From 90d1255b2d445acd1735254132696353ac3a8f50 Mon Sep 17 00:00:00 2001 From: jchancellor-ms Date: Thu, 30 May 2024 15:34:08 -0700 Subject: [PATCH 1/5] Reliability and Versioning updates --- .../GreenField/Terraform/bastion.tf | 1 + .../GreenField/Terraform/gateway.tf | 4 +- .../GreenField/Terraform/hcx_addon.tf | 6 +- .../GreenField/Terraform/jumpbox.tf | 3 +- AVS-Landing-Zone/GreenField/Terraform/main.tf | 10 +- .../AVS-Dashboard/Terraform/main.tf | 2 +- .../AVS-Service-Health/Terraform/main.tf | 2 +- .../AVS-Utilization-Alerts/Terraform/main.tf | 2 +- .../AVS-to-ANFdatastore-NewVNet.tfvars.sample | 4 +- .../Terraform/main.tf | 52 ++++++++-- .../Terraform/vars.tf | 4 + terraform/modules/avs_addon_hcx/main.tf | 4 +- terraform/modules/avs_addon_hcx/outputs.tf | 2 +- terraform/modules/avs_addon_hcx/providers.tf | 20 ++-- .../providers.tf | 9 ++ .../main.tf | 98 +++---------------- .../providers.tf | 9 ++ .../variables.tf | 8 +- terraform/modules/avs_bastion_simple/main.tf | 1 + .../modules/avs_bastion_simple/providers.tf | 9 ++ .../main.tf | 1 + .../providers.tf | 6 ++ .../variables.tf | 5 + .../avs_event_hub_for_logs/providers.tf | 9 ++ .../example.tfvars.template | 5 +- .../modules/avs_expressroute_gateway/main.tf | 3 +- .../avs_expressroute_gateway/providers.tf | 9 ++ .../avs_expressroute_gateway/variables.tf | 6 ++ .../avs_expressroute_globalreach/main.tf | 4 +- .../avs_expressroute_globalreach/providers.tf | 3 +- terraform/modules/avs_jumpbox/main.tf | 1 + terraform/modules/avs_jumpbox/providers.tf | 9 ++ terraform/modules/avs_jumpbox/variables.tf | 6 ++ terraform/modules/avs_key_vault/providers.tf | 9 ++ .../avs_log_analytics_w_custom_syslog/main.tf | 2 +- .../providers.tf | 14 +-- .../avs_log_filtering_accounts/providers.tf | 9 ++ .../modules/avs_log_filtering_vm/main.tf | 1 + .../modules/avs_log_filtering_vm/providers.tf | 9 ++ .../modules/avs_log_filtering_vm/variables.tf | 5 + .../main.tf | 1 + .../providers.tf | 9 ++ .../variables.tf | 6 ++ .../avs_nva_cisco_8000v_scenario2/main.tf | 2 + .../providers.tf | 9 ++ .../variables.tf | 12 +++ .../providers.tf | 9 ++ .../providers.tf | 9 ++ .../avs_private_cloud_stretch_cluster/main.tf | 24 ++--- .../outputs.tf | 20 ++-- .../providers.tf | 17 ++++ terraform/modules/avs_routeserver/main.tf | 12 +-- .../modules/avs_routeserver/providers.tf | 17 ++++ .../modules/avs_service_health/providers.tf | 9 ++ .../main.tf | 4 - .../providers.tf | 6 +- .../modules/avs_test_quad_0_nva_frr/main.tf | 1 + .../avs_test_quad_0_nva_frr/providers.tf | 9 ++ .../avs_test_quad_0_nva_frr/variables.tf | 6 ++ .../avs_test_spoke_with_jump_vm/providers.tf | 9 ++ .../avs_test_vpn_nva_one_node/providers.tf | 9 ++ .../avs_vnet_variable_subnets/providers.tf | 9 ++ .../providers.tf | 9 ++ terraform/modules/avs_vpn_gateway/main.tf | 6 +- .../modules/avs_vpn_gateway/providers.tf | 9 ++ .../modules/avs_vpn_gateway/variables.tf | 2 +- terraform/modules/avs_vwan/providers.tf | 9 ++ .../main.tf | 97 +++--------------- .../providers.tf | 9 ++ .../providers.tf | 9 ++ .../modules/avs_vwan_vnet_spoke/providers.tf | 9 ++ 71 files changed, 479 insertions(+), 255 deletions(-) create mode 100644 terraform/modules/avs_azure_firewall_internet_outbound_rules/providers.tf create mode 100644 terraform/modules/avs_azure_firewall_w_log_analytics/providers.tf create mode 100644 terraform/modules/avs_bastion_simple/providers.tf create mode 100644 terraform/modules/avs_event_hub_for_logs/providers.tf create mode 100644 terraform/modules/avs_expressroute_gateway/providers.tf create mode 100644 terraform/modules/avs_jumpbox/providers.tf create mode 100644 terraform/modules/avs_key_vault/providers.tf create mode 100644 terraform/modules/avs_log_filtering_accounts/providers.tf create mode 100644 terraform/modules/avs_log_filtering_vm/providers.tf create mode 100644 terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/providers.tf create mode 100644 terraform/modules/avs_nva_cisco_8000v_scenario2/providers.tf create mode 100644 terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn/providers.tf create mode 100644 terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn_w_exr/providers.tf create mode 100644 terraform/modules/avs_private_cloud_stretch_cluster/providers.tf create mode 100644 terraform/modules/avs_routeserver/providers.tf create mode 100644 terraform/modules/avs_service_health/providers.tf create mode 100644 terraform/modules/avs_test_quad_0_nva_frr/providers.tf create mode 100644 terraform/modules/avs_test_spoke_with_jump_vm/providers.tf create mode 100644 terraform/modules/avs_test_vpn_nva_one_node/providers.tf create mode 100644 terraform/modules/avs_vnet_variable_subnets/providers.tf create mode 100644 terraform/modules/avs_vpn_create_local_gateways_and_connections_active_active_w_bgp/providers.tf create mode 100644 terraform/modules/avs_vpn_gateway/providers.tf create mode 100644 terraform/modules/avs_vwan/providers.tf create mode 100644 terraform/modules/avs_vwan_azure_firewall_w_policy_and_log_analytics/providers.tf create mode 100644 terraform/modules/avs_vwan_hub_express_route_gateway_and_vpn_gateway/providers.tf create mode 100644 terraform/modules/avs_vwan_vnet_spoke/providers.tf diff --git a/AVS-Landing-Zone/GreenField/Terraform/bastion.tf b/AVS-Landing-Zone/GreenField/Terraform/bastion.tf index 60d51fac..5db7408f 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/bastion.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/bastion.tf @@ -4,6 +4,7 @@ resource "azurerm_public_ip" "bastionpip" { resource_group_name = azurerm_resource_group.jumpbox.name allocation_method = "Static" sku = "Standard" + zones = ["1","2","3"] } resource "azurerm_bastion_host" "bastion" { diff --git a/AVS-Landing-Zone/GreenField/Terraform/gateway.tf b/AVS-Landing-Zone/GreenField/Terraform/gateway.tf index 55a43905..32d4d09e 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/gateway.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/gateway.tf @@ -3,6 +3,8 @@ resource "azurerm_public_ip" "gatewaypip" { resource_group_name = azurerm_resource_group.network.name location = azurerm_resource_group.network.location allocation_method = "Dynamic" + zones = ["1","2","3"] + sku = "Standard" } resource "azurerm_virtual_network_gateway" "gateway" { @@ -11,7 +13,7 @@ resource "azurerm_virtual_network_gateway" "gateway" { location = azurerm_resource_group.network.location type = "ExpressRoute" - sku = "Standard" + sku = "ErGw1AZ" ip_configuration { name = "default" diff --git a/AVS-Landing-Zone/GreenField/Terraform/hcx_addon.tf b/AVS-Landing-Zone/GreenField/Terraform/hcx_addon.tf index c32333ca..734b8b75 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/hcx_addon.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/hcx_addon.tf @@ -4,12 +4,12 @@ resource "azapi_resource" "hcx_addon" { #Resource Name must match the addonType name = "HCX" parent_id = azurerm_vmware_private_cloud.privatecloud.id - body = jsonencode({ + body = { properties = { addonType = "HCX" offer = "VMware MaaS Cloud Provider" } - }) + } #adding lifecycle block to handle replacement issue with parent_id lifecycle { @@ -53,7 +53,7 @@ resource "azapi_resource" "hcx_keys" { output "hcx_keys" { value = { - for key, value in azapi_resource.hcx_keys : key => jsondecode(value.output).properties.activationKey + for key, value in azapi_resource.hcx_keys : key => value.output.properties.activationKey } } diff --git a/AVS-Landing-Zone/GreenField/Terraform/jumpbox.tf b/AVS-Landing-Zone/GreenField/Terraform/jumpbox.tf index 763d7888..8d9e8454 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/jumpbox.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/jumpbox.tf @@ -18,13 +18,14 @@ resource "azurerm_windows_virtual_machine" "vm" { size = var.jumpboxsku admin_username = var.adminusername admin_password = var.adminpassword + zone = 1 network_interface_ids = [ azurerm_network_interface.nic.id, ] os_disk { caching = "ReadWrite" - storage_account_type = "Standard_LRS" + storage_account_type = "Premium_LRS" } source_image_reference { diff --git a/AVS-Landing-Zone/GreenField/Terraform/main.tf b/AVS-Landing-Zone/GreenField/Terraform/main.tf index 7360dbe1..4339f14d 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/main.