diff --git a/azureDeploy.parameters.json b/azureDeploy.parameters.json new file mode 100644 index 0000000..f738eb5 --- /dev/null +++ b/azureDeploy.parameters.json @@ -0,0 +1,27 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "networkSecurityGroupInboundSrcIP": { + "value": "0.0.0.0/0" + }, + "virtualNetworkAddressPrefix": { + "value": "192.168.0.0/16" + }, + "virtualNetworkNewOrExisting": { + "value": "existing" + }, + "username": { + "value": "DEFAULT-USER" + }, + "password": { + "value": "DEFAULT-PASSWORD" + }, + "storageAccountName": { + "value": "DEFAULT-STORAGE" + }, + "storageAccountNewOrExisting": { + "value": "existing" + } + } +} diff --git a/azuredeploy.json b/azuredeploy.json new file mode 100644 index 0000000..966bae1 --- /dev/null +++ b/azuredeploy.json @@ -0,0 +1,544 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "networkSecurityGroupName": { + "type": "string", + "defaultValue": "nsg-mgmt", + "metadata": { + "description": "Network Security Group Name" + } + }, + "networkSecurityGroupInboundSrcIP": { + "type": "string", + "metadata": { + "description": "Your source public IP address. Added to the inbound NSG on eth0 (MGMT), to restrict access to the deployment." + }, + "defaultValue": "0.0.0.0/0" + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "vnet-FW", + "metadata": { + "description": "Virtual Network Name" + } + }, + "virtualNetworkNewOrExisting": { + "type": "string", + "defaultValue": "new", + "allowedValues": [ + "new", + "existing" + ], + "metadata": { + "description": "Select whether to use a new or existing Virtual Network, specified by virtualNetworkName" + } + }, + "virtualNetworkAddressPrefix": { + "type": "string", + "defaultValue": "192.168.0.0/16", + "metadata": { + "description": "CIDR for Virtual Network" + } + }, + "MgmtSubnetName": { + "type": "string", + "defaultValue": "Mgmt", + "metadata": { + "description": "Subnet for Management Network" + } + }, + "mgmtSubnetPrefix": { + "type": "string", + "defaultValue": "192.168.0.0/24", + "metadata": { + "description": "CIDR for Management Network" + } + }, + "untrustedSubnetName": { + "type": "string", + "defaultValue": "Untrust", + "metadata": { + "description": "Subnet for Untrusted Network" + } + }, + "untrustedSubnetPrefix": { + "type": "string", + "defaultValue": "192.168.1.0/24", + "metadata": { + "description": "CIDR for Untrusted Network" + } + }, + "trustedSubnetName": { + "type": "string", + "defaultValue": "Trust", + "metadata": { + "description": "Subnet for Trusted Network" + } + }, + "trustedSubnetPrefix": { + "type": "string", + "defaultValue": "192.168.2.0/24", + "metadata": { + "description": "CIDR for Trusted Network" + } + }, + "appGatewayName": { + "type": "string", + "defaultValue": "myAppGw", + "metadata": { + "description": "App Gateway name - used to identify resource in Azure portal" + } + }, + "appGatewayDnsName": { + "type": "string", + "metadata": { + "description": "App Gateway Public IP DNS Name. Must be globally unique." + } + }, + "appGatewaySubnetName": { + "type": "string", + "defaultValue": "AppGWSubnet", + "metadata": { + "description": "Subnet for App Gateway" + } + }, + "appGatewaySubnetPrefix": { + "type": "string", + "defaultValue": "192.168.3.0/24", + "metadata": { + "description": "CIDR for App Gateway" + } + }, + "internalLoadBalancerName": { + "type": "string", + "defaultValue": "myPrivateLB", + "metadata": { + "description": "Internal Load Balancer name - used to identify resource in Azure portal" + } + }, + "backendSubnetName": { + "type": "string", + "defaultValue": "backendSubnet", + "metadata": { + "description": "Subnet for Backend WWW Network" + } + }, + "backendSubnetPrefix": { + "type": "string", + "defaultValue": "192.168.4.0/24", + "metadata": { + "description": "CIDR for Backend WWW Network" + } + }, + "backendVmSize": { + "type": "string", + "allowedValues": [ + "Standard_A1", + "Standard_D1", + "Standard_D1_v2" + ], + "metadata": { + "description": "Azure VM size for backend VMs. Not all sizes are available in all regions." + }, + "defaultValue": "Standard_D1" + }, + "firewallModel": { + "type": "string", + "defaultValue": "byol", + "allowedValues": [ + "byol", + "bundle1", + "bundle2" + ], + "metadata": { + "description": "byol = Bring Your Own License; bundle1 = Bundle 1 PAYG (Hourly); bundle2 = Bundle 2 PAYG (Hourly)" + } + }, + "firewallVmName": { + "type": "string", + "metadata": { + "description": "Name prefix of VM-Series VM in the Azure portal" + }, + "defaultValue": "VM-Series" + }, + "firewallVmSize": { + "type": "string", + "allowedValues": [ + "Standard_D3", + "Standard_D4", + "Standard_D3_v2", + "Standard_D4_v2", + "Standard_D5_v2", + "Standard_D14_v2", + "Standard_A4" + ], + "metadata": { + "description": "Azure VM size for VM-Series" + }, + "defaultValue": "Standard_D3" + }, + "MgmtPublicIPAddressName": { + "type": "string", + "metadata": { + "description": "DNS Name prefix of public IP resource for Management interface of VM-Series firewall. Name must be globally unique." + } + }, + "storageAccountName": { + "type": "string", + "metadata": { + "description": "Name of the storage account created to store the VM's disks. Storage account name must be globally unique." + } + }, + "storageAccountNewOrExisting" : { + "type": "string", + "defaultValue" : "new", + "allowedValues" : [ + "new", + "existing" + ], + "metadata": { + "Description": "Select new or existing Storage Account, specified by storageAccountName" + } + }, + "storageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS", + "Premium_LRS", + "Standard_RAGRS" + ], + "metadata": { + "description": "Type of the storage account created" + }, + "defaultValue": "Standard_LRS" + }, + "username": { + "type": "string", + "metadata": { + "description": "Username of the administrator account of VM instances" + } + }, + "authenticationType": { + "type": "string", + "metadata": { + "description": "Type of administrator user authentication " + }, + "allowedValues": [ + "sshPublicKey", + "password" + ], + "defaultValue": "password" + }, + "password": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Password for the administrator account of all VM instances. Must be specified if Authentication Type is 'password'." + } + }, + "sshPublicKey": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "SSH RSA public key file as a string. Must be specified if Authentication Type is 'sshPublicKey'." + } + } + }, + "variables": { + "location" : "[resourceGroup().location]", + "rgname" : "[resourceGroup().name]", + "LoadBalancerType" : "layer-7", + "firewallVmCount" : 2, + "baseUrl" : "https://raw.githubusercontent.com/PaloAltoNetworks/azure-applicationgateway/master/", + "nsgURL" : "[concat(variables('baseUrl'),'/nsg-new.json')]", + "vnetURL" : "[concat(variables('baseUrl'),'/vnet-', parameters('virtualNetworkNewOrExisting'),'.json')]", + "publicLBURL" : "[concat(variables('baseUrl'),'/public-lb-', variables('LoadBalancerType'), '.json')]", + "privateLBURL" : "[concat(variables('baseUrl'),'/private-lb-', parameters('authenticationType'),'.json')]", + "storageAccountSetupURL" : "[concat(variables('baseUrl'),'/storageAccount-',parameters('storageAccountNewOrExisting'),'.json')]", + "vmseriesURL" : "[concat(variables('baseUrl'),'/vmseries.json')]" + }, + "resources": [ + { + "name": "SetupNSG", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('nsgURL')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "location": { + "value": "[variables('location')]" + }, + "nsgName": { + "value": "[parameters('networkSecurityGroupName')]" + }, + "srcIPInboundNSG": { + "value": "[parameters('networkSecurityGroupInboundSrcIP')]" + }, + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" + } + } + } + }, + { + "name": "SetupVNET", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "dependsOn": [ + "Microsoft.Resources/deployments/SetupNSG" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('vnetURL')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "nsgName": { + "value": "[parameters('networkSecurityGroupName')]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" + }, + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" + }, + "subnet0Name": { + "value": "[parameters('MgmtSubnetName')]" + }, + "subnet1Name": { + "value": "[parameters('untrustedSubnetName')]" + }, + "subnet2Name": { + "value": "[parameters('trustedSubnetName')]" + }, + "subnetLBName": { + "value": "[parameters('appGatewaySubnetName')]" + }, + "subnetWWWName": { + "value": "[parameters('backendSubnetName')]" + }, + "subnet0Prefix": { + "value": "[parameters('mgmtSubnetPrefix')]" + }, + "subnet1Prefix": { + "value": "[parameters('untrustedSubnetPrefix')]" + }, + "subnet2Prefix": { + "value": "[parameters('trustedSubnetPrefix')]" + }, + "subnetLBPrefix": { + "value": "[parameters('appGatewaySubnetPrefix')]" + }, + "subnetWWWPrefix": { + "value": "[parameters('backendSubnetPrefix')]" + } + } + } + }, + { + "name": "SettingUpStorageAccount", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('storageAccountSetupURL')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "location": { + "value": "[variables('location')]" + }, + "storageAccountType": { + "value": "[parameters('storageAccountType')]" + }, + "storageAccountName": { + "value": "[parameters('storageAccountName')]" + } + } + } + }, + { + "name": "SetupVMSeries", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "dependsOn": [ + "Microsoft.Resources/deployments/SetupVNET" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('vmseriesURL')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "lbName": { + "value": "[parameters('appGatewayName')]" + }, + "vmCount": { + "value": "[variables('firewallVmCount')]" + }, + "vmName": { + "value": "[parameters('firewallVmName')]" + }, + "imageSku": { + "value": "[parameters('firewallModel')]" + }, + "vmSize": { + "value": "[parameters('firewallVmSize')]" + }, + "virtualNetworkName": { + "value": "[reference('SetupVNET').outputs.vnetName.value]" + }, + "virtualNetworkExistingRGName": { + "value": "[variables('rgname')]" + }, + "subnet0Name": { + "value": "[parameters('MgmtSubnetName')]" + }, + "subnet1Name": { + "value": "[parameters('untrustedSubnetName')]" + }, + "subnet2Name": { + "value": "[parameters('trustedSubnetName')]" + }, + "subnetLBName": { + "value": "[parameters('appGatewaySubnetName')]" + }, + "subnet0Prefix": { + "value": "[parameters('mgmtSubnetPrefix')]" + }, + "subnet1Prefix": { + "value": "[parameters('untrustedSubnetPrefix')]" + }, + "subnet2Prefix": { + "value": "[parameters('trustedSubnetPrefix')]" + }, + "subnetLBPrefix": { + "value": "[parameters('appGatewaySubnetPrefix')]" + }, + "adminUsername": { + "value": "[parameters('username')]" + }, + "adminPassword": { + "value": "[parameters('password')]" + }, + "baseUrl": { + "value": "[variables('baseUrl')]" + }, + "MgmtPublicIPAddressName": { + "value": "[parameters('MgmtPublicIPAddressName')]" + }, + "storageAccountName": { + "value": "[reference('SettingUpStorageAccount').outputs.sid.value]" + }, + "storageAccountNewOrExisting": { + "value": "[parameters('storageAccountNewOrExisting')]" + }, + "storageAccountType": { + "value": "[parameters('storageAccountType')]" + }, + "authenticationType": { + "value": "[parameters('authenticationType')]" + }, + "sshKey": { + "value": "[parameters('sshPublicKey')]" + } + } + } + }, + { + "name": "SetupPublicLoadBalancer", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "dependsOn": [ + "Microsoft.Resources/deployments/SetupVNET", + "Microsoft.Resources/deployments/SetupVMSeries" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('publicLBURL')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "lbName": { + "value": "[parameters('appGatewayName')]" + }, + "publicIPAddressName": { + "value": "[parameters('appGatewayDnsName')]" + }, + "vnetName": { + "value": "[reference('SetupVNET').outputs.vnetName.value]" + }, + "subnetName": { + "value": "[parameters('appGatewaySubnetName')]" + }, + "backendIPAddresses": { + "value": "[reference('SetupVMSeries').outputs.UntrustPrivateIPAddresses.value]" + } + } + } + }, + { + "name": "SetupInternalLoadBalancer", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "dependsOn": [ + "Microsoft.Resources/deployments/SetupVNET", + "Microsoft.Resources/deployments/SetupVMSeries" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('privateLBURL')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "storageAccountName": { + "value": "[reference('SettingUpStorageAccount').outputs.sid.value]" + }, + "virtualNetworkName": { + "value": "[reference('SetupVNET').outputs.vnetName.value]" + }, + "virtualNetworkExistingRGName": { + "value": "[variables('rgname')]" + }, + "lbName": { + "value": "[parameters('internalLoadBalancerName')]" + }, + "adminUsername": { + "value": "[parameters('username')]" + }, + "adminPassword": { + "value": "[parameters('password')]" + }, + "sshKey": { + "value": "[parameters('sshPublicKey')]" + }, + "subnetName": { + "value": "[parameters('backendSubnetName')]" + }, + "frontendSubnetName": { + "value": "[parameters('trustedSubnetName')]" + }, + "vmSize": { + "value": "[parameters('backendVmSize')]" + }, + "baseUrl": { + "value": "[variables('baseUrl')]" + } + } + } + } + ], + "outputs": { + } +} diff --git a/nsg-new.json b/nsg-new.json new file mode 100644 index 0000000..a651e16 --- /dev/null +++ b/nsg-new.json @@ -0,0 +1,74 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "nsgName": { + "type": "string" + }, + "srcIPInboundNSG": { + "type": "string" + }, + "virtualNetworkAddressPrefix": { + "type": "string" + } + }, + "variables": + { + "apiVersion": "2015-06-15" + }, + "resources": [ + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Network/networkSecurityGroups", + "name": "[parameters('nsgName')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [{ + "name": "Allow-Outside-From-IP", + "properties": { + "description": "Rule", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "[parameters('srcIPInboundNSG')]", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + } + }, { + "name": "Allow-Intra", + "properties": { + "description": "Allow intra network traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "[parameters('virtualNetworkAddressPrefix')]", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 101, + "direction": "Inbound" + } + }, { + "name": "Default-Deny", + "properties": { + "description": "Default-Deny if we don't match Allow rule", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 200, + "direction": "Inbound" + } + }] + } + } + ], + "outputs": { + } +} diff --git a/private-lb-password.json b/private-lb-password.json new file mode 100644 index 0000000..e8d1951 --- /dev/null +++ b/private-lb-password.json @@ -0,0 +1,291 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkName": { + "type": "string", + "metadata": { + "description": "This is the name of the Virtual Network" + } + }, + "virtualNetworkExistingRGName": { + "type": "string", + "metadata": { + "description": "This is the name of the Resource Group" + } + }, + "lbName": { + "type": "string", + "metadata": { + "description": "This is the name of the load balancer" + } + }, + "subnetName": { + "type": "string", + "defaultValue": "backendSubnet", + "metadata": { + "description": "This is the name of the backend subnet" + } + }, + "frontendSubnetName": { + "type": "string", + "defaultValue": "Trust", + "metadata": { + "description": "This is the name of the frontend subnet" + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password" + } + }, + "sshKey": { + "type": "string", + "metadata": { + "description": "ssh public key for admin user authentication" + } + }, + "imagePublisher": { + "type": "string", + "defaultValue": "Canonical", + "metadata": { + "description": "Image Publisher" + } + }, + "imageOffer": { + "type": "string", + "defaultValue": "UbuntuServer", + "metadata": { + "description": "Image Offer" + } + }, + "imageSKU": { + "type": "string", + "defaultValue": "16.04.0-LTS", + "metadata": { + "description": "Image SKU" + } + }, + "vmNamePrefix": { + "type": "string", + "defaultValue": "backendWWW-", + "metadata": { + "description": "This is the prefix name for the virtual machines" + } + }, + "storageAccountName": { + "type": "string", + "metadata": { + "description": "Storage account