Compare commits
85 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
15f6c5b126 | ||
|
|
4605c4f8be | ||
|
|
c62cb51c2d | ||
|
|
339530f952 | ||
|
|
30c9966d1c | ||
|
|
a24792c279 | ||
|
|
60eaba761e | ||
|
|
538feb10eb | ||
|
|
589c0bc7bb | ||
|
|
b1d0cad7f1 | ||
|
|
4dd7e6a02c | ||
|
|
00c3385aa0 | ||
|
|
6a8f980d05 | ||
|
|
0ed37bbfdc | ||
|
|
38a17a38df | ||
|
|
5a47d57d92 | ||
|
|
73cbeca7c1 | ||
|
|
01c8bfdcee | ||
|
|
15c03dfd4c | ||
|
|
0c7985c188 | ||
|
|
f99af254dd | ||
|
|
05acfb8673 | ||
|
|
19f8da742d | ||
|
|
0df688e641 | ||
|
|
a86a328b88 | ||
|
|
1387c15194 | ||
|
|
2125c15b4e | ||
|
|
7d35ce588e | ||
|
|
40843fd65c | ||
|
|
3042b873e1 | ||
|
|
d2eb231002 | ||
|
|
1902175e0b | ||
|
|
750ed46bc1 | ||
|
|
f18d5129e7 | ||
|
|
d410e5a24f | ||
|
|
8864aa4b79 | ||
|
|
c74fa8f2bd | ||
|
|
2237232cc8 | ||
|
|
98b5f4ff9c | ||
|
|
1e306f9efe | ||
|
|
6b2eaa6d19 | ||
|
|
cb633dda5e | ||
|
|
8728f8b109 | ||
|
|
c0d76a2b1d | ||
|
|
a2c0735f14 | ||
|
|
a1f0414512 | ||
|
|
2d17f418b0 | ||
|
|
e1fb80ff4a | ||
|
|
e062728fae | ||
|
|
3ff07f37b6 | ||
|
|
2484a5c090 | ||
|
|
57bfb366c1 | ||
|
|
4176f45593 | ||
|
|
c4dbff136b | ||
|
|
d56290caa4 | ||
|
|
1fc4c1b57c | ||
|
|
9a2518885d | ||
|
|
28c93c8905 | ||
|
|
84030db306 | ||
|
|
1f87ab4ea2 | ||
|
|
a47a85a528 | ||
|
|
26e0bbaed0 | ||
|
|
a2d9fa3134 | ||
|
|
5f1d8aec59 | ||
|
|
30f6d1de65 | ||
|
|
7ff8a4710d | ||
|
|
b662c7b975 | ||
|
|
91fd8697b6 | ||
|
|
6b3d69f50c | ||
|
|
7112f091a2 | ||
|
|
13ae7eb9b4 | ||
|
|
6796c53c93 | ||
|
|
3716a29365 | ||
|
|
e1b7a5f5c7 | ||
|
|
50df71d2ee | ||
|
|
3c6687a2c6 | ||
|
|
c6e9e4c102 | ||
|
|
4f9322c060 | ||
|
|
0ecfa30952 | ||
|
|
8a83983993 | ||
|
|
80577ffdd9 | ||
|
|
cde377b833 | ||
|
|
a5639963c3 | ||
|
|
947503e2e5 | ||
|
|
26f1175499 |
@@ -5,9 +5,9 @@ resource "azurerm_monitor_diagnostic_setting" "example" {
|
||||
|
||||
log_analytics_workspace_id = var.log_analytics_workspace_id
|
||||
|
||||
log {
|
||||
enabled_log {
|
||||
category = "ApplicationGatewayAccessLog"
|
||||
enabled = true
|
||||
enabled= true
|
||||
|
||||
retention_policy {
|
||||
enabled = true
|
||||
@@ -15,7 +15,7 @@ resource "azurerm_monitor_diagnostic_setting" "example" {
|
||||
}
|
||||
}
|
||||
|
||||
log {
|
||||
enabled_log {
|
||||
category = "ApplicationGatewayFirewallLog"
|
||||
enabled = true
|
||||
|
||||
|
||||
@@ -6,6 +6,11 @@ Param(
|
||||
|
||||
try {
|
||||
Write-Host "Install qmi_qlik-poc_com certificate on Windows"
|
||||
|
||||
$ProgressPreference = 'SilentlyContinue'
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
||||
(New-Object System.Net.WebClient).DownloadFile("https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx", "$PSScriptRoot\wildcard_qmi_qlik-poc_com.pfx")
|
||||
|
||||
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
|
||||
$sslCert = Import-PfxCertificate -FilePath $PSScriptRoot/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
|
||||
$thumb=$($sslCert.Thumbprint)
|
||||
|
||||
Binary file not shown.
