├── .github ├── dependabot.yml └── workflows │ ├── actionlint.yml │ ├── infrastructure-tests.yml │ └── secret-expiration.yml ├── .gitignore ├── CODEOWNERS ├── LICENSE ├── README.md ├── exercises ├── main.tf.completed ├── main.tf.cowsay ├── main.tf.start ├── outputs.tf.completed └── outputs.tf.start ├── files └── deploy_app.sh ├── main.tf ├── outputs.tf ├── terraform.tfvars.example └── variables.tf /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | 3 | updates: 4 | - package-ecosystem: "github-actions" 5 | directory: "/" 6 | schedule: 7 | interval: "daily" -------------------------------------------------------------------------------- /.github/workflows/actionlint.yml: -------------------------------------------------------------------------------- 1 | # If the repository is public, be sure to change to GitHub hosted runners 2 | name: Lint GitHub Actions Workflows 3 | on: 4 | push: 5 | pull_request: 6 | permissions: 7 | contents: read 8 | jobs: 9 | actionlint: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 13 | - name: "Check workflow files" 14 | uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint:latest 15 | -------------------------------------------------------------------------------- /.github/workflows/infrastructure-tests.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: MPL-2.0 3 | name: hashicorp/hashicat-azure/infrastructure-tests 4 | on: 5 | workflow_dispatch: 6 | push: 7 | branches: 8 | - 'master' 9 | env: 10 | # See IL-574 for the source of these 11 | ARM_CLIENT_ID: ${{ vars.ARM_CLIENT_ID }} 12 | ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} 13 | ARM_SUBSCRIPTION_ID: ${{ vars.ARM_SUBSCRIPTION_ID }} 14 | ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }} 15 | TF_VAR_prefix: gha-infrastructure-tests-${{ github.run_id }}-${{ github.run_number }} 16 | permissions: {} 17 | jobs: 18 | terraform-init: 19 | runs-on: ubuntu-latest 20 | container: 21 | image: docker.mirror.hashicorp.services/hashicorp/terraform:light 22 | permissions: 23 | contents: read 24 | steps: 25 | - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 26 | - name: Terraform Init 27 | run: terraform init 28 | - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 29 | with: 30 | name: "tf-code" 31 | path: ${{ github.workspace }} 32 | terraform-validate: 33 | runs-on: ubuntu-latest 34 | container: 35 | image: docker.mirror.hashicorp.services/hashicorp/terraform:light 36 | needs: 37 | - terraform-init 38 | steps: 39 | - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 40 | with: 41 | name: "tf-code" 42 | path: ${{ github.workspace }} 43 | # Either upload or download-artifact does not preserve the exec bit on 44 | # binaries, so fix that here 45 | - name: fix-perms 46 | run: |- 47 | # e.g. .terraform/providers/registry.terraform.io/hashicorp/null/3.2.1/linux_amd64/terraform-provider-null_v3.2.1_x5 48 | chmod +x .terraform/providers/*/*/*/*/*/terraform-provider-* 49 | - name: Terraform Validate 50 | run: terraform validate 51 | terraform-plan: 52 | runs-on: ubuntu-latest 53 | container: 54 | image: docker.mirror.hashicorp.services/hashicorp/terraform:light 55 | needs: 56 | - terraform-validate 57 | steps: 58 | - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 59 | with: 60 | name: "tf-code" 61 | path: ${{ github.workspace }} 62 | # Either upload or download-artifact does not preserve the exec bit on 63 | # binaries, so fix that here 64 | - name: fix-perms 65 | run: |- 66 | # e.g. .terraform/providers/registry.terraform.io/hashicorp/null/3.2.1/linux_amd64/terraform-provider-null_v3.2.1_x5 67 | chmod +x .terraform/providers/*/*/*/*/*/terraform-provider-* 68 | - name: Terraform Plan 69 | run: terraform plan -out=gha-infrastructure-tests-${{ github.run_id }}-${{ github.run_number }}.plan 70 | - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 71 | with: 72 | name: "tf-code" 73 | path: ${{ github.workspace }} 74 | terraform-apply: 75 | runs-on: ubuntu-latest 76 | container: 77 | image: docker.mirror.hashicorp.services/hashicorp/terraform:light 78 | needs: 79 | - terraform-plan 80 | steps: 81 | - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 82 | with: 83 | name: "tf-code" 84 | path: ${{ github.workspace }} 85 | # Either upload or download-artifact does not preserve the exec bit on 86 | # binaries, so fix that here 87 | - name: fix-perms 88 | run: |- 89 | # e.g. .terraform/providers/registry.terraform.io/hashicorp/null/3.2.1/linux_amd64/terraform-provider-null_v3.2.1_x5 90 | chmod +x .terraform/providers/*/*/*/*/*/terraform-provider-* 91 | - name: Terraform Apply 92 | run: terraform apply -auto-approve gha-infrastructure-tests-${{ github.run_id }}-${{ github.run_number }}.plan 93 | - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 94 | with: 95 | name: "tf-code" 96 | path: ${{ github.workspace }} 97 | terraform-destroy: 98 | runs-on: ubuntu-latest 99 | container: 100 | image: docker.mirror.hashicorp.services/hashicorp/terraform:light 101 | needs: 102 | - terraform-apply 103 | steps: 104 | - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 105 | with: 106 | name: "tf-code" 107 | path: ${{ github.workspace }} 108 | # Either upload or download-artifact does not preserve the exec bit on 109 | # binaries, so fix that here 110 | - name: fix-perms 111 | run: |- 112 | # e.g. .terraform/providers/registry.terraform.io/hashicorp/null/3.2.1/linux_amd64/terraform-provider-null_v3.2.1_x5 113 | chmod +x .terraform/providers/*/*/*/*/*/terraform-provider-* 114 | - name: Terraform Destroy 115 | run: terraform destroy -auto-approve -------------------------------------------------------------------------------- /.github/workflows/secret-expiration.