Sameer Shaik. B.E,M.S,M.B.A,P.M.P,C.S.M: Cloud

Here is the sample code to create few resource groups/Network and storage in the cloud.

Here is my main.tf file which will call variables file to lookup the variables that I have defined.

# Provider source and version being used

terraform {

  required_providers {

    azurerm = {

      source  = "hashicorp/azurerm"

      version = "=2.46.0"

}

}

}

# Configure the Microsoft Azure Provider

provider "azurerm" {

  features {}

}

# Create a resource group in existing VNET

resource "azurerm_resource_group" "dev-rg" {

  name                  = "${var.resource_group_name}"

  location              =  "${var.locations["location1"]}"

}

# Create a virtual network within the resource group

resource "azurerm_virtual_network" "dev-vnet" {

  name                = "${var.virtual_network_name}"

  resource_group_name = "${var.resource_group_name}"

  location            = "${var.locations["location1"]}"

  address_space       = "${var.address_prefixes}"

  depends_on          = [azurerm_resource_group.dev-rg]

}

# Create a Subnet in existing VNET

resource "azurerm_subnet" "dev-app-subnet" {

  name                  = "db-subnet"

  resource_group_name   = "${var.resource_group_name}"

  virtual_network_name  = "${var.virtual_network_name}"

  address_prefixes      = ["10.0.1.0/24"]

  depends_on          = [azurerm_resource_group.dev-rg, azurerm_virtual_network.dev-vnet]

  delegation {

    name = "delegation"

    service_delegation {

      name    = "Microsoft.ContainerInstance/containerGroups"

      actions = ["Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action"]

}

}

}

Here is my variables file:

variable "resource_group_name" {

    default = "dev-rg"

}

variable "locations" {

    type = map(string)

    default = {

        location1 = "eastus"

        location2 = "westus"

}

}

variable "virtual_network_name" {

    default = "dev-vnet"

}

variable "address_prefixes" {

    type    = list(string)

    default = ["10.0.0.0/16"]

}

variable "vnet_app_subnet" {

  description = "The subnet id of the virtual network where the virtual machines will reside."

  type        = list(string)

  default     = ["10.0.1.0/24"]

}

samshaik@shaikprod:~/terraform/lab$ terraform init

Initializing the backend...

Initializing provider plugins...

- Reusing previous version of hashicorp/azurerm from the dependency lock file

- Using previously-installed hashicorp/azurerm v2.46.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

samshaik@shaikprod:~/terraform/lab$ terraform plan

azurerm_resource_group.dev-rg: Refreshing state... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# azurerm_subnet.dev-app-subnet will be created

+ resource "azurerm_subnet" "dev-app-subnet" {

+ address_prefix = (known after apply)

+ address_prefixes = [

+ "10.0.1.0/24",

]

+ enforce_private_link_endpoint_network_policies = false

+ enforce_private_link_service_network_policies = false

+ id = (known after apply)

+ name = "db-subnet"

+ resource_group_name = "dev-rg"

+ virtual_network_name = "dev-vnet"

+ delegation {

+ name = "delegation"

+ service_delegation {

+ actions = [

+ "Microsoft.Network/virtualNetworks/subnets/join/action",

+ "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",

]

+ name = "Microsoft.ContainerInstance/containerGroups"

}

# azurerm_virtual_network.dev-vnet will be created

+ resource "azurerm_virtual_network" "dev-vnet" {

+ address_space = [

+ "10.0.0.0/16",

]

+ guid = (known after apply)

+ id = (known after apply)

+ location = "eastus"

+ name = "dev-vnet"

+ resource_group_name = "dev-rg"

+ subnet = (known after apply)

+ vm_protection_enabled = false

}

Plan: 2 to add, 0 to change, 0 to destroy.

samshaik@shaikprod:~/terraform/lab$ terraform apply

azurerm_resource_group.dev-rg: Refreshing state... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# azurerm_subnet.dev-app-subnet will be created

+ resource "azurerm_subnet" "dev-app-subnet" {

+ address_prefix = (known after apply)

+ address_prefixes = [

+ "10.0.1.0/24",

]

+ enforce_private_link_endpoint_network_policies = false

+ enforce_private_link_service_network_policies = false

+ id = (known after apply)

+ name = "db-subnet"

+ resource_group_name = "dev-rg"

+ virtual_network_name = "dev-vnet"

+ delegation {

+ name = "delegation"

+ service_delegation {

+ actions = [

+ "Microsoft.Network/virtualNetworks/subnets/join/action",

+ "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",

]

+ name = "Microsoft.ContainerInstance/containerGroups"

}

# azurerm_virtual_network.dev-vnet will be created

+ resource "azurerm_virtual_network" "dev-vnet" {

+ address_space = [

+ "10.0.0.0/16",

]

+ guid = (known after apply)

+ id = (known after apply)

+ location = "eastus"

+ name = "dev-vnet"

+ resource_group_name = "dev-rg"

+ subnet = (known after apply)

+ vm_protection_enabled = false

}

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

azurerm_virtual_network.dev-vnet: Creating...

azurerm_virtual_network.dev-vnet: Creation complete after 4s [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet]

azurerm_subnet.dev-app-subnet: Creating...

azurerm_subnet.dev-app-subnet: Creation complete after 4s [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/db-subnet]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

samshaik@shaikprod:~/terraform/lab$ terraform destroy

azurerm_resource_group.dev-rg: Refreshing state... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg]

azurerm_virtual_network.dev-vnet: Refreshing state... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet]

azurerm_subnet.dev-app-subnet: Refreshing state... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/db-subnet]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

