gravitee-io · passionne · Mar 13, 2024
@@ -20,3 +20,10 @@
 
 # Others
 .DS_Store
+
+# Any internal terraform files
+**/.terraform*
+**/terraform.tfstate
+**/terraform.tfstate.backup
+test/terraform_linux_vm/**/*.pem
+
@@ -0,0 +1,86 @@
+module "dependencies" {
+  source = "../module_vm/dependencies"
+  allowed_ips = var.allowed_ips
+}
+
+
+# Agreement of OS offer
+resource "azurerm_marketplace_agreement" "this" {
+  publisher = "procomputers"
+  offer     = var.os_name
+  plan      = var.os_name
+}
+
+# Create virtual machine
+resource "azurerm_linux_virtual_machine" "rpm_vm" {
+  depends_on = [module.dependencies ,azurerm_marketplace_agreement.this]
+
+  name                  = "${module.dependencies.random_pet-tf_resource_prefix-id}_VM"
+  location              = module.dependencies.azurerm_resource_group-rg-location
+  resource_group_name   = module.dependencies.azurerm_resource_group-rg-name
+  network_interface_ids = [module.dependencies.azurerm_network_interface-rpm_tf_nic-id]
+  size                  = var.vm_size
+
+  os_disk {
+    name                 = "${module.dependencies.random_pet-tf_resource_prefix-id}_OsDisk"
+    caching              = "ReadWrite"
+    storage_account_type = "Premium_LRS"
+  }
+
+  plan {
+    name      = var.os_name
+    product   = var.os_name
+    publisher = "procomputers"
+  }
+
+  source_image_reference {
+    publisher = var.os_publisher
+    offer     = var.os_name
+    sku       = var.os_name
+    version   = var.os_version
+  }
+
+  computer_name  = replace(module.dependencies.random_pet-tf_resource_prefix-id, "_", "")
+  admin_username = var.username
+
+  admin_ssh_key {
+    username   = var.username
+    public_key = jsondecode(module.dependencies.azapi_resource_action-ssh_public_key_gen-output).publicKey
+  }
+
+  boot_diagnostics {
+    storage_account_uri = module.dependencies.azurerm_storage_account-rpm_storage_account-primary_blob_endpoint
+  }
+
+  connection {
+    type = "ssh"
+    user = var.username
+    private_key = jsondecode(module.dependencies.azapi_resource_action-ssh_public_key_gen-output).privateKey
+    host = self.public_ip_address
+  }
+
+  provisioner "file" {
+    source = "../module_vm/install_redhat.sh"
+    destination = "install_redhat.sh"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo yum install -y tmux",
+      "chmod u+x install_*.sh",
+      "tmux new-session \\; send-keys './install_redhat.sh' C-m \\; detach-client"
+    ]
+  }
+}
+
+output "public_ip_address" {
+  value = azurerm_linux_virtual_machine.rpm_vm.public_ip_address
+}
+
+output "ssh_command_to_connect" {
+  value = "ssh -i ${module.dependencies.local_sensitive_file-ssh_private_key-filename} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no matthieu@${azurerm_linux_virtual_machine.rpm_vm.public_ip_address}"
+}
+
+output "scp_command_to_push_rpm" {
+  value = "scp -i ${module.dependencies.local_sensitive_file-ssh_private_key-filename} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ../../../apim/4.x/graviteeio-apim-*-4x*.rpm matthieu@${azurerm_linux_virtual_machine.rpm_vm.public_ip_address}:."
+}
@@ -0,0 +1,15 @@
+terraform {
+  required_version = ">=1.7"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.94"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+  subscription_id = "02ae5fba-84b0-443a-9df6-9be92297c139" // Gravitee-SaaS
+}
@@ -0,0 +1,33 @@
+variable "allowed_ips" {
+  type        = string
+  description = "Used to filter IP which have access to the Virtual Machine, could be a prefix, CIDR or a match like `*`"
+  default     = "*"
+}
+
+variable "username" {
+  type        = string
+  description = "The username for the local account that will be created on the new VM."
