manjeet@Manjeets-MBP:~/manjeet-working/tf-demo/AzureDemo/az-dsc|
⇒ cat 4.virtual-machine-AD.tf
locals {
virtual_machine_name = "${var.vm_name}-client"
virtual_machine_fqdn = "${local.virtual_machine_name}.${var.active_directory_domain}"
custom_data_params = "Param($RemoteHostName = \"${local.virtual_machine_fqdn}\", $ComputerName = \"${local.virtual_machine_name}\")"
custom_data_content = "${local.custom_data_params} ${file("./files/winrm.ps1")}"
}
resource "azurerm_virtual_machine" "windows-vm" {
count = "${var.vmcount}"
name = "${local.virtual_machine_name}-${count.index}"
resource_group_name = "${data.azurerm_resource_group.myresourcegroup.name}"
location = "${data.azurerm_resource_group.myresourcegroup.location}"
network_interface_ids = ["${element(azurerm_network_interface.windows-vm-nic.*.id, count.index)}"]
vm_size = "${var.vmsize["medium"]}"
tags = "${merge(
map(
"Name", "win-vm-public-ip-${count.index}",
"Description", "This is windows vm workstation client for developers"
), var.tags)
}"
delete_os_disk_on_termination = true
delete_data_disks_on_termination = true
storage_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter"
version = "latest"
}
storage_os_disk {
name = "${var.name}-vm-osdisk-${count.index}"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "${local.virtual_machine_name}-${count.index}"
admin_username = "${data.azurerm_key_vault_secret.myWinUser.value}"
admin_password = "${data.azurerm_key_vault_secret.myWinPass.value}"
custom_data = "${local.custom_data_content}"
}
os_profile_secrets {
source_vault_id = "${data.azurerm_key_vault.keyvault.id}"
vault_certificates {
certificate_url = "${element(azurerm_key_vault_certificate.vm_certificate.*.secret_id, count.index)}"
certificate_store = "My"
}
}
os_profile_windows_config {
provision_vm_agent = true
enable_automatic_upgrades = true
winrm {
protocol = "https"
certificate_url = "${element(azurerm_key_vault_certificate.vm_certificate.*.secret_id, count.index)}"
}
additional_unattend_config {
pass = "oobeSystem"
component = "Microsoft-Windows-Shell-Setup"
setting_name = "AutoLogon"
content = "<AutoLogon><Password><Value>${data.azurerm_key_vault_secret.myWinPass.value}</Value></Password><Enabled>true</Enabled><LogonCount>1</LogonCount><Username>${data.azurerm_key_vault_secret.myWinUser.value}</Username></AutoLogon>"
}
# Unattend config is to enable basic auth in WinRM, required for the provisioner stage.
additional_unattend_config {
pass = "oobeSystem"
component = "Microsoft-Windows-Shell-Setup"
setting_name = "FirstLogonCommands"
content = "${file("./files/FirstLogonCommands.xml")}"
}
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = "${element(azurerm_public_ip.windows-public-ip.*.fqdn, count.index)}"
user = "${data.azurerm_key_vault_secret.myWinUser.value}"
password = "${data.azurerm_key_vault_secret.myWinPass.value}"
port = 5986
https = true
timeout = "2m"
# NOTE: if you're using a real certificate, rather than a self-signed one, you'll want this set to `false`/to remove this.
insecure = true
}
inline = [
"cd C:\\Windows",
"dir",
//"powershell.exe -ExecutionPolicy Unrestricted -Command {Install-WindowsFeature -name Web-Server -IncludeManagementTools}",
]
}
}
No comments:
Post a Comment