Skip to content

Cpapke/update azure poc #471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jsonar-cpapke merged 4 commits into from
Jun 23, 2025
Merged

Cpapke/update azure poc #471

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9ad2905
add tarball_url
jsonar-cpapke Jun 19, 2025
962b435
use passed in subnet_ids
jsonar-cpapke Jun 19, 2025
f31d65f
fix coalescelists
jsonar-cpapke Jun 19, 2025
b40d7a3
update desc
jsonar-cpapke Jun 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion examples/azure/poc/dsf_deployment/agent_sources.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ module "db_with_agent" {
resource_group = local.resource_group
binaries_location = var.dam_agent_installation_location
db_type = local.db_types_for_agent[count.index]
subnet_id = module.network[0].vnet_subnets[0]
subnet_id = local.db_subnet_ids[count.index % length(local.db_subnet_ids)]
ssh_key = {
ssh_public_key = tls_private_key.ssh_key.public_key_openssh
ssh_private_key_file_path = local_sensitive_file.ssh_key.filename
Expand Down
4 changes: 2 additions & 2 deletions examples/azure/poc/dsf_deployment/dam.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ module "mx" {
friendly_name = join("-", [local.deployment_name_salted, "mx"])
resource_group = local.resource_group
dam_version = var.dam_version
subnet_id = module.network[0].vnet_subnets[0]
subnet_id = local.mx_subnet_id
license = var.dam_license
ssh_key = {
ssh_public_key = tls_private_key.ssh_key.public_key_openssh
Expand Down Expand Up @@ -47,7 +47,7 @@ module "agent_gw" {
friendly_name = join("-", [local.deployment_name_salted, "agent", "gw", count.index])
resource_group = local.resource_group
dam_version = var.dam_version
subnet_id = module.network[0].vnet_subnets[0]
subnet_id = local.agent_gw_subnet_id
ssh_key = {
ssh_public_key = tls_private_key.ssh_key.public_key_openssh
ssh_private_key_file_path = local_sensitive_file.ssh_key.filename
Expand Down
4 changes: 2 additions & 2 deletions examples/azure/poc/dsf_deployment/dra.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ module "dra_admin" {
count = var.enable_dra ? 1 : 0

name = join("-", [local.deployment_name_salted, "dra", "admin"])
subnet_id = module.network[0].vnet_subnets[0]
subnet_id = local.dra_admin_subnet_id
resource_group = local.resource_group
storage_details = var.dra_admin_storage_details
ssh_public_key = tls_private_key.ssh_key.public_key_openssh
Expand Down Expand Up @@ -54,7 +54,7 @@ module "dra_analytics" {
count = local.dra_analytics_count

name = join("-", [local.deployment_name_salted, "dra", "analytics", count.index])
subnet_id = module.network[0].vnet_subnets[1]
subnet_id = local.dra_analytics_subnet_id
resource_group = local.resource_group
storage_details = var.dra_analytics_storage_details
ssh_public_key = tls_private_key.ssh_key.public_key_openssh
Expand Down
74 changes: 24 additions & 50 deletions examples/azure/poc/dsf_deployment/networking.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,26 @@
# locals {
# hub_subnet_id = var.subnet_ids != null ? var.subnet_ids.hub_subnet_id : module.vpc[0].public_subnets[0]
# hub_dr_subnet_id = var.subnet_ids != null ? var.subnet_ids.hub_dr_subnet_id : module.vpc[0].public_subnets[1]
# agentless_gw_subnet_id = var.subnet_ids != null ? var.subnet_ids.agentless_gw_subnet_id : module.vpc[0].private_subnets[0]
# agentless_gw_dr_subnet_id = var.subnet_ids != null ? var.subnet_ids.agentless_gw_dr_subnet_id : module.vpc[0].private_subnets[1]
# db_subnet_ids = var.subnet_ids != null ? var.subnet_ids.db_subnet_ids : module.vpc[0].public_subnets
# mx_subnet_id = var.subnet_ids != null ? var.subnet_ids.mx_subnet_id : module.vpc[0].public_subnets[0]
# dra_admin_subnet_id = var.subnet_ids != null ? var.subnet_ids.dra_admin_subnet_id : module.vpc[0].public_subnets[0]
# dra_analytics_subnet_id = var.subnet_ids != null ? var.subnet_ids.dra_analytics_subnet_id : module.vpc[0].private_subnets[0]
# agent_gw_subnet_id = var.subnet_ids != null ? var.subnet_ids.agent_gw_subnet_id : module.vpc[0].private_subnets[0]
# }

locals {
create_network = var.subnet_ids == null && var.subnet_id == null

@lindanasredin lindanasredin Jun 22, 2025

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this solution of adding subnet_id variable, the subnet_ids is cumbersome when you only want to provide one subnet. We should port it to the AWS dsf_deployment example sometime.


hub_subnet_id = coalesce(try(var.subnet_ids.hub_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
hub_dr_subnet_id = coalesce(try(var.subnet_ids.hub_dr_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[1])

@lindanasredin lindanasredin Jun 22, 2025

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

vnet_subnets[0]
See comment on subnet_prefixes.

