Modulise bastion logic as used a lot

samples/Azure/templates/bastionhost/bastion.tf

@@ -31,64 +31,23 @@
 #------------------------------
 # Frontend bastion host...
 #------------------------------
-# Create public IP
-resource "azurerm_public_ip" "fepublicip001" {
-  name                = "${var.project}-PubIpAddr001"
-  location            = azurerm_resource_group.resourceGroup.location
-  resource_group_name = azurerm_resource_group.resourceGroup.name
-  allocation_method   = "Static"
+#
+
+module "bastionhost" {
+  source = "../modules/bastionproxyhost"
+  name   = "${var.project}bastionhost"
+
+  resource_group   = azurerm_resource_group.resourceGroup.name
+  location         = azurerm_resource_group.resourceGroup.location
+  subnet_id        = azurerm_subnet.frontend_subnet.id
+  machine_type     = var.machine_types.micro
+  tags             = var.tags
+  image            = var.images.ubunto18
+  custom_data      = null
+  storage_endpoint = module.mig.vmss-storage-endpoint
+  admin_user       = var.admin_user
+  admin_pwd        = var.admin_pwd
 }
 
-# Create network interface
-resource "azurerm_network_interface" "fe_nic01" {
-  name                = "NIC001"
-  location            = azurerm_resource_group.resourceGroup.location
-  resource_group_name = azurerm_resource_group.resourceGroup.name
-
-  ip_configuration {
-    name                          = "nic001"
-    subnet_id                     = azurerm_subnet.frontend_subnet.id
-    private_ip_address_allocation = "dynamic"
-    public_ip_address_id          = azurerm_public_ip.fepublicip001.id
-  }
-}
-
-resource "azurerm_virtual_machine" "bastionhost" {
-  name                  = "${var.project}-bastionhost"
-  location              = azurerm_resource_group.resourceGroup.location
-  resource_group_name   = azurerm_resource_group.resourceGroup.name
-  network_interface_ids = [azurerm_network_interface.fe_nic01.id]
-  vm_size               = var.machine_types.micro
-  tags                  = var.tags
-
-  storage_os_disk {
-    name              = "bastionhost"
-    caching           = "ReadWrite"
-    create_option     = "FromImage"
-    managed_disk_type = var.sku_storage.localrs
-  }
-
-  storage_image_reference {
-    publisher = "Canonical"
-    offer     = "UbuntuServer"
-    sku       = lookup(var.sku, azurerm_resource_group.resourceGroup.location)
-    version   = "latest"
-  }
-
-  os_profile {
-    computer_name  = "bastionhost"
-    admin_username = var.admin_user
-    admin_password = var.admin_pwd
-  }
-
-  os_profile_linux_config {
-    disable_password_authentication = false
-  }
-
-  boot_diagnostics {
-    enabled     = true
-    storage_uri = module.mig.vmss-storage-endpoint
-  }
-}
 
 

samples/Azure/templates/bastionhost/outputs.tf

@@ -20,7 +20,7 @@
  * SOFTWARE.
  */
 output "bastionhost-ip" {
-  value = azurerm_public_ip.fepublicip001.ip_address
+  value = module.bastionhost.proxyhost-ip
 }
 
 output "loadbalancer-ip" {

samples/Azure/templates/modules/bastionproxyhost/main.tf

@@ -0,0 +1,101 @@
+/**
+ * MIT License
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+# This section will declare the providers needed...
+# terraform init -upgrade
+# DEBUG - export TF_LOG=DEBUG
+
+##############################
+# Create compute resources...
+##############################
+
+
+#------------------------------
+# Frontend bastion host...
+#------------------------------
+# Create public IP
+resource "azurerm_public_ip" "proxyip" {
+  name                = var.name
+  location            = var.location
+  resource_group_name = var.resource_group
+  allocation_method   = "Static"
+}
+
+# Create network interface
+resource "azurerm_network_interface" "proxynic01" {
+  name                = var.name
+  location            = var.location
+  resource_group_name = var.resource_group
+
+  ip_configuration {
+    name                          = var.name
+    subnet_id                     = var.subnet_id
+    private_ip_address_allocation = "dynamic"
+    public_ip_address_id          = azurerm_public_ip.proxyip.id
+  }
+}
+
+resource "azurerm_virtual_machine" "proxyvm" {
+  name                  = var.name
+  location              = var.location
+  resource_group_name   = var.resource_group
+  network_interface_ids = [azurerm_network_interface.proxynic01.id]
+  vm_size               = var.machine_type
+  tags                  = var.tags
+
+  storage_os_disk {
+    name              = var.name
+    caching           = "ReadWrite"
+    create_option     = "FromImage"
+    managed_disk_type = var.sku_storage.localrs
+  }
+
+  dynamic "storage_image_reference" {
+
+    for_each = [1]
+
+    content {
+      publisher = var.profile_image[lower(var.image)]["publisher"]
+      offer     = var.profile_image[lower(var.image)]["offer"]
+      sku       = var.profile_image[lower(var.image)]["sku"]
+      version   = var.profile_image[lower(var.image)]["version"]
+    }
+  }
+
+  os_profile {
+    computer_name  = var.name
+    admin_username = var.admin_user
+    admin_password = var.admin_pwd
+    custom_data    = var.custom_data
+  }
+
+  os_profile_linux_config {
+    disable_password_authentication = false
+  }
+
+  boot_diagnostics {
+    enabled     = true
+    storage_uri = var.storage_endpoint
+  }
+}
+
+