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | # See IL-574 for secret and variables definitions 5 | name: hashicorp/hashicat-azure/secret-expiration 6 | on: 7 | workflow_dispatch: 8 | schedule: 9 | # This is UTC 10 | - cron: 37 4 * * * 11 | permissions: {} 12 | jobs: 13 | check-arm-client-secret: 14 | runs-on: ubuntu-latest 15 | steps: 16 | - name: Build Message 17 | id: build-message 18 | shell: python 19 | continue-on-error: true 20 | run: |- 21 | import datetime 22 | import os 23 | expiry_date = datetime.datetime.fromisoformat("${{ vars.ARM_CLIENT_SECRET_EXPIRY }}") 24 | now = datetime.date.today() 25 | time_left = expiry_date.date() - now 26 | days_left = time_left.days 27 | print(f"ARM_CLIENT_SECRET has {days_left} days left") 28 | # Set some output to trigger the Slack step 29 | gho = open(os.environ.get('GITHUB_OUTPUT'), 'a') 30 | gho.writelines([f'days_left={days_left}\n']) 31 | if days_left <= int("${{ vars.ARM_CLIENT_SECRET_MIN_DAYS_REMAINING }}"): 32 | gho.writelines(['do_notify=true\n']) 33 | else: 34 | gho.writelines(['do_notify=false\n']) 35 | gho.close() 36 | - name: Notify Slack on Build Message Error 37 | id: notify-build-message-error 38 | if: ${{ steps.build-message.outcome == 'failure' }} 39 | uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 40 | with: 41 | channel-id: ${{ vars.SLACK_NOTIFICATION_CHANNELS_FAIL_ONLY }} 42 | payload: |- 43 | { 44 | "blocks": [ 45 | { 46 | "type": "section", 47 | "text": { 48 | "type": "mrkdwn", 49 | "text": ":exclamation: Workflow <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }} #${{ github.run_number }}> *FAILED*" 50 | } 51 | } 52 | ] 53 | } 54 | env: 55 | SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} 56 | - name: Notify Slack 57 | id: notify-slack 58 | if: ${{ steps.build-message.outputs.do_notify == 'true' }} 59 | uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 60 | with: 61 | channel-id: ${{ vars.SLACK_NOTIFICATION_CHANNELS_FAIL_ONLY }} 62 | payload: |- 63 | { 64 | "blocks": [ 65 | { 66 | "type": "section", 67 | "text": { 68 | "type": "mrkdwn", 69 | "text": ":exclamation: Workflow <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }} #${{ github.run_number }}> *ALERT*" 70 | } 71 | }, 72 | { 73 | "type": "divider" 74 | }, 75 | { 76 | "type": "section", 77 | "text": { 78 | "type": "mrkdwn", 79 | "text": "The secret ARM_CLIENT_SECRET has ${{ steps.build-message.outputs.days_left }} days left, less than ${{ vars.ARM_CLIENT_SECRET_MIN_DAYS_REMAINING }}. See IL-574 for information on how to renew it" 80 | } 81 | } 82 | ] 83 | } 84 | env: 85 | SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} 86 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # .tfvars files 9 | *.tfvars 10 | 11 | # terraformrc file 12 | .terraformrc 13 | terraform.rc -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @hashicorp/team-customer-design-labs 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2019 HashiCorp, Inc. 2 | 3 | Apache License 4 | Version 2.0, January 2004 5 | http://www.apache.org/licenses/ 6 | 7 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 8 | 9 | 1. Definitions. 10 | 11 | "License" shall mean the terms and conditions for use, reproduction, 12 | and distribution as defined by Sections 1 through 9 of this document. 13 | 14 | "Licensor" shall mean the copyright owner or entity authorized by 15 | the copyright owner that is granting the License. 16 | 17 | "Legal Entity" shall mean the union of the acting entity and all 18 | other entities that control, are controlled by, or are under common 19 | control with that entity. For the purposes of this definition, 20 | "control" means (i) the power, direct or indirect, to cause the 21 | direction or management of such entity, whether by contract or 22 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 23 | outstanding shares, or (iii) beneficial ownership of such entity. 24 | 25 | "You" (or "Your") shall mean an individual or Legal Entity 26 | exercising permissions granted by this License. 27 | 28 | "Source" form shall mean the preferred form for making modifications, 29 | including but not limited to software source code, documentation 30 | source, and configuration files. 31 | 32 | "Object" form shall mean any form resulting from mechanical 33 | transformation or translation of a Source form, including but 34 | not limited to compiled object code, generated documentation, 35 | and conversions to other media types. 36 | 37 | "Work" shall mean the work of authorship, whether in Source or 38 | Object form, made available under the License, as indicated by a 39 | copyright notice that is included in or attached to the work 40 | (an example is provided in the Appendix below). 41 | 42 | "Derivative Works" shall mean any work, whether in Source or Object 43 | form, that is based on (or derived from) the Work and for which the 44 | editorial revisions, annotations, elaborations, or other modifications 45 | represent, as a whole, an original work of authorship. For the purposes 46 | of this License, Derivative Works shall not include works that remain 47 | separable from, or merely link (or bind by name) to the interfaces of, 48 | the Work and Derivative Works thereof. 49 | 50 | "Contribution" shall mean any work of authorship, including 51 | the original version of the Work and any modifications or additions 52 | to that Work or Derivative Works thereof, that is intentionally 53 | submitted to Licensor for inclusion in the Work by the copyright owner 54 | or by an individual or Legal Entity authorized to submit on behalf of 55 | the copyright owner. For the purposes of this definition, "submitted" 56 | means any form of electronic, verbal, or written communication sent 57 | to the Licensor or its representatives, including but not limited to 58 | communication on electronic mailing lists, source code control systems, 59 | and issue tracking systems that are managed by, or on behalf of, the 60 | Licensor for the purpose of discussing and improving the Work, but 61 | excluding communication that is conspicuously marked or otherwise 62 | designated in writing by the copyright owner as "Not a Contribution." 