@@ -15,12 +15,15 @@ locals {
|
||||
aurora = (var.engine == "aurora-mysql") ? true : (var.engine == "aurora-postgresql") ? true : false
|
||||
vpc_id = (var.region == "eu-west-1") ? var.vpc_id_eu : (var.region == "us-east-1") ? var.vpc_id_us : var.vpc_id_ap
|
||||
subnet_ids = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
|
||||
port = (var.engine == "oracle-se2") ? "1521" : (var.engine == "postgres") ? "5432" : (var.engine == "aurora-postgresql") ? "5432" : (var.engine == "sqlserver-ex") ? "1433" : "3306"
|
||||
|
||||
name = (var.engine == "sqlserver-ex") ? null : (var.engine == "oracle-se2") ? "ora${local.provid5}" : "qmi${var.provision_id}"
|
||||
license = (local.aurora == true) ? "general-public-license" : (var.engine == "mariadb") ? "general-public-license" : (var.engine == "postgres") ? "postgresql-license" : (var.engine == "mysql") ? "general-public-license" : "license-included"
|
||||
engine_version = (var.engine == "oracle-se2") ? "19.0.0.0.ru-2021-04.rur-2021-04.r1" : (var.engine == "postgres") ? "13.3" : (var.engine == "mysql") ? "8.0.25" : (var.engine == "aurora-postgresql") ? "14.5" : (var.engine == "aurora-mysql") ? "5.7.mysql_aurora.2.10.0" : (var.engine == "sqlserver-ex") ? "15.00.4073.23.v1" : "10.5" #mariaDB
|
||||
major_engine_version = (var.engine == "oracle-se2") ? "19" : (var.engine == "postgres") ? "13" : (var.engine == "mysql") ? "8.0" : (var.engine == "aurora-postgresql") ? "12" : (var.engine == "aurora-mysql") ? "5.7" : (var.engine == "sqlserver-ex") ? "15.00" : "10.5" #mariaDB
|
||||
family = (var.engine == "oracle-se2") ? "oracle-se2-19" : (var.engine == "postgres") ? "postgres13" : (var.engine == "mysql") ? "mysql8.0" : (var.engine == "aurora-postgresql") ? "aurora-postgresql12" : (var.engine == "aurora-mysql") ? "aurora-mysql5.7" : (var.engine == "sqlserver-ex") ? "sqlserver-ex-15.0" : "mariadb10.5" #mariaDB
|
||||
|
||||
port = var.port[var.engine]
|
||||
engine_version = var.engine_version[var.engine]
|
||||
major_engine_version = var.major_engine_version[var.engine]
|
||||
family = var.family[var.engine]
|
||||
|
||||
tags = {
|
||||
Deployment = "QMI PoC"
|
||||
"Cost Center" = "3100"
|
||||
|
||||
@@ -38,21 +38,6 @@ variable "engine" {
|
||||
description = "Accepted values are mysql, sqlserver-ex, postgres, oracle-se2, aurora-mysql, aurora-postgresql, mariadb"
|
||||
}
|
||||
|
||||
variable "engine_version" {
|
||||
default = "8.0.25"
|
||||
description = "Not currently used"
|
||||
}
|
||||
|
||||
variable "major_eng" {
|
||||
default = "8.0"
|
||||
description = "Not currently used"
|
||||
}
|
||||
|
||||
variable "family" {
|
||||
default = "mysql8.0"
|
||||
description = "Not currently used"
|
||||
}
|
||||
|
||||
variable "instance_size" {
|
||||
default = "db.t3.large"
|
||||
}
|
||||
@@ -60,3 +45,64 @@ variable "instance_size" {
|
||||
variable "storage" {
|
||||
default = "20"
|
||||
}
|
||||
|
||||
variable "engine_version" {
|
||||
type = map
|
||||
|
||||
default = {
|
||||
"mysql" = "8.0.32"
|
||||
"postgres" = "13.3"
|
||||
"oracle-se2" = "19.0.0.0.ru-2023-04.rur-2023-04.r1"
|
||||
"sqlserver-ex" = "15.00.4236.7.v1"
|
||||
"mariadb" = "10.5"
|
||||
"aurora-mysql" = "8.0.mysql_aurora.3.02.3" #"5.7.mysql_aurora.2.11.2"
|
||||
"aurora-postgresql" = "14.5"
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
variable "major_engine_version" {
|
||||
type = map
|
||||
|
||||
default = {
|
||||
"mysql" = "8.0"
|
||||
"postgres" = "13"
|
||||
"oracle-se2" = "19"
|
||||
"sqlserver-ex" = "15.00"
|
||||
"mariadb" = "10.5"
|
||||
# for script compatibility only
|
||||
"aurora-mysql" = "not_used"
|
||||
"aurora-postgresql" = "not_used"
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
variable "family" {
|
||||
type = map
|
||||
|
||||
default = {
|
||||
"mysql" = "mysql8.0"
|
||||
"postgres" = "postgres13"
|
||||
"oracle-se2" = "oracle-se2-19"
|
||||
"sqlserver-ex" = "sqlserver-ex-15.0"
|
||||
"mariadb" = "mariadb10.5"
|
||||
# for script compatibility only
|
||||
"aurora-mysql" = "not_used"
|
||||
"aurora-postgresql" = "not_used"
|
||||
}
|
||||
}
|
||||
|
||||
variable "port" {
|
||||
type = map
|
||||
|
||||
default = {
|
||||
"mysql" = "3306"
|
||||
"postgres" = "5432"
|
||||
"oracle-se2" = "1521"
|
||||
"sqlserver-ex" = "1433"
|
||||
"mariadb" = "3306"
|
||||
"aurora-mysql" = "3306"
|
||||
"aurora-postgresql" = "5432"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,11 +5,16 @@ terraform {
|
||||
required_providers {
|
||||
databricks = {
|
||||
source = "databricks/databricks"
|
||||
version = ">= 1.6.0"
|
||||
version = ">= 1.13.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
locals {
|
||||
cluster_nameUpper = upper(var.cluster_name)
|
||||
}
|
||||
|
||||
/*resource "databricks_workspace_conf" "this" {
|
||||
|
||||
custom_config = {
|
||||
@@ -88,16 +93,48 @@ resource "databricks_group_member" "i-am-admin-aor" {
|
||||
member_id = databricks_user.aor[0].id
|
||||
}
|
||||
|
||||
resource "databricks_secret_scope" "scopeapp" {
|
||||
|
||||
count = (var.sku == "premium")? 1 : 0
|
||||
|
||||
name = "${var.cluster_name}scope"
|
||||
}
|
||||
resource "databricks_secret" "publishing_api" {
|
||||
|
||||
count = (var.sku == "premium")? 1 : 0
|
||||
|
||||
key = "accesskey"
|
||||
string_value = var.app_reg_secret
|
||||
scope = databricks_secret_scope.scopeapp[0].name
|
||||
}
|
||||
|
||||
resource "databricks_sql_endpoint" "sqlep" {
|
||||
|
||||
count = (var.sku == "premium")? 1 : 0
|
||||
|
||||
name = "qmi-sqlwh-${databricks_user.me.id}"
|
||||
cluster_size = "Small"
|
||||
name = "${local.cluster_nameUpper} SQL warehouse"
|
||||
cluster_size = var.cluster_size
|
||||
max_num_clusters = 1
|
||||
|
||||
}
|
||||
|
||||
resource "databricks_sql_global_config" "this" {
|
||||
|
||||
count = (var.sku == "premium")? 1 : 0
|
||||
|
||||
security_policy = "DATA_ACCESS_CONTROL"
|
||||
data_access_config = {
|
||||
"spark.hadoop.fs.azure.account.auth.type.${var.storage_account_name}.dfs.core.windows.net" : "OAuth",
|
||||
"spark.hadoop.fs.azure.account.oauth.provider.type.${var.storage_account_name}.dfs.core.windows.net": "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider",
|
||||
