FWB: update to support latest AzureRM provider

40net-cloud · Nov 12, 2024 · 7d9105e · 7d9105e
1 parent c88b0c9
commit 7d9105e
Show file tree

Hide file tree

Showing 12 changed files with 477 additions and 87 deletions.
diff --git a/FortiWeb/Terraform/A-Single-VM/deploy.sh b/FortiWeb/Terraform/A-Single-VM/deploy.sh
@@ -0,0 +1,156 @@
+#!/bin/bash
+echo "
+##############################################################################################################
+#
+# FortiWeb VM
+# Terraform deployment template for Microsoft Azure
+#
+##############################################################################################################
+"
+
+# Stop running when command returns error
+set -e
+
+##############################################################################################################
+# FortiWeb variables
+#
+# FortiWeb version
+# Default = latest
+#
+##############################################################################################################
+#export TF_VAR_FWB_IMAGE_SKU=""
+#export TF_VAR_FWB_VERSION=""
+#export TF_VAR_FWB_BYOL_LICENSE_FILE=""
+
+PLAN="terraform.tfplan"
+
+if [ -z "$DEPLOY_LOCATION" ]
+then
+    # Input location
+    echo -n "Enter location (e.g. eastus2): "
+    stty_orig=`stty -g` # save original terminal setting.
+    read location         # read the location
+    stty $stty_orig     # restore terminal setting.
+    if [ -z "$location" ]
+    then
+        location="eastus2"
+    fi
+else
+    location="$DEPLOY_LOCATION"
+fi
+export TF_VAR_location="$location"
+echo ""
+echo "--> Deployment in $location location ..."
+echo ""
+
+if [ -z "$DEPLOY_PREFIX" ]
+then
+    # Input prefix
+    echo -n "Enter prefix: "
+    stty_orig=`stty -g` # save original terminal setting.
+    read prefix         # read the prefix
+    stty $stty_orig     # restore terminal setting.
+    if [ -z "$prefix" ]
+    then
+        prefix="FORTI"
+    fi
+else
+    prefix="$DEPLOY_PREFIX"
+fi
+export TF_VAR_prefix="$prefix"
+echo ""
+echo "--> Using prefix $prefix for all resources ..."
+echo ""
+rg_cgf="$prefix-RG"
+
+if [ -z "$DEPLOY_USERNAME" ]
+then
+    # Input username
+    echo -n "Enter username (default: azureuser): "
+    stty_orig=`stty -g` # save original terminal setting.
+    read username         # read the prefix
+    stty $stty_orig     # restore terminal setting.
+    if [ -z "$USERNAME" ]
+    then
+        username="azureuser"
+    fi
+else
+    username="$DEPLOY_USERNAME"
+fi
+echo ""
+echo "--> Using username '$username' ..."
+echo ""
+
+if [ -z "$DEPLOY_PASSWORD" ]
+then
+    # Input password
+    echo -n "Enter password: "
+    stty_orig=`stty -g` # save original terminal setting.
+    stty -echo          # turn-off echoing.
+    read passwd         # read the password
+    stty $stty_orig     # restore terminal setting.
+    echo ""
+else
+    passwd="$DEPLOY_PASSWORD"
+    echo ""
+    echo "--> Using password found in env variable DEPLOY_PASSWORD ..."
+    echo ""
+fi
+password="$passwd"
+
+if [ -z "$DEPLOY_SUBSCRIPTION_ID" ]
+then
+    detected_id=`az account show | jq ".id" -r`
+    # Input username
+    echo -n "Enter subscription ID (press enter for detected id: '$detected_id'): "
+    stty_orig=`stty -g` # save original terminal setting.
+    read subscription_id         # read the subscription id
+    stty $stty_orig     # restore terminal setting.
+    if [ -z "$subscription_id" ]
+    then
+        subscription_id="$detected_id"
+    fi
+else
+    subscription_id="$DEPLOY_SUBSCRIPTION_ID"
+fi
+export TF_VAR_subscription_id="$subscription_id"
+echo ""
+echo "--> Using subscription id '$subscription_id' ..."
+echo ""
+
+SUMMARY="summary.out"
+
+echo ""
+echo "==> Starting Terraform deployment"
+echo ""
+cd terraform/
+
+echo ""
+echo "==> Terraform init"
+echo ""
+terraform init
+
+echo ""
+echo "==> Terraform plan"
+echo ""
+terraform plan --out "$PLAN" \
+                -var "username=$username" \
+                -var "password=$password"
+
+echo ""
+echo "==> Terraform apply"
+echo ""
+terraform apply "$PLAN"
+if [[ $? != 0 ]];
+then
+    echo "--> ERROR: Deployment failed ..."
+    exit $result;
+fi
+
+echo ""
+echo "==> Terraform output deployment summary"
+echo ""
+terraform output deployment_summary > "../output/$SUMMARY"
+
+cd ../
+cat "output/$SUMMARY"
diff --git a/FortiWeb/Terraform/A-Single-VM/destroy.sh b/FortiWeb/Terraform/A-Single-VM/destroy.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+echo "
+##############################################################################################################
+#
+# FortiWeb VM
+# Terraform deployment template for Microsoft Azure
+#
+##############################################################################################################
+"
+
+# Stop running when command returns error
+set -e
+
+PLAN="terraform.tfplan"
+STATE="terraform.tfstate"
+
+cd terraform/
+echo ""
+echo "==> Starting Terraform destroy"
+echo ""
+
+echo ""
+echo "==> Terraform init"
+echo ""
+terraform init
+
+echo ""
+echo "==> terraform destroy"
+echo ""
+terraform destroy -auto-approve
+if [[ $? != 0 ]];
+then
+    echo "--> ERROR: Destroy failed ..."
+    rg=`grep -m 1 -o '"resource_group_name": "[^"]*' "$STATE" | grep -o '[^"]*$'`
+    echo "--> Trying to delete the resource group $rg..."
+    az group delete --resource-group "$rg"
+    exit $rc;
+fi
diff --git a/FortiWeb/Terraform/A-Single-VM/terraform/00-general.tf b/FortiWeb/Terraform/A-Single-VM/terraform/00-general.tf
@@ -6,19 +6,19 @@
 ##############################################################################################################
 
