From 342d482775308dc8aa5d34d3afdb1d9930007476 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 10:37:26 +0800 Subject: [PATCH 1/4] Fix 301-hub-spoke --- quickstart/301-hub-spoke/hub-nva.tf | 174 +++++++++++++------------- quickstart/301-hub-spoke/variables.tf | 15 +-- 2 files changed, 95 insertions(+), 94 deletions(-) diff --git a/quickstart/301-hub-spoke/hub-nva.tf b/quickstart/301-hub-spoke/hub-nva.tf index 31c8ff30b..b2e52a608 100644 --- a/quickstart/301-hub-spoke/hub-nva.tf +++ b/quickstart/301-hub-spoke/hub-nva.tf @@ -1,81 +1,81 @@ locals { - prefix-hub-nva = "hub-nva" - hub-nva-location = "eastus" - hub-nva-resource-group = "hub-nva-rg" + prefix-hub-nva = "hub-nva" + hub-nva-location = "eastus" + hub-nva-resource-group = "hub-nva-rg" } resource "azurerm_resource_group" "hub-nva-rg" { - name = "${local.prefix-hub-nva}-rg" - location = local.hub-nva-location + name = "${local.prefix-hub-nva}-rg" + location = local.hub-nva-location - tags = { + tags = { environment = local.prefix-hub-nva - } + } } resource "azurerm_network_interface" "hub-nva-nic" { - name = "${local.prefix-hub-nva}-nic" - location = azurerm_resource_group.hub-nva-rg.location - resource_group_name = azurerm_resource_group.hub-nva-rg.name - enable_ip_forwarding = true + name = "${local.prefix-hub-nva}-nic" + location = azurerm_resource_group.hub-nva-rg.location + resource_group_name = azurerm_resource_group.hub-nva-rg.name + enable_ip_forwarding = true - ip_configuration { + ip_configuration { name = local.prefix-hub-nva subnet_id = azurerm_subnet.hub-dmz.id private_ip_address_allocation = "Static" private_ip_address = "10.0.0.36" - } + } - tags = { + tags = { environment = local.prefix-hub-nva - } + } } resource "azurerm_virtual_machine" "hub-nva-vm" { - name = "${local.prefix-hub-nva}-vm" - location = azurerm_resource_group.hub-nva-rg.location - resource_group_name = azurerm_resource_group.hub-nva-rg.name - network_interface_ids = [azurerm_network_interface.hub-nva-nic.id] - vm_size = var.vmsize + name = "${local.prefix-hub-nva}-vm" + location = azurerm_resource_group.hub-nva-rg.location + resource_group_name = azurerm_resource_group.hub-nva-rg.name + network_interface_ids = [azurerm_network_interface.hub-nva-nic.id] + vm_size = var.vmsize - storage_image_reference { + storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" - } + } - storage_os_disk { + storage_os_disk { name = "myosdisk1" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" - } + } - os_profile { + os_profile { computer_name = "${local.prefix-hub-nva}-vm" admin_username = var.username admin_password = var.password - } + } - os_profile_linux_config { + os_profile_linux_config { disable_password_authentication = false - } + } - tags = { + tags = { environment = local.prefix-hub-nva - } + } } resource "azurerm_virtual_machine_extension" "enable-routes" { - name = "enable-iptables-routes" - virtual_machine_id = azurerm_virtual_machine.hub-nva-vm.id - publisher = "Microsoft.Azure.Extensions" - type = "CustomScript" - type_handler_version = "2.0" + name = "enable-iptables-routes" + virtual_machine_id = azurerm_virtual_machine.hub-nva-vm.id + publisher = "Microsoft.Azure.Extensions" + type = "CustomScript" + type_handler_version = "2.0" - settings = < Date: Thu, 4 Jan 2024 14:44:46 +0800 Subject: [PATCH 2/4] update code --- quickstart/301-hub-spoke/.terraform.tfstate.lock.info | 1 + 1 file changed, 1 insertion(+) create mode 100644 quickstart/301-hub-spoke/.terraform.tfstate.lock.info diff --git a/quickstart/301-hub-spoke/.terraform.tfstate.lock.info b/quickstart/301-hub-spoke/.terraform.tfstate.lock.info new file mode 100644 index 000000000..20cb72e03 --- /dev/null +++ b/quickstart/301-hub-spoke/.terraform.tfstate.lock.info @@ -0,0 +1 @@ +{"ID":"8147c062-babb-a1f1-5201-3951289991e6","Operation":"OperationTypeApply","Info":"","Who":"FAREAST\\v-cheye@DESKTOP-CUHMO6U","Version":"1.6.5","Created":"2024-01-04T06:44:29.5623869Z","Path":"terraform.tfstate"} \ No newline at end of file From 7d1d7e5aa8176c378f822341e68f270e2b31f3d7 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Thu, 4 Jan 2024 14:45:41 +0800 Subject: [PATCH 3/4] update code --- quickstart/301-hub-spoke/.terraform.tfstate.lock.info | 1 - 1 file changed, 1 deletion(-) delete mode 100644 