Robe/testing ad#74
Conversation
Updated the expected environment variables
| required_providers { | ||
| azurerm = { | ||
| source = "hashicorp/azurerm" | ||
| version = "~>2.0" |
There was a problem hiding this comment.
You should consider jumping up to v3 which released this week, it might break some of your file below but best to start from current, I think.
| #We ned to refresh the state since the public vm IP isn't allocated when the resource is first provisioned | ||
| terraform refresh |
There was a problem hiding this comment.
That's a surprise, skimming your main.tf it looks like the output should contain the public IP as soon as apply is done.
There was a problem hiding this comment.
I know right. Apparently it should be set but there seems to be an issue that sounds like its pretty common with Dynamic IPs in Azure. I would have thought but setting the depends in the output that it would get it once the Vm becomes available but apparently not
| protocol = "Tcp" | ||
| source_port_range = "*" | ||
| destination_port_range = "389" | ||
| source_address_prefix = "*" |
There was a problem hiding this comment.
If this is intended to be used ephemerally, consider using http://ipv4.icanhazip.com or similar to get the IP of the environment running this infra up and defaulting the inbound security rule here to only allow that IP.
There was a problem hiding this comment.
right thats an interesting idea. Looks like it wouldnt be too complex either
data "http" "myip" {
url = "http://ipv4.icanhazip.com"
}
| location = azurerm_resource_group.rg.location | ||
| size = "Standard_F2" | ||
| admin_username = "adminuser" | ||
| admin_password = random_password.password.result |
| source_image_reference { | ||
| publisher = "MicrosoftWindowsServer" | ||
| offer = "WindowsServer" | ||
| sku = "2016-Datacenter" | ||
| version = "latest" | ||
| } |
There was a problem hiding this comment.
Consider baking the AD setup into a packer script and reference that image output here. VM extensions can be pretty brutal for setting this sort of thing up; despite your use of depends_on I don't know if Az will guarantee that they run in order or necessarily succeed before returning control back to Terraform. If you aren't able to use a golden image, consider using Ansible or similar to set up the VM once terraform's provisioned it, that should be more reliable.
There was a problem hiding this comment.
This does tend to work, the only complexity is that the AD Service install requires a reboot which then causes the configuration scripts not to run through the CustomScriptExtension resource.
Hence the RunCommandWindows that comes afterwards.
There was a problem hiding this comment.
It may well have worked for you a small number of times, but depending on how frequent this is run, the tolerance for failure may be quite low. Generally for this sort of thing I'd recommend baking as much setup as possible into a VM image.
2 participants
No description provided.