From 6c184420f98e247fbb2522a6ac4c130c4177c67d Mon Sep 17 00:00:00 2001 From: Jaroslaw Blaszczyk Date: Wed, 3 Aug 2022 14:29:01 +0200 Subject: [PATCH] fix!: Add app insights worker mode (#146) * fix(modules/vmseries): add 'azurerm_log_analytics_workspace' resource update 'azurerm_application_insights' so it can use workspaces add 'app_insights_settings' map variable that holds all app_insights related parameters remove 'name_application_insights' variable, moved to 'app_insights_settings' var remove 'metrics_retention_in_days' variable, moved to 'app_insights_settings' var * fix(modules/vmss): add 'azurerm_log_analytics_workspace' resource update 'autoscale_metrics' defaults values to empty map update 'azurerm_application_insights' so it can use workspaces add 'app_insights_settings' map variable that holds all app_insights related parameters * fix(examples/vmss): update example, so the new 'app_insights_settings' variable is used * docs(module/vmseries): add 'app_insights_settings' variable description * docs(module/vmss): add 'app_insights_settings' variable description --- examples/vmseries/main.tf | 17 +++++----- examples/vmseries_scaleset/README.md | 3 +- examples/vmseries_scaleset/main.tf | 2 ++ examples/vmseries_scaleset/variables.tf | 18 +++++------ modules/vmseries/README.md | 4 +-- modules/vmseries/main.tf | 27 +++++++++++++--- modules/vmseries/variables.tf | 41 +++++++++++++++++-------- modules/vmss/README.md | 6 ++-- modules/vmss/main.tf | 27 +++++++++++++--- modules/vmss/variables.tf | 25 +++------------ 10 files changed, 104 insertions(+), 66 deletions(-) diff --git a/examples/vmseries/main.tf b/examples/vmseries/main.tf index 5f1eda1d..f472c736 100644 --- a/examples/vmseries/main.tf +++ b/examples/vmseries/main.tf @@ -52,14 +52,15 @@ module "vnet" { module "vmseries" { source = "../../modules/vmseries" - location = var.location - resource_group_name = azurerm_resource_group.this.name - name = "myfw" - username = var.username - password = random_password.this.result - img_sku = var.common_vmseries_sku - img_version = var.vm_series_version - avzones = var.avzones + location = var.location + resource_group_name = azurerm_resource_group.this.name + name = "myfw" + username = var.username + password = random_password.this.result + img_sku = var.common_vmseries_sku + img_version = var.vm_series_version + avzones = var.avzones + app_insights_settings = var.app_insights_settings interfaces = [ { name = "myfw-mgmt" diff --git a/examples/vmseries_scaleset/README.md b/examples/vmseries_scaleset/README.md index 8e778386..f3fc75f8 100644 --- a/examples/vmseries_scaleset/README.md +++ b/examples/vmseries_scaleset/README.md @@ -119,7 +119,8 @@ terraform destroy | [address\_space](#input\_address\_space) | The address space used by the Virtual Network. You can supply more than one address space. | `list(string)` | n/a | yes | | [allow\_inbound\_data\_ips](#input\_allow\_inbound\_data\_ips) | List of IP CIDR ranges (like `["23.23.23.23"]`) that are allowed to access public data interfaces of VM-Series.
If the list is empty, the contents of `allow_inbound_mgmt_ips` are substituted instead. | `list(string)` | `[]` | no | | [allow\_inbound\_mgmt\_ips](#input\_allow\_inbound\_mgmt\_ips) | List of IP CIDR ranges (like `["23.23.23.23"]`) that are allowed to access management interfaces of VM-Series.
If you use Panorama, include its address in the list (as well as the secondary Panorama's). | `list(string)` | `[]` | no | -| [autoscale\_metrics](#input\_autoscale\_metrics) | Map of objects, where each key is the metric name to be used for autoscaling.
Each value of the map has the attributes `scaleout_threshold` and `scalein_threshold`, which cause the instance count to grow by 1 when metrics are greater or equal, or decrease by 1 when lower or equal, respectively.
The thresholds are applied to results of metrics' aggregation over a time window.
