added 800 net gateway

HoussemDellai · Jan 28, 2024 · 3ed3e4e · 3ed3e4e
1 parent 34f1f44
commit 3ed3e4e
Show file tree

Hide file tree

Showing 10 changed files with 388 additions and 93 deletions.
diff --git a/.infracost/pricing.gob b/.infracost/pricing.gob
diff --git a/.infracost/terraform_modules/manifest-4975ab88bc48b751ebddba9db0b5f06b.json b/.infracost/terraform_modules/manifest-4975ab88bc48b751ebddba9db0b5f06b.json
@@ -0,0 +1 @@
+{"Path":"d:\\Projects\\azure-network-hub-spoke\\800_onprem_vpn","Version":"2.0","Modules":[]}
diff --git a/800_onprem_vpn/cert.cer b/800_onprem_vpn/cert.cer
diff --git a/800_onprem_vpn/private_dns_zone.tf b/800_onprem_vpn/private_dns_zone.tf
@@ -0,0 +1,19 @@
+resource "azurerm_private_dns_zone" "private-dns-zone" {
+  name                = "internal.corp"
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_private_dns_a_record" "dns_a_record_test" {
+  name                = "vm"
+  zone_name           = azurerm_private_dns_zone.private-dns-zone.name
+  resource_group_name = azurerm_private_dns_zone.private-dns-zone.resource_group_name
+  ttl                 = 300
+  records             = [azurerm_linux_virtual_machine.vm.private_ip_address] # just example IP address
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "link-dns-vnet" {
+  name                  = "link-dns-vnet"
+  resource_group_name   = azurerm_private_dns_zone.private-dns-zone.resource_group_name
+  private_dns_zone_name = azurerm_private_dns_zone.private-dns-zone.name
+  virtual_network_id    = azurerm_virtual_network.vnet-hub.id
+}
diff --git a/800_onprem_vpn/rg.tf b/800_onprem_vpn/rg.tf
@@ -1,4 +1,4 @@
 resource "azurerm_resource_group" "rg" {
-  name     = "rg-vnet-gateway-${var.prefix}"
+  name     = "rg-vnet-gateway-basic-${var.prefix}"
   location = "westeurope"
 }
diff --git a/800_onprem_vpn/terraform.tfstate b/800_onprem_vpn/terraform.tfstate
diff --git a/800_onprem_vpn/vnet.tf b/800_onprem_vpn/vnet.tf
@@ -1,5 +1,5 @@
 resource "azurerm_virtual_network" "vnet-hub" {
-  name                = "vnet-hub"
+  name                = "vnet-hub-weu"
   resource_group_name = azurerm_resource_group.rg.name
   location            = azurerm_resource_group.rg.location
   address_space       = ["10.0.0.0/16"]

diff --git a/800_onprem_vpn/vnet_gateway.tf b/800_onprem_vpn/vnet_gateway.tf
@@ -10,12 +10,16 @@ resource "azurerm_virtual_network_gateway" "vnet-gateway" {
   location            = azurerm_resource_group.rg.location
   resource_group_name = azurerm_resource_group.rg.name
 
-  type     = "Vpn" # ExpressRoute
+  type     = "Vpn"        # ExpressRoute
   vpn_type = "RouteBased" # PolicyBased
 
   active_active = false
   enable_bgp    = false
-  sku           = "VpnGw2" # Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ
+  #   sku           = "VpnGw2" # Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ
+  #   generation    = "Generation2" # Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ
+
+  sku        = "Basic"
+  generation = "Generation1"
 
   ip_configuration {
     name                          = "vnetGatewayConfig"
@@ -28,31 +32,8 @@ resource "azurerm_virtual_network_gateway" "vnet-gateway" {
     address_space = ["10.1.0.0/24"]
 
