End to End Azure VM
This example showcases how to create, combine and reference multiple Idem Azure Plug-In Resources
:
Resource Group
Virtual Network
Subnet
Public IP
Security Groups
Network Interface
Virtual Machine
At the end we will have created an Azure Virtual Machine ( which includes attributes such as SSH Key authentication and Cloud-Init ).
Important You can follow this example with two different approaches:
Add all the resources and wait until the end to execute the state - Default
- You will have to provide manually the resources’ ID to cross-references dependencies, which it is simple and explained below.
- When you execute the state, you must include the reconciler=basic flag (as indicated at the step).
Execute the state each time, right after you add each resource, until you add ’em all - “Idemon”.
- Every time you add a new resource and apply the state, the output will include the associated ID when created, which you can cut and paste for any other resource that may have a dependency.
- In this mode, the reconciler=basic flag is not mandatory.
Let’s create a new SLS file named “goapp.sls”
First let’s add a Resource Group
# Resource Group
moff-idem-rg-01:
azure.resource_management.resource_groups.present:
- resource_group_name: moff-idem-rg-01
- parameters:
location: centralus
tags: {}
Then a Virtual Network, please note that we can reference our Resource Group by providing only its name
Virtual Network
vNet1-Idem:
azure.virtual_networks.virtual_networks.present:
- resource_group_name: moff-idem-rg-01
- virtual_network_name: vNet1-Idem
- parameters:
location: centralus
name: vNet1-Idem
properties:
addressSpace:
addressPrefixes:
- 10.12.13.0/25
enableDdosProtection: false
Now we can define a Subnet, just as before we can reference our Resource Group & Virtual Network by providing only their name
Subnet
moff-idem-subnet-1:
azure.virtual_networks.subnets.present:
- resource_group_name: moff-idem-rg-01
- virtual_network_name: vNet1-Idem
- subnet_name: moff-idem-subnet-1
- parameters:
properties:
"addressPrefix": "10.12.13.0/27"
location: centralus
Something similar happens for a Public IP, we reference our Resource Group by providing only its name
Public IP
moff-idem-pub-ip:
azure.virtual_networks.public_ip_addresses.present:
- resource_group_name: moff-idem-rg-01
- public_ip_address_name: moff-idem-pub-ip
- parameters:
location: centralus
properties:
publicIPAllocationMethod: Dynamic
idleTimeoutInMinutes: 10
publicIPAddressVersion: IPv4
Same story for a Security Groups, we reference our Resource Group by providing only its name, however notice that we include a force_update option, so we could update Security Groups as needed
Security Groups
moff-idem-sg-1:
azure.virtual_networks.network_security_groups.present:
- force_update: True
- resource_group_name: moff-idem-rg-01
- network_security_group_name: moff-idem-sg-1
- parameters:
location: centralus
properties:
securityRules:
- name: moff-idem-sg-rule-1
properties:
protocol: "*"
sourceAddressPrefix: "*"
destinationAddressPrefix: "*"
access: "Allow"
destinationPortRange: "22"
sourcePortRange: "*"
priority: 130
direction: "Inbound"
- name: moff-idem-sg-rule-2
properties:
protocol: "*"
sourceAddressPrefix: "*"
destinationAddressPrefix: "*"
access: "Allow"
destinationPortRange: "80"
sourcePortRange: "*"
priority: 150
direction: "Inbound"
Now, in the case of Network Interfaces, we need to reference our Resource Group but for the Security Groups, Public IP & Subnet, the “ID” and Azure Resource URL is needed, however you can see the Azure Resource URL follows a very well defined structure:
/subscriptions/<your Azure Subscription ID>/<resource group>/<name of the resource group>/providers/<Microsoft Provider Type>/<name of the resource>
Example for Public IP:
/subscriptions/23a8cee7-a1e4-4bb3-aff9-6898b4ee6fde/resourceGroups/moff-idem-rg-01/providers/Microsoft.Network/publicIPAddresses/moff-idem-pub-ip
You can learn more of Azure Resource URL in Azure API Doc .
