXTENSIONS ******* 744 745 746 # resource "azurerm_virtual_machine_extension" "deploy_open_shift_master" { 747 # name = "masterOpShExt${count.index}" 748 # location = "${azurerm_resource_group.rg.location}" 749 # resource_group_name = "${azurerm_resource_group.rg.name}" 750 # virtual_machine_name = "${element(azurerm_virtual_machine.master.*.name, count.index)}" 751 # publisher = "Microsoft.Azure.Extensions" 752 # type = "CustomScript" 753 # type_handler_version = "2.0" 754 # auto_upgrade_minor_version = true 755 # depends_on = ["azurerm_virtual_machine.master", "azurerm_virtual_machine_extension.node_prep", "azurerm_storage_container.vhds", "azurerm_virtual_machine_extension.deploy_infra"] 756 # 757 # settings = <<SETTINGS 758 # { 759 # "fileUris": [ 760 # "${var.artifacts_location}scripts/masterPrep.sh", 761 # "${var.artifacts_location}scripts/deployOpenShift.sh" 762 # ] 763 # } 764 # SETTINGS 765 # 766 # protected_settings = <<SETTINGS 767 # { 768 # "commandToExecute": "bash masterPrep.sh ${azurerm_storage_account.persistent_volume_storage_account.name} ${var.admin_username} && bash deployOpenShift.sh \"${var.admin_username}\" '${var.openshift_password}' \"${var.key_vault_secret}\" \"${var.openshift_cluster_prefix}-master\" \"${azurerm_public_ip.openshift_master_pip.fqdn}\" \"${azurerm_public_ip.openshift_master_pip.ip_address}\" \"${var.openshift_cluster_prefix}-infra\" \"${var.openshift_cluster_prefix}-node\" \"${var.node_instance_count}\" \"${var.infra_instance_count}\" \"${var.master_instance_count}\" \"${var.default_sub_domain_type}\" \"${azurerm_storage_account.registry_storage_account.name}\" \"${azurerm_storage_account.registry_storage_account.primary_access_key}\" \"${var.tenant_id}\" \"${var.subscription_id}\" \"${var.aad_client_id}\" \"${var.aad_client_secret}\" \"${azurerm_resource_group.rg.name}\" \"${azurerm_resource_group.rg.location}\" \"${var.key_vault_name}\"" 769 # } 770 # SETTINGS 771 # } 772 773 774 # resource "azurerm_virtual_machine_extension" "deploy_infra" { 775 # name = "infraOpShExt${count.index}" 776 # location = "${azurerm_resource_group.rg.location}" 777 # resource_group_name = "${azurerm_resource_group.rg.name}" 778 # virtual_machine_name = "${element(azurerm_virtual_machine.infra.*.name, count.index)}" 779 # publisher = "Microsoft.Azure.Extensions" 780 # type = "CustomScript" 781 # type_handler_version = "2.0" 782 # auto_upgrade_minor_version = true 783 # depends_on = ["azurerm_virtual_machine.infra"] 784 # 785 # settings = <<SETTINGS 786 # { 787 # "fileUris": [ 788 # "${var.artifacts_location}scripts/nodePrep.sh" 789 # ] 790 # } 791 # SETTINGS 792 # 793 # protected_settings = <<SETTINGS 794 # { 795 # "commandToExecute": "bash nodePrep.sh" 796 # } 797 # SETTINGS 798 # } 799 800 801 # resource "azurerm_virtual_machine_extension" "node_prep" { 802 # name = "nodePrepExt${count.index}" 803 # location = "${azurerm_resource_group.rg.location}" 804 # resource_group_name = "${azurerm_resource_group.rg.name}" 805 # virtual_machine_name = "${element(azurerm_virtual_machine.node.*.name, count.index)}" 806 # publisher = "Microsoft.Azure.Extensions" 807 # type = "CustomScript" 808 # type_handler_version = "2.0" 809 # auto_upgrade_minor_version = true 810 # depends_on = ["azurerm_virtual_machine.node", "azurerm_storage_account.nodeos_storage_account"] 811 # 812 # settings = <<SETTINGS 813 # { 814 # "fileUris": [ 815 # "${var.artifacts_location}scripts/nodePrep.sh" 816 # ] 817 # } 818 # SETTINGS 819 # 820 # protected_settings = <<SETTINGS 821 # { 822 # "commandToExecute": "bash nodePrep.sh" 823 # } 824 # SETTINGS 825 # } 826