diff --git a/azure/terraform/README.md b/azure/terraform/README.md
index 96b8bbe..6d9091b 100644
--- a/azure/terraform/README.md
+++ b/azure/terraform/README.md
@@ -1,65 +1,71 @@
# What
Terraform allows to transparently declare our infrastructure as code.
# The road so far
Only the vault is defined within the `vault.tf` file.
Vault is composed of:
- one api allowing to request object cooking or retrieve cooked objects
(objstorage, db)
- this also uses a storage to read the swh archive (azure:
storage0.euwest.azure)
The vault.tf defines here:
- existing:
- subnet (reuse)
- security-group (reuse)
- new resource:
- euwest-vault: to group together the allocated resource for the vault
- vangogh-interface: to define an ip for the new server vangogh
- vault-storage: storage account for the BlobStorage necessary for the
objstorage api of the vault (including a container "contents" to actually
store the blobs)
- vault-server: the 'vangogh.euwest.azure' vm to actually serve the vault api
# Install terraform
https://learn.hashicorp.com/terraform/getting-started/install.html#installing-terraform
# Login
Through azure cli (for now)
```
az login
```
# Init
```
terraform init
```
# Plan changes
This will compute all *.tf files present in the folder and compute a
differential plan:
```
terraform plan
```
-Note: It might be a good idea to change the `variables.tf` file to adapt for
-example the admin user and its associated public key
-
# Apply changes
Same as previous command except that it applies the diff to the infra
(interactive):
```
terraform apply
```
+
+Note: adapt the `init.tf` file with the admin user's associated public key
+first. That will allow you to connect (ssh) to the new nodes you created (if
+any).
+
+# Arborescence
+
+- init.tf: Common resources in our azure infrastructure
+- vault.tf: Vault node definition
diff --git a/azure/terraform/init.tf b/azure/terraform/init.tf
new file mode 100644
index 0000000..ec215b2
--- /dev/null
+++ b/azure/terraform/init.tf
@@ -0,0 +1,33 @@
+# Keyword use:
+# - provider: Define the provider(s)
+# - data: Retrieve data information to be used within the file
+# - resource: Define resource and create/update
+
+# Configure the Microsoft Azure Provider
+# Empty if using the `az login` tool
+provider "azurerm" {
+ version = "~> 1.27"
+}
+
+# Reuse the network security group as defined currently
+data "azurerm_network_security_group" "worker-nsg" {
+ name = "worker-nsg"
+ resource_group_name = "swh-resource"
+}
+
+# Same for the subnet
+data "azurerm_subnet" "default" {
+ name = "default"
+ virtual_network_name = "swh-vnet"
+ resource_group_name = "swh-resource"
+}
+
+variable "ssh_key_data" {
+ type = "string"
+ default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZarzgHrzUYspvrgSI6fszrALo92BDys7QOkJgUfZa9t9m4g7dUANNtwBiqIbqijAQPmB1zKgG6QTZC5rJkRy6KqXCW/+Qeedw/FWIbuI7jOD5WxnglbEQgvPkkB8kf1xIF7icRfWcQmK2je/3sFd9yS4/+jftNMPPXkBCxYm74onMenyllA1akA8FLyujLu6MNA1D8iLLXvz6pBDTT4GZ5/bm3vSE6Go8Xbuyu4SCtYZSHaHC2lXZ6Hhi6dbli4d3OwkUWz+YhFGaEra5Fx45Iig4UCL6kXPkvL/oSc9KGerpT//Xj9qz1K7p/IrBS8+eA4X69bHYYV0UZKDADZSn ardumont@yavin4"
+}
+
+variable "user_admin" {
+ type = "string"
+ default = "root"
+}
diff --git a/azure/terraform/variables.tf b/azure/terraform/variables.tf
deleted file mode 100644
index d0b07b1..0000000
--- a/azure/terraform/variables.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-variable "ssh_key_data" {