samples/Azure/templates/modules/bastionproxyhost/outputs.tf

@@ -0,0 +1,26 @@
+/**
+ * MIT License
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+output "proxyhost-ip" {
+  description = "The IP of the proxy/bastion host"
+  value       = azurerm_public_ip.proxyip.ip_address
+}

samples/Azure/templates/modules/bastionproxyhost/variables.tf

@@ -0,0 +1,157 @@
+/**
+ * MIT License
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+# Declare variables that can be used. They do not need to be populated...
+
+variable "name" {
+  type    = string # Type - not needed, but showing it...
+  default = ""
+}
+
+variable "resource_group" {
+  type    = string # Type - not needed, but showing it...
+  default = ""
+}
+
+variable "location" {
+  type    = string # Type - not needed, but showing it...
+  default = ""
+}
+
+variable "subnet_id" {
+  description = "Name of the subnetwork to create resources in."
+  default     = ""
+}
+
+variable "sku_storage" {
+  type = map(any)
+  default = {
+    localrs = "Standard_LRS"
+  }
+}
+
+variable "image" {
+  description = "The image to use"
+  default     = ""
+}
+
+variable "profile_image" {
+
+  type = map(object({
+    publisher = string
+    offer     = string
+    sku       = string
+    version   = string
+  }))
+
+  default = {
+    ubuntu1604 = {
+      publisher = "Canonical"
+      offer     = "UbuntuServer"
+      sku       = "16.04-LTS"
+      version   = "latest"
+    }
+
+    ubuntu1804 = {
+      publisher = "Canonical"
+      offer     = "UbuntuServer"
+      sku       = "18.04-LTS"
+      version   = "latest"
+    }
+
+    centos8 = {
+      publisher = "OpenLogic"
+      offer     = "CentOS"
+      sku       = "7.5"
+      version   = "latest"
+    }
+
+    coreos = {
+      publisher = "CoreOS"
+      offer     = "CoreOS"
+      sku       = "Stable"
+      version   = "latest"
+    }
+
+    windows2012r2dc = {
+      publisher = "MicrosoftWindowsServer"
+      offer     = "WindowsServer"
+      sku       = "2012-R2-Datacenter"
+      version   = "latest"
+    }
+
+    windows2016dc = {
+      publisher = "MicrosoftWindowsServer"
+      offer     = "WindowsServer"
+      sku       = "2016-Datacenter"
+      version   = "latest"
+    }
+
+    windows2019dc = {
+      publisher = "MicrosoftWindowsServer"
+      offer     = "WindowsServer"
+      sku       = "2019-Datacenter"
+      version   = "latest"
+    }
+
+    mssql2017exp = {
+      publisher = "MicrosoftSQLServer"
+      offer     = "SQL2017-WS2016"
+      sku       = "Express"
+      version   = "latest"
+    }
+  }
+}
+
+variable "machine_type" {
+  description = "The type to use"
+  default     = ""
+}
+
+variable "storage_endpoint" {
+  description = "The log endpoint to use"
+  default     = ""
+}
+
+variable "custom_data" {
+  description = "The custom start data to use"
+  default     = ""
+}
+
+variable "tags" {
+  type = map(any)
+  default = {
+  }
+}
+
+variable "admin_user" {
+  type    = string # Type - not needed, but showing it...
+  default = ""
+}
+
+variable "admin_pwd" {
+  type    = string # Type - not needed, but showing it...
+  default = ""
+}
+
+
+
+