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/main.tf @@ -6,12 +6,12 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>3.0.0" + version = "~>3.105" } azapi = { - source = "azure/azapi" - version = "~>1.1.0" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } } } @@ -21,6 +21,10 @@ provider "azurerm" { partner_id = "754599a0-0a6f-424a-b4c5-1b12be198ae8" } +provider "azapi" { + enable_hcl_output_for_data_source = true +} + ## Optional settings to setup a terraform backend in Azure storage # terraform { diff --git a/BrownField/Monitoring/AVS-Dashboard/Terraform/main.tf b/BrownField/Monitoring/AVS-Dashboard/Terraform/main.tf index 7da6e3bc..b07e4cb8 100644 --- a/BrownField/Monitoring/AVS-Dashboard/Terraform/main.tf +++ b/BrownField/Monitoring/AVS-Dashboard/Terraform/main.tf @@ -6,7 +6,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>3.00" + version = "~>3.105" } } } diff --git a/BrownField/Monitoring/AVS-Service-Health/Terraform/main.tf b/BrownField/Monitoring/AVS-Service-Health/Terraform/main.tf index dbde80d2..b07e4cb8 100644 --- a/BrownField/Monitoring/AVS-Service-Health/Terraform/main.tf +++ b/BrownField/Monitoring/AVS-Service-Health/Terraform/main.tf @@ -6,7 +6,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>2.68" + version = "~>3.105" } } } diff --git a/BrownField/Monitoring/AVS-Utilization-Alerts/Terraform/main.tf b/BrownField/Monitoring/AVS-Utilization-Alerts/Terraform/main.tf index dbde80d2..b07e4cb8 100644 --- a/BrownField/Monitoring/AVS-Utilization-Alerts/Terraform/main.tf +++ b/BrownField/Monitoring/AVS-Utilization-Alerts/Terraform/main.tf @@ -6,7 +6,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>2.68" + version = "~>3.105" } } } diff --git a/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/AVS-to-ANFdatastore-NewVNet.tfvars.sample b/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/AVS-to-ANFdatastore-NewVNet.tfvars.sample index 878b9988..6b608d97 100644 --- a/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/AVS-to-ANFdatastore-NewVNet.tfvars.sample +++ b/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/AVS-to-ANFdatastore-NewVNet.tfvars.sample @@ -10,10 +10,10 @@ VNetAddressSpaceCIDR = ["10.4.0.0/16",] VNetGatewaySubnetCIDR = ["10.4.0.0/24",] VNetANFDelegatedSubnetCIDR = ["10.4.10.0/24",] GatewayName = "GatewayTF" -GatewaySku = "UltraPerformance" +GatewaySku = "ErGw3AZ" netappAccountName = "NetAppAccount-AVSdatastore" netappCapacityPoolName = "CapacityPool-AVSdatastore" netappCapacityPoolServiceLevel = "Premium" netappCapacityPoolSize = 4 netappVolumeName = "ANFdatastore001" -netappVolumeSize = 4398046511104 \ No newline at end of file +netappVolumeSize = 100 \ No newline at end of file diff --git a/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf b/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf index ce13d7e6..aa2d0339 100644 --- a/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf +++ b/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf @@ -1,10 +1,13 @@ terraform { + required_version = "~> 1.6" required_providers { azurerm = { - source = "hashicorp/azurerm" + source = "hashicorp/azurerm" + version = "~> 3.105" } azapi = { - source = "azure/azapi" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } } } @@ -18,6 +21,7 @@ provider "azurerm" { provider "azapi" { skip_provider_registration = "true" + enable_hcl_output_for_data_source = true } resource "azurerm_resource_group" "deploymentRG" { @@ -62,8 +66,10 @@ resource "azurerm_public_ip" "gatewayIP" { resource_group_name = azurerm_resource_group.deploymentRG.name location = azurerm_resource_group.deploymentRG.location allocation_method = "Dynamic" - sku = "Basic" + sku = "Standard" sku_tier = "Regional" + zones = ["1","2","3"] + } resource "azurerm_virtual_network_gateway" "ERGateway" { @@ -129,6 +135,38 @@ resource "azurerm_netapp_pool" "avs_anf_pool" { size_in_tb = var.netappCapacityPoolSize } +resource "azurerm_netapp_volume" "anf_volume" { + name = var.netappVolumeName + location = azurerm_resource_group.deploymentRG.location + resource_group_name = azurerm_resource_group.deploymentRG.name + account_name = azurerm_netapp_account.avs_anf_account.name + pool_name = azurerm_netapp_pool.avs_anf_pool.name + volume_path = var.netappVolumeName + service_level = "Standard" + subnet_id = azurerm_subnet.ANFDelegatedSubnet.id + protocols = ["NFSv3"] + security_style = "unix" + storage_quota_in_gb = var.netappVolumeSize + snapshot_directory_visible = true + zone = var.anf_zone_number + azure_vmware_data_store_enabled = true + + export_policy_rule { + rule_index = 1 + allowed_clients = ["0.0.0.0/0"] + protocols_enabled = ["NFSv3"] + root_access_enabled = true + unix_read_only = false + unix_read_write = true + } + + lifecycle { + ignore_changes = [zone] + } +} + + +/* resource "azapi_resource" "avs_anf_volume_avsdatastoreenabled" { depends_on = [ azurerm_netapp_pool.avs_anf_pool @@ -160,6 +198,8 @@ resource "azapi_resource" "avs_anf_volume_avsdatastoreenabled" { } }) } +*/ + data "azurerm_vmware_private_cloud" "avs_privatecloud" { provider = azurerm.AVS-to-ANFdatastore-NewVnet @@ -185,11 +225,11 @@ resource "azapi_resource" "avs_datastore_attach_anfvolume" { ] name = var.netappVolumeName parent_id = "${data.azurerm_vmware_private_cloud.avs_privatecloud.id}/clusters/Cluster-1" - body = jsonencode({ + body = { properties = { netAppVolume = { - id = data.azurerm_netapp_volume.anf_datastorevolume.id + id = azurerm_netapp_volume.anf_volume.id } } - }) + } } \ No newline at end of file diff --git a/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/vars.tf b/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/vars.tf index d43f9e59..590d86d8 100644 --- a/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/vars.tf +++ b/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/vars.tf @@ -81,5 +81,9 @@ variable "GatewayName" { variable "GatewaySku" { type = string description = "Virtual network gateway SKU to be created" +} +variable "anf_zone_number" { + type = number + description = "The zone where the ANF volume should be deployed." } \ No newline at end of file diff --git a/terraform/modules/avs_addon_hcx/main.tf b/terraform/modules/avs_addon_hcx/main.tf index 7b70a014..1885e700 100644 --- a/terraform/modules/avs_addon_hcx/main.tf +++ b/terraform/modules/avs_addon_hcx/main.tf @@ -10,12 +10,12 @@ resource "azapi_resource" "hcx_addon" { #Resource Name must match the addonType name = "HCX" parent_id = data.azurerm_vmware_private_cloud.hcx_private_cloud.id - body = jsonencode({ + body = { properties = { addonType = "HCX" offer = "VMware MaaS Cloud Provider" } - }) + } #adding lifecycle block to handle replacement issue with parent_id lifecycle { diff --git a/terraform/modules/avs_addon_hcx/outputs.tf b/terraform/modules/avs_addon_hcx/outputs.tf index 3084ea8a..ac83c404 100644 --- a/terraform/modules/avs_addon_hcx/outputs.tf +++ b/terraform/modules/avs_addon_hcx/outputs.tf @@ -1,5 +1,5 @@ output "keys" { value = { - for key, value in azapi_resource.hcx_keys : key => jsondecode(value.output).properties.activationKey + for key, value in azapi_resource.hcx_keys : key => value.output.properties.activationKey } } \ No newline at end of file diff --git a/terraform/modules/avs_addon_hcx/providers.tf b/terraform/modules/avs_addon_hcx/providers.tf index 4e30c2bb..0e5613de 100644 --- a/terraform/modules/avs_addon_hcx/providers.tf +++ b/terraform/modules/avs_addon_hcx/providers.tf @@ -1,13 +1,21 @@ terraform { + required_version = "~> 1.6" required_providers { + azapi = { + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" + } azurerm = { source = "hashicorp/azurerm" - version = "~>3.00" + version = "~> 3.105" } - azapi = { - source = "azure/azapi" - version = "~>1.1.0" + random = { + source = "hashicorp/random" + version = "~> 3.5" + } + time = { + source = "hashicorp/time" + version = "~> 0.10" } } -} - +} \ No newline at end of file diff --git a/terraform/modules/avs_azure_firewall_internet_outbound_rules/providers.tf b/terraform/modules/avs_azure_firewall_internet_outbound_rules/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_azure_firewall_internet_outbound_rules/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_azure_firewall_w_log_analytics/main.tf b/terraform/modules/avs_azure_firewall_w_log_analytics/main.tf index 511ddea5..662f05b5 100644 --- a/terraform/modules/avs_azure_firewall_w_log_analytics/main.tf +++ b/terraform/modules/avs_azure_firewall_w_log_analytics/main.tf @@ -15,6 +15,7 @@ resource "azurerm_public_ip" "firewall_pip" { name = var.firewall_pip_name location = var.rg_location resource_group_name = var.rg_name + zones = var.zones allocation_method = "Static" sku = "Standard" @@ -30,6 +31,7 @@ resource "azurerm_firewall" "firewall" { private_ip_ranges = ["IANAPrivateRanges", ] tags = var.tags firewall_policy_id = azurerm_firewall_policy.avs_base_policy.id + zones = var.zones ip_configuration { name = "${var.firewall_name}-ipconfiguration1" @@ -54,130 +56,60 @@ resource "azurerm_monitor_diagnostic_setting" "firewall_metrics" { log_analytics_workspace_id = azurerm_log_analytics_workspace.simple.id log_analytics_destination_type = "AzureDiagnostics" - log { + enabled_log { category = "AzureFirewallApplicationRule" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AzureFirewallNetworkRule" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AzureFirewallDnsProxy" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWNetworkRule" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWApplicationRule" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWNatRule" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWThreatIntel" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWIdpsSignature" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWDnsQuery" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWFqdnResolveFailure" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWApplicationRuleAggregation" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWNetworkRuleAggregation" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWNatRuleAggregation" - enabled = true - - retention_policy { - enabled = false - } } metric { category = "AllMetrics" - enabled = true - - retention_policy { - enabled = false - } } } diff --git a/terraform/modules/avs_azure_firewall_w_log_analytics/providers.tf b/terraform/modules/avs_azure_firewall_w_log_analytics/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_azure_firewall_w_log_analytics/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_azure_firewall_w_log_analytics/variables.tf b/terraform/modules/avs_azure_firewall_w_log_analytics/variables.tf index 03466fc8..3cd91f6e 100644 --- a/terraform/modules/avs_azure_firewall_w_log_analytics/variables.tf +++ b/terraform/modules/avs_azure_firewall_w_log_analytics/variables.tf @@ -52,6 +52,12 @@ variable "firewall_policy_name" { description = "Azure resource name assigned to the lfirewall policy" } +variable "zones" { + type = list(string) + description = "List of zones where firewall should be located." + default = ["1","3","2"] +} + ################################################################# # telemetry