Region #2

ardacetinkaya · Jul 26, 2021 · c24572d · c24572d
1 parent 93726ff
commit c24572d
Show file tree

Hide file tree

Showing 19 changed files with 314 additions and 23 deletions.
diff --git a/1-load-balancers.tf b/1-load-balancers.tf
@@ -6,6 +6,6 @@ resource "azurerm_lb" "region_01_load_balancer_01" {
 
   frontend_ip_configuration {
     name                 = "PublicIPAddress"
-    public_ip_address_id = azurerm_public_ip.public_ip_01.id
+    public_ip_address_id = azurerm_public_ip.region_01_public_ip_01.id
   }
 }
diff --git a/1-public-ips.tf b/1-public-ips.tf
@@ -1,21 +1,21 @@
-resource "azurerm_public_ip" "public_ip_01" {
+resource "azurerm_public_ip" "region_01_public_ip_01" {
   name                = "public-ip-01"
   location            = azurerm_resource_group.region_01.location
   resource_group_name = azurerm_resource_group.region_01.name
   allocation_method   = "Static"
-  domain_name_label   = random_string.fqdn.result
+  domain_name_label   = random_string.region_01_fqdn.result
   sku                 = "Standard"
 
 }
 
-resource "random_string" "fqdn" {
+resource "random_string" "region_01_fqdn" {
   length  = 6
   special = false
   upper   = false
   number  = false
 }
 
-resource "azurerm_public_ip" "public_ip_02" {
+resource "azurerm_public_ip" "region_01_public_ip_02" {
   name                = "public-ip-02"
   location            = azurerm_resource_group.region_01.location
   resource_group_name = azurerm_resource_group.region_01.name