Example:
{
  "DataPlaneCPUUtilizationPct" = {
    scaleout_threshold = 80
    scalein_threshold  = 20
  }
  "panSessionUtilization" = {
    scaleout_threshold = 80
    scalein_threshold  = 20
  }
}
Other possible metrics include `panSessionActive`, `panSessionThroughputKbps`, `panSessionThroughputPps`, `DataPlanePacketBufferUtilization`. | `map` | 
{
  "DataPlaneCPUUtilizationPct": {
    "scalein_threshold": 20,
    "scaleout_threshold": 80
  },
  "panSessionUtilization": {
    "scalein_threshold": 20,
    "scaleout_threshold": 80
  }
}
| no | +| [app\_insights\_settings](#input\_app\_insights\_settings) | A map of the App-Insights parameters. Full description avaliable under [vmseries/README.md](../../modules/vmseries/README.md#input\_app\_insights\_settings) | `map(any)` | `{}` | no | +| [autoscale\_metrics](#input\_autoscale\_metrics) | Map of objects, where each key is the metric name to be used for autoscaling.
Each value of the map has the attributes `scaleout_threshold` and `scalein_threshold`, which cause the instance count to grow by 1 when metrics are greater or equal, or decrease by 1 when lower or equal, respectively.
The thresholds are applied to results of metrics' aggregation over a time window.
Example:
{
  "DataPlaneCPUUtilizationPct" = {
    scaleout_threshold = 80
    scalein_threshold  = 20
  }
  "panSessionUtilization" = {
    scaleout_threshold = 80
    scalein_threshold  = 20
  }
}
Other possible metrics include `panSessionActive`, `panSessionThroughputKbps`, `panSessionThroughputPps`, `DataPlanePacketBufferUtilization`. | `map` | `{}` | no | | [autoscale\_notification\_emails](#input\_autoscale\_notification\_emails) | List of email addresses to notify about autoscaling events. | `list(string)` | `[]` | no | | [avzones](#input\_avzones) | After provider version 3.x you need to specify in which availability zone(s) you want to place IP.
ie: for zone-redundant with 3 availability zone in current region value will be:
["1","2","3"]
Use command
az vm list-skus --location REGION_NAME --zone --query '[0].locationInfo[0].zones'
to see how many AZ is
in current region. | `list(string)` | `[]` | no | | [common\_vmseries\_sku](#input\_common\_vmseries\_sku) | VM-Series SKU - list available with `az vm image list -o table --all --publisher paloaltonetworks` | `string` | `"bundle2"` | no | diff --git a/examples/vmseries_scaleset/main.tf b/examples/vmseries_scaleset/main.tf index eacd9da4..0e1b2bee 100644 --- a/examples/vmseries_scaleset/main.tf +++ b/examples/vmseries_scaleset/main.tf @@ -242,6 +242,7 @@ module "inbound_scale_set" { subnet_mgmt = { id = module.vnet.subnet_ids["management"] } subnet_private = { id = module.vnet.subnet_ids["inbound_private"] } subnet_public = { id = module.vnet.subnet_ids["inbound_public"] } + app_insights_settings = var.app_insights_settings bootstrap_options = (join(",", [ "storage-account=${module.inbound_bootstrap.storage_account.name}", @@ -286,6 +287,7 @@ module "outbound_scale_set" { subnet_mgmt = { id = module.vnet.subnet_ids["management"] } subnet_private = { id = module.vnet.subnet_ids["outbound_private"] } subnet_public = { id = module.vnet.subnet_ids["outbound_public"] } + app_insights_settings = var.app_insights_settings bootstrap_options = (join(",", [ "storage-account=${module.outbound_bootstrap.storage_account.name}", diff --git a/examples/vmseries_scaleset/variables.tf b/examples/vmseries_scaleset/variables.tf index 8d786405..bcda67f6 100644 --- a/examples/vmseries_scaleset/variables.tf +++ b/examples/vmseries_scaleset/variables.tf @@ -126,16 +126,8 @@ variable "autoscale_metrics" { Other possible metrics include `panSessionActive`, `panSessionThroughputKbps`, `panSessionThroughputPps`, `DataPlanePacketBufferUtilization`. EOF - default = { - "DataPlaneCPUUtilizationPct" = { - scaleout_threshold = 80 - scalein_threshold = 20 - } - "panSessionUtilization" = { - scaleout_threshold = 80 - scalein_threshold = 20 - } - } + + default = {} } variable "scaleout_statistic" { @@ -358,4 +350,10 @@ variable "avzones" { EOF default = [] type = list(string) +} + +variable "app_insights_settings" { + description = "A map of the App-Insights parameters. Full description avaliable under [vmseries/README.md](../../modules/vmseries/README.md#input_app_insights_settings)" + default = {} + type = map(any) } \ No newline at end of file diff --git a/modules/vmseries/README.md b/modules/vmseries/README.md index ec294722..6c05c323 100644 --- a/modules/vmseries/README.md +++ b/modules/vmseries/README.md @@ -70,6 +70,7 @@ No modules. | Name | Type | |------|------| | [azurerm_application_insights.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_insights) | resource | +| [azurerm_log_analytics_workspace.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource | | [azurerm_network_interface.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource | | [azurerm_network_interface_backend_address_pool_association.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_backend_address_pool_association) | resource | | [azurerm_public_ip.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | @@ -80,6 +81,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [accelerated\_networking](#input\_accelerated\_networking) | Enable Azure accelerated networking (SR-IOV) for all network interfaces except the primary one (it is the PAN-OS management interface, which [does not support](https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/virtualization-features/support-for-azure-accelerated-networking-sriov) acceleration). | `bool` | `true` | no | +| [app\_insights\_settings](#input\_app\_insights\_settings) | Application Insights variable list:
- `create`: (optional\|bool) Enable usage of the Application Insights. The default vailue is set to `false`.
- `name`: (optional\|string) The name of the Applications Insights instance. Can be `null`, in which case a default name is auto-generated.
- `workspace_mode`: (optional\|bool) If `true` the Application Insights mode is set to \"Workspace-based\". Otherwise, the legacy \"Classic\" mode is used.
- `metrics_retention_in_days`: (optional\|number) Specifies the retention period in days. Possible values are 0, 30, 60, 90, 120, 180, 270, 365, 550 or 730. If not set, Azure defaults it to 90.
- `application_type`: (optional\|string) Specifies the type of Application Insights to create. Valid value is `other`.
- `log_analytics_name`: (optional\|string) The name of the Log Analytics workspace. Can be `null`, in which case a default name is auto-generated.
- `log_analytics_sku`: (optional\|string) Azure Log Analytics Workspace mode SKU. The default value is set to \"PerGB2018\".

Example:
{
      create                    = true
      name                      = "AppInsights"
      workspace_mode            = true
      metrics_retention_in_days = 30
      application_type          = "other"
      log_analytics_name        = "LogAnalyticsName"
      log_analytics_sku         = "PerGB2018"
  }
| `map(any)` | `{}` | no | | [avset\_id](#input\_avset\_id) | The identifier of the Availability Set to use. When using this variable, set `avzone = null`. | `string` | `null` | no | | [avzone](#input\_avzone) | The availability zone to use, for example "1", "2", "3". Ignored if `enable_zones` is false. Conflicts with `avset_id`, in which case use `avzone = null`. | `string` | `"1"` | no | | [avzones](#input\_avzones) | After provider version 3.x you need to specify in which availability zone(s) you want to place IP.
ie: for zone-redundant with 3 availability zone in current region value will be:
["1","2","3"]
| `list(string)` | `[]` | no | @@ -97,9 +99,7 @@ No modules. | [interfaces](#input\_interfaces) | List of the network interface specifications.
The first should be the management interface, which does not participate in data filtering.
The remaining ones are the dataplane interfaces.
Options for an interface object:
- `name` - (required\|string) Interface name.
- `subnet_id` - (required\|string) Identifier of an existing subnet to create interface in.
- `private_ip_address` - (optional\|string) Static private IP to asssign to the interface. If null, dynamic one is allocated.
- `public_ip_address_id` - (optional\|string) Identifier of an existing public IP to associate.
- `create_public_ip` - (optional\|bool) If true, create a public IP for the interface and ignore the `public_ip_address_id`. Default is false.
- `availability_zone` - (optional\|string) Availability zone to create public IP in. If not specified, set based on `avzone` and `enable_zones`.
- `enable_ip_forwarding` - (optional\|bool) If true, the network interface will not discard packets sent to an IP address other than the one assigned. If false, the network interface only accepts traffic destined to its IP address.
- `enable_backend_pool` - (optional\|bool) If true, associate interface with backend pool specified with `lb_backend_pool_id`. Default is false.
- `lb_backend_pool_id` - (optional\|string) Identifier of an existing backend pool to associate interface with. Required if `enable_backend_pool` is true.
- `tags` - (optional\|map) Tags to assign to the interface and public IP (if created). Overrides contents of `tags` variable.

Example:
[
  {
    name                 = "fw-mgmt"
    subnet_id            = azurerm_subnet.my_mgmt_subnet.id
    public_ip_address_id = azurerm_public_ip.my_mgmt_ip.id
  },
  {
    name                = "fw-public"
    subnet_id           = azurerm_subnet.my_pub_subnet.id
    lb_backend_pool_id  = module.inbound_lb.backend_pool_id
    enable_backend_pool = true
  },
]
| `list(any)` | n/a | yes | | [location](#input\_location) | Region where to deploy VM-Series and dependencies. | `string` | n/a | yes | | [managed\_disk\_type](#input\_managed\_disk\_type) | Type of OS Managed Disk to create for the virtual machine. Possible values are `Standard_LRS`, `StandardSSD_LRS` or `Premium_LRS`. The `Premium_LRS` works only for selected `vm_size` values, details in Azure docs. | `string` | `"StandardSSD_LRS"` | no | -| [metrics\_retention\_in\_days](#input\_metrics\_retention\_in\_days) | Specifies the retention period in days. Possible values are 0, 30, 60, 90, 120, 180, 270, 365, 550 or 730. Defaults to 90. A special value 0 disables creation of Application Insights altogether. | `number` | `null` | no | | [name](#input\_name) | VM-Series instance name. | `string` | n/a | yes | -| [name\_application\_insights](#input\_name\_application\_insights) | Name of the Applications Insights instance to be created. Can be `null`, in which case a default name is auto-generated. | `string` | `null` | no | | [os\_disk\_name](#input\_os\_disk\_name) | Optional name of the OS disk to create for the virtual machine. If empty, the name is auto-generated. | `string` | `null` | no | | [password](#input\_password) | Initial administrative password to use for VM-Series. Mind the [Azure-imposed restrictions](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/faq#what-are-the-password-requirements-when-creating-a-vm). | `string` | n/a | yes | | [resource\_group\_name](#input\_resource\_group\_name) | Name of the existing resource group where to place the resources created. | `string` | n/a | yes | diff --git a/modules/vmseries/main.tf b/modules/vmseries/main.tf index c665c777..07e0ea4c 100644 --- a/modules/vmseries/main.tf +++ b/modules/vmseries/main.tf @@ -106,13 +106,30 @@ resource "azurerm_virtual_machine" "this" { } } -resource "azurerm_application_insights" "this" { - count = var.metrics_retention_in_days != 0 ? 1 : 0 +resource "azurerm_log_analytics_workspace" "this" { + count = try(var.app_insights_settings.create, false) && try(var.app_insights_settings.workspace_mode, true) ? 1 : 0 - name = coalesce(var.name_application_insights, var.name) + name = try(var.app_insights_settings.log_analytics_name, "${var.name}-Workspace") location = var.location resource_group_name = var.resource_group_name # same RG, so no RBAC modification is needed - application_type = "other" - retention_in_days = var.metrics_retention_in_days + retention_in_days = try(var.app_insights_settings.metrics_retention_in_days, null) + sku = try(var.app_insights_settings.log_analytics_sku, "PerGB2018") tags = var.tags } + +resource "azurerm_application_insights" "this" { + count = try(var.app_insights_settings.create, false) ? 1 : 0 + + name = try(var.app_insights_settings.name, "${var.name}-AppInsights") + location = var.location + resource_group_name = var.resource_group_name # same RG, so no RBAC modification is needed + workspace_id = try(var.app_insights_settings.workspace_mode, true) ? azurerm_log_analytics_workspace.this[0].id : null + application_type = try(var.app_insights_settings.application_type, "other") + retention_in_days = try(var.app_insights_settings.metrics_retention_in_days, null) + + tags = var.tags + + depends_on = [ + azurerm_log_analytics_workspace.this + ] +} \ No newline at end of file diff --git a/modules/vmseries/variables.tf b/modules/vmseries/variables.tf index 91f83c90..11c0f3e8 100644 --- a/modules/vmseries/variables.tf +++ b/modules/vmseries/variables.tf @@ -132,12 +132,6 @@ variable "img_version" { type = string } -variable "name_application_insights" { - default = null - description = "Name of the Applications Insights instance to be created. Can be `null`, in which case a default name is auto-generated." - type = string -} - variable "tags" { description = "A map of tags to be associated with the resources created." default = {} @@ -156,12 +150,6 @@ variable "identity_ids" { type = list(string) } -variable "metrics_retention_in_days" { - description = "Specifies the retention period in days. Possible values are 0, 30, 60, 90, 120, 180, 270, 365, 550 or 730. Defaults to 90. A special value 0 disables creation of Application Insights altogether." - default = null - type = number -} - variable "accelerated_networking" { description = "Enable Azure accelerated networking (SR-IOV) for all network interfaces except the primary one (it is the PAN-OS management interface, which [does not support](https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/virtualization-features/support-for-azure-accelerated-networking-sriov) acceleration)." default = true @@ -188,4 +176,33 @@ variable "avzones" { EOF default = [] type = list(string) +} + +variable "app_insights_settings" { + description = <<-EOF + Application Insights variable list: + - `create`: (optional|bool) Enable usage of the Application Insights. The default vailue is set to `false`. + - `name`: (optional|string) The name of the Applications Insights instance. Can be `null`, in which case a default name is auto-generated. + - `workspace_mode`: (optional|bool) If `true` the Application Insights mode is set to \"Workspace-based\". Otherwise, the legacy \"Classic\" mode is used. + - `metrics_retention_in_days`: (optional|number) Specifies the retention period in days. Possible values are 0, 30, 60, 90, 120, 180, 270, 365, 550 or 730. If not set, Azure defaults it to 90. + - `application_type`: (optional|string) Specifies the type of Application Insights to create. Valid value is `other`. + - `log_analytics_name`: (optional|string) The name of the Log Analytics workspace. Can be `null`, in which case a default name is auto-generated. + - `log_analytics_sku`: (optional|string) Azure Log Analytics Workspace mode SKU. The default value is set to \"PerGB2018\". + + Example: + + ``` + { + create = true + name = "AppInsights" + workspace_mode = true + metrics_retention_in_days = 30 + application_type = "other" + log_analytics_name = "LogAnalyticsName" + log_analytics_sku = "PerGB2018" + } + ``` + EOF + default = {} + type = map(any) } \ No newline at end of file diff --git a/modules/vmss/README.md b/modules/vmss/README.md index f1950b73..41727f2f 100644 --- a/modules/vmss/README.md +++ b/modules/vmss/README.md @@ -45,6 +45,7 @@ No modules. |------|------| | [azurerm_application_insights.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_insights) | resource | | [azurerm_linux_virtual_machine_scale_set.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine_scale_set) | resource | +| [azurerm_log_analytics_workspace.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource | | [azurerm_monitor_autoscale_setting.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource | ## Inputs @@ -52,10 +53,11 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [accelerated\_networking](#input\_accelerated\_networking) | If true, enable Azure accelerated networking (SR-IOV) for all dataplane network interfaces. [Requires](https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/virtualization-features/support-for-azure-accelerated-networking-sriov) PAN-OS 9.0 or higher. The PAN-OS management interface (nic0) is never accelerated, whether this variable is true or false. | `bool` | `true` | no | +| [app\_insights\_settings](#input\_app\_insights\_settings) | A map of the App-Insights parameters. Full description avaliable under [vmseries/README.md](../../modules/vmseries/README.md#input\_app\_insights\_settings) | `map(any)` | `{}` | no | | [autoscale\_count\_default](#input\_autoscale\_count\_default) | The minimum number of instances that should be present in the scale set when the autoscaling engine cannot read the metrics or is otherwise unable to compare the metrics to the thresholds. | `number` | `2` | no | | [autoscale\_count\_maximum](#input\_autoscale\_count\_maximum) | The maximum number of instances that should be present in the scale set. | `number` | `5` | no | | [autoscale\_count\_minimum](#input\_autoscale\_count\_minimum) | The minimum number of instances that should be present in the scale set. | `number` | `2` | no | -| [autoscale\_metrics](#input\_autoscale\_metrics) | Map of objects, where each key is the metric name to be used for autoscaling.
Each value of the map has the attributes `scaleout_threshold` and `scalein_threshold`, which cause the instance count to grow by 1 when metrics are greater or equal, or decrease by 1 when lower or equal, respectively.
The thresholds are applied to results of metrics' aggregation over a time window.
Example:
{
  "DataPlaneCPUUtilizationPct" = {
    scaleout_threshold = 80
    scalein_threshold  = 20
  }
  "panSessionUtilization" = {
    scaleout_threshold = 80
    scalein_threshold  = 20
  }
}
Other possible metrics include panSessionActive, panSessionThroughputKbps, panSessionThroughputPps, DataPlanePacketBufferUtilization. | `map` | 
{
  "DataPlaneCPUUtilizationPct": {
    "scalein_threshold": 20,
    "scaleout_threshold": 80
  },
  "panSessionUtilization": {
    "scalein_threshold": 20,
    "scaleout_threshold": 80
  }
}
| no | +| [autoscale\_metrics](#input\_autoscale\_metrics) | Map of objects, where each key is the metric name to be used for autoscaling.
Each value of the map has the attributes `scaleout_threshold` and `scalein_threshold`, which cause the instance count to grow by 1 when metrics are greater or equal, or decrease by 1 when lower or equal, respectively.
The thresholds are applied to results of metrics' aggregation over a time window.
Example:
{
  "DataPlaneCPUUtilizationPct" = {
    scaleout_threshold = 80
    scalein_threshold  = 20
  }
  "panSessionUtilization" = {
    scaleout_threshold = 80
    scalein_threshold  = 20
  }
}
Other possible metrics include panSessionActive, panSessionThroughputKbps, panSessionThroughputPps, DataPlanePacketBufferUtilization. | `map` | `{}` | no | | [autoscale\_notification\_emails](#input\_autoscale\_notification\_emails) | List of email addresses to notify about autoscaling events. | `list(string)` | `[]` | no | | [autoscale\_webhooks\_uris](#input\_autoscale\_webhooks\_uris) | Map where each key is an arbitrary identifier and each value is a webhook URI. The URIs receive autoscaling events. | `map(string)` | `{}` | no | | [bootstrap\_options](#input\_bootstrap\_options) | Bootstrap options to pass to VM-Series instance. | `string` | `""` | no | @@ -73,10 +75,8 @@ No modules. | [img\_sku](#input\_img\_sku) | VM-Series SKU - list available with `az vm image list -o table --all --publisher paloaltonetworks` | `string` | `"bundle2"` | no | | [img\_version](#input\_img\_version) | VM-Series PAN-OS version - list available for a default `img_offer` with `az vm image list -o table --publisher paloaltonetworks --offer vmseries-flex --all` | `string` | `"9.1.3"` | no | | [location](#input\_location) | Region to install VM-Series and dependencies. | `string` | n/a | yes | -| [metrics\_retention\_in\_days](#input\_metrics\_retention\_in\_days) | Specifies the metrics retention period in days. Possible values are 0, 30, 60, 90, 120, 180, 270, 365, 550 or 730. Defaults to 90. A special value 0 disables creation of Application Insights altogether, which is incompatible with `create_autoscaling`. | `number` | `null` | no | | [mgmt\_pip\_domain\_name\_label](#input\_mgmt\_pip\_domain\_name\_label) | n/a | `string` | `null` | no | | [mgmt\_pip\_prefix\_id](#input\_mgmt\_pip\_prefix\_id) | Public IP address prefix id to use for management interface. | `string` | `null` | no | -| [name\_application\_insights](#input\_name\_application\_insights) | Name of the Applications Insights instance to be created. Can be null, in which case a default name is auto-generated. | `string` | `null` | no | | [name\_autoscale](#input\_name\_autoscale) | Name of the Autoscale Settings to be created. Can be null, in which case a default name is