You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by dm...@apache.org on 2019/09/27 12:23:03 UTC
[incubator-dlab] 01/02: [DLAB-edge] Added terraform scripts for
project creation [Azure]
This is an automated email from the ASF dual-hosted git repository.
dmysakovets pushed a commit to branch DLAB-terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit b2472f76e3809d4d31aa6a5a8f84a65ab5bcc4b7
Author: Demyan Mysakovets <de...@gmail.com>
AuthorDate: Fri Sep 27 15:19:00 2019 +0300
[DLAB-edge] Added terraform scripts for project creation [Azure]
---
.../azure/computational_resources/main/main.tf | 39 +-
.../computational_resources/main/variables.tf | 21 +
.../modules/common/network.tf | 117 ------
.../terraform/azure/project/main/instance.tf | 98 +++++
.../common/variables.tf => project/main/main.tf} | 75 ++--
.../terraform/azure/project/main/network.tf | 442 +++++++++++++++++++++
.../modules/common => project/main}/variables.tf | 148 ++++---
7 files changed, 709 insertions(+), 231 deletions(-)
diff --git a/infrastructure-provisioning/terraform/azure/computational_resources/main/main.tf b/infrastructure-provisioning/terraform/azure/computational_resources/main/main.tf
index 26ac8ac..9ded494 100644
--- a/infrastructure-provisioning/terraform/azure/computational_resources/main/main.tf
+++ b/infrastructure-provisioning/terraform/azure/computational_resources/main/main.tf
@@ -1,3 +1,24 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
provider "azurerm" {
subscription_id = var.subscription_id
client_id = var.client_id
@@ -5,24 +26,6 @@ provider "azurerm" {
tenant_id = var.tenant_id
}
-module "common" {
- source = "../modules/common"
- sbn = var.service_base_name
- project_name = var.project_name
- project_tag = var.project_tag
- endpoint_tag = var.endpoint_tag
- user_tag = var.user_tag
- custom_tag = var.custom_tag
- notebook_name = var.notebook_name
- region = var.region
- product = var.product_name
- vpc = var.vpc_id
- cidr_range = var.cidr_range
- traefik_cidr = var.traefik_cidr
- instance_type = var.instance_type
- resource_group = var.resource_group
-}
-
module "notebook" {
source = "../modules/notebook"
sbn = var.service_base_name
diff --git a/infrastructure-provisioning/terraform/azure/computational_resources/main/variables.tf b/infrastructure-provisioning/terraform/azure/computational_resources/main/variables.tf
index 3171558..f82d9f7 100644
--- a/infrastructure-provisioning/terraform/azure/computational_resources/main/variables.tf
+++ b/infrastructure-provisioning/terraform/azure/computational_resources/main/variables.tf
@@ -1,3 +1,24 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
variable "subscription_id" {}
variable "client_id" {}
diff --git a/infrastructure-provisioning/terraform/azure/computational_resources/modules/common/network.tf b/infrastructure-provisioning/terraform/azure/computational_resources/modules/common/network.tf
deleted file mode 100644
index 2ba6da5..0000000
--- a/infrastructure-provisioning/terraform/azure/computational_resources/modules/common/network.tf
+++ /dev/null
@@ -1,117 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- subnet_name = "${var.sbn}-subnet"
- sg_name = "${var.sbn}-nb-sg" #sg - security group
-}
-
-resource "azurerm_subnet" "subnet" {
- name = local.subnet_name
- resource_group_name = var.resource_group
- virtual_network_name = var.vpc
- address_prefix = var.cidr_range
-}
-
-resource "azurerm_network_security_group" "nb-sg" {
- name = local.sg_name
- location = var.region
- resource_group_name = var.resource_group
-
- security_rule {
- name = "in-1"
- priority = 100
- direction = "Inbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "${var.cidr_range}"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "in-2"
- priority = 110
- direction = "Inbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "${var.traefik_cidr}"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-1"
- priority = 100
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "${var.cidr_range}"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-2"
- priority = 110
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "${var.traefik_cidr}"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-3"
- priority = 120
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "443"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- tags = {
- Name = local.subnet_name
- SBN = var.sbn
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
-
-output "subnet_id" {
- value = azurerm_subnet
-}
-
-output "nb-sg_id" {
- value = azurerm_network_security_group
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/project/main/instance.tf b/infrastructure-provisioning/terraform/azure/project/main/instance.tf
new file mode 100644
index 0000000..e578e43
--- /dev/null
+++ b/infrastructure-provisioning/terraform/azure/project/main/instance.tf
@@ -0,0 +1,98 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+locals {
+ node_name = "${var.service_base_name}-${var.project_tag}-edge"
+ nic = "${var.service_base_name}-${var.project_tag}-edge-nic"
+}
+
+resource "azurerm_network_interface" "nic" {
+ name = local.nic
+ location = var.region
+ resource_group_name = var.resource_group
+ network_security_group_id = azurerm_network_security_group.edge_sg.id
+
+ ip_configuration {
+ name = "${local.nic}-IPconigurations"
+ subnet_id = var.subnet_id
+ #private_ip_address_allocation = "Dynamic"
