Simplifying deployment to include all resources

AppZone/Hub_Spoke/Single_Region/Oracle_Single/README.md

@@ -4,40 +4,32 @@ Terraform deployment to build a Azure virtual machine by passing variables to al
 # Dependencies
 Engineer deploying needs to have the following:
 1. [Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform/azure-get-started)
-2. [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
 3. [Visual Studio Code](https://code.visualstudio.com/)
 4. [Clone of GitHub Repo](https://github.com/aultt/Azure-Terraform-LabinaBox) 
-5. Deployment of Landing zone from Repo referenced above.
-    Multi-Region or Single-Region Landingzone can be deployed.  Single region is easier as it doesn't require domain or vpn to be created.  These are included however they have not been tested fully. If you leverage multi-region you can deploy Oracle Vm from on-prem.  If not there is no vpn and therefore you will need to deploy from the Jump host machine deployed.  This will require you follow these steps again on the jump host.
 6. Download of [Grid Infrastructure](https://www.oracle.com/database/technologies/oracle19c-linux-downloads.html) stored into an Azure Storage Account.  
 7. Creation of a SAS token to leverage file referenced above.
 
 # Build and Test
 Prior to deploying the Oracle you will want to look over and confirm/modify variables within the deployment.  
 
 ## Template Variable File
-A Sample variable file has been provided with the required variables which should be configured.  Variable file is named oracle_template.tfvars  Any additional variables you would like to change can be added to this file. Once updated you can run the following terraform init -var-file=oracle_template.tfvars followed by terraform apply -var-file=oracle_template.tfvars
+A Sample variable file has been provided with the required variables which should be configured.  Variable file is named oracle_template.tfvars.  Any additional variables you would like to change can be added to this file. Once updated you can run the following: terraform init -var-file=oracle_template.tfvars followed by terraform apply -var-file=oracle_template.tfvars. Its recommended to create a copy of the variables file and change the template to your name or something else to identify it.  This will prevent it from be merged back to github as there is an ignore for all other .tvars files.  After Terraform has been deployed there is an additional step to deploy the oracle configuration.  Connect to the VM with Bastion, which was created as part of the deployment.  If you accepted the defaults the username is azureadmin, for authentication select SSH Private Key from Azure Key Vault.  The Subscription, KevVault and Secret should auto-select.  Click Connect.  You should now be in the VM.  Type ls, you should see two files in your home directory, Configure-ASM-server.yml and deployoracle.sh.  The yml file is the ansible playbook while the sh file is the command with required parameters to deploy the playbook.  Execute by typing . ./deployoracle.sh the playbook will deploy oracle and should complete in around 15min.  You are now ready to connect to oracle run some tests or create tables.
 
 ## Variables which must be updated
-1. landingzone_subscription_id
-2. identity_subscription_id - This will be the same as above if using Single_Region
-3. grid_password
-4. oracle_password
-5. root_password
-6. oracle_sys_password
-7. oracle_system_password
-8. oracle_monitor_password
+1. grid_password
+2. oracle_password
+3. root_password
+4. oracle_sys_password
+5. oracle_system_password
+6. oracle_monitor_password
 
 ## Variables which can be updated if you deviated from default
-1. corp_prefix              default: prefix
-2. id_spk_rg_prefix         default: net-id-spk
-3. region1_loc              default: eastus
-4. lz_vnet_name_prefix      default: vnet-lz-spk
-5. lz_spk_rg_prefix         default: net-lz-spk
-6. vm_subnet_name           default: default
+1. vnet_name                default: vnet-lz-spk-eastus2
+2. key_vault_name           default: kv-labiac-eastus2
+3. location                 default: eastus2
 7. admin_username           default: azureadmin
 8. vm_name                  default: oracledev01 
-9. vm_private_ip_addr       default: 10.5.1.15
+9. vm_private_ip_addr       default: 10.1.1.15
 10. oracle_database_name    default: mytestdb
 
 ## Variables which can be updated for different performance tests

AppZone/Hub_Spoke/Single_Region/Oracle_Single/oracle_single.tf

@@ -10,52 +10,56 @@ provider "azurerm" {
     features {} 
 }
 
-provider "azurerm" {
-    features {} 
-    alias = "landingzone"
-    subscription_id = var.landingzone_subscription_id
-}
-provider "azurerm" {
-    features {} 
-    alias = "identity"
-    subscription_id = var.identity_subscription_id
+resource "azurerm_resource_group" "oracle_resource_group" {
+  name     = "oracle-${var.location}-rg"
+  location = var.location
+  tags     = var.tags
 }
 
-data "azurerm_virtual_network" "lz_spk_region1" {
-  provider = azurerm.landingzone
-  name                = "${var.lz_vnet_name_prefix}-${var.region1_loc}"
-  resource_group_name = "${var.lz_spk_rg_prefix}-${var.region1_loc}-rg"
+module "vnet" {
+  source = "../../../../modules/networking/vnet"
+  resource_group_name = azurerm_resource_group.oracle_resource_group.name
+  location            = var.location
+  vnet_name             = var.vnet_name
+  address_space         = var.vnet_address_space
+  default_subnet_prefixes = [var.vnet_default_subnet]
+  dns_servers = var.dns_servers
+  route_table_add=false
 }
 