"spark.hadoop.fs.azure.account.oauth2.client.id.${var.storage_account_name}.dfs.core.windows.net" : var.app_reg_id,
|
||||
"spark.hadoop.fs.azure.account.oauth2.client.secret.${var.storage_account_name}.dfs.core.windows.net" : "{{secrets/${var.cluster_name}scope/accesskey}}",
|
||||
"spark.hadoop.fs.azure.account.oauth2.client.endpoint.${var.storage_account_name}.dfs.core.windows.net": "https://login.microsoftonline.com/c21eeb5f-f5a6-44e8-a997-124f2f7a497c/oauth2/token"
|
||||
}
|
||||
|
||||
enable_serverless_compute = false
|
||||
sql_config_params = {}
|
||||
}
|
||||
|
||||
|
||||
|
||||
resource "databricks_token" "pat" {
|
||||
@@ -122,9 +159,12 @@ resource "databricks_cluster" "dbrickscluster" {
|
||||
"spark.databricks.delta.preview.enabled": true,
|
||||
"spark.databricks.repl.allowedLanguages": "sql,python,r",
|
||||
"spark.databricks.cluster.profile": "serverless",
|
||||
"fs.azure.account.key.${var.storage_account_name}.dfs.core.windows.net": var.storage_account_accesskey
|
||||
"fs.azure.account.key.${var.storage_account_name}.dfs.core.windows.net": var.storage_account_accesskey,
|
||||
"spark.databricks.delta.properties.defaults.autoOptimize.autoCompact": true,
|
||||
"spark.databricks.delta.properties.defaults.autoOptimize.optimizeWrite": true
|
||||
}
|
||||
|
||||
|
||||
spark_env_vars = {
|
||||
"PYSPARK_PYTHON": "/databricks/python3/bin/python3"
|
||||
}
|
||||
@@ -134,5 +174,5 @@ resource "databricks_cluster" "dbrickscluster" {
|
||||
max_workers = 4
|
||||
}
|
||||
|
||||
autotermination_minutes = 120
|
||||
autotermination_minutes = 45
|
||||
}
|
||||
@@ -24,4 +24,16 @@ variable "node_type_id" {
|
||||
|
||||
variable "sku" {
|
||||
default = "standard"
|
||||
}
|
||||
|
||||
variable "app_reg_id" {
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "app_reg_secret" {
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "cluster_size" {
|
||||
default = "Small"
|
||||
}
|
||||
@@ -3,6 +3,9 @@
|
||||
|
||||
BASEDIR=$(dirname "$0")
|
||||
|
||||
mkdir -p $BASEDIR/qmicerts
|
||||
wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx
|
||||
|
||||
PASSWORD=$1
|
||||
# Extract the private key
|
||||
openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -nocerts -nodes -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.key -passin pass:$PASSWORD
|
||||
|
||||
Binary file not shown.
9
linux-common/centos/common/save-cert.sh
Normal file
9
linux-common/centos/common/save-cert.sh
Normal file
@@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
BASEDIR=$(dirname "$0")
|
||||
|
||||
echo $1 > $BASEDIR/qmicerts/myserver.crt
|
||||
|
||||
echo $2 > $BASEDIR/qmicerts/myserver.key
|
||||
|
||||
|
||||
2
linux-common/centos/common/update.sh
Normal file
2
linux-common/centos/common/update.sh
Normal file
@@ -0,0 +1,2 @@
|
||||
echo 'Updating OS. This will take a around 10 minutes'
|
||||
yum -y --quiet update
|
||||
@@ -13,15 +13,22 @@ data "azurerm_key_vault_secret" "cert_password" {
|
||||
key_vault_id = var.key_vault_id
|
||||
}
|
||||
|
||||
#data "azurerm_key_vault_certificate_data" "cert-data" {
|
||||
# name = "star-qmi-qlikpoc-com-cert"
|
||||
# key_vault_id = var.key_vault_id
|
||||
#}
|
||||
|
||||
|
||||
locals {
|
||||
falcon_id = nonsensitive(data.azurerm_key_vault_secret.cid.value)
|
||||
tenable_key = nonsensitive(data.azurerm_key_vault_secret.tenable-key.value)
|
||||
cert_password = nonsensitive(data.azurerm_key_vault_secret.cert_password.value)
|
||||
}
|
||||
#cert_pem = nonsensitive(data.azurerm_key_vault_certificate_data.cert-data.pem)
|
||||
#cert_key = nonsensitive(data.azurerm_key_vault_certificate_data.cert-data.key)
|
||||
}
|
||||
|
||||
resource "null_resource" "post-linux-vm" {
|
||||
|
||||
provisioner "file" {
|
||||
resource "null_resource" "files" {
|
||||
provisioner "file" {
|
||||
connection {
|
||||
type = "ssh"
|
||||
host = var.private_ip_address
|
||||
@@ -33,6 +40,13 @@ resource "null_resource" "post-linux-vm" {
|
||||
source = "${path.module}/${var.os_type}/common"
|
||||
destination = "/home/${var.admin_username}"
|
||||
}
|
||||
}
|
||||
|
||||
resource "null_resource" "post-linux-vm" {
|
||||
|
||||
depends_on = [
|
||||
null_resource.files
|
||||
]
|
||||
|
||||
provisioner "remote-exec" {
|
||||
connection {
|
||||
@@ -50,6 +64,34 @@ resource "null_resource" "post-linux-vm" {
|
||||
"sudo /home/${var.admin_username}/common/resizedisk.sh",
|
||||
"sudo /home/${var.admin_username}/common/tenable.sh '${local.tenable_key}'",
|
||||
"sudo /home/${var.admin_username}/common/extract-certs.sh '${local.cert_password}'",
|
||||
#"sudo /home/${var.admin_username}/common/save-cert.sh '${local.cert_pem}' '${local.cert_key}'",
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "null_resource" "update" {
|
||||
|
||||
count = var.update? 1 : 0
|
||||
|
||||
depends_on = [
|
||||
null_resource.files,
|
||||
null_resource.post-linux-vm
|
||||
]
|
||||
|
||||
provisioner "remote-exec" {
|
||||
connection {
|
||||
type = "ssh"
|
||||
host = var.private_ip_address
|
||||
user = var.admin_username
|
||||
password = var.admin_password
|
||||
timeout = "60s"
|
||||
#private_key = "${file("~/.ssh/id_rsa")}"
|
||||
}
|
||||
|
||||
inline = [
|
||||
"echo ${var.admin_password} | sudo -S chmod u+x /home/${var.admin_username}/common/*.sh",
|
||||
"sudo /home/${var.admin_username}/common/update.sh",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -3,6 +3,9 @@
|
||||
|
||||
BASEDIR=$(dirname "$0")
|
||||
|
||||
mkdir -p $BASEDIR/qmicerts
|
||||
wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx
|
||||
|
||||
PASSWORD=$1
|
||||
# Extract the private key
|
||||
openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -nocerts -nodes -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.key -passin pass:$PASSWORD
|
||||
|
||||
@@ -9,7 +9,7 @@ binary="falcon-sensor_5.17.0-8103_amd64.deb"
|
||||
echo "--- Installing CrowdStrike falcon agent --> $binary"
|
||||
echo "CID=$1"
|
||||
|
||||
sudo apt -qq -y update
|
||||
#sudo apt -qq -y update
|
||||
sudo apt install libnl-3-200 libnl-genl-3-200 -qq -y
|
||||
|
||||
wget --quiet https://d7ipctdjxxii4.cloudfront.net/others/$binary -O $BASEDIR/$binary
|
||||
|
||||
Binary file not shown.
