From f2ad18b14d92af3a8a445ee040a45d96ca6af356 Mon Sep 17 00:00:00 2001
From: Rob Genova <rcgenova@gmail.com>
Date: Wed, 15 Nov 2017 19:37:32 +0000
Subject: [PATCH] update Azure Terraform configs

---
 terraform/azure/env/EastUS/main.tf            |  41 ++-
 terraform/azure/env/EastUS/terraform.tfvars   |   6 +-
 .../azure/modules/hashistack/hashistack.tf    | 243 ++++++++++++++----
 3 files changed, 231 insertions(+), 59 deletions(-)

diff --git a/terraform/azure/env/EastUS/main.tf b/terraform/azure/env/EastUS/main.tf
index 2e942cb4a..8ed85f40b 100644
--- a/terraform/azure/env/EastUS/main.tf
+++ b/terraform/azure/env/EastUS/main.tf
@@ -33,11 +33,38 @@ provider "azurerm" {}
 module "hashistack" {
   source = "../../modules/hashistack"
 
-  location          = "${var.location}"
-  image_id          = "${var.image_id}"
-  vm_size           = "${var.vm_size}"
-  server_count      = "${var.server_count}"
-  client_count      = "${var.client_count}"
-  retry_join        = "${var.retry_join}"
-
+  location     = "${var.location}"
+  image_id     = "${var.image_id}"
+  vm_size      = "${var.vm_size}"
+  server_count = "${var.server_count}"
+  client_count = "${var.client_count}"
+  retry_join   = "${var.retry_join}"
+}
+
+output "IP_Addresses" {
+  value = <<CONFIGURATION
+
+Client public IPs: ${join(", ", module.hashistack.client_public_ips)}
+Server public IPs: ${join(", ", module.hashistack.server_public_ips)}
+
+To connect, add your private key and SSH into any client or server with
+`ssh ubuntu@PUBLIC_IP`. You can test the integrity of the cluster by running:
+
+  $ consul members
+  $ nomad server-members
+  $ nomad node-status
+
+If you see an error message like the following when running any of the above
+commands, it usuallly indicates that the configuration script has not finished
+executing:
+
+"Error querying servers: Get http://127.0.0.1:4646/v1/agent/members: dial tcp
+127.0.0.1:4646: getsockopt: connection refused"
+
+Simply wait a few seconds and rerun the command if this occurs.
+
+The Nomad UI can be accessed at http://PUBLIC_IP:4646/ui.
+The Consul UI can be accessed at http://PUBLIC_IP:8500/ui.
+
+CONFIGURATION
 }
diff --git a/terraform/azure/env/EastUS/terraform.tfvars b/terraform/azure/env/EastUS/terraform.tfvars
index 84ab115b9..acb207190 100644
--- a/terraform/azure/env/EastUS/terraform.tfvars
+++ b/terraform/azure/env/EastUS/terraform.tfvars
@@ -1,6 +1,6 @@
 location = "East US"
-image_id = "/subscriptions/b17f85b7-b38e-4ef3-915b-5c48d62ef8a9/resourceGroups/NOMAD/providers/Microsoft.Compute/images/nomad"
+image_id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/PACKER/providers/Microsoft.Compute/images/hashistack"
 vm_size = "Standard_DS1_v2"
 server_count = 1
-client_count = 0
-retry_join = "provider=azure tag_name=ConsulAutoJoin tag_value=auto-join subscription_id=b17f85b7-b38e-4ef3-915b-5c48d62ef8a9 tenant_id=8569085f-ec04-4de6-81b3-933c9996743f client_id=086ca52d-754d-4269-8c32-b9ccd73cb8a0 secret_access_key=3f17d076-e318-478d-a708-c694de3fef6c"
+client_count = 4
+retry_join = "provider=azure tag_name=ConsulAutoJoin tag_value=auto-join subscription_id=SUBSCRIPTION_ID tenant_id=TENANT_ID client_id=CLIENT_ID secret_access_key=CLIENT_SECRET"
diff --git a/terraform/azure/modules/hashistack/hashistack.tf b/terraform/azure/modules/hashistack/hashistack.tf
index 81f7451a6..4e46ee5b1 100644
--- a/terraform/azure/modules/hashistack/hashistack.tf
+++ b/terraform/azure/modules/hashistack/hashistack.tf
@@ -5,65 +5,125 @@ variable "server_count" {}
 variable "client_count" {}
 variable "retry_join" {}
 
