provider "azurerm" { subscription_id = "${var.subscription_id}" client_id = "${var.aad_client_id}" client_secret = "${var.aad_client_secret}" tenant_id = "${var.tenant_id}" } resource "azurerm_resource_group" "rg" { name = "${var.resource_group_name}" location = "${var.resource_group_location}" } # ******* NETWORK SECURITY GROUPS *********** resource "azurerm_network_security_group" "master_nsg" { name = "${var.openshift_cluster_prefix}-master-nsg" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" security_rule { name = "allow_SSH_in_all" description = "Allow SSH in from all locations" priority = 100 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" destination_address_prefix = "*" } security_rule { name = "allow_HTTPS_all" description = "Allow HTTPS connections from all locations" priority = 200 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" destination_address_prefix = "*" } security_rule { name = "allow_OpenShift_console_in_all" description = "Allow OpenShift Console connections from all locations" priority = 300 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "8443" source_address_prefix = "*" destination_address_prefix = "*" } } resource "azurerm_network_security_group" "infra_nsg" { name = "${var.openshift_cluster_prefix}-infra-nsg" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" security_rule { name = "allow_SSH_in_all" description = "Allow SSH in from all locations" priority = 100 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" destination_address_prefix = "*" } security_rule { name = "allow_HTTPS_all" description = "Allow HTTPS connections from all locations" priority = 200 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" destination_address_prefix = "*" } security_rule { name = "allow_HTTP_in_all" description = "Allow HTTP connections from all locations" priority = 300 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" destination_address_prefix = "*" } } resource "azurerm_network_security_group" "node_nsg" { name = "${var.openshift_cluster_prefix}-node-nsg" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" security_rule { name = "allow_SSH_in_all" description = "Allow SSH in from all locations" priority = 100 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" destination_address_prefix = "*" } security_rule { name = "allow_HTTPS_all" description = "Allow HTTPS connections from all locations" priority = 200 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" destination_address_prefix = "*" } security_rule { name = "allow_HTTP_in_all" description = "Allow HTTP connections from all locations" priority = 300 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" destination_address_prefix = "*" } } # ******* STORAGE ACCOUNTS *********** resource "azurerm_storage_account" "bastion_storage_account" { name = "${var.openshift_cluster_prefix}bsa" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" account_type = "${var.storage_account_type_map["${var.bastion_vm_size}"]}" } resource "azurerm_storage_account" "master_storage_account" { name = "${var.openshift_cluster_prefix}msa" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" account_type = "${var.storage_account_type_map["${var.master_vm_size}"]}" } resource "azurerm_storage_account" "infra_storage_account" { name = "${var.openshift_cluster_prefix}infrasa" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" account_type = "${var.storage_account_type_map["${var.infra_vm_size}"]}" } resource "azurerm_storage_account" "nodeos_storage_account" { name = "${var.openshift_cluster_prefix}nodeossa" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" account_type = "${var.storage_account_type_map["${var.node_vm_size}"]}" } resource "azurerm_storage_account" "nodedata_storage_account" { name = "${var.openshift_cluster_prefix}nodedatasa" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" account_type = "${var.storage_account_type_map["${var.node_vm_size}"]}" } resource "azurerm_storage_account" "registry_storage_account" { name = "${var.openshift_cluster_prefix}regsa" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" account_type = "Standard_LRS" } resource "azurerm_storage_account" "persistent_volume_storage_account" { name = "${var.openshift_cluster_prefix}pvsa" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" account_type = "Standard_LRS" } # ******* AVAILABILITY SETS *********** resource "azurerm_availability_set" "master" { name = "masteravailabilityset" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" } resource "azurerm_availability_set" "infra" { name = "infraavailabilityset" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" } resource "azurerm_availability_set" "node" { name = "nodeavailabilityset" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" } # ******* IP ADDRESSES *********** resource "azurerm_public_ip" "bastion_pip" { name = "bastionpip" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" public_ip_address_allocation = "Static" domain_name_label = "${var.openshift_cluster_prefix}-bastion" } resource "azurerm_public_ip" "openshift_master_pip" { name = "masterpip" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" public_ip_address_allocation = "Static" domain_name_label = "${var.openshift_cluster_prefix}" } resource "azurerm_public_ip" "infra_lb_pip" { name = "infraip" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" public_ip_address_allocation = "Static" domain_name_label = "${var.openshift_cluster_prefix}infrapip" } # ******* VNETS / SUBNETS *********** resource "azurerm_virtual_network" "vnet" { name = "openshiftvnet" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" address_space = ["10.0.0.0/8"] depends_on = ["azurerm_virtual_network.vnet"] } resource "azurerm_subnet" "master_subnet" { name = "mastersubnet" virtual_network_name = "${azurerm_virtual_network.vnet.name}" resource_group_name = "${azurerm_resource_group.rg.name}" address_prefix = "10.1.0.0/16" depends_on = ["azurerm_virtual_network.vnet"] } resource "azurerm_subnet" "node_subnet" { name = "nodesubnet" virtual_network_name = "${azurerm_virtual_network.vnet.name}" resource_group_name = "${azurerm_resource_group.rg.name}" address_prefix = "10.2.0.0/16" } # ******* MASTER LOAD BALANCER *********** resource "azurerm_lb" "master_lb" { name = "masterloadbalancer" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" depends_on = ["azurerm_public_ip.openshift_master_pip"] frontend_ip_configuration { name = "LoadBalancerFrontEnd" public_ip_address_id = "${azurerm_public_ip.openshift_master_pip.id}" } } resource "azurerm_lb_backend_address_pool" "master_lb" { resource_group_name = "${azurerm_resource_group.rg.name}" name = "loadBalancerBackEnd" loadbalancer_id = "${azurerm_lb.master_lb.id}" depends_on = ["azurerm_lb.master_lb"] } resource "azurerm_lb_probe" "master_lb" { resource_group_name = "${azurerm_resource_group.rg.name}" loadbalancer_id = "${azurerm_lb.master_lb.id}" name = "8443Probe" port = 8443 interval_in_seconds = 5 number_of_probes = 2 protocol = "Tcp" depends_on = ["azurerm_lb.master_lb"] } resource "azurerm_lb_rule" "master_lb" { resource_group_name = "${azurerm_resource_group.rg.name}" loadbalancer_id = "${azurerm_lb.master_lb.id}" name = "OpenShiftAdminConsole" protocol = "Tcp" frontend_port = 8443 backend_port = 8443 frontend_ip_configuration_name = "LoadBalancerFrontEnd" backend_address_pool_id = "${azurerm_lb_backend_address_pool.master_lb.id}" load_distribution = "SourceIP" idle_timeout_in_minutes = 30 probe_id = "${azurerm_lb_probe.master_lb.id}" enable_floating_ip = false depends_on = ["azurerm_lb_probe.master_lb", "azurerm_lb.master_lb", "azurerm_lb_backend_address_pool.master_lb"] } resource "azurerm_lb_nat_rule" "master_lb" { resource_group_name = "${azurerm_resource_group.rg.name}" loadbalancer_id = "${azurerm_lb.master_lb.id}" name = "${azurerm_lb.master_lb.name}-SSH-${count.index}" protocol = "Tcp" frontend_port = "${count.index + 2200}" backend_port = 22 frontend_ip_configuration_name = "LoadBalancerFrontEnd" count = "${var.master_instance_count}" depends_on = ["azurerm_lb.master_lb"] } # ******* INFRA LOAD BALANCER *********** resource "azurerm_lb" "infra_lb" { name = "infraloadbalancer" resource_group_name = "${azurerm_resource_group.rg.name}" location = "${azurerm_resource_group.rg.location}" depends_on = ["azurerm_public_ip.infra_lb_pip"] frontend_ip_configuration { name = "LoadBalancerFrontEnd" public_ip_address_id = "${azurerm_public_ip.infra_lb_pip.id}" } } resource "azurerm_lb_backend_address_pool" "infra_lb" { resource_group_name = "${azurerm_resource_group.rg.name}" name = "loadBalancerBackEnd" loadbalancer_id = "${azurerm_lb.infra_lb.id}" depends_on = ["azurerm_lb.infra_lb"] } resource "azurerm_lb_probe" "infra_lb_http_probe" { resource_group_name = "${azurerm_resource_group.rg.name}" loadbalancer_id = "${azurerm_lb.infra_lb.id}" name = "httpProbe" port = 80 interval_in_seconds = 5 number_of_probes = 2 protocol = "Tcp" depends_on = ["azurerm_lb.infra_lb"] } resource "azurerm_lb_probe" "infra_lb_https_probe" { resource_group_name = "${azurerm_resource_group.rg.name}" loadbalancer_id = "${azurerm_lb.infra_lb.id}" name = "httpsProbe" port = 443 interval_in_seconds = 5 number_of_probes = 2 protocol = "Tcp" } resource "azurerm_lb_rule" "infra_lb_http" { resource_group_name = "${azurerm_resource_group.rg.name}" loadbalancer_id = "${azurerm_lb.infra_lb.id}" name = "OpenShiftRouterHTTP" protocol = "Tcp" frontend_port = 80 backend_port = 80 frontend_ip_configuration_name = "LoadBalancerFrontEnd" backend_address_pool_id = "${azurerm_lb_backend_address_pool.infra_lb.id}" probe_id = "${azurerm_lb_probe.infra_lb_http_probe.id}" depends_on = ["azurerm_lb_probe.infra_lb_http_probe", "azurerm_lb.infra_lb", "azurerm_lb_backend_address_pool.infra_lb"] } resource "azurerm_lb_rule" "infra_lb_https" { resource_group_name = "${azurerm_resource_group.rg.name}" loadbalancer_id = "${azurerm_lb.infra_lb.id}" name = "OpenShiftRouterHTTPS" protocol = "Tcp" frontend_port = 443 backend_port = 443 frontend_ip_configuration_name = "LoadBalancerFrontEnd" backend_address_pool_id = "${azurerm_lb_backend_address_pool.infra_lb.id}" probe_id = "${azurerm_lb_probe.infra_lb_https_probe.id}" depends_on = ["azurerm_lb_probe.infra_lb_https_probe", "azurerm_lb_backend_address_pool.infra_lb"] } # ******* NETWORK INTERFACES *********** resource "azurerm_network_interface" "bastion_nic" { name = "bastionnic${count.index}" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" network_security_group_id = "${azurerm_network_security_group.master_nsg.id}" ip_configuration { name = "bastionip${count.index}" subnet_id = "${azurerm_subnet.master_subnet.id}" private_ip_address_allocation = "Dynamic" public_ip_address_id = "${azurerm_public_ip.bastion_pip.id}" } } resource "azurerm_network_interface" "master_nic" { name = "masternic${count.index}" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" network_security_group_id = "${azurerm_network_security_group.master_nsg.id}" count = "${var.master_instance_count}" ip_configuration { name = "masterip${count.index}" subnet_id = "${azurerm_subnet.master_subnet.id}" private_ip_address_allocation = "Dynamic" load_balancer_backend_address_pools_ids = ["${azurerm_lb_backend_address_pool.master_lb.id}"] load_balancer_inbound_nat_rules_ids = ["${element(azurerm_lb_nat_rule.master_lb.