-data "azurerm_key_vault" "Region1_vault" {
-  provider = azurerm.identity
-  resource_group_name = "${var.id_spk_rg_prefix}-${var.region1_loc}-rg"
-  name = "kv-${var.corp_prefix}-${var.region1_loc}" 
+module "vnet_shared_subnet"{
+  source = "../../../../modules//networking/subnet"
+  resource_group_name = azurerm_resource_group.oracle_resource_group.name
+  vnet_name = module.vnet.vnet_name
+  location = var.location
+  subnet_name = var.shared_subnet_name
+  subnet_prefixes = [var.shared_subnet_addr]
 }
 
-data "azurerm_subnet" "lz_default_subnet_region1" {
-  provider = azurerm.landingzone
-  name                 = "default"
-  resource_group_name  = "${var.lz_spk_rg_prefix}-${var.region1_loc}-rg"
-  virtual_network_name = "${var.lz_vnet_name_prefix}-${var.region1_loc}"
+module "shared_keyvault_dns_zone"{
+  source = "../../../../modules//private_dns/zone"
+  resource_group_name = azurerm_resource_group.oracle_resource_group.name
+  zone_name =  "privatelink.vaultcore.azure.net"
 }
 
-resource "azurerm_resource_group" "oracle_region1" {
-  provider = azurerm.landingzone
-  name     = "oracle-${var.region1_loc}-rg"
-  location = var.region1_loc
-  tags     = var.tags
+module "keyvault" {
+    source  = "../../../../modules/key_vault"
+    resource_group_name = azurerm_resource_group.oracle_resource_group.name
+    location = var.location
+    keyvault_name  = var.key_vault_name
+    shared_subnetid  = module.vnet_shared_subnet.subnet_id
+    keyvault_zone_name = module.shared_keyvault_dns_zone.dns_zone_name
+    keyvault_zone_id = module.shared_keyvault_dns_zone.dns_zone_id
 }
 
 module "oracle_vm" { 
-    providers = {azurerm = azurerm.landingzone}
     source = "../../../../modules/oracle_virtual_machine"
-    resource_group_name = azurerm_resource_group.oracle_region1.name
-    location = var.region1_loc
+    resource_group_name = azurerm_resource_group.oracle_resource_group.name
+    location = var.location
     vm_name = var.vm_name
     vm_private_ip_addr = var.vm_private_ip_addr
     vm_size = var.vm_size
-    subnet_id = data.azurerm_subnet.lz_default_subnet_region1.id
+    subnet_id = module.vnet.default_subnet_id
     vm_admin_username = var.admin_username
     enable_accelerated_networking = var.enable_accelerated_networking
     grid_password = var.grid_password
@@ -70,11 +74,10 @@ module "oracle_vm" {
 }
 
 module "data_disks"{
-    providers = {azurerm = azurerm.landingzone}
     source = "../../../../modules/managed_disk"
-    resource_group_name = azurerm_resource_group.oracle_region1.name
+    resource_group_name = azurerm_resource_group.oracle_resource_group.name
     vm_name = module.oracle_vm.vm_name
-    location = var.region1_loc
+    location = var.location
     storage_account_type = var.storage_account_type
     disk_prefix = var.data_disk_prefix
     disk_size_gb = var.data_disk_size
@@ -87,11 +90,10 @@ module "data_disks"{
 }
 
 module "redo_disks"{
-    providers = {azurerm = azurerm.landingzone}
     source = "../../../../modules/managed_disk"
-    resource_group_name = azurerm_resource_group.oracle_region1.name
+    resource_group_name = azurerm_resource_group.oracle_resource_group.name
     vm_name = module.oracle_vm.vm_name
-    location = var.region1_loc
+    location = var.location
     storage_account_type = var.storage_account_type
     disk_prefix = var.redo_disk_prefix
     disk_size_gb = var.redo_disk_size
@@ -104,11 +106,10 @@ module "redo_disks"{
 }
 
 module "asm_disks"{
-    providers = {azurerm = azurerm.landingzone}
     source = "../../../../modules/managed_disk"
-    resource_group_name = azurerm_resource_group.oracle_region1.name
+    resource_group_name = azurerm_resource_group.oracle_resource_group.name
     vm_name = module.oracle_vm.vm_name
-    location = var.region1_loc
+    location = var.location
     storage_account_type = var.storage_account_type
     disk_prefix = var.asm_disk_prefix
     disk_size_gb = var.asm_disk_size
@@ -121,35 +122,18 @@ module "asm_disks"{
 }
 
 resource "azurerm_key_vault_secret" "ora_key" {
-  provider = azurerm.identity
-  name         = "prikey-oracle-single2"
+  name         = "prikey-oracle"
   value        = module.oracle_vm.tls_private_key 
-  key_vault_id = data.azurerm_key_vault.Region1_vault.id
+  key_vault_id = module.keyvault.vault_id
 }
 
