123 lines
3.5 KiB
HCL
123 lines
3.5 KiB
HCL
data "azurerm_key_vault_secret" "cid" {
|
|
name = "falcon-cid"
|
|
key_vault_id = var.key_vault_id
|
|
}
|
|
|
|
data "azurerm_key_vault_secret" "tenable-key" {
|
|
name = "tenable-key"
|
|
key_vault_id = var.key_vault_id
|
|
}
|
|
|
|
data "azurerm_key_vault_secret" "cert_password" {
|
|
name = "star-qmi-qlikpoc-com-password"
|
|
key_vault_id = var.key_vault_id
|
|
}
|
|
|
|
#data "azurerm_key_vault_certificate_data" "cert-data" {
|
|
# name = "star-qmi-qlikpoc-com-cert"
|
|
# key_vault_id = var.key_vault_id
|
|
#}
|
|
|
|
|
|
locals {
|
|
falcon_id = nonsensitive(data.azurerm_key_vault_secret.cid.value)
|
|
tenable_key = nonsensitive(data.azurerm_key_vault_secret.tenable-key.value)
|
|
cert_password = nonsensitive(data.azurerm_key_vault_secret.cert_password.value)
|
|
#cert_pem = nonsensitive(data.azurerm_key_vault_certificate_data.cert-data.pem)
|
|
#cert_key = nonsensitive(data.azurerm_key_vault_certificate_data.cert-data.key)
|
|
}
|
|
|
|
resource "null_resource" "files" {
|
|
provisioner "file" {
|
|
connection {
|
|
type = "ssh"
|
|
host = var.private_ip_address
|
|
user = var.admin_username
|
|
password = var.admin_password
|
|
timeout = "10m"
|
|
#private_key = "${file("~/.ssh/id_rsa")}"
|
|
}
|
|
source = "${path.module}/${var.os_type}/common"
|
|
destination = "/home/${var.admin_username}"
|
|
}
|
|
}
|
|
|
|
resource "null_resource" "post-linux-vm" {
|
|
|
|
depends_on = [
|
|
null_resource.files
|
|
]
|
|
|
|
provisioner "remote-exec" {
|
|
connection {
|
|
type = "ssh"
|
|
host = var.private_ip_address
|
|
user = var.admin_username
|
|
password = var.admin_password
|
|
timeout = "3m"
|
|
#private_key = "${file("~/.ssh/id_rsa")}"
|
|
}
|
|
|
|
inline = [
|
|
"echo ${var.admin_password} | sudo -S chmod u+x /home/${var.admin_username}/common/*.sh",
|
|
"sudo /home/${var.admin_username}/common/falcon.sh '${local.falcon_id}'",
|
|
"sudo /home/${var.admin_username}/common/tenable.sh '${local.tenable_key}'",
|
|
"sudo /home/${var.admin_username}/common/extract-certs.sh '${local.cert_password}'",
|
|
#"sudo /home/${var.admin_username}/common/save-cert.sh '${local.cert_pem}' '${local.cert_key}'",
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "null_resource" "update" {
|
|
|
|
count = var.update? 1 : 0
|
|
|
|
depends_on = [
|
|
null_resource.files,
|
|
null_resource.post-linux-vm
|
|
]
|
|
|
|
provisioner "remote-exec" {
|
|
connection {
|
|
type = "ssh"
|
|
host = var.private_ip_address
|
|
user = var.admin_username
|
|
password = var.admin_password
|
|
timeout = "3m"
|
|
#private_key = "${file("~/.ssh/id_rsa")}"
|
|
}
|
|
|
|
inline = [
|
|
"echo ${var.admin_password} | sudo -S chmod u+x /home/${var.admin_username}/common/*.sh",
|
|
"sudo /home/${var.admin_username}/common/update.sh",
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "null_resource" "resize" {
|
|
|
|
count = var.resize? 1 : 0
|
|
|
|
depends_on = [
|
|
null_resource.files,
|
|
null_resource.update
|
|
]
|
|
|
|
provisioner "remote-exec" {
|
|
connection {
|
|
type = "ssh"
|
|
host = var.private_ip_address
|
|
user = var.admin_username
|
|
password = var.admin_password
|
|
timeout = "3m"
|
|
#private_key = "${file("~/.ssh/id_rsa")}"
|
|
}
|
|
|
|
inline = [
|
|
"echo ${var.admin_password} | sudo -S chmod u+x /home/${var.admin_username}/common/*.sh",
|
|
"sudo /home/${var.admin_username}/common/resizedisk.sh",
|
|
]
|
|
}
|
|
}
|
|
|