63 | 64 | "Contributor" shall mean Licensor and any individual or Legal Entity 65 | on behalf of whom a Contribution has been received by Licensor and 66 | subsequently incorporated within the Work. 67 | 68 | 2. Grant of Copyright License. Subject to the terms and conditions of 69 | this License, each Contributor hereby grants to You a perpetual, 70 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 71 | copyright license to reproduce, prepare Derivative Works of, 72 | publicly display, publicly perform, sublicense, and distribute the 73 | Work and such Derivative Works in Source or Object form. 74 | 75 | 3. Grant of Patent License. Subject to the terms and conditions of 76 | this License, each Contributor hereby grants to You a perpetual, 77 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 78 | (except as stated in this section) patent license to make, have made, 79 | use, offer to sell, sell, import, and otherwise transfer the Work, 80 | where such license applies only to those patent claims licensable 81 | by such Contributor that are necessarily infringed by their 82 | Contribution(s) alone or by combination of their Contribution(s) 83 | with the Work to which such Contribution(s) was submitted. If You 84 | institute patent litigation against any entity (including a 85 | cross-claim or counterclaim in a lawsuit) alleging that the Work 86 | or a Contribution incorporated within the Work constitutes direct 87 | or contributory patent infringement, then any patent licenses 88 | granted to You under this License for that Work shall terminate 89 | as of the date such litigation is filed. 90 | 91 | 4. Redistribution. You may reproduce and distribute copies of the 92 | Work or Derivative Works thereof in any medium, with or without 93 | modifications, and in Source or Object form, provided that You 94 | meet the following conditions: 95 | 96 | (a) You must give any other recipients of the Work or 97 | Derivative Works a copy of this License; and 98 | 99 | (b) You must cause any modified files to carry prominent notices 100 | stating that You changed the files; and 101 | 102 | (c) You must retain, in the Source form of any Derivative Works 103 | that You distribute, all copyright, patent, trademark, and 104 | attribution notices from the Source form of the Work, 105 | excluding those notices that do not pertain to any part of 106 | the Derivative Works; and 107 | 108 | (d) If the Work includes a "NOTICE" text file as part of its 109 | distribution, then any Derivative Works that You distribute must 110 | include a readable copy of the attribution notices contained 111 | within such NOTICE file, excluding those notices that do not 112 | pertain to any part of the Derivative Works, in at least one 113 | of the following places: within a NOTICE text file distributed 114 | as part of the Derivative Works; within the Source form or 115 | documentation, if provided along with the Derivative Works; or, 116 | within a display generated by the Derivative Works, if and 117 | wherever such third-party notices normally appear. The contents 118 | of the NOTICE file are for informational purposes only and 119 | do not modify the License. You may add Your own attribution 120 | notices within Derivative Works that You distribute, alongside 121 | or as an addendum to the NOTICE text from the Work, provided 122 | that such additional attribution notices cannot be construed 123 | as modifying the License. 124 | 125 | You may add Your own copyright statement to Your modifications and 126 | may provide additional or different license terms and conditions 127 | for use, reproduction, or distribution of Your modifications, or 128 | for any such Derivative Works as a whole, provided Your use, 129 | reproduction, and distribution of the Work otherwise complies with 130 | the conditions stated in this License. 131 | 132 | 5. Submission of Contributions. Unless You explicitly state otherwise, 133 | any Contribution intentionally submitted for inclusion in the Work 134 | by You to the Licensor shall be under the terms and conditions of 135 | this License, without any additional terms or conditions. 136 | Notwithstanding the above, nothing herein shall supersede or modify 137 | the terms of any separate license agreement you may have executed 138 | with Licensor regarding such Contributions. 139 | 140 | 6. Trademarks. This License does not grant permission to use the trade 141 | names, trademarks, service marks, or product names of the Licensor, 142 | except as required for reasonable and customary use in describing the 143 | origin of the Work and reproducing the content of the NOTICE file. 144 | 145 | 7. Disclaimer of Warranty. Unless required by applicable law or 146 | agreed to in writing, Licensor provides the Work (and each 147 | Contributor provides its Contributions) on an "AS IS" BASIS, 148 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 149 | implied, including, without limitation, any warranties or conditions 150 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 151 | PARTICULAR PURPOSE. You are solely responsible for determining the 152 | appropriateness of using or redistributing the Work and assume any 153 | risks associated with Your exercise of permissions under this License. 154 | 155 | 8. Limitation of Liability. In no event and under no legal theory, 156 | whether in tort (including negligence), contract, or otherwise, 157 | unless required by applicable law (such as deliberate and grossly 158 | negligent acts) or agreed to in writing, shall any Contributor be 159 | liable to You for damages, including any direct, indirect, special, 160 | incidental, or consequential damages of any character arising as a 161 | result of this License or out of the use or inability to use the 162 | Work (including but not limited to damages for loss of goodwill, 163 | work stoppage, computer failure or malfunction, or any and all 164 | other commercial damages or losses), even if such Contributor 165 | has been advised of the possibility of such damages. 166 | 167 | 9. Accepting Warranty or Additional Liability. While redistributing 168 | the Work or Derivative Works thereof, You may choose to offer, 169 | and charge a fee for, acceptance of support, warranty, indemnity, 170 | or other liability obligations and/or rights consistent with this 171 | License. However, in accepting such obligations, You may act only 172 | on Your own behalf and on Your sole responsibility, not on behalf 173 | of any other Contributor, and only if You agree to indemnify, 174 | defend, and hold each Contributor harmless for any liability 175 | incurred by, or claims asserted against, such Contributor by reason 176 | of your accepting any such warranty or additional liability. 