This project contains Terraform configurations to deploy a multi-region Azure lab environment for SQL High Availability (SQLHA) using Active Directory Domain Controllers (ADDC) and Windows Server Failover Clustering (WSFC) across two Azure regions. This setup is designed for testing and educational purposes.
- Terraform v1.6.0+
- AzureRM Provider v4.0+
- Azure Subscription with necessary permissions
- Service Principal for authentication
- PowerShell for custom domain and SQL configuration scripts
terraform.tfvars: Contains sensitive authentication secrets.providers.tf: Specifies provider versions.main.tf: Main Terraform configuration file.variables.tf: Variables used across the configuration../modules/: Contains sub-modules for modular configuration (e.g.,vm-addc,vm-sql)../scripts.ps1: PowerShell scripts for domain setup, clustering, and SQL configurations.
-
Clone the Repository:
git clone https://github.com/bentman/TerraformSQLHA cd .\TerraformSQLHA
-
Set Up Environment Variables: Copy
example_terraform.tfvarstoterraform.tfvarsand fill in the required details:arm_tenant_id = "YourTenantId" arm_subscription_id = "YourSubscriptionId" arm_client_id = "YourServicePrincipalId" arm_client_secret = "YourServicePrincipalSecret"
Note: Ensure comments are removed to avoid syntax errors.
-
Initialize Terraform:
terraform init
-
Plan the Deployment:
terraform plan
-
Apply the Configuration:
terraform apply
-
Access Resources: You can access resources using the generated public IPs provided in the outputs.
To remove all created resources:
terraform destroy- Two Virtual Networks (VNets): One per region, with peering between them for cross-region traffic.
- Multiple Subnets for different roles:
- Gateway Subnet: For VPN or other gateway requirements.
- ADDC Subnet: Hosts Active Directory Domain Controllers.
- Database Subnet: Hosts SQL Server instances.
- Application Subnet: For application servers if needed.
- Client Subnet: For client machines or jump servers.
- Static Public IPs for ADDC and SQL servers for consistent external access.
- Network Security Groups (NSGs) to manage security rules.
- Load Balancers for SQLHA listener traffic.
- Network Peering for secure inter-region communication.
| Address Space | Subnet | Resources |
|---|---|---|
| 10.1.0.0/24 | Gateway Subnet | |
| ADDC Subnet | usw-addc-vm - NIC: usw-addc-nic - Private IP: 10.1.0.5 - Public IP: usw-addc-pip (Static) |
|
| Database Subnet | usw-sqlha-lb - Frontend IP: 10.1.0.20 (Static) usw-sqlha0-vm - NIC: usw-sqlha0-nic - Private IP: 10.1.0.9 - Public IP: usw-sqlha0-public-ip (Static) usw-sqlha1-vm - NIC: usw-sqlha1-nic - Private IP: 10.1.0.10 - Public IP: usw-sqlha1-public-ip (Static) |
|
| 10.1.1.0/24 | Gateway Subnet | |
| ADDC Subnet | use-addc-vm - NIC: use-addc-nic - Private IP: 10.1.1.5 - Public IP: use-addc-pip (Static) |
|
| Database Subnet | use-sqlha-lb - Frontend IP: 10.1.1.20 (Static) use-sqlha0-vm - NIC: use-sqlha0-nic - Private IP: 10.1.1.9 - Public IP: use-sqlha0-public-ip (Static) use-sqlha1-vm - NIC: use-sqlha1-nic - Private IP: 10.1.1.10 - Public IP: use-sqlha1-public-ip (Static) |
- Lab Environment: This configuration is for learning and testing purposes. It is not intended for production environments.
- Security Considerations: Use strong passwords, restrict access to public IPs, and carefully manage network security groups.
- Sensitive Data:
terraform.tfvarscontains sensitive information; avoid committing it to version control. - .gitignore: Use the included
.gitignorefile to exclude sensitive data and unnecessary files from your repository.
Contributions are welcome! Please open an issue or submit a pull request if you have suggestions or enhancements.
This script is distributed without any warranty; use at your own risk. This project is licensed under the GNU General Public License v3. See GNU GPL v3 for details.