+ private_ip_address_allocation = "Static"
+ private_ip_address = var.edge_private_ip
+ public_ip_address_id = azurerm_public_ip.edge_ip.id
+ }
+
+ tags = {
+ SBN = var.service_base_name
+ Name = local.node_name
+ Project_name = var.project_name
+ Project_tag = var.project_tag
+ Endpoint_Tag = var.endpoint_tag
+ Product = var.product
+ User_Tag = var.user_tag
+ Custom_Tag = var.custom_tag
+ }
+}
+
+resource "azurerm_virtual_machine" "instance" {
+ name = local.node_name
+ location = var.region
+ resource_group_name = var.resource_group
+ network_interface_ids = [azurerm_network_interface.nic.id]
+ vm_size = var.instance_type
+
+ storage_os_disk {
+ name = "${local.node_name}-disk0"
+ caching = "ReadWrite"
+ create_option = "FromImage"
+ managed_disk_type = "Premium_LRS"
+ }
+
+ storage_image_reference {
+ publisher = var.ami_publisher[var.os_env]
+ offer = var.ami_offer[var.os_env]
+ sku = var.ami_sku[var.os_env]
+ version = var.ami_version[var.os_env]
+ }
+
+ os_profile {
+ computer_name = local.node_name
+ admin_username = var.initial_user
+ }
+
+ os_profile_linux_config {
+ disable_password_authentication = true
+ ssh_keys {
+ path = "/home/${var.initial_user}/.ssh/authorized_keys"
+ key_data = "${file("${var.ssh_key}")}"
+ }
+ }
+
+ tags = {
+ SBN = var.service_base_name
+ Name = local.node_name
+ Project_name = var.project_name
+ Project_tag = var.project_tag
+ Endpoint_Tag = var.endpoint_tag
+ Product = var.product
+ User_Tag = var.user_tag
+ Custom_Tag = var.custom_tag
+ }
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/computational_resources/modules/common/variables.tf b/infrastructure-provisioning/terraform/azure/project/main/main.tf
similarity index 72%
copy from infrastructure-provisioning/terraform/azure/computational_resources/modules/common/variables.tf
copy to infrastructure-provisioning/terraform/azure/project/main/main.tf
index 4b1b398..f73aa75 100644
--- a/infrastructure-provisioning/terraform/azure/computational_resources/modules/common/variables.tf
+++ b/infrastructure-provisioning/terraform/azure/project/main/main.tf
@@ -1,48 +1,27 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "project_name" {}
-
-variable "sbn" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "notebook_name" {}
-
-variable "region" {}
-
-variable "product" {}
-
-variable "vpc" {}
-
-variable "cidr_range" {}
-
-variable "traefik_cidr" {}
-
-variable "instance_type" {}
-
-variable "resource_group" {}
\ No newline at end of file
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/project/main/network.tf b/infrastructure-provisioning/terraform/azure/project/main/network.tf
new file mode 100644
index 0000000..1fc99c5
--- /dev/null
+++ b/infrastructure-provisioning/terraform/azure/project/main/network.tf
@@ -0,0 +1,442 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+locals {
+ edge_sg_name = "${var.service_base_name}-${var.project_tag}-edge-sg"
+ edge_ip_name = "${var.service_base_name}-${var.project_tag}-edge-ip"
+ ps_subnet_name = "${var.service_base_name}-${var.project_tag}-ps-subnet"
+ ps_sg_name = "${var.service_base_name}-${var.project_tag}-ps-sg"
+}
+
+#################
+### Edge node ###
+#################
+
+resource "azurerm_public_ip" "edge_ip" {
+ location = var.region
+ name = local.edge_ip_name
+ resource_group_name = var.resource_group
+ allocation_method = "Static"
+ tags = {
+ SBN = var.service_base_name
+ Name = local.edge_ip_name
+ Project_tag = var.project_tag
+ Endpoint_Tag = var.endpoint_tag
+ Product = var.product
+ User_Tag = var.user_tag
+ Custom_Tag = var.custom_tag
+ }
+}
+
+resource "azurerm_network_security_group" "edge_sg" {
+ name = local.edge_sg_name
+ location = var.region
+ resource_group_name = var.resource_group
+
+ security_rule {
+ name = "in-1"
+ priority = 100
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "${var.ps_cidr}"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "in-2"
+ priority = 110
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "22"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "in-3"
+ priority = 120
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "3128"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "in-4"
+ priority = 130
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "80"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-1"
+ priority = 100
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "22"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-2"
+ priority = 110
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8888"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-3"
+ priority = 120
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8080"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-4"
+ priority = 130
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8787"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-5"
+ priority = 140
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "6006"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-6"
+ priority = 150
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "20888"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-7"
+ priority = 160
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8088"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-8"
+ priority = 170
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "18080"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-9"
+ priority = 180