-resource "azurerm_resource_group" "nomad-rg" {
-  name     = "nomad-rg"
-  location = "East US"
-}
-
-resource "azurerm_virtual_network" "nomad-vn" {
-  name                = "nomad-vn"
-  address_space       = ["10.0.0.0/16"]
-  location            = "East US"
-  resource_group_name = "${azurerm_resource_group.nomad-rg.name}"
-}
-
-resource "azurerm_subnet" "nomad-sn" {
-  name                 = "nomad-sn"
-  resource_group_name  = "${azurerm_resource_group.nomad-rg.name}"
-  virtual_network_name = "${azurerm_virtual_network.nomad-vn.name}"
-  address_prefix       = "10.0.2.0/24"
-}
-
-resource "azurerm_network_interface" "nomad-ni" {
-  name                = "nomad-ni"
-  location            = "East US"
-  resource_group_name = "${azurerm_resource_group.nomad-rg.name}"
-
-  ip_configuration {
-    name                          = "nomad-ipc"
-    subnet_id                     = "${azurerm_subnet.nomad-sn.id}"
-    private_ip_address_allocation = "dynamic"
-  }
-}
-
-resource "azurerm_managed_disk" "test" {
-  name                 = "datadisk_existing"
-  location             = "East US"
-  resource_group_name  = "${azurerm_resource_group.nomad-rg.name}"
-  storage_account_type = "Standard_LRS"
-  create_option        = "Empty"
-  disk_size_gb         = "1023"
-}
-
 resource "tls_private_key" "main" {
   algorithm = "RSA"
 }
 
 resource "null_resource" "main" {
   provisioner "local-exec" {
-    command = "echo \"${tls_private_key.main.private_key_pem}\" > azure-nomad.pem"
+    command = "echo \"${tls_private_key.main.private_key_pem}\" > azure-hashistack.pem"
   }
 
   provisioner "local-exec" {
-    command = "chmod 600 azure-nomad.pem"
+    command = "chmod 600 azure-hashistack.pem"
+  }
+}
+
+resource "azurerm_resource_group" "hashistack" {
+  name     = "hashistack"
+  location = "${var.location}"
+}
+
+resource "azurerm_virtual_network" "hashistack-vn" {
+  name                = "hashistack-vn"
+  address_space       = ["10.0.0.0/16"]
+  location            = "${var.location}"
+  resource_group_name = "${azurerm_resource_group.hashistack.name}"
+}
+
+resource "azurerm_subnet" "hashistack-sn" {
+  name                 = "hashistack-sn"
+  resource_group_name  = "${azurerm_resource_group.hashistack.name}"
+  virtual_network_name = "${azurerm_virtual_network.hashistack-vn.name}"
+  address_prefix       = "10.0.2.0/24"
+}
+
+resource "azurerm_network_security_group" "hashistack-sg" {
+  name                = "hashistack-sg"
+  location            = "${var.location}"
+  resource_group_name = "${azurerm_resource_group.hashistack.name}"
+}
+
+resource "azurerm_network_security_rule" "hashistack-sgr-22" {
+  name                        = "hashistack-sgr-22"
+  resource_group_name         = "${azurerm_resource_group.hashistack.name}"
+  network_security_group_name = "${azurerm_network_security_group.hashistack-sg.name}"
+
+  priority  = 100
+  direction = "Inbound"
+  access    = "Allow"
+  protocol  = "Tcp"
+
+  source_address_prefix      = "*"
+  source_port_range          = "*"
+  destination_port_range     = "22"
+  destination_address_prefix = "*"
+}
+
+resource "azurerm_network_security_rule" "hashistack-sgr-4646" {
+  name                        = "hashistack-sgr-4646"
+  resource_group_name         = "${azurerm_resource_group.hashistack.name}"
+  network_security_group_name = "${azurerm_network_security_group.hashistack-sg.name}"
+
+  priority  = 101
+  direction = "Inbound"
+  access    = "Allow"
+  protocol  = "Tcp"
+
+  source_address_prefix      = "*"
+  source_port_range          = "*"
+  destination_port_range     = "4646"
+  destination_address_prefix = "*"
+}
+
+resource "azurerm_network_security_rule" "hashistack-sgr-8500" {
+  name                        = "hashistack-sgr-8500"
+  resource_group_name         = "${azurerm_resource_group.hashistack.name}"
+  network_security_group_name = "${azurerm_network_security_group.hashistack-sg.name}"
+
+  priority  = 102
+  direction = "Inbound"
+  access    = "Allow"
+  protocol  = "Tcp"
+
+  source_address_prefix      = "*"
+  source_port_range          = "*"
+  destination_port_range     = "8500"
+  destination_address_prefix = "*"
+}
+
+resource "azurerm_public_ip" "hashistack-server-public-ip" {
+  count                        = "${var.server_count}"
+  name                         = "hashistack-server-ip-${count.index}"
+  location                     = "${var.location}"
+  resource_group_name          = "${azurerm_resource_group.hashistack.name}"
+  public_ip_address_allocation = "static"
+}
+
+resource "azurerm_network_interface" "hashistack-server-ni" {
+  count                     = "${var.server_count}"
+  name                      = "hashistack-server-ni-${count.index}"
+  location                  = "${var.location}"
+  resource_group_name       = "${azurerm_resource_group.hashistack.name}"
+  network_security_group_id = "${azurerm_network_security_group.hashistack-sg.id}"
+
+  ip_configuration {
+    name                          = "hashistack-ipc"
+    subnet_id                     = "${azurerm_subnet.hashistack-sn.id}"
+    private_ip_address_allocation = "dynamic"
+    public_ip_address_id          = "${element(azurerm_public_ip.hashistack-server-public-ip.*.id,count.index)}"
+  }
+
+  tags {
+    ConsulAutoJoin = "auto-join"
   }
 }
 