3
linux-common/ubuntu/common/update.sh
Normal file
3
linux-common/ubuntu/common/update.sh
Normal file
@@ -0,0 +1,3 @@
|
||||
echo 'Updating OS. This will take a around 10 minutes'
|
||||
apt -qq -y update
|
||||
apt --fix-broken -qq -y upgrade
|
||||
@@ -16,3 +16,8 @@ variable "key_vault_id" {
|
||||
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.KeyVault/vaults/qmisecrets"
|
||||
}
|
||||
|
||||
variable "update" {
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
|
||||
@@ -71,7 +71,7 @@
|
||||
address_prefix = "10.0.2.0/24"
|
||||
}*/
|
||||
|
||||
resource "azurerm_public_ip" "publicip" {
|
||||
/*resource "azurerm_public_ip" "publicip" {
|
||||
|
||||
count = var.isExternal? 1 : 0
|
||||
|
||||
@@ -80,7 +80,7 @@ resource "azurerm_public_ip" "publicip" {
|
||||
location = var.location
|
||||
allocation_method = "Dynamic"
|
||||
domain_name_label = lower(var.prefix)
|
||||
}
|
||||
}*/
|
||||
|
||||
resource "azurerm_network_interface" "nic" {
|
||||
name = "${var.prefix}-nic"
|
||||
@@ -92,7 +92,6 @@ resource "azurerm_network_interface" "nic" {
|
||||
name = "${var.prefix}-ip-cfg"
|
||||
subnet_id = var.subnet_id
|
||||
private_ip_address_allocation = "Dynamic"
|
||||
public_ip_address_id = var.isExternal? azurerm_public_ip.publicip[0].id : null
|
||||
}
|
||||
|
||||
tags = {
|
||||
|
||||
@@ -8,12 +8,4 @@ output "private_ip_address" {
|
||||
|
||||
output "ip_configuration_name" {
|
||||
value = "${var.prefix}-ip-cfg"
|
||||
}
|
||||
|
||||
output "public_ip_address" {
|
||||
value = var.isExternal? azurerm_public_ip.publicip[0].ip_address : null
|
||||
}
|
||||
|
||||
output "fqdn" {
|
||||
value = var.isExternal? azurerm_public_ip.publicip[0].fqdn : null
|
||||
}
|
||||
BIN
qmicerts/wildcard_qmi_qlik-poc_com.pfx
Normal file
BIN
qmicerts/wildcard_qmi_qlik-poc_com.pfx
Normal file
Binary file not shown.
@@ -7,6 +7,11 @@ Param(
|
||||
try {
|
||||
|
||||
Write-Host "Install qmi_qlik-poc_com certificate on Windows"
|
||||
|
||||
$ProgressPreference = 'SilentlyContinue'
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
||||
(New-Object System.Net.WebClient).DownloadFile("https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx", "$PSScriptRoot\wildcard_qmi_qlik-poc_com.pfx")
|
||||
|
||||
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
|
||||
$sslCert = Import-PfxCertificate -FilePath $PSScriptRoot/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
|
||||
$thumb=$($sslCert.Thumbprint)
|
||||
|
||||
Binary file not shown.
@@ -24,12 +24,4 @@ output "nic_private_ip_address" {
|
||||
|
||||
output "nic_ip_configuration_name" {
|
||||
value = module.qmi-nic.ip_configuration_name
|
||||
}
|
||||
|
||||
output "nic_fqdn" {
|
||||
value = var.isExternal? module.qmi-nic.fqdn : null
|
||||
}
|
||||
|
||||
output "nic_public_ip_address" {
|
||||
value = var.isExternal? module.qmi-nic.public_ip_address : null
|
||||
}
|
||||
@@ -1,86 +0,0 @@
|
||||
resource "random_id" "randomMachineId" {
|
||||
keepers = {
|
||||
# Generate a new ID only when a new resource group is defined
|
||||
resource_group = var.resource_group_name
|
||||
}
|
||||
|
||||
byte_length = 3
|
||||
}
|
||||
|
||||
resource "random_password" "password" {
|
||||
length = 16
|
||||
special = false
|
||||
override_special = "_"
|
||||
upper = true
|
||||
lower = true
|
||||
min_lower = 2
|
||||
min_upper = 2
|
||||
min_special = 0
|
||||
min_numeric = 2
|
||||
}
|
||||
|
||||
locals {
|
||||
virtual_machine_name = "${var.prefix}-${random_id.randomMachineId.hex}"
|
||||
admin_username = var.admin_username
|
||||
admin_password = random_password.password.result
|
||||
}
|
||||
|
||||
module "qmi-nic" {
|
||||
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
|
||||
|
||||
prefix = local.virtual_machine_name
|
||||
location = var.location
|
||||
subnet_id = var.subnet_id
|
||||
|
||||
resource_group_name = var.resource_group_name
|
||||
user_id = var.user_id
|
||||
|
||||
}
|
||||
|
||||
resource "azurerm_virtual_machine" "vm" {
|
||||
name = local.virtual_machine_name
|
||||
location = var.location
|
||||
resource_group_name = var.resource_group_name
|
||||
network_interface_ids = [module.qmi-nic.id]
