initial commit

.gitignore

@@ -0,0 +1,11 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+terraform
+.DS_Store

README.md

@@ -0,0 +1,2 @@
+# terraform-cloud-vm
+a repo for chapter 8

main.tf

@@ -0,0 +1 @@
+# required file

modules/aws/README.md

@@ -0,0 +1,2 @@
+# terraform-cloud-vm/aws
+deploys a VM on AWS

modules/aws/main.tf

@@ -0,0 +1,42 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+module "instance_sg" {
+  source = "scottwinkler/sg/aws"
+  vpc_id = data.aws_vpc.default.id
+  ingress_rules = [
+    {
+      port        = 8080
+      cidr_blocks = ["0.0.0.0/0"]
+    }
+  ]
+}
+
+module "iam_instance_profile" {
+  source  = "scottwinkler/iip/aws"
+  actions = ["logs:*", "ec2:DescribeInstances"]
+}
+
+data "aws_ami" "ubuntu" {
+  most_recent = true
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
+  }
+  owners = ["099720109477"]
+}
+
+resource "aws_instance" "instance" {
+  ami                         = data.aws_ami.ubuntu.id
+  instance_type               = "t3.micro"
+  key_name                    = var.ssh_keypair
+  vpc_security_group_ids      = [module.instance_sg.security_group.id]
+  associate_public_ip_address = true
+  user_data                   = templatefile("${path.module}/templates/startup.sh", { NAME = var.environment.name, BG_COLOR = var.environment.background_color })
+  iam_instance_profile        = module.iam_instance_profile.name
+
+  tags = {
+    Name = "aws-vm"
+  }
+}

modules/aws/outputs.tf

@@ -0,0 +1,7 @@
+output "public_ip" {
+    value = aws_instance.instance.public_ip
+}
+
+output "network_address" {
+    value = "${aws_instance.instance.public_ip}:8080"
+}

modules/aws/templates/startup.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -e
+echo "Installing dependencies..."
+sudo apt-get -qq update &>/dev/null
+
+echo "Installing Docker..."
+curl -fsSL https://get.docker.com -o get-docker.sh
+sudo sh get-docker.sh
+
+echo "Configuring application service..."
+sudo tee /etc/systemd/system/app.service > /dev/null <<"EOF"
+[Unit]
+Description=Application
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Restart=on-failure
+Environment=CONSUL_ALLOW_PRIVILEGED_PORTS=true
+ExecStart=/usr/bin/docker run -dit -e NAME=${NAME} -e BG_COLOR=${BG_COLOR} -p 8080:80 swinkler/tia-webserver
+ExecReload=/bin/kill -HUP $MAINPID
+KillSignal=SIGTERM
+User=root
+Group=root
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+echo "Starting services..."
+sudo systemctl daemon-reload
+sudo systemctl enable app.service
+sudo systemctl start app.service

modules/aws/variables.tf

@@ -0,0 +1,11 @@
+variable "environment" {
+    type = object({
+        name = string
+        background_color=string
+    })
+}
+
+variable "ssh_keypair" {
+    default = null
+    type = string
+}

modules/azure/README.md

@@ -0,0 +1,2 @@
+# terraform-cloud-vm/azure
+deploys a VM on Azure

modules/azure/main.tf

@@ -0,0 +1,118 @@
+resource "random_string" "rand_rg" {
+  length  = 24
+  special = false
+  upper   = false
+}
+
+resource "azurerm_resource_group" "resource_group" {
+  name     = random_string.rand_rg.result
+  location = var.location
+}
+
+resource "azurerm_virtual_network" "virtual_network" {
+  name                = "default"
+  address_space       = ["172.16.0.0/16"]
+  location            = var.location
+  resource_group_name = azurerm_resource_group.resource_group.name
+}
+
+resource "azurerm_subnet" "vm_subnet" {
+  name                 = "vm-subnet"
+  resource_group_name  = azurerm_resource_group.resource_group.name
+  virtual_network_name = azurerm_virtual_network.virtual_network.name
+  address_prefix       = "172.16.0.0/24"
+}
+
+resource "azurerm_network_security_group" "vm_sg" {
+  name                = "VM-NetworkSecurityGroup"
+  location            = var.location
+  resource_group_name = azurerm_resource_group.resource_group.name
+
+  security_rule {
+    name                       = "app"
+    priority                   = 100
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "8080"
+    source_address_prefix      = "*"
+    destination_address_prefix = "*"
+  }
+}
+
+resource "azurerm_public_ip" "public_ip" {
+  name                = "vm-public_ip"
+  location            = var.location
+  resource_group_name = azurerm_resource_group.resource_group.name
+  allocation_method   = "Static"
+  sku                 = "Standard"
+}
+
+resource "azurerm_network_interface" "network_interface" {
+  name                      = "vm-nic"
+  location                  = var.location
+  resource_group_name       = azurerm_resource_group.resource_group.name
+  network_security_group_id = azurerm_network_security_group.vm_sg.id
+
+  ip_configuration {
+    name                          = "vm-IPConfiguration"
+    subnet_id                     = azurerm_subnet.vm_subnet.id
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = azurerm_public_ip.public_ip.id
+  }
+}
+
+# Enable Boot Diagnostics
+resource "random_string" "rand_bd" {
+  length  = 24
+  special = false
+  upper   = false
+}
+
+resource "azurerm_storage_account" "storage_account" {
+  name                     = random_string.rand_bd.result
+  resource_group_name      = azurerm_resource_group.resource_group.name
+  location                 = var.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
+
+resource "azurerm_virtual_machine" "virtual_machine" {
+  name                             = "azure-vm"
+  location                         = var.location
+  resource_group_name              = azurerm_resource_group.resource_group.name
+  network_interface_ids            = [azurerm_network_interface.network_interface.id]
+  vm_size                          = "Standard_A1"
+  delete_os_disk_on_termination    = true
+  delete_data_disks_on_termination = true
+
+  storage_os_disk {
+    name              = "vm-osdisk"
+    caching           = "ReadWrite"
+    create_option     = "FromImage"
+    managed_disk_type = "Standard_LRS"
+  }
+
+  storage_image_reference {
+    publisher = "Canonical"
+    offer     = "UbuntuServer"
+    sku       = "18.04-LTS"
+    version   = "latest"
+  }
+
+  boot_diagnostics {
+    enabled     = true
+    storage_uri = azurerm_storage_account.storage_account.primary_blob_endpoint
+  }
+
+  os_profile {
+    computer_name  = "azure-vm"
+    admin_username = "azure"
+    admin_password = "Passwword1234"
+    custom_data    = templatefile("${path.module}/templates/startup.sh",{ NAME = var.environment.name, BG_COLOR = var.environment.background_color })
+  }
+  os_profile_linux_config {
+    disable_password_authentication = false
+  }
+}