diff --git a/1-vm-scale-sets.tf b/1-vm-scale-sets.tf
@@ -33,15 +33,4 @@ resource "azurerm_windows_virtual_machine_scale_set" "region_01_vm_scale_set_01"
       load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.region_01_load_balancer_01_backend_address_pool_01.id]
     }
   }
-}
-
-resource "azurerm_virtual_machine_scale_set_extension" "region_01_vm_scale_set_01_extension_01" {
-  name                         = "vm-scale-set-01-extension-01"
-  virtual_machine_scale_set_id = azurerm_windows_virtual_machine_scale_set.region_01_vm_scale_set_01.id
-  publisher                    = "Microsoft.Azure.Extensions"
-  type                         = "CustomScript"
-  type_handler_version         = "2.0"
-  settings = jsonencode({
-    "commandToExecute": "powershell -ExecutionPolicy Unrestricted Install-WindowsFeature -Name Web-Server -IncludeAllSubFeature -IncludeManagementTools"
-  })
 }
diff --git a/2-load-balancer-backend-address-pools.tf b/2-load-balancer-backend-address-pools.tf
@@ -0,0 +1,4 @@
+resource "azurerm_lb_backend_address_pool" "region_02_load_balancer_01_backend_address_pool_01" {
+  loadbalancer_id = azurerm_lb.region_02_load_balancer_01.id
+  name            = "lb-backend-address-pool-01"
+}
diff --git a/2-load-balancer-outbound-rules.tf b/2-load-balancer-outbound-rules.tf
@@ -0,0 +1,11 @@
+resource "azurerm_lb_outbound_rule" "region_02_load_balancer_01_outbound_rule_01" {
+  resource_group_name     = azurerm_resource_group.region_02.name
+  loadbalancer_id         = azurerm_lb.region_02_load_balancer_01.id
+  name                    = "OutboundRule"
+  protocol                = "All"
+  backend_address_pool_id = azurerm_lb_backend_address_pool.region_02_load_balancer_01_backend_address_pool_01.id
+
+  frontend_ip_configuration {
+    name = "PublicIPAddress"
+  }
+}
diff --git a/2-load-balancer-probes.tf b/2-load-balancer-probes.tf
@@ -0,0 +1,8 @@
+resource "azurerm_lb_probe" "region_02_load_balancer_01_probe_01" {
+  resource_group_name = azurerm_resource_group.region_02.name
+  loadbalancer_id     = azurerm_lb.region_02_load_balancer_01.id
+  name                = "probe-01"
+  port                = 80
+  protocol            = "Http"
+  request_path        = "/"
+}
diff --git a/2-load-balancer-rules.tf b/2-load-balancer-rules.tf
@@ -0,0 +1,27 @@
+resource "azurerm_lb_rule" "region_02_load_balancer_01_rule_01" {
+  resource_group_name            = azurerm_resource_group.region_02.name
+  loadbalancer_id                = azurerm_lb.region_02_load_balancer_01.id
+  name                           = "load-balancer-01-rule-01"
+  protocol                       = "Tcp"
+  frontend_port                  = 80
+  backend_port                   = 80
+  frontend_ip_configuration_name = "PublicIPAddress"
+  backend_address_pool_id        = azurerm_lb_backend_address_pool.region_02_load_balancer_01_backend_address_pool_01.id
+  probe_id                       = azurerm_lb_probe.region_02_load_balancer_01_probe_01.id
+  load_distribution              = "SourceIPProtocol"
+  disable_outbound_snat          = true
+}
+
+resource "azurerm_lb_rule" "region_02_load_balancer_01_rule_02" {
+  resource_group_name            = azurerm_resource_group.region_02.name
+  loadbalancer_id                = azurerm_lb.region_02_load_balancer_01.id
+  name                           = "load-balancer-01-rule-02"
+  protocol                       = "Tcp"
+  frontend_port                  = 443
+  backend_port                   = 443
+  frontend_ip_configuration_name = "PublicIPAddress"
+  backend_address_pool_id        = azurerm_lb_backend_address_pool.region_02_load_balancer_01_backend_address_pool_01.id
+  probe_id                       = azurerm_lb_probe.region_02_load_balancer_01_probe_01.id
+  load_distribution              = "SourceIPProtocol"
+  disable_outbound_snat          = true
+}
diff --git a/2-load-balancers.tf b/2-load-balancers.tf
@@ -0,0 +1,11 @@
+resource "azurerm_lb" "region_02_load_balancer_01" {
+  name                = "load-balancer-01"
+  location            = azurerm_resource_group.region_02.location
+  resource_group_name = azurerm_resource_group.region_02.name
+  sku                 = "Standard"
+
+  frontend_ip_configuration {
+    name                 = "PublicIPAddress"
+    public_ip_address_id = azurerm_public_ip.region_02_public_ip_01.id
+  }
+}
diff --git a/2-network-security-group-rules.tf b/2-network-security-group-rules.tf
@@ -0,0 +1,41 @@
+resource "azurerm_network_security_rule" "region_02_nsg_01_rule_01" {
+    name                        = "nsg01rule-https"
+    priority                   = 1000  
+    direction                  = "Inbound"  
+    access                     = "Allow"  
+    protocol                   = "Tcp"  
+    source_port_range          = "*"  
+    destination_port_range     = "443"  
+    source_address_prefix      = "*"  
+    destination_address_prefix = "*"  
+    resource_group_name         = azurerm_resource_group.region_02.name
+    network_security_group_name = azurerm_network_security_group.region_02_nsg_01.name
+}
+
+resource "azurerm_network_security_rule" "region_02_nsg_01_rule_02" {
+    name                        = "nsg01rule02-rdp"
+    priority                    = 1100  
+    direction                   = "Inbound"  