177 | 178 | END OF TERMS AND CONDITIONS 179 | 180 | APPENDIX: How to apply the Apache License to your work. 181 | 182 | To apply the Apache License to your work, attach the following 183 | boilerplate notice, with the fields enclosed by brackets "[]" 184 | replaced with your own identifying information. (Don't include 185 | the brackets!) The text should be enclosed in the appropriate 186 | comment syntax for the file format. We also recommend that a 187 | file or class name and description of purpose be included on the 188 | same "printed page" as the copyright notice for easier 189 | identification within third-party archives. 190 | 191 | Copyright [yyyy] [name of copyright owner] 192 | 193 | Licensed under the Apache License, Version 2.0 (the "License"); 194 | you may not use this file except in compliance with the License. 195 | You may obtain a copy of the License at 196 | 197 | http://www.apache.org/licenses/LICENSE-2.0 198 | 199 | Unless required by applicable law or agreed to in writing, software 200 | distributed under the License is distributed on an "AS IS" BASIS, 201 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 202 | See the License for the specific language governing permissions and 203 | limitations under the License. 204 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # hashicat 2 | Hashicat: A terraform built application for use in Hashicorp workshops. 3 | 4 | Includes the "Meow World" website. 😻 5 | 6 | [![infrastructure-tests](https://github.com/hashicorp/hashicat-azure/actions/workflows/infrastructure-tests.yml/badge.svg)](https://github.com/hashicorp/hashicat-azure/actions/workflows/infrastructure-tests.yml) 7 | -------------------------------------------------------------------------------- /exercises/main.tf.completed: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = "=2.60.0" 6 | } 7 | } 8 | } 9 | 10 | provider "azurerm" { 11 | features {} 12 | } 13 | 14 | resource "azurerm_resource_group" "myresourcegroup" { 15 | name = "${var.prefix}-workshop" 16 | location = var.location 17 | 18 | tags = { 19 | environment = "Production" 20 | } 21 | } 22 | 23 | resource "azurerm_virtual_network" "vnet" { 24 | name = "${var.prefix}-vnet" 25 | location = azurerm_resource_group.myresourcegroup.location 26 | address_space = [var.address_space] 27 | resource_group_name = azurerm_resource_group.myresourcegroup.name 28 | } 29 | 30 | resource "azurerm_subnet" "subnet" { 31 | name = "${var.prefix}-subnet" 32 | virtual_network_name = azurerm_virtual_network.vnet.name 33 | resource_group_name = azurerm_resource_group.myresourcegroup.name 34 | address_prefixes = [var.subnet_prefix] 35 | } 36 | 37 | resource "azurerm_network_security_group" "catapp-sg" { 38 | name = "${var.prefix}-sg" 39 | location = var.location 40 | resource_group_name = azurerm_resource_group.myresourcegroup.name 41 | 42 | security_rule { 43 | name = "HTTP" 44 | priority = 100 45 | direction = "Inbound" 46 | access = "Allow" 47 | protocol = "Tcp" 48 | source_port_range = "*" 49 | destination_port_range = "80" 50 | source_address_prefix = "*" 51 | destination_address_prefix = "*" 52 | } 53 | 54 | security_rule { 55 | name = "HTTPS" 56 | priority = 102 57 | direction = "Inbound" 58 | access = "Allow" 59 | protocol = "Tcp" 60 | source_port_range = "*" 61 | destination_port_range = "443" 62 | source_address_prefix = "*" 63 | destination_address_prefix = "*" 64 | } 65 | 66 | security_rule { 67 | name = "SSH" 68 | priority = 101 69 | direction = "Inbound" 70 | access = "Allow" 71 | protocol = "Tcp" 72 | source_port_range = "*" 73 | destination_port_range = "22" 74 | source_address_prefix = "*" 75 | destination_address_prefix = "*" 76 | } 77 | } 78 | 79 | resource "azurerm_network_interface" "catapp-nic" { 80 | name = "${var.prefix}-catapp-nic" 81 | location = var.location 82 | resource_group_name = azurerm_resource_group.myresourcegroup.name 83 | 84 | ip_configuration { 85 | name = "${var.prefix}ipconfig" 86 | subnet_id = azurerm_subnet.subnet.id 87 | private_ip_address_allocation = "Dynamic" 88 | public_ip_address_id = azurerm_public_ip.catapp-pip.id 89 | } 90 | } 91 | 92 | resource "azurerm_network_interface_security_group_association" "catapp-nic-sg-ass" { 93 | network_interface_id = azurerm_network_interface.catapp-nic.id 94 | network_security_group_id = azurerm_network_security_group.catapp-sg.id 95 | } 96 | 97 | resource "azurerm_public_ip" "catapp-pip" { 98 | name = "${var.prefix}-ip" 99 | location = var.location 100 | resource_group_name = azurerm_resource_group.myresourcegroup.name 101 | allocation_method = "Dynamic" 102 | domain_name_label = "${var.prefix}-meow" 103 | } 104 | 105 | resource "azurerm_virtual_machine" "catapp" { 106 | name = "${var.prefix}-meow" 107 | location = var.location 108 | resource_group_name = azurerm_resource_group.myresourcegroup.name 109 | vm_size = var.vm_size 110 | 111 | network_interface_ids = [azurerm_network_interface.catapp-nic.id] 112 | delete_os_disk_on_termination = "true" 113 | 114 | storage_image_reference { 115 | publisher = var.image_publisher 116 | offer = var.image_offer 117 | sku = var.image_sku 118 | version = var.image_version 119 | } 120 | 121 | storage_os_disk { 122 | name = "${var.prefix}-osdisk" 123 | managed_disk_type = "Standard_LRS" 124 | caching = "ReadWrite" 125 | create_option = "FromImage" 126 | } 127 | 128 | os_profile { 129 | computer_name = var.prefix 130 | admin_username = var.admin_username 131 | admin_password = var.admin_password 132 | } 133 | 134 | os_profile_linux_config { 135 | disable_password_authentication = false 136 | } 137 | 138 | tags = {} 139 | 140 | # Added to allow destroy to work correctly. 