diff --git a/azure/terraform/init.tf b/azure/terraform/init.tf index d819a99..e2c8238 100644 --- a/azure/terraform/init.tf +++ b/azure/terraform/init.tf @@ -1,56 +1,61 @@ # Keyword use: # - provider: Define the provider(s) # - data: Retrieve data information to be used within the file # - resource: Define resource and create/update terraform { backend "azurerm" { resource_group_name = "euwest-admin" storage_account_name = "swhterraform" container_name = "tfstate" key = "prod.azure.terraform.tfstate" } } # Configure the Microsoft Azure Provider # Empty if using the `az login` tool provider "azurerm" { version = "~> 1.27" } # Reuse the network security group as defined currently data "azurerm_network_security_group" "worker-nsg" { name = "worker-nsg" resource_group_name = "swh-resource" } # Same for the subnet data "azurerm_subnet" "default" { name = "default" virtual_network_name = "swh-vnet" resource_group_name = "swh-resource" } +# same for resource group used by storage servers +data "azurerm_resource_group" "euwest-servers" { + name = "euwest-servers" +} + variable "firstboot_script" { type = string default = "/root/firstboot.sh" } variable "ssh_key_data_ardumont" { type = string default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZarzgHrzUYspvrgSI6fszrALo92BDys7QOkJgUfZa9t9m4g7dUANNtwBiqIbqijAQPmB1zKgG6QTZC5rJkRy6KqXCW/+Qeedw/FWIbuI7jOD5WxnglbEQgvPkkB8kf1xIF7icRfWcQmK2je/3sFd9yS4/+jftNMPPXkBCxYm74onMenyllA1akA8FLyujLu6MNA1D8iLLXvz6pBDTT4GZ5/bm3vSE6Go8Xbuyu4SCtYZSHaHC2lXZ6Hhi6dbli4d3OwkUWz+YhFGaEra5Fx45Iig4UCL6kXPkvL/oSc9KGerpT//Xj9qz1K7p/IrBS8+eA4X69bHYYV0UZKDADZSn ardumont@yavin4" } variable "ssh_key_data_olasd" { type = string default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ1TCpfzrvxLhEMhxjbxqPDCwY0nazIr1cyIbhGD2bUdAbZqVMdNtr7MeDnlLIKrIPJWuvltauvLNkYU0iLc1jMntdBCBM3hgXjmTyDtc8XvXseeBp5tDqccYNR/cnDUuweNcL5tfeu5kzaAg3DFi5Dsncs5hQK5KQ8CPKWcacPjEk4ir9gdFrtKG1rZmg/wi7YbfxrJYWzb171hdV13gSgyXdsG5UAFsNyxsKSztulcLKxvbmDgYbzytr38FK2udRk7WuqPbtEAW1zV4yrBXBSB/uw8EAMi+wwvLTwyUcEl4u0CTlhREljUx8LhYrsQUCrBcmoPAmlnLCD5Q9XrGH nicolasd@darboux id_rsa.inria.pub" } variable "user_admin" { type = string default = "tmpadmin" } variable "boot_diagnostics_uri" { default = "https://swhresourcediag966.blob.core.windows.net" } diff --git a/azure/terraform/storage.tf b/azure/terraform/storage.tf new file mode 100644 index 0000000..78691dc --- /dev/null +++ b/azure/terraform/storage.tf @@ -0,0 +1,131 @@ +# will start from 1 storage01... +variable "storage_servers" { + default = 1 +} + +variable "storage_disk_size" { + default = 30720 +} + + +locals { + storage_servers = { + for i in range(var.storage_servers): + format("storage%02d", i + 1) => { + datadisks = {} + } + } +} + + +resource "azurerm_network_interface" "storage-interface" { + for_each = local.storage_servers + + name = format("%s-interface", each.key) + location = "westeurope" + resource_group_name = "euwest-servers" + network_security_group_id = data.azurerm_network_security_group.worker-nsg.id + + ip_configuration { + name = "storageNicConfiguration" + subnet_id = data.azurerm_subnet.default.id + public_ip_address_id = "" + private_ip_address_allocation = "Dynamic" + } +} + +resource "azurerm_virtual_machine" "storage-server" { + for_each = local.storage_servers + + name = each.key + location = "westeurope" + resource_group_name = "euwest-servers" + network_interface_ids = [azurerm_network_interface.storage-interface[each.key].id] + vm_size = "Standard_D8s_v3" + + boot_diagnostics { + enabled = true + storage_uri = var.boot_diagnostics_uri + } + + storage_os_disk { + name = format("%s-osdisk", each.key) + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Premium_LRS" + } + + storage_image_reference { + publisher = "debian" + offer = "debian-10" + sku = "10" + version = "latest" + } + + os_profile { + computer_name = each.key + admin_username = var.user_admin + } + + os_profile_linux_config { + disable_password_authentication = true + ssh_keys { + path = "/home/${var.user_admin}/.ssh/authorized_keys" + key_data = var.ssh_key_data_ardumont + } + ssh_keys { + path = "/home/${var.user_admin}/.ssh/authorized_keys" + key_data = var.ssh_key_data_olasd + } + } + + provisioner "remote-exec" { + inline = [ + "sudo mkdir /root/.ssh", + "echo ${var.ssh_key_data_ardumont} | sudo tee -a /root/.ssh/authorized_keys", + "echo ${var.ssh_key_data_olasd} | sudo tee -a /root/.ssh/authorized_keys", + ] + + connection { + type = "ssh" + user = var.user_admin + host = azurerm_network_interface.storage-interface[each.key].private_ip_address + } + } + + provisioner "file" { + content = templatefile("templates/firstboot.sh.tpl", { + hostname = each.key + fqdn = format("%s.euwest.azure.internal.softwareheritage.org", each.key), + ip_address = azurerm_network_interface.storage-interface[each.key].private_ip_address, + facter_location = "azure_euwest", + disks = [] + raids = [] + }) + destination = var.firstboot_script + + connection { + type = "ssh" + user = "root" + host = azurerm_network_interface.storage-interface[each.key].private_ip_address + } + } + + provisioner "remote-exec" { + inline = [ + "userdel -f ${var.user_admin}", + "chmod +x ${var.firstboot_script}", + "cat ${var.firstboot_script}", + "${var.firstboot_script}", + ] + connection { + type = "ssh" + user = "root" + host = azurerm_network_interface.storage-interface[each.key].private_ip_address + } + } + + tags = { + environment = "Storage" + } +}