+    access                      = "Allow"  
+    protocol                    = "Tcp"  
+    source_port_range           = "*"  
+    destination_port_range      = "3389"  
+    source_address_prefix       = "*"  
+    destination_address_prefix  = "*" 
+    resource_group_name         = azurerm_resource_group.region_02.name
+    network_security_group_name = azurerm_network_security_group.region_02_nsg_01.name
+}
+
+resource "azurerm_network_security_rule" "region_02_nsg_01_rule_03" {
+    name                        = "nsg01rule03-http"
+    priority                    = 1200  
+    direction                   = "Inbound"
+    access                      = "Allow"    
+    protocol                    = "Tcp"
+    source_port_range           = "*"
+    destination_port_range      = "80"
+    source_address_prefix       = "*"
+    destination_address_prefix  = "*"
+    resource_group_name         = azurerm_resource_group.region_02.name
+    network_security_group_name = azurerm_network_security_group.region_02_nsg_01.name
+}
diff --git a/2-network-security-groups.tf b/2-network-security-groups.tf
@@ -0,0 +1,15 @@
+resource "azurerm_network_security_group" "region_02_nsg_01" {
+  name                = "nsg01"
+  location            = azurerm_resource_group.region_02.location
+  resource_group_name = azurerm_resource_group.region_02.name
+}
+
+resource "azurerm_subnet_network_security_group_association" "region_02_nsg_01_association_01" {
+  subnet_id                 = azurerm_subnet.region_02_virtual_network_01_subnet_01.id
+  network_security_group_id = azurerm_network_security_group.region_02_nsg_01.id
+}
+
+resource "azurerm_subnet_network_security_group_association" "region_02_nsg_01_association_02" {
+  subnet_id                 = azurerm_subnet.region_02_virtual_network_01_subnet_02.id
+  network_security_group_id = azurerm_network_security_group.region_02_nsg_01.id
+}
diff --git a/2-public-ips.tf b/2-public-ips.tf
@@ -0,0 +1,25 @@
+resource "azurerm_public_ip" "region_02_public_ip_01" {
+  name                = "public-ip-01"
+  location            = azurerm_resource_group.region_02.location
+  resource_group_name = azurerm_resource_group.region_02.name
+  allocation_method   = "Static"
+  domain_name_label   = random_string.region_02_fqdn.result
+  sku                 = "Standard"
+
+}
+
+resource "random_string" "region_02_fqdn" {
+  length  = 6
+  special = false
+  upper   = false
+  number  = false
+}
+
+resource "azurerm_public_ip" "region_02_public_ip_02" {
+  name                = "public-ip-02"
+  location            = azurerm_resource_group.region_02.location
+  resource_group_name = azurerm_resource_group.region_02.name
+  allocation_method   = "Static"
+  sku                 = "Standard"
+
+}
diff --git a/2-virtual-network-subnets.tf b/2-virtual-network-subnets.tf
@@ -0,0 +1,13 @@
+resource "azurerm_subnet" "region_02_virtual_network_01_subnet_01" {
+  name                 = "vnet-01-subnet-01"
+  resource_group_name  = azurerm_resource_group.region_02.name
+  virtual_network_name = azurerm_virtual_network.region_02_virtual_network_01.name
+  address_prefixes     = var.region_02_virtual_network_01_subnet_01_address_prefixes
+}
+
+resource "azurerm_subnet" "region_02_virtual_network_01_subnet_02" {
+  name                 = "vnet-01-subnet-02"
+  resource_group_name  = azurerm_resource_group.region_02.name
+  virtual_network_name = azurerm_virtual_network.region_02_virtual_network_01.name
+  address_prefixes     = var.region_02_virtual_network_01_subnet_02_address_prefixes
+}
diff --git a/2-virtual-networks.tf b/2-virtual-networks.tf
@@ -0,0 +1,7 @@
+resource "azurerm_virtual_network" "region_02_virtual_network_01" {
+  name                = "vnet-01"
+  resource_group_name = azurerm_resource_group.region_02.name
+  location            = azurerm_resource_group.region_02.location
+  address_space       = var.region_02_virtual_network_01_address_space
+}
+
diff --git a/2-vm-scale-sets.tf b/2-vm-scale-sets.tf
@@ -0,0 +1,36 @@
+
+resource "azurerm_windows_virtual_machine_scale_set" "region_02_vm_scale_set_01" {
+  name                      = "vm-scale-set-01"
+  resource_group_name       = azurerm_resource_group.region_02.name
+  location                  = azurerm_resource_group.region_02.location
+  sku                       = var.region_02_vm_scale_set_01_sku
+  instances                 = var.region_02_vm_scale_set_01_instances
+  admin_username            = var.admin_username
+  admin_password            = var.admin_password
+  computer_name_prefix      = "vmss01"
+  single_placement_group    = true
+
+  source_image_reference {
+    publisher = "MicrosoftWindowsServer"
+    offer     = "WindowsServer"
+    sku       = "2016-Datacenter-Server-Core"
+    version   = "latest"
+  }
+
+  os_disk {
+    storage_account_type = "Standard_LRS"
+    caching              = "ReadWrite"
+  }
+
+  network_interface {
+    name    = "vm-scale-set-01-nic-01"
+    primary = true
+
+    ip_configuration {
+      name      = "internal"
+      primary   = true
+      subnet_id = azurerm_subnet.region_02_virtual_network_01_subnet_01.id
+      load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.region_02_load_balancer_01_backend_address_pool_01.id]
+    }
+  }
+}
diff --git a/README.md b/README.md
@@ -2,7 +2,9 @@
 