141 | depends_on = [azurerm_network_interface_security_group_association.catapp-nic-sg-ass] 142 | } 143 | 144 | # We're using a little trick here so we can run the provisioner without 145 | # destroying the VM. Do not do this in production. 146 | 147 | # If you need ongoing management (Day N) of your virtual machines a tool such 148 | # as Chef or Puppet is a better choice. These tools track the state of 149 | # individual files and can keep them in the correct configuration. 150 | 151 | # Here we do the following steps: 152 | # Sync everything in files/ to the remote VM. 153 | # Set up some environment variables for our script. 154 | # Add execute permissions to our scripts. 155 | # Run the deploy_app.sh script. 156 | resource "null_resource" "configure-cat-app" { 157 | depends_on = [ 158 | azurerm_virtual_machine.catapp, 159 | ] 160 | 161 | # Terraform 0.11 162 | # triggers { 163 | # build_number = "${timestamp()}" 164 | # } 165 | 166 | # Terraform 0.12 167 | triggers = { 168 | build_number = timestamp() 169 | } 170 | 171 | provisioner "file" { 172 | source = "files/" 173 | destination = "/home/${var.admin_username}/" 174 | 175 | connection { 176 | type = "ssh" 177 | user = var.admin_username 178 | password = var.admin_password 179 | host = azurerm_public_ip.catapp-pip.fqdn 180 | } 181 | } 182 | 183 | provisioner "remote-exec" { 184 | inline = [ 185 | "sudo apt -y update", 186 | "sleep 15", 187 | "sudo apt -y update", 188 | "sudo apt -y install apache2", 189 | "sudo systemctl start apache2", 190 | "sudo chown -R ${var.admin_username}:${var.admin_username} /var/www/html", 191 | "chmod +x *.sh", 192 | "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", 193 | ] 194 | 195 | connection { 196 | type = "ssh" 197 | user = var.admin_username 198 | password = var.admin_password 199 | host = azurerm_public_ip.catapp-pip.fqdn 200 | } 201 | } 202 | } 203 | -------------------------------------------------------------------------------- /exercises/main.tf.cowsay: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = "=2.60.0" 6 | } 7 | } 8 | } 9 | 10 | provider "azurerm" { 11 | features {} 12 | } 13 | 14 | resource "azurerm_resource_group" "myresourcegroup" { 15 | name = "${var.prefix}-workshop" 16 | location = var.location 17 | 18 | tags = { 19 | environment = "Production" 20 | } 21 | } 22 | 23 | resource "azurerm_virtual_network" "vnet" { 24 | name = "${var.prefix}-vnet" 25 | location = azurerm_resource_group.myresourcegroup.location 26 | address_space = [var.address_space] 27 | resource_group_name = azurerm_resource_group.myresourcegroup.name 28 | } 29 | 30 | resource "azurerm_subnet" "subnet" { 31 | name = "${var.prefix}-subnet" 32 | virtual_network_name = azurerm_virtual_network.vnet.name 33 | resource_group_name = azurerm_resource_group.myresourcegroup.name 34 | address_prefixes = [var.subnet_prefix] 35 | } 36 | 37 | resource "azurerm_network_security_group" "catapp-sg" { 38 | name = "${var.prefix}-sg" 39 | location = var.location 40 | resource_group_name = azurerm_resource_group.myresourcegroup.name 41 | 42 | security_rule { 43 | name = "HTTP" 44 | priority = 100 45 | direction = "Inbound" 46 | access = "Allow" 47 | protocol = "Tcp" 48 | source_port_range = "*" 49 | destination_port_range = "80" 50 | source_address_prefix = "*" 51 | destination_address_prefix = "*" 52 | } 53 | 54 | security_rule { 55 | name = "HTTPS" 56 | priority = 102 57 | direction = "Inbound" 58 | access = "Allow" 59 | protocol = "Tcp" 60 | source_port_range = "*" 61 | destination_port_range = "443" 62 | source_address_prefix = "*" 63 | destination_address_prefix = "*" 64 | } 65 | 66 | security_rule { 67 | name = "SSH" 68 | priority = 101 69 | direction = "Inbound" 70 | access = "Allow" 71 | protocol = "Tcp" 72 | source_port_range = "*" 73 | destination_port_range = "22" 74 | source_address_prefix = "*" 75 | destination_address_prefix = "*" 76 | } 77 | } 78 | 79 | resource "azurerm_network_interface" "catapp-nic" { 80 | name = "${var.prefix}-catapp-nic" 81 | location = var.location 82 | resource_group_name = azurerm_resource_group.myresourcegroup.name 83 | 84 | ip_configuration { 85 | name = "${var.prefix}ipconfig" 86 | subnet_id = azurerm_subnet.subnet.id 87 | private_ip_address_allocation = "Dynamic" 88 | public_ip_address_id = azurerm_public_ip.catapp-pip.id 89 | } 90 | } 91 | 92 | resource "azurerm_network_interface_security_group_association" "catapp-nic-sg-ass" { 93 | network_interface_id = azurerm_network_interface.catapp-nic.id 94 | network_security_group_id = azurerm_network_security_group.catapp-sg.id 95 | } 96 | 97 | resource "azurerm_public_ip" "catapp-pip" { 98 | name = "${var.prefix}-ip" 99 | location = var.location 100 | resource_group_name = azurerm_resource_group.myresourcegroup.name 101 | allocation_method = "Dynamic" 102 | domain_name_label = "${var.prefix}-meow" 103 | } 104 | 105 | resource "azurerm_virtual_machine" "catapp" { 106 | name = "${var.prefix}-meow" 107 | location = var.location 108 | resource_group_name = azurerm_resource_group.myresourcegroup.name 109 | vm_size = var.vm_size 110 | 111 | network_interface_ids = [azurerm_network_interface.catapp-nic.id] 112 | delete_os_disk_on_termination = "true" 113 | 114 | storage_image_reference { 115 | publisher = var.image_publisher 116 | offer = var.image_offer 117 | sku = var.image_sku 118 | version = var.image_version 119 | } 120 | 121 | storage_os_disk { 122 | name = "${var.prefix}-osdisk" 123 | managed_disk_type = "Standard_LRS" 124 | caching = "ReadWrite" 125 | create_option = "FromImage" 126 | } 127 | 128 | os_profile { 129 | computer_name = var.prefix 130 | admin_username = var.admin_username 131 | admin_password = var.admin_password 132 | } 133 | 134 | os_profile_linux_config { 135 | disable_password_authentication = false 136 | } 137 | 138 | tags = {} 139 | 140 | # Added to allow destroy to work correctly. 141 | depends_on = [azurerm_network_interface_security_group_association.catapp-nic-sg-ass] 142 | } 143 | 144 | # We're using a little trick here so we can run the provisioner without 145 | # destroying the VM. Do not do this in production. 