Network Interfaces
moff-idem-nic-01:
azure.virtual_networks.network_interfaces.present:
- resource_group_name: moff-idem-rg-01
- network_interface_name: moff-idem-nic-01
- parameters:
location: centralus
properties:
enableAcceleratedNetworking: false
hostedWorkloads: []
networkSecurityGroup:
id: /subscriptions/23a8cee7-a1e4-4bb3-aff9-6898b4ee6fde/resourceGroups/moff-idem-rg-01/providers/Microsoft.Network/networkSecurityGroups/moff-idem-sg-1
ipConfigurations:
- name: moff-idem-nic-01-ipconfig1
properties:
primary: true
publicIPAddress:
id: /subscriptions/23a8cee7-a1e4-4bb3-aff9-6898b4ee6fde/resourceGroups/moff-idem-rg-01/providers/Microsoft.Network/publicIPAddresses/moff-idem-pub-ip
subnet:
id: /subscriptions/23a8cee7-a1e4-4bb3-aff9-6898b4ee6fde/resourceGroups/moff-idem-rg-01/providers/Microsoft.Network/virtualNetworks/vNet1-Idem/subnets/moff-idem-subnet-1
At this point we can add our Virtual Machine, in the case only the Network Interfaces ID is needed, following same logic as before
Create VM
Development-idem-015:
azure.compute.virtual_machines.present:
- resource_group_name: moff-idem-rg-01
- vm_name: Development-idem-015
- parameters:
location: centralus
name: Development-idem-015
properties:
hardwareProfile:
vmSize: Standard_A5
networkProfile:
networkInterfaces:
- id: /subscriptions/23a8cee7-a1e4-4bb3-aff9-6898b4ee6fde/resourceGroups/moff-idem-rg-01/providers/Microsoft.Network/networkInterfaces/moff-idem-nic-01
properties:
primary: true
osProfile:
adminUsername: demouser
allowExtensionOperations: true
computerName: Development-idem-015
linuxConfiguration:
ssh:
publicKeys:
- keyData: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFLX/56zSvZawvw3A0hfSVFPMPPeP8ZXeQ91+YdqCSyMUxgexQPpSEZIPbwodM0aAXMg227JuGji+JQlnXxCy1UDcpsGYnGsr3j3qrazrfp7tSBY5vTuHdmE4ZAEyoUFcEGPbDCzn82RI4PlF7508I32OPtr7HiZYeU+uP18snkvdXqEB8OCoSMy36lE806w+e3HVT/bMoj+wSAzjqju5Eqeg96IZOoeqpWQyTeLdaMqVdlQcSKcYnnKCIMaHTehZjtOHRte3EtSnbdiwCPnFno9EzHdCIde4KT+dFG9B2Goy2z10MkxFbR6IDxdbFxg4+siHNnHfbd/ILQuqN ubuntu"
path: /home/demouser/.ssh/authorized_keys
disablePasswordAuthentication: true
patchSettings:
assessmentMode: ImageDefault
patchMode: ImageDefault
provisionVMAgent: true
secrets: []
userData: "RXhhbXBsZSBVc2VyRGF0YQ=="
storageProfile:
dataDisks: []
imageReference:
exactVersion: 18.04.201804262
offer: UbuntuServer
publisher: Canonical
sku: 18.04-LTS
version: 18.04.201804262
osDisk:
caching: None
createOption: FromImage
deleteOption: Detach
diskSizeGB: 30
managedDisk:
storageAccountType: Standard_LRS
name: Development-idem-015-boot-disk
osType: Linux
tags:
blueprintname: goapp-idem
deployment: Idem-Discover
project: development
requestedby: hernandezf@vmware.com
Save your file and we are ready for deployment, please note that all the resources have the Idem Present Directive and that we must include the reconcilier flag , so Idem can loop for all the dependencies resources to be created.
idem state my_resource_group_state.sls --reconciler=basic
You can then use Idem describe to validate all your resources are created (BTW, it would be a good idea to use your own SSH public Key, this one is fake)