-
Notifications
You must be signed in to change notification settings - Fork 5
/
main.tf
120 lines (113 loc) · 4.11 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# Configure the Azure Provider
# Values can be found by az login / az account get-access-token
provider "azurerm" {
version = "=1.44.0"
client_id = var.client_id
subscription_id = var.subscription_id
tenant_id = var.tenant_id
}
#Random 5 char string appended to the end of each name to avoid conflicts
resource "random_string" "random_name_post" {
length = 5
special = true
override_special = ""
min_lower = 5
}
resource "random_string" "random_psk_key" {
length = 16
special = false
override_special = ""
min_lower = 5
}
resource "random_string" "random_pass" {
length = 10
special = true
min_lower = 5
}
resource "azurerm_resource_group" "resource_group" {
name = "${var.cluster_name}-rsg-${random_string.random_name_post.result}"
location = var.region
}
# Create a virtual network within the resource group
resource "azurerm_virtual_network" "external_network" {
name = "${var.cluster_name}-vpc-${random_string.random_name_post.result}"
resource_group_name = azurerm_resource_group.resource_group.name
location = azurerm_resource_group.resource_group.location
address_space = var.external_address_space
}
resource "azurerm_subnet" "internal" {
name = "internal"
resource_group_name = azurerm_resource_group.resource_group.name
virtual_network_name = azurerm_virtual_network.external_network.name
address_prefix = "10.0.2.0/24"
}
resource "azurerm_network_interface" "main" {
name = "${var.cluster_name}-nic-${random_string.random_name_post.result}"
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
ip_configuration {
name = "${var.cluster_name}-IP-${random_string.random_name_post.result}"
subnet_id = azurerm_subnet.internal.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.public_ip.id
}
}
resource "azurerm_virtual_machine" "fgt-hub" {
name = "${var.cluster_name}-vm-${random_string.random_name_post.result}"
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
network_interface_ids = ["${azurerm_network_interface.main.id}"]
vm_size = var.hub_vm_size
delete_os_disk_on_termination = true
plan {
name = var.fgt_sku
publisher = "fortinet"
product = var.fgt_product
}
storage_image_reference {
publisher = "fortinet"
offer = var.fgt_product
sku = var.fgt_sku
version = var.fgt_version
}
storage_os_disk {
name = "osdisk1"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "FortiGateSecureAccess"
admin_username = var.admin_name
admin_password = var.admin_password == "" ? random_string.random_pass.result : var.admin_password
custom_data = data.template_file.setupFortiGate.rendered
}
os_profile_linux_config {
disable_password_authentication = false
}
}
resource "azurerm_public_ip" "public_ip" {
name = "PublicIPForFortiGate"
location = var.region
resource_group_name = azurerm_resource_group.resource_group.name
allocation_method = "Static"
}
output "ResourceGroup" {
value = azurerm_resource_group.resource_group.name
}
output "PskKey" {
value = data.template_file.setupFortiGate.vars.psk_key
}
output "PublicIP" {
value = "${join("", list("https://", "${azurerm_public_ip.public_ip.ip_address}", ":8443"))}"
}
output "AdminPassword" {
value = var.admin_password == "" ? random_string.random_pass.result : var.admin_password
}
output "AdminName" {
value = var.admin_name
}
output "EasyKey" {
value = base64encode("${data.template_file.easy_key_setup.rendered}")
description = "Use this key to in the Spoke setup to generate the VPN config."
}