*.id, count.index)}"] } } resource "azurerm_network_interface" "infra_nic" { name = "infra_nic${count.index}" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" network_security_group_id = "${azurerm_network_security_group.infra_nsg.id}" count = "${var.infra_instance_count}" ip_configuration { name = "infraip${count.index}" subnet_id = "${azurerm_subnet.master_subnet.id}" private_ip_address_allocation = "Dynamic" load_balancer_backend_address_pools_ids = ["${azurerm_lb_backend_address_pool.infra_lb.id}"] } } resource "azurerm_network_interface" "node_nic" { name = "node_nic${count.index}" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" network_security_group_id = "${azurerm_network_security_group.node_nsg.id}" count = "${var.node_instance_count}" ip_configuration { name = "nodeip${count.index}" subnet_id = "${azurerm_subnet.node_subnet.id}" private_ip_address_allocation = "Dynamic" } } # ******* Bastion Host ******* resource "azurerm_virtual_machine" "bastion" { name = "${var.openshift_cluster_prefix}-bastion-1" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" network_interface_ids = ["${azurerm_network_interface.bastion_nic.id}"] vm_size = "${var.bastion_vm_size}" delete_os_disk_on_termination = true delete_data_disks_on_termination = true tags { displayName = "${var.openshift_cluster_prefix}-bastion VM Creation" } os_profile { computer_name = "${var.openshift_cluster_prefix}-bastion-${count.index}" admin_username = "${var.admin_username}" admin_password = "${var.openshift_password}" } os_profile_linux_config { disable_password_authentication = true ssh_keys { path = "/home/${var.admin_username}/.ssh/authorized_keys" key_data = "${var.ssh_public_key}" } } storage_image_reference { publisher = "${lookup(var.os_image_map, join("_publisher", list(var.os_image, "")))}" offer = "${lookup(var.os_image_map, join("_offer", list(var.os_image, "")))}" sku = "${lookup(var.os_image_map, join("_sku", list(var.os_image, "")))}" version = "${lookup(var.os_image_map, join("_version", list(var.os_image, "")))}" } storage_os_disk { name = "${var.openshift_cluster_prefix}-master-osdisk${count.index}" vhd_uri = "${azurerm_storage_account.bastion_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-bastion-osdisk.vhd" caching = "ReadWrite" create_option = "FromImage" disk_size_gb = 60 } } # ******* Master VMs ******* resource "azurerm_virtual_machine" "master" { name = "${var.openshift_cluster_prefix}-master-${count.index}" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" availability_set_id = "${azurerm_availability_set.master.id}" network_interface_ids = ["${element(azurerm_network_interface.master_nic.*.id, count.index)}"] vm_size = "${var.master_vm_size}" delete_os_disk_on_termination = true delete_data_disks_on_termination = true count = "${var.master_instance_count}" depends_on = ["azurerm_virtual_machine.infra", "azurerm_virtual_machine.node"] tags { displayName = "${var.openshift_cluster_prefix}-master VM Creation" } connection { host = "${azurerm_public_ip.openshift_master_pip.fqdn}" user = "${var.admin_username}" port = 2200 private_key = "${file(var.connection_private_ssh_key_path)}" } provisioner "file" { source = "${var.openshift_script_path}/masterPrep.sh" destination = "masterPrep.sh" } provisioner "file" { source = "${var.openshift_script_path}/deployOpenShift.sh" destination = "deployOpenShift.sh" } provisioner "remote-exec" { inline = [ "chmod +x masterPrep.sh", "chmod +x deployOpenShift.sh", "sudo bash masterPrep.sh \"${azurerm_storage_account.persistent_volume_storage_account.name}\" \"${var.admin_username}\" && sudo bash deployOpenShift.sh \"${var.admin_username}\" \"${var.openshift_password}\" \"${var.key_vault_secret}\" \"${var.openshift_cluster_prefix}-master\" \"${azurerm_public_ip.openshift_master_pip.fqdn}\" \"${azurerm_public_ip.openshift_master_pip.ip_address}\" \"${var.openshift_cluster_prefix}-infra\" \"${var.openshift_cluster_prefix}-node\" \"${var.node_instance_count}\" \"${var.infra_instance_count}\" \"${var.master_instance_count}\" \"${var.default_sub_domain_type}\" \"${azurerm_storage_account.registry_storage_account.name}\" \"${azurerm_storage_account.registry_storage_account.primary_access_key}\" \"${var.tenant_id}\" \"${var.subscription_id}\" \"${var.aad_client_id}\" \"${var.aad_client_secret}\" \"${azurerm_resource_group.rg.name}\" \"${azurerm_resource_group.rg.location}\" \"${var.key_vault_name}\"" ] } os_profile { computer_name = "${var.openshift_cluster_prefix}-master-${count.index}" admin_username = "${var.admin_username}" admin_password = "${var.openshift_password}" } os_profile_linux_config { disable_password_authentication = true ssh_keys { path = "/home/${var.admin_username}/.ssh/authorized_keys" key_data = "${var.ssh_public_key}" } } storage_image_reference { publisher = "${lookup(var.os_image_map, join("_publisher", list(var.os_image, "")))}" offer = "${lookup(var.os_image_map, join("_offer", list(var.os_image, "")))}" sku = "${lookup(var.os_image_map, join("_sku", list(var.os_image, "")))}" version = "${lookup(var.os_image_map, join("_version", list(var.os_image, "")))}" } storage_os_disk { name = "${var.openshift_cluster_prefix}-master-osdisk${count.index}" vhd_uri = "${azurerm_storage_account.master_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-master-osdisk${count.index}.vhd" caching = "ReadWrite" create_option = "FromImage" disk_size_gb = 60 } storage_data_disk { name = "${var.openshift_cluster_prefix}-master-docker-pool${count.index}" vhd_uri = "${azurerm_storage_account.master_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-master-docker-pool${count.index}.vhd" disk_size_gb = "${var.data_disk_size}" create_option = "Empty" lun = 0 } } # ******* Infra VMs ******* resource "azurerm_virtual_machine" "infra" { name = "${var.openshift_cluster_prefix}-infra-${count.index}" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" availability_set_id = "${azurerm_availability_set.infra.id}" network_interface_ids = ["${element(azurerm_network_interface.infra_nic.*.id, count.index)}"] vm_size = "${var.infra_vm_size}" delete_os_disk_on_termination = true delete_data_disks_on_termination = true count = "${var.infra_instance_count}" tags { displayName = "${var.openshift_cluster_prefix}-infra VM Creation" } connection { type = "ssh" bastion_host = "${azurerm_public_ip.bastion_pip.fqdn}" bastion_user = "${var.admin_username}" bastion_private_key = "${file(var.connection_private_ssh_key_path)}" host = "${element(azurerm_network_interface.infra_nic.*.private_ip_address, count.index)}" user = "${var.admin_username}" private_key = "${file(var.connection_private_ssh_key_path)}" } provisioner "file" { source = "${var.openshift_script_path}/nodePrep.sh" destination = "nodePrep.sh" } provisioner "remote-exec" { inline = [ "chmod +x nodePrep.sh", "sudo bash nodePrep.sh", ] } os_profile { computer_name = "${var.openshift_cluster_prefix}-infra-${count.index}" admin_username = "${var.admin_username}" admin_password = "${var.openshift_password}" } os_profile_linux_config { disable_password_authentication = true ssh_keys { path = "/home/${var.admin_username}/.ssh/authorized_keys" key_data = "${var.ssh_public_key}" } } storage_image_reference { publisher = "${lookup(var.os_image_map, join("_publisher", list(var.os_image, "")))}" offer = "${lookup(var.os_image_map, join("_offer", list(var.os_image, "")))}" sku = "${lookup(var.os_image_map, join("_sku", list(var.os_image, "")))}" version = "${lookup(var.os_image_map, join("_version", list(var.os_image, "")))}" } storage_os_disk { name = "${var.openshift_cluster_prefix}-infra-osdisk${count.index}" vhd_uri = "${azurerm_storage_account.infra_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-infra-osdisk${count.index}.vhd" caching = "ReadWrite" create_option = "FromImage" } storage_data_disk { name = "${var.openshift_cluster_prefix}-infra-docker-pool" vhd_uri = "${azurerm_storage_account.infra_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-infra-docker-pool${count.index}.vhd" disk_size_gb = "${var.data_disk_size}" create_option = "Empty" lun = 0 } } # ******* Node VMs ******* resource "azurerm_virtual_machine" "node" { name = "${var.openshift_cluster_prefix}-node-${count.index}" location = "${azurerm_resource_group.rg.location}" resource_group_name = "${azurerm_resource_group.rg.name}" availability_set_id = "${azurerm_availability_set.node.id}" network_interface_ids = ["${element(azurerm_network_interface.node_nic.*.id, count.index)}"] vm_size = "${var.node_vm_size}" delete_os_disk_on_termination = true delete_data_disks_on_termination = true count = "${var.node_instance_count}" tags { displayName = "${var.openshift_cluster_prefix}-node VM Creation" } connection { type = "ssh" bastion_host = "${azurerm_public_ip.bastion_pip.fqdn}" bastion_user = "${var.admin_username}" bastion_private_key = "${file(var.connection_private_ssh_key_path)}" host = "${element(azurerm_network_interface.node_nic.*.private_ip_address, count.index)}" user = "${var.admin_username}" private_key = "${file(var.connection_private_ssh_key_path)}" } provisioner "file" { source = "${var.openshift_script_path}/nodePrep.sh" destination = "nodePrep.sh" } provisioner "remote-exec" { inline = [ "chmod +x nodePrep.sh", "sudo bash nodePrep.sh", ] } os_profile { computer_name = "${var.openshift_cluster_prefix}-node-${count.index}" admin_username = "${var.admin_username}" admin_password = "${var.openshift_password}" } os_profile_linux_config { disable_password_authentication = true ssh_keys { path = "/home/${var.admin_username}/.ssh/authorized_keys" key_data = "${var.ssh_public_key}" } } storage_image_reference { publisher = "${lookup(var.os_image_map, join("_publisher", list(var.os_image, "")))}" offer = "${lookup(var.os_image_map, join("_offer", list(var.os_image, "")))}" sku = "${lookup(var.os_image_map, join("_sku", list(var.os_image, "")))}" version = "${lookup(var.os_image_map, join("_version", list(var.os_image, "")))}" } storage_os_disk { name = "${var.openshift_cluster_prefix}-node-osdisk" vhd_uri = "${azurerm_storage_account.nodeos_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-node-osdisk${count.index}.vhd" caching = "ReadWrite" create_option = "FromImage" } storage_data_disk { name = "${var.openshift_cluster_prefix}-node-docker-pool${count.index}" vhd_uri = "${azurerm_storage_account.nodeos_storage_account.primary_blob_endpoint}vhds/${var.openshift_cluster_prefix}-node-docker-pool${count.index}.vhd" disk_size_gb = "${var.data_disk_size}" create_option = "Empty" lun = 0 } } # ******* VM EXTENSIONS ******* # resource "azurerm_virtual_machine_extension" "deploy_open_shift_master" { # name = "masterOpShExt${count.index}" # location = "${azurerm_resource_group.rg.location}" # resource_group_name = "${azurerm_resource_group.rg.name}" # virtual_machine_name = "${element(azurerm_virtual_machine.master.*.name, count.index)}" # publisher = "Microsoft.Azure.Extensions" # type = "CustomScript" # type_handler_version = "2.0" # auto_upgrade_minor_version = true # depends_on = ["azurerm_virtual_machine.master", "azurerm_virtual_machine_extension.node_prep", "azurerm_storage_container.vhds", "azurerm_virtual_machine_extension.deploy_infra"] # # settings = <