quickstart/301-hub-spoke/.terraform.tfstate.lock.info diff --git a/quickstart/301-hub-spoke/.terraform.tfstate.lock.info b/quickstart/301-hub-spoke/.terraform.tfstate.lock.info deleted file mode 100644 index 20cb72e03..000000000 --- a/quickstart/301-hub-spoke/.terraform.tfstate.lock.info +++ /dev/null @@ -1 +0,0 @@ -{"ID":"8147c062-babb-a1f1-5201-3951289991e6","Operation":"OperationTypeApply","Info":"","Who":"FAREAST\\v-cheye@DESKTOP-CUHMO6U","Version":"1.6.5","Created":"2024-01-04T06:44:29.5623869Z","Path":"terraform.tfstate"} \ No newline at end of file From 2c1569b0271f41db2cdbd4641c4b7755b20c8603 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Thu, 4 Jan 2024 16:12:59 +0800 Subject: [PATCH 4/4] update code --- quickstart/301-hub-spoke/hub-nva.tf | 2 +- quickstart/301-hub-spoke/hub-vnet.tf | 158 ++++++++++++------------- quickstart/301-hub-spoke/main.tf | 7 ++ quickstart/301-hub-spoke/on-prem.tf | 170 +++++++++++++-------------- quickstart/301-hub-spoke/spoke1.tf | 118 +++++++++---------- quickstart/301-hub-spoke/spoke2.tf | 124 +++++++++---------- 6 files changed, 293 insertions(+), 286 deletions(-) diff --git a/quickstart/301-hub-spoke/hub-nva.tf b/quickstart/301-hub-spoke/hub-nva.tf index b2e52a608..e7c34cc79 100644 --- a/quickstart/301-hub-spoke/hub-nva.tf +++ b/quickstart/301-hub-spoke/hub-nva.tf @@ -5,7 +5,7 @@ locals { } resource "azurerm_resource_group" "hub-nva-rg" { - name = "${local.prefix-hub-nva}-rg" + name = "${local.prefix-hub-nva}-rg-${random_string.name_suffix.result}" location = local.hub-nva-location tags = { diff --git a/quickstart/301-hub-spoke/hub-vnet.tf b/quickstart/301-hub-spoke/hub-vnet.tf index cd51c9903..f2af1390f 100644 --- a/quickstart/301-hub-spoke/hub-vnet.tf +++ b/quickstart/301-hub-spoke/hub-vnet.tf @@ -1,153 +1,153 @@ locals { - prefix-hub = "hub" - hub-location = "eastus" - hub-resource-group = "hub-vnet-rg" - shared-key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y" + prefix-hub = "hub" + hub-location = "eastus" + hub-resource-group = "hub-vnet-rg" + shared-key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y" } resource "azurerm_resource_group" "hub-vnet-rg" { - name = local.hub-resource-group - location = local.hub-location + name = "${local.hub-resource-group}-${random_string.name_suffix.result}" + location = local.hub-location } resource "azurerm_virtual_network" "hub-vnet" { - name = "${local.prefix-hub}-vnet" - location = azurerm_resource_group.hub-vnet-rg.location - resource_group_name = azurerm_resource_group.hub-vnet-rg.name - address_space = ["10.0.0.0/16"] + name = "${local.prefix-hub}-vnet" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + address_space = ["10.0.0.0/16"] - tags = { + tags = { environment = "hub-spoke" - } + } } resource "azurerm_subnet" "hub-gateway-subnet" { - name = "GatewaySubnet" - resource_group_name = azurerm_resource_group.hub-vnet-rg.name - virtual_network_name = azurerm_virtual_network.hub-vnet.name - address_prefixes = ["10.0.255.224/27"] + name = "GatewaySubnet" + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + address_prefixes = ["10.0.255.224/27"] } resource "azurerm_subnet" "hub-mgmt" { - name = "mgmt" - resource_group_name = azurerm_resource_group.hub-vnet-rg.name - virtual_network_name = azurerm_virtual_network.hub-vnet.name - address_prefixes = ["10.0.0.64/27"] + name = "mgmt" + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + address_prefixes = ["10.0.0.64/27"] } resource "azurerm_subnet" "hub-dmz" { - name = "dmz" - resource_group_name = azurerm_resource_group.hub-vnet-rg.name - virtual_network_name = azurerm_virtual_network.hub-vnet.name - address_prefixes = ["10.0.0.32/27"] + name = "dmz" + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + address_prefixes = ["10.0.0.32/27"] } resource "azurerm_network_interface" "hub-nic" { - name = "${local.prefix-hub}-nic" - location = azurerm_resource_group.hub-vnet-rg.location - resource_group_name = azurerm_resource_group.hub-vnet-rg.name - enable_ip_forwarding = true + name = "${local.prefix-hub}-nic" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + enable_ip_forwarding = true - ip_configuration { + ip_configuration { name = local.prefix-hub subnet_id = azurerm_subnet.hub-mgmt.id private_ip_address_allocation = "Dynamic" - } + } - tags = { + tags = { environment = local.prefix-hub - } + } } #Virtual Machine resource "azurerm_virtual_machine" "hub-vm" { - name = "${local.prefix-hub}-vm" - location = azurerm_resource_group.hub-vnet-rg.location - resource_group_name = azurerm_resource_group.hub-vnet-rg.name - network_interface_ids = [azurerm_network_interface.hub-nic.id] - vm_size = var.vmsize + name = "${local.prefix-hub}-vm" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + network_interface_ids = [azurerm_network_interface.hub-nic.id] + vm_size = var.vmsize - storage_image_reference { + storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" - } + } - storage_os_disk { + storage_os_disk { name = "myosdisk1" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" - } + } - os_profile { + os_profile { computer_name = "${local.prefix-hub}-vm" admin_username = var.username admin_password = var.password - } + } - os_profile_linux_config { + os_profile_linux_config { disable_password_authentication = false - } + } - tags = { + tags = { environment = local.prefix-hub - } + } } # Virtual Network Gateway resource "azurerm_public_ip" "hub-vpn-gateway1-pip" { - name = "hub-vpn-gateway1-pip" - location = azurerm_resource_group.hub-vnet-rg.location - resource_group_name = azurerm_resource_group.hub-vnet-rg.name + name = "hub-vpn-gateway1-pip" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name - allocation_method = "Dynamic" + allocation_method = "Dynamic" } resource "azurerm_virtual_network_gateway" "hub-vnet-gateway" { - name = "hub-vpn-gateway1" - location = azurerm_resource_group.hub-vnet-rg.location - resource_group_name = azurerm_resource_group.hub-vnet-rg.name + name = "hub-vpn-gateway1" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name - type = "Vpn" - vpn_type = "RouteBased" + type = "Vpn" + vpn_type = "RouteBased" - active_active = false - enable_bgp = false - sku = "VpnGw1" + active_active = false + enable_bgp = false + sku = "VpnGw1" - ip_configuration { + ip_configuration { name = "vnetGatewayConfig" public_ip_address_id = azurerm_public_ip.hub-vpn-gateway1-pip.id private_ip_address_allocation = "Dynamic" subnet_id = azurerm_subnet.hub-gateway-subnet.id - } - depends_on = [azurerm_public_ip.hub-vpn-gateway1-pip] + } + depends_on = [azurerm_public_ip.hub-vpn-gateway1-pip] } resource "azurerm_virtual_network_gateway_connection" "hub-onprem-conn" { - name = "hub-onprem-conn" - location = azurerm_resource_group.hub-vnet-rg.location - resource_group_name = azurerm_resource_group.hub-vnet-rg.name + name = "hub-onprem-conn" + location = azurerm_resource_group.hub-vnet-rg.location + resource_group_name = azurerm_resource_group.hub-vnet-rg.name - type = "Vnet2Vnet" - routing_weight = 1 + type = "Vnet2Vnet" + routing_weight = 1 - virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id - peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id + virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id + peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id - shared_key = local.shared-key + shared_key = local.shared-key } resource "azurerm_virtual_network_gateway_connection" "onprem-hub-conn" { - name = "onprem-hub-conn" - location = azurerm_resource_group.onprem-vnet-rg.location - resource_group_name = azurerm_resource_group.onprem-vnet-rg.name - type = "Vnet2Vnet" - routing_weight = 1 - virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id - peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id - - shared_key = local.shared-key + name = "onprem-hub-conn" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + type = "Vnet2Vnet" + routing_weight = 1 + virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id + peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id + + shared_key = local.shared-key } diff --git a/quickstart/301-hub-spoke/main.tf b/quickstart/301-hub-spoke/main.tf index 9397419ae..7af3ecf06 100644 --- a/quickstart/301-hub-spoke/main.tf +++ b/quickstart/301-hub-spoke/main.tf @@ -13,3 +13,10 @@ terraform { provider "azurerm" { features {} } + +resource "random_string" "name_suffix" { + length = 25 + lower = true + upper = true + special = false +} diff --git a/quickstart/301-hub-spoke/on-prem.tf b/quickstart/301-hub-spoke/on-prem.tf index fe7fa9a6a..9fb2d3f4d 100644 --- a/quickstart/301-hub-spoke/on-prem.tf +++ b/quickstart/301-hub-spoke/on-prem.tf @@ -1,154 +1,154 @@ locals { - onprem-location = "eastus" - onprem-resource-group = "onprem-vnet-rg" - prefix-onprem = "onprem" + onprem-location = "eastus" + onprem-resource-group = "onprem-vnet-rg" + prefix-onprem = "onprem" } resource "azurerm_resource_group" "onprem-vnet-rg" { - name = local.onprem-resource-group - location = local.onprem-location + name = "${local.onprem-resource-group}-${random_string.name_suffix.result}" + location = local.onprem-location } resource "azurerm_virtual_network" "onprem-vnet" { - name = "onprem-vnet" - location = azurerm_resource_group.onprem-vnet-rg.location - resource_group_name = azurerm_resource_group.onprem-vnet-rg.name - address_space = ["192.168.0.0/16"] + name = "onprem-vnet" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + address_space = ["192.168.0.0/16"] - tags = { + tags = { environment = local.prefix-onprem - } + } } resource "azurerm_subnet" "onprem-gateway-subnet" { - name = "GatewaySubnet" - resource_group_name = azurerm_resource_group.onprem-vnet-rg.name - virtual_network_name = azurerm_virtual_network.onprem-vnet.name - address_prefixes = ["192.168.255.224/27"] + name = "GatewaySubnet" + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + virtual_network_name = azurerm_virtual_network.onprem-vnet.name + address_prefixes = ["192.168.255.224/27"] } resource "azurerm_subnet" "onprem-mgmt" { - name = "mgmt" - resource_group_name = azurerm_resource_group.onprem-vnet-rg.name - virtual_network_name = azurerm_virtual_network.onprem-vnet.name - address_prefixes = ["192.168.1.128/25"] + name = "mgmt" + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + virtual_network_name = azurerm_virtual_network.onprem-vnet.name + address_prefixes = ["192.168.1.128/25"] } resource "azurerm_public_ip" "onprem-pip" { - name = "${local.prefix-onprem}-pip" - location = azurerm_resource_group.onprem-vnet-rg.location - resource_group_name = azurerm_resource_group.onprem-vnet-rg.name - allocation_method = "Dynamic" - - tags = { - environment = local.prefix-onprem - } + name = "${local.prefix-onprem}-pip" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + allocation_method = "Dynamic" + + tags = { + environment = local.prefix-onprem + } } resource "azurerm_network_interface" "onprem-nic" { - name = "${local.prefix-onprem}-nic" - location = azurerm_resource_group.onprem-vnet-rg.location - resource_group_name = azurerm_resource_group.onprem-vnet-rg.name - enable_ip_forwarding = true + name = "${local.prefix-onprem}-nic" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + enable_ip_forwarding = true - ip_configuration { + ip_configuration { name = local.prefix-onprem subnet_id = azurerm_subnet.onprem-mgmt.id private_ip_address_allocation = "Dynamic" public_ip_address_id = azurerm_public_ip.onprem-pip.id - } + } } # Create Network Security Group and rule resource "azurerm_network_security_group" "onprem-nsg" { - name = "${local.prefix-onprem}-nsg" - location = azurerm_resource_group.onprem-vnet-rg.location - resource_group_name = azurerm_resource_group.onprem-vnet-rg.name - - security_rule { - name = "SSH" - priority = 1001 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "22" - source_address_prefix = "*" - destination_address_prefix = "*" - } - - tags = { - environment = "onprem" - } + name = "${local.prefix-onprem}-nsg" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + + security_rule { + name = "SSH" + priority = 1001 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "22" + source_address_prefix = "*" + destination_address_prefix = "*" + } + + tags = { + environment = "onprem" + } } resource "azurerm_subnet_network_security_group_association" "mgmt-nsg-association" { - subnet_id = azurerm_subnet.onprem-mgmt.id - network_security_group_id = azurerm_network_security_group.onprem-nsg.id + subnet_id = azurerm_subnet.onprem-mgmt.id + network_security_group_id = azurerm_network_security_group.onprem-nsg.id } resource "azurerm_virtual_machine" "onprem-vm" { - name = "${local.prefix-onprem}-vm" - location = azurerm_resource_group.onprem-vnet-rg.location - resource_group_name = azurerm_resource_group.onprem-vnet-rg.name - network_interface_ids = [azurerm_network_interface.onprem-nic.id] - vm_size = var.vmsize + name = "${local.prefix-onprem}-vm" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + network_interface_ids = [azurerm_network_interface.onprem-nic.id] + vm_size = var.vmsize - storage_image_reference { + storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" - } + } - storage_os_disk { + storage_os_disk { name = "myosdisk1" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" - } + } - os_profile { + os_profile { computer_name = "${local.prefix-onprem}-vm" admin_username = var.username admin_password = var.password - } + } - os_profile_linux_config { + os_profile_linux_config { disable_password_authentication = false - } + } - tags = { + tags = { environment = local.prefix-onprem - } + } } resource "azurerm_public_ip" "onprem-vpn-gateway1-pip" { - name = "${local.prefix-onprem}-vpn-gateway1-pip" - location = azurerm_resource_group.onprem-vnet-rg.location - resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + name = "${local.prefix-onprem}-vpn-gateway1-pip" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name - allocation_method = "Dynamic" + allocation_method = "Dynamic" } resource "azurerm_virtual_network_gateway" "onprem-vpn-gateway" { - name = "onprem-vpn-gateway1" - location = azurerm_resource_group.onprem-vnet-rg.location - resource_group_name = azurerm_resource_group.onprem-vnet-rg.name + name = "onprem-vpn-gateway1" + location = azurerm_resource_group.onprem-vnet-rg.location + resource_group_name = azurerm_resource_group.onprem-vnet-rg.name - type = "Vpn" - vpn_type = "RouteBased" + type = "Vpn" + vpn_type = "RouteBased" - active_active = false - enable_bgp = false - sku = "VpnGw1" + active_active = false + enable_bgp = false + sku = "VpnGw1" - ip_configuration { + ip_configuration { name = "vnetGatewayConfig" public_ip_address_id = azurerm_public_ip.onprem-vpn-gateway1-pip.id private_ip_address_allocation = "Dynamic" subnet_id = azurerm_subnet.onprem-gateway-subnet.id - } - depends_on = [azurerm_public_ip.onprem-vpn-gateway1-pip] + } + depends_on = [azurerm_public_ip.onprem-vpn-gateway1-pip] -} \ No newline at end of file +} diff --git a/quickstart/301-hub-spoke/spoke1.tf b/quickstart/301-hub-spoke/spoke1.tf index adb36d420..e88ad3067 100644 --- a/quickstart/301-hub-spoke/spoke1.tf +++ b/quickstart/301-hub-spoke/spoke1.tf @@ -1,109 +1,109 @@ locals { - spoke1-location = "eastus" - spoke1-resource-group = "spoke1-vnet-rg" - prefix-spoke1 = "spoke1" + spoke1-location = "eastus" + spoke1-resource-group = "spoke1-vnet-rg" + prefix-spoke1 = "spoke1" } resource "azurerm_resource_group" "spoke1-vnet-rg" { - name = local.spoke1-resource-group - location = local.spoke1-location + name = "${local.spoke1-resource-group}-${random_string.name_suffix.result}" + location = local.spoke1-location } resource "azurerm_virtual_network" "spoke1-vnet" { - name = "spoke1-vnet" - location = azurerm_resource_group.spoke1-vnet-rg.location - resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name - address_space = ["10.1.0.0/16"] + name = "spoke1-vnet" + location = azurerm_resource_group.spoke1-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + address_space = ["10.1.0.0/16"] - tags = { + tags = { environment = local.prefix-spoke1 - } + } } resource "azurerm_subnet" "spoke1-mgmt" { - name = "mgmt" - resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name - virtual_network_name = azurerm_virtual_network.spoke1-vnet.name - address_prefixes = ["10.1.0.64/27"] + name = "mgmt" + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke1-vnet.name + address_prefixes = ["10.1.0.64/27"] } resource "azurerm_subnet" "spoke1-workload" { - name = "workload" - resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name - virtual_network_name = azurerm_virtual_network.spoke1-vnet.name - address_prefixes = ["10.1.1.0/24"] + name = "workload" + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke1-vnet.name + address_prefixes = ["10.1.1.0/24"] } resource "azurerm_virtual_network_peering" "spoke1-hub-peer" { - name = "spoke1-hub-peer" - resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name - virtual_network_name = azurerm_virtual_network.spoke1-vnet.name - remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id - - allow_virtual_network_access = true - allow_forwarded_traffic = true - allow_gateway_transit = false - use_remote_gateways = true - depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet , azurerm_virtual_network_gateway.hub-vnet-gateway] + name = "spoke1-hub-peer" + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke1-vnet.name + remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id + + allow_virtual_network_access = true + allow_forwarded_traffic = true + allow_gateway_transit = false + use_remote_gateways = true + depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] } resource "azurerm_network_interface" "spoke1-nic" { - name = "${local.prefix-spoke1}-nic" - location = azurerm_resource_group.spoke1-vnet-rg.location - resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name - enable_ip_forwarding = true + name = "${local.prefix-spoke1}-nic" + location = azurerm_resource_group.spoke1-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + enable_ip_forwarding = true - ip_configuration { + ip_configuration { name = local.prefix-spoke1 subnet_id = azurerm_subnet.spoke1-mgmt.id private_ip_address_allocation = "Dynamic" - } + } } resource "azurerm_virtual_machine" "spoke1-vm" { - name = "${local.prefix-spoke1}-vm" - location = azurerm_resource_group.spoke1-vnet-rg.location - resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name - network_interface_ids = [azurerm_network_interface.spoke1-nic.id] - vm_size = var.vmsize + name = "${local.prefix-spoke1}-vm" + location = azurerm_resource_group.spoke1-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name + network_interface_ids = [azurerm_network_interface.spoke1-nic.id] + vm_size = var.vmsize - storage_image_reference { + storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" - } + } - storage_os_disk { + storage_os_disk { name = "myosdisk1" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" - } + } - os_profile { + os_profile { computer_name = "${local.prefix-spoke1}-vm" admin_username = var.username admin_password = var.password - } + } - os_profile_linux_config { + os_profile_linux_config { disable_password_authentication = false - } + } - tags = { + tags = { environment = local.prefix-spoke1 - } + } } resource "azurerm_virtual_network_peering" "hub-spoke1-peer" { - name = "hub-spoke1-peer" - resource_group_name = azurerm_resource_group.hub-vnet-rg.name - virtual_network_name = azurerm_virtual_network.hub-vnet.name - remote_virtual_network_id = azurerm_virtual_network.spoke1-vnet.id - allow_virtual_network_access = true - allow_forwarded_traffic = true - allow_gateway_transit = true - use_remote_gateways = false - depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] + name = "hub-spoke1-peer" + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + remote_virtual_network_id = azurerm_virtual_network.spoke1-vnet.id + allow_virtual_network_access = true + allow_forwarded_traffic = true + allow_gateway_transit = true + use_remote_gateways = false + depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] } diff --git a/quickstart/301-hub-spoke/spoke2.tf b/quickstart/301-hub-spoke/spoke2.tf index bfb114017..9f6c4c5ce 100644 --- a/quickstart/301-hub-spoke/spoke2.tf +++ b/quickstart/301-hub-spoke/spoke2.tf @@ -1,113 +1,113 @@ locals { - spoke2-location = "eastus" - spoke2-resource-group = "spoke2-vnet-rg" - prefix-spoke2 = "spoke2" + spoke2-location = "eastus" + spoke2-resource-group = "spoke2-vnet-rg" + prefix-spoke2 = "spoke2" } resource "azurerm_resource_group" "spoke2-vnet-rg" { - name = local.spoke2-resource-group - location = local.spoke2-location + name = "${local.spoke2-resource-group}-${random_string.name_suffix.result}" + location = local.spoke2-location } resource "azurerm_virtual_network" "spoke2-vnet" { - name = "${local.prefix-spoke2}-vnet" - location = azurerm_resource_group.spoke2-vnet-rg.location - resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name - address_space = ["10.2.0.0/16"] + name = "${local.prefix-spoke2}-vnet" + location = azurerm_resource_group.spoke2-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + address_space = ["10.2.0.0/16"] - tags = { + tags = { environment = local.prefix-spoke2 - } + } } resource "azurerm_subnet" "spoke2-mgmt" { - name = "mgmt" - resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name - virtual_network_name = azurerm_virtual_network.spoke2-vnet.name - address_prefixes = ["10.2.0.64/27"] + name = "mgmt" + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke2-vnet.name + address_prefixes = ["10.2.0.64/27"] } resource "azurerm_subnet" "spoke2-workload" { - name = "workload" - resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name - virtual_network_name = azurerm_virtual_network.spoke2-vnet.name - address_prefixes = ["10.2.1.0/24"] + name = "workload" + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke2-vnet.name + address_prefixes = ["10.2.1.0/24"] } resource "azurerm_virtual_network_peering" "spoke2-hub-peer" { - name = "${local.prefix-spoke2}-hub-peer" - resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name - virtual_network_name = azurerm_virtual_network.spoke2-vnet.name - remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id - - allow_virtual_network_access = true - allow_forwarded_traffic = true - allow_gateway_transit = false - use_remote_gateways = true - depends_on = [azurerm_virtual_network.spoke2-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] + name = "${local.prefix-spoke2}-hub-peer" + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + virtual_network_name = azurerm_virtual_network.spoke2-vnet.name + remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id + + allow_virtual_network_access = true + allow_forwarded_traffic = true + allow_gateway_transit = false + use_remote_gateways = true + depends_on = [azurerm_virtual_network.spoke2-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] } resource "azurerm_network_interface" "spoke2-nic" { - name = "${local.prefix-spoke2}-nic" - location = azurerm_resource_group.spoke2-vnet-rg.location - resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name - enable_ip_forwarding = true + name = "${local.prefix-spoke2}-nic" + location = azurerm_resource_group.spoke2-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + enable_ip_forwarding = true - ip_configuration { + ip_configuration { name = local.prefix-spoke2 subnet_id = azurerm_subnet.spoke2-mgmt.id private_ip_address_allocation = "Dynamic" - } + } - tags = { + tags = { environment = local.prefix-spoke2 - } + } } resource "azurerm_virtual_machine" "spoke2-vm" { - name = "${local.prefix-spoke2}-vm" - location = azurerm_resource_group.spoke2-vnet-rg.location - resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name - network_interface_ids = [azurerm_network_interface.spoke2-nic.id] - vm_size = var.vmsize + name = "${local.prefix-spoke2}-vm" + location = azurerm_resource_group.spoke2-vnet-rg.location + resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name + network_interface_ids = [azurerm_network_interface.spoke2-nic.id] + vm_size = var.vmsize - storage_image_reference { + storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" - } + } - storage_os_disk { + storage_os_disk { name = "myosdisk1" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" - } + } - os_profile { + os_profile { computer_name = "${local.prefix-spoke2}-vm" admin_username = var.username admin_password = var.password - } + } - os_profile_linux_config { + os_profile_linux_config { disable_password_authentication = false - } + } - tags = { + tags = { environment = local.prefix-spoke2 - } + } } resource "azurerm_virtual_network_peering" "hub-spoke2-peer" { - name = "hub-spoke2-peer" - resource_group_name = azurerm_resource_group.hub-vnet-rg.name - virtual_network_name = azurerm_virtual_network.hub-vnet.name - remote_virtual_network_id = azurerm_virtual_network.spoke2-vnet.id - allow_virtual_network_access = true - allow_forwarded_traffic = true - allow_gateway_transit = true - use_remote_gateways = false - depends_on = [azurerm_virtual_network.spoke2-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] -} \ No newline at end of file + name = "hub-spoke2-peer" + resource_group_name = azurerm_resource_group.hub-vnet-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + remote_virtual_network_id = azurerm_virtual_network.spoke2-vnet.id + allow_virtual_network_access = true + allow_forwarded_traffic = true + allow_gateway_transit = true + use_remote_gateways = false + depends_on = [azurerm_virtual_network.spoke2-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] +}