Skip to content
This repository has been archived by the owner on Feb 14, 2024. It is now read-only.

Commit

Permalink
fix!: Add app insights worker mode (#146)
Browse files Browse the repository at this point in the history
    * fix(modules/vmseries): add 'azurerm_log_analytics_workspace' resource
                             update 'azurerm_application_insights' so it can use workspaces
                             add 'app_insights_settings' map variable that holds all app_insights related parameters
                             remove 'name_application_insights' variable, moved to 'app_insights_settings' var
                             remove 'metrics_retention_in_days' variable, moved to 'app_insights_settings' var

    * fix(modules/vmss):     add 'azurerm_log_analytics_workspace' resource
                             update 'autoscale_metrics' defaults values to empty map
                             update 'azurerm_application_insights' so it can use workspaces
                             add 'app_insights_settings' map variable that holds all app_insights related parameters

    * fix(examples/vmss):    update example, so the new 'app_insights_settings' variable is used

    * docs(module/vmseries): add 'app_insights_settings' variable description

    * docs(module/vmss):     add 'app_insights_settings' variable description
  • Loading branch information
jblaszc committed Aug 12, 2022
1 parent 8238bfe commit 72eb2f7
Show file tree
Hide file tree
Showing 9 changed files with 95 additions and 58 deletions.
3 changes: 2 additions & 1 deletion examples/vmseries_scaleset/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,8 @@ terraform destroy
| <a name="input_address_space"></a> [address\_space](#input\_address\_space) | The address space used by the Virtual Network. You can supply more than one address space. | `list(string)` | n/a | yes |
| <a name="input_allow_inbound_data_ips"></a> [allow\_inbound\_data\_ips](#input\_allow\_inbound\_data\_ips) | List of IP CIDR ranges (like `["23.23.23.23"]`) that are allowed to access public data interfaces of VM-Series.<br>If the list is empty, the contents of `allow_inbound_mgmt_ips` are substituted instead. | `list(string)` | `[]` | no |
| <a name="input_allow_inbound_mgmt_ips"></a> [allow\_inbound\_mgmt\_ips](#input\_allow\_inbound\_mgmt\_ips) | List of IP CIDR ranges (like `["23.23.23.23"]`) that are allowed to access management interfaces of VM-Series.<br>If you use Panorama, include its address in the list (as well as the secondary Panorama's). | `list(string)` | `[]` | no |
| <a name="input_autoscale_metrics"></a> [autoscale\_metrics](#input\_autoscale\_metrics) | Map of objects, where each key is the metric name to be used for autoscaling.<br>Each value of the map has the attributes `scaleout_threshold` and `scalein_threshold`, which cause the instance count to grow by 1 when metrics are greater or equal, or decrease by 1 when lower or equal, respectively.<br>The thresholds are applied to results of metrics' aggregation over a time window.<br>Example:<pre>{<br> "DataPlaneCPUUtilizationPct" = {<br> scaleout_threshold = 80<br> scalein_threshold = 20<br> }<br> "panSessionUtilization" = {<br> scaleout_threshold = 80<br> scalein_threshold = 20<br> }<br>}</pre>Other possible metrics include `panSessionActive`, `panSessionThroughputKbps`, `panSessionThroughputPps`, `DataPlanePacketBufferUtilization`. | `map` | <pre>{<br> "DataPlaneCPUUtilizationPct": {<br> "scalein_threshold": 20,<br> "scaleout_threshold": 80<br> },<br> "panSessionUtilization": {<br> "scalein_threshold": 20,<br> "scaleout_threshold": 80<br> }<br>}</pre> | no |