|
||||
vm_size = var.vm_type
|
||||
|
||||
delete_os_disk_on_termination = true
|
||||
delete_data_disks_on_termination = true
|
||||
|
||||
storage_image_reference {
|
||||
# this is the Oracle linux image I found.
|
||||
# az vm image list --all --publisher Oracle -o table
|
||||
publisher = "Oracle"
|
||||
offer = "Oracle-Linux"
|
||||
sku = "77"
|
||||
version = "latest"
|
||||
}
|
||||
|
||||
storage_os_disk {
|
||||
name = "${local.virtual_machine_name}-osdisk"
|
||||
caching = "ReadWrite"
|
||||
create_option = "FromImage"
|
||||
managed_disk_type = var.managed_disk_type
|
||||
disk_size_gb = var.disk_size_gb
|
||||
}
|
||||
|
||||
os_profile_linux_config {
|
||||
disable_password_authentication = false
|
||||
}
|
||||
|
||||
os_profile {
|
||||
computer_name = local.virtual_machine_name
|
||||
admin_username = local.admin_username
|
||||
admin_password = local.admin_password
|
||||
}
|
||||
|
||||
tags = {
|
||||
Deployment = "QMI PoC"
|
||||
"Cost Center" = "3100"
|
||||
"ProvId" = var.provId != null? var.provId : null
|
||||
"QMI_user" = var.user_id != null? var.user_id : null
|
||||
"24x7" = var.is_24x7 == true? "" : null
|
||||
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
|
||||
"StartupTime": var.is_24x7 == false? var.startupTime : null
|
||||
}
|
||||
}
|
||||
@@ -1,27 +0,0 @@
|
||||
output "virtual_machine_id" {
|
||||
value = azurerm_virtual_machine.vm.id
|
||||
}
|
||||
|
||||
output "virtual_machine_name" {
|
||||
value = "${var.prefix}-${random_id.randomMachineId.hex}"
|
||||
}
|
||||
|
||||
output "admin_username" {
|
||||
value = var.admin_username
|
||||
}
|
||||
|
||||
output "admin_password" {
|
||||
value = random_password.password.result
|
||||
}
|
||||
|
||||
output "nic_id" {
|
||||
value = module.qmi-nic.id
|
||||
}
|
||||
|
||||
output "nic_private_ip_address" {
|
||||
value = module.qmi-nic.private_ip_address
|
||||
}
|
||||
|
||||
output "nic_ip_configuration_name" {
|
||||
value = module.qmi-nic.ip_configuration_name
|
||||
}
|
||||
@@ -1,56 +0,0 @@
|
||||
variable "subnet_id" {
|
||||
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-VM-Deployments"
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "The Prefix used for all resources in this example"
|
||||
default = "QMI-ORACLELINUX"
|
||||
}
|
||||
|
||||
variable "location" {
|
||||
default = "East US"
|
||||
}
|
||||
|
||||
variable "resource_group_name" {
|
||||
}
|
||||
|
||||
variable "vm_type" {
|
||||
default = "Standard_DS3_v2"
|
||||
}
|
||||
|
||||
variable "managed_disk_type" {
|
||||
default = "Premium_LRS"
|
||||
}
|
||||
|
||||
variable "disk_size_gb" {
|
||||
default = "128"
|
||||
}
|
||||
|
||||
variable "admin_username" {
|
||||
default = "qmi"
|
||||
}
|
||||
|
||||
variable "user_id" {
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "provId" {
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "is_24x7"{
|
||||
type = bool
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "shutdownTime"{
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "startupTime"{
|
||||
default = null
|
||||
}
|
||||
|
||||
# variable "subnet_id" {
|
||||
# default = "/subscriptions/1f3d4c1d-6509-4c52-8dee-c15fb83f2920/resourceGroups/lkn-rg/providers/Microsoft.Network/virtualNetworks/lkn-vn/subnets/default"
|
||||
# }
|
||||
@@ -37,47 +37,37 @@ module "qmi-nic" {
|
||||
|
||||
}
|
||||
|
||||
resource "azurerm_virtual_machine" "vm" {
|
||||
name = local.virtual_machine_name
|
||||
location = var.location
|
||||
resource_group_name = var.resource_group_name
|
||||
network_interface_ids = [module.qmi-nic.id]
|
||||
vm_size = var.vm_type
|
||||
resource "azurerm_linux_virtual_machine" "vm" {
|
||||
name = local.virtual_machine_name
|
||||
resource_group_name = var.resource_group_name
|
||||
location = var.location
|
||||
size = var.vm_type
|
||||
admin_username = local.admin_username
|
||||
admin_password = local.admin_password
|
||||
disable_password_authentication = false
|
||||
|
||||
network_interface_ids = [
|
||||
module.qmi-nic.id,
|
||||
]
|
||||
|
||||
delete_os_disk_on_termination = true
|
||||
delete_data_disks_on_termination = true
|
||||
os_disk {
|
||||
name = "${local.virtual_machine_name}-osdisk"
|
||||
caching = "ReadWrite"
|
||||
storage_account_type = var.managed_disk_type
|
||||
disk_size_gb = var.disk_size_gb
|
||||
}
|
||||
|
||||
identity {
|
||||
type = "SystemAssigned"
|
||||
}
|
||||
|
||||
storage_image_reference {
|
||||
# this is the Oracle linux image I found.
|
||||
# az vm image list --all --publisher Oracle -o table
|
||||
source_image_reference {
|
||||
publisher = "Oracle"
|
||||
offer = "Oracle-Linux"
|
||||
sku = "81"
|
||||
version = "latest"
|
||||
}
|
||||
|
||||
storage_os_disk {
|
||||
name = "${local.virtual_machine_name}-osdisk"
|
||||
caching = "ReadWrite"
|
||||
create_option = "FromImage"
|
||||
managed_disk_type = var.managed_disk_type
|
||||
disk_size_gb = var.disk_size_gb
|
||||
}
|
||||
|
||||
os_profile_linux_config {
|
||||
disable_password_authentication = false
|
||||
}
|
||||
|
||||
os_profile {
|
||||
computer_name = local.virtual_machine_name
|
||||
admin_username = local.admin_username
|
||||
admin_password = local.admin_password
|
||||
}
|
||||
|
||||
tags = {
|
||||
Deployment = "QMI PoC"
|
||||
"Cost Center" = "3100"
|
||||
@@ -94,7 +84,7 @@ module "linux-common" {
|
||||
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//linux-common"
|
||||
|
||||
depends_on = [
|
||||
azurerm_virtual_machine.vm
|
||||
azurerm_linux_virtual_machine.vm
|
||||
]
|
||||
|
||||
os_type = "centos"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
output "virtual_machine_id" {
|
||||
value = azurerm_virtual_machine.vm.id
|
||||
value = azurerm_linux_virtual_machine.vm.id
|
||||
}
|
||||
|
||||
output "virtual_machine_name" {
|
||||
@@ -27,5 +27,5 @@ output "nic_ip_configuration_name" {
|
||||
}
|
||||
|
||||
output "principal_id" {
|
||||
value = azurerm_virtual_machine.vm.identity.0.principal_id
|
||||
value = azurerm_linux_virtual_machine.vm.identity.0.principal_id
|
||||
}
|
||||
@@ -123,5 +123,6 @@ module "linux-common" {
|
||||
private_ip_address = module.qmi-nic.private_ip_address
|
||||
admin_username = local.admin_username
|
||||
admin_password = local.admin_password
|
||||
update = false
|
||||
|
||||
}
|
||||
@@ -38,12 +38,4 @@ output "mysql_demo_password" {
|
||||
value = "Qlik1234!"