- type = "string"
- default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZarzgHrzUYspvrgSI6fszrALo92BDys7QOkJgUfZa9t9m4g7dUANNtwBiqIbqijAQPmB1zKgG6QTZC5rJkRy6KqXCW/+Qeedw/FWIbuI7jOD5WxnglbEQgvPkkB8kf1xIF7icRfWcQmK2je/3sFd9yS4/+jftNMPPXkBCxYm74onMenyllA1akA8FLyujLu6MNA1D8iLLXvz6pBDTT4GZ5/bm3vSE6Go8Xbuyu4SCtYZSHaHC2lXZ6Hhi6dbli4d3OwkUWz+YhFGaEra5Fx45Iig4UCL6kXPkvL/oSc9KGerpT//Xj9qz1K7p/IrBS8+eA4X69bHYYV0UZKDADZSn ardumont@bespin"
-}
-
-variable "user_admin" {
- type = "string"
- default = "ardumont"
-}
diff --git a/azure/terraform/vault.tf b/azure/terraform/vault.tf
index e1834e7..372452f 100644
--- a/azure/terraform/vault.tf
+++ b/azure/terraform/vault.tf
@@ -1,111 +1,87 @@
-# Keyword use:
-# - provider: Define the provider(s)
-# - data: Retrieve data information to be used within the file
-# - resource: Define resource and create/update
-
-# Configure the Microsoft Azure Provider
-# Empty if using the `az login` tool
-provider "azurerm" {
- version = "~> 1.27"
-}
-
-# Reuse the network security group as defined currently
-data "azurerm_network_security_group" "worker-nsg" {
- name = "worker-nsg"
- resource_group_name = "swh-resource"
-}
-
-# Same for the subnet
-data "azurerm_subnet" "default" {
- name = "default"
- virtual_network_name = "swh-vnet"
- resource_group_name = "swh-resource"
-}
-
# Define a new resource for the vault
# matching what we name elsewhere "euwest-${resource}"
resource "azurerm_resource_group" "euwest-vault" {
name = "euwest-vault"
location = "westeurope"
tags {
environment = "SWH Vault"
}
}
resource "azurerm_network_interface" "vangogh-interface" {
name = "vangogh-interface"
location = "westeurope"
resource_group_name = "euwest-vault"
network_security_group_id = "${data.azurerm_network_security_group.worker-nsg.id}"
ip_configuration {
name = "vaultNicConfiguration"
subnet_id = "${data.azurerm_subnet.default.id}"
public_ip_address_id = ""
private_ip_address_allocation = "Dynamic"
}
}
# Blobstorage as defined in task
resource "azurerm_storage_account" "vault-storage" {
name = "swhvaultstorage"
resource_group_name = "${azurerm_resource_group.euwest-vault.name}"
location = "westeurope"
account_tier = "Standard"
account_replication_type = "LRS"
account_kind = "BlobStorage"
access_tier = "Cool"
tags {
environment = "SWH Vault"
}
}
# A container for the blob storage named 'contents' (as other blob storages)
resource "azurerm_storage_container" "contents" {
name = "contents"
resource_group_name = "${azurerm_resource_group.euwest-vault.name}"
storage_account_name = "${azurerm_storage_account.vault-storage.name}"
container_access_type = "private"
}
resource "azurerm_virtual_machine" "vault-server" {
name = "vangogh"
location = "westeurope"
resource_group_name = "euwest-vault"
network_interface_ids = ["${azurerm_network_interface.vangogh-interface.id}"]
vm_size = "Standard_B2ms"
storage_os_disk {
name = "vangogh-osdisk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Premium_LRS"
}
storage_image_reference {
publisher = "credativ"
offer = "Debian"
sku = "9"
version = "latest"
}
# (Va)ngogh <-> (Va)ult
os_profile {
computer_name = "vangogh"
admin_username = "${var.user_admin}"
}
os_profile_linux_config {
disable_password_authentication = true
ssh_keys {
path = "/home/${var.user_admin}/.ssh/authorized_keys"
key_data = "${var.ssh_key_data}"
}
}
tags {
environment = "SWH Vault"
}
}