basic structure for splunk vm done

HariGS-DB · Jun 13, 2022 · b0012b0 · b0012b0
1 parent 565a1f5
commit b0012b0
Show file tree

Hide file tree

Showing 8 changed files with 377 additions and 0 deletions.
diff --git a/adb-splunk/.terraform.lock.hcl b/adb-splunk/.terraform.lock.hcl
diff --git a/adb-splunk/main.tf b/adb-splunk/main.tf
@@ -0,0 +1,40 @@
+provider "azurerm" {
+  features {}
+}
+
+provider "random" {
+}
+
+resource "random_string" "naming" {
+  special = false
+  upper   = false
+  length  = 6
+}
+
+data "azurerm_client_config" "current" {
+}
+
+data "external" "me" {
+  program = ["az", "account", "show", "--query", "user"]
+}
+
+locals {
+  // dltp - databricks labs terraform provider
+  prefix   = join("-", [var.workspace_prefix, "${random_string.naming.result}"])
+  location = var.rglocation
+  cidr     = var.spokecidr
+  dbfsname = join("", [var.dbfs_prefix, "${random_string.naming.result}"]) // dbfs name must not have special chars
+
+  // tags that are propagated down to all resources
+  tags = {
+    Environment = "Testing"
+    Owner       = lookup(data.external.me.result, "name")
+    Epoch       = random_string.naming.result
+  }
+}
+
+resource "azurerm_resource_group" "this" {
+  name     = "adb-splunk-${local.prefix}-rg"
+  location = local.location
+  tags     = local.tags
+}
diff --git a/adb-splunk/outputs.tf b/adb-splunk/outputs.tf
@@ -0,0 +1,23 @@
+output "public_key" {
+  value = tls_private_key.splunk_ssh.public_key_openssh
+}
+
+output "arm_client_id" {
+  value = data.azurerm_client_config.current.client_id
+}
+
+output "arm_subscription_id" {
+  value = data.azurerm_client_config.current.subscription_id
+}
+
+output "arm_tenant_id" {
+  value = data.azurerm_client_config.current.tenant_id
+}
+
+output "azure_region" {
+  value = local.location
+}
+
+output "resource_group" {
+  value = azurerm_resource_group.this.name
+}
diff --git a/adb-splunk/splunkvm.tf b/adb-splunk/splunkvm.tf
@@ -0,0 +1,77 @@
+resource "azurerm_network_interface" "splunk-nic" {
+  name                = "splunk-nic"
+  location            = azurerm_resource_group.this.location
+  resource_group_name = azurerm_resource_group.this.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.splunksubnet.id
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = azurerm_public_ip.splunk-nic-pubip.id
+  }
+}
+
+resource "tls_private_key" "splunk_ssh" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "local_file" "private_key" {
+  content         = tls_private_key.splunk_ssh.private_key_pem
+  filename        = "ssh_private.pem"
+  file_permission = "0600"
+}
+
+resource "azurerm_public_ip" "splunk-nic-pubip" {
+  name                = "splunk-nic-pubip"
+  resource_group_name = azurerm_resource_group.this.name
+  location            = azurerm_resource_group.this.location
+  allocation_method   = "Static"
+}
+
+resource "azurerm_linux_virtual_machine" "example" {
+  name                = "splunk-vm"
+  resource_group_name = azurerm_resource_group.this.name
+  location            = azurerm_resource_group.this.location
+  size                = "Standard_DS4_v2"
+  admin_username      = "azureuser"
+
+  network_interface_ids = [
+    azurerm_network_interface.splunk-nic.id,
+  ]
+
+  admin_ssh_key {
+    username   = "azureuser"
+    public_key = tls_private_key.splunk_ssh.public_key_openssh // using generated ssh key
+    # public_key = file("/home/azureuser/.ssh/authorized_keys") //using existing ssh key 
+  }
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "0001-com-ubuntu-server-focal"
+    sku       = "20_04-lts-gen2"
+    version   = "latest"
+  }
+}
+
+/* 
+resource "null_resource" "test_null" {
+  triggers = {
+    always_run = "${timestamp()}"
+  }
+  provisioner "local-exec" {
+    command = <<-EOT
+      terraform output -raw tls_private_key > ssh_private.pem
+      chmod 400 ssh_private.pem