@jsonar-cpapke jsonar-cpapke Jun 23, 2025

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what it was already, if you are looking for changes to the existing behaviour, that should be done separately.

@lindanasredin lindanasredin Jun 23, 2025

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understood correctly, there is no existing behavior, the commented out bulk of local variables is a copy & paste from the AWS example, which is incorrect in the Azure case due to different private and public subnet modeling

@jsonar-cpapke jsonar-cpapke Jun 23, 2025

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand what you mean. Previously, the hub_dr module used module.network[0].vnet_subnets[1], and now it uses hub_dr_subnet_id which has the same default value. Therefore the existing behaviour hasn't changed.


agentless_gw_subnet_id = coalesce(try(var.subnet_ids.agentless_gw_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])

@lindanasredin lindanasredin Jun 22, 2025

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

vnet_subnets[1]
See comment on subnet_prefixes.

@jsonar-cpapke jsonar-cpapke Jun 23, 2025

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above

agentless_gw_dr_subnet_id = coalesce(try(var.subnet_ids.agentless_gw_dr_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[1])

db_subnet_ids = coalescelist(try(var.subnet_ids.db_subnet_ids, []), compact([var.subnet_id]), module.network[0].vnet_subnets)

@lindanasredin lindanasredin Jun 22, 2025

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only vnet_subnets[1]
See comment on subnet_prefixes.

@jsonar-cpapke jsonar-cpapke Jun 23, 2025

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above


mx_subnet_id = coalesce(try(var.subnet_ids.mx_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
agent_gw_subnet_id = coalesce(try(var.subnet_ids.agent_gw_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])

@lindanasredin lindanasredin Jun 22, 2025

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

vnet_subnets[1]
See comment on subnet_prefixes.

@jsonar-cpapke jsonar-cpapke Jun 23, 2025

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above


dra_admin_subnet_id = coalesce(try(var.subnet_ids.dra_admin_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[0])
dra_analytics_subnet_id = coalesce(try(var.subnet_ids.dra_analytics_subnet_id, null), var.subnet_id, module.network[0].vnet_subnets[1])

subnet_prefixes = cidrsubnets(var.vnet_ip_range, 8, 8)

@lindanasredin lindanasredin Jun 22, 2025

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand that this generates two subnet ranges: "10.0.0.0/24" and "10.0.1.0/24". This is different from the AWS deployment. Here, the first one is public and the second is private, see comment at the bottom of the networking.tf file. The deployment we want - VMs with a public interface should be in the public subnet, all the rest in a private subnet. Meaning, Hub main, Hub DR, MX, DRA Admin and DBs - in the public subnet. Agentless GWs main, Agentless GWs DR, Agent GW, DRA Analytics - in the private subnet.

@jsonar-cpapke jsonar-cpapke Jun 23, 2025

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I did in this PR keeps everything the same if the subnet_ids aren't passed in. If you want to change how the network module works, that shouldn't be done in this PR, as these are meant to get our tests working, and don't change the default case.

}

# network
module "network" {
count = 1
count = local.create_network ? 1 : 0
source = "Azure/network/azurerm"
version = "5.3.0"
vnet_name = "${local.deployment_name_salted}-${module.globals.current_user_name}"
Expand All @@ -32,41 +36,8 @@ module "network" {
]
}

# data "aws_subnet" "hub" {
# id = local.hub_subnet_id
# }

# data "aws_subnet" "hub_dr" {
# id = local.hub_dr_subnet_id
# }

# data "aws_subnet" "agentless_gw" {
# id = local.agentless_gw_subnet_id
# }

# data "aws_subnet" "agentless_gw_dr" {
# id = local.agentless_gw_dr_subnet_id
# }

# data "aws_subnet" "mx" {
# id = local.mx_subnet_id
# }

# data "aws_subnet" "agent_gw" {
# id = local.agent_gw_subnet_id
# }

# data "aws_subnet" "dra_admin" {
# id = local.dra_admin_subnet_id
# }

# data "aws_subnet" "dra_analytics" {
# id = local.dra_analytics_subnet_id
# }

# NAT

resource "azurerm_public_ip" "nat_gw_public_ip" {
count = local.create_network ? 1 : 0
name = join("-", [var.deployment_name, "nat", "public", "ip"])
location = local.resource_group.location
resource_group_name = local.resource_group.name
Expand All @@ -75,6 +46,7 @@ resource "azurerm_public_ip" "nat_gw_public_ip" {
}

resource "azurerm_nat_gateway" "nat_gw" {
count = local.create_network ? 1 : 0
name = join("-", [var.deployment_name, "nat", "gw"])
location = local.resource_group.location
resource_group_name = local.resource_group.name
Expand All @@ -83,12 +55,14 @@ resource "azurerm_nat_gateway" "nat_gw" {
}

resource "azurerm_nat_gateway_public_ip_association" "nat_gw_public_ip_association" {
nat_gateway_id = azurerm_nat_gateway.nat_gw.id
public_ip_address_id = azurerm_public_ip.nat_gw_public_ip.id
count = local.create_network ? 1 : 0
nat_gateway_id = azurerm_nat_gateway.nat_gw[0].id
public_ip_address_id = azurerm_public_ip.nat_gw_public_ip[0].id
}

# subnet 1 is the private subnet
resource "azurerm_subnet_nat_gateway_association" "nat_gw_vnet_association" {
count = local.create_network ? 1 : 0
subnet_id = module.network[0].vnet_subnets[1]
nat_gateway_id = azurerm_nat_gateway.nat_gw.id
nat_gateway_id = azurerm_nat_gateway.nat_gw[0].id
}
12 changes: 8 additions & 4 deletions examples/azure/poc/dsf_deployment/sonar.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,9 @@ module "hub_main" {

friendly_name = join("-", [local.deployment_name_salted, "hub"])
resource_group = local.resource_group
subnet_id = module.network[0].vnet_subnets[0]
subnet_id = local.hub_subnet_id
binaries_location = var.tarball_location
tarball_url = var.tarball_url
password = local.password
storage_details = var.hub_storage_details
instance_size = var.hub_instance_size
Expand Down Expand Up @@ -60,8 +61,9 @@ module "hub_dr" {

friendly_name = join("-", [local.deployment_name_salted, "hub", "DR"])
resource_group = local.resource_group
subnet_id = module.network[0].vnet_subnets[1]
subnet_id = local.hub_dr_subnet_id
binaries_location = var.tarball_location
tarball_url = var.tarball_url
password = local.password
storage_details = var.hub_storage_details
instance_size = var.hub_instance_size
Expand Down Expand Up @@ -113,9 +115,10 @@ module "agentless_gw_main" {

friendly_name = join("-", [local.deployment_name_salted, "agentless", "gw", count.index])
resource_group = local.resource_group
subnet_id = module.network[0].vnet_subnets[0]
subnet_id = local.agentless_gw_subnet_id
storage_details = var.agentless_gw_storage_details
binaries_location = var.tarball_location
tarball_url = var.tarball_url
instance_size = var.agentless_gw_instance_size
base_directory = var.sonar_machine_base_directory
password = local.password
Expand Down Expand Up @@ -146,9 +149,10 @@ module "agentless_gw_dr" {

friendly_name = join("-", [local.deployment_name_salted, "agentless", "gw", count.index, "DR"])
resource_group = local.resource_group
subnet_id = module.network[0].vnet_subnets[1]
subnet_id = local.agentless_gw_dr_subnet_id
storage_details = var.agentless_gw_storage_details
binaries_location = var.tarball_location
tarball_url = var.tarball_url
instance_size = var.agentless_gw_instance_size
base_directory = var.sonar_machine_base_directory
password = local.password
Expand Down
22 changes: 20 additions & 2 deletions examples/azure/poc/dsf_deployment/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,19 +92,26 @@ variable "vnet_ip_range" {
description = "Vnet ip range"
}

variable "subnet_id" {
type = string
default = null
description = "The ID of an existing subnet to put all resources in. Either 'subnet_id' or 'subnet_ids' should be provided but not both."
}

variable "subnet_ids" {
Comment thread
jsonar-cpapke marked this conversation as resolved.
type = object({
hub_subnet_id = string
hub_dr_subnet_id = string
agentless_gw_subnet_id = string
agentless_gw_dr_subnet_id = string
mx_subnet_id = string
db_subnet_ids = list(string)
agent_gw_subnet_id = string
dra_admin_subnet_id = string
dra_analytics_subnet_id = string
})
default = null
description = "The IDs of existing subnets to deploy resources in. Keep empty if you wish to provision new VPC and subnets. db_subnet_ids can be an empty list only if no databases should be provisioned"
description = "The IDs of existing subnets to deploy resources in. Keep empty if you wish to provision new VPC and subnets, or if you are providing the subnet_id variable. db_subnet_ids can be an empty list only if no databases should be provisioned."
validation {
condition = var.subnet_ids == null || try(var.subnet_ids.hub_subnet_id != null && var.subnet_ids.hub_dr_subnet_id != null && var.subnet_ids.agentless_gw_subnet_id != null && var.subnet_ids.agentless_gw_dr_subnet_id != null && var.subnet_ids.dra_admin_subnet_id != null && var.subnet_ids.dra_analytics_subnet_id != null, false)
error_message = "Value must either be null or specified for all."
Expand Down Expand Up @@ -192,7 +199,18 @@ variable "tarball_location" {
az_blob = string
})
description = "Storage account and container location of the DSF Sonar installation software. az_blob is the full path to the tarball file within the storage account container"
default = null
default = {
az_resource_group = ""
az_storage_account = ""
az_container = ""
az_blob = ""
}
}

variable "tarball_url" {
type = string
default = ""
description = "HTTPS DSF installation location. If not set, binaries_location is used"
}

variable "hub_hadr" {
Expand Down