ターミナル
- wsl 2 をインストールする。
プログラムとファイルの検索で[appwiz.cpl]を入れてウィンドウ起動
windowsの機能の有効化または無効化をクリック
※以下にチェックを入れる
- LINUX用winsowsサブシステム
- 仮想マシンプラットフォーム
変更を適応して、再起動する。
ターミナルを起動して、パワーシェルで以下のコマンドを打ち込む。
wsl --set-default-version 2
出力されたurlを入力してmicrofostのサイトを開く。
以下の画面のようにWSL2 linuxカーネル更新プログラムパッケージをDL/インストール
インストール後、ターミナルの再起動をしてパワーシェルでコマンドを打ち様子を見る。
これでディストリビューションのインストールが可能になる。
Microfost StoreからUbuntu 20.04ターミナルをインストールする。
Ubuntu 20.04ターミナルを起動後インストール完了後に、ユーザ名・パスワードを求められるので入力
windows terminal からペンギンのマークを選ぶことでubuntuのターミナルを起動できる。
terraformコマンドインストール(winsows)
wgetとunzipをインストール
$ sudo apt install -y wget
$ sudo apt install -y unzip
公式サイトからzipファイルをダウンロード、インストール
こちらの公式サイトよりLinuxの64bitをインストールする。そして展開をする。
$ wget https://releases.hashicorp.com/terraform/1.1.2/terraform_1.1.2_linux_amd64.zip
$ unzip terraform_1.1.2_linux_amd64.zip
展開してできてたファイルを/usr/local/binにコピーする。
$ sudo cp terraform /usr/local/bin
以上で環境構築は終わり。バージョンも確認しておく。
$ terraform -v
terraformインストール
curl -fsSL https://apt.rereases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=$(dpkg -print-architecture)] https://apt.rereases.hashicorp.com $(lsb_release )
sudo apt install terraform
terraform -version
tfenvインストール
git clone https://github.com/tfutils/tfenv.git ~/.tfenv
echo 'export PATH="$HOME/.tfenv/bin:$PATH"' >> ~/.bash_profile
source ~/.bash_profile
tfenv install
tfenv list
VSCODE本体インストール
VSCODEプラグインインストール
azコマンドインストール
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
sudo apt-get update
sudo apt-get install ca-certificates curl apt-transport-https lsb-rerease gnupg
AZ_REPO=$(lsb_release -cs)
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main"
sudo tee /etc/apt/sources.list.d/azure-cli.list
sudo apt-get update
sudo apt-get install azure-cli
azureでterraformの実行ユーザ作成
- 1.azureにログイン
az login
ログインすることでIDとテナントIDが解るのでこれをユーザの作成に利用する。
PS C:\Users\DELL\Desktop> az login
- 2.azコマンドで(コントリビューター)ロールを作成する。
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/ID"
PS C:\Users\DELL\Desktop> az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/8424257c-03d6-4f2b-a0b6-01a06be27def"
Creating 'Contributor' role assignment under scope '/subscriptions/8424257c-03d6-4f2b-a0b6-01a06be27def'
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli
{
"appId": xxx
"displayName": "azure-cli-2022-01-05-14-21-33",
"password": xxx
"tenant": xxx
}
az login --service-principal -u xxx -p xxx -t xxx
PS C:\Users\DELL\Desktop> az login --service-principal -u xxx -p xxx -t xxx
- 4.az コマンドが通るか、確認する。
az vm list-sizes --location westus --output table
- 5.azureユーザ情報のID/PW/tenantを環境変数に入れる。
#環境変数追加
export ARM_SUBSCRIPTION_ID="xxx"
export ARM_CLIENT_ID="xxx"
export ARM_CLIENT_SECRET="xxx"
export ARM_TENANT_ID="xxx"
- リソースグループ作成
作業用ディレクトリ作成
mkdir terraform
vscodeでソースを作成
ターミナルはWSL:ubuntuプラグイン指定
- provider.tf
provider.tf
#https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#example-usage
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.46.0"
}
}
}
# Configure the Microsoft Azure Provider
provider "azurerm" {
features {}
}
- resource group
/terraform/resourcegroup.tf
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group#example-usage
resource "azurerm_resource_group" "resource_group" {
name = "t_resource_group" #必須
location = "japaneast" #必須
}
- terraform環境ファイル確認
ホームディレクトリに.terraformディレクトリが出来ている。
- terraformコマンドを行う
terraform init
terraform plan
terraform apply
- 変数ファイルlocals.tfの作成
locals.tf
locals.tf
locals {
resource_group_name = "t_resource_group" #必須
location = "japaneast" #必須
}
resourcegroup.tf
resourcegroup.tf
resource "azurerm_resource_group" "resource_group" {
name = local.resource_group_name
location = local.location
}
- versionの固定
tfenv list
tfenv use 0.14.9
vim .terraform-version
0.14.9
- VirtualNetworkの作成
- network
terraform/network.tf
locals.tf
locals.tf
locals {
resource_group_name = "t_resource_group" #必須
location = "japaneast" #必須
vnet_name = "t-virtual-network"
}
network.tf
network.tf
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network#example-usage
resource "azurerm_virtual_network" "vnet" {
name = local.vnet_name
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
address_space = ["10.0.0.0/16"]
ポータルを確認してリソース作成確認できる。
- サブネットの作成
locals.tf
locals.tf
locals {
resource_group_name = "t_resource_group" #必須
location = "japaneast" #必須
vnet_name = "t-virtual-network"
public_subnet_name = "public"
public_subnet_name = "private"
}
network.tf
network.tf
resource "azurerm_virtual_network" "vnet" {
name = local.vnet_name
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
address_space = ["10.0.0.0/16"]
resource "azurerm_subnet" "public" {
name = local.public_subnet_name
resource_group_name = azurerm_resource_group.resource_group.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_subnet" "private" {
name = local.private_subnet_name
resource_group_name = azurerm_resource_group.resource_group.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.2.0/24"]
}
terraform apply
- ネットワークインターフェースの作成
locals.tf
locals.tf
locals {
resource_group_name = "t_resource_group" #必須
location = "japaneast" #必須
vnet_name = "t-virtual-network"
public_subnet_name = "public"
public_subnet_name = "private"
vm_network_interface_name = "t-network_interface"
}
vm.tf
vm.tf
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface#example-usage
resource "azurerm_network_interface" "vm_network_interface" {
name = local.vm_network_interface_name
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
ip_configuration {
name = "vm_ip_configrationinternal"