modules/azure/outputs.tf

@@ -0,0 +1,7 @@
+output "public_ip" {
+    value = azurerm_public_ip.public_ip.ip_address
+}
+
+output "network_address" {
+    value = "${azurerm_public_ip.public_ip.ip_address}:8080"
+}

modules/azure/templates/startup.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -e
+echo "Installing dependencies..."
+sudo apt-get -qq update &>/dev/null
+
+echo "Installing Docker..."
+curl -fsSL https://get.docker.com -o get-docker.sh
+sudo sh get-docker.sh
+
+echo "Configuring application service..."
+sudo tee /etc/systemd/system/app.service > /dev/null <<"EOF"
+[Unit]
+Description=Application
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Restart=on-failure
+Environment=CONSUL_ALLOW_PRIVILEGED_PORTS=true
+ExecStart=/usr/bin/docker run -dit -e NAME=${NAME} -e BG_COLOR=${BG_COLOR} -p 8080:80 swinkler/tia-webserver
+ExecReload=/bin/kill -HUP $MAINPID
+KillSignal=SIGTERM
+User=root
+Group=root
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+echo "Starting services..."
+sudo systemctl daemon-reload
+sudo systemctl enable app.service
+sudo systemctl start app.service

modules/azure/variables.tf

@@ -0,0 +1,11 @@
+variable "location" {
+    default = "westus2"
+    type = string
+}
+
+variable "environment" {
+    type = object({
+        name = string
+        background_color=string
+    })
+}

modules/gcp/README.md

@@ -0,0 +1,2 @@
+# terraform-cloud-vm/gcp
+deploys a VM on GCP

modules/gcp/main.tf

@@ -0,0 +1,58 @@
+locals {
+  services = ["compute.googleapis.com"]
+}
+
+resource "google_project_service" "enabled_service" {
+  for_each = toset(local.services)
+  project  = var.project_id
+  service  = each.key
+  provisioner "local-exec" {
+    command = "sleep 60"
+  }
+  disable_on_destroy = false
+}
+
+resource "google_compute_firewall" "default" {
+  depends_on = [google_project_service.enabled_service["compute.googleapis.com"]]
+  name       = "default-firewall"
+  network    = "default"
+
+  allow {
+    protocol = "icmp"
+  }
+
+  allow {
+    protocol = "tcp"
+    ports    = ["8080"]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+}
+
+// A single Google Cloud Engine instance
+resource "google_compute_instance" "compute_instance" {
+  depends_on   = [google_project_service.enabled_service["compute.googleapis.com"]]
+  name         = "gcp-vm"
+  machine_type = "n1-standard-1"
+  zone         = "${var.region}-a"
+
+  boot_disk {
+    initialize_params {
+      image = "ubuntu-os-cloud/ubuntu-1804-lts"
+    }
+  }
+
+  metadata_startup_script = templatefile("${path.module}/templates/startup.sh",{ NAME = var.environment.name, BG_COLOR = var.environment.background_color })
+
+  network_interface {
+    network = "default"
+
+    access_config {
+      // Ephemeral IP
+    }
+  }
+
+  service_account {
+    scopes = ["userinfo-email", "compute-ro", "storage-ro"]
+  }
+}

modules/gcp/outputs.tf

@@ -0,0 +1,7 @@
+output "public_ip" {
+    value = google_compute_instance.compute_instance.network_interface.0.access_config.0.nat_ip
+}
+
+output "network_address" {
+    value = "${google_compute_instance.compute_instance.network_interface.0.access_config.0.nat_ip}:8080"
+}