Merge pull request #10 from adambaumeister/non-vmss-module

Non vmss module
adambaumeister · Sep 25, 2020 · 93e28f2 · 93e28f2
2 parents 3b1b1c5 + 4f9105b
commit 93e28f2
Show file tree

Hide file tree

Showing 19 changed files with 734 additions and 172 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 <div align="center">
-    <img src="https://www.terraform.io/assets/images/og-image-8b3e4f7d.png" alt="TF Logo" height="100px">
-    <img src="https://raw.githubusercontent.com/adambaumeister/azure-vmseries-terraform/master/images/azure.png" alt="Azure Logo" height="100px">
+    <img src="https://www.terraform.io/assets/images/og-image-8b3e4f7d.png" alt="TF Logo" height="50px">
+    <img src="https://raw.githubusercontent.com/adambaumeister/azure-vmseries-terraform/master/images/azure.png" alt="Azure Logo" height="50px">
 </div>
 
 <div align="center">

diff --git a/docs/customization.md b/docs/customization.md
@@ -35,7 +35,7 @@ to use *vm-no-bootstrap* in main.tf as below:
 
 ```
 module "vm-series" {
-  source = "./modules/vm-no-bootstrap"
+  source = "./modules/vmss-no-bootstrap"
 
   location = var.location
   name_prefix = var.name_prefix
@@ -64,4 +64,17 @@ data "external" "panorama_bootstrap" {
 ...
 }
 ```
-This will still deploy the bootstrap and VHD storage requirements, but it won't add any of the bootstrap files.
+This will still deploy the bootstrap and VHD storage requirements, but it won't add any of the bootstrap files.
+
+# Deploying Without ScaleSets
+In some cases you may want to deploy an environment that uses dedicated virtual machines and not VMSS. 
+
+A second terraform deployment is provided under the *no-vmss* directory. This deployment is otherwise identical to the 
+normal deployment model using VMSS. 
+
+To use it, simply change directory to *no-vmss* before running terraform as normal.
+```bash
+terraform init
+terraform apply --var-file=example.tfvars
+```
+
diff --git a/main.tf b/main.tf
@@ -58,9 +58,10 @@ module "outbound-lb" {
   backend-subnet = module.networks.subnet-private.id
 }
 
+
 # Create the inbound and outbound VM Scale sets
 module "vm-series" {
-  source = "./modules/vm"
+  source = "./modules/vmss"
 
   location    = var.location
   name_prefix = var.name_prefix

diff --git a/modules/lbs/lb.tf b/modules/lbs/lb.tf
@@ -15,14 +15,6 @@ resource "azurerm_public_ip" "lb-fip-pip" {
   resource_group_name = azurerm_resource_group.rg-lb.name
 }
 
-resource "azurerm_public_ip" "lb-inbound-fip-pip" {
-  allocation_method   = "Static"
-  sku                 = "standard"
-  location            = azurerm_resource_group.rg-lb.location
-  name                = "${var.name_prefix}-inbound-fip-pip"
-  resource_group_name = azurerm_resource_group.rg-lb.name
-}
-
 resource "azurerm_lb" "lb" {
   location            = var.location
   name                = "${var.name_prefix}-lb"
@@ -35,10 +27,6 @@ resource "azurerm_lb" "lb" {
       public_ip_address_id = frontend_ip_configuration.value.id
     }
   }
-  frontend_ip_configuration {
-    name                 = "${var.name_prefix}-outbound-fip"
-    public_ip_address_id = azurerm_public_ip.lb-inbound-fip-pip.id
-  }
 }
 
 resource "azurerm_lb_backend_address_pool" "lb-backend" {

diff --git a/modules/lbs/outputs.tf b/modules/lbs/outputs.tf
@@ -11,4 +11,7 @@ output "pip" {
 