+      EOT
+  }
+  depends_on = [
+    tls_private_key.splunk_ssh,
+  ]
+}
+ */
diff --git a/adb-splunk/variables.tf b/adb-splunk/variables.tf
@@ -0,0 +1,24 @@
+variable "spokecidr" {
+  type    = string
+  default = "10.179.0.0/20"
+}
+
+variable "no_public_ip" {
+  type    = bool
+  default = true
+}
+
+variable "rglocation" {
+  type    = string
+  default = "southeastasia"
+}
+
+variable "dbfs_prefix" {
+  type    = string
+  default = "dbfs"
+}
+
+variable "workspace_prefix" {
+  type    = string
+  default = "adb"
+}
diff --git a/adb-splunk/versions.tf b/adb-splunk/versions.tf
@@ -0,0 +1,19 @@
+# versions.tf
+terraform {
+  required_providers {
+    databricks = {
+      source  = "databrickslabs/databricks"
+      version = ">=0.5.1"
+    }
+
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">=2.83.0"
+    }
+
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 3.1"
+    }
+  }
+}
diff --git a/adb-splunk/vnet.tf b/adb-splunk/vnet.tf
@@ -0,0 +1,78 @@
+resource "azurerm_virtual_network" "this" {
+  name                = "${local.prefix}-vnet"
+  location            = azurerm_resource_group.this.location
+  resource_group_name = azurerm_resource_group.this.name
+  address_space       = [local.cidr]
+  tags                = local.tags
+}
+
+resource "azurerm_network_security_group" "this" {
+  name                = "${local.prefix}-nsg"
+  location            = azurerm_resource_group.this.location
+  resource_group_name = azurerm_resource_group.this.name
+  tags                = local.tags
+}
+
+resource "azurerm_subnet" "public" {
+  name                 = "${local.prefix}-public"
+  resource_group_name  = azurerm_resource_group.this.name
+  virtual_network_name = azurerm_virtual_network.this.name
+  address_prefixes     = [cidrsubnet(local.cidr, 3, 0)]
+
+  delegation {
+    name = "databricks"
+    service_delegation {
+      name = "Microsoft.Databricks/workspaces"
+      actions = [
+        "Microsoft.Network/virtualNetworks/subnets/join/action",
+        "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
+      "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action"]
+    }
+  }
+}
+
+resource "azurerm_subnet_network_security_group_association" "public" {
+  subnet_id                 = azurerm_subnet.public.id
+  network_security_group_id = azurerm_network_security_group.this.id
+}
+
+variable "private_subnet_endpoints" {
+  default = []
+}
+
+resource "azurerm_subnet" "private" {
+  name                 = "${local.prefix}-private"
+  resource_group_name  = azurerm_resource_group.this.name
+  virtual_network_name = azurerm_virtual_network.this.name
+  address_prefixes     = [cidrsubnet(local.cidr, 3, 1)]
+
+  enforce_private_link_endpoint_network_policies = true
+  enforce_private_link_service_network_policies  = true
+
+  delegation {
+    name = "databricks"
+    service_delegation {
+      name = "Microsoft.Databricks/workspaces"
+      actions = [
+        "Microsoft.Network/virtualNetworks/subnets/join/action",
+        "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
+      "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action"]
+    }
+  }
+
+  service_endpoints = var.private_subnet_endpoints
+}
+
+resource "azurerm_subnet_network_security_group_association" "private" {
+  subnet_id                 = azurerm_subnet.private.id
+  network_security_group_id = azurerm_network_security_group.this.id
+}
+
+
+resource "azurerm_subnet" "splunksubnet" {
+  name                 = "${local.prefix}-splunk"
+  resource_group_name  = azurerm_resource_group.this.name
+  virtual_network_name = azurerm_virtual_network.this.name
+  address_prefixes     = [cidrsubnet(local.cidr, 3, 2)]
+  //enforce_private_link_endpoint_network_policies = true // set to true to disable subnet policy
+}
diff --git a/adb-splunk/workspace.tf b/adb-splunk/workspace.tf