|
||||
}
|
||||
|
||||
output "nic_fqdn" {
|
||||
value = var.isExternal? module.qmi-nic.fqdn : null
|
||||
}
|
||||
|
||||
output "nic_public_ip_address" {
|
||||
value = var.isExternal? module.qmi-nic.public_ip_address : null
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -13,6 +13,7 @@ if [[ $2 == *"4.9.0"* ]]; then
|
||||
sudo cp /home/qmi/scripts/feb2022/tomcat.service /etc/systemd/system/
|
||||
fi
|
||||
|
||||
wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O /home/qmi/scripts/wildcard_qmi_qlik-poc_com.pfx
|
||||
sudo cp /home/qmi/scripts/wildcard_qmi_qlik-poc_com.pfx /usr/local/qdc
|
||||
|
||||
if [[ $2 == *"4.13.0"* ]]; then
|
||||
|
||||
@@ -7,6 +7,9 @@ TOMCAT_HOME=$BASE/$TOMCAT
|
||||
BASEDIR=$(dirname "$0")
|
||||
|
||||
echo "Replacing server.xml for Tomcat - Stopping Tomcat"
|
||||
wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O /home/qmi/scripts/wildcard_qmi_qlik-poc_com.pfx
|
||||
sudo cp /home/qmi/scripts/wildcard_qmi_qlik-poc_com.pfx /usr/local/qdc
|
||||
|
||||
sudo cp /home/qmi/scripts/wildcard_qmi_qlik-poc_com.pfx /usr/local/qdc
|
||||
sudo systemctl stop tomcat.service
|
||||
mv $TOMCAT_HOME/conf/server.xml $TOMCAT_HOME/conf/server.xml_backup
|
||||
|
||||
@@ -99,7 +99,7 @@
|
||||
clientAuth="false" sslProtocol="TLS"
|
||||
keystoreFile="/usr/local/qdc/wildcard_qmi_qlik-poc_com.pfx"
|
||||
keystoreType="PKCS12"
|
||||
keystorePass="QJ]5M$>m,X)t=_:BNNt:mwFks7NqocSMbR@/zA" />
|
||||
keystorePass="8@afBR2AwKMb@4Rj" />
|
||||
|
||||
<!--
|
||||
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
|
||||
|
||||
Binary file not shown.
@@ -117,6 +117,11 @@ While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials
|
||||
|
||||
### Install qlik-poc_com certificate
|
||||
Write-Log -Message "Install 'qmi.qlik-poc.com' certificate, set thumbsprint and whitelist domain in QS central virtual proxy"
|
||||
|
||||
$ProgressPreference = 'SilentlyContinue'
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
||||
(New-Object System.Net.WebClient).DownloadFile("https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx", "C:\provision\wildcard_qmi_qlik-poc_com.pfx")
|
||||
|
||||
try {
|
||||
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
|
||||
$sslCert=Import-PfxCertificate -FilePath C:/provision/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
|
||||
|
||||
Binary file not shown.
@@ -13,6 +13,8 @@ resource "random_password" "password" {
|
||||
override_special = "_!@"
|
||||
upper = true
|
||||
lower = true
|
||||
numeric = true
|
||||
min_numeric = 2
|
||||
min_lower = 2
|
||||
min_upper = 2
|
||||
min_special = 2
|
||||
@@ -24,6 +26,8 @@ resource "random_password" "qlikpassword" {
|
||||
override_special = "_!@"
|
||||
upper = true
|
||||
lower = true
|
||||
numeric = true
|
||||
min_numeric = 2
|
||||
min_lower = 2
|
||||
min_upper = 2
|
||||
min_special = 2
|
||||
@@ -86,37 +90,6 @@ resource "azurerm_windows_virtual_machine" "vm" {
|
||||
|
||||
source_image_id = var.image_reference
|
||||
|
||||
|
||||
provisioner "file" {
|
||||
connection {
|
||||
type = "winrm"
|
||||
host = module.qmi-nic.private_ip_address
|
||||
user = local.admin_username
|
||||
password = local.admin_password
|
||||
port = 5985
|
||||
https = false
|
||||
timeout = "10m"
|
||||
}
|
||||
source = "${path.module}/scripts"
|
||||
destination = "C:/provision"
|
||||
}
|
||||
|
||||
/*provisioner "remote-exec" {
|
||||
connection {
|
||||
type = "winrm"
|
||||
host = module.qmi-nic.private_ip_address
|
||||
user = local.admin_username
|
||||
password = local.admin_password
|
||||
port = 5985
|
||||
https = false
|
||||
timeout = "10m"
|
||||
}
|
||||
|
||||
inline = [
|
||||
"powershell.exe -File C:/provision/prep-files.ps1"
|
||||
]
|
||||
}*/
|
||||
|
||||
tags = {
|
||||
Deployment = "QMI PoC"
|
||||
"Cost Center" = "3100"
|
||||
@@ -129,13 +102,42 @@ resource "azurerm_windows_virtual_machine" "vm" {
|
||||
}
|
||||
|
||||
|
||||
/*resource "azurerm_virtual_machine_extension" "prepfiles" {
|
||||
depends_on = [
|
||||
azurerm_windows_virtual_machine.vm
|
||||
]
|
||||
|
||||
name = "vm-extension-prepfiles"
|
||||
virtual_machine_id = azurerm_windows_virtual_machine.vm.id
|
||||
|
||||
publisher = "Microsoft.Compute"
|
||||
type = "CustomScriptExtension"
|
||||
type_handler_version = "1.10"
|
||||
auto_upgrade_minor_version = true
|
||||
|
||||
settings = <<SETTINGS
|
||||
{
|
||||
"fileUris": [
|
||||
"https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/vm-qs/main/prep-files.ps1"
|
||||
],
|
||||
"commandToExecute": "start powershell.exe -NoProfile -ExecutionPolicy unrestricted -File prep-files.ps1"
|
||||
}
|
||||
SETTINGS
|
||||
}*/
|
||||
|
||||
|
||||
resource "null_resource" "vm-qs-post" {
|
||||
|
||||
depends_on = [
|
||||
azurerm_windows_virtual_machine.vm
|
||||
]
|
||||
|
||||
/*provisioner "local-exec" {
|
||||
command = "echo 'Waiting 20 seconds for PrepFiles to finish'; sleep 20;"
|
||||
}*/
|
||||
|
||||
provisioner "remote-exec" {
|
||||
|
||||
connection {
|
||||
type = "winrm"
|
||||
host = module.qmi-nic.private_ip_address
|
||||