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "50070"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-10"
+ priority = 190
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8085"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-11"
+ priority = 200
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8081"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-12"
+ priority = 210
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "4040-4140"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-13"
+ priority = 220
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "UDP"
+ source_port_range = "*"
+ destination_port_range = "53"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-14"
+ priority = 230
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "80"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-15"
+ priority = 240
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "443"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-16"
+ priority = 250
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "389"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-17"
+ priority = 260
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "8042"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-18"
+ priority = 270
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "UDP"
+ source_port_range = "*"
+ destination_port_range = "123"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-19"
+ priority = 280
+ direction = "Outbound"
+ access = "Deny"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+}
+
+############################################################
+### Explotratory environment and computational resources ###
+############################################################
+
+
+resource "azurerm_subnet" "ps_subnet" {
+ name = local.ps_subnet_name
+ resource_group_name = var.resource_group
+ virtual_network_name = var.vpc_id
+ address_prefix = var.ps_cidr
+}
+
+resource "azurerm_network_security_group" "ps_sg" {
+ name = local.ps_sg_name
+ location = var.region
+ resource_group_name = var.resource_group
+
+ security_rule {
+ name = "in-1"
+ priority = 100
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "${var.ps_cidr}"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "in-2"
+ priority = 110
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "${var.edge_cidr}"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "in-3"
+ priority = 200
+ direction = "Inbound"
+ access = "Deny"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-1"
+ priority = 100
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-2"
+ priority = 110
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.edge_cidr}"
+ }
+
+ security_rule {
+ name = "out-3"
+ priority = 120
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "443"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-4"
+ priority = 200
+ direction = "Outbound"
+ access = "Deny"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ tags = {
+ Name = local.ps_subnet_name
+ SBN = var.service_base_name
+ Product = var.product
+ Project_name = var.project_name
+ Project_tag = var.project_tag
+ Endpoint_tag = var.endpoint_tag
+ User_tag = var.user_tag
+ Custom_tag = var.custom_tag
+ }
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/computational_resources/modules/common/variables.tf b/infrastructure-provisioning/terraform/azure/project/main/variables.tf
similarity index 54%
rename from infrastructure-provisioning/terraform/azure/computational_resources/modules/common/variables.tf
rename to infrastructure-provisioning/terraform/azure/project/main/variables.tf
index 4b1b398..401fcd4 100644
--- a/infrastructure-provisioning/terraform/azure/computational_resources/modules/common/variables.tf
+++ b/infrastructure-provisioning/terraform/azure/project/main/variables.tf
@@ -1,48 +1,100 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "project_name" {}
-
-variable "sbn" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "notebook_name" {}
-
-variable "region" {}
-
-variable "product" {}
-
-variable "vpc" {}
-
-variable "cidr_range" {}
-
-variable "traefik_cidr" {}
-
-variable "instance_type" {}
-
-variable "resource_group" {}
\ No newline at end of file
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+variable "subscription_id" {}
+
+variable "client_id" {}
+
+variable "client_secret" {}
+
+variable "tenant_id" {}
+
+variable "service_base_name" {}
+
+variable "resource_group" {}
+
+variable "project_name" {}
+
+variable "project_tag" {}
+
+variable "endpoint_tag" {}
+
+variable "user_tag" {}
+
+variable "custom_tag" {}
+
+variable "os_env" {}
+
+variable "region" {}
+
+variable "product" {}
+
+variable "vpc_id" {}
+
+variable "subnet_id" {}
+
+variable "ps_cidr" {}
+
+variable "edge_cidr" {}
+
+variable "edge_private_ip" {}
+
+variable "instance_type" {}
+
+variable "ssh_key" {}
+
+variable "initial_user" {}
+
+variable "ami_publisher" {
+ type = "map"
+ default = {
+ debian = "Canonical"
+ redhat = "RedHat"
+ custom = ""
+ }
+}
+
+variable "ami_offer" {
+ type = "map"
+ default = {
+ debian = "UbuntuServer"
+ redhat = "RHEL"
+ custom = ""
+ }
+}
+
+variable "ami_sku" {
+ type = "map"
+ default = {
+ debian = "16.04-LTS"
+ redhat = "7.3"
+ custom = ""
+ }
+}
+
+variable "ami_version" {
+ type = "map"
+ default = {
+ debian = "16.04.201907290"
+ redhat = "7.3.2017090800"
+ custom = ""
+ }
+}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org