-variable "oracle_config_path" {
-  type = string
-  default = "oracle.pem"
+module "bastion_region1" {
+  source = "../../../../modules/azure_bastion"
+  resource_group_name  = azurerm_resource_group.oracle_resource_group.name
+  location = var.location
+  azurebastion_name = var.azurebastion_name
+  azurebastion_vnet_name = module.vnet.vnet_name
+  azurebastion_addr_prefix = var.bastion_addr_prefix
 }
 
-locals {
-  oracle_config = <<-EOT
-    ${module.oracle_vm.tls_private_key}
-  EOT
-}
-
-resource "local_file" "oracle_key" {
-  filename = var.oracle_config_path
-  content  = local.oracle_config
-  file_permission = "0500"
-}
-
-resource "null_resource" "ansible" {
-  provisioner "local-exec" {
-    command = "ansible-playbook -i '${var.vm_private_ip_addr}', -u '${var.admin_username}' --private-key '${var.oracle_config_path}' ansible/Configure-ASM-server.yml -e gridpass='${var.grid_password}' -e oraclepass='${var.oracle_password}' -e rootpass='${var.root_password}' -e swapsize='${var.swap_size}' -e gridurl='${var.grid_storage_url}' -e syspass='${var.ora_sys_password}' -e systempass='${var.ora_system_password}' -e monitorpass='${var.ora_monitor_password}' -e dbname='${var.oracle_database_name}'"  
-  }
-  depends_on = [
-    module.oracle_vm,module.asm_disks,module.redo_disks,module.data_disks,
-  ]
-}
 

AppZone/Hub_Spoke/Single_Region/Oracle_Single/oracle_single.variables.tf

@@ -1,36 +1,35 @@
-variable "landingzone_subscription_id" {
-    type        = string 
-    description = "Subscription Id for LandingZone subscription"
+variable "vnet_name"{
+    type =string
+    default="vnet-lz-spk-eastus2"
 }
-variable "identity_subscription_id" {
-    type        = string 
-    description = "Subscription Id for Identity subscription"
+variable "key_vault_name" {
+  type=string
+  default="kv-labiac-eastus2"
 }
-variable "corp_prefix" {
-    type        = string 
-    description = "Corp name Prefix"
+variable "location" {
+    type=string
+    default = "eastus2"
 }
-variable "id_spk_rg_prefix" {
+variable "vnet_address_space" {
     type = string
-    default =  "net-id-spk"
+    default =  "10.1.0.0/16"
 }
-
-variable "region1_loc" {
-  default = "eastus2"
+variable "vnet_default_subnet" {
+    type = string
+    default =  "10.1.1.0/24"
 }
-
-variable "lz_vnet_name_prefix" {
-    type        = string 
-    description = "Landingzone vnet name prefix.  Appended with Region"
-    default = "vnet-lz-spk"
+variable "dns_servers" {
+    default = ["168.63.129.16"]
 }
-
-variable "lz_spk_rg_prefix" {
+variable "shared_subnet_name" {
     type = string
-    default =  "net-lz-spk"
+    default = "shared"
 }
 
-# Dev Vm
+variable "shared_subnet_addr" {
+    type = string
+    default = "10.1.2.0/24"
+}
 variable "vm_name" {
     type        = string
     default     = "oracledev01"
@@ -43,14 +42,15 @@ variable "enable_accelerated_networking" {
 variable "vm_private_ip_addr" {
     type        = string 
     description = "Azure vm Host Address"
-    default     = "10.5.1.15"
+    default     = "10.1.1.15"
 }
-#Minumum of 8 GB of ram required.  Make sure VM supports number of disks you need to add
+#Minumum of 8 GB of ram required.  Make sure VM supports number of disks you need to hub_region1_address_space
 variable "vm_size" {
     type        = string 
     description = "Azure vm Host VM SKU"
     default     = "Standard_DS11_v2"
 }
+
 variable "asm_disk_size" {
     type        = string 
     description = "vmhost  data disk Size"
@@ -133,10 +133,17 @@ variable "storage_account_type" {
     description = "vm host storage account type"
     default     = "StandardSSD_LRS"
 }
-variable "vm_subnet_name" {
-    type        = string 
-    default = "default"
+
+variable "azurebastion_name" {
+    type        = string
+    default     = "corp-bastion-svc"
 }
+
+variable "bastion_addr_prefix" {
+    type = string
+    default = "10.1.250.0/24"
+}
+
 variable "admin_username" {
     type        = string 
     description = "Azure Admin Username"

AppZone/Hub_Spoke/Single_Region/Oracle_Single/oracle_template.tfvars

@@ -1,6 +1,3 @@
-landingzone_subscription_id = ""
-identity_subscription_id = ""
-corp_prefix = "corp"
 grid_storage_url = "https://yoursasurl"
 grid_password = ""
 oracle_password = ""