name" + } + }, + "vmSize": { + "type": "string", + "allowedValues": [ + "Standard_A1", + "Standard_D1", + "Standard_D1_v2" + ], + "defaultValue": "Standard_D1", + "metadata": { + "description": "This is the allowed list of VM sizes" + } + }, + "baseUrl": { + "type": "string", + "metadata": { + "description": "Base URL of templates and scripts" + } + } + }, + "variables": { + "availabilitySetName": "[concat('availabilitySet', substring(uniqueString(resourceGroup().id), 0, 4))]", + "networkInterfaceName": "[concat('web-', substring(uniqueString(resourceGroup().id), 0, 4), '-')]", + "storageAccountType": "Standard_LRS", + "vnetID": "[resourceId(parameters('virtualNetworkExistingRGName'),concat('Microsoft.Network','/','virtualNetworks'),parameters('virtualNetworkName'))]", + "subnetRef": "[concat(variables('vnetID'),'/subnets/',parameters ('subnetName'))]", + "frontendSubnetRef": "[concat(variables('vnetID'),'/subnets/',parameters ('frontendSubnetName'))]", + "numberOfInstances": 2, + "lbID": "[resourceId('Microsoft.Network/loadBalancers',parameters('lbName'))]" + }, + "resources": [ + { + "apiVersion": "2015-05-01-preview", + "type": "Microsoft.Compute/availabilitySets", + "name": "[variables('availabilitySetName')]", + "location": "[resourceGroup().location]" + }, + { + "apiVersion": "2015-05-01-preview", + "type": "Microsoft.Network/networkInterfaces", + "name": "[concat(variables('networkInterfaceName'), copyindex())]", + "location": "[resourceGroup().location]", + "copy": { + "name": "nicLoop", + "count": "[variables('numberOfInstances')]" + }, + "dependsOn": [ + "[concat('Microsoft.Network/loadBalancers/', parameters('lbName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[variables('subnetRef')]" + }, + "loadBalancerBackendAddressPools": [ + { + "id": "[concat(variables('lbID'), '/backendAddressPools/BackendPool1')]" + } + ] + } + } + ] + } + }, + { + "apiVersion": "2015-05-01-preview", + "type": "Microsoft.Network/loadBalancers", + "name": "[parameters('lbName')]", + "location": "[resourceGroup().location]", + "properties": { + "frontendIPConfigurations": [ + { + "properties": { + "subnet": { + "id": "[variables('frontendSubnetRef')]" + }, + "privateIPAllocationMethod": "Dynamic" + }, + "name": "LoadBalancerFrontend" + } + ], + "backendAddressPools": [ + { + "name": "BackendPool1" + } + ], + "loadBalancingRules": [ + { + "properties": { + "frontendIPConfiguration": { + "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('lbName')), '/frontendIpConfigurations/LoadBalancerFrontend')]" + }, + "backendAddressPool": { + "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('lbName')), '/backendAddressPools/BackendPool1')]" + }, + "probe": { + "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('lbName')), '/probes/lbprobe')]" + }, + "protocol": "Tcp", + "frontendPort": 80, + "backendPort": 80, + "idleTimeoutInMinutes": 15 + }, + "Name": "lbrule" + } + ], + "probes": [ + { + "properties": { + "protocol": "Tcp", + "port": 80, + "intervalInSeconds": 15, + "numberOfProbes": 2 + }, + "name": "lbprobe" + } + ] + } + }, + { + "apiVersion": "2015-06-15", + "type": "Microsoft.Compute/virtualMachines", + "name": "[concat(parameters('vmNamePrefix'), substring(uniqueString(resourceGroup().id), 0, 4), '-', copyindex())]", + "copy": { + "name": "virtualMachineLoop", + "count": "[variables('numberOfInstances')]" + }, + "location": "[resourceGroup().location]", + "dependsOn": [ + "[concat('Microsoft.Network/networkInterfaces/', variables('networkInterfaceName'), copyindex())]", + "[concat('Microsoft.Compute/availabilitySets/', variables('availabilitySetName'))]" + ], + "properties": { + "availabilitySet": { + "id": "[resourceId('Microsoft.Compute/availabilitySets',variables('availabilitySetName'))]" + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[concat(parameters('vmNamePrefix'), copyIndex())]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('imagePublisher')]", + "offer": "[parameters('imageOffer')]", + "sku": "[parameters('imageSKU')]", + "version": "latest" + }, + "osDisk": { + "name": "osdisk", + "vhd": { + "uri": "[concat('http://',parameters('storageAccountName'),'.blob.core.windows.net/vhds/','osdisk', copyindex(), '.vhd')]" + }, + "caching": "ReadWrite", + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat(variables('networkInterfaceName'),copyindex()))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": "true", + "storageUri": "[concat('http://',parameters('storageAccountName'),'.blob.core.windows.net')]" + } + } + } + }, + { + "name": "[concat(parameters('vmNamePrefix'), substring(uniqueString(resourceGroup().id), 0, 4), '-', copyindex(), '/installcustomscript')]", + "type": "Microsoft.Compute/virtualMachines/extensions", + "copy": { + "name": "apacheLoop", + "count": "[variables('numberOfInstances')]" + }, + "location": "[resourceGroup().location]", + "apiVersion": "2015-06-15", + "dependsOn": ["virtualMachineLoop"], + "tags": { + "displayName": "scriptextensiondemo" + }, + "properties": { + "publisher": "Microsoft.Azure.Extensions", + "type": "CustomScript", + "typeHandlerVersion": "2.0", + "autoUpgradeMinorVersion": true, + "settings": { + "commandToExecute": "apt-get -y update && apt-get install -y apache2" + } + } + } + ] +} diff --git a/private-lb-sshPublicKey.json b/private-lb-sshPublicKey.json new file mode 100644 index 0000000..bc7efb4 --- /dev/null +++ b/private-lb-sshPublicKey.json @@ -0,0 +1,302 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkName": { + "type": "string", + "metadata": { + "description": "This is the name of the Virtual Network" + } + }, + "virtualNetworkExistingRGName": { + "type": "string", + "metadata": { + "description": "This is the name of the Resource Group" + } + }, + "lbName": { + "type": "string", + "metadata": { + "description": "This is the name of the load balancer" + } + }, + "subnetName": { + "type": "string", + "defaultValue": "backendSubnet", + "metadata": { + "description": "This is the name of the backend subnet" + } + }, + "frontendSubnetName": { + "type": "string", + "defaultValue": "Trust", + "metadata": { + "description": "This is the name of the frontend subnet" + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password" + } + }, + "sshKey": { + "type": "string", + "metadata": { + "description": "ssh public key for admin user authentication" + } + }, + "imagePublisher": { + "type": "string", + "defaultValue": "Canonical", + "metadata": { + "description": "Image Publisher" + } + }, + "imageOffer": { + "type": "string", + "defaultValue": "UbuntuServer", + "metadata": { + "description": "Image Offer" + } + }, + "imageSKU": { + "type": "string", + "defaultValue": "16.04.0-LTS", + "metadata": { + "description": "Image SKU" + } + }, + "vmNamePrefix": { + "type": "string", + "defaultValue": "backendWWW-", + "metadata": { + "description": "This is the prefix name for the virtual machines" + } + }, + "storageAccountName": { + "type": "string", + "metadata": { + "description": "Storage account name" + } + }, + "vmSize": { + "type": "string", + "allowedValues": [ + "Standard_A1", + "Standard_D1", + "Standard_D1_v2" + ], + "defaultValue": "Standard_D1", + "metadata": { + "description": "This is the allowed list of VM sizes" + } + }, + "baseUrl": { + "type": "string", + "metadata": { + "description": "Base URL of templates and scripts" + } + } + }, + "variables": { + "sshKeyPath": "[concat('/home/',parameters('adminUsername'),'/.ssh/authorized_keys')]", + "availabilitySetName": "[concat('availabilitySet', substring(uniqueString(resourceGroup().id), 0, 4))]", + "networkInterfaceName": "[concat('web-', substring(uniqueString(resourceGroup().id), 0, 4), '-')]", + "storageAccountType": "Standard_LRS", + "vnetID": "[resourceId(parameters('virtualNetworkExistingRGName'),concat('Microsoft.Network','/','virtualNetworks'),parameters('virtualNetworkName'))]", + "subnetRef": "[concat(variables('vnetID'),'/subnets/',parameters ('subnetName'))]", + "frontendSubnetRef": "[concat(variables('vnetID'),'/subnets/',parameters ('frontendSubnetName'))]", + "numberOfInstances": 2, + "lbID": "[resourceId('Microsoft.Network/loadBalancers',parameters('lbName'))]" + }, + "resources": [ + { + "apiVersion": "2015-05-01-preview", + "type": "Microsoft.Compute/availabilitySets", + "name": "[variables('availabilitySetName')]", + "location": "[resourceGroup().location]" + }, + { + "apiVersion": "2015-05-01-preview", + "type": "Microsoft.Network/networkInterfaces", + "name": "[concat(variables('networkInterfaceName'), copyindex())]", + "location": "[resourceGroup().location]", + "copy": { + "name": "nicLoop", + "count": "[variables('numberOfInstances')]" + }, + "dependsOn": [ + "[concat('Microsoft.Network/loadBalancers/', parameters('lbName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[variables('subnetRef')]" + }, + "loadBalancerBackendAddressPools": [ + { + "id": "[concat(variables('lbID'), '/backendAddressPools/BackendPool1')]" + } + ] + } + } + ] + } + }, + { + "apiVersion": "2015-05-01-preview", + "type": "Microsoft.Network/loadBalancers", + "name": "[parameters('lbName')]", + "location": "[resourceGroup().location]", + "properties": { + "frontendIPConfigurations": [ + { + "properties": { + "subnet": { + "id": "[variables('frontendSubnetRef')]" + }, + "privateIPAllocationMethod": "Dynamic" + }, + "name": "LoadBalancerFrontend" + } + ], + "backendAddressPools": [ + { + "name": "BackendPool1" + } + ], + "loadBalancingRules": [ + { + "properties": { + "frontendIPConfiguration": { + "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('lbName')), '/frontendIpConfigurations/LoadBalancerFrontend')]" + }, + "backendAddressPool": { + "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('lbName')), '/backendAddressPools/BackendPool1')]" + }, + "probe": { + "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('lbName')), '/probes/lbprobe')]" + }, + "protocol": "Tcp", + "frontendPort": 80, + "backendPort": 80, + "idleTimeoutInMinutes": 15 + }, + "Name": "lbrule" + } + ], + "probes": [ + { + "properties": { + "protocol": "Tcp", + "port": 80, + "intervalInSeconds": 15, + "numberOfProbes": 2 + }, + "name": "lbprobe" + } + ] + } + }, + { + "apiVersion": "2015-06-15", + "type": "Microsoft.Compute/virtualMachines", + "name": "[concat(parameters('vmNamePrefix'), substring(uniqueString(resourceGroup().id), 0, 4), '-', copyindex())]", + "copy": { + "name": "virtualMachineLoop", + "count": "[variables('numberOfInstances')]" + }, + "location": "[resourceGroup().location]", + "dependsOn": [ + "[concat('Microsoft.Network/networkInterfaces/', variables('networkInterfaceName'), copyindex())]", + "[concat('Microsoft.Compute/availabilitySets/', variables('availabilitySetName'))]" + ], + "properties": { + "availabilitySet": { + "id": "[resourceId('Microsoft.Compute/availabilitySets',variables('availabilitySetName'))]" + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[concat(parameters('vmNamePrefix'), copyIndex())]", + "adminUsername": "[parameters('adminUsername')]", + "linuxConfiguration": { + "disablePasswordAuthentication": "true", + "ssh": { + "publicKeys": [ + { + "path": "[variables('sshKeyPath')]", + "keyData": "[parameters('sshKey')]" + } + ] + } + } + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('imagePublisher')]", + "offer": "[parameters('imageOffer')]", + "sku": "[parameters('imageSKU')]", + "version": "latest" + }, + "osDisk": { + "name": "osdisk", + "vhd": { + "uri": "[concat('http://',parameters('storageAccountName'),'.blob.core.windows.net/vhds/','osdisk', copyindex(), '.vhd')]" + }, + "caching": "ReadWrite", + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat(variables('networkInterfaceName'),copyindex()))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": "true", + "storageUri": "[concat('http://',parameters('storageAccountName'),'.blob.core.windows.net')]" + } + } + } + }, + { + "name": "[concat(parameters('vmNamePrefix'), substring(uniqueString(resourceGroup().id), 0, 4), '-', copyindex(), '/installcustomscript')]", + "type": "Microsoft.Compute/virtualMachines/extensions", + "copy": { + "name": "apacheLoop", + "count": "[variables('numberOfInstances')]" + }, + "location": "[resourceGroup().location]", + "apiVersion": "2015-06-15", + "dependsOn": ["virtualMachineLoop"], + "tags": { + "displayName": "scriptextensiondemo" + }, + "properties": { + "publisher": "Microsoft.Azure.Extensions", + "type": "CustomScript", + "typeHandlerVersion": "2.0", + "autoUpgradeMinorVersion": true, + "settings": { + "commandToExecute": "apt-get -y update && apt-get install -y apache2" + } + } + } + ] +} diff --git a/public-lb-layer-7.json b/public-lb-layer-7.json new file mode 100644 index 0000000..68f2aa3 --- /dev/null +++ b/public-lb-layer-7.json @@ -0,0 +1,180 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "lbName": { + "type": "string", + "defaultValue": "myPublicLB", + "metadata": { + "description": "Public Load Balancer name" + } + }, + "publicIPAddressName": { + "type": "string", + "defaultValue": "myPublicLBName", + "metadata": { + "description": "Public Load Balancer IP Name" + } + }, + "vnetName": { + "type": "string", + "defaultValue": "myVNET", + "metadata": { + "description": "VNET name" + } + }, + "skuName": { + "type": "string", + "allowedValues": [ + "Standard_Small", + "Standard_Medium", + "Standard_Large" + ], + "defaultValue": "Standard_Medium", + "metadata": { + "description": "Sku Name" + } + }, + "capacity": { + "type": "int", + "defaultValue": 2, + "metadata": { + "description": "Number of instances" + } + }, + "backendIPAddresses": { + "type": "array", + "defaultValue": [ + { + "IpAddress": "10.0.0.4" + }, + { + "IpAddress": "10.0.0.5" + } + ], + "metadata": { + "description": "back end pool ip addresses" + } + }, + "subnetName": { + "type": "string", + "defaultValue": "UntrustLB", + "metadata": { + "description": "App Gateway subnet Name" + } + } + }, + "variables": { + "applicationGatewayName": "[parameters('lbName')]", + "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',parameters('vnetName'))]", + "subnetRef": "[concat(variables('vnetID'),'/subnets/',parameters('subnetName'))]", + "publicIPRef": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('publicIPAddressName'))]", + "applicationGatewayID": "[resourceId('Microsoft.Network/applicationGateways',variables('applicationGatewayName'))]", + "apiVersion": "2015-05-01-preview" + }, + "resources": [ + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Network/publicIPAddresses", + "name": "[parameters('publicIPAddressName')]", + "location": "[resourceGroup().location]", + "properties": { + "publicIPAllocationMethod": "Dynamic" + } + }, + { + "apiVersion": "[variables('apiVersion')]", + "name": "[variables('applicationGatewayName')]", + "type": "Microsoft.Network/applicationGateways", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/', parameters('publicIPAddressName'))]" + ], + "properties": { + "sku": { + "name": "[parameters('skuName')]", + "tier": "Standard", + "capacity": "[parameters('capacity')]" + }, + "gatewayIPConfigurations": [ + { + "name": "appGatewayIpConfig", + "properties": { + "subnet": { + "id": "[variables('subnetRef')]" + } + } + } + ], + "frontendIPConfigurations": [ + { + "name": "appGatewayFrontendIP", + "properties": { + "PublicIPAddress": { + "id": "[variables('publicIPRef')]" + } + } + } + ], + "frontendPorts": [ + { + "name": "appGatewayFrontendPort", + "properties": { + "Port": 80 + } + } + ], + "backendAddressPools": [ + { + "name": "appGatewayBackendPool", + "properties": { + "BackendAddresses": "[parameters('backendIPAddresses')]" + } + } + ], + "backendHttpSettingsCollection": [ + { + "name": "appGatewayBackendHttpSettings", + "properties": { + "Port": 80, + "Protocol": "Http", + "CookieBasedAffinity": "Disabled" + } + } + ], + "httpListeners": [ + { + "name": "appGatewayHttpListener", + "properties": { + "FrontendIPConfiguration": { + "Id": "[concat(variables('applicationGatewayID'), '/frontendIPConfigurations/appGatewayFrontendIP')]" + }, + "FrontendPort": { + "Id": "[concat(variables('applicationGatewayID'), '/frontendPorts/appGatewayFrontendPort')]" + }, + "Protocol": "Http", + "SslCertificate": null + } + } + ], + "requestRoutingRules": [ + { + "Name": "rule1", + "properties": { + "RuleType": "Basic", + "httpListener": { + "id": "[concat(variables('applicationGatewayID'), '/httpListeners/appGatewayHttpListener')]" + }, + "backendAddressPool": { + "id": "[concat(variables('applicationGatewayID'), '/backendAddressPools/appGatewayBackendPool')]" + }, + "backendHttpSettings": { + "id": "[concat(variables('applicationGatewayID'), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]" + } + } + } + ] + } + } + ] +} diff --git a/publicip-new.json b/publicip-new.json new file mode 100644 index 0000000..04fc99d --- /dev/null +++ b/publicip-new.json @@ -0,0 +1,45 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "MgmtPublicIPAddressName": { + "type": "string" + }, + "publicIPAddressType": { + "type": "string" + }, + "baseUrl": { + "type": "string" + } + }, + "variables": { + "mgmt": "[concat('mgmtIP-', parameters('MgmtPublicIPAddressName'))]" + }, + "resources": [ + { + "apiVersion": "2015-06-15", + "type": "Microsoft.Network/publicIPAddresses", + "name": "[variables('mgmt')]", + "location": "[parameters('location')]", + "properties": { + "publicIPAllocationMethod": "[parameters('publicIPAddressType')]", + "dnsSettings": { + "domainNameLabel": "[parameters('MgmtPublicIPAddressName')]" + } + } + } + ], + "outputs": { + "publicIpId": { + "value": "[resourceId(concat('Microsoft.Network','/','publicIPAddresses'),variables('mgmt'))]", + "type": "string" + }, + "fqdn": { + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',variables('mgmt')),providers('Microsoft.Network', 'publicIPAddresses').apiVersions[0]).dnsSettings.fqdn]", + "type": "string" + } + } +} diff --git a/setupNICS-new.json b/setupNICS-new.json new file mode 100644 index 0000000..7e3e6a6 --- /dev/null +++ b/setupNICS-new.json @@ -0,0 +1,126 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "nicName": { + "type": "string" + }, + "subnet0Name": { + "type": "string" + }, + "subnet1Name": { + "type": "string" + }, + "subnet2Name": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkExistingRGName": { + "type": "string" + }, + "MgmtPublicIPAddressName": { + "type": "string" + }, + "baseUrl": { + "type": "string" + } + }, + "variables": { + "vnetID": "[resourceId(parameters('virtualNetworkExistingRGName'),concat('Microsoft.Network','/','virtualNetworks'),parameters('virtualNetworkName'))]", + "subnet0Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet0Name'))]", + "subnet1Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet1Name'))]", + "subnet2Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet2Name'))]", + "mgmtpip": "[concat('mgmtIP-', parameters('MgmtPublicIPAddressName'))]", + "setupUntrustNICURL": "[concat(parameters('baseUrl'),'/setupNICS-untrust.json')]" + }, + "resources": [ + { + "name": "[concat('eth0-', parameters('nicName'))]", + "type": "Microsoft.Network/networkInterfaces", + "location": "[parameters('location')]", + "apiVersion": "2015-06-15", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig-mgmt", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('mgmtpip'))]" + }, + "subnet": { + "id": "[variables('subnet0Ref')]" + } + } + } + ] + } + }, + { + "name": "[concat('SetupNetworkInterfaceUntrust-', parameters('nicName'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "dependsOn": [ + "[concat('eth0-', parameters('nicName'))]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('setupUntrustNICURL')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "nicName": { + "value": "[parameters('nicName')]" + }, + "subnet1Name": { + "value": "[parameters('subnet1Name')]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" + }, + "virtualNetworkExistingRGName": { + "value": "[parameters('virtualNetworkExistingRGName')]" + }, + } + } + }, + { + "name": "[concat('eth2-', parameters('nicName'))]", + "type": "Microsoft.Network/networkInterfaces", + "location": "[parameters('location')]", + "apiVersion": "2015-06-15", + "dependsOn": [ + "[concat('SetupNetworkInterfaceUntrust-', parameters('nicName'))]" + ], + "properties": { + "enableIPForwarding": true, + "ipConfigurations": [ + { + "name": "ipconfig-trust", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[variables('subnet2Ref')]" + } + } + } + ] + } + } + ], + "outputs": { + "UntrustPrivateIPAddress": { + "value": "[reference(concat('SetupNetworkInterfaceUntrust-', parameters('nicName'))).outputs.UntrustPrivateIPAddress.value]", + "type": "string" + } + } +} diff --git a/setupNICS-untrust.json b/setupNICS-untrust.json new file mode 100644 index 0000000..8bcf9f6 --- /dev/null +++ b/setupNICS-untrust.json @@ -0,0 +1,53 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "nicName": { + "type": "string" + }, + "subnet1Name": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkExistingRGName": { + "type": "string" + } + }, + "variables": { + "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]", + "subnet1Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet1Name'))]" + }, + "resources": [ + { + "name": "[concat('eth1-', parameters('nicName'))]", + "type": "Microsoft.Network/networkInterfaces", + "location": "[parameters('location')]", + "apiVersion": "2015-06-15", + "properties": { + "enableIPForwarding": true, + "ipConfigurations": [ + { + "name": "ipconfig-untrust", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[variables('subnet1Ref')]" + } + } + } + ] + } + } + ], + "outputs": { + "UntrustPrivateIPAddress": { + "value": "[reference(concat('eth1-', parameters('nicName'))).ipConfigurations[0].properties.privateIPAddress]", + "type": "string" + } + } +} diff --git a/storageAccount-existing.json b/storageAccount-existing.json new file mode 100644 index 0000000..916209b --- /dev/null +++ b/storageAccount-existing.json @@ -0,0 +1,34 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "storageAccountName": { + "type": "string", + "metadata": { + "Description": "The name of the new storage account created to store the VMs disks" + } + }, + "storageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS", + "Standard_RAGRS" + ], + "metadata": { + "Description": "The type of the Storage Account created" + }, + "defaultValue": "Standard_LRS" + } + }, + "resources": [], + "outputs": { + "sid": { + "value": "[parameters('storageAccountName')]", + "type": "string" + } + } +} diff --git a/storageAccount-new.json b/storageAccount-new.json new file mode 100644 index 0000000..b1f60d9 --- /dev/null +++ b/storageAccount-new.json @@ -0,0 +1,47 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "storageAccountName": { + "type": "string", + "metadata": { + "Description": "The name of the new storage account created to store the VMs disks" + } + }, + "storageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS", + "Standard_RAGRS" + ], + "metadata": { + "Description": "The type of the Storage Account created" + }, + "defaultValue": "Standard_LRS" + }, + }, + "variables": { + "stname": "[parameters('storageAccountName')]" + }, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "name": "[variables('stname')]", + "apiVersion": "2015-06-15", + "location": "[parameters('location')]", + "properties": { + "accountType": "[parameters('storageAccountType')]" + } + } + ], + "outputs": { + "sid": { + "value": "[variables('stname')]", + "type": "string" + } + } +} diff --git a/virtual-machine-password-bs-no.json b/virtual-machine-password-bs-no.json new file mode 100644 index 0000000..d788ad0 --- /dev/null +++ b/virtual-machine-password-bs-no.json @@ -0,0 +1,110 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "vmName": { + "type": "string" + }, + "availabilitySetName": { + "type": "string" + }, + "imageSku": { + "type": "string" + }, + "imageOffer": { + "type": "string" + }, + "imagePublisher": { + "type": "string" + }, + "nicName": { + "type": "string" + }, + "vmSize": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "adminPassword": { + "type": "securestring" + }, + "storageAccountName": { + "type": "string" + }, + "BootstrapUri": { + "type": "string" + }, + "BootstrapUriSizeGB": { + "type": "string" + }, + "sshKey": { + "type": "string" + }, + }, + "variables": { + "apiVersion": "2015-06-15" + }, + "resources": [ + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Compute/virtualMachines", + "name": "[parameters('vmName')]", + "location": "[parameters('location')]", + "plan": { + "name": "[parameters('imageSku')]", + "product": "[parameters('imageOffer')]", + "publisher": "[parameters('imagePublisher')]" + }, + "properties": { + "availabilitySet": { + "id": "[resourceId('Microsoft.Compute/availabilitySets',parameters('availabilitySetName'))]" + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[parameters('vmName')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('imagePublisher')]", + "offer": "[parameters('imageOffer')]", + "sku": "[parameters('imageSku')]", + "version": "latest" + }, + "osDisk": { + "name": "osdisk", + "vhd": { + "uri": "[concat('http://', parameters('storageAccountName'), '.blob.core.windows.net/vhds/', parameters('vmName'), '-', parameters('imageOffer'), '-', parameters('imageSku'), '.vhd')]" + }, + "caching": "ReadWrite", + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [{ + "id": "[resourceId('Microsoft.Network/networkInterfaces', concat('eth0-', parameters('nicName')))]", + "properties": { + "primary": true + } + }, { + "id": "[resourceId('Microsoft.Network/networkInterfaces', concat('eth1-', parameters('nicName')))]", + "properties": { + "primary": false + } + }, { + "id": "[resourceId('Microsoft.Network/networkInterfaces', concat('eth2-', parameters('nicName')))]", + "properties": { + "primary": false + } + }] + } + } + }] +} diff --git a/virtual-machine-password-bs-yes.json b/virtual-machine-password-bs-yes.json new file mode 100644 index 0000000..9fc3e87 --- /dev/null +++ b/virtual-machine-password-bs-yes.json @@ -0,0 +1,122 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "vmName": { + "type": "string" + }, + "availabilitySetName": { + "type": "string" + }, + "imageSku": { + "type": "string" + }, + "imageOffer": { + "type": "string" + }, + "imagePublisher": { + "type": "string" + }, + "nicName": { + "type": "string" + }, + "vmSize": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "adminPassword": { + "type": "securestring" + }, + "storageAccountName": { + "type": "string" + }, + "BootstrapUri": { + "type": "string" + }, + "BootstrapUriSizeGB": { + "type": "string" + }, + "sshKey": { + "type": "string" + }, + }, + "variables": { + "apiVersion": "2015-06-15" + }, + "resources": [ + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Compute/virtualMachines", + "name": "[parameters('vmName')]", + "location": "[parameters('location')]", + "plan": { + "name": "[parameters('imageSku')]", + "product": "[parameters('imageOffer')]", + "publisher": "[parameters('imagePublisher')]" + }, + "properties": { + "availabilitySet": { + "id": "[resourceId('Microsoft.Compute/availabilitySets',parameters('availabilitySetName'))]" + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[parameters('vmName')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('imagePublisher')]", + "offer": "[parameters('imageOffer')]", + "sku": "[parameters('imageSku')]", + "version": "latest" + }, + "dataDisks": [ + { + "name": "datadisk1", + "diskSizeGB": "[parameters('BootstrapUriSizeGB')]", + "lun": 0, + "vhd": { + "uri": "[parameters('BootstrapUri')]" + }, + "caching": "ReadOnly", + "createOption": "Attach" + } + ], + "osDisk": { + "name": "osdisk", + "vhd": { + "uri": "[concat('http://', parameters('storageAccountName'), '.blob.core.windows.net/vhds/', parameters('vmName'), '-', parameters('imageOffer'), '-', parameters('imageSku'), '.vhd')]" + }, + "caching": "ReadWrite", + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [{ + "id": "[resourceId('Microsoft.Network/networkInterfaces', concat('eth0-', parameters('nicName')))]", + "properties": { + "primary": true + } + }, { + "id": "[resourceId('Microsoft.Network/networkInterfaces', concat('eth1-', parameters('nicName')))]", + "properties": { + "primary": false + } + }, { + "id": "[resourceId('Microsoft.Network/networkInterfaces', concat('eth2-', parameters('nicName')))]", + "properties": { + "primary": false + } + }] + } + } + }] +} diff --git a/virtual-machine-sshPublicKey-bs-no.json b/virtual-machine-sshPublicKey-bs-no.json new file mode 100644 index 0000000..b7ab692 --- /dev/null +++ b/virtual-machine-sshPublicKey-bs-no.json @@ -0,0 +1,121 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "vmName": { + "type": "string" + }, + "availabilitySetName": { + "type": "string" + }, + "imageSku": { + "type": "string" + }, + "imageOffer": { + "type": "string" + }, + "imagePublisher": { + "type": "string" + }, + "nicName": { + "type": "string" + }, + "vmSize": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "adminPassword": { + "type": "securestring" + }, + "storageAccountName": { + "type": "string" + }, + "BootstrapUri": { + "type": "string" + }, + "BootstrapUriSizeGB": { + "type": "string" + }, + "sshKey": { + "type": "string" + }, + }, + "variables": { + "apiVersion": "2015-06-15", + "sshKeyPath": "[concat('/home/',parameters('adminUsername'),'/.ssh/authorized_keys')]" + }, + "resources": [ + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Compute/virtualMachines", + "name": "[parameters('vmName')]", + "location": "[parameters('location')]", + "plan": { + "name": "[parameters('imageSku')]", + "product": "[parameters('imageOffer')]", + "publisher": "[parameters('imagePublisher')]" + }, + "properties": { + "availabilitySet": { + "id": "[resourceId('Microsoft.Compute/availabilitySets',parameters('availabilitySetName'))]" + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[parameters('vmName')]", + "adminUsername": "[parameters('adminUsername')]", + "linuxConfiguration": { + "disablePasswordAuthentication": "true", + "ssh": { + "publicKeys": [ + { + "path": "[variables('sshKeyPath')]", + "keyData": "[parameters('sshKey')]" + } + ] + } + } + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('imagePublisher')]", + "offer": "[parameters('imageOffer')]", + "sku": "[parameters('imageSku')]", + "version": "latest" + }, + "osDisk": { + "name": "osdisk", + "vhd": { + "uri": "[concat('http://', parameters('storageAccountName'), '.blob.core.windows.net/vhds/', parameters('vmName'), '-', parameters('imageOffer'), '-', parameters('imageSku'), '.vhd')]" + }, + "caching": "ReadWrite", + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [{ + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat('eth0-', parameters('nicName')))]", + "properties": { + "primary": true + } + }, { + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat('eth1-', parameters('nicName')))]", + "properties": { + "primary": false + } + }, { + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat('eth2-', parameters('nicName')))]", + "properties": { + "primary": false + } + }] + } + } + }] +} diff --git a/virtual-machine-sshPublicKey-bs-yes.json b/virtual-machine-sshPublicKey-bs-yes.json new file mode 100644 index 0000000..79e275f --- /dev/null +++ b/virtual-machine-sshPublicKey-bs-yes.json @@ -0,0 +1,133 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "vmName": { + "type": "string" + }, + "availabilitySetName": { + "type": "string" + }, + "imageSku": { + "type": "string" + }, + "imageOffer": { + "type": "string" + }, + "imagePublisher": { + "type": "string" + }, + "nicName": { + "type": "string" + }, + "vmSize": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "adminPassword": { + "type": "securestring" + }, + "storageAccountName": { + "type": "string" + }, + "BootstrapUri": { + "type": "string" + }, + "BootstrapUriSizeGB": { + "type": "string" + }, + "sshKey": { + "type": "string" + }, + }, + "variables": { + "apiVersion": "2015-06-15", + "sshKeyPath": "[concat('/home/',parameters('adminUsername'),'/.ssh/authorized_keys')]" + }, + "resources": [ + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Compute/virtualMachines", + "name": "[parameters('vmName')]", + "location": "[parameters('location')]", + "plan": { + "name": "[parameters('imageSku')]", + "product": "[parameters('imageOffer')]", + "publisher": "[parameters('imagePublisher')]" + }, + "properties": { + "availabilitySet": { + "id": "[resourceId('Microsoft.Compute/availabilitySets',parameters('availabilitySetName'))]" + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[parameters('vmName')]", + "adminUsername": "[parameters('adminUsername')]", + "linuxConfiguration": { + "disablePasswordAuthentication": "true", + "ssh": { + "publicKeys": [ + { + "path": "[variables('sshKeyPath')]", + "keyData": "[parameters('sshKey')]" + } + ] + } + } + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('imagePublisher')]", + "offer": "[parameters('imageOffer')]", + "sku": "[parameters('imageSku')]", + "version": "latest" + }, + "dataDisks": [ + { + "name": "datadisk1", + "diskSizeGB": "[parameters('BootstrapUriSizeGB')]", + "lun": 0, + "vhd": { + "uri": "[parameters('BootstrapUri')]" + }, + "caching": "ReadOnly", + "createOption": "Attach" + } + ], + "osDisk": { + "name": "osdisk", + "vhd": { + "uri": "[concat('http://', parameters('storageAccountName'), '.blob.core.windows.net/vhds/', parameters('vmName'), '-', parameters('imageOffer'), '-', parameters('imageSku'), '.vhd')]" + }, + "caching": "ReadWrite", + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [{ + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat('eth0-', parameters('nicName')))]", + "properties": { + "primary": true + } + }, { + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat('eth1-', parameters('nicName')))]", + "properties": { + "primary": false + } + }, { + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat('eth2-', parameters('nicName')))]", + "properties": { + "primary": false + } + }] + } + } + }] +} diff --git a/vmseries.json b/vmseries.json new file mode 100644 index 0000000..646ad59 --- /dev/null +++ b/vmseries.json @@ -0,0 +1,411 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "lbName": { + "type": "string", + "metadata": { + "description": "Public Load Balancer name" + } + }, + "vmCount": { + "type": "int", + "defaultValue": 2, + "metadata": { + "description": "Number of VM-Series firewall" + } + }, + "vmName": { + "type": "string", + "metadata": { + "description": "Name of VM-Series VM in the Azure portal" + }, + "defaultValue": "VM-Series" + }, + "vmSize": { + "type": "string", + "allowedValues": [ + "Standard_D3", + "Standard_D4", + "Standard_D3_v2", + "Standard_D4_v2", + "Standard_D5_v2", + "Standard_D14_v2", + "Standard_A4" + ], + "metadata": { + "description": "Azure VM size for VM-Series" + }, + "defaultValue": "Standard_D3" + }, + "imageSku": { + "type": "string", + "allowedValues": [ + "byol", + "bundle1", + "bundle2" + ], + "metadata": { + "description": "byol = Bring Your Own License; bundle1 = Bundle 1 PAYG (Hourly); bundle2 = Bundle 2 PAYG (Hourly)" + }, + "defaultValue": "byol" + }, + "virtualNetworkName": { + "type": "string", + "metadata": { + "description": "Name of the Virtual Network (VNET)" + }, + "defaultValue": "fwVNET" + }, + "virtualNetworkExistingRGName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Name of resource group of VNET (new or existing)" + } + }, + "subnet0Name": { + "type": "string", + "defaultValue": "Mgmt", + "metadata": { + "description": "Subnet for Management" + } + }, + "subnet1Name": { + "type": "string", + "defaultValue": "Untrust", + "metadata": { + "description": "Subnet for Untrust" + } + }, + "subnet2Name": { + "type": "string", + "defaultValue": "Trust", + "metadata": { + "description": "Subnet for Trust" + } + }, + "subnetLBName": { + "type": "string", + "defaultValue": "UntrustLB", + "metadata": { + "description": "Subnet for App Gateway" + } + }, + "subnet0Prefix": { + "type": "string", + "defaultValue": "192.168.0.0/24", + "metadata": { + "description": "Mgmt subnet CIDR" + } + }, + "subnet1Prefix": { + "type": "string", + "defaultValue": "192.168.1.0/24", + "metadata": { + "description": "Untrust subnet CIDR" + } + }, + "subnet2Prefix": { + "type": "string", + "defaultValue": "192.168.2.0/24", + "metadata": { + "description": "Trust subnet CIDR" + } + }, + "subnetLBPrefix": { + "type": "string", + "defaultValue": "192.168.3.0/24", + "metadata": { + "description": "App Gateway subnet CIDR" + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Username of the administrator account of VM-Series" + } + }, + "adminPassword": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Password for the administrator account of VM-Series" + } + }, + "baseUrl": { + "type": "string", + "metadata": { + "artifactsBaseUrl": "", + "description": "URL to acquire other VM-Series for Azure templates" + }, + }, + "MgmtPublicIPAddressName": { + "type": "string", + "defaultValue": "vm-servies-pib-mgmt", + "metadata": { + "description": "Name of public IP resource for mgmt interface" + } + }, + "storageAccountName": { + "type": "string", + "metadata": { + "description": "Name prefix of the new storage account created to store the VM's disks" + } + }, + "storageAccountNewOrExisting" : { + "type": "string", + "defaultValue" : "new", + "allowedValues" : [ + "new", + "existing" + ], + "metadata": { + "Description": "Storage Account is new or existing" + } + }, + "storageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS", + "Premium_LRS", + "Standard_RAGRS" + ], + "metadata": { + "description": "Type of the storage account created" + }, + "defaultValue": "Standard_LRS" + }, + "Bootstrap": { + "type": "string", + "defaultValue" : "no", + "allowedValues": [ + "yes", + "no" + ], + "metadata": { + "description": "Bootstrap disk yes or no" + } + }, + "BootstrapUri": { + "type": "string", + "defaultValue" : "", + "metadata": { + "description": "Bootstrap disk storage account URI with container name" + } + }, + "BootstrapUriSizeGB": { + "type": "string", + "defaultValue" : "1", + "metadata": { + "description": "Bootstrap disk disk in GB" + } + }, + "authenticationType": { + "type": "string", + "metadata": { + "description": "Type of administrator user authentication " + }, + "allowedValues": [ + "sshPublicKey", + "password" + ], + "defaultValue": "password" + }, + "sshKey": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "SSH rsa public key file as a string." + } + } + }, + "variables": { + "availabilitySetName": "[concat('firewallAvSet', substring(uniqueString(resourceGroup().id), 0, 4))]", + "rgname": "[resourceGroup().id]", + "imagePublisher": "paloaltonetworks", + "imageOffer" : "vmseries1", + "version" : "latest", + "nicName": "[parameters('vmName')]", + "publicIPAddressType": "Dynamic", + "nsgSetupURL" : "[concat(parameters('baseUrl'),'/nsg-new.json')]", + "SettingUpPublicIPUrl": "[concat(parameters('baseUrl'),'/publicip-new.json')]", + "setupNICsURL": "[concat(parameters('baseUrl'),'/setupNICS-new.json')]", + "vmTemplateUrl": "[concat(parameters('baseUrl'), '/virtual-machine-', parameters('authenticationType'),'-bs-', parameters('Bootstrap'), '.json')]", + "location": "[resourceGroup().location]" + + }, + "resources": [ + { + "apiVersion": "2015-05-01-preview", + "type": "Microsoft.Compute/availabilitySets", + "name": "[variables('availabilitySetName')]", + "location": "[resourceGroup().location]" + }, + { + "name": "[concat('SettingUpPublicIPs', copyindex())]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "copy": { + "name": "SettingUpPublicIPsLoop", + "count": "[parameters('vmCount')]" + }, + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('SettingUpPublicIPUrl')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "location": { + "value": "[variables('location')]" + }, + "MgmtPublicIPAddressName": { + "value": "[concat(parameters('MgmtPublicIPAddressName'),copyindex())]" + }, + "publicIPAddressType": { + "value": "[variables('publicIPAddressType')]" + }, + "baseUrl": { + "value": "[parameters('baseUrl')]" + } + } + } + }, + { + "name": "[concat('SetupNetworkInterfaces', copyindex())]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "dependsOn": [ + "SettingUpPublicIPsLoop" + ], + "copy": { + "name": "NetworkInterfaceLoop", + "count": "[parameters('vmCount')]" + }, + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('setupNICsURL')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "location": { + "value": "[variables('location')]" + }, + "nicName": { + "value": "[concat(variables('nicName'), copyindex())]" + }, + "subnet0Name": { + "value": "[parameters('subnet0Name')]" + }, + "subnet1Name": { + "value": "[parameters('subnet1Name')]" + }, + "subnet2Name": { + "value": "[parameters('subnet2Name')]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" + }, + "virtualNetworkExistingRGName": { + "value": "[parameters('virtualNetworkExistingRGName')]" + }, + "MgmtPublicIPAddressName": { + "value": "[concat(parameters('MgmtPublicIPAddressName'), copyindex())]" + }, + "baseUrl": { + "value": "[parameters('baseUrl')]" + } + } + } + }, + { + "name": "[concat('VMSeries-Firewall-VM', copyindex())]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "dependsOn": [ + "SettingUpPublicIPsLoop", + "NetworkInterfaceLoop", + "[concat('Microsoft.Compute/availabilitySets/', variables('availabilitySetName'))]" + ], + "copy": { + "name": "VirtualMachineLoop", + "count": "[parameters('vmCount')]" + }, + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('vmTemplateUrl')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "location": { + "value": "[variables('location')]" + }, + "vmName": { + "value": "[concat(parameters('vmName'), copyindex())]" + }, + "availabilitySetName": { + "value": "[variables('availabilitySetName')]" + }, + "imageSku": { + "value": "[parameters('imageSku')]" + }, + "imageOffer": { + "value": "[variables('imageOffer')]" + }, + "imagePublisher": { + "value": "[variables('imagePublisher')]" + }, + "nicName": { + "value": "[concat(variables('nicName'), copyindex())]" + }, + "vmSize": { + "value": "[parameters('vmSize')]" + }, + "adminUsername": { + "value": "[parameters('adminUsername')]" + }, + "adminPassword": { + "value": "[parameters('adminPassword')]" + }, + "storageAccountName": { + "value": "[parameters('storageAccountName')]" + }, + "sshKey": { + "value": "[parameters('sshKey')]" + }, + "BootstrapUri": { + "value": "[parameters('BootstrapUri')]" + }, + "BootstrapUriSizeGB": { + "value": "[parameters('BootstrapUriSizeGB')]" + }, + } + } + } + ], + "outputs": { + "UntrustPrivateIPAddress1": { + "value": "[reference('SetupNetworkInterfaces0').outputs.UntrustPrivateIPAddress.value]", + "type": "string" + }, + "UntrustPrivateIPAddress2": { + "value": "[reference('SetupNetworkInterfaces1').outputs.UntrustPrivateIPAddress.value]", + "type": "string" + }, + "UntrustPrivateIPAddresses": { + "value": [ + { + "IpAddress": "[reference('SetupNetworkInterfaces0').outputs.UntrustPrivateIPAddress.value]" + }, + { + "IpAddress": "[reference('SetupNetworkInterfaces1').outputs.UntrustPrivateIPAddress.value]" + } + ], + "type": "array" + } + } +} diff --git a/vnet-existing.json b/vnet-existing.json new file mode 100644 index 0000000..81a9e65 --- /dev/null +++ b/vnet-existing.json @@ -0,0 +1,106 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "nsgName": { + "type": "string", + "defaultValue": "nsg-default1" + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "vnet-FW", + "metadata": { + "description": "VNET name" + } + }, + "virtualNetworkAddressPrefix": { + "type": "string", + "defaultValue": "192.168.0.0/16", + "metadata": { + "description": "CIDR for vnet" + } + }, + "subnet0Name": { + "type": "string", + "defaultValue": "Mgmt", + "metadata": { + "description": "Subnet for Management" + } + }, + "subnet1Name": { + "type": "string", + "defaultValue": "Untrust", + "metadata": { + "description": "Subnet for Untrust" + } + }, + "subnet2Name": { + "type": "string", + "defaultValue": "Trust", + "metadata": { + "description": "Subnet for Trust" + } + }, + "subnetLBName": { + "type": "string", + "defaultValue": "UntrustLB", + "metadata": { + "description": "Subnet for App Gateway" + } + }, + "subnetWWWName": { + "type": "string", + "defaultValue": "backendSubnet", + "metadata": { + "description": "Subnet for backend WWW" + } + }, + "subnet0Prefix": { + "type": "string", + "defaultValue": "192.168.0.0/24", + "metadata": { + "description": "Mgmt subnet CIDR" + } + }, + "subnet1Prefix": { + "type": "string", + "defaultValue": "192.168.1.0/24", + "metadata": { + "description": "Untrust subnet CIDR" + } + }, + "subnet2Prefix": { + "type": "string", + "defaultValue": "192.168.2.0/24", + "metadata": { + "description": "Trust subnet CIDR" + } + }, + "subnetLBPrefix": { + "type": "string", + "defaultValue": "192.168.3.0/24", + "metadata": { + "description": "App Gateway CIDR" + } + }, + "subnetWWWPrefix": { + "type": "string", + "defaultValue": "192.168.4.0/24", + "metadata": { + "description": "backend WWW CIDR" + } + } + }, + "variables": { + "location": "[resourceGroup().location]", + "rgname": "[resourceGroup().id]", + }, + "resources": [ + ], + "outputs": { + "vnetName": { + "value": "[parameters('virtualNetworkName')]", + "type": "string" + } + } +} diff --git a/vnet-new.json b/vnet-new.json new file mode 100644 index 0000000..40bdaf5 --- /dev/null +++ b/vnet-new.json @@ -0,0 +1,162 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "nsgName": { + "type": "string", + "defaultValue": "nsg-default1" + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "vnet-FW", + "metadata": { + "description": "VNET name" + } + }, + "virtualNetworkAddressPrefix": { + "type": "string", + "defaultValue": "192.168.0.0/16", + "metadata": { + "description": "CIDR for vnet" + } + }, + "subnet0Name": { + "type": "string", + "defaultValue": "Mgmt", + "metadata": { + "description": "Subnet for Management" + } + }, + "subnet1Name": { + "type": "string", + "defaultValue": "Untrust", + "metadata": { + "description": "Subnet for Untrust" + } + }, + "subnet2Name": { + "type": "string", + "defaultValue": "Trust", + "metadata": { + "description": "Subnet for Trust" + } + }, + "subnetLBName": { + "type": "string", + "defaultValue": "UntrustLB", + "metadata": { + "description": "Subnet for App Gateway" + } + }, + "subnetWWWName": { + "type": "string", + "defaultValue": "backendSubnet", + "metadata": { + "description": "Subnet for backend WWW" + } + }, + "subnet0Prefix": { + "type": "string", + "defaultValue": "192.168.0.0/24", + "metadata": { + "description": "Mgmt subnet CIDR" + } + }, + "subnet1Prefix": { + "type": "string", + "defaultValue": "192.168.1.0/24", + "metadata": { + "description": "Untrust subnet CIDR" + } + }, + "subnet2Prefix": { + "type": "string", + "defaultValue": "192.168.2.0/24", + "metadata": { + "description": "Trust subnet CIDR" + } + }, + "subnetLBPrefix": { + "type": "string", + "defaultValue": "192.168.3.0/24", + "metadata": { + "description": "App Gateway CIDR" + } + }, + "subnetWWWPrefix": { + "type": "string", + "defaultValue": "192.168.4.0/24", + "metadata": { + "description": "backend WWW CIDR" + } + } + }, + "variables": { + "location": "[resourceGroup().location]", + "rgname": "[resourceGroup().id]", + "vnetname": "[parameters('virtualNetworkName')]", + "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('vnetname'))]", + "subnet0Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet0Name'))]", + "subnet1Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet1Name'))]", + "subnet2Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet2Name'))]", + "subnetLBRef": "[concat(variables('vnetID'),'/subnets/',parameters('subnetLBName'))]", + "subnetWWWRef": "[concat(variables('vnetID'),'/subnets/',parameters('subnetWWWName'))]", + "subnets": [ + { + "name": "[parameters('subnet0Name')]", + "properties": { + "addressPrefix": "[parameters('subnet0Prefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]" + } + } + }, + { + "name": "[parameters('subnet1Name')]", + "properties": { + "addressPrefix": "[parameters('subnet1Prefix')]" + } + }, + { + "name": "[parameters('subnet2Name')]", + "properties": { + "addressPrefix": "[parameters('subnet2Prefix')]" + } + }, + { + "name": "[parameters('subnetLBName')]", + "properties": { + "addressPrefix": "[parameters('subnetLBPrefix')]" + } + }, + { + "name": "[parameters('subnetWWWName')]", + "properties": { + "addressPrefix": "[parameters('subnetWWWPrefix')]" + } + }, + ] + }, + "resources": [ + { + "name": "[variables('vnetname')]", + "type": "Microsoft.Network/virtualNetworks", + "location": "[variables('location')]", + "apiVersion": "2015-06-15", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('virtualNetworkAddressPrefix')]" + ] + }, + "subnets": "[variables('subnets')]" + } + } + ], + "outputs": { + "vnetName": { + "value": "[variables('vnetname')]", + "type": "string" + } + } +}