 # Prefix for all resources created for this deployment in Microsoft Azure
-variable "PREFIX" {
+variable "prefix" {
   description = "Added name to each deployed resource"
 }
 
-variable "LOCATION" {
+variable "location" {
   description = "Azure region"
 }
 
-variable "USERNAME" {
-}
+variable "username" {}
 
-variable "PASSWORD" {
-}
+variable "password" {}
+
+variable "subscription_id" {}
 
 ##############################################################################################################
 # FortiWeb license type
@@ -72,6 +72,7 @@ terraform {
 
 provider "azurerm" {
   features {}
+  subscription_id = var.subscription_id
 }
 
 ##############################################################################################################
@@ -152,8 +153,8 @@ variable "fortinet_tags" {
 ##############################################################################################################
 
 resource "azurerm_resource_group" "resourcegroup" {
-  name     = "${var.PREFIX}-RG"
-  location = var.LOCATION
+  name     = "${var.prefix}-RG"
+  location = var.location
 }
 
 ##############################################################################################################
diff --git a/FortiWeb/Terraform/A-Single-VM/terraform/01-network.tf b/FortiWeb/Terraform/A-Single-VM/terraform/01-network.tf
@@ -10,21 +10,21 @@
 ##############################################################################################################
 
 resource "azurerm_virtual_network" "vnet" {
-  name                = "${var.PREFIX}-VNET"
+  name                = "${var.prefix}-VNET"
   address_space       = [var.vnet]
   location            = azurerm_resource_group.resourcegroup.location
   resource_group_name = azurerm_resource_group.resourcegroup.name
 }
 
 resource "azurerm_subnet" "subnet1" {
-  name                 = "${var.PREFIX}-SUBNET-fwb-EXTERNAL"
+  name                 = "${var.prefix}-SUBNET-fwb-EXTERNAL"
   resource_group_name  = azurerm_resource_group.resourcegroup.name
   virtual_network_name = azurerm_virtual_network.vnet.name
   address_prefixes     = [var.subnet["1"]]
 }
 
 resource "azurerm_subnet" "subnet2" {
-  name                 = "${var.PREFIX}-SUBNET-fwb-INTERNAL"
+  name                 = "${var.prefix}-SUBNET-fwb-INTERNAL"
   resource_group_name  = azurerm_resource_group.resourcegroup.name
   virtual_network_name = azurerm_virtual_network.vnet.name
   address_prefixes     = [var.subnet["2"]]

diff --git a/FortiWeb/Terraform/A-Single-VM/terraform/02-fortiweb.tf b/FortiWeb/Terraform/A-Single-VM/terraform/02-fortiweb.tf
@@ -6,8 +6,8 @@
 ##############################################################################################################
 
 resource "azurerm_network_security_group" "fwbnsg" {
-  name                = "${var.PREFIX}-FWB-NSG"
-  location            = var.LOCATION
+  name                = "${var.prefix}-FWB-NSG"
+  location            = var.location
   resource_group_name = azurerm_resource_group.resourcegroup.name
 }
 