variables ################################################################# @@ -65,4 +71,4 @@ variable "guid_telemetry" { type = string description = "guid used for telemetry identification. Defaults to module guid, but overrides with root if needed." default = "0f9a8adc-9d37-40b3-aaed-ab34b95cf6dd" -} \ No newline at end of file +} diff --git a/terraform/modules/avs_bastion_simple/main.tf b/terraform/modules/avs_bastion_simple/main.tf index 9feb33ab..dfd0d63c 100644 --- a/terraform/modules/avs_bastion_simple/main.tf +++ b/terraform/modules/avs_bastion_simple/main.tf @@ -4,6 +4,7 @@ resource "azurerm_public_ip" "bastionpip" { resource_group_name = var.rg_name allocation_method = "Static" sku = "Standard" + zones = ["1","2","3"] } resource "azurerm_bastion_host" "bastion" { diff --git a/terraform/modules/avs_bastion_simple/providers.tf b/terraform/modules/avs_bastion_simple/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_bastion_simple/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/main.tf b/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/main.tf index ed2182f1..0bc3dc77 100644 --- a/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/main.tf +++ b/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/main.tf @@ -149,6 +149,7 @@ resource "azurerm_linux_virtual_machine" "vmware_terraform_host" { admin_password = random_password.admin_password.result disable_password_authentication = false custom_data = data.template_cloudinit_config.config.rendered + zone = var.zone identity { type = "UserAssigned" diff --git a/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/providers.tf b/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/providers.tf index a32a7bb9..e82a4179 100644 --- a/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/providers.tf +++ b/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/providers.tf @@ -1,7 +1,13 @@ terraform { + required_version = "~> 1.6" required_providers { azapi = { source = "azure/azapi" + version = "= 1.12.0" + } + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" } } } \ No newline at end of file diff --git a/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/variables.tf b/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/variables.tf index 4db805f4..a23c21c0 100644 --- a/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/variables.tf +++ b/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/variables.tf @@ -50,6 +50,11 @@ variable "sddc_rg_name" { description = "the resource group name of the sddc where the vmware tf module will be deployed" } +variable "zone" { + type = number + description = "zone where this resource should be located." + default = 1 +} ################################################################# # telemetry variables ################################################################# diff --git a/terraform/modules/avs_event_hub_for_logs/providers.tf b/terraform/modules/avs_event_hub_for_logs/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_event_hub_for_logs/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_expressroute_gateway/example.tfvars.template b/terraform/modules/avs_expressroute_gateway/example.tfvars.template index 04f340e2..7618d0f7 100644 --- a/terraform/modules/avs_expressroute_gateway/example.tfvars.template +++ b/terraform/modules/avs_expressroute_gateway/example.tfvars.template @@ -2,10 +2,11 @@ #Items that are bracketed are typically resource links to other module output expressroute_pip_name = "AVS_EXR_PIP" expressroute_gateway_name = "AVS_EXR_GW" - expressroute_gateway_sku = "Standard" + expressroute_gateway_sku = "ErGw1AZ" rg_name = "AVS_Sample_RG" rg_location = "Southeast Asia" gateway_subnet_id = "" express_route_connection_name = "AVS_EXR_Connection" express_route_id = "" - express_route_authorization_key = "" \ No newline at end of file + express_route_authorization_key = "" + zones = ["1","2","3"] \ No newline at end of file diff --git a/terraform/modules/avs_expressroute_gateway/main.tf b/terraform/modules/avs_expressroute_gateway/main.tf index 44bd7a74..7fc8700c 100644 --- a/terraform/modules/avs_expressroute_gateway/main.tf +++ b/terraform/modules/avs_expressroute_gateway/main.tf @@ -3,8 +3,9 @@ resource "azurerm_public_ip" "gatewaypip" { resource_group_name = var.rg_name location = var.rg_location allocation_method = "Dynamic" - sku = "Basic" #required for an ultraperformance gateway + sku = "Standard" tags = var.tags + zones = ["1","2","3"] } resource "azurerm_virtual_network_gateway" "gateway" { diff --git a/terraform/modules/avs_expressroute_gateway/providers.tf b/terraform/modules/avs_expressroute_gateway/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_expressroute_gateway/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_expressroute_gateway/variables.tf b/terraform/modules/avs_expressroute_gateway/variables.tf index 8c3d1c9c..6bb65416 100644 --- a/terraform/modules/avs_expressroute_gateway/variables.tf +++ b/terraform/modules/avs_expressroute_gateway/variables.tf @@ -34,6 +34,12 @@ variable "tags" { description = "List of the tags that will be assigned to each resource" } +variable "zones" { + type = list(string) + description = "List of zones where this resource should be located." + default = ["1","2","3"] +} + ################################################################# # telemetry variables ################################################################# diff --git a/terraform/modules/avs_expressroute_globalreach/main.tf b/terraform/modules/avs_expressroute_globalreach/main.tf index 3179c401..983288d5 100644 --- a/terraform/modules/avs_expressroute_globalreach/main.tf +++ b/terraform/modules/avs_expressroute_globalreach/main.tf @@ -2,10 +2,10 @@ resource "azapi_resource" "globalreach_connections" { type = "Microsoft.AVS/privateClouds/globalReachConnections@2022-05-01" name = var.gr_connection_name parent_id = var.private_cloud_id - body = jsonencode({ + body = { properties = { authorizationKey = var.gr_remote_auth_key peerExpressRouteCircuit = var.gr_remote_expr_id } - }) + } } \ No newline at end of file diff --git a/terraform/modules/avs_expressroute_globalreach/providers.tf b/terraform/modules/avs_expressroute_globalreach/providers.tf index a32a7bb9..1188c281 100644 --- a/terraform/modules/avs_expressroute_globalreach/providers.tf +++ b/terraform/modules/avs_expressroute_globalreach/providers.tf @@ -1,7 +1,8 @@ terraform { required_providers { azapi = { - source = "azure/azapi" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } } } \ No newline at end of file diff --git a/terraform/modules/avs_jumpbox/main.tf b/terraform/modules/avs_jumpbox/main.tf index da53ebc1..904545f3 100644 --- a/terraform/modules/avs_jumpbox/main.tf +++ b/terraform/modules/avs_jumpbox/main.tf @@ -31,6 +31,7 @@ resource "azurerm_windows_virtual_machine" "vm" { admin_username = var.admin_username admin_password = random_password.userpass.result tags = var.tags + zone = var.zone network_interface_ids = [ azurerm_network_interface.nic.id, ] diff --git a/terraform/modules/avs_jumpbox/providers.tf b/terraform/modules/avs_jumpbox/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_jumpbox/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_jumpbox/variables.tf b/terraform/modules/avs_jumpbox/variables.tf index 36310569..d79481f9 100644 --- a/terraform/modules/avs_jumpbox/variables.tf +++ b/terraform/modules/avs_jumpbox/variables.tf @@ -48,6 +48,12 @@ variable "tags" { description = "List of the tags that will be assigned to each resource" } +variable "zone" { + type = number + description = "zone where this resource should be located." + default = 1 +} + ################################################################# # telemetry variables ################################################################# diff --git a/terraform/modules/avs_key_vault/providers.tf b/terraform/modules/avs_key_vault/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_key_vault/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_log_analytics_w_custom_syslog/main.tf b/terraform/modules/avs_log_analytics_w_custom_syslog/main.tf index 660a8797..769794cd 100644 --- a/terraform/modules/avs_log_analytics_w_custom_syslog/main.tf +++ b/terraform/modules/avs_log_analytics_w_custom_syslog/main.tf @@ -14,7 +14,7 @@ resource "azapi_resource" "law_table" { name = var.custom_table_name parent_id = azurerm_log_analytics_workspace.avs_log_workspace.id type = "Microsoft.OperationalInsights/workspaces/tables@2022-10-01" - body = jsonencode( + body = jsondecode( { "properties" : { "plan" : "Analytics" diff --git a/terraform/modules/avs_log_analytics_w_custom_syslog/providers.tf b/terraform/modules/avs_log_analytics_w_custom_syslog/providers.tf index 330d3a38..c4b4b593 100644 --- a/terraform/modules/avs_log_analytics_w_custom_syslog/providers.tf +++ b/terraform/modules/avs_log_analytics_w_custom_syslog/providers.tf @@ -1,13 +1,13 @@ terraform { + required_version = "~> 1.6" required_providers { + azapi = { + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" + } azurerm = { source = "hashicorp/azurerm" - version = "~>3.00" - } - azapi = { - source = "azure/azapi" - version = "~>1.7.0" + version = "~> 3.105" } } -} - +} \ No newline at end of file diff --git a/terraform/modules/avs_log_filtering_accounts/providers.tf b/terraform/modules/avs_log_filtering_accounts/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_log_filtering_accounts/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_log_filtering_vm/main.tf b/terraform/modules/avs_log_filtering_vm/main.tf index b629217d..d110d2b3 100644 --- a/terraform/modules/avs_log_filtering_vm/main.tf +++ b/terraform/modules/avs_log_filtering_vm/main.tf @@ -67,6 +67,7 @@ resource "azurerm_linux_virtual_machine" "logstash_vm" { admin_password = random_password.admin_password.result disable_password_authentication = false custom_data = data.template_cloudinit_config.config.rendered + zone = var.zone network_interface_ids = [ azurerm_network_interface.logstash_nic.id, diff --git a/terraform/modules/avs_log_filtering_vm/providers.tf b/terraform/modules/avs_log_filtering_vm/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_log_filtering_vm/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_log_filtering_vm/variables.tf b/terraform/modules/avs_log_filtering_vm/variables.tf index 902e73d9..65cf6b9c 100644 --- a/terraform/modules/avs_log_filtering_vm/variables.tf +++ b/terraform/modules/avs_log_filtering_vm/variables.tf @@ -38,6 +38,11 @@ variable "key_vault_id" { description = "azure resource id for the keyvault used to store logstash vm passwords" } +variable "zone" { + type = number + description = "zone where this resource should be located." + default = 1 +} ################################################################# # telemetry variables ################################################################# diff --git a/terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/main.tf b/terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/main.tf index 1a1ed91d..cfe4c844 100644 --- a/terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/main.tf +++ b/terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/main.tf @@ -68,6 +68,7 @@ resource "azurerm_linux_virtual_machine" "csr1000v_node0" { admin_password = random_password.admin_password.result disable_password_authentication = false custom_data = data.template_cloudinit_config.config.rendered + zone = var.zone network_interface_ids = [ azurerm_network_interface.node0_csr_nic0.id, diff --git a/terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/providers.tf b/terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/variables.tf b/terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/variables.tf index 29eeb107..46d5f0a3 100644 --- a/terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/variables.tf +++ b/terraform/modules/avs_nva_cisco_1000v_vpn_config_one_node/variables.tf @@ -82,6 +82,12 @@ variable "vpn_pip_name_1" { description = "Azure resource name assigned to the vpn public ip" } +variable "zone" { + type = number + description = "zone where this resource should be located." + default = 1 +} + ################################################################# # telemetry variables ################################################################# diff --git a/terraform/modules/avs_nva_cisco_8000v_scenario2/main.tf b/terraform/modules/avs_nva_cisco_8000v_scenario2/main.tf index 8629c41e..3d526b5c 100644 --- a/terraform/modules/avs_nva_cisco_8000v_scenario2/main.tf +++ b/terraform/modules/avs_nva_cisco_8000v_scenario2/main.tf @@ -70,6 +70,7 @@ resource "azurerm_linux_virtual_machine" "csr1000v_node0" { disable_password_authentication = false custom_data = base64encode(data.template_file.node_config.rendered) tags = var.tags + zone = var.zone_0 network_interface_ids = [ azurerm_network_interface.node0_csr_nic0.id, azurerm_network_interface.node0_csr_nic1.id, @@ -152,6 +153,7 @@ resource "azurerm_linux_virtual_machine" "csr1000v_node1" { disable_password_authentication = false custom_data = base64encode(data.template_file.node_config.rendered) tags = var.tags + zone = var.zone_1 network_interface_ids = [ azurerm_network_interface.node1_csr_nic0.id, azurerm_network_interface.node1_csr_nic1.id, diff --git a/terraform/modules/avs_nva_cisco_8000v_scenario2/providers.tf b/terraform/modules/avs_nva_cisco_8000v_scenario2/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_nva_cisco_8000v_scenario2/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_nva_cisco_8000v_scenario2/variables.tf b/terraform/modules/avs_nva_cisco_8000v_scenario2/variables.tf index 10eb7bf8..c2509104 100644 --- a/terraform/modules/avs_nva_cisco_8000v_scenario2/variables.tf +++ b/terraform/modules/avs_nva_cisco_8000v_scenario2/variables.tf @@ -125,4 +125,16 @@ variable "cisco_byol" { type = bool description = "flag to determine if deployment should use the BYOL or PayGo licensing model for the Cisco 8000v's. True = BYOL, false = PAYGO" default = true +} + +variable "zone_1" { + type = number + description = "zone where the 0 node resource should be located." + default = 1 +} + +variable "zone_0" { + type = number + description = "zone where the 1 node resource should be located." + default = 2 } \ No newline at end of file diff --git a/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn/providers.tf b/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn_w_exr/providers.tf b/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn_w_exr/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn_w_exr/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_private_cloud_stretch_cluster/main.tf b/terraform/modules/avs_private_cloud_stretch_cluster/main.tf index 0e4ce104..734733eb 100644 --- a/terraform/modules/avs_private_cloud_stretch_cluster/main.tf +++ b/terraform/modules/avs_private_cloud_stretch_cluster/main.tf @@ -1,11 +1,3 @@ -terraform { - required_providers { - azapi = { - source = "azure/azapi" - } - } -} - data "azurerm_resource_group" "avs" { name = var.rg_name } @@ -43,7 +35,7 @@ resource "azapi_resource" "stretch_cluster" { tags = var.tags - body = jsonencode({ + body = { properties = { availability = { strategy = "DualZone" @@ -61,7 +53,7 @@ resource "azapi_resource" "stretch_cluster" { sku = { name = lower(var.sddc_sku) } - }) + } response_export_values = [ "properties.circuit.expressRouteID", @@ -95,11 +87,11 @@ resource "azapi_resource" "authkey_circuit1" { type = "Microsoft.AVS/privateClouds/authorizations@2022-05-01" name = var.expressroute_authorization_key_name_1 parent_id = data.azapi_resource.stretch_cluster.id - body = jsonencode({ + body = { properties = { - expressRouteId = jsondecode(azapi_resource.stretch_cluster.output).properties.circuit.expressRouteID + expressRouteId = azapi_resource.stretch_cluster.output.properties.circuit.expressRouteID } - }) + } response_export_values = ["properties.expressRouteAuthorizationKey"] schema_validation_enabled = false } @@ -108,11 +100,11 @@ resource "azapi_resource" "authkey_circuit2" { type = "Microsoft.AVS/privateClouds/authorizations@2022-05-01" name = var.expressroute_authorization_key_name_2 parent_id = data.azapi_resource.stretch_cluster.id - body = jsonencode({ + body = { properties = { - expressRouteId = jsondecode(azapi_resource.stretch_cluster.output).properties.secondaryCircuit.expressRouteID + expressRouteId = azapi_resource.stretch_cluster.output.properties.secondaryCircuit.expressRouteID } - }) + } response_export_values = ["properties.expressRouteAuthorizationKey"] schema_validation_enabled = false } diff --git a/terraform/modules/avs_private_cloud_stretch_cluster/outputs.tf b/terraform/modules/avs_private_cloud_stretch_cluster/outputs.tf index fb821f46..e4b50633 100644 --- a/terraform/modules/avs_private_cloud_stretch_cluster/outputs.tf +++ b/terraform/modules/avs_private_cloud_stretch_cluster/outputs.tf @@ -4,40 +4,40 @@ output "sddc_id" { output "sddc_express_route_id" { value = [ - jsondecode(data.azapi_resource.stretch_cluster.output).properties.circuit.expressRouteID, - jsondecode(data.azapi_resource.stretch_cluster.output).properties.secondaryCircuit.expressRouteID + data.azapi_resource.stretch_cluster.output.properties.circuit.expressRouteID, + data.azapi_resource.stretch_cluster.output.properties.secondaryCircuit.expressRouteID ] } output "sddc_express_route_authorization_key" { value = [ - jsondecode(azapi_resource.authkey_circuit1.output).properties.expressRouteAuthorizationKey, - jsondecode(azapi_resource.authkey_circuit2.output).properties.expressRouteAuthorizationKey + azapi_resource.authkey_circuit1.output.properties.expressRouteAuthorizationKey, + azapi_resource.authkey_circuit2.output.properties.expressRouteAuthorizationKey ] } output "sddc_express_route_private_peering_id" { value = [ - jsondecode(data.azapi_resource.stretch_cluster.output).properties.circuit.expressRoutePrivatePeeringID, - jsondecode(data.azapi_resource.stretch_cluster.output).properties.secondaryCircuit.expressRoutePrivatePeeringID + data.azapi_resource.stretch_cluster.output.properties.circuit.expressRoutePrivatePeeringID, + data.azapi_resource.stretch_cluster.output.properties.secondaryCircuit.expressRoutePrivatePeeringID ] } output "sddc_vcsa_endpoint" { - value = jsondecode(data.azapi_resource.stretch_cluster.output).properties.endpoints.vcsa + value = data.azapi_resource.stretch_cluster.output.properties.endpoints.vcsa } output "sddc_nsxt_manager_endpoint" { - value = jsondecode(data.azapi_resource.stretch_cluster.output).properties.endpoints.nsxtManager + value = data.azapi_resource.stretch_cluster.output.properties.endpoints.nsxtManager } output "sddc_hcx_cloud_manager_endpoint" { - value = jsondecode(data.azapi_resource.stretch_cluster.output).properties.endpoints.hcxCloudManager + value = data.azapi_resource.stretch_cluster.output.properties.endpoints.hcxCloudManager } output "sddc_provisioning_subnet_cidr" { - value = jsondecode(data.azapi_resource.stretch_cluster.output).properties.provisioningNetwork + value = data.azapi_resource.stretch_cluster.output.properties.provisioningNetwork } /* diff --git a/terraform/modules/avs_private_cloud_stretch_cluster/providers.tf b/terraform/modules/avs_private_cloud_stretch_cluster/providers.tf new file mode 100644 index 00000000..d8523c75 --- /dev/null +++ b/terraform/modules/avs_private_cloud_stretch_cluster/providers.