| <a name="input_app_insights_settings"></a> [app\_insights\_settings](#input\_app\_insights\_settings) | A map of the App-Insights parameters. Full description avaliable under [vmseries/README.md](../../modules/vmseries/README.md#input\_app\_insights\_settings) | `map(any)` | `{}` | no |
| <a name="input_autoscale_metrics"></a> [autoscale\_metrics](#input\_autoscale\_metrics) | Map of objects, where each key is the metric name to be used for autoscaling.<br>Each value of the map has the attributes `scaleout_threshold` and `scalein_threshold`, which cause the instance count to grow by 1 when metrics are greater or equal, or decrease by 1 when lower or equal, respectively.<br>The thresholds are applied to results of metrics' aggregation over a time window.<br>Example:<pre>{<br> "DataPlaneCPUUtilizationPct" = {<br> scaleout_threshold = 80<br> scalein_threshold = 20<br> }<br> "panSessionUtilization" = {<br> scaleout_threshold = 80<br> scalein_threshold = 20<br> }<br>}</pre>Other possible metrics include `panSessionActive`, `panSessionThroughputKbps`, `panSessionThroughputPps`, `DataPlanePacketBufferUtilization`. | `map` | `{}` | no |
| <a name="input_autoscale_notification_emails"></a> [autoscale\_notification\_emails](#input\_autoscale\_notification\_emails) | List of email addresses to notify about autoscaling events. | `list(string)` | `[]` | no |
| <a name="input_avzones"></a> [avzones](#input\_avzones) | After provider version 3.x you need to specify in which availability zone(s) you want to place IP.<br>ie: for zone-redundant with 3 availability zone in current region value will be:<pre>["1","2","3"]</pre>Use command<pre>az vm list-skus --location REGION_NAME --zone --query '[0].locationInfo[0].zones'</pre>to see how many AZ is<br>in current region. | `list(string)` | `[]` | no |
| <a name="input_common_vmseries_sku"></a> [common\_vmseries\_sku](#input\_common\_vmseries\_sku) | VM-Series SKU - list available with `az vm image list -o table --all --publisher paloaltonetworks` | `string` | `"bundle2"` | no |
Expand Down
2 changes: 2 additions & 0 deletions examples/vmseries_scaleset/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,7 @@ module "inbound_scale_set" {
subnet_mgmt = { id = module.vnet.subnet_ids["management"] }
subnet_private = { id = module.vnet.subnet_ids["inbound_private"] }
subnet_public = { id = module.vnet.subnet_ids["inbound_public"] }
app_insights_settings = var.app_insights_settings
bootstrap_options = (join(",",
[
"storage-account=${module.inbound_bootstrap.storage_account.name}",
Expand Down Expand Up @@ -286,6 +287,7 @@ module "outbound_scale_set" {
subnet_mgmt = { id = module.vnet.subnet_ids["management"] }
subnet_private = { id = module.vnet.subnet_ids["outbound_private"] }
subnet_public = { id = module.vnet.subnet_ids["outbound_public"] }
app_insights_settings = var.app_insights_settings
bootstrap_options = (join(",",
[
"storage-account=${module.outbound_bootstrap.storage_account.name}",
Expand Down
18 changes: 8 additions & 10 deletions examples/vmseries_scaleset/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -126,16 +126,8 @@ variable "autoscale_metrics" {
Other possible metrics include `panSessionActive`, `panSessionThroughputKbps`, `panSessionThroughputPps`, `DataPlanePacketBufferUtilization`.
EOF
default = {
"DataPlaneCPUUtilizationPct" = {
scaleout_threshold = 80
scalein_threshold = 20
}
"panSessionUtilization" = {
scaleout_threshold = 80
scalein_threshold = 20
}
}

default = {}
}

variable "scaleout_statistic" {
Expand Down Expand Up @@ -358,4 +350,10 @@ variable "avzones" {
EOF
default = []
type = list(string)
}

