Changeset View
Changeset View
Standalone View
Standalone View
azure/terraform/vault.tf
- This file was added.
# Keyword use: | |||||
# - provider: Define the provider(s) | |||||
# - data: Retrieve data information to be used within the file | |||||
# - resource: Define resource and create/update | |||||
# Configure the Microsoft Azure Provider | |||||
# Empty if using the `az login` tool | |||||
provider "azurerm" { | |||||
version = "~> 1.27" | |||||
} | |||||
# Reuse the network security group as defined currently | |||||
data "azurerm_network_security_group" "worker-nsg" { | |||||
name = "worker-nsg" | |||||
resource_group_name = "swh-resource" | |||||
} | |||||
# Same for the subnet | |||||
data "azurerm_subnet" "default" { | |||||
name = "default" | |||||
virtual_network_name = "swh-vnet" | |||||
resource_group_name = "swh-resource" | |||||
} | |||||
# Define a new resource for the vault | |||||
# matching what we name elsewhere "euwest-${resource}" | |||||
resource "azurerm_resource_group" "euwest-vault" { | |||||
name = "euwest-vault" | |||||
location = "westeurope" | |||||
tags { | |||||
environment = "SWH Vault" | |||||
} | |||||
} | |||||
resource "azurerm_network_interface" "vangogh-interface" { | |||||
name = "vangogh-interface" | |||||
location = "westeurope" | |||||
resource_group_name = "euwest-vault" | |||||
network_security_group_id = "${data.azurerm_network_security_group.worker-nsg.id}" | |||||
ip_configuration { | |||||
name = "vaultNicConfiguration" | |||||
subnet_id = "${data.azurerm_subnet.default.id}" | |||||
public_ip_address_id = "" | |||||
private_ip_address_allocation = "Dynamic" | |||||
} | |||||
} | |||||
# Blobstorage as defined in task | |||||
resource "azurerm_storage_account" "vault-storage" { | |||||
name = "swhvaultstorage" | |||||
resource_group_name = "${azurerm_resource_group.euwest-vault.name}" | |||||
location = "westeurope" | |||||
account_tier = "Standard" | |||||
account_replication_type = "LRS" | |||||
account_kind = "BlobStorage" | |||||
access_tier = "Cool" | |||||
tags { | |||||
environment = "SWH Vault" | |||||
} | |||||
} | |||||
# A container for the blob storage named 'contents' (as other blob storages) | |||||
resource "azurerm_storage_container" "contents" { | |||||
name = "contents" | |||||
resource_group_name = "${azurerm_resource_group.euwest-vault.name}" | |||||
storage_account_name = "${azurerm_storage_account.vault-storage.name}" | |||||
vlorentz: s/servers/workers/ ? | |||||
Done Inline ActionsIt's for the vault's api and the objstorage's api, that's why i called it servers. The cooking workers are already set up (and not part of this, but could be? <- outside of the diff's scope ;) ardumont: It's for the vault's api and the objstorage's api, that's why i called it servers.
The cooking… | |||||
container_access_type = "private" | |||||
} | |||||
resource "azurerm_virtual_machine" "vault-server" { | |||||
name = "vangogh" | |||||
location = "westeurope" | |||||
resource_group_name = "euwest-vault" | |||||
network_interface_ids = ["${azurerm_network_interface.vangogh-interface.id}"] | |||||
Not Done Inline ActionsWhat about a B2ms or B4ms? They are roughly the same price, but you get more "burst" CPU power, which is good for a worker vlorentz: What about a B2ms or B4ms? They are roughly the same price, but you get more "burst" CPU power… | |||||
Done Inline ActionsI did not get into that much details yet. The use case here:
Comparison: |-----------+----------+-----------------+-------+------+-----------+----------+--------------+----------------| | vm size | offering | family | vcpus | rams | data disk | max iops | temp storage | cost/month (€) | |-----------+----------+-----------------+-------+------+-----------+----------+--------------+----------------| | B2ms | Standard | General purpose | 2 | 8 | 4 | 2400 | 16 GB | 52.20 | | B4ms | Standard | General purpose | 4 | 16 | 8 | 3600 | 32 GB | 104.15 | | DS2_v2 | Standard | General purpose | 2 | 7 | 8 | 6400 | 14 GB | 91.60 | | D2s_v3 | Standard | General purpose | 2 | 8 | 4 | 3200 | 16 GB | 60.23 | |-----------+----------+-----------------+-------+------+-----------+----------+--------------+----------------| | orangerie | X | X | 2 | 2 | X | ? | | | |-----------+----------+-----------------+-------+------+-----------+----------+--------------+----------------| The actual machine running the vault is orangerie. ardumont: I did not get into that much details yet.
Thanks for reminding me. I kept the initial reference… | |||||
vm_size = "Standard_B2ms" | |||||
storage_os_disk { | |||||
name = "vangogh-osdisk" | |||||
caching = "ReadWrite" | |||||
create_option = "FromImage" | |||||
managed_disk_type = "Premium_LRS" | |||||
} | |||||
Done Inline ActionsCount is not needed, so this will be simplified (other instances as well). ardumont: Count is not needed, so this will be simplified (other instances as well). | |||||
storage_image_reference { | |||||
publisher = "credativ" | |||||
offer = "Debian" | |||||
sku = "9" | |||||
version = "latest" | |||||
} | |||||
# (Va)ngogh <-> (Va)ult | |||||
os_profile { | |||||
computer_name = "vangogh" | |||||
admin_username = "${var.user_admin}" | |||||
} | |||||
os_profile_linux_config { | |||||
disable_password_authentication = true | |||||
ssh_keys { | |||||
path = "/home/${var.user_admin}/.ssh/authorized_keys" | |||||
key_data = "${var.ssh_key_data}" | |||||
} | |||||
} | |||||
tags { | |||||
environment = "SWH Vault" | |||||
Done Inline ActionsThanks for olasd's heads up, it's not one museum, so i'll change to 'vangogh' instead. ardumont: Thanks for olasd's heads up, it's not one museum, so i'll change to 'vangogh' instead. | |||||
} | |||||
} |
s/servers/workers/ ?