 resource "azurerm_virtual_machine" "server" {
   name                  = "hashistack-server-${count.index}"
-  location              = "East US"
-  resource_group_name   = "${azurerm_resource_group.nomad-rg.name}"
-  network_interface_ids = ["${azurerm_network_interface.nomad-ni.id}"]
+  location              = "${var.location}"
+  resource_group_name   = "${azurerm_resource_group.hashistack.name}"
+  network_interface_ids = ["${element(azurerm_network_interface.hashistack-server-ni.*.id,count.index)}"]
   vm_size               = "${var.vm_size}"
   count                 = "${var.server_count}"
 
@@ -78,7 +138,7 @@ resource "azurerm_virtual_machine" "server" {
   }
 
   storage_os_disk {
-    name              = "nomad-osdisk1"
+    name              = "hashistack-server-osdisk-${count.index}"
     caching           = "ReadWrite"
     create_option     = "FromImage"
     managed_disk_type = "Standard_LRS"
@@ -105,8 +165,93 @@ data "template_file" "user_data_server" {
   template = "${file("${path.root}/user-data-server.sh")}"
 
   vars {
-    server_count      = "${var.server_count}"
-    location          = "${var.location}"
-    retry_join        = "${var.retry_join}"
+    server_count = "${var.server_count}"
+    retry_join   = "${var.retry_join}"
   }
 }
+
+resource "azurerm_public_ip" "hashistack-client-public-ip" {
+  count                        = "${var.client_count}"
+  name                         = "hashistack-client-ip-${count.index}"
+  location                     = "${var.location}"
+  resource_group_name          = "${azurerm_resource_group.hashistack.name}"
+  public_ip_address_allocation = "static"
+}
+
+resource "azurerm_network_interface" "hashistack-client-ni" {
+  count                     = "${var.client_count}"
+  name                      = "hashistack-client-ni-${count.index}"
+  location                  = "${var.location}"
+  resource_group_name       = "${azurerm_resource_group.hashistack.name}"
+  network_security_group_id = "${azurerm_network_security_group.hashistack-sg.id}"
+
+  ip_configuration {
+    name                          = "hashistack-ipc"
+    subnet_id                     = "${azurerm_subnet.hashistack-sn.id}"
+    private_ip_address_allocation = "dynamic"
+    public_ip_address_id          = "${element(azurerm_public_ip.hashistack-client-public-ip.*.id,count.index)}"
+  }
+
+  tags {
+    ConsulAutoJoin = "auto-join"
+  }
+}
+
+resource "azurerm_virtual_machine" "client" {
+  name                  = "hashistack-client-${count.index}"
+  location              = "${var.location}"
+  resource_group_name   = "${azurerm_resource_group.hashistack.name}"
+  network_interface_ids = ["${element(azurerm_network_interface.hashistack-client-ni.*.id,count.index)}"]
+  vm_size               = "${var.vm_size}"
+  count                 = "${var.client_count}"
+  depends_on            = ["azurerm_virtual_machine.server"]
+
+  # Uncomment this line to delete the OS disk automatically when deleting the VM
+  delete_os_disk_on_termination = true
+
+  # Uncomment this line to delete the data disks automatically when deleting the VM
+  delete_data_disks_on_termination = true
+
+  storage_image_reference {
+    id = "${var.image_id}"
+  }
+
+  storage_os_disk {
+    name              = "hashistack-client-osdisk-${count.index}"
+    caching           = "ReadWrite"
+    create_option     = "FromImage"
+    managed_disk_type = "Standard_LRS"
+  }
+
+  os_profile {
+    computer_name  = "hashistack-client-${count.index}"
+    admin_username = "ubuntu"
+    admin_password = "none"
+    custom_data    = "${base64encode(data.template_file.user_data_client.rendered)}"
+  }
+
+  os_profile_linux_config {
+    disable_password_authentication = true
+
+    ssh_keys {
+      path     = "/home/ubuntu/.ssh/authorized_keys"
+      key_data = "${tls_private_key.main.public_key_openssh}"
+    }
+  }
+}
+
+data "template_file" "user_data_client" {
+  template = "${file("${path.root}/user-data-client.sh")}"
+
+  vars {
+    retry_join = "${var.retry_join}"
+  }
+}
+
+output "server_public_ips" {
+  value = ["${azurerm_public_ip.hashistack-server-public-ip.*.ip_address}"]
+}
+
+output "client_public_ips" {
+  value = ["${azurerm_public_ip.hashistack-client-public-ip.*.ip_address}"]
+}