     root_certificate {
-      name = "P2SRootCert800"
-    #   public_cert_data = filebase64("./certs/P2SRootCert800.cer")
-      public_cert_data = <<CERT
-MIIC7TCCAdWgAwIBAgIQNkgiCmzvDLpIQ8I5RT9zkzANBgkqhkiG9w0BAQsFADAZ
-MRcwFQYDVQQDDA5QMlNSb290Q2VydDgwMDAeFw0yNDAxMjcwODE2MjdaFw0yNjAx
-MjcwODI2MjdaMBkxFzAVBgNVBAMMDlAyU1Jvb3RDZXJ0ODAwMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyfFE0FvBMKMBU2uGFG/Drxnn8irLA3tmwN5
-+qvhC1XneEVXShmaESjN/ETElL6u86EK2UwDUBdkcT5Gl3SRJu61ZND1SEsBNIC1
-FC9bMFMDpP4oVaaoQLxTQT2n8vW0oXr4srAOTNzPkUnH0rir/5GoVtEbrXyyOn79
-dmj6/hK7kkAIpO3OIj1oVEblG0XVV0mildm72ue4Jxw6zxulcvxCNGYnOyh+SjuS
-DdC6puqWVoCIpTCMnEPOPiaUwppIDlH1xUfD62gumnAkTzNymj9C/3orDRWqhiTd
-/nTdjSeySyzlWoregkG/hFYMWShnf+uCxXfrkJxjiFMO1oW0WQIDAQABozEwLzAO
-BgNVHQ8BAf8EBAMCAgQwHQYDVR0OBBYEFMax7OnaILaPu51P4Jn8r8oQdhCTMA0G
-CSqGSIb3DQEBCwUAA4IBAQBrMCaq26XUWCkkGtpw6Imw7Sg5LvkARhYP35OOIAQA
-O/BN/o/UWwJCdO1c4CG3oXpAxNXcu4U62FpwQGhASB3aGQwolQQ64hOx3ax2insT
-b/wwN5fH6Qz9sxRkG2tKJOyT5ikaE5rxGIciOGovNWikf/tIBTolwOoLmBAeDXXS
-ifyOqxKWJmhft76MuhXsZ/nBirVAjXPxQAN5R2caaU+wnmDVcNS/dqEWqRiiWj+4
-VseTSQkrH0DvOWXbjp4aGiZxh+sUZvSMCzHZ9/cT26jfcqwecbi8gdJ6T+kuluk6
-0/g2BuU1zKvngP8o/5/25VT47+ts3F4VeapFnm0QzOOg
-CERT
+      name             = "P2SRootCert800"
+      public_cert_data = replace(replace(file("./certs/P2SRootCert800.cer"), "-----BEGIN CERTIFICATE-----", ""), "-----END CERTIFICATE-----", "")
     }
-
-    # revoked_certificate {
-    #   name       = "Verizon-Global-Root-CA"
-    #   thumbprint = "912198EEF23DCAC40939312FEE97DD560BAE49B1"
-    # }
   }
 }
diff --git a/800_onprem_vpn/windows_vm.tf b/800_onprem_vpn/windows_vm.tf
@@ -0,0 +1,53 @@
+resource "azurerm_network_interface" "nic-vm-windows" {
+  name                = "nic-vm-windows"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.subnet-vm.id
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = null
+  }
+}
+
+resource "azurerm_windows_virtual_machine" "vm" {
+  name                  = "vm-jumpbox-w11"
+  resource_group_name   = azurerm_resource_group.rg.name
+  location              = azurerm_resource_group.rg.location
+  size                  = "Standard_B2als_v2"
+  admin_username        = "azureuser"
+  admin_password        = "@Aa123456789"
+  network_interface_ids = [azurerm_network_interface.nic-vm-windows.id]
+
+  # custom_data = filebase64("./install-tools-windows.ps1")
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "MicrosoftWindowsDesktop"
+    offer     = "windows-11"
+    sku       = "win11-23h2-pro"
+    version   = "latest"
+  }
+
+  boot_diagnostics {
+    storage_account_uri = null
+  }
+}
+
+# resource "azurerm_virtual_machine_extension" "cloudinit" {
+#   name                 = "cloudinit"
+#   virtual_machine_id   = azurerm_windows_virtual_machine.vm.id
+#   publisher            = "Microsoft.Compute"
+#   type                 = "CustomScriptExtension"
+#   type_handler_version = "1.10"
+#   settings             = <<SETTINGS
+#     {
+#         "commandToExecute": "powershell -ExecutionPolicy unrestricted -NoProfile -NonInteractive -command \"cp c:/azuredata/customdata.bin c:/azuredata/install.ps1; c:/azuredata/install.ps1\""
+#     }
+#     SETTINGS
+# }
diff --git a/graph.png b/graph.png