 Basic _terraform_ codes for Azure VM Scale Set and related resources.
 
-Scenario: Two VM Scale Set instances as backend for Azure Front Door
+Scenario: Two VM Scale Set instances as backend for Azure Front Door. This is just a simple _terraform_ example so that some additional commands are needed to be executed in the scale set instance. In real-life scenario, some required VM Image must be used.
+
+In this example, IIS's default page mocks an application. 
 
 
 - Get scale set instances' Windows features
@@ -12,11 +14,21 @@ Get-WindowsFeature | where{$_.InstallState -eq "Installed"}
 
 - Install Web-Server windows feature to VM Scale Set instances to do some test
 ```
-powershell -ExecutionPolicy Unrestricted Install-WindowsFeature -Name Web-Server -IncludeAllSubFeature -IncludeManagementTools
+Install-WindowsFeature -Name Web-Server -IncludeAllSubFeature -IncludeManagementTools
+```
+
+- Check localhost
+```
+Invoke-WebRequest -Uri 127.0.0.1 -UseBasicParsing
 ```
 
 - Check connectivity in scale set instance
 ```
-powershell Invoke-WebRequest -Uri https://www.google.com -UseBasicParsing
+Invoke-WebRequest -Uri https://www.google.com -UseBasicParsing
+```
 
+- Change default IIS Page's content to reflect region info
+```
+Set-Content -Path C:\inetpub\wwwroot\iistart.htm -Value "Hello World - Region 01/02"
 ```
+
diff --git a/front-door.tf b/front-door.tf
@@ -24,8 +24,15 @@ resource "azurerm_frontdoor" "frontdoor_01" {
     backend_pool {
         name = "fd-backend-pool-1"
         backend {
-            host_header = azurerm_public_ip.public_ip_01.ip_address
-            address     = azurerm_public_ip.public_ip_01.ip_address
+            host_header = azurerm_public_ip.region_01_public_ip_01.ip_address
+            address     = azurerm_public_ip.region_01_public_ip_01.ip_address
+            http_port   = 80
+            https_port  = 443
+        }
+
+        backend {
+            host_header = azurerm_public_ip.region_02_public_ip_01.ip_address
+            address     = azurerm_public_ip.region_02_public_ip_01.ip_address
             http_port   = 80
             https_port  = 443
         }

diff --git a/jumpbox-vm.tf b/jumpbox-vm.tf
@@ -7,7 +7,7 @@ resource "azurerm_network_interface" "jumpbox_01" {
     name                          = "internal"
     subnet_id                     = azurerm_subnet.region_01_virtual_network_01_subnet_02.id
     private_ip_address_allocation = "Dynamic"
-    public_ip_address_id          = azurerm_public_ip.public_ip_02.id
+    public_ip_address_id          = azurerm_public_ip.region_01_public_ip_02.id
   }
 }
 
@@ -43,6 +43,58 @@ resource "azurerm_dev_test_global_vm_shutdown_schedule" "jumpbox_01_shutdown_sch
   daily_recurrence_time = "1700"
   timezone              = "Turkey Standard Time"
 
+  notification_settings {
+    enabled = false
+  }
+}
+
+###################################
+
+resource "azurerm_network_interface" "jumpbox_02" {
+  name                = "jumpbox-02-nic"
+  location            = azurerm_resource_group.region_02.location
+  resource_group_name = azurerm_resource_group.region_02.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.region_02_virtual_network_01_subnet_02.id
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = azurerm_public_ip.region_02_public_ip_02.id
+  }
+}
+
+resource "azurerm_windows_virtual_machine" "jumpbox_02" {
+  name                = "jumpbox-vm-02"
+  resource_group_name = azurerm_resource_group.region_02.name
+  location            = azurerm_resource_group.region_02.location
+  size                = "Standard_B2s"
+  admin_username      = var.admin_username
+  admin_password      = var.admin_password
+  network_interface_ids = [
+    azurerm_network_interface.jumpbox_02.id,
+  ]
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "MicrosoftWindowsServer"
+    offer     = "WindowsServer"
+    sku       = "2016-Datacenter"
+    version   = "latest"
+  }
+}
+
+resource "azurerm_dev_test_global_vm_shutdown_schedule" "jumpbox_02_shutdown_schedule" {
+  virtual_machine_id = azurerm_windows_virtual_machine.jumpbox_02.id
+  location           = azurerm_resource_group.region_02.location
+  enabled            = true
+
+  daily_recurrence_time = "1700"
+  timezone              = "Turkey Standard Time"
+
   notification_settings {
     enabled = false
   }