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + azapi = { + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" + } + } +} + +provider "azapi" { + enable_hcl_output_for_data_source = true +} \ No newline at end of file diff --git a/terraform/modules/avs_routeserver/main.tf b/terraform/modules/avs_routeserver/main.tf index 3be08277..15613b41 100644 --- a/terraform/modules/avs_routeserver/main.tf +++ b/terraform/modules/avs_routeserver/main.tf @@ -1,11 +1,3 @@ -terraform { - required_providers { - azapi = { - source = "azure/azapi" - } - } -} - resource "azurerm_virtual_hub" "virtual_hub" { name = var.virtual_hub_name resource_group_name = var.rg_name @@ -35,11 +27,11 @@ resource "azapi_update_resource" "routeserver_branch_to_branch" { type = "Microsoft.Network/virtualHubs@2021-05-01" resource_id = azurerm_virtual_hub.virtual_hub.id - body = jsonencode({ + body = { properties = { allowBranchToBranchTraffic = true } - }) + } depends_on = [ azurerm_public_ip.routeserver_pip, diff --git a/terraform/modules/avs_routeserver/providers.tf b/terraform/modules/avs_routeserver/providers.tf new file mode 100644 index 00000000..85d912ce --- /dev/null +++ b/terraform/modules/avs_routeserver/providers.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + azapi = { + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" + } + } +} + +provider "azapi" { + enable_hcl_output_for_data_source = true +} diff --git a/terraform/modules/avs_service_health/providers.tf b/terraform/modules/avs_service_health/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_service_health/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_test_deploy_logstash_syslog_filter/main.tf b/terraform/modules/avs_test_deploy_logstash_syslog_filter/main.tf index f5e8f925..66fc87ba 100644 --- a/terraform/modules/avs_test_deploy_logstash_syslog_filter/main.tf +++ b/terraform/modules/avs_test_deploy_logstash_syslog_filter/main.tf @@ -101,10 +101,6 @@ resource "azurerm_monitor_diagnostic_setting" "private_cloud_syslog" { enabled_log { category = "VMwareSyslog" - - retention_policy { - enabled = false - } } } diff --git a/terraform/modules/avs_test_deploy_logstash_syslog_filter/providers.tf b/terraform/modules/avs_test_deploy_logstash_syslog_filter/providers.tf index 2e462bbe..844014ee 100644 --- a/terraform/modules/avs_test_deploy_logstash_syslog_filter/providers.tf +++ b/terraform/modules/avs_test_deploy_logstash_syslog_filter/providers.tf @@ -2,10 +2,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>3.00" + version = "~>3.105" } azapi = { - source = "azure/azapi" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } } @@ -23,6 +24,7 @@ terraform { } provider "azapi" { + enable_hcl_output_for_data_source = true } provider "azuread" { diff --git a/terraform/modules/avs_test_quad_0_nva_frr/main.tf b/terraform/modules/avs_test_quad_0_nva_frr/main.tf index 8f8c44fd..03a27c09 100644 --- a/terraform/modules/avs_test_quad_0_nva_frr/main.tf +++ b/terraform/modules/avs_test_quad_0_nva_frr/main.tf @@ -59,6 +59,7 @@ resource "azurerm_linux_virtual_machine" "frr_route_generator" { admin_password = random_password.admin_password.result disable_password_authentication = false custom_data = data.template_cloudinit_config.config.rendered + zone = var.zone network_interface_ids = [ azurerm_network_interface.frr_nic.id, diff --git a/terraform/modules/avs_test_quad_0_nva_frr/providers.tf b/terraform/modules/avs_test_quad_0_nva_frr/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_test_quad_0_nva_frr/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_test_quad_0_nva_frr/variables.tf b/terraform/modules/avs_test_quad_0_nva_frr/variables.tf index 909ce81f..8095293a 100644 --- a/terraform/modules/avs_test_quad_0_nva_frr/variables.tf +++ b/terraform/modules/avs_test_quad_0_nva_frr/variables.tf @@ -57,6 +57,12 @@ variable "nva_subnet_prefix" { description = "The prefix of the nva subnet" } +variable "zone" { + type = number + description = "zone where this resource should be located." + default = 1 +} + ################################################################# # telemetry variables ################################################################# diff --git a/terraform/modules/avs_test_spoke_with_jump_vm/providers.tf b/terraform/modules/avs_test_spoke_with_jump_vm/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_test_spoke_with_jump_vm/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_test_vpn_nva_one_node/providers.tf b/terraform/modules/avs_test_vpn_nva_one_node/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_test_vpn_nva_one_node/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_vnet_variable_subnets/providers.tf b/terraform/modules/avs_vnet_variable_subnets/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_vnet_variable_subnets/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_vpn_create_local_gateways_and_connections_active_active_w_bgp/providers.tf b/terraform/modules/avs_vpn_create_local_gateways_and_connections_active_active_w_bgp/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_vpn_create_local_gateways_and_connections_active_active_w_bgp/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_vpn_gateway/main.tf b/terraform/modules/avs_vpn_gateway/main.tf index da04abbe..e3bef25a 100644 --- a/terraform/modules/avs_vpn_gateway/main.tf +++ b/terraform/modules/avs_vpn_gateway/main.tf @@ -3,7 +3,8 @@ resource "azurerm_public_ip" "gatewaypip_1" { resource_group_name = var.rg_name location = var.rg_location allocation_method = "Dynamic" - sku = "Basic" + sku = "Standard" + zones = ["1","2","3"] } resource "azurerm_public_ip" "gatewaypip_2" { @@ -11,7 +12,8 @@ resource "azurerm_public_ip" "gatewaypip_2" { resource_group_name = var.rg_name location = var.rg_location allocation_method = "Dynamic" - sku = "Basic" + sku = "Standard" + zones = ["1","2","3"] } resource "azurerm_virtual_network_gateway" "gateway" { diff --git a/terraform/modules/avs_vpn_gateway/providers.tf b/terraform/modules/avs_vpn_gateway/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_vpn_gateway/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_vpn_gateway/variables.tf b/terraform/modules/avs_vpn_gateway/variables.tf index 7188905c..669f8ecf 100644 --- a/terraform/modules/avs_vpn_gateway/variables.tf +++ b/terraform/modules/avs_vpn_gateway/variables.tf @@ -18,7 +18,7 @@ variable "vpn_gateway_name" { variable "vpn_gateway_sku" { type = string description = "The sku for the AVS vpn gateway" - default = "VpnGw2" + default = "VpnGw2AZ" } variable "asn" { diff --git a/terraform/modules/avs_vwan/providers.tf b/terraform/modules/avs_vwan/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_vwan/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_vwan_azure_firewall_w_policy_and_log_analytics/main.tf b/terraform/modules/avs_vwan_azure_firewall_w_policy_and_log_analytics/main.tf index 50f05284..8e8dad71 100644 --- a/terraform/modules/avs_vwan_azure_firewall_w_policy_and_log_analytics/main.tf +++ b/terraform/modules/avs_vwan_azure_firewall_w_policy_and_log_analytics/main.tf @@ -32,7 +32,6 @@ resource "azurerm_firewall" "firewall" { virtual_hub_id = var.virtual_hub_id public_ip_count = var.public_ip_count } - } #configure the firewall to send logs to a log analytics workspace @@ -42,130 +41,60 @@ resource "azurerm_monitor_diagnostic_setting" "firewall_metrics" { log_analytics_workspace_id = azurerm_log_analytics_workspace.simple.id log_analytics_destination_type = "AzureDiagnostics" - log { + enabled_log { category = "AzureFirewallApplicationRule" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AzureFirewallNetworkRule" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AzureFirewallDnsProxy" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWNetworkRule" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWApplicationRule" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWNatRule" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWThreatIntel" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWIdpsSignature" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWDnsQuery" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWFqdnResolveFailure" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWApplicationRuleAggregation" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWNetworkRuleAggregation" - enabled = true - - retention_policy { - enabled = false - } } - log { + enabled_log { category = "AZFWNatRuleAggregation" - enabled = true - - retention_policy { - enabled = false - } } metric { category = "AllMetrics" - enabled = true - - retention_policy { - enabled = false - } } } diff --git a/terraform/modules/avs_vwan_azure_firewall_w_policy_and_log_analytics/providers.tf b/terraform/modules/avs_vwan_azure_firewall_w_policy_and_log_analytics/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_vwan_azure_firewall_w_policy_and_log_analytics/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_vwan_hub_express_route_gateway_and_vpn_gateway/providers.tf b/terraform/modules/avs_vwan_hub_express_route_gateway_and_vpn_gateway/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_vwan_hub_express_route_gateway_and_vpn_gateway/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file diff --git a/terraform/modules/avs_vwan_vnet_spoke/providers.tf b/terraform/modules/avs_vwan_vnet_spoke/providers.tf new file mode 100644 index 00000000..16b64c3a --- /dev/null +++ b/terraform/modules/avs_vwan_vnet_spoke/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.105" + } + } +} \ No newline at end of file From 7a84ea730c6327c18b4882796320a887c2b97982 Mon Sep 17 00:00:00 