Add custom script and Jumpbox example (#4)

* Adding Jumpbox example * Added custom script extension * Update provider version 0.3
Azure · Oct 19, 2017 · c1a7c62 · c1a7c62
1 parent a3c4f24
commit c1a7c62
Show file tree

Hide file tree

Showing 3 changed files with 169 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -5,16 +5,14 @@ This Terraform module deploys a Virtual Machines Scale Set in Azure and opens th
 
 This module requires a network and loadbalancer to be provider separately. You can provision them with the "Azure/network/azurerm" and "Azure/loadbanacer/azurerm" modules.
 
-
-
 Usage
 -----
 
-Using the `vm_os_simple`: 
+Using the `vm_os_simple`:
 
 ```hcl 
 provider "azurerm" {
-  version = "~> 0.1"
+  version = "~> 0.3"
 }
 
 variable "resource_group_name" {
@@ -32,6 +30,9 @@ module "loadbalancer" {
   resource_group_name = "${var.resource_group_name}"
   location = "westus"
   prefix = "terraform-test"
+  "lb_port" {
+      http = [ "80", "Tcp", "80"]
+  }
 }
 
 module "computegroup" { 
@@ -46,6 +47,7 @@ module "computegroup" {
     vm_os_simple        = "UbuntuServer"
     vnet_subnet_id      = "${module.network.vnet_subnets[0]}"
     load_balancer_backend_address_pool_ids = "${module.loadbalancer.azurerm_lb_backend_address_pool_id}"
+    cmd_extension       = "sudo apt-get -y install nginx"
     lb_port             = { 
                             http = ["80", "Tcp", "80"]
                             https = ["443", "Tcp", "443"]
@@ -64,10 +66,10 @@ output "vmss_id"{
 
 Using the `vm_os_publisher`, `vm_os_offer` and `vm_os_sku` 
 
-```hcl 
+```hcl
 
 provider "azurerm" {
-  version = "~> 0.1"
+  version = "~> 0.3"
 }
 
 variable "resource_group_name" {
@@ -81,13 +83,16 @@ module "network" {
   }
 
 module "loadbalancer" {
-  source = "Azure/loadbanacer/azurerm"
+  source = "Azure/loadbalancer/azurerm"
   resource_group_name = "${var.resource_group_name}"
   location = "westus"
   prefix = "terraform-test"
+  "lb_port" {
+      http = [ "80", "Tcp", "80"]
+  }
 }
 
-module "computegroup" { 
+module "computegroup" {
     source              = "Azure/computegroup/azurerm"
     resource_group_name = "${var.resource_group_name}"
     location            = "westus"
@@ -101,6 +106,7 @@ module "computegroup" {
     vm_os_sku           = "14.04.2-LTS"
     vnet_subnet_id      = "${module.network.vnet_subnets[0]}"
     load_balancer_backend_address_pool_ids = "${module.loadbalancer.azurerm_lb_backend_address_pool_id}"
+    cmd_extension       = "sudo apt-get -y install nginx"
     lb_port             = { 
                             http = ["80", "Tcp", "80"]
                             https = ["443", "Tcp", "443"]
@@ -117,6 +123,131 @@ output "vmss_id"{
 