variable "app_insights_settings" {
description = "A map of the App-Insights parameters. Full description avaliable under [vmseries/README.md](../../modules/vmseries/README.md#input_app_insights_settings)"
default = {}
type = map(any)
}
4 changes: 2 additions & 2 deletions modules/vmseries/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ No modules.
| Name | Type |
|------|------|
| [azurerm_application_insights.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_insights) | resource |
| [azurerm_log_analytics_workspace.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource |
| [azurerm_network_interface.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource |
| [azurerm_network_interface_backend_address_pool_association.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_backend_address_pool_association) | resource |
| [azurerm_public_ip.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource |
Expand All @@ -80,6 +81,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_accelerated_networking"></a> [accelerated\_networking](#input\_accelerated\_networking) | Enable Azure accelerated networking (SR-IOV) for all network interfaces except the primary one (it is the PAN-OS management interface, which [does not support](https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/virtualization-features/support-for-azure-accelerated-networking-sriov) acceleration). | `bool` | `true` | no |
| <a name="input_app_insights_settings"></a> [app\_insights\_settings](#input\_app\_insights\_settings) | Application Insights variable list:<br>- `create`: (optional\|bool) Enable usage of the Application Insights. The default vailue is set to `false`.<br>- `name`: (optional\|string) The name of the Applications Insights instance. Can be `null`, in which case a default name is auto-generated.<br>- `workspace_mode`: (optional\|bool) If `true` the Application Insights mode is set to \"Workspace-based\". Otherwise, the legacy \"Classic\" mode is used.<br>- `metrics_retention_in_days`: (optional\|number) Specifies the retention period in days. Possible values are 0, 30, 60, 90, 120, 180, 270, 365, 550 or 730. If not set, Azure defaults it to 90.<br>- `application_type`: (optional\|string) Specifies the type of Application Insights to create. Valid value is `other`.<br>- `log_analytics_name`: (optional\|string) The name of the Log Analytics workspace. Can be `null`, in which case a default name is auto-generated.<br>- `log_analytics_sku`: (optional\|string) Azure Log Analytics Workspace mode SKU. The default value is set to \"PerGB2018\".<br><br>Example:<pre>{<br> create = true<br> name = "AppInsights"<br> workspace_mode = true<br> metrics_retention_in_days = 30<br> application_type = "other"<br> log_analytics_name = "LogAnalyticsName"<br> log_analytics_sku = "PerGB2018"<br> }</pre> | `map(any)` | `{}` | no |
| <a name="input_avset_id"></a> [avset\_id](#input\_avset\_id) | The identifier of the Availability Set to use. When using this variable, set `avzone = null`. | `string` | `null` | no |
| <a name="input_avzone"></a> [avzone](#input\_avzone) | The availability zone to use, for example "1", "2", "3". Ignored if `enable_zones` is false. Conflicts with `avset_id`, in which case use `avzone = null`. | `string` | `"1"` | no |
| <a name="input_avzones"></a> [avzones](#input\_avzones) | After provider version 3.x you need to specify in which availability zone(s) you want to place IP.<br>ie: for zone-redundant with 3 availability zone in current region value will be:<pre>["1","2","3"]</pre> | `list(string)` | `[]` | no |
Expand All @@ -97,9 +99,7 @@ No modules.
| <a name="input_interfaces"></a> [interfaces](#input\_interfaces) | List of the network interface specifications.<br>The first should be the management interface, which does not participate in data filtering.<br>The remaining ones are the dataplane interfaces.<br>Options for an interface object:<br>- `name` - (required\|string) Interface name.<br>- `subnet_id` - (required\|string) Identifier of an existing subnet to create interface in.<br>- `private_ip_address` - (optional\|string) Static private IP to asssign to the interface. If null, dynamic one is allocated.<br>- `public_ip_address_id` - (optional\|string) Identifier of an existing public IP to associate.<br>- `create_public_ip` - (optional\|bool) If true, create a public IP for the interface and ignore the `public_ip_address_id`. Default is false.<br>- `availability_zone` - (optional\|string) Availability zone to create public IP in. If not specified, set based on `avzone` and `enable_zones`.<br>- `enable_ip_forwarding` - (optional\|bool) If true, the network interface will not discard packets sent to an IP address other than the one assigned. If false, the network interface only accepts traffic destined to its IP address.<br>- `enable_backend_pool` - (optional\|bool) If true, associate interface with backend pool specified with `lb_backend_pool_id`. Default is false.<br>- `lb_backend_pool_id` - (optional\|string) Identifier of an existing backend pool to associate interface with. Required if `enable_backend_pool` is true.<br>- `tags` - (optional\|map) Tags to assign to the interface and public IP (if created). Overrides contents of `tags` variable.<br><br>Example:<pre>[<br> {<br> name = "fw-mgmt"<br> subnet_id = azurerm_subnet.my_mgmt_subnet.id<br> public_ip_address_id = azurerm_public_ip.my_mgmt_ip.id<br> },<br> {<br> name = "fw-public"<br> subnet_id = azurerm_subnet.my_pub_subnet.id<br> lb_backend_pool_id = module.inbound_lb.backend_pool_id<br> enable_backend_pool = true<br> },<br>]</pre> | `list(any)` | n/a | yes |
| <a name="input_location"></a> [location](#input\_location) | Region where to deploy VM-Series and dependencies. | `string` | n/a | yes |
| <a name="input_managed_disk_type"></a> [managed\_disk\_type](#input\_managed\_disk\_type) | Type of OS Managed Disk to create for the virtual machine. Possible values are `Standard_LRS`, `StandardSSD_LRS` or `Premium_LRS`. The `Premium_LRS` works only for selected `vm_size` values, details in Azure docs. | `string` | `"StandardSSD_LRS"` | no |
| <a name="input_metrics_retention_in_days"></a> [metrics\_retention\_in\_days](#input\_metrics\_retention\_in\_days) | Specifies the retention period in days. Possible values are 0, 30, 60, 90, 120, 180, 270, 365, 550 or 730. Defaults to 90. A special value 0 disables creation of Application Insights altogether. | `number` | `null` | no |
| <a name="input_name"></a> [name](#input\_name) | VM-Series instance name. | `string` | n/a | yes |
| <a name="input_name_application_insights"></a> [name\_application\_insights](#input\_name\_application\_insights) | Name of the Applications Insights instance to be created. Can be `null`, in which case a default name is auto-generated. | `string` | `null` | no |
| <a name="input_os_disk_name"></a> [os\_disk\_name](#input\_os\_disk\_name) | Optional name of the OS disk to create for the virtual machine. If empty, the name is auto-generated. | `string` | `null` | no |
| <a name="input_password"></a> [password](#input\_password) | Initial administrative password to use for VM-Series. Mind the [Azure-imposed restrictions](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/faq#what-are-the-password-requirements-when-creating-a-vm). | `string` | n/a | yes |
| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Name of the existing resource group where to place the resources created. | `string` | n/a | yes |
Expand Down
27 changes: 22 additions & 5 deletions modules/vmseries/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -106,13 +106,30 @@ resource "azurerm_virtual_machine" "this" {
}
}