2001 From: jchancellor-ms Date: Thu, 30 May 2024 15:50:59 -0700 Subject: [PATCH 2/5] Reliability and Versioning updates --- .../providers.tf | 8 ++++++-- .../main.tf | 16 ---------------- .../providers.tf | 10 +++++++--- .../main.tf | 4 ++-- .../providers.tf | 6 ++++-- .../avs_vpn_hub_and_on_prem_csr_nva/main.tf | 2 +- .../avs_vpn_hub_and_on_prem_csr_nva/providers.tf | 8 ++++++-- .../providers.tf | 14 +++++++++----- .../input_sample.auto.tfvars.sample | 2 +- .../scenarios/avs_greenfield_new_vpn_hub/main.tf | 5 ++--- .../avs_greenfield_new_vpn_hub/providers.tf | 12 ++++++++---- .../providers.tf | 12 ++++++++---- .../providers.tf | 14 +++++++++----- 13 files changed, 63 insertions(+), 50 deletions(-) diff --git a/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/providers.tf b/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/providers.tf index e82a4179..db9e3f80 100644 --- a/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/providers.tf +++ b/terraform/modules/avs_deploy_vmware_modules_with_tf_vm/providers.tf @@ -2,12 +2,16 @@ terraform { required_version = "~> 1.6" required_providers { azapi = { - source = "azure/azapi" - version = "= 1.12.0" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } azurerm = { source = "hashicorp/azurerm" version = "~> 3.105" } } +} + +provider "azapi" { + enable_hcl_output_for_data_source = true } \ No newline at end of file diff --git a/terraform/samples/avs_deploy_vmware_segment_and_vm_using_linux_vm/main.tf b/terraform/samples/avs_deploy_vmware_segment_and_vm_using_linux_vm/main.tf index dcd33ed6..0fa900f5 100644 --- a/terraform/samples/avs_deploy_vmware_segment_and_vm_using_linux_vm/main.tf +++ b/terraform/samples/avs_deploy_vmware_segment_and_vm_using_linux_vm/main.tf @@ -23,21 +23,6 @@ locals { key_name = "testkey.${random_string.namestring.result}" } - #Map of values containing the credentials for authenticating to the VMware management components of the private cloud - vmware_creds = { - nsx = { - ip = split("/", data.azurerm_vmware_private_cloud.sddc.nsxt_manager_endpoint)[2] - user = jsondecode(data.azapi_resource_action.sddc_creds.output).nsxtUsername - password = jsondecode(data.azapi_resource_action.sddc_creds.output).nsxtPassword - } - vsphere = { - ip = split("/", data.azurerm_vmware_private_cloud.sddc.vcsa_endpoint)[2] - user = jsondecode(data.azapi_resource_action.sddc_creds.output).vcenterUsername - password = jsondecode(data.azapi_resource_action.sddc_creds.output).vcenterPassword - } - } - - ########################################################################################################## # These values control the module being deployed to the private cloud. # This is where changes would be made if deploying a different TF module to the private cloud @@ -130,7 +115,6 @@ module "deploy_tf_vm" { tf_vm_subnet_id = local.tf_vm_subnet_id tf_vm_name = local.tf_vm_name key_vault_id = local.key_vault_id - vmware_creds = local.vmware_creds vmware_state_storage = local.vmware_state_storage vmware_deployment = local.vmware_deployment tf_template_github_source = local.tf_template_github_source diff --git a/terraform/samples/avs_deploy_vmware_segment_and_vm_using_linux_vm/providers.tf b/terraform/samples/avs_deploy_vmware_segment_and_vm_using_linux_vm/providers.tf index a2b96609..d5bdb764 100644 --- a/terraform/samples/avs_deploy_vmware_segment_and_vm_using_linux_vm/providers.tf +++ b/terraform/samples/avs_deploy_vmware_segment_and_vm_using_linux_vm/providers.tf @@ -2,11 +2,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>3.00" + version = "~>3.105" } azapi = { - source = "azure/azapi" - version = "~>1.1.0" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } azuread = { source = "hashicorp/azuread" @@ -29,4 +29,8 @@ terraform { provider "azurerm" { features {} +} + +provider "azapi" { + enable_hcl_output_for_data_source = true } \ No newline at end of file diff --git a/terraform/samples/avs_greenfield_scenario2_expressroute_no_global_reach/main.tf b/terraform/samples/avs_greenfield_scenario2_expressroute_no_global_reach/main.tf index 1bfbb0e0..1e8e21ae 100644 --- a/terraform/samples/avs_greenfield_scenario2_expressroute_no_global_reach/main.tf +++ b/terraform/samples/avs_greenfield_scenario2_expressroute_no_global_reach/main.tf @@ -92,7 +92,7 @@ module "primary_hub_routeserver" { virtual_hub_pip_name = local.hub_virtual_hub_pip_name route_server_name = local.hub_route_server_name route_server_subnet_id = module.primary_hub_virtual_network.subnet_ids["RouteServerSubnet"].id - #tags = local.tags + tags = local.tags } #create Gateway route table with transit hub prefixes and AVS prefixes pointing to the firewall @@ -254,7 +254,7 @@ module "transit_hub_routeserver" { virtual_hub_pip_name = local.transit_hub_virtual_hub_pip_name route_server_name = local.transit_hub_route_server_name route_server_subnet_id = module.transit_hub_virtual_network.subnet_ids["RouteServerSubnet"].id - #tags = local.tags + tags = local.tags } diff --git a/terraform/samples/avs_greenfield_scenario2_expressroute_no_global_reach/providers.tf b/terraform/samples/avs_greenfield_scenario2_expressroute_no_global_reach/providers.tf index 9d9a3a18..1399f8a2 100644 --- a/terraform/samples/avs_greenfield_scenario2_expressroute_no_global_reach/providers.tf +++ b/terraform/samples/avs_greenfield_scenario2_expressroute_no_global_reach/providers.tf @@ -2,10 +2,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>3.00" + version = "~>3.105" } azapi = { - source = "azure/azapi" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } } @@ -23,6 +24,7 @@ terraform { } provider "azapi" { + enable_hcl_output_for_data_source = true } provider "azuread" { diff --git a/terraform/samples/avs_vpn_hub_and_on_prem_csr_nva/main.tf b/terraform/samples/avs_vpn_hub_and_on_prem_csr_nva/main.tf index 8b32a6fd..895119a7 100644 --- a/terraform/samples/avs_vpn_hub_and_on_prem_csr_nva/main.tf +++ b/terraform/samples/avs_vpn_hub_and_on_prem_csr_nva/main.tf @@ -38,7 +38,7 @@ module "deploy_greenfield_new_vpn_hub_no_firewall" { environment = "Dev" CreatedBy = "Terraform" } - module_telemetry_enabled = false + #module_telemetry_enabled = false } ######## Create a pre-shared key for the VPN ###### diff --git a/terraform/samples/avs_vpn_hub_and_on_prem_csr_nva/providers.tf b/terraform/samples/avs_vpn_hub_and_on_prem_csr_nva/providers.tf index ee57e938..6fe9936f 100644 --- a/terraform/samples/avs_vpn_hub_and_on_prem_csr_nva/providers.tf +++ b/terraform/samples/avs_vpn_hub_and_on_prem_csr_nva/providers.tf @@ -5,8 +5,8 @@ terraform { version = "~>3.00" } azapi = { - source = "azure/azapi" - version = "~>1.1.0" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } azuread = { source = "hashicorp/azuread" @@ -31,4 +31,8 @@ terraform { provider "azurerm" { features {} +} + +provider "azapi" { + enable_hcl_output_for_data_source = true } \ No newline at end of file diff --git a/terraform/scenarios/avs_brownfield_existing_vwan_hub/providers.tf b/terraform/scenarios/avs_brownfield_existing_vwan_hub/providers.tf index e66cfbac..478be6bb 100644 --- a/terraform/scenarios/avs_brownfield_existing_vwan_hub/providers.tf +++ b/terraform/scenarios/avs_brownfield_existing_vwan_hub/providers.tf @@ -2,15 +2,15 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>3.00" + version = "~>3.105" } azapi = { - source = "azure/azapi" - version = "~>1.1.0" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } azuread = { source = "hashicorp/azuread" - version = "~>2.30.0" + version = "~>2.50.0" } } @@ -26,10 +26,14 @@ terraform { tenant_id = "" } */ - required_version = ">= 1.0" + required_version = ">= 1.6" } provider "azurerm" { #partner_id = "d8a06ade-2654-4a78-99da-e941f87a3a2a" features {} +} + +provider "azapi" { + enable_hcl_output_for_data_source = true } \ No newline at end of file diff --git a/terraform/scenarios/avs_greenfield_new_vpn_hub/input_sample.auto.tfvars.sample b/terraform/scenarios/avs_greenfield_new_vpn_hub/input_sample.auto.tfvars.sample index da837659..123c7683 100644 --- a/terraform/scenarios/avs_greenfield_new_vpn_hub/input_sample.auto.tfvars.sample +++ b/terraform/scenarios/avs_greenfield_new_vpn_hub/input_sample.auto.tfvars.sample @@ -22,7 +22,7 @@ management_cluster_size = 3 avs_network_cidr = "192.168.0.0/22" hcx_enabled = true hcx_key_names = ["keyname1", "keyname2"] -vpn_gateway_sku = "VpnGw2" +vpn_gateway_sku = "VpnGw2AZ" asn = 65515 firewall_sku_tier = "Standard" email_addresses = ["test1@test.com","test2@test.com"] diff --git a/terraform/scenarios/avs_greenfield_new_vpn_hub/main.tf b/terraform/scenarios/avs_greenfield_new_vpn_hub/main.tf index 794492a0..5c626bb3 100644 --- a/terraform/scenarios/avs_greenfield_new_vpn_hub/main.tf +++ b/terraform/scenarios/avs_greenfield_new_vpn_hub/main.tf @@ -66,10 +66,8 @@ module "avs_expressroute_gateway" { rg_name = azurerm_resource_group.greenfield_network.name rg_location = azurerm_resource_group.greenfield_network.location gateway_subnet_id = module.avs_virtual_network.subnet_ids["GatewaySubnet"].id - express_route_connection_name = local.express_route_connection_name - express_route_id = module.avs_private_cloud.sddc_express_route_id - express_route_authorization_key = module.avs_private_cloud.sddc_express_route_authorization_key module_telemetry_enabled = false + tags = var.tags depends_on = [ module.avs_vpn_gateway @@ -120,6 +118,7 @@ module "avs_routeserver" { route_server_name = local.route_server_name route_server_subnet_id = module.avs_virtual_network.subnet_ids["RouteServerSubnet"].id module_telemetry_enabled = false + tags = var.tags } #deploy the default service health and azure monitor alerts diff --git a/terraform/scenarios/avs_greenfield_new_vpn_hub/providers.tf