I have first created a simple standard VM in Azure which I have customized for data science purpose with different software on it. Then I have created an image from this VM so that I can deploy new VM based on the customized image faster with same configuration. I have saved the image under Azure Shared Image Gallery.
Is it any way to deploy this customized image from a Terraform script into a new Resource Group? I know how to deploy a normal standard VM from Terraform but couldn't find out how to deploy it based on a customized image saved in the Shared Image gallery.
To deploy a customized image from Azure Shared Image Gallery with terraform. You could use Data Source: azurerm_shared_image and azurerm_windows_virtual_machine or azurerm_linux_virtual_machine to manage it with specify the source_image_id. Please note that the newly created VM should be in the same region as the shared image before you deploy it. If not, you could replicate this image to your desired region, read https://learn.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries#replication
For example, deploy a Windows VM from generalized shared image:
provider "azurerm" {
features {}
}
data "azurerm_shared_image" "example" {
name = "my-image"
gallery_name = "my-image-gallery"
resource_group_name = "example-resources-imageRG"
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "xxxxximageregion"
}
resource "azurerm_virtual_network" "example" {
name = "example-network"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_subnet" "example" {
name = "internal"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.2.0/24"]
}
resource "azurerm_network_interface" "example" {
name = "example-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_windows_virtual_machine" "example" {
name = "example-machine"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
size = "Standard_F2"
admin_username = "adminuser"
admin_password = "P#$$w0rd1234!"
network_interface_ids = [
azurerm_network_interface.example.id,
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_id = data.azurerm_shared_image.example.id
}
Result
Related
I have an existing Virtual Machine running in Azure that has customised software installed. I want to use Terraform to create an image of this virtual machine and store it in an image gallery. The problem is, I dont understand how Terraform uniquely identifies the virtual machine in question.
Currently, I have the following:
// Get VM I want to create an image for (how can I use this as the image reference?)
data "azurerm_virtual_machine" "example" {
name = "example"
resource_group_name = "rg-example"
}
resource "azurerm_shared_image_gallery" "example" {
name = "example_image_gallery"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
description = "Shared images and things."
}
resource "azurerm_shared_image" "example" {
name = "my-image"
gallery_name = azurerm_shared_image_gallery.example.name
resource_group_name = "rg-example"
location = "australiacentral"
os_type = "Linux"
identifier {
publisher = "teradata"
offer = "vantage-teradata-viewpoint"
sku = "teradata-viewpoint-single-system-hourly-new"
}
specialized = true
}
As far as I can tell, Terraform can only create the image based on the identifier block. But this does not uniquely identify my virtual machine. Am I missing something obvious?
My goal is to perform the "Capture" operation that is available via the Azure Portal via Terraform. How do I specify my source VM?
Through additional research, I found I needed an azurerm_shared_image_version resource. Here, I was able to reference my existing Virtual Machine via managed_image_id:
// Get clienttools VM information
data "azurerm_virtual_machine" "example" {
name = "test-virtual-machine"
resource_group_name = "rg-example"
}
resource "azurerm_shared_image_gallery" "example" {
name = "myGallery"
resource_group_name = "rg-example"
location = "australiacentral"
description = "Shared images and things."
}
resource "azurerm_shared_image" "example" {
name = "my-image"
gallery_name = azurerm_shared_image_gallery.example.name
resource_group_name = "rg-example"
location = "australiacentral"
os_type = "Windows"
identifier {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-datacenter-gensecond"
}
// Set this as it defaults to V1
hyper_v_generation = "V2"
specialized = true
}
resource "azurerm_shared_image_version" "example" {
name = "0.0.1"
gallery_name = azurerm_shared_image_gallery.example.name
image_name = azurerm_shared_image.example.name
resource_group_name = "rg-example"
location = "australiacentral"
managed_image_id = data.azurerm_virtual_machine.example.id
target_region {
name = "australiacentral"
regional_replica_count = 1
storage_account_type = "Standard_LRS"
}
}
I am trying to create a private endpoint for Azure Function App using terraform
The code for functionApp is
resource "azurerm_resource_group" "example" {
name = "azure-functions-test-rg"
location = "West Europe"
}
resource "azurerm_storage_account" "example" {
name = "functionsapptestsa"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_app_service_plan" "example" {
name = "azure-functions-test-service-plan"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku {
tier = "PremiumContainer"
size = "P1"
}
}
resource "azurerm_function_app" "example" {
name = "test-azure-functions"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
}
This all works fine, the functionapp gets created. I am trying to create private endpoint to this functionapp with following code
resource "azurerm_private_endpoint" "examplepe" {
name = "example-endpoint"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
subnet_id = azurerm_subnet.endpoint.id #dummy data
private_service_connection {
name = "example-privateserviceconnection"
is_manual_connection = false
private_connection_resource_id = azurerm_function_app.example.id
subresource_names = ["blob"]
}
}
The error I am getting is " Error creating private endpoint "resource name".... failure sending request: Statuscode=0 -- Original Error: Code="BadRequest" Message="Call to Microsoft.Web/sites failed. Error message: GroupId is invalid." Details=[]
Thanks
The issue was with incorrect subResource name being selected.
Resource Type SubResource Name Secondary SubResource Name
Data Lake File System Gen2 dfs dfs_secondary
Sql Database / Data Warehouse sqlServer
Storage Account blob blob_secondary
Storage Account file file_secondary
Storage Account queue queue_secondary
Storage Account table table_secondary
Storage Account web web_secondary
Web App / Function App sites
Web App / Function App Slots sites-<slotName>
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint#subresource_names
This has the details of the subresource
Problem
I discovered that I can integrate Application Security Groups (ASG) into a Network Interface when using the azurestack resource provider, but I cannot do so when using the azurerm resource provider.
