Commit 427796bc authored by John Jarvis's avatar John Jarvis

Merge branch 'craigf/remove-azure-envs' into 'master'

Delete unused Azure environments and modules

See merge request !1019
parents c9ccd1ca 437176c2
variable "environment" {
default = "cny"
}
## Azure
variable "arm_subscription_id" {}
variable "arm_client_id" {}
variable "arm_client_secret" {}
variable "arm_tenant_id" {}
# We need these variables as part of the virtual machine creation.
# These will go away as soon as we switch to pre-baked server images.
# - Daniele
variable "first_user_username" {}
variable "first_user_password" {}
// These are the new variables to connect to the newly created instance, which
// replace the two above.
variable "ssh_user" {}
variable "ssh_private_key" {}
variable "ssh_public_key" {}
variable "location" {
default = "East US 2"
}
provider "azurerm" {
subscription_id = "${var.arm_subscription_id}"
client_id = "${var.arm_client_id}"
client_secret = "${var.arm_client_secret}"
tenant_id = "${var.arm_tenant_id}"
}
## Chef
variable "chef_version" {
default = "12.19.36"
}
variable "chef_repo_dir" {}
## AWS
provider "aws" {
region = "us-east-1"
}
variable "gitlab_com_zone_id" {}
variable "gitlab_net_zone_id" {}
## State storage
terraform {
backend "s3" {
bucket = "gitlab-com-infrastructure"
key = "terraform/canary/terraform.tfstate"
region = "us-east-1"
}
}
### Vnet
module "vnet" {
source = "vnet"
location = "${var.location}"
virtual_network_cidr = "10.192.0.0/13"
}
### Subnets
module "subnet-external-lb" {
source = "subnets/external-lb"
location = "${var.location}"
subnet_cidr = "10.192.1.0/24"
vnet_name = "${module.vnet.name}"
vnet_resource_group = "${module.vnet.resource_group_name}"
}
module "subnet-api" {
source = "subnets/api"
location = "${var.location}"
subnet_cidr = "10.196.2.0/23"
vnet_name = "${module.vnet.name}"
vnet_resource_group = "${module.vnet.resource_group_name}"
}
module "subnet-git" {
source = "subnets/git"
location = "${var.location}"
subnet_cidr = "10.196.4.0/23"
vnet_name = "${module.vnet.name}"
vnet_resource_group = "${module.vnet.resource_group_name}"
}
module "subnet-sidekiq" {
source = "subnets/sidekiq"
location = "${var.location}"
subnet_cidr = "10.196.6.0/23"
vnet_name = "${module.vnet.name}"
vnet_resource_group = "${module.vnet.resource_group_name}"
}
module "subnet-web" {
source = "subnets/web"
location = "${var.location}"
subnet_cidr = "10.196.8.0/23"
vnet_name = "${module.vnet.name}"
vnet_resource_group = "${module.vnet.resource_group_name}"
}
### Virtul Machines
module "virtual-machines-api" {
address_prefix = "${module.subnet-api.address_prefix}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "{\"syslog_client\": \"cny\", \"gitlab-cluster-base\": \"prd\"}"
chef_version = "${var.chef_version}"
count = 1
environment = "${var.environment}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
instance_type = "Standard_B8ms"
location = "${var.location}"
resource_group_name = "${module.subnet-api.resource_group_name}"
source = "../../modules/virtual-machines/api"
ssh_private_key = "${var.ssh_private_key}"
ssh_public_key = "${var.ssh_public_key}"
ssh_user = "${var.ssh_user}"
subnet_id = "${module.subnet-api.subnet_id}"
tier = "sv"
}
module "virtual-machines-git" {
address_prefix = "${module.subnet-git.address_prefix}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "{\"syslog_client\": \"cny\", \"gitlab-cluster-base\": \"prd\"}"
chef_version = "${var.chef_version}"
count = 1
environment = "${var.environment}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
instance_type = "Standard_F16s"
location = "${var.location}"
resource_group_name = "${module.subnet-git.resource_group_name}"
source = "../../modules/virtual-machines/git"
ssh_private_key = "${var.ssh_private_key}"
ssh_public_key = "${var.ssh_public_key}"
ssh_user = "${var.ssh_user}"
subnet_id = "${module.subnet-git.subnet_id}"
tier = "sv"
}
module "virtual-machines-web" {
address_prefix = "${module.subnet-web.address_prefix}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "{\"syslog_client\": \"cny\", \"gitlab-cluster-base\": \"prd\"}"
chef_version = "${var.chef_version}"
count = 1
environment = "${var.environment}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
instance_type = "Standard_F16s"
location = "${var.location}"
resource_group_name = "${module.subnet-web.resource_group_name}"
source = "../../modules/virtual-machines/web"
ssh_private_key = "${var.ssh_private_key}"
ssh_public_key = "${var.ssh_public_key}"
ssh_user = "${var.ssh_user}"
subnet_id = "${module.subnet-web.subnet_id}"
tier = "sv"
}
module "virtual-machines-external-lb" {
source = "virtual-machines/external-lb"
location = "${var.location}"
resource_group_name = "${module.subnet-external-lb.resource_group_name}"