 output "backend-pool-id" {
   value = azurerm_lb_backend_address_pool.lb-backend.id
+}
+output "frontend-ip-configs" {
+  value = toset([for c in azurerm_lb.lb.frontend_ip_configuration : c.name])
 }
diff --git a/modules/olb/outputs.tf b/modules/olb/outputs.tf
@@ -1,3 +1,7 @@
 output "backend-pool-id" {
   value = azurerm_lb_backend_address_pool.lb-backend.id
+}
+
+output "frontend-ip-configs" {
+  value = toset([for c in azurerm_lb.lb.frontend_ip_configuration : c.name])
 }
diff --git a/modules/vm/ob-vmseries.tf b/modules/vm/ob-vmseries.tf
@@ -0,0 +1,128 @@
+
+resource "azurerm_availability_set" "ob-az" {
+  location = var.location
+  name = "${var.name_prefix}-ob-vm-az"
+  resource_group_name = var.resource_group.name
+}
+
+# Create a public IP for management
+resource "azurerm_public_ip" "ob-pip-fw-mgmt" {
+  count               = var.vm_count
+  allocation_method   = "Static"
+  location            = var.resource_group.location
+  name                = "${var.name_prefix}--ob-fw-pip-${count.index}"
+  sku                 = "standard"
+  resource_group_name = var.resource_group.name
+}
+# Create another PIP for the outside interface so we can talk outbound
+resource "azurerm_public_ip" "ob-pip-fw-public" {
+  count               = var.vm_count
+  allocation_method   = "Static"
+  location            = var.resource_group.location
+  name                = "${var.name_prefix}-ob-outside-fw-pip-${count.index}"
+  sku                 = "standard"
+  resource_group_name = var.resource_group.name
+}
+
+resource "azurerm_network_interface" "ob-nic-fw-mgmt" {
+  count               = var.vm_count
+  location            = var.resource_group.location
+  name                = "${var.name_prefix}-ob-nic-fw-mgmt-${count.index}"
+  resource_group_name = var.resource_group.name
+  ip_configuration {
+    subnet_id                     = var.subnet-mgmt.id
+    name                          = "${var.name_prefix}-ob-fw-ip-mgmt"
+    private_ip_address_allocation = "dynamic"
+    public_ip_address_id          = azurerm_public_ip.ob-pip-fw-mgmt[count.index].id
+  }
+}
+
+resource "azurerm_network_interface" "ob-nic-fw-private" {
+  count               = var.vm_count
+  location            = var.resource_group.location
+  name                = "${var.name_prefix}-ob-nic-fw-private-${count.index}"
+  resource_group_name = var.resource_group.name
+  ip_configuration {
+    subnet_id                     = var.subnet-private.id
+    name                          = "${var.name_prefix}-ob-fw-ip-inside-${count.index}"
+    private_ip_address_allocation = "dynamic"
+    //private_ip_address = "172.16.1.10"
+  }
+  enable_ip_forwarding = true
+}
+
+resource "azurerm_network_interface" "ob-nic-fw-public" {
+  count               = var.vm_count
+  location            = var.resource_group.location
+  name                = "${var.name_prefix}-ob-nic-fw-public-${count.index}"
+  resource_group_name = var.resource_group.name
+  ip_configuration {
+    subnet_id                     = var.subnet-public.id
+    name                          = "${var.name_prefix}-ob-fw-ip-outside-${count.index}"
+    private_ip_address_allocation = "dynamic"
+    //private_ip_address = "172.16.2.10"
+    public_ip_address_id = azurerm_public_ip.ob-pip-fw-public[count.index].id
+
+  }
+  enable_ip_forwarding = true
+
+}
+
+resource "azurerm_network_interface_backend_address_pool_association" "outbound-pool-assoc" {
+  count                   = var.vm_count
+  backend_address_pool_id = var.outbound_lb_backend_pool_id
+  ip_configuration_name   = azurerm_network_interface.ob-nic-fw-private[count.index].ip_configuration[0].name
+  network_interface_id    = azurerm_network_interface.ob-nic-fw-private[count.index].id
+}
+
+resource "azurerm_virtual_machine" "outbound-fw" {
+  count    = var.vm_count
+  location = var.resource_group.location
+  name     = "${var.name_prefix}-ob-fw-${count.index}"
+  network_interface_ids = [
+    azurerm_network_interface.ob-nic-fw-mgmt[count.index].id,
+    azurerm_network_interface.ob-nic-fw-public[count.index].id,
+    azurerm_network_interface.ob-nic-fw-private[count.index].id
+  ]
+  resource_group_name = var.resource_group.name
+  vm_size             = var.vmseries_size
+  storage_image_reference {
+    publisher = "paloaltonetworks"
+    offer     = "vmseries1"
+    sku       = var.vm_series_sku
+    version   = var.vm_series_version
+  }
+
+  storage_os_disk {
+    create_option = "FromImage"
+    name          = "${var.name_prefix}-vhd-ob-fw-${count.index}"
+    caching       = "ReadWrite"
+    vhd_uri       = "${var.bootstrap-storage-account.primary_blob_endpoint}vhds/${var.name_prefix}-ob-fw-${count.index}.vhd"
+  }
+
+
+  primary_network_interface_id = azurerm_network_interface.ob-nic-fw-mgmt[count.index].id
+  os_profile {
+    admin_username = var.username
+    computer_name  = "${var.name_prefix}-ob-fw-${count.index}"
+    admin_password = var.password
+    custom_data = join(
+      ",",
+      [
+        "storage-account=${var.bootstrap-storage-account.name}",
+        "access-key=${var.bootstrap-storage-account.primary_access_key}",
+        "file-share=${var.outbound-bootstrap-share-name}",
+        "share-directory=None"
+      ]
+    )
+  }
+  os_profile_linux_config {
+    disable_password_authentication = false
+  }
+  plan {
+    name      = var.vm_series_sku
+    publisher = "paloaltonetworks"
+    product   = "vmseries1"
+  }
+  availability_set_id = azurerm_availability_set.ob-az.id
+}
diff --git a/modules/vm/outputs.tf b/modules/vm/outputs.tf
@@ -1,3 +1 @@
-output "resource-group" {
-  value = azurerm_resource_group.vmseries
-}
+
diff --git a/modules/vm/variables.tf b/modules/vm/variables.tf
@@ -57,9 +57,18 @@ variable "vm_series_count" {
 variable "vhd-container" {
 }
 
-variable "public_backend_pool_id" {
-  description = "The LB pool to associate the public interface with."
+variable "resource_group" {
+  description = "The resource group for VM series deployment"
 }
-variable "private_backend_pool_id" {
-  description = "The LB pool to associate the private interface with."
+
+variable "inbound_lb_backend_pool_id" {
+  default = ""
+}
+
+variable "outbound_lb_backend_pool_id" {
+  default = ""
+}
+
+variable "vm_count" {
+  default = 2
 }