@@ -147,24 +149,10 @@ resource "null_resource" "vm-qs-post" {
|
||||
}
|
||||
|
||||
inline = [
|
||||
"powershell.exe -File C:/provision/bootstrap-qs.ps1 -ModuleName vm-qs"
|
||||
]
|
||||
}
|
||||
|
||||
provisioner "remote-exec" {
|
||||
connection {
|
||||
type = "winrm"
|
||||
host = module.qmi-nic.private_ip_address
|
||||
user = local.admin_username
|
||||
password = local.admin_password
|
||||
port = 5985
|
||||
https = false
|
||||
timeout = "10m"
|
||||
}
|
||||
|
||||
inline = [
|
||||
"powershell.exe -File C:/provision/qs-post-cfg.ps1 -Hostname ${var.resource_group_name}.qmi.qlik-poc.com -Serial ${local.serial} -Control ${local.control} -CertPwd \"${local.cert_password}\" -QlikUserPwd ${local.qlikpassword}",
|
||||
"powershell.exe -File C:/provision/q-WebConnectors.ps1",
|
||||
"powershell -NoProfile -File C:\\Temp\\prep-files.ps1 -scenario vm-qs",
|
||||
"powershell -NoProfile -File C:\\provision\\bootstrap-qs.ps1 -ModuleName vm-qs",
|
||||
"powershell -NoProfile -File C:\\provision\\qs-post-cfg.ps1 -Hostname ${var.resource_group_name}.qmi.qlik-poc.com -Serial ${local.serial} -Control ${local.control} -CertPwd \"${local.cert_password}\" -QlikUserPwd ${local.qlikpassword}",
|
||||
"powershell -NoProfile -File C:\\provision\\q-WebConnectors.ps1",
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
@@ -26,14 +26,6 @@ output "nic_private_ip_address" {
|
||||
value = module.qmi-nic.private_ip_address
|
||||
}
|
||||
|
||||
output "nic_fqdn" {
|
||||
value = var.isExternal? module.qmi-nic.fqdn : null
|
||||
}
|
||||
|
||||
output "nic_public_ip_address" {
|
||||
value = var.isExternal? module.qmi-nic.public_ip_address : null
|
||||
}
|
||||
|
||||
output "nic_ip_configuration_name" {
|
||||
value = module.qmi-nic.ip_configuration_name
|
||||
}
|
||||
@@ -243,6 +243,13 @@ restartQse
|
||||
|
||||
### Install qlik-poc_com certificate
|
||||
Write-Log -Message "Install qmi_qlik-poc_com certificate on Windows"
|
||||
|
||||
$ProgressPreference = 'SilentlyContinue'
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
||||
(New-Object System.Net.WebClient).DownloadFile("https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx", "C:\provision\wildcard_qmi_qlik-poc_com.pfx")
|
||||
|
||||
write-log -Message "Cert password is: $CertPwd"
|
||||
|
||||
try {
|
||||
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
|
||||
$sslCert=Import-PfxCertificate -FilePath C:/provision/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
|
||||
|
||||
Binary file not shown.
@@ -62,19 +62,41 @@ resource "azurerm_windows_virtual_machine" "vm" {
|
||||
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
|
||||
"StartupTime": var.is_24x7 == false? var.startupTime : null
|
||||
}
|
||||
}
|
||||
|
||||
provisioner "file" {
|
||||
connection {
|
||||
type = "winrm"
|
||||
host = module.qmi-nic.private_ip_address
|
||||
user = local.admin_username
|
||||
password = local.admin_password
|
||||
port = 5985
|
||||
https = false
|
||||
timeout = "3m"
|
||||
|
||||
resource "azurerm_virtual_machine_extension" "prepfiles" {
|
||||
depends_on = [
|
||||
azurerm_windows_virtual_machine.vm
|
||||
]
|
||||
|
||||
name = "vm-extension-prepfiles"
|
||||
virtual_machine_id = azurerm_windows_virtual_machine.vm.id
|
||||
|
||||
publisher = "Microsoft.Compute"
|
||||
type = "CustomScriptExtension"
|
||||
type_handler_version = "1.10"
|
||||
auto_upgrade_minor_version = true
|
||||
|
||||
settings = <<SETTINGS
|
||||
{
|
||||
"fileUris": [
|
||||
"https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/vm-win/main/prep-files.ps1"
|
||||
],
|
||||
"commandToExecute": "start powershell.exe -ExecutionPolicy unrestricted -File prep-files.ps1"
|
||||
}
|
||||
source = "${path.module}/main"
|
||||
destination = "C:/provision"
|
||||
SETTINGS
|
||||
}
|
||||
|
||||
resource "null_resource" "vm-post" {
|
||||
|
||||
depends_on = [
|
||||
azurerm_windows_virtual_machine.vm,
|
||||
azurerm_virtual_machine_extension.prepfiles
|
||||
]
|
||||
|
||||
provisioner "local-exec" {
|
||||
command = "echo 'Waiting 20 seconds for PrepFiles to finish'; sleep 20;"
|
||||
}
|
||||
|
||||
provisioner "remote-exec" {
|
||||
@@ -89,7 +111,6 @@ resource "azurerm_windows_virtual_machine" "vm" {
|
||||
}
|
||||
|
||||
inline = [
|
||||
"powershell.exe -File C:/provision/prep-files.ps1",
|
||||
"powershell.exe -File C:/provision/bootstrap.ps1"
|
||||
]
|
||||
}
|
||||
@@ -109,6 +130,7 @@ resource "azurerm_windows_virtual_machine" "vm" {
|
||||
"powershell.exe -File C:/provision/q-user-setup.ps1"
|
||||
]
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -117,7 +139,7 @@ module "win-common" {
|
||||
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//win-common"
|
||||
|
||||
depends_on = [
|
||||
azurerm_windows_virtual_machine.vm
|
||||
null_resource.vm-post
|
||||
]
|
||||
|
||||
private_ip_address = module.qmi-nic.private_ip_address
|
||||
|
||||
111
vm-win2/main.tf
111
vm-win2/main.tf
@@ -35,6 +35,51 @@ module "qmi-nic" {
|
||||
user_id = var.user_id
|
||||
}
|
||||
|
||||
resource "azurerm_windows_virtual_machine" "vm" {
|
||||
name = local.virtual_machine_name