146 | 147 | # If you need ongoing management (Day N) of your virtual machines a tool such 148 | # as Chef or Puppet is a better choice. These tools track the state of 149 | # individual files and can keep them in the correct configuration. 150 | 151 | # Here we do the following steps: 152 | # Sync everything in files/ to the remote VM. 153 | # Set up some environment variables for our script. 154 | # Add execute permissions to our scripts. 155 | # Run the deploy_app.sh script. 156 | resource "null_resource" "configure-cat-app" { 157 | depends_on = [ 158 | azurerm_virtual_machine.catapp, 159 | ] 160 | 161 | # Terraform 0.11 162 | # triggers { 163 | # build_number = "${timestamp()}" 164 | # } 165 | 166 | # Terraform 0.12 167 | triggers = { 168 | build_number = timestamp() 169 | } 170 | 171 | provisioner "file" { 172 | source = "files/" 173 | destination = "/home/${var.admin_username}/" 174 | 175 | connection { 176 | type = "ssh" 177 | user = var.admin_username 178 | password = var.admin_password 179 | host = azurerm_public_ip.catapp-pip.fqdn 180 | } 181 | } 182 | 183 | provisioner "remote-exec" { 184 | inline = [ 185 | "sudo apt -y update", 186 | "sleep 15", 187 | "sudo apt -y update", 188 | "sudo apt -y install apache2", 189 | "sudo systemctl start apache2", 190 | "sudo chown -R ${var.admin_username}:${var.admin_username} /var/www/html", 191 | "chmod +x *.sh", 192 | "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", 193 | "sudo apt -y install cowsay", 194 | "cowsay Mooooooooooo!", 195 | ] 196 | 197 | connection { 198 | type = "ssh" 199 | user = var.admin_username 200 | password = var.admin_password 201 | host = azurerm_public_ip.catapp-pip.fqdn 202 | } 203 | } 204 | } 205 | -------------------------------------------------------------------------------- /exercises/main.tf.start: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = "=2.60.0" 6 | } 7 | } 8 | } 9 | 10 | provider "azurerm" { 11 | features {} 12 | } 13 | 14 | resource "azurerm_resource_group" "myresourcegroup" { 15 | name = "${var.prefix}-workshop" 16 | location = var.location 17 | 18 | tags = {} 19 | } 20 | 21 | # resource "azurerm_virtual_network" "vnet" { 22 | # name = "${var.prefix}-vnet" 23 | # location = azurerm_resource_group.myresourcegroup.location 24 | # address_space = [var.address_space] 25 | # resource_group_name = azurerm_resource_group.myresourcegroup.name 26 | # } 27 | 28 | # resource "azurerm_subnet" "subnet" { 29 | # name = "${var.prefix}-subnet" 30 | # virtual_network_name = azurerm_virtual_network.vnet.name 31 | # resource_group_name = azurerm_resource_group.myresourcegroup.name 32 | # address_prefixes = [var.subnet_prefix] 33 | # } 34 | 35 | # resource "azurerm_network_security_group" "catapp-sg" { 36 | # name = "${var.prefix}-sg" 37 | # location = var.location 38 | # resource_group_name = azurerm_resource_group.myresourcegroup.name 39 | 40 | # security_rule { 41 | # name = "HTTP" 42 | # priority = 100 43 | # direction = "Inbound" 44 | # access = "Allow" 45 | # protocol = "Tcp" 46 | # source_port_range = "*" 47 | # destination_port_range = "80" 48 | # source_address_prefix = "*" 49 | # destination_address_prefix = "*" 50 | # } 51 | 52 | # security_rule { 53 | # name = "HTTPS" 54 | # priority = 102 55 | # direction = "Inbound" 56 | # access = "Allow" 57 | # protocol = "Tcp" 58 | # source_port_range = "*" 59 | # destination_port_range = "443" 60 | # source_address_prefix = "*" 61 | # destination_address_prefix = "*" 62 | # } 63 | 64 | # security_rule { 65 | # name = "SSH" 66 | # priority = 101 67 | # direction = "Inbound" 68 | # access = "Allow" 69 | # protocol = "Tcp" 70 | # source_port_range = "*" 71 | # destination_port_range = "22" 72 | # source_address_prefix = "*" 73 | # destination_address_prefix = "*" 74 | # } 75 | # } 76 | 77 | # resource "azurerm_network_interface" "catapp-nic" { 78 | # name = "${var.prefix}-catapp-nic" 79 | # location = var.location 80 | # resource_group_name = azurerm_resource_group.myresourcegroup.name 81 | 82 | # ip_configuration { 83 | # name = "${var.prefix}ipconfig" 84 | # subnet_id = azurerm_subnet.subnet.id 85 | # private_ip_address_allocation = "Dynamic" 86 | # public_ip_address_id = azurerm_public_ip.catapp-pip.id 87 | # } 88 | # } 89 | 90 | # resource "azurerm_network_interface_security_group_association" "catapp-nic-sg-ass" { 91 | # network_interface_id = azurerm_network_interface.catapp-nic.id 92 | # network_security_group_id = azurerm_network_security_group.catapp-sg.id 93 | # } 94 | 95 | # resource "azurerm_public_ip" "catapp-pip" { 96 | # name = "${var.prefix}-ip" 97 | # location = var.location 98 | # resource_group_name = azurerm_resource_group.myresourcegroup.name 99 | # allocation_method = "Dynamic" 100 | # domain_name_label = "${var.prefix}-meow" 101 | # } 102 | 103 | # resource "azurerm_virtual_machine" "catapp" { 104 | # name = "${var.prefix}-meow" 105 | # location = var.location 106 | # resource_group_name = azurerm_resource_group.myresourcegroup.name 107 | # vm_size = var.vm_size 108 | 109 | # network_interface_ids = [azurerm_network_interface.catapp-nic.id] 110 | # delete_os_disk_on_termination = "true" 111 | 112 | # storage_image_reference { 113 | # publisher = var.image_publisher 114 | # offer = var.image_offer 115 | # sku = var.image_sku 116 | # version = var.image_version 117 | # } 118 | 119 | # storage_os_disk { 120 | # name = "${var.prefix}-osdisk" 121 | # managed_disk_type = "Standard_LRS" 122 | # caching = "ReadWrite" 123 | # create_option = "FromImage" 124 | # } 125 | 126 | # os_profile { 127 | # computer_name = var.prefix 128 | # admin_username = var.admin_username 129 | # admin_password = var.admin_password 130 | # } 131 | 132 | # os_profile_linux_config { 133 | # disable_password_authentication = false 134 | # } 135 | 136 | # tags = {} 137 | 138 | # # Added to allow destroy to work correctly. 139 | # depends_on = [azurerm_network_interface_security_group_association.catapp-nic-sg-ass] 140 | # } 141 | 142 | # # We're using a little trick here so we can run the provisioner without 143 | # # destroying the VM. Do not do this in production. 