Just a simple demo where I show case integration with GitHub Actions, Terraform Cloud and ARM Templates inside terraform using azurerm_resource_group_template_deployment.
It is set Azure Government, but it should in Azure Commercial as well.
It creates the following resources:
- A new Resource Group.
- A Storage Account.
- A Windows VM.
- A RedHat VM.
- A VNet.
- 2 subnets to host the RedHat and the Windows VMs.
- 2 subnets public and private dedicated to DataBricks Cluster.
- A Network Security Groups with SSH and RDP access.
- A Network Security Group dedicated to the DataBricks Cluster.
- A DataBricks Workspace with VNet injection.
This project has the following files which make them easy to reuse, add or remove.
├── LICENSE
├── README.md
├── devRHVM.tf
├── devWinVM.tf
├── main.tf
├── networking.tf
├── outputs.tf
├── run.plan
├── security.tf
├── storage.tf
├── variables.tf
├── variablesDevRHVM.tf
├── variablesDevWinVM.tf
├── variablesNetwork.tf
├── variablesSecurity.tf
├── variablesStorage.tf
├── variablesWorkspace.tf
├── workspace.json
└── workspace.tf
Most common parameters are exposed as variables in variables*.tf files.
It is assumed that you have azure CLI and Terraform installed and configured. More information on this topic here. I recommend using a Service Principal with a certificate.
This terraform script has been tested using the following versions:
- Terraform =>0.14.0
- Azure provider 2.38.0
- Azure CLI 2.16.0
Linux uses key based authentication and it assumes you already have a key and you can configure the path using the devRHPublicKey variable in variablesDevRHVM.tf You can create one using this command:
ssh-keygen -t rsa -b 4096 -m PEM -C vm@mydomain.com -f ~/.ssh/vm_ssh
and set it using this approach:
export TF_VAR_devRHPublicKey=`cat ~/.ssh/vm_ssh.pub`
Windows authentication uses user name and password. It is not recommended setting these values in terraform scripts. You can set them as Environment variables. More information about this approach can be found here. These are the recommended variables that you should set up using this approach:
export TF_VAR_devWinUserName={{VMUSER}}
export TF_VAR_windowsPassword={{VMPASSWORD}}
You can also setup all these values as secrets in GitHub Actions.
Just run these commands to initialize terraform, get a plan and approve it to apply it.
terraform fmt
terraform init
terraform validate
terraform plan
terraform apply
I also recommend using a remote state instead of a local one. You can change this configuration in main.tf
You can create a free Terraform Cloud account here.
It will destroy everything that was created.
terraform destroy --force
Be aware that by running this script your account might get billed.
- Marcelo Zambrana