This project runs terraform module to setup ISE VNET infrastructure on Azure
- Terraform ~> 1.5.x
- Azure CLI
- Azure subscription with at least
Contributorlevel access
-
To install terraform, follow the instructions as per your operating system - Install Terraform
-
To install Azure CLI, follow the instructions mentioned here - Install Azure CLI
To configure and allow access to Azure account, we need a user having atleast Contributor level access . Run the below command to get Azure access using CLI. It will prompt you to login through web browser
az login
In case you are running this command on a server where you don't have any browser you can run the below command and use the code to login on any other machine.
az login --use-device-code
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code to authenticate.
NOTE: Please refer Terraform documentation for other authentication methods. - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Before running terraform modules, follow below steps
- Setup SSH for git, follow this documentation - How to setup SSH for git
- As per Terraform's best practice, it is recommended to store the state file remotely in cloud. As Storing terraform state files in storage account provides enhanced collaboration, security and durability over keeping state files locally.
- If you have a Azure storage account already created to store the state file, that needs to be referenced in terraform init command.
- If you do not have an existing storage account then please create Azure storage account configuration which needs to be referenced in terraform init command.
Run below commands to configure storage account
az group create --name myResourceGroup --location eastus
az storage account create --name mystorageaccount --resource-group myResourceGroup --location eastus --sku Standard_LRS
az storage account show-connection-string --name mystorageaccount --resource-group myResourceGroup --query connectionString --output tsv
az storage container create --name mycontainer --connection-string "<your_connection_string>"
Clone this git repo by using below this command
git clone https://github3.cisco.com/techops-operation/ise_launch_template-terraform-azure-vnet.git
Please refer Below "Inputs" section and update the terraform.tfvars as per requirement. Once updated, run below commands to deploy the VNET stack
terraform init --upgrade \
-backend-config="resource_group_name=<resource_group_name>" \
-backend-config="container_name=<container_name>" \
-backend-config="storage_account_name=<storage_account_name>" \
-reconfigure
terraform plan
terraform apply
Type 'yes' when prompted after running terraform apply
This deployment takes approx 10 minutes to deploy.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ise_func_subnet | Mention the subnet name for Function App VNET integration, it is a service dedicated subnet delegated to service Microsoft.Web/serverFarms. | string |
"ise_func_subnet" |
|
| ise_func_subnet_cidr | List of CIDR block for Funcation App private subnet | list(string) |
[ |
|
| ise_resource_group | Mention the Resource Group name | string |
"Cisco_ISE_RG" |
|
| location | Mention the region where you want to deploy resources | string |
"East US" |
|
| private_subnet_cidrs | List of CIDR blocks for private subnets | list(string) |
[ |
|
| public_subnet_cidrs | List of CIDR blocks for public subnets | list(string) |
[ |
|
| subscription | Enter the Azure subscription ID | string |
"a8b4411b-d161-41bf-82f5-7d80b0f9aa35" |
|
| vnet_address | Enter the Virtual Network CIDR | string |
"10.0.0.0/16" |
|
| vnet_name | Enter the name of VNET | string |
"ise_vnet" |
| Name | Description |
|---|---|
| ise_func_subnet | Function App VNET Integration Subnet CIDR |
| ise_func_subnet_name | Function App VNET Integration Subnet |
| ise_lb_subnet_name | ISE Loadbalancer Subnet |
| ise_vm_subnet_name | ISE VM subnet |
| private_nsg_ids | NAT Gateway ID |
| private_subnet_ids | Private Subnet ID |
| public_ip_ids | Public IP ID |
| public_subnet_ids | Public Subnet ID |
| resource_group | Resource Group |
| vnet_name | VNET name |
To destroy the ISE infrastructure resources created by this module, run below commands.
NOTE:
Manual changes/resource creation outside this terrform module will not be tracked in the terraform state and cause issues if user needs to upgrade/destory the deployed stack. Please avoid manual changes.
If still manual changes are needed then please keep a note of changes, revert them before making any upgrade or destroy.
terraform destroy -plan
terraform destroy
To know more about the destroy command, please refer this terraform destroy page
If you encounter issues with the terraform destroy command, attempt to run the command again. Additionally, you can track the resources managed by Terraform using the following command
terraform state list