+  default     = "azureadmin"
+}
+
+variable "vm_size" {
+  type        = string
+  description = "VM size [Standard_DS1_v2,Standard_DS2_v3,Standard_D2ads_v5]"
+  default     = "Standard_D2ads_v5"
+}
+variable "os_publisher" {
+  type        = string
+  description = "Operating System Publisher [RedHat,SUSE]"
+  default     = "procomputers"
+}
+variable "os_name" {
+  type        = string
+  description = "Operating System Offer [centos-stream-9-minimal,centos-7-minimal]"
+  default     = "centos-stream-9-minimal"
+}
+variable "os_version" {
+  type        = string
+  description = "Operating System Version [latest,8.0.7]"
+  default     = "latest"
+}
+
@@ -0,0 +1,84 @@
+# Create virtual network
+resource "azurerm_virtual_network" "rpm_network" {
+  depends_on = [data.azurerm_resource_group.rg]
+  name                = "${random_pet.tf_resource_prefix.id}_Vnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = data.azurerm_resource_group.rg.location
+  resource_group_name = data.azurerm_resource_group.rg.name
+}
+
+# Create subnet
+resource "azurerm_subnet" "rpm_subnet" {
+  depends_on = [data.azurerm_resource_group.rg, random_pet.tf_resource_prefix]
+  name                 = "${random_pet.tf_resource_prefix.id}_Subnet"
+  resource_group_name  = data.azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.rpm_network.name
+  address_prefixes     = ["10.0.1.0/24"]
+}
+
+# Create public IPs
+resource "azurerm_public_ip" "rpm_public_ip" {
+  depends_on = [data.azurerm_resource_group.rg, random_pet.tf_resource_prefix]
+  name                = "${random_pet.tf_resource_prefix.id}_PublicIP"
+  location            = data.azurerm_resource_group.rg.location
+  resource_group_name = data.azurerm_resource_group.rg.name
+  allocation_method   = "Dynamic"
+}
+
+# Create Network Security Group and rule
+resource "azurerm_network_security_group" "rpm_tf_nsg" {
+  depends_on = [data.azurerm_resource_group.rg, random_pet.tf_resource_prefix]
+  name                = "${random_pet.tf_resource_prefix.id}_NetworkSecurityGroup"
+  location            = data.azurerm_resource_group.rg.location
+  resource_group_name = data.azurerm_resource_group.rg.name
+
+  security_rule {
+    name                       = "SSH"
+    priority                   = 1001
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "22"
+    source_address_prefix      = var.allowed_ips
+    destination_address_prefix = "*"
+  }
+  security_rule {
+    name                       = "APIM"
+    priority                   = 1101
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "8080-8085"
+    source_address_prefix      = var.allowed_ips
+    destination_address_prefix = "*"
+  }
+}
+
+# Create network interface
+resource "azurerm_network_interface" "rpm_tf_nic" {
+  depends_on = [
+    data.azurerm_resource_group.rg,
+    random_pet.tf_resource_prefix,
+    azurerm_subnet.rpm_subnet,
+    azurerm_public_ip.rpm_public_ip
+  ]
+  name                = "${random_pet.tf_resource_prefix.id}_NIC"
+  location            = data.azurerm_resource_group.rg.location
+  resource_group_name = data.azurerm_resource_group.rg.name
+
+  ip_configuration {
+    name                          = "${random_pet.tf_resource_prefix.id}_nic_configuration"
+    subnet_id                     = azurerm_subnet.rpm_subnet.id
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = azurerm_public_ip.rpm_public_ip.id
+  }
+}
+
+# Connect the security group to the network interface
+resource "azurerm_network_interface_security_group_association" "rpm_nic_sg_asso" {
+  depends_on = [azurerm_network_interface.rpm_tf_nic, azurerm_network_security_group.rpm_tf_nsg]
+  network_interface_id      = azurerm_network_interface.rpm_tf_nic.id