144 | 145 | # # If you need ongoing management (Day N) of your virtual machines a tool such 146 | # # as Chef or Puppet is a better choice. These tools track the state of 147 | # # individual files and can keep them in the correct configuration. 148 | 149 | # # Here we do the following steps: 150 | # # Sync everything in files/ to the remote VM. 151 | # # Set up some environment variables for our script. 152 | # # Add execute permissions to our scripts. 153 | # # Run the deploy_app.sh script. 154 | # resource "null_resource" "configure-cat-app" { 155 | # depends_on = [ 156 | # azurerm_virtual_machine.catapp, 157 | # ] 158 | 159 | # # Terraform 0.11 160 | # # triggers { 161 | # # build_number = "${timestamp()}" 162 | # # } 163 | 164 | # # Terraform 0.12 165 | # triggers = { 166 | # build_number = timestamp() 167 | # } 168 | 169 | # provisioner "file" { 170 | # source = "files/" 171 | # destination = "/home/${var.admin_username}/" 172 | 173 | # connection { 174 | # type = "ssh" 175 | # user = var.admin_username 176 | # password = var.admin_password 177 | # host = azurerm_public_ip.catapp-pip.fqdn 178 | # } 179 | # } 180 | 181 | # provisioner "remote-exec" { 182 | # inline = [ 183 | # "sudo apt -y update", 184 | # "sleep 15", 185 | # "sudo apt -y update", 186 | # "sudo apt -y install apache2", 187 | # "sudo systemctl start apache2", 188 | # "sudo chown -R ${var.admin_username}:${var.admin_username} /var/www/html", 189 | # "chmod +x *.sh", 190 | # "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", 191 | # ] 192 | 193 | # connection { 194 | # type = "ssh" 195 | # user = var.admin_username 196 | # password = var.admin_password 197 | # host = azurerm_public_ip.catapp-pip.fqdn 198 | # } 199 | # } 200 | # } 201 | -------------------------------------------------------------------------------- /exercises/outputs.tf.completed: -------------------------------------------------------------------------------- 1 | # Outputs file 2 | output "catapp_url" { 3 | value = "http://${azurerm_public_ip.catapp-pip.fqdn}" 4 | } 5 | 6 | output "catapp_ip" { 7 | value = "http://${azurerm_public_ip.catapp-pip.ip_address}" 8 | } 9 | -------------------------------------------------------------------------------- /exercises/outputs.tf.start: -------------------------------------------------------------------------------- 1 | # Outputs file 2 | #output "catapp_url" { 3 | # value = "http://${azurerm_public_ip.catapp-pip.fqdn}" 4 | #} 5 | -------------------------------------------------------------------------------- /files/deploy_app.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (c) HashiCorp, Inc. 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | # Script to deploy a very simple web application. 6 | # The web app has a customizable image and some text. 7 | 8 | cat << EOM > /var/www/html/index.html 9 | 10 | Meow! 11 | 12 |
13 | 14 | 15 |
16 |

Meow World!

17 | Welcome to ${PREFIX}'s app. Replace this text with your own. 18 | 19 | 20 |
21 | 22 | 23 | EOM 24 | 25 | echo "Script complete." -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | terraform { 5 | required_providers { 6 | azurerm = { 7 | source = "hashicorp/azurerm" 8 | version = ">=3.41.0" 9 | } 10 | } 11 | } 12 | 13 | provider "azurerm" { 14 | features { 15 | resource_group { 16 | prevent_deletion_if_contains_resources = false 17 | } 18 | } 19 | } 20 | 21 | resource "azurerm_resource_group" "myresourcegroup" { 22 | name = "${var.prefix}-workshop" 23 | location = var.location 24 | 25 | tags = { 26 | environment = "Production" 27 | } 28 | } 29 | 30 | resource "azurerm_virtual_network" "vnet" { 31 | name = "${var.prefix}-vnet" 32 | location = azurerm_resource_group.myresourcegroup.location 33 | address_space = [var.address_space] 34 | resource_group_name = azurerm_resource_group.myresourcegroup.name 35 | } 36 | 37 | resource "azurerm_subnet" "subnet" { 38 | name = "${var.prefix}-subnet" 39 | virtual_network_name = azurerm_virtual_network.vnet.name 40 | resource_group_name = azurerm_resource_group.myresourcegroup.name 41 | address_prefixes = [var.subnet_prefix] 42 | } 43 | 44 | resource "azurerm_network_security_group" "catapp-sg" { 45 | name = "${var.prefix}-sg" 46 | location = var.location 47 | resource_group_name = azurerm_resource_group.myresourcegroup.name 48 | 49 | security_rule { 50 | name = "HTTP" 51 | priority = 100 52 | direction = "Inbound" 53 | access = "Allow" 54 | protocol = "Tcp" 55 | source_port_range = "*" 56 | destination_port_range = "80" 57 | source_address_prefix = "*" 58 | destination_address_prefix = "*" 59 | } 60 | 61 | security_rule { 62 | name = "HTTPS" 63 | priority = 102 64 | direction = "Inbound" 65 | access = "Allow" 66 | protocol = "Tcp" 67 | source_port_range = "*" 68 | destination_port_range = "443" 69 | source_address_prefix = "*" 70 | destination_address_prefix = "*" 71 | } 72 | 73 | security_rule { 74 | name = "SSH" 75 | priority = 101 76 | direction = "Inbound" 77 | access = "Allow" 78 | protocol = "Tcp" 79 | source_port_range = "*" 80 | destination_port_range = "22" 81 | source_address_prefix = "*" 82 | destination_address_prefix = "*" 83 | } 84 | } 85 | 86 | resource "azurerm_network_interface" "catapp-nic" { 87 | name = "${var.prefix}-catapp-nic" 88 | location = azurerm_resource_group.myresourcegroup.location 89 | resource_group_name = azurerm_resource_group.myresourcegroup.name 90 | 91 | ip_configuration { 92 | name = "${var.prefix}ipconfig" 93 | subnet_id = azurerm_subnet.subnet.id 94 | private_ip_address_allocation = "Dynamic" 95 | public_ip_address_id = azurerm_public_ip.catapp-pip.id 96 | } 97 | } 98 | 99 | resource "azurerm_network_interface_security_group_association" "catapp-nic-sg-ass" { 100 | network_interface_id = azurerm_network_interface.catapp-nic.id 101 | network_security_group_id = azurerm_network_security_group.catapp-sg.id 102 | } 103 | 104 | resource "azurerm_public_ip" "catapp-pip" { 105 | name = "${var.prefix}-ip" 106 | location = azurerm_resource_group.myresourcegroup.location 107 | resource_group_name = azurerm_resource_group.myresourcegroup.name 108 | allocation_method = "Dynamic" 109 | domain_name_label = "${var.prefix}-meow" 110 | } 111 | 112 | resource "azurerm_linux_virtual_machine" "catapp" { 113 | name = "${var.prefix}-meow" 114 | location = azurerm_resource_group.myresourcegroup.location 115 | resource_group_name = azurerm_resource_group.myresourcegroup.name 116 | size = var.vm_size 117 | admin_username = var.admin_username 118 | admin_password = var.admin_password 119 | disable_password_authentication = false 120 | network_interface_ids = [azurerm_network_interface.catapp-nic.id] 121 | 122 | source_image_reference { 123 | publisher = var.image_publisher 124 | offer = var.image_offer 125 | sku = var.image_sku 126 | version = var.image_version 127 | } 128 | 129 | os_disk { 130 | caching = "ReadWrite" 131 | storage_account_type = "Standard_LRS" 132 | disk_size_gb = "60" 133 | 134 | } 135 | 136 | tags = {} 137 | 138 | # Added to allow destroy to work correctly. 139 | depends_on = [azurerm_network_interface_security_group_association.catapp-nic-sg-ass] 140 | } 141 | 142 | # We're using a little trick here so we can run the provisioner without 143 | # destroying the VM. Do not do this in production. 144 | 145 | # If you need ongoing management (Day N) of your virtual machines a tool such 146 | # as Chef or Puppet is a better choice. These tools track the state of 147 | # individual files and can keep them in the correct configuration. 148 | 149 | # Here we do the following steps: 150 | # Sync everything in files/ to the remote VM. 151 | # Set up some environment variables for our script. 152 | # Add execute permissions to our scripts. 153 | # Run the deploy_app.sh script. 154 | resource "null_resource" "configure-cat-app" { 155 | depends_on = [ 156 | azurerm_linux_virtual_machine.catapp, 157 | ] 158 | 159 | # Terraform 0.11 160 | # triggers { 161 | # build_number = "${timestamp()}" 162 | # } 163 | 164 | # Terraform 0.12 165 | triggers = { 166 | build_number = timestamp() 167 | } 168 | 169 | provisioner "file" { 170 | source = "files/" 171 | destination = "/home/${var.admin_username}/" 172 | 173 | connection { 174 | type = "ssh" 175 | user = var.admin_username 176 | password = var.admin_password 177 | host = azurerm_public_ip.catapp-pip.fqdn 178 | } 179 | } 180 | 181 | provisioner "remote-exec" { 182 | inline = [ 183 | "sudo apt -y update", 184 | "sleep 15", 185 | "sudo apt -y update", 186 | "sudo apt -y install apache2", 187 | "sudo systemctl start apache2", 188 | "sudo chown -R ${var.admin_username}:${var.admin_username} /var/www/html", 189 | "chmod +x *.sh", 190 | "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", 191 | "sudo apt -y install cowsay", 192 | "cowsay Mooooooooooo!", 193 | ] 194 | 195 | connection { 196 | type = "ssh" 197 | user = var.admin_username 198 | password = var.admin_password 199 | host = azurerm_public_ip.catapp-pip.fqdn 200 | } 201 | } 202 | } 203 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | # Outputs file 5 | output "catapp_url" { 6 | value = "http://${azurerm_public_ip.catapp-pip.fqdn}" 7 | } 8 | 9 | output "catapp_ip" { 10 | value = "http://${azurerm_public_ip.catapp-pip.ip_address}" 11 | } 12 | -------------------------------------------------------------------------------- /terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | # Rename or copy this file to terraform.tfvars 2 | # Prefix must be all lowercase letters, digits, and hyphens. 3 | # Make sure it is at least 5 characters long. 4 | 5 | # prefix = "yourname" 6 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | ############################################################################## 5 | # Variables File 6 | # 7 | # Here is where we store the default values for all the variables used in our 8 | # Terraform code. If you create a variable with no default, the user will be 9 | # prompted to enter it (or define it via config file or command line flags.) 10 | 11 | variable "prefix" { 12 | description = "This prefix will be included in the name of most resources." 13 | } 14 | 15 | variable "location" { 16 | description = "The region where the virtual network is created." 17 | default = "centralus" 18 | } 19 | 20 | variable "address_space" { 21 | description = "The address space that is used by the virtual network. You can supply more than one address space. Changing this forces a new resource to be created." 22 | default = "10.0.0.0/16" 23 | } 24 | 25 | variable "subnet_prefix" { 26 | description = "The address prefix to use for the subnet." 27 | default = "10.0.10.0/24" 28 | } 29 | 30 | variable "vm_size" { 31 | description = "Specifies the size of the virtual machine." 32 | default = "Standard_B1s" 33 | } 34 | 35 | variable "image_publisher" { 36 | description = "Name of the publisher of the image (az vm image list)" 37 | default = "Canonical" 38 | } 39 | 40 | variable "image_offer" { 41 | description = "Name of the offer (az vm image list)" 42 | default = "0001-com-ubuntu-server-jammy" 43 | } 44 | 45 | variable "image_sku" { 46 | description = "Image SKU to apply (az vm image list)" 47 | default = "22_04-LTS-gen2" 48 | } 49 | 50 | variable "image_version" { 51 | description = "Version of the image to apply (az vm image list)" 52 | default = "latest" 53 | } 54 | 55 | variable "admin_username" { 56 | description = "Administrator user name for linux and mysql" 57 | default = "hashicorp" 58 | } 59 | 60 | variable "admin_password" { 61 | description = "Administrator password for linux and mysql" 62 | default = "Password123!" 63 | } 64 | 65 | variable "height" { 66 | default = "400" 67 | description = "Image height in pixels." 68 | } 69 | 70 | variable "width" { 71 | default = "600" 72 | description = "Image width in pixels." 73 | } 74 | 75 | variable "placeholder" { 76 | default = "placekitten.com" 77 | description = "Image-as-a-service URL. Some other fun ones to try are fillmurray.com, placecage.com, placebeard.it, loremflickr.com, baconmockup.com, placeimg.com, placebear.com, placeskull.com, stevensegallery.com, placedog.net" 78 | } 79 | --------------------------------------------------------------------------------