I want to deploy with Terraform some Virtual machines inside Azure Stack Edge. Is it possible?
From the Azure documentation Here, I suspect that I can use the same Terraform code to create virtual machines in a Resource Group because it seems that they use the same Azure API, but I'm not sure.
If so, how could I adapt my code to use a Azure Stack Edge instead of Azure Resource group?
#Creating the VM
resource "azurerm_windows_virtual_machine" "jumphost" {
name = var.name
resource_group_name = data.azurerm_resource_group.jumphost.name
location = data.azurerm_resource_group.jumphost.location
size = "Standard_B2ms"
admin_username = "adminuser"
admin_password = data.azurerm_key_vault_secret.jumphost.value
network_interface_ids = [
azurerm_network_interface.jumphost.id,
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
disk_size_gb = 127
}
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2022-Datacenter"
version = "latest"
}
}
This is an example how I deploy a VM.
Many Thanks
Both The Azure Stack Provider and Azure Provider are used to manage resources via the Azure Resource Manager API's..You can use the same terraform code to deploy resources in Azure Stack or AzureRM. Only you need to change the providers.
Below is screen shot from terraform registry.
Terraform, created by Microsoft partner HashiCorp, is using the same ARM REST APIs as a foundation.
For more information you can refer this Document
Related
I use Azure ARM templates for deploying Azure resources.
Now I have been asked to convert a few of the ARM templates into Terraform files.
I am new to terraform world. I just went through some online examples of creating Azure resources using Terraform's AzureRM provider. but, nowhere did I find a way to set the API version for the Azure resource provider.
For example, In the ARM template, we can specify "apiVersion" for any resources but in the Terraform there is no option to choose the API version.
Does anyone know how to choose API Version in Terraform for Azure?
In Terrform we don't speficy the api version for each resource likewise we do in ARM template.
In terraform we only use the AzureRM provider version. If you are not mentioning specific version it will take the latest AzureRM provider version
The Azure Provider can be used to configure infrastructure in Microsoft Azure using the Azure Resource Manager API's.
Like below
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.10.0"
}
}
}
provider "azurerm" {
features {}
}
data "azurerm_resource_group" "example" {
name = "v-rasXXXXree"
#location = "West Europe"
}
resource "azurerm_virtual_network" "example-2" {
name = "peternetwork2"
resource_group_name = data.azurerm_resource_group.example.name
address_space = ["10.0.2.0/24"]
location = data.azurerm_resource_group.example.location
}
For more information please refer this official terarform document
I am trying to provision a simple Ubuntu Linux VM with Terraform that allows users to connect with their Azure AD credentials. I am new to Terraform and am trying to I'm trying to find the right resource section/command that enables the "Login with Azure AD" setting from the GUI shown in the screenshot link below.
https://i.stack.imgur.com/Gg9p8.png
Here is a snippet of code that provisions the VM:
resource "azurerm_linux_virtual_machine" "dev" {
name = "devhost01"
resource_group_name = azurerm_resource_group.dev.name
location = azurerm_resource_group.ev.location
size = "Standard_D2s_v3"
admin_username = "admin"
network_interface_ids = [
azurerm_network_interface.dev.id,
]
admin_ssh_key {
username = "admin"
public_key = file("~/.ssh/admin.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
}
I have a related but secondary question as well; I am unsure if it warrants a separate question/post. I manually created a VM through the GUI enabling "Login with Azure AD", tried to connect with
az ssh vm --ip XXX.XXX.XXX.XXX
and received
Permission denied (publickey).
I haven't specified that users need to connect using ssh keys (at least not intentionally). Is there another section I need to add to allow basic SSH access for authenticated AD users?
To logon to a linux VM with Azure AD. You would need to perform below actions.
Install AAD linux extension, which appears to be installed as per your screenshot
Enable System assigned Managed Identity which facilitates the AD login. I see this also being created.
As mentioned in “Azure AD” section on your screenshot, you would need to assign one of Virtual Machine Administrator Login or Virtual Machine User Login roles via RBAC on the VM resource.
The third one is equally important like it’s predecessors to allow AD logins.
When all three steps are performed, az ssh vm --ip XXX.XXX.XXX.XXX would let you logon to the VM.
