in4it · glasswalk3r · Jan 10, 2023 · Jan 10, 2023 · Jan 10, 2023 · Jan 10, 2023
diff --git a/first-steps/.terraform.lock.hcl b/first-steps/.terraform.lock.hcl
diff --git a/first-steps/README.md b/first-steps/README.md
@@ -1,7 +1,14 @@
 # First steps
 
 ## Finding images
+
 ```
-az vm image list -p "Canonical"
+az vm image list --architecture x64 --location eastus --publisher Canonical --all --sku 22_04-lts-gen2
 az vm image list -p "Microsoft"
 ```
+
+## Known issues
+
+If the public IP is not retrieved after the first `terraform apply`, just hit
+`terraform refresh` in order to retrieve it and get the appropriate output.
+
diff --git a/first-steps/data.tf b/first-steps/data.tf
@@ -0,0 +1,10 @@
+data "http" "myip" {
+ url = "https://ifconfig.me/"
+
+ lifecycle {
+ postcondition {
+ condition = contains([200], self.status_code)
+ error_message = "Status code invalid: ${self.status_code}"
+ }
+ }
+}
diff --git a/first-steps/instance.tf b/first-steps/instance.tf
@@ -1,45 +1,34 @@
 # demo instance
-resource "azurerm_virtual_machine" "demo-instance" {
+resource "azurerm_linux_virtual_machine" "demo-instance" {
  name = "${var.prefix}-vm"
  location = var.location
  resource_group_name = azurerm_resource_group.demo.name
  network_interface_ids = [azurerm_network_interface.demo-instance.id]
- vm_size = "Standard_A1_v2"
+ size = "Standard_B1ls"
+ admin_username = var.vm_admin_user
 
- # this is a demo instance, so we can delete all data on termination
- delete_os_disk_on_termination = true
- delete_data_disks_on_termination = true
-
- storage_image_reference {
+ source_image_reference {
  publisher = "Canonical"
- offer = "UbuntuServer"
- sku  = "16.04-LTS"
+ sku  = "22_04-lts-gen2"
+ offer = "0001-com-ubuntu-server-jammy"
  version = "latest"
  }
- storage_os_disk {
- name = "myosdisk1"
- caching = "ReadWrite"
- create_option = "FromImage"
- managed_disk_type = "Standard_LRS"
- }
- os_profile {
- computer_name = "demo-instance"
- admin_username = "demo"
- #admin_password = "..."
+
+ os_disk {
+ caching = "ReadWrite"
+ storage_account_type = "Standard_LRS"
  }
- os_profile_linux_config {
- disable_password_authentication = true
- ssh_keys {
- key_data = file("mykey.pub")
- path = "/home/demo/.ssh/authorized_keys"
- }
+
+ admin_ssh_key {
+ public_key = file("${var.private_ssh_key}.pub")
+ username = var.vm_admin_user
  }
 }
 
 resource "azurerm_network_interface" "demo-instance" {
- name  = "${var.prefix}-instance1"
- location  = var.location
- resource_group_name  = azurerm_resource_group.demo.name
+ name = "${var.prefix}-instance1"
+ location = var.location
+ resource_group_name = azurerm_resource_group.demo.name
 
  ip_configuration {
  name = "instance1"
@@ -55,8 +44,8 @@ resource "azurerm_network_interface_security_group_association" "allow-ssh" {
 }
 
 resource "azurerm_public_ip" "demo-instance" {
-  name  = "instance1-public-ip"
-  location  = var.location
-  resource_group_name  = azurerm_resource_group.demo.name
-  allocation_method  = "Dynamic"
+ name = "instance1-public-ip"
+ location = var.location
+ resource_group_name = azurerm_resource_group.demo.name
+ allocation_method = "Dynamic"
 }
diff --git a/first-steps/network.tf b/first-steps/network.tf
@@ -1,4 +1,3 @@
-
 resource "azurerm_virtual_network" "demo" {
  name = "${var.prefix}-network"
  location = var.location
@@ -14,19 +13,31 @@ resource "azurerm_subnet" "demo-internal-1" {
 }
 
 resource "azurerm_network_security_group" "allow-ssh" {
- name = "${var.prefix}-allow-ssh"
- location = var.location
- resource_group_name = azurerm_resource_group.demo.name
+ name = "${var.prefix}-allow-ssh"
+ location = var.location
+ resource_group_name = azurerm_resource_group.demo.name
+
+ /*
+ Error: deleting Network Security Group "demo-allow-ssh" (Resource Group
+ "first-steps-demo"): network.SecurityGroupsClient#Delete: Failure sending
+ request: StatusCode=400 -- Original Error:
+ Code="NetworkSecurityGroupOldReferencesNotCleanedUp" Message="Network
+ security group demo-allow-ssh cannot be deleted because old references for
+ the following Nics:
+ */
+ depends_on = [
+ azurerm_network_interface.demo-instance
+ ]
 
-  security_rule {
-  name = "SSH"
-  priority = 1001
-  direction = "Inbound"
-  access = "Allow"
-  protocol = "Tcp"
-  source_port_range = "*"
-  destination_port_range = "22"
-  source_address_prefix = var.ssh-source-address
-  destination_address_prefix = "*"
-  }
+ security_rule {
+ name = "SSH"
+ priority = 1001
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_range = "*"
+ destination_port_range = "22"
+ source_address_prefix = "${data.http.myip.response_body}/32"
+ destination_address_prefix = "*"
+ }
 }
diff --git a/first-steps/outputs.tf b/first-steps/outputs.tf
@@ -0,0 +1,9 @@
+output "vm_public_ip" {
+ description = "The public IP address associated with the instance"
+ value = azurerm_public_ip.demo-instance.ip_address
+}
+
+output "ssh_connect_command" {
+ description = "The command line to connect to the VM with SSH"
+ value = "ssh -i ${var.private_ssh_key} ${azurerm_public_ip.demo-instance.ip_address} -l ${var.vm_admin_user}"
+}
diff --git a/first-steps/vars.tf b/first-steps/vars.tf
@@ -2,12 +2,20 @@ variable "location" {
  type = string
  default = "westeurope"
 }
+
 variable "prefix" {
  type = string
  default = "demo"
 }
 
-variable "ssh-source-address" {
- type = string
- default = "*"
+variable "private_ssh_key" {
+ type = string
+ description = "The path to the public SSH key to associate with the VM"
+ default = "mykey"
+}
+
+variable "vm_admin_user" {
+ type = string
+ description = "The name of the administrator user in the VM"
+ default = "adminuser"
 }
diff --git a/first-steps/versions.tf b/first-steps/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+ required_version = ">= 1.3.7"
+
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "3.38.0"
+ }
+ http = {
+ source = "hashicorp/http"
+ version = "3.2.1"
+ }
+ }
+}