subnet_id = "${module.subnet-external-lb.subnet_id}"
first_user_username = "${var.first_user_username}"
first_user_password = "${var.first_user_password}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "{\"syslog_client\": \"cny\", \"gitlab-cluster-base\": \"prd\", \"gitlab_cluster_lb\": \"_default\"}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
}
variable "location" {}
variable "vnet_name" {}
variable "vnet_resource_group" {}
variable "subnet_cidr" {}
resource "azurerm_resource_group" "ApiCanary" {
name = "ApiCanary"
location = "${var.location}"
}
resource "azurerm_network_security_group" "ApiCanary" {
name = "ApiCanary"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
}
resource "azurerm_network_security_rule" "https" {
name = "https"
priority = 145
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "Internet"
destination_port_range = "443"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn1-ext" {
name = "ssh-from-vpn1-ext"
priority = 146
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.194.133"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn2-ext" {
name = "ssh-from-vpn2-ext"
priority = 147
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.192.239"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-internal" {
name = "ssh-from-internal"
priority = 148
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.0.0.0/8"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn" {
name = "ssh-from-vpn"
priority = 149
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.254.4.0/23"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"
}
resource "azurerm_network_security_rule" "ssh" {
name = "ssh"
priority = 150
direction = "Inbound"
access = "Deny"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "Internet"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"
}
resource "azurerm_network_security_rule" "prometheus" {
name = "prometheus"
priority = 151
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.4.1.0/24"
destination_port_range = "9100"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"
}
resource "azurerm_network_security_rule" "http" {
name = "http"
priority = 140
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "Internet"
destination_port_range = "80"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"
}
resource "azurerm_subnet" "ApiCanary" {
name = "ApiCanary"
resource_group_name = "${var.vnet_resource_group}"
virtual_network_name = "${var.vnet_name}"
address_prefix = "${var.subnet_cidr}"
network_security_group_id = "${azurerm_network_security_group.ApiCanary.id}"
}
output "subnet_id" {
value = "${azurerm_subnet.ApiCanary.id}"
}
output "address_prefix" {
value = "${azurerm_subnet.ApiCanary.address_prefix}"
}
output "resource_group_name" {
value = "ApiCanary"
}
output "resource_group_id" {
value = "${azurerm_resource_group.ApiCanary.id}"
}
variable "location" {}
variable "vnet_name" {}
variable "vnet_resource_group" {}
variable "subnet_cidr" {}
resource "azurerm_resource_group" "ConsulCanary" {
name = "ConsulCanary"
location = "${var.location}"
}
resource "azurerm_network_security_group" "ConsulCanary" {
name = "ConsulCanary"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.ConsulCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn1-ext" {
name = "ssh-from-vpn1-ext"
priority = 146
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.194.133"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ConsulCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ConsulCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn2-ext" {
name = "ssh-from-vpn2-ext"
priority = 147
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.192.239"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ConsulCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ConsulCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-internal" {
name = "ssh-from-internal"
priority = 148
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.0.0.0/8"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ConsulCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ConsulCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn" {
name = "ssh-from-vpn"
priority = 149
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.254.4.0/23"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ConsulCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ConsulCanary.name}"
}
resource "azurerm_network_security_rule" "ssh" {
name = "ssh"
priority = 150
direction = "Inbound"
access = "Deny"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "Internet"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ConsulCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ConsulCanary.name}"
}
resource "azurerm_network_security_rule" "consul-8500" {
name = "consul-8500"
