SUSE · yeoldegrove · Sep 22, 2021 · Sep 29, 2021 · Oct 6, 2021 · Oct 6, 2021
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,4 @@
-**/.terraform
+**/.terraform*
 **/terraform.tfstate*
 **/.terraform.tfstate*
 **/terraform*.tfvars
@@ -26,3 +26,7 @@ shell.nix
 venv
 **/.envrc
 **/.direnv
+
+# Misc files
+**/*.lic
+**/*.txt
diff --git a/azure/.terraform.lock.hcl b/azure/.terraform.lock.hcl
diff --git a/azure/README.md b/azure/README.md
@@ -648,6 +648,12 @@ drbd_cluster_fencing_mechanism = "native"
 netweaver_cluster_fencing_mechanism = "native"
 ```
 
+## Use Hub/Spoke network architecture
+
+First of all, please get familiar with [Microsoft Azure's Hub/Spoke Architecture](https://docs.microsoft.com/en-us/azure/developer/terraform/hub-spoke-introduction).
+
+See `terraform.tfvars` for examples of different deployment scenarios.
+
 ## Extra info
 More info in [Azure's Terraform Create Complete VM Document](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-create-complete-vm).
 

diff --git a/azure/create_remote_state/README.md b/azure/create_remote_state/README.md
@@ -0,0 +1,23 @@
+# Store Terraform state in Azure Storage
+
+Please read the [Microsoft documentation how to store terraform state in azure storage](https://docs.microsoft.com/en-us/azure/developer/terraform/store-state-in-azure-storage) to get a general understanding about remote state.
+
+## Example implementation
+
+- You might want to use `create_remote_state/create_container.sh` (change variables first) to create:
+  - resource group
+  - storage account
+  - storage container
+
+- Copy `remote_state/credentials.tfvars.example` to `remote_state/credentials.tfvars` and change the variables.
+  - Lookup your "key1" in the storage account "Access keys" tab and use it as "key".
+
+- Add this block to `infrastructure.tf`
+
+``` terraform
+terraform {
+  backend "azurerm" {}
+}
+```
+
+- Initialize the remote state by run `terraform init -backend-config=create_remote_state/credentials.tfvars`.
diff --git a/azure/create_remote_state/create_container.sh b/azure/create_remote_state/create_container.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+LOCATION=westeurope
+RESOURCE_GROUP_NAME=fortinet0
+STORAGE_ACCOUNT_NAME="${RESOURCE_GROUP_NAME}tfstate${RANDOM}"
+CONTAINER_NAME=tfstate
+
+# Create resource group
+az group create --name "${RESOURCE_GROUP_NAME}" --location "${LOCATION}"
+
+# Create storage account
+az storage account create --resource-group "${RESOURCE_GROUP_NAME}" --name "${STORAGE_ACCOUNT_NAME}" --sku Standard_LRS --encryption-services blob
+
+# Create blob container
+az storage container create --name "${CONTAINER_NAME}" --account-name "${STORAGE_ACCOUNT_NAME}"
diff --git a/azure/create_remote_state/credentials.tfvars.example b/azure/create_remote_state/credentials.tfvars.example
@@ -0,0 +1,4 @@
+resource_group_name = "resource group name"
+storage_account_name = "storage account name"
+container_name = "container name"
+key = "storage key"