b/terraform/scenarios/avs_greenfield_new_vpn_hub/providers.tf index a7a6c4ad..5647a6f4 100644 --- a/terraform/scenarios/avs_greenfield_new_vpn_hub/providers.tf +++ b/terraform/scenarios/avs_greenfield_new_vpn_hub/providers.tf @@ -2,15 +2,15 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>3.00" + version = "~>3.105" } azapi = { - source = "azure/azapi" - version = "~>1.1.0" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } azuread = { source = "hashicorp/azuread" - version = "~>2.30.0" + version = "~>2.50" } } @@ -32,4 +32,8 @@ terraform { provider "azurerm" { #partner_id = "d2b1d33f-3e1e-4fe9-b9b4-d20b6147535b" features {} +} + +provider "azapi" { + enable_hcl_output_for_data_source = true } \ No newline at end of file diff --git a/terraform/scenarios/avs_greenfield_new_vwan_secure_hub_with_vpn_and_expressroute/providers.tf b/terraform/scenarios/avs_greenfield_new_vwan_secure_hub_with_vpn_and_expressroute/providers.tf index 56d71b60..c93b461d 100644 --- a/terraform/scenarios/avs_greenfield_new_vwan_secure_hub_with_vpn_and_expressroute/providers.tf +++ b/terraform/scenarios/avs_greenfield_new_vwan_secure_hub_with_vpn_and_expressroute/providers.tf @@ -2,15 +2,15 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>3.00" + version = "~>3.105" } azapi = { - source = "azure/azapi" - version = "~>1.1.0" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } azuread = { source = "hashicorp/azuread" - version = "~>2.30.0" + version = "~>2.50" } } @@ -32,4 +32,8 @@ terraform { provider "azurerm" { #partner_id = "55c21dbf-9474-4276-bafc-85dde83adbcb" features {} +} + +provider "azapi" { + enable_hcl_output_for_data_source = true } \ No newline at end of file diff --git a/terraform/scenarios/avs_greenfield_stretch_cluster_existing_exr_gateway/providers.tf b/terraform/scenarios/avs_greenfield_stretch_cluster_existing_exr_gateway/providers.tf index c9fe0ba5..846c0aef 100644 --- a/terraform/scenarios/avs_greenfield_stretch_cluster_existing_exr_gateway/providers.tf +++ b/terraform/scenarios/avs_greenfield_stretch_cluster_existing_exr_gateway/providers.tf @@ -2,15 +2,15 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>3.00" + version = "~>3.105" } azapi = { - source = "azure/azapi" - version = "~>1.1.0" + source = "Azure/azapi" + version = "~> 1.13, != 1.13.0" } azuread = { source = "hashicorp/azuread" - version = "~>2.30.0" + version = "~>2.50" } } @@ -31,4 +31,8 @@ terraform { provider "azurerm" { features {} -} \ No newline at end of file +} + +provider "azapi" { + enable_hcl_output_for_data_source = true +} From 363d319cf7dc2f7277182040ba9b3a3f11450221 Mon Sep 17 00:00:00 2001 From: jchancellor-ms Date: Fri, 31 May 2024 13:35:41 -0700 Subject: [PATCH 3/5] Reliability and Versioning updates --- .../GreenField/Terraform/gateway.tf | 2 +- .../GreenField/Terraform/jumpbox.tf | 50 ++++++++++++++++++- .../GreenField/Terraform/network.tf | 44 +++++++++++++++- .../GreenField/Terraform/privatecloud.tf | 6 +++ .../GreenField/Terraform/terraform.tfvars | 9 ++-- .../GreenField/Terraform/variables.tf | 14 ++++-- .../Terraform/main.tf | 2 +- .../modules/avs_expressroute_gateway/main.tf | 2 +- .../avs_expressroute_gateway_old/main.tf | 5 +- .../main.tf | 6 +++ .../main.tf | 5 ++ terraform/modules/avs_vpn_gateway/main.tf | 4 +- 12 files changed, 132 insertions(+), 17 deletions(-) diff --git a/AVS-Landing-Zone/GreenField/Terraform/gateway.tf b/AVS-Landing-Zone/GreenField/Terraform/gateway.tf index 32d4d09e..3c0366e3 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/gateway.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/gateway.tf @@ -2,7 +2,7 @@ resource "azurerm_public_ip" "gatewaypip" { name = "${var.prefix}-GW-pip" resource_group_name = azurerm_resource_group.network.name location = azurerm_resource_group.network.location - allocation_method = "Dynamic" + allocation_method = "Static" zones = ["1","2","3"] sku = "Standard" } diff --git a/AVS-Landing-Zone/GreenField/Terraform/jumpbox.tf b/AVS-Landing-Zone/GreenField/Terraform/jumpbox.tf index 8d9e8454..ce1cc8d8 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/jumpbox.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/jumpbox.tf @@ -17,7 +17,7 @@ resource "azurerm_windows_virtual_machine" "vm" { location = azurerm_resource_group.jumpbox.location size = var.jumpboxsku admin_username = var.adminusername - admin_password = var.adminpassword + admin_password = random_password.admin_password.result zone = 1 network_interface_ids = [ azurerm_network_interface.nic.id, @@ -34,4 +34,52 @@ resource "azurerm_windows_virtual_machine" "vm" { sku = "win11-21h2-avd" version = "latest" } +} + +resource "random_password" "admin_password" { + length = 23 + special = true + numeric = true + min_special = 1 + min_numeric = 1 + min_upper = 1 + min_lower = 1 +} + +resource "random_string" "namestring" { + length = 4 + special = false + upper = false + lower = true +} + +resource "azurerm_key_vault_secret" "admin_password" { + key_vault_id = module.avm_res_keyvault_vault.resource.id + name = "${var.prefix}-jumpbox-${var.adminusername}-password" + value = random_password.admin_password.result +} + +module "avm_res_keyvault_vault" { + source = "Azure/avm-res-keyvault-vault/azurerm" + version = "0.5.3" + tenant_id = data.azurerm_client_config.current.tenant_id + name = "${var.key_vault_name}-${random_string.namestring.result}" + resource_group_name = azurerm_resource_group.jumpbox.name + location = azurerm_resource_group.jumpbox.location + enabled_for_deployment = true + network_acls = { + default_action = "Allow" + bypass = "AzureServices" + } + + role_assignments = { + deployment_user_secrets = { + role_definition_id_or_name = "Key Vault Administrator" + principal_id = data.azurerm_client_config.current.object_id + } + } + + wait_for_rbac_before_secret_operations = { + create = "60s" + } } \ No newline at end of file diff --git a/AVS-Landing-Zone/GreenField/Terraform/network.tf b/AVS-Landing-Zone/GreenField/Terraform/network.tf index 3c528987..55d1d287 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/network.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/network.tf @@ -21,9 +21,51 @@ resource "azurerm_subnet" "azurebastionsubnet" { address_prefixes = [var.azurebastionsubnet] } +resource "azurerm_subnet_network_security_group_association" "this_bastion" { + subnet_id = azurerm_subnet.azurebastionsubnet.id + network_security_group_id = module.testnsg.nsg_resource.id +} + resource "azurerm_subnet" "jumpboxsubnet" { name = "JumpboxSubnet" resource_group_name = azurerm_resource_group.network.name virtual_network_name = azurerm_virtual_network.network.name - address_prefixes = [var.jumpboxsubnet] + address_prefixes = [var.jumpboxsubnet] +} + +resource "azurerm_subnet_network_security_group_association" "this_jumpbox" { + subnet_id = azurerm_subnet.jumpboxsubnet.id + network_security_group_id = module.testnsg.nsg_resource.id } + +module "testnsg" { + source = "Azure/avm-res-network-networksecuritygroup/azurerm" + version = "0.1.1" + + enable_telemetry = var.telemetry_enabled + location = azurerm_resource_group.network.location + resource_group_name = azurerm_resource_group.network.name + name = var.nsg_name + nsgrules = { #allow all in this example, but set your + "rule01" : { + "nsg_rule_access" : "Allow", + "nsg_rule_destination_address_prefix" : "*", + "nsg_rule_destination_port_range" : "*", + "nsg_rule_direction" : "Inbound", + "nsg_rule_priority" : 100, + "nsg_rule_protocol" : "Tcp", + "nsg_rule_source_address_prefix" : "*", + "nsg_rule_source_port_range" : "*" + }, + "rule02" : { + "nsg_rule_access" : "Allow", + "nsg_rule_destination_address_prefix" : "*", + "nsg_rule_destination_port_range" : "*", + "nsg_rule_direction" : "Outbound", + "nsg_rule_priority" : 200, + "nsg_rule_protocol" : "Tcp", + "nsg_rule_source_address_prefix" : "*", + "nsg_rule_source_port_range" : "*" + } + } +} \ No newline at end of file diff --git a/AVS-Landing-Zone/GreenField/Terraform/privatecloud.tf b/AVS-Landing-Zone/GreenField/Terraform/privatecloud.tf index 15fa7c5a..008a1f48 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/privatecloud.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/privatecloud.tf @@ -51,4 +51,10 @@ resource "azurerm_vmware_private_cloud" "privatecloud" { resource "azurerm_vmware_express_route_authorization" "expressrouteauthkey" { name = "${var.prefix}-AVS" private_cloud_id = azurerm_vmware_private_cloud.privatecloud.id +} + +resource "azurerm_management_lock" "this_private_cloud" { + lock_level = "CanNotDelete" + name = "${var.prefix}-lock" + scope = azurerm_vmware_private_cloud.privatecloud.id } \ No newline at end of file diff --git a/AVS-Landing-Zone/GreenField/Terraform/terraform.tfvars b/AVS-Landing-Zone/GreenField/Terraform/terraform.tfvars index 49ea5c80..01c99bb5 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/terraform.tfvars +++ b/AVS-Landing-Zone/GreenField/Terraform/terraform.tfvars @@ -3,17 +3,17 @@ prefix = "AVS" #Region to deploy the AVS Private Cloud and associated components -region = "northeurope" +region = "eastasia" #AVS requires a /22 CIDR range, this must not overlap with other networks to be used with AVS avs-networkblock = "10.1.0.0/22" -avs-sku = "AV36P" +avs-sku = "AV36" avs-hostcount = 3 hcx_key_names = ["hcxsite1", "hcxsite2"] #Input the Jumpbox local username, password and SKU of your choice -adminusername = "replace me" -adminpassword = "replace me" +key_vault_name = "jumpkeyvault" +adminusername = "testuser" jumpboxsku = "Standard_D2as_v4" #Virtual network address space and required subnets, can be any CIDR range @@ -21,6 +21,7 @@ vnetaddressspace = "192.168.1.0/24" gatewaysubnet = "192.168.1.0/27" azurebastionsubnet = "192.168.1.64/26" jumpboxsubnet = "192.168.1.128/25" +nsg_name = "testnsg" #Enable or Disable telemetry telemetry_enabled = true diff --git a/AVS-Landing-Zone/GreenField/Terraform/variables.tf b/AVS-Landing-Zone/GreenField/Terraform/variables.tf index 23dddc34..d10cd15d 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/variables.