resource "azurerm_application_insights" "this" {
count = var.metrics_retention_in_days != 0 ? 1 : 0
resource "azurerm_log_analytics_workspace" "this" {
count = try(var.app_insights_settings.create, false) && try(var.app_insights_settings.workspace_mode, true) ? 1 : 0

name = coalesce(var.name_application_insights, var.name)
name = try(var.app_insights_settings.log_analytics_name, "${var.name}-Workspace")
location = var.location
resource_group_name = var.resource_group_name # same RG, so no RBAC modification is needed
application_type = "other"
retention_in_days = var.metrics_retention_in_days
retention_in_days = try(var.app_insights_settings.metrics_retention_in_days, null)
sku = try(var.app_insights_settings.log_analytics_sku, "PerGB2018")
tags = var.tags
}

resource "azurerm_application_insights" "this" {
count = try(var.app_insights_settings.create, false) ? 1 : 0

name = try(var.app_insights_settings.name, "${var.name}-AppInsights")
location = var.location
resource_group_name = var.resource_group_name # same RG, so no RBAC modification is needed
workspace_id = try(var.app_insights_settings.workspace_mode, true) ? azurerm_log_analytics_workspace.this[0].id : null
application_type = try(var.app_insights_settings.application_type, "other")
retention_in_days = try(var.app_insights_settings.metrics_retention_in_days, null)

tags = var.tags

depends_on = [
azurerm_log_analytics_workspace.this
]
}
41 changes: 29 additions & 12 deletions modules/vmseries/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -132,12 +132,6 @@ variable "img_version" {
type = string
}

variable "name_application_insights" {
default = null
description = "Name of the Applications Insights instance to be created. Can be `null`, in which case a default name is auto-generated."
type = string
}

variable "tags" {
description = "A map of tags to be associated with the resