diff --git a/azure/terraform/cassandra-replayers.tf b/azure/terraform/cassandra-replayers.tf --- a/azure/terraform/cassandra-replayers.tf +++ b/azure/terraform/cassandra-replayers.tf @@ -4,7 +4,7 @@ resource "azurerm_resource_group" "euwest-cassandra-replay" { # Disable this - count = 0 + count = 0 name = "euwest-cassandra-replay" location = "westeurope" @@ -16,22 +16,19 @@ locals { cassandra_replay_servers = { - for i in range(var.cassandra_replay_servers): - format("cassandra-replay%02d", i + 1) => { - datadisks = {} - } + for i in range(var.cassandra_replay_servers) : + format("cassandra-replay%02d", i + 1) => { + datadisks = {} + } } } - - resource "azurerm_network_interface" "cassandra-replayer-interface" { - for_each = local.cassandra_replay_servers + for_each = local.cassandra_replay_servers - name = format("%s-interface", each.key) - location = "westeurope" - resource_group_name = azurerm_resource_group.euwest-cassandra-replay[0].name - network_security_group_id = data.azurerm_network_security_group.worker-nsg.id + name = format("%s-interface", each.key) + location = "westeurope" + resource_group_name = azurerm_resource_group.euwest-cassandra-replay[0].name enable_accelerated_networking = true @@ -42,14 +39,20 @@ private_ip_address_allocation = "Dynamic" } - depends_on = [azurerm_resource_group.euwest-cassandra-replay] + depends_on = [azurerm_resource_group.euwest-cassandra-replay] } +resource "azurerm_network_interface_security_group_association" "cassandra-replayer-interface-sga" { + for_each = local.cassandra_replay_servers + + network_interface_id = azurerm_network_interface.cassandra-replayer-interface[each.key].id + network_security_group_id = data.azurerm_network_security_group.worker-nsg.id +} resource "azurerm_virtual_machine" "cassandra-replay-server" { - for_each = local.cassandra_replay_servers + for_each = local.cassandra_replay_servers - depends_on = [azurerm_resource_group.euwest-cassandra-replay] + depends_on = [azurerm_resource_group.euwest-cassandra-replay] name = each.key location = "westeurope" @@ -107,12 +110,12 @@ } provisioner "file" { - content = templatefile("templates/firstboot.sh.tpl", { - hostname = self.name - fqdn = format("%s.euwest.azure.internal.softwareheritage.org", self.name) - ip_address = azurerm_network_interface.cassandra-replayer-interface[self.name].private_ip_address + content = templatefile("templates/firstboot.sh.tpl", { + hostname = self.name + fqdn = format("%s.euwest.azure.internal.softwareheritage.org", self.name) + ip_address = azurerm_network_interface.cassandra-replayer-interface[self.name].private_ip_address facter_location = "azure_euwest" - disk_setup = {} + disk_setup = {} }) destination = var.firstboot_script @@ -128,7 +131,7 @@ "userdel -f ${var.user_admin}", "chmod +x ${var.firstboot_script}", "cat ${var.firstboot_script}", - "${var.firstboot_script}", + var.firstboot_script, ] connection { type = "ssh" diff --git a/azure/terraform/cassandra.tf b/azure/terraform/cassandra.tf --- a/azure/terraform/cassandra.tf +++ b/azure/terraform/cassandra.tf @@ -21,10 +21,10 @@ locals { cassandra_servers = { - for i in range(var.cassandra_servers): + for i in range(var.cassandra_servers) : format("cassandra%02d", i + 1) => { datadisks = { - for i in range(var.cassandra_disks_per_server): + for i in range(var.cassandra_disks_per_server) : format("datadisk%02d", i + 1) => { lun = i + 1 path = format("/dev/disk/azure/scsi1/lun%d", i + 1) @@ -36,12 +36,11 @@ resource "azurerm_network_interface" "cassandra-interface" { - for_each = local.cassandra_servers + for_each = local.cassandra_servers - name = format("%s-interface", each.key) - location = "westeurope" - resource_group_name = azurerm_resource_group.euwest-cassandra.name - network_security_group_id = data.azurerm_network_security_group.worker-nsg.id + name = format("%s-interface", each.key) + location = "westeurope" + resource_group_name = azurerm_resource_group.euwest-cassandra.name enable_accelerated_networking = true @@ -52,14 +51,20 @@ private_ip_address_allocation = "Dynamic" } - depends_on = [azurerm_resource_group.euwest-cassandra] + depends_on = [azurerm_resource_group.euwest-cassandra] } +resource "azurerm_network_interface_security_group_association" "cassandra-interface-sga" { + for_each = local.cassandra_servers + + network_interface_id = azurerm_network_interface.cassandra-interface[each.key].id + network_security_group_id = data.azurerm_network_security_group.worker-nsg.id +} resource "azurerm_virtual_machine" "cassandra-server" { - for_each = local.cassandra_servers + for_each = local.cassandra_servers - depends_on = [azurerm_resource_group.euwest-cassandra] + depends_on = [azurerm_resource_group.euwest-cassandra] name = each.key location = "westeurope" @@ -82,7 +87,7 @@ managed_disk_type = "Premium_LRS" } - dynamic storage_data_disk { + dynamic "storage_data_disk" { for_each = each.value.datadisks content { @@ -130,26 +135,26 @@ } provisioner "file" { - content = templatefile("templates/firstboot.sh.tpl", { - hostname = self.name - fqdn = format("%s.euwest.azure.internal.softwareheritage.org", self.name) - ip_address = azurerm_network_interface.cassandra-interface[self.name].private_ip_address + content = templatefile("templates/firstboot.sh.tpl", { + hostname = self.name + fqdn = format("%s.euwest.azure.internal.softwareheritage.org", self.name) + ip_address = azurerm_network_interface.cassandra-interface[self.name].private_ip_address facter_location = "azure_euwest" disk_setup = { - disks = [ - for disk in local.cassandra_servers[self.name].datadisks: { - base_disk = disk.path - } - ] - raids = [{ - path = "/dev/md0" - level = 0 - chunk = "128K" - members = [for disk in local.cassandra_servers[self.name].datadisks: format("%s-part1", disk.path)] - mountpoint = "/srv/cassandra" - filesystem = "ext4" - mount_options = "defaults" - }] + disks = [ + for disk in local.cassandra_servers[self.name].datadisks : { + base_disk = disk.path + } + ] + raids = [{ + path = "/dev/md0" + level = 0 + chunk = "128K" + members = [for disk in local.cassandra_servers[self.name].datadisks : format("%s-part1", disk.path)] + mountpoint = "/srv/cassandra" + filesystem = "ext4" + mount_options = "defaults" + }] } }) destination = var.firstboot_script @@ -166,7 +171,7 @@ "userdel -f ${var.user_admin}", "chmod +x ${var.firstboot_script}", "cat ${var.firstboot_script}", - "${var.firstboot_script}", + var.firstboot_script, ] connection { type = "ssh" diff --git a/azure/terraform/init.tf b/azure/terraform/init.tf --- a/azure/terraform/init.tf +++ b/azure/terraform/init.tf @@ -4,18 +4,25 @@ # - resource: Define resource and create/update terraform { + required_version = ">= 0.13" backend "azurerm" { resource_group_name = "euwest-admin" storage_account_name = "swhterraform" container_name = "tfstate" key = "prod.azure.terraform.tfstate" } + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=2.97.0" + } + } } # Configure the Microsoft Azure Provider # Empty if using the `az login` tool provider "azurerm" { - version = "=1.43.0" + features {} } # Reuse the network security group as defined currently @@ -37,7 +44,7 @@ } variable "firstboot_script" { - type = string + type = string default = "/root/firstboot.sh" } diff --git a/azure/terraform/mirror.tf b/azure/terraform/mirror.tf --- a/azure/terraform/mirror.tf +++ b/azure/terraform/mirror.tf @@ -20,7 +20,7 @@ location = "westeurope" tags = { - environment = "SWH Mirror" + environment = "SWH Mirror" } } @@ -35,10 +35,10 @@ locals { mirror_replay_servers = { - for i in range(var.mirror_replay_servers): - format("mirror-replay%02d", i + 1) => { - datadisks = {} - } + for i in range(var.mirror_replay_servers) : + format("mirror-replay%02d", i + 1) => { + datadisks = {} + } } } @@ -52,7 +52,6 @@ name = "mirror-master-interface" location = "westeurope" resource_group_name = "euwest-mirror-test" - network_security_group_id = azurerm_network_security_group.mirror-nsg[0].id ip_configuration { name = "mirrorMasterNicConfiguration" @@ -61,6 +60,13 @@ private_ip_address_allocation = "Dynamic" } } + +resource "azurerm_network_interface_security_group_association" "mirror-master-interface-sga" { + count = 0 + network_interface_id = azurerm_network_interface.mirror-master-interface[0].id + network_security_group_id = azurerm_network_security_group.mirror-nsg[0].id +} + #resource "azurerm_managed_disk" "mirror-master-osdisk" { # name = "mirror-master-osdisk" # create_option = "FromImage" @@ -68,7 +74,7 @@ # resource_group_name = "euwest-mirror-test" # storage_account_type = "Premium_LRS" # image_reference_id = data.azurerm_platform_image.debian10.id - #image_reference_id = "/Subscriptions/49b7f681-8efc-4689-8524-870fc0c1db09/Providers/Microsoft.Compute/Locations/westeurope/Publishers/Debian/ArtifactTypes/VMImage/Offers/debian-10/Skus/10" +#image_reference_id = "/Subscriptions/49b7f681-8efc-4689-8524-870fc0c1db09/Providers/Microsoft.Compute/Locations/westeurope/Publishers/Debian/ArtifactTypes/VMImage/Offers/debian-10/Skus/10" #} resource "azurerm_virtual_machine" "mirror-master" { # disable this @@ -83,13 +89,13 @@ delete_os_disk_on_termination = true -# storage_os_disk { -# create_option = "attach" -# name = "mirror-master-osdisk" -# caching = "ReadWrite" -# managed_disk_id = azurerm_managed_disk.mirror-master-osdisk.id -# os_type = "Linux" -# } + # storage_os_disk { + # create_option = "attach" + # name = "mirror-master-osdisk" + # caching = "ReadWrite" + # managed_disk_id = azurerm_managed_disk.mirror-master-osdisk.id + # os_type = "Linux" + # } storage_os_disk { name = "mirror-master-osdisk" @@ -113,7 +119,7 @@ os_profile_linux_config { disable_password_authentication = true ssh_keys { - path = "/home/${var.user_admin}/.ssh/authorized_keys" + path = "/home/${var.user_admin}/.ssh/authorized_keys" key_data = var.ssh_key_data_douardda } } @@ -134,7 +140,7 @@ } tags = { - environment = "SWH Mirror" + environment = "SWH Mirror" } } @@ -146,7 +152,7 @@ name = "mirror-db-interface" location = "westeurope" resource_group_name = "euwest-mirror-test" - network_security_group_id = azurerm_network_security_group.mirror-nsg[0].id + # network_security_group_id = azurerm_network_security_group.mirror-nsg[0].id ip_configuration { name = "mirrorDbNicConfiguration" @@ -155,6 +161,15 @@ private_ip_address_allocation = "Dynamic" } } + +resource "azurerm_network_interface_security_group_association" "mirror-db-interface-sga" { + count = 0 + + network_interface_id = azurerm_network_interface.mirror-db-interface[0].id + network_security_group_id = azurerm_network_security_group.mirror-nsg[0].id +} + + resource "azurerm_managed_disk" "mirror-db-storage" { # disable this count = 0 @@ -181,11 +196,11 @@ # disable this count = 0 - name = "mirror-db" - location = "westeurope" - resource_group_name = "euwest-mirror-test" - network_interface_ids = [azurerm_network_interface.mirror-db-interface[count.index].id] - vm_size = "Standard_F8s_v2" + name = "mirror-db" + location = "westeurope" + resource_group_name = "euwest-mirror-test" + network_interface_ids = [azurerm_network_interface.mirror-db-interface[count.index].id] + vm_size = "Standard_F8s_v2" delete_os_disk_on_termination = true storage_os_disk { @@ -210,7 +225,7 @@ os_profile_linux_config { disable_password_authentication = true ssh_keys { - path = "/home/${var.user_admin}/.ssh/authorized_keys" + path = "/home/${var.user_admin}/.ssh/authorized_keys" key_data = var.ssh_key_data_douardda } } @@ -231,18 +246,17 @@ } tags = { - environment = "SWH Mirror" + environment = "SWH Mirror" } } # replayer machines resource "azurerm_network_interface" "mirror-replayer-interface" { - for_each = local.mirror_replay_servers + for_each = local.mirror_replay_servers name = format("%s-interface", each.key) location = "westeurope" resource_group_name = azurerm_resource_group.euwest-mirror-test[0].name - network_security_group_id = azurerm_network_security_group.mirror-nsg[0].id #enable_accelerated_networking = true ip_configuration { @@ -254,9 +268,17 @@ depends_on = [azurerm_resource_group.euwest-mirror-test] } + +resource "azurerm_network_interface_security_group_association" "mirror-replayer-interface-sga" { + for_each = local.mirror_replay_servers + + network_interface_id = azurerm_network_interface.mirror-replayer-interface[each.key].id + network_security_group_id = azurerm_network_security_group.mirror-nsg[0].id +} + resource "azurerm_virtual_machine" "mirror-replayer" { - for_each = local.mirror_replay_servers - name = each.key + for_each = local.mirror_replay_servers + name = each.key location = "westeurope" resource_group_name = "euwest-mirror-test" network_interface_ids = [azurerm_network_interface.mirror-replayer-interface[each.key].id] @@ -287,7 +309,7 @@ os_profile_linux_config { disable_password_authentication = true ssh_keys { - path = "/home/${var.user_admin}/.ssh/authorized_keys" + path = "/home/${var.user_admin}/.ssh/authorized_keys" key_data = var.ssh_key_data_douardda } } @@ -308,7 +330,7 @@ } tags = { - environment = "SWH Mirror" + environment = "SWH Mirror" } } diff --git a/azure/terraform/storage.tf b/azure/terraform/storage.tf --- a/azure/terraform/storage.tf +++ b/azure/terraform/storage.tf @@ -10,10 +10,10 @@ locals { storage_servers = { - for i in range(var.storage_servers): - format("storage%02d", i + 1) => { - datadisks = {} - } + for i in range(var.storage_servers) : + format("storage%02d", i + 1) => { + datadisks = {} + } } } @@ -21,10 +21,9 @@ resource "azurerm_network_interface" "storage-interface" { for_each = local.storage_servers - name = format("%s-interface", each.key) - location = "westeurope" - resource_group_name = "euwest-servers" - network_security_group_id = data.azurerm_network_security_group.worker-nsg.id + name = format("%s-interface", each.key) + location = "westeurope" + resource_group_name = "euwest-servers" ip_configuration { name = "storageNicConfiguration" @@ -34,6 +33,13 @@ } } +resource "azurerm_network_interface_security_group_association" "storage-interface-sga" { + for_each = local.storage_servers + + network_interface_id = azurerm_network_interface.storage-interface[each.key].id + network_security_group_id = data.azurerm_network_security_group.worker-nsg.id +} + resource "azurerm_virtual_machine" "storage-server" { for_each = local.storage_servers @@ -94,12 +100,12 @@ } provisioner "file" { - content = templatefile("templates/firstboot.sh.tpl", { - hostname = each.key - fqdn = format("%s.euwest.azure.internal.softwareheritage.org", each.key), - ip_address = azurerm_network_interface.storage-interface[each.key].private_ip_address, + content = templatefile("templates/firstboot.sh.tpl", { + hostname = each.key + fqdn = format("%s.euwest.azure.internal.softwareheritage.org", each.key), + ip_address = azurerm_network_interface.storage-interface[each.key].private_ip_address, facter_location = "azure_euwest" - disk_setup = {} + disk_setup = {} }) destination = var.firstboot_script @@ -115,7 +121,7 @@ "userdel -f ${var.user_admin}", "chmod +x ${var.firstboot_script}", "cat ${var.firstboot_script}", - "${var.firstboot_script}", + var.firstboot_script, ] connection { type = "ssh" diff --git a/azure/terraform/vault.tf b/azure/terraform/vault.tf --- a/azure/terraform/vault.tf +++ b/azure/terraform/vault.tf @@ -11,10 +11,9 @@ } resource "azurerm_network_interface" "vangogh-interface" { - name = "vangogh-interface" - location = "westeurope" - resource_group_name = "euwest-vault" - network_security_group_id = data.azurerm_network_security_group.worker-nsg.id + name = "vangogh-interface" + location = "westeurope" + resource_group_name = "euwest-vault" ip_configuration { name = "vaultNicConfiguration" @@ -24,6 +23,11 @@ } } +resource "azurerm_network_interface_security_group_association" "vangogh-interface-sga" { + network_interface_id = azurerm_network_interface.vangogh-interface.id + network_security_group_id = data.azurerm_network_security_group.worker-nsg.id +} + # Blobstorage as defined in task resource "azurerm_storage_account" "vault-storage" { name = "swhvaultstorage" diff --git a/azure/terraform/versions.tf b/azure/terraform/versions.tf deleted file mode 100644 --- a/azure/terraform/versions.tf +++ /dev/null @@ -1,3 +0,0 @@ -terraform { - required_version = ">= 0.12" -}