My Understanding
I do not understand why I cannot. I actually do not understand the difference between Azure Stack and Azure RM. This article suggests that Azure Stack is for hybrid deployments and Azure RM (or Azure Provider) is for pure cloud deployments.
All the previous work that I and other colleagues have done has been with azurerm. I would prefer to stick with azurerm if I could. Or, if possible, I would like to "mix and match" azurerm and azurestack, using azurestack only when I have to, like in this case. But I'd really like to know why some things are only possible with one provider, since they both should have the same offering, with respect to pure Azure services.
Any Ideas?
Ultimately, though, I am just trying to solve the problem of attaching a network interface to a VM, where the NIC has associated ASGs. I would like to do this with azurerm if possible. I can do it with azurestack, as long as azurestack is compatible with other services launched through azurerm.
There is no need to use azurestack to associate NIC with ASGs
Terraform provider azurerm has resource called azurerm_network_interface_application_security_group_association
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_application_security_group_association
You just need to create ASG and associate it with NIC.
Example:
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_virtual_network" "example" {
name = "example-network"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_subnet" "example" {
name = "internal"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_application_security_group" "example" {
name = "example-asg"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_network_interface" "example" {
name = "example-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "testconfiguration1"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_network_interface_application_security_group_association" "example" {
network_interface_id = azurerm_network_interface.example.id
application_security_group_id = azurerm_application_security_group.example.id
}
In my main terraform file I have:
resource "azurerm_resource_group" "rg" {
name = var.rg_name
location = var.location
}
resource "azurerm_public_ip" "public_ip" {
name = "PublicIP"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
domain_name_label = var.domain_name_label
allocation_method = "Dynamic"
}
And in my outputs file I have:
data "azurerm_public_ip" "public_ip" {
name = "PublicIP"
resource_group_name = azurerm_resource_group.rg.name
depends_on = [azurerm_resource_group.rg, azurerm_public_ip.public_ip]
}
output "public_ip" {
value = data.azurerm_public_ip.public_ip.ip_address
}
All the resources including IP get created, however the output is blank. How can I fix this?
Make sure output.tf contains only output tags and main.tf contains resources tags
The following works just fine for me:
Main.tf
resource "azurerm_resource_group" "example" {
name = "resourceGroup1"
location = "West US"
}
resource "azurerm_public_ip" "example" {
name = "acceptanceTestPublicIp1"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
allocation_method = "Static"
tags = {
environment = "Production"
}
}
Output.tf
output "azurerm_public_ip" {
value = azurerm_public_ip.example.ip_address
}
In case you want to have a dependency between resources, use depends_on inside the resource tag.
For example:
depends_on = [azurerm_resource_group.example]
Steps to reproduce:
terraform init
terraform plan
terraform apply
terraform output
Update-
The reason you get blank public IP is since declaring allocation_method = "Dynamic"
From the docs:
Note Dynamic - Public IP Addresses aren't allocated until they're assigned to a
resource (such as a Virtual Machine or a Load Balancer) by design
within Azure.
Full working example with dynamic allocation.
I had the same issue. The actual problem seems to be the dynamic allocation. The IP address is not known until it is actually used by a VM.
In my case, I could solve the issue by adding the VM (azurerm_linux_virtual_machine.testvm) to the depends_on list in the data source:
data "azurerm_public_ip" "public_ip" {
name = "PublicIP"
resource_group_name = azurerm_resource_group.rg.name
depends_on = [ azurerm_public_ip.public_ip, azurerm_linux_virtual_machine.testvm ]
}
Unfortunately, this seems not to be documented in https://www.terraform.io/docs/providers/azurerm/d/public_ip.html
Problem statement
I am in the process to create an Azure VM cluster of windows os. till now I can create an Azure file share. and azure windows cluster. I want to attach file share created to each VM in my cluster. unable to find reference how to add same on windows VM.
code for this
resource "azurerm_storage_account" "main" {
name = "stor${var.environment}${var.cost_centre}${var.project}"
location = "${azurerm_resource_group.main.location}"
resource_group_name = "${azurerm_resource_group.main.name}"
account_tier = "${var.storage_account_tier}"
account_replication_type = "${var.storage_replication_type}"
}
resource "azurerm_storage_share" "main" {
name = "storageshare${var.environment}${var.cost_centre}${var.project}"
resource_group_name = "${azurerm_resource_group.main.name}"
storage_account_name = "${azurerm_storage_account.main.name}"
quota = "${var.storage_share_quota}"
}
resource "azurerm_virtual_machine" "vm" {
name = "vm-${var.location_id}-${var.environment}-${var.cost_centre}-${var.project}-${var.seq_id}-${count.index}"
location = "${azurerm_resource_group.main.location}"
resource_group_name = "${azurerm_resource_group.main.name}"
availability_set_id = "${azurerm_availability_set.main.id}"
vm_size = "${var.vm_size}"
network_interface_ids = ["${element(azurerm_network_interface.main.*.id, count.index)}"]
count = "${var.vm_count}"
storage_image_reference {
publisher = "${var.image_publisher}"
offer = "${var.image_offer}"
sku = "${var.image_sku}"
version = "${var.image_version}"
}
storage_os_disk {
name = "osdisk${count.index}"
create_option = "FromImage"
}
os_profile {
computer_name = "${var.vm_name}-${count.index}"
admin_username = "${var.admin_username}"
admin_password = "${var.admin_password}"
}
os_profile_windows_config {}
depends_on = ["azurerm_network_interface.main"]
}
Azure doesnt offer anything like that, so uou cannot do that natively, you need to create a script and run that script on the vm use script extension\dsc extension or if terraform supports that - with terraform.
https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-linux