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/variables.tf @@ -29,10 +29,6 @@ variable "adminusername" { type = string } -variable "adminpassword" { - type = string -} - variable "jumpboxsku" { type = string default = "Standard_D2as_v4" @@ -60,6 +56,16 @@ variable "hcx_key_names" { default = [] } +variable "key_vault_name" { + type = string + description = "The name for the key vault used to store the jump virtual machine password." +} + +variable "nsg_name" { + type = string + description = "The name to use for the default NSG deployed with the networks." +} + variable "telemetry_enabled" { type = bool description = "toggle the telemetry on/off for this module" diff --git a/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf b/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf index aa2d0339..388e1055 100644 --- a/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf +++ b/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf @@ -65,7 +65,7 @@ resource "azurerm_public_ip" "gatewayIP" { name = "${var.GatewayName}-PIP" resource_group_name = azurerm_resource_group.deploymentRG.name location = azurerm_resource_group.deploymentRG.location - allocation_method = "Dynamic" + allocation_method = "Static" sku = "Standard" sku_tier = "Regional" zones = ["1","2","3"] diff --git a/terraform/modules/avs_expressroute_gateway/main.tf b/terraform/modules/avs_expressroute_gateway/main.tf index 7fc8700c..8fe957e2 100644 --- a/terraform/modules/avs_expressroute_gateway/main.tf +++ b/terraform/modules/avs_expressroute_gateway/main.tf @@ -2,7 +2,7 @@ resource "azurerm_public_ip" "gatewaypip" { name = var.expressroute_pip_name resource_group_name = var.rg_name location = var.rg_location - allocation_method = "Dynamic" + allocation_method = "Static" sku = "Standard" tags = var.tags zones = ["1","2","3"] diff --git a/terraform/modules/avs_expressroute_gateway_old/main.tf b/terraform/modules/avs_expressroute_gateway_old/main.tf index db50d945..f0d22aa5 100644 --- a/terraform/modules/avs_expressroute_gateway_old/main.tf +++ b/terraform/modules/avs_expressroute_gateway_old/main.tf @@ -2,8 +2,9 @@ resource "azurerm_public_ip" "gatewaypip" { name = var.expressroute_pip_name resource_group_name = var.rg_name location = var.rg_location - allocation_method = "Dynamic" - sku = "Basic" #required for an ultraperformance gateway + allocation_method = "Static" + sku = "Standard" #required for an ultraperformance gateway + zones = ["1","2","3"] } resource "azurerm_virtual_network_gateway" "gateway" { diff --git a/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn/main.tf b/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn/main.tf index 9e919d29..95e1ac52 100644 --- a/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn/main.tf +++ b/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn/main.tf @@ -82,6 +82,12 @@ module "hcx_addon" { ] } +resource "azurerm_management_lock" "this_private_cloud" { + lock_level = "CanNotDelete" + name = "${azurerm_vmware_private_cloud.privatecloud.name}-lock" + scope = azurerm_vmware_private_cloud.privatecloud.id +} + ############################################################################################# # Telemetry Section - Toggled on and off with the telemetry variable # This allows us to get deployment frequency statistics for deployments diff --git a/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn_w_exr/main.tf b/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn_w_exr/main.tf index f2f9d03a..8c27aa92 100644 --- a/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn_w_exr/main.tf +++ b/terraform/modules/avs_private_cloud_single_management_cluster_no_internet_conn_w_exr/main.tf @@ -104,6 +104,11 @@ resource "azurerm_virtual_network_gateway_connection" "avs" { authorization_key = azurerm_vmware_express_route_authorization.expressrouteauthkey[0].express_route_authorization_key } +resource "azurerm_management_lock" "this_private_cloud" { + lock_level = "CanNotDelete" + name = "${azurerm_vmware_private_cloud.privatecloud.name}-lock" + scope = azurerm_vmware_private_cloud.privatecloud.id +} ############################################################################################# # Telemetry Section - Toggled on and off with the telemetry variable # This allows us to get deployment frequency statistics for deployments diff --git a/terraform/modules/avs_vpn_gateway/main.tf b/terraform/modules/avs_vpn_gateway/main.tf index e3bef25a..96abeed3 100644 --- a/terraform/modules/avs_vpn_gateway/main.tf +++ b/terraform/modules/avs_vpn_gateway/main.tf @@ -2,7 +2,7 @@ resource "azurerm_public_ip" "gatewaypip_1" { name = var.vpn_pip_name_1 resource_group_name = var.rg_name location = var.rg_location - allocation_method = "Dynamic" + allocation_method = "Static" sku = "Standard" zones = ["1","2","3"] } @@ -11,7 +11,7 @@ resource "azurerm_public_ip" "gatewaypip_2" { name = var.vpn_pip_name_2 resource_group_name = var.rg_name location = var.rg_location - allocation_method = "Dynamic" + allocation_method = "Static" sku = "Standard" zones = ["1","2","3"] } From 10128a67b95319caad39b05d5581b75d1c598765 Mon Sep 17 00:00:00 2001 From: Jon Chancellor Date: Thu, 27 Jun 2024 08:50:44 -0700 Subject: [PATCH 4/5] version and output changes --- AVS-Landing-Zone/GreenField/Terraform/hcx_addon.tf | 2 +- AVS-Landing-Zone/GreenField/Terraform/main.tf | 4 ---- AVS-Landing-Zone/GreenField/Terraform/network.tf | 1 + AVS-Landing-Zone/GreenField/Terraform/terraform.tfvars | 4 ++-- 4 files changed, 4 insertions(+), 7 deletions(-) diff --git a/AVS-Landing-Zone/GreenField/Terraform/hcx_addon.tf b/AVS-Landing-Zone/GreenField/Terraform/hcx_addon.tf index 734b8b75..25b2573b 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/hcx_addon.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/hcx_addon.tf @@ -53,7 +53,7 @@ resource "azapi_resource" "hcx_keys" { output "hcx_keys" { value = { - for key, value in azapi_resource.hcx_keys : key => value.output.properties.activationKey + for key, value in azapi_resource.hcx_keys : key => jsondecode(value.output).properties.activationKey } } diff --git a/AVS-Landing-Zone/GreenField/Terraform/main.tf b/AVS-Landing-Zone/GreenField/Terraform/main.tf index 4339f14d..52355d8a 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/main.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/main.tf @@ -21,10 +21,6 @@ provider "azurerm" { partner_id = "754599a0-0a6f-424a-b4c5-1b12be198ae8" } -provider "azapi" { - enable_hcl_output_for_data_source = true -} - ## Optional settings to setup a terraform backend in Azure storage # terraform { diff --git a/AVS-Landing-Zone/GreenField/Terraform/network.tf b/AVS-Landing-Zone/GreenField/Terraform/network.tf index 55d1d287..3fa0f742 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/network.tf +++ b/AVS-Landing-Zone/GreenField/Terraform/network.tf @@ -36,6 +36,7 @@ resource "azurerm_subnet" "jumpboxsubnet" { resource "azurerm_subnet_network_security_group_association" "this_jumpbox" { subnet_id = azurerm_subnet.jumpboxsubnet.id network_security_group_id = module.testnsg.nsg_resource.id + depends_on = [ azurerm_virtual_network.network, azurerm_subnet.jumpboxsubnet, module.testnsg ] } module "testnsg" { diff --git a/AVS-Landing-Zone/GreenField/Terraform/terraform.tfvars b/AVS-Landing-Zone/GreenField/Terraform/terraform.tfvars index 61222b34..22b5957b 100644 --- a/AVS-Landing-Zone/GreenField/Terraform/terraform.tfvars +++ b/AVS-Landing-Zone/GreenField/Terraform/terraform.tfvars @@ -3,10 +3,10 @@ prefix = "AVS" #Region to deploy the AVS Private Cloud and associated components -region = "eastasia" +region = "southafricanorth" #AVS requires a /22 CIDR range, this must not overlap with other networks to be used with AVS -avs-networkblock = "10.1.0.0/22" +avs-networkblock = "10.0.0.0/22" avs-sku = "AV36" avs-hostcount = 3 hcx_key_names = ["hcxsite1", "hcxsite2"] From be98b94fb488411611620e72c696c77076c57533 Mon Sep 17 00:00:00 2001 From: Jon Chancellor Date: Thu, 27 Jun 2024 08:58:56 -0700 Subject: [PATCH 5/5] version and output changes --- .../Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf | 4 +--- terraform/modules/avs_addon_hcx/outputs.tf | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf b/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf index 388e1055..fcff7d52 100644 --- a/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf +++ b/BrownField/Storage/AVS-to-ANFdatastore-NewVNet/Terraform/main.tf @@ -209,9 +209,7 @@ data "azurerm_vmware_private_cloud" "avs_privatecloud" { data "azurerm_netapp_volume" "anf_datastorevolume" { provider = azurerm.AVS-to-ANFdatastore-NewVnet - depends_on = [ - azapi_resource.avs_anf_volume_avsdatastoreenabled - ] + name = var.netappVolumeName account_name = var.netappAccountName pool_name = var.netappCapacityPoolName diff --git a/terraform/modules/avs_addon_hcx/outputs.tf b/terraform/modules/avs_addon_hcx/outputs.tf index ac83c404..3084ea8a 100644 --- a/terraform/modules/avs_addon_hcx/outputs.tf +++ b/terraform/modules/avs_addon_hcx/outputs.tf @@ -1,5 +1,5 @@ output "keys" { value = { - for key, value in azapi_resource.hcx_keys : key => value.output.properties.activationKey + for key, value in azapi_resource.hcx_keys : key => jsondecode(value.output).properties.activationKey } } \ No newline at end of file