|
||||
resource_group_name = var.resource_group_name
|
||||
location = var.location
|
||||
size = var.vm_type
|
||||
admin_username = local.admin_username
|
||||
admin_password = local.admin_password
|
||||
network_interface_ids = [ module.qmi-nic.id ]
|
||||
|
||||
os_disk {
|
||||
name = "${local.virtual_machine_name}-osdisk"
|
||||
caching = "ReadWrite"
|
||||
storage_account_type = var.managed_disk_type
|
||||
disk_size_gb = var.disk_size_gb
|
||||
}
|
||||
|
||||
source_image_id = var.image_reference
|
||||
|
||||
tags = {
|
||||
"Deployment" = "QMI PoC"
|
||||
"Cost Center" = "3100"
|
||||
"ProvId" = var.provId != null? var.provId : null
|
||||
"QMI_user" = var.user_id != null? var.user_id : null
|
||||
"24x7" = var.is_24x7 == true? "" : null
|
||||
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
|
||||
"StartupTime": var.is_24x7 == false? var.startupTime : null
|
||||
}
|
||||
|
||||
provisioner "file" {
|
||||
connection {
|
||||
type = "winrm"
|
||||
host = module.qmi-nic.private_ip_address
|
||||
user = local.admin_username
|
||||
password = local.admin_password
|
||||
port = 5985
|
||||
https = false
|
||||
timeout = "30m"
|
||||
}
|
||||
source = "${path.module}/main"
|
||||
destination = "C:/tmp/provision"
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
resource "azurerm_windows_virtual_machine" "vm" {
|
||||
name = local.virtual_machine_name
|
||||
resource_group_name = var.resource_group_name
|
||||
@@ -83,19 +128,40 @@ resource "azurerm_windows_virtual_machine" "vm" {
|
||||
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
|
||||
"StartupTime": var.is_24x7 == false? var.startupTime : null
|
||||
}
|
||||
}
|
||||
|
||||
provisioner "file" {
|
||||
connection {
|
||||
type = "winrm"
|
||||
host = module.qmi-nic.private_ip_address
|
||||
user = local.admin_username
|
||||
password = local.admin_password
|
||||
port = 5985
|
||||
https = false
|
||||
timeout = "3m"
|
||||
resource "azurerm_virtual_machine_extension" "prepfiles" {
|
||||
depends_on = [
|
||||
azurerm_windows_virtual_machine.vm
|
||||
]
|
||||
|
||||
name = "vm-extension-prepfiles"
|
||||
virtual_machine_id = azurerm_windows_virtual_machine.vm.id
|
||||
|
||||
publisher = "Microsoft.Compute"
|
||||
type = "CustomScriptExtension"
|
||||
type_handler_version = "1.10"
|
||||
auto_upgrade_minor_version = true
|
||||
|
||||
settings = <<SETTINGS
|
||||
{
|
||||
"fileUris": [
|
||||
"https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/vm-win/main/prep-files.ps1"
|
||||
],
|
||||
"commandToExecute": "start powershell.exe -NoProfile -ExecutionPolicy unrestricted -File prep-files.ps1"
|
||||
}
|
||||
source = "${path.module}/main"
|
||||
destination = "C:/provision"
|
||||
SETTINGS
|
||||
}
|
||||
*/
|
||||
|
||||
resource "null_resource" "vm-post" {
|
||||
|
||||
depends_on = [
|
||||
azurerm_windows_virtual_machine.vm
|
||||
]
|
||||
|
||||
provisioner "local-exec" {
|
||||
command = "echo 'Waiting 20 seconds for PrepFiles to finish'; sleep 20;"
|
||||
}
|
||||
|
||||
provisioner "remote-exec" {
|
||||
@@ -106,12 +172,12 @@ resource "azurerm_windows_virtual_machine" "vm" {
|
||||
password = local.admin_password
|
||||
port = 5985
|
||||
https = false
|
||||
timeout = "3m"
|
||||
timeout = "30m"
|
||||
}
|
||||
|
||||
inline = [
|
||||
"powershell.exe -File C:/provision/prep-files.ps1",
|
||||
"powershell.exe -File C:/provision/bootstrap.ps1"
|
||||
"powershell.exe -NoProfile -File C:/tmp/provision/prep-files.ps1",
|
||||
"powershell.exe -NoProfile -File C:/provision/bootstrap.ps1"
|
||||
]
|
||||
}
|
||||
|
||||
@@ -123,13 +189,14 @@ resource "azurerm_windows_virtual_machine" "vm" {
|
||||
password = local.admin_password
|
||||
port = 5985
|
||||
https = false
|
||||
timeout = "3m"
|
||||
timeout = "30m"
|
||||
}
|
||||
|
||||
inline = [
|
||||
"powershell.exe -File C:/provision/q-user-setup.ps1"
|
||||
"powershell.exe -NoProfile -File C:/provision/q-user-setup.ps1"
|
||||
]
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -138,7 +205,9 @@ module "win-common" {
|
||||
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//win-common"
|
||||
|
||||
depends_on = [
|
||||
azurerm_windows_virtual_machine.vm
|
||||
azurerm_windows_virtual_machine.vm,
|
||||
null_resource.vm-post
|
||||
|
||||
]
|
||||
|
||||
private_ip_address = module.qmi-nic.private_ip_address
|
||||
@@ -162,13 +231,13 @@ resource "null_resource" "post-win-common" {
|
||||
insecure = true
|
||||
use_ntlm = false
|
||||
https = false
|
||||
timeout = "10m"
|
||||
timeout = "30m"
|
||||
}
|
||||
|
||||
inline = [
|
||||
"powershell.exe -File C:/provision/win-common/chrome-install.ps1",
|
||||
"powershell.exe -File C:/provision/win-common/onedrive-install.ps1",
|
||||
"powershell.exe -File C:/provision/win-common/vscode-install.ps1",
|
||||
"powershell.exe -NoProfile -File C:/provision/win-common/chrome-install.ps1",
|
||||
"powershell.exe -NoProfile -File C:/provision/win-common/onedrive-install.ps1",
|
||||
"powershell.exe -NoProfile -File C:/provision/win-common/vscode-install.ps1",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user