 ```
 
+The module does not expose direct access to each node of the VM scale set for security reason. The following example shows how to use the compute group module with a jumpbox machine.
+
+```hcl
+provider "azurerm" {
+  version = "~> 0.3"
+}
+
+variable "resource_group_name" {
+    default = "jumpbox-test"
+}
+
+variable "location" { 
+    default = "westus"
+}
+
+module "network" {
+    source = "Azure/network/azurerm"
+    location = "${var.location}"
+    resource_group_name = "${var.resource_group_name}"
+  }
+
+module "loadbalancer" {
+  source = "Azure/loadbalancer/azurerm"
+  resource_group_name = "${var.resource_group_name}"
+  location = "${var.location}"
+  prefix = "terraform-test"
+  "lb_port" {
+      http = [ "80", "Tcp", "80"]
+  }
+}
+
+module "computegroup" {
+    source              = "Azure/computegroup/azurerm"
+    resource_group_name = "${var.resource_group_name}"
+    location            = "${var.location}"
+    vm_size             = "Standard_DS1_v2"
+    admin_username      = "azureuser"
+    admin_password      = "ComplexPassword"
+    ssh_key             = "~/.ssh/id_rsa.pub"
+    nb_instance         = 2
+    vm_os_publisher     = "Canonical"
+    vm_os_offer         = "UbuntuServer"
+    vm_os_sku           = "16.04-LTS"
+    vnet_subnet_id      = "${module.network.vnet_subnets[0]}"
+    load_balancer_backend_address_pool_ids = "${module.loadbalancer.azurerm_lb_backend_address_pool_id}"
+    cmd_extension       = "sudo apt-get -y install nginx"
+    lb_port             = {
+                            http = ["80", "Tcp", "80"]
+                          }
+    tags                = {
+                            environment = "codelab"
+                          }
+}
+
+resource "azurerm_public_ip" "jumpbox" {
+  name                         = "jumpbox-public-ip"
+  location                     = "${var.location}"
+  resource_group_name          = "${var.resource_group_name}"
+  public_ip_address_allocation = "static"
+  domain_name_label            = "${var.resource_group_name}-ssh"
+  depends_on                   = ["module.network"]
+  tags {
+    environment = "codelab"
+  }
+}
+
+resource "azurerm_network_interface" "jumpbox" {
+  name                = "jumpbox-nic"
+  location            = "${var.location}"
+  resource_group_name = "${var.resource_group_name}"
+
+  ip_configuration {
+    name                          = "IPConfiguration"
+    subnet_id                     = "${module.network.vnet_subnets[0]}"
+    private_ip_address_allocation = "dynamic"
+    public_ip_address_id          = "${azurerm_public_ip.jumpbox.id}"
+  }
+
+  tags {
+    environment = "codelab"
+  }
+}
+
+resource "azurerm_virtual_machine" "jumpbox" {
+  name                  = "jumpbox"
+  location              = "${var.location}"
+  resource_group_name   = "${var.resource_group_name}"
+  network_interface_ids = ["${azurerm_network_interface.jumpbox.id}"]
+  vm_size               = "Standard_DS1_v2"
+
+  storage_image_reference {
+    publisher = "Canonical"
+    offer     = "UbuntuServer"
+    sku       = "16.04-LTS"
+    version   = "latest"
+  }
+
+  storage_os_disk {
+    name              = "jumpbox-osdisk"
+    caching           = "ReadWrite"
+    create_option     = "FromImage"
+    managed_disk_type = "Standard_LRS"
+  }
+
+  os_profile {
+    computer_name  = "jumpbox"
+    admin_username = "azureuser"
+    admin_password = "Password1234!"
+  }
+
+  os_profile_linux_config {
+    disable_password_authentication = true
+
+    ssh_keys {
+      path     = "/home/azureuser/.ssh/authorized_keys"
+      key_data = "${file("~/.ssh/id_rsa.pub")}"
+    }
+  }
+
+  tags {
+    environment = "codelab"
+  }
+}
+
+````
 
 Authors
 =======

diff --git a/main.tf b/main.tf
@@ -1,5 +1,5 @@
 provider "azurerm" {
-    version = "~> 0.1"
+    version = "~> 0.3"
 }
 
 module "os" {
@@ -75,6 +75,18 @@ resource "azurerm_virtual_machine_scale_set" "vm-linux" {
       load_balancer_backend_address_pool_ids = ["${var.load_balancer_backend_address_pool_ids}"]
     }
   }
+
+  extension { 
+    name = "vmssextension"
+    publisher = "Microsoft.OSTCExtensions"
+    type = "CustomScriptForLinux"
+    type_handler_version = "1.2"
+    settings = <<SETTINGS
+    {
+        "commandToExecute": "${var.cmd_extension}"
+    }
+    SETTINGS
+  }
 }
 
 resource "azurerm_virtual_machine_scale_set" "vm-windows" {
@@ -129,4 +141,16 @@ resource "azurerm_virtual_machine_scale_set" "vm-windows" {
       load_balancer_backend_address_pool_ids = ["${var.load_balancer_backend_address_pool_ids}"]
     }
   }
+
+  extension {
+    name = "vmssextension"
+    publisher = "Microsoft.Compute"
+    type = "CustomScriptExtension"
+    type_handler_version = "1.8"
+    settings = <<SETTINGS
+    {
+        "commandToExecute": "${var.cmd_extension}"
+    }
+    SETTINGS
+  }
 }
diff --git a/variables.tf b/variables.tf
@@ -97,6 +97,11 @@ variable "lb_port" {
     }
 }
 
+variable "cmd_extension" { 
+    description = "Command to be excuted by the custom script extension"
+    default = ""
+}
+
 variable "tags" {
   type = "map"
   description = "A map of the tags to use on the resources that are deployed with this module."