Update
---- adding tf code as requested in comments-----
add managed identity to VM resource
resource "azurerm_linux_virtual_machine" "dev" {
// blah-blah
identity {
type = "SystemAssigned"
}
}
add role assignment
resource "azurerm_role_assignment" "assign-vm-role" {
scope = azurerm_linux_virtual_machine.dev.id
role_definition_name = "Virtual Machine Administrator Login"
principal_id = <id-of-group/user/sp>
}
What is Terraform equivalent to
az vm encryption enable --name --resource-group --volume-type OS --aad-client-id --aad-client-secret --disk-encryption-keyvault https:///secrets//
Based on this Repository
We configure the Azure Key Vault service for Server-side encryption
(SSE) for the Azure Managed Disk in this config. The procedured can be
procured using the Terraform provider azurerm_disk_encryption_set.
resource "azurerm_disk_encryption_set" "example" {
name = "des"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
key_vault_key_id = azurerm_key_vault_key.example.id
identity {
type = "SystemAssigned"
}
}
In Azure, I'm trying to create a Windows VM using Terraform. I have done this through Powershell previously using Template.json file. Now I have to do with terraform, which I'm completely new to. So I have searched for some Sample scripts which creates VM in Azure and found this.
In this link, there is a sample Terraform script to spin a Linux VM. But I need to spin a windows VM from an Image. Where should I give the Image details. My complete requirement is:
Create a Windows VM from an Image (have resource Id)
I already have Resource group, Virtual network, Subnet created. I just need to pass those values and create them.
We have already defined the Subnet address prefix, Vnet address space from the portal itself. So do I have to give again in the script or can I skip it.
The business requirement is that no VMs should have public IP and DNS name, So if I remove "# Create public IPs" section, will that not create public IP?
The script for creating a Linux machine is here, which I'm taking it as reference.
Below is an example of how to use data to use already existing resources in terraform, also there is a code block to create a windows VM. You will need to get the existing VNET and create a NIC
Use the data directive to get the VNET azurerm_virtual_network, you can see the syntax below for the resource group. You will need to add the resource group and possibly location into this block.
Create a azurerm_network_interface resource using the VNET ID
Add the network interface ID to the VM (network_interface_ids = [])
Example TF Code to Create and load balance VMs
variable "subscription_id" {}
variable "client_id" {}
variable "client_secret" {}
variable "tenant_id" {}
provider "azurerm" {
tenant_id = "${var.tenant_id}"
subscription_id = "${var.subscription_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
}
data "azurerm_resource_group" "resource_group" {
name = "learning-tf-web-rg"
}
resource "azurerm_virtual_machine" "web_server" {
name = "server"
location = "westus2"
resource_group_name = "${data.azurerm_resource_group.resource_group.name}"
network_interface_ids = []
vm_size = "Standard_B2s"
storage_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter-Server-Core-smalldisk"
version = "latest"
}
storage_os_disk {
name = "server-os"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "server"
admin_username = "server"
admin_password = "Passw0rd1234"
}
os_profile_windows_config {
}
}
From Terraform's perspective, a Windows VM is really quite similar to a Linux VM. The #1 difference in my opinion is that the Windows VM requires a os_profile_windows_config attribute, while the Linux VM needs os_profile_linux_config.
The TF code you found on the Microsoft site is a fine start. Additionally, you may look in the Terraform Registry. For example, here's a module for a Linux VM.
I strongly recommend reading through all of the options in the VM resource. I know it's a lot, but you should understand what choices you have.
Lastly, there's no substitute for writing some code and testing it. If you do something wrong, either Terraform and/or the Azure API will tell you, and if it's unclear, a web search will pop up an answer or a pointer in the right direction.
We are migrating from unmanaged to managed disks in Azure. Currently our backend.tf definition is as follows
terraform {
backend "azure" {
storage_account_name = "foo"
container_name = "foo-container"
key = "foo.tfstate"
}
}
With managed disks you don't have reference to storage account as it is managed by Azure. What does this mean for backend.tf. Do we just remove storage account and container? Do we need to add some flag to identify backend storage as managed? Google search is not producing required answers, hence reaching out here.
Thanks
With managed disks you don't have reference to storage account as it
is managed by Azure. What does this mean for backend.tf.
It means you could not use backend "azure", Azure managed disk does not support this.
Please refer to this official document.Stores the state as a given key in a given blob container on Microsoft Azure Storage.
Creating managed disk with terraform you could check this link.
resource "azurerm_managed_disk" "test" {
name = "acctestmd"
location = "West US 2"
resource_group_name = "${azurerm_resource_group.test.name}"
storage_account_type = "Standard_LRS"
create_option = "Empty"
disk_size_gb = "1"
tags {
environment = "staging"
}