auto-generated. | `string` | `null` | no | | [name\_fw\_mgmt\_pip](#input\_name\_fw\_mgmt\_pip) | n/a | `string` | `"fw-mgmt-pip"` | no | | [name\_fw\_public\_pip](#input\_name\_fw\_public\_pip) | n/a | `string` | `"fw-mgmt-pip"` | no | diff --git a/modules/vmss/main.tf b/modules/vmss/main.tf index 06c21aea..bd23cf88 100644 --- a/modules/vmss/main.tf +++ b/modules/vmss/main.tf @@ -158,17 +158,34 @@ resource "azurerm_linux_virtual_machine_scale_set" "this" { } } -resource "azurerm_application_insights" "this" { - count = var.metrics_retention_in_days != 0 ? 1 : 0 +resource "azurerm_log_analytics_workspace" "this" { + count = (length(var.autoscale_metrics) != 0 || try(var.app_insights_settings.create, false)) && try(var.app_insights_settings.workspace_mode, true) ? 1 : 0 - name = coalesce(var.name_application_insights, "${var.name_prefix}appinsights") + name = try(var.app_insights_settings.log_analytics_name, "${var.name_prefix}Workspace") location = var.location resource_group_name = var.resource_group_name # same RG, so no RBAC modification is needed - application_type = "other" - retention_in_days = var.metrics_retention_in_days + retention_in_days = try(var.app_insights_settings.metrics_retention_in_days, null) + sku = try(var.app_insights_settings.log_analytics_sku, "PerGB2018") tags = var.tags } +resource "azurerm_application_insights" "this" { + count = length(var.autoscale_metrics) != 0 || try(var.app_insights_settings.create, false) ? 1 : 0 + + name = try(var.app_insights_settings.name, "${var.name_prefix}AppInsights") + location = var.location + resource_group_name = var.resource_group_name # same RG, so no RBAC modification is needed + workspace_id = try(var.app_insights_settings.workspace_mode, true) ? azurerm_log_analytics_workspace.this[0].id : null + application_type = try(var.app_insights_settings.application_type, "other") + retention_in_days = try(var.app_insights_settings.metrics_retention_in_days, null) + + tags = var.tags + + depends_on = [ + azurerm_log_analytics_workspace.this + ] +} + resource "azurerm_monitor_autoscale_setting" "this" { count = length(var.autoscale_metrics) > 0 ? 1 : 0 diff --git a/modules/vmss/variables.tf b/modules/vmss/variables.tf index ee95f9dc..901b34fd 100644 --- a/modules/vmss/variables.tf +++ b/modules/vmss/variables.tf @@ -206,16 +206,10 @@ variable "accelerated_networking" { type = bool } -variable "metrics_retention_in_days" { - description = "Specifies the metrics retention period in days. Possible values are 0, 30, 60, 90, 120, 180, 270, 365, 550 or 730. Defaults to 90. A special value 0 disables creation of Application Insights altogether, which is incompatible with `create_autoscaling`." - default = null - type = number -} - -variable "name_application_insights" { - description = "Name of the Applications Insights instance to be created. Can be null, in which case a default name is auto-generated." - default = null - type = string +variable "app_insights_settings" { + description = "A map of the App-Insights parameters. Full description avaliable under [vmseries/README.md](../../modules/vmseries/README.md#input_app_insights_settings)" + default = {} + type = map(any) } variable "name_autoscale" { @@ -275,16 +269,7 @@ variable "autoscale_metrics" { Other possible metrics include panSessionActive, panSessionThroughputKbps, panSessionThroughputPps, DataPlanePacketBufferUtilization. EOF - default = { - "DataPlaneCPUUtilizationPct" = { - scaleout_threshold = 80 - scalein_threshold = 20 - } - "panSessionUtilization" = { - scaleout_threshold = 80 - scalein_threshold = 20 - } - } + default = {} } variable "scaleout_statistic" {