@@ -40,20 +40,20 @@ resource "azurerm_network_security_rule" "fwbnsgallowallin" {
 }
 
 resource "azurerm_public_ip" "fwbpip" {
-  name                = "${var.PREFIX}-FWB-PIP"
-  location            = var.LOCATION
+  name                = "${var.prefix}-FWB-PIP"
+  location            = var.location
   resource_group_name = azurerm_resource_group.resourcegroup.name
   allocation_method   = "Static"
   sku                 = "Standard"
-  domain_name_label   = format("%s-%s", lower(var.PREFIX), "lb-pip")
+  domain_name_label   = format("%s-%s", lower(var.prefix), "lb-pip")
 }
 
 resource "azurerm_network_interface" "fwbifcext" {
-  name                          = "${var.PREFIX}-FWB-Nic1-EXT"
+  name                          = "${var.prefix}-FWB-Nic1-EXT"
   location                      = azurerm_resource_group.resourcegroup.location
   resource_group_name           = azurerm_resource_group.resourcegroup.name
-  enable_ip_forwarding          = true
-  enable_accelerated_networking = var.FWB_ACCELERATED_NETWORKING
+  ip_forwarding_enabled          = true
+  accelerated_networking_enabled = var.FWB_ACCELERATED_NETWORKING
 
   ip_configuration {
     name                          = "interface1"
@@ -70,10 +70,10 @@ resource "azurerm_network_interface_security_group_association" "fwbifcextnsg" {
 }
 
 resource "azurerm_network_interface" "fwbifcint" {
-  name                 = "${var.PREFIX}-FWB-Nic2-INT"
+  name                 = "${var.prefix}-FWB-Nic2-INT"
   location             = azurerm_resource_group.resourcegroup.location
   resource_group_name  = azurerm_resource_group.resourcegroup.name
-  enable_ip_forwarding = true
+  ip_forwarding_enabled = true
 
   ip_configuration {
     name                          = "interface1"
@@ -89,7 +89,7 @@ resource "azurerm_network_interface_security_group_association" "fwbifcintnsg" {
 }
 
 resource "azurerm_linux_virtual_machine" "fwbvm" {
-  name                  = "${var.PREFIX}-FWB"
+  name                  = "${var.prefix}-FWB"
   location              = azurerm_resource_group.resourcegroup.location
   resource_group_name   = azurerm_resource_group.resourcegroup.name
   network_interface_ids = [azurerm_network_interface.fwbifcext.id, azurerm_network_interface.fwbifcint.id]
@@ -113,19 +113,19 @@ resource "azurerm_linux_virtual_machine" "fwbvm" {
   }
 
   os_disk {
-    name                 = "${var.PREFIX}-FWB-OSDISK"
+    name                 = "${var.prefix}-FWB-OSDISK"
     caching              = "ReadWrite"
     storage_account_type = "Standard_LRS"
   }
 
-  admin_username                  = var.USERNAME
-  admin_password                  = var.PASSWORD
+  admin_username                  = var.username
+  admin_password                  = var.password
   disable_password_authentication = false
   custom_data = base64encode(templatefile("${path.module}/customdata.tpl", {
-    fwb_vm_name           = "${var.PREFIX}-FWB"
+    fwb_vm_name           = "${var.prefix}-FWB"
     fwb_license_file      = var.FWB_BYOL_LICENSE_FILE
     fwb_license_fortiflex = var.FWB_BYOL_FORTIFLEX_LICENSE_TOKEN
-#    fwb_username          = var.USERNAME
+#    fwb_username          = var.username
 #    fwb_ssh_public_key    = var.FWB_SSH_PUBLIC_KEY_FILE
 #    fwb_external_ipaddr   = var.fwb_ipaddress["1"]
 #    fwb_external_mask     = var.subnetmask["1"]
@@ -143,7 +143,7 @@ resource "azurerm_linux_virtual_machine" "fwbvm" {
 }
 
 resource "azurerm_managed_disk" "fwbvm-datadisk" {
-  name                 = "${var.PREFIX}-FWB-DATADISK"
+  name                 = "${var.prefix}-FWB-DATADISK"
   location             = azurerm_resource_group.resourcegroup.location
   resource_group_name  = azurerm_resource_group.resourcegroup.name
   storage_account_type = "Standard_LRS"

diff --git a/FortiWeb/Terraform/A-Single-VM/terraform/03-output.tf b/FortiWeb/Terraform/A-Single-VM/terraform/03-output.tf
@@ -11,8 +11,8 @@
 
 output "deployment_summary" {
   value = templatefile("${path.module}/summary.tpl", {
-    username                   = var.USERNAME
-    location                   = var.LOCATION
+    username                   = var.username
+    location                   = var.location
     fwb_ipaddress              = data.azurerm_public_ip.fwbpip.ip_address
     fwb_private_ip_address_ext = azurerm_network_interface.fwbifcext.private_ip_address
     fwb_private_ip_address_int = azurerm_network_interface.fwbifcint.private_ip_address