priority = 160
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "*"
destination_port_range = "8500"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ConsulCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ConsulCanary.name}"
}
resource "azurerm_network_security_rule" "prometheus" {
name = "prometheus"
priority = 151
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.4.1.0/24"
destination_port_range = "9100"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ConsulCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ConsulCanary.name}"
}
resource "azurerm_subnet" "ConsulCanary" {
name = "ConsulCanary"
resource_group_name = "${var.vnet_resource_group}"
virtual_network_name = "${var.vnet_name}"
address_prefix = "${var.subnet_cidr}"
network_security_group_id = "${azurerm_network_security_group.ConsulCanary.id}"
}
output "subnet_id" {
value = "${azurerm_subnet.ConsulCanary.id}"
}
output "address_prefix" {
value = "${azurerm_subnet.ConsulCanary.address_prefix}"
}
output "resource_group_name" {
value = "ConsulCanary"
}
output "resource_group_id" {
value = "${azurerm_resource_group.ConsulCanary.id}"
}
variable "location" {}
variable "vnet_name" {}
variable "vnet_resource_group" {}
variable "subnet_cidr" {}
resource "azurerm_resource_group" "DBCanary" {
name = "DBCanary"
location = "${var.location}"
}
resource "azurerm_network_security_group" "DBCanary" {
name = "DBCanary"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.DBCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn1-ext" {
name = "ssh-from-vpn1-ext"
priority = 146
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.194.133"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.DBCanary.name}"
network_security_group_name = "${azurerm_network_security_group.DBCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn2-ext" {
name = "ssh-from-vpn2-ext"
priority = 147
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.192.239"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.DBCanary.name}"
network_security_group_name = "${azurerm_network_security_group.DBCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-internal" {
name = "ssh-from-internal"
priority = 148
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.0.0.0/8"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.DBCanary.name}"
network_security_group_name = "${azurerm_network_security_group.DBCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn" {
name = "ssh-from-vpn"
priority = 149
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.254.4.0/23"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.DBCanary.name}"
network_security_group_name = "${azurerm_network_security_group.DBCanary.name}"
}
resource "azurerm_network_security_rule" "ssh" {
name = "ssh"
priority = 150
direction = "Inbound"
access = "Deny"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "Internet"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.DBCanary.name}"
network_security_group_name = "${azurerm_network_security_group.DBCanary.name}"
}
resource "azurerm_network_security_rule" "prometheus" {
name = "prometheus"
priority = 151
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.4.1.0/24"
destination_port_range = "9100"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.DBCanary.name}"
network_security_group_name = "${azurerm_network_security_group.DBCanary.name}"
}
resource "azurerm_subnet" "DBCanary" {
name = "DBCanary"
resource_group_name = "${var.vnet_resource_group}"
virtual_network_name = "${var.vnet_name}"
address_prefix = "${var.subnet_cidr}"
network_security_group_id = "${azurerm_network_security_group.DBCanary.id}"
}
output "subnet_id" {
value = "${azurerm_subnet.DBCanary.id}"
}
output "address_prefix" {
value = "${azurerm_subnet.DBCanary.address_prefix}"
}
output "resource_group_name" {
value = "DBCanary"
}
output "resource_group_id" {
value = "${azurerm_resource_group.DBCanary.id}"
}
variable "location" {}
variable "vnet_name" {}
variable "vnet_resource_group" {}
variable "subnet_cidr" {}
resource "azurerm_resource_group" "DeployCanary" {
name = "DeployCanary"
location = "${var.location}"
}
resource "azurerm_network_security_group" "DeployCanary" {
name = "DeployCanary"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.DeployCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn1-ext" {
name = "ssh-from-vpn1-ext"
priority = 146
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.194.133"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.DeployCanary.name}"
network_security_group_name = "${azurerm_network_security_group.DeployCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn2-ext" {
name = "ssh-from-vpn2-ext"
priority = 147
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.192.239"
destination_port_range = "22"