+  network_security_group_id = azurerm_network_security_group.rpm_tf_nsg.id
+}
@@ -0,0 +1,27 @@
+output "random_pet-tf_resource_prefix-id" {
+  value = random_pet.tf_resource_prefix.id
+}
+
+output "azurerm_resource_group-rg-location" {
+  value = data.azurerm_resource_group.rg.location
+}
+
+output "azurerm_resource_group-rg-name" {
+  value = data.azurerm_resource_group.rg.name
+}
+
+output "azurerm_network_interface-rpm_tf_nic-id" {
+  value = azurerm_network_interface.rpm_tf_nic.id
+}
+
+output "azapi_resource_action-ssh_public_key_gen-output" {
+  value = azapi_resource_action.ssh_public_key_gen.output
+}
+
+output "azurerm_storage_account-rpm_storage_account-primary_blob_endpoint" {
+  value = azurerm_storage_account.rpm_storage_account.primary_blob_endpoint
+}
+
+output "local_sensitive_file-ssh_private_key-filename" {
+  value = local_sensitive_file.ssh_private_key.filename
+}
@@ -0,0 +1,23 @@
+terraform {
+  required_version = ">=1.7"
+
+  required_providers {
+    azapi = {
+      source  = "azure/azapi"
+      version = "~>1.12.1"
+    }
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.94"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.6"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+  subscription_id = "02ae5fba-84b0-443a-9df6-9be92297c139" // Gravitee-SaaS
+}
@@ -0,0 +1,14 @@
+resource "random_pet" "tf_resource_prefix" {
+  prefix    = "rpm"
+  separator = "_"
+}
+
+# Generate random text for a unique storage account name
+resource "random_id" "random_id" {
+  keepers = {
+    # Generate a new ID only when a new resource group is defined
+    resource_group = data.azurerm_resource_group.rg.name
+  }
+
+  byte_length = 8
+}
@@ -0,0 +1,3 @@
+data "azurerm_resource_group" "rg" {
+  name = "gravitee-rpm-dev"
+}
@@ -0,0 +1,29 @@
+resource "random_pet" "ssh_key_name" {
+  prefix    = "ssh"
+  separator = ""
+}
+
+resource "azapi_resource_action" "ssh_public_key_gen" {
+  depends_on = [azapi_resource.ssh_public_key]
+  type        = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  resource_id = azapi_resource.ssh_public_key.id
+  action      = "generateKeyPair"
+  method      = "POST"
+
+  response_export_values = ["publicKey", "privateKey"]
+}
+
+resource "azapi_resource" "ssh_public_key" {
+  depends_on = [random_pet.ssh_key_name, data.azurerm_resource_group.rg]
+  type      = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  name      = random_pet.ssh_key_name.id
+  location  = data.azurerm_resource_group.rg.location
+  parent_id = data.azurerm_resource_group.rg.id
+}
+
+resource "local_sensitive_file" "ssh_private_key" {
+  depends_on = [random_pet.tf_resource_prefix, azapi_resource_action.ssh_public_key_gen]
+  content  = jsondecode(azapi_resource_action.ssh_public_key_gen.output).privateKey
+  filename = var.ssh_key_filename != "" ? var.ssh_key_filename : "${random_pet.tf_resource_prefix.id}_id_rsa.pem"
+  file_permission = "0600"
+}
@@ -0,0 +1,9 @@
+# Create storage account for boot diagnostics
+resource "azurerm_storage_account" "rpm_storage_account" {
+  depends_on = [random_id.random_id, data.azurerm_resource_group.rg]
+  name                     = "diag${random_id.random_id.hex}"
+  location                 = data.azurerm_resource_group.rg.location
+  resource_group_name      = data.azurerm_resource_group.rg.name
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
@@ -0,0 +1,11 @@
+variable "allowed_ips" {
+  type        = string
+  description = "Used to filter IP which have access to the Virtual Machine, could be a prefix, CIDR or a match like `*`"
+  default     = "*"
+}
+
+variable "ssh_key_filename" {
+  type        = string
+  description = "Overwrite default random ssh key filename"
+  default     = ""
+}