first commit

README.md

@@ -0,0 +1,19 @@
+# Azure Terraform Labs (az-tfl)
+
+- Intended for quick evaluation of Azure services
+- Easy and quick creation and deletion
+- Parameterized deployments requiring only changes to terraform.tfvars (set variable values)
+- Opinionated deployments with cost optimization (use resource SKUs as required)
+- Each lab is self-contained within a folder at this level
+
+## DOs
+- Ensure that you read the README.md for each lab to understand the resources created and configuration (e.g. IP addresses).
+- Authenticate with Azure (e.g. Azure CLI or extend the Terraform code) prior to executing each lab.
+- Ensure that your account has adequate privileges on a subscription to create resources.
+- Destroy your resources after you've completed your tests/demos in order to minimize costs.
+
+## DON'Ts
+- Store credentials in plain-text and share them. For the purpose of these labs, credentials are stored in plain-text with the asumption that these labs are private.
+
+## TIP
+- Ideally, if you have an empty/test/lab subscription with Contributor role, you can safely run these labs.

az-tfl-single-vnet/README.md

@@ -0,0 +1,34 @@
+# Azure Terraform Lab - az-tfl-single-vnet
+
+**NOTE:** 
+- This Terraform Lab is intended for quick evaluation of a concept and should be ideally executed in a test/lab/empty susbcription with adequate privileges (e.g. Contributor role on the subscription).
+- This Lab does not authenticate with Azure. You must authenticate via other means (Azure CLI is quick and simple).
+
+## Resources created
+
+This Lab creates the following Azure resources:
+- 1 x Resource Group
+- 1 x Virtual Network
+- 2 x Subnets
+- 2 x Public IP Addresses (dynamic)
+- 2 x Private Network Interfaces
+- 2 x VMs (Oracle Linux) associated with public and private IPs and the following:
+    - qperf installed
+    - firewalld disabled
+
+## Use-Cases
+
+- Measure network performance (e.g. throughput, latency) between VMs in the same VNet and region
+
+## Topology
+
+![az-tfl-single-vnet](az-tfl-single-vnet.png)
+
+## Usage
+
+- Authenticate with Azure (e.g. Azure CLI) and switch to the appropriate subscription (az account set -s <subscription>)
+- Configure appropriate values for the variables in terraform.tfvars
+- ```terraform init```
+- ```terraform apply```
+- Evaluate/Test concepts
+- ```terraform destroy```

az-tfl-single-vnet/main.tf

@@ -0,0 +1,155 @@
+# cybergav.in - 3rd July 2021
+# This "Terraform Lab" creates the following:
+#   - 1 x Resource Group
+#   - 1 x Virtual Network
+#   - 2 x Subnets
+#   - 2 x VMs (Oracle Linux) with qperf installed and firewalld disabled and associated public and private IPs
+#
+# USE-CASE: Test network latency between endpoints in the same VNet. The VM SKU and settings will have a bearing on network performance.
+#
+#########################################################################################################################################
+#
+# Terraform Provider Configuration
+#
+terraform {
+  required_version = ">= 0.15"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "=2.58.0"
+    }
+  }
+}
+provider "azurerm" {
+  features {}
+}
+#
+# Locals
+#
+locals {
+custom_data = <<CUSTOM_DATA
+#!/bin/bash
+sudo dnf -y install qperf
+sudo systemctl stop firewalld 
+sudo systemctl disable firewalld 
+CUSTOM_DATA
+}
+#
+# Resource Group 
+#
+resource "azurerm_resource_group" "rg" {
+  name     = "${var.prefix}-rg"
+  location = var.location
+}
+#
+# Virtual Networks and Subnets
+#
+resource "azurerm_virtual_network" "vnet" {
+  name                = "${var.prefix}-vnet"
+  address_space       = ["10.100.0.0/16"]
+  location            = var.location
+  resource_group_name = azurerm_resource_group.rg.name
+  subnet {
+    name           = "${var.prefix}-snet1"
+    address_prefix = "10.100.1.0/24"
+  }
+  subnet {
+    name           = "${var.prefix}-snet2"
+    address_prefix = "10.100.2.0/24"
+  }
+}
+#
+# Public IPs
+#
+resource "azurerm_public_ip" "pip1" {
+  name                = "${var.prefix}-pip1"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = var.location
+  allocation_method   = "Dynamic"
+}
+resource "azurerm_public_ip" "pip2" {
+  name                = "${var.prefix}-pip2"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = var.location
+  allocation_method   = "Dynamic"
+}
+#
+# Virtual Machine NICs
+#
+resource "azurerm_network_interface" "vm1_nic" {
+  name                = "${var.prefix}-vm1-nic"
+  location            = var.location
+  resource_group_name = azurerm_resource_group.rg.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_virtual_network.vnet.subnet.*.id[0]
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = azurerm_public_ip.pip1.id
+  }
+}
+resource "azurerm_network_interface" "vm2_nic" {
+  name                = "${var.prefix}-vm2-nic"
+  location            = var.location
+  resource_group_name = azurerm_resource_group.rg.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_virtual_network.vnet.subnet.*.id[1]
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = azurerm_public_ip.pip2.id
+  }
+}
+#
+# Virtual Machines
+#
+resource "azurerm_linux_virtual_machine" "vm1" {
+  name                            = "${var.prefix}-vm1"
+  resource_group_name             = azurerm_resource_group.rg.name
+  location                        = var.location
+  size                            = "Standard_B1s"
+  admin_username                  = var.admin_username
+  admin_password                  = var.admin_password
+  disable_password_authentication = false
+  custom_data                     = base64encode(local.custom_data)
+  network_interface_ids = [
+    azurerm_network_interface.vm1_nic.id,
+  ]
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "oracle"
+    offer     = "oracle-linux"
+    sku       = "ol84-lvm-gen2"
+    version   = "latest"
+  }
+}
+resource "azurerm_linux_virtual_machine" "vm2" {
+  name                            = "${var.prefix}-vm2"
+  resource_group_name             = azurerm_resource_group.rg.name
+  location                        = var.location
+  size                            = "Standard_B1s"
+  admin_username                  = var.admin_username
+  admin_password                  = var.admin_password
+  disable_password_authentication = false
+  custom_data                     = base64encode(local.custom_data)
+  network_interface_ids = [
+    azurerm_network_interface.vm2_nic.id,
+  ]
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "oracle"
+    offer     = "oracle-linux"
+    sku       = "ol84-lvm-gen2"
+    version   = "latest"
+  }
+}

az-tfl-single-vnet/terraform.tfvars

@@ -0,0 +1,4 @@
+prefix         = "cg"
+location       = "canadacentral"
+admin_username = "iaadmin"
+admin_password = "I@Lab2021###"

az-tfl-single-vnet/variables.tf

@@ -0,0 +1,17 @@
+variable "prefix" {
+  type        = string
+  description = "(Required) Prefix to be used in names of all resources"
+}
+variable "location" {
+  type        = string
+  description = "(Required) Location of all resources and resource group"
+}
+variable "admin_username" {
+  type        = string
+  description = "(Required) Username for the admin user for SSH access"
+}
+variable "admin_password" {
+  type        = string
+  description = "(Required) Password for the admin user for SSH access"
+  sensitive   = true
+}