- destroy

Terraform will perform the following actions:

# azurerm_resource_group.dev-rg will be destroyed

- resource "azurerm_resource_group" "dev-rg" {

- id = "/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg" -> null

- location = "eastus" -> null

- name = "dev-rg" -> null

- tags = {} -> null

}

# azurerm_subnet.dev-app-subnet will be destroyed

- resource "azurerm_subnet" "dev-app-subnet" {

- address_prefix = "10.0.1.0/24" -> null

- address_prefixes = [

- "10.0.1.0/24",

] -> null

- enforce_private_link_endpoint_network_policies = false -> null

- enforce_private_link_service_network_policies = false -> null

- id = "/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/db-subnet" -> null

- name = "db-subnet" -> null

- resource_group_name = "dev-rg" -> null

- service_endpoint_policy_ids = [] -> null

- service_endpoints = [] -> null

- virtual_network_name = "dev-vnet" -> null

- delegation {

- name = "delegation" -> null

- service_delegation {

- actions = [

- "Microsoft.Network/virtualNetworks/subnets/action",

] -> null

- name = "Microsoft.ContainerInstance/containerGroups" -> null

}

# azurerm_virtual_network.dev-vnet will be destroyed

- resource "azurerm_virtual_network" "dev-vnet" {

- address_space = [

- "10.0.0.0/16",

] -> null

- dns_servers = [] -> null

- guid = "53edc62c-1259-4de2-8f6b-60beebee5466" -> null

- id = "/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet" -> null

- location = "eastus" -> null

- name = "dev-vnet" -> null

- resource_group_name = "dev-rg" -> null

- subnet = [

- {

- address_prefix = "10.0.1.0/24"

- id = "/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/db-subnet"

- name = "db-subnet"

- security_group = ""

] -> null

- tags = {} -> null

- vm_protection_enabled = false -> null

}

Plan: 0 to add, 0 to change, 3 to destroy.

Do you really want to destroy all resources?

Terraform will destroy all your managed infrastructure, as shown above.

There is no undo. Only 'yes' will be accepted to confirm.

Enter a value: yes

azurerm_subnet.dev-app-subnet: Destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/db-subnet]

azurerm_subnet.dev-app-subnet: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-...ualNetworks/dev-vnet/subnets/db-subnet, 10s elapsed]

azurerm_subnet.dev-app-subnet: Destruction complete after 10s

azurerm_virtual_network.dev-vnet: Destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet]

azurerm_virtual_network.dev-vnet: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-...osoft.Network/virtualNetworks/dev-vnet, 10s elapsed]

azurerm_virtual_network.dev-vnet: Destruction complete after 11s

azurerm_resource_group.dev-rg: Destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg]

azurerm_resource_group.dev-rg: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg, 10s elapsed]

azurerm_resource_group.dev-rg: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg, 20s elapsed]

azurerm_resource_group.dev-rg: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg, 30s elapsed]

azurerm_resource_group.dev-rg: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg, 40s elapsed]

azurerm_resource_group.dev-rg: Destruction complete after 45s

Destroy complete! Resources: 3 destroyed.

It happens that someone created a VM with a key and either that person isn't there anymore or forgot to share the key with others or somehow lost the key altogether. Whatever the case might be in the below blog post you will see how to update the ssh key in order to login into the VM.

For AWS:

Generate new key pair with your favorite tools.
Ex:- using openssh

samshaik@shaikprod:~$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/samshaik/.ssh/id_rsa): cloud-key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in cloud-key.
Your public key has been saved in cloud-key.pub.
The key fingerprint is:
SHA256:GJk8yaVsFSNxquyVLwmR6uGMxzslniA0TMQ1Ib9AO8g samshaik@shaikprod
The key's randomart image is:
+---[RSA 2048]----+
|o+.+. o.*. |
|+o+ .= @ . |
|+E .o & |
| +oo.+ = |
|. +.+ + S |
|o*.o.o o |
|oo*+. o . |
| .+. . |
| .. |
+----[SHA256]-----+

Now this will create two keys (public/private) in the specified path.

samshaik@shaikprod:~$ ls -lrt ~/.ssh/cloud-key*
-rw------- 1 samshaik samshaik 1766 Jun 9 14:44 /home/samshaik/.ssh/cloud-key
-rw-r--r-- 1 samshaik samshaik 400 Jun 9 14:44 /home/samshaik/.ssh/cloud-key.pub

1) Now stop the VM
2) Include the below code snippet in the user data dialog box as follows:
Select instance --> Actions --> Instance Settings then choose View/Change User Data

Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0

--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"

#cloud-config
cloud_final_modules:
- [users-groups, once]
users:
  - name: username  (name of the user you want to change the key for ex:-ec2-user)
    ssh-authorized-keys: 
    - PublicKeypair (No quotes required and make sure you have dash at the begining)

For AWS:

3) Start the instance
Now try ssh into the instance using the updated key.

Azure:

In Azure select the VM from the left menu --> Support + Troubleshooting --> Reset Password

Here you can either create a new user/update existing user password or ssh keys

In Oracle Cloud:

Sameer Shaik. B.E,M.S,M.B.A,P.M.P,C.S.M

Experience: is what you get soon after you need it.

Search This Blog

Monday, April 26, 2021

How to create cloud infrastructure using terraform scripts.

Thursday, June 11, 2020

How to update ssh key on a cloud VM

Total Pageviews