subnet_id = azurerm_subnet.private.id
private_ip_address_allocation = "Dynamic"
}
}
terraform apply
- ネットワークセキュリティグループの作成
locals.tf
locals.tf
locals {
resource_group_name = "t_resource_group" #必須
location = "japaneast" #必須
vnet_name = "t-virtual-network"
public_subnet_name = "public"
public_subnet_name = "private"
vm_network_interface_name = "t-network-interface"
vm_security_group = "t-security-group"
}
vm.tf
vm.tf
resource "azurerm_network_interface" "vm_network_interface" {
name = local.vm_network_interface_name
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
ip_configuration {
name = "vm_ip_configrationinternal"
subnet_id = azurerm_subnet.private.id
private_ip_address_allocation = "Dynamic"
}
}
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group#example-usage
resource "azurerm_network_security_group" "vm_security_group" {
name = local.vm_security_group
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
}
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule#example-usage
resource "azurerm_network_security_rule" "rdp" {
name = "RDP"
priority = 100
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.resource_group.name
network_security_group_name = azurerm_network_security_group.vm_security_group.name
}
resource "azurerm_network_security_rule" "http" {
name = "HTTP"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.resource_group.name
network_security_group_name = azurerm_network_security_group.vm_security_group.name
}
resource "azurerm_network_interface_security_group_association" "security_group_association" {
network_interface_id = azurerm_network_interface.vm_network_interface.id
network_security_group_id = azurerm_network_security_group.vm_security_group.id
}
terraform apply
- 仮想マシンの作成
locals.tf
locals.tf
locals {
resource_group_name = "t_resource_group" #必須
location = "japaneast" #必須
vnet_name = "t-virtual-network"
public_subnet_name = "public"
public_subnet_name = "private"
vm_network_interface_name = "t-network-interface"
vm_security_group = "t-security-group"
vm_name = "t-virtual-machine"
vm_admin_username = "adminuser"
vm_admin_password = "P@$$w0rd1234!"
}
vm.tf
vm.tf
resource "azurerm_network_interface" "vm_network_interface" {
name = local.vm_network_interface_name
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
ip_configuration {
name = "vm_ip_configrationinternal"
subnet_id = azurerm_subnet.private.id
private_ip_address_allocation = "Dynamic"
}
}
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group#example-usage
resource "azurerm_network_security_group" "vm_security_group" {
name = local.vm_security_group
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
}
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule#example-usage
resource "azurerm_network_security_rule" "rdp" {
name = "RDP"
priority = 100
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.resource_group.name
network_security_group_name = azurerm_network_security_group.vm_security_group.name
}
resource "azurerm_network_security_rule" "http" {
name = "HTTP"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.resource_group.name
network_security_group_name = azurerm_network_security_group.vm_security_group.name
}
resource "azurerm_network_interface_security_group_association" "security_group_association" {
network_interface_id = azurerm_network_interface.vm_network_interface.id
network_security_group_id = azurerm_network_security_group.vm_security_group.id
}
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine#example-usage
vm_name = "t-virtual-machine
resource "azurerm_windows_virtual_machine" "vm" {
name = local.vm_name
resource_group_name = azurerm_resource_group.resource_group.name
location = azurerm_resource_group.resource_group.location
size = "Standard_F2"
admin_username = local.vm_admin_username
admin_password = local.vm_admin_password
network_interface_ids = [
azurerm_network_interface.vm_network_interface.id,
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
}
}
network.tf
network.tf
resource "azurerm_virtual_network" "vnet" {
name = local.vnet_name
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
address_space = ["10.0.0.0/16"]
resource "azurerm_subnet" "public" {
name = local.public_subnet_name
resource_group_name = azurerm_resource_group.resource_group.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_subnet" "private" {
name = local.private_subnet_name
resource_group_name = azurerm_resource_group.resource_group.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.2.0/24"]
}
terraform apply
- 踏み台インスタンス(Azure Bastion)の作成
locals.tf
locals.tf
locals {
resource_group_name = "t_resource_group" #必須
location = "japaneast" #必須
vnet_name = "t-virtual-network"
public_subnet_name = "public"
public_subnet_name = "private"
vm_network_interface_name = "t-network-interface"
vm_security_group = "t-security-group"
vm_name = "t-virtual-machine"
vm_admin_username = "adminuser"
vm_admin_password = "P@$$w0rd1234!"
bastion_public_ip_name = "t-bastion-public-ip"
bastion_host_name = "t-bastion"
}
bastion.tf
bastion.tf
resource "azurerm_public_ip" "bastion_public_ip" {
name = local.bastion_public_ip_name
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_bastion_host" "bastion_host" {
name = local.bastion_host_name
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
ip_configuration {
name = "vm_ip_configuration"
subnet_id = azurerm_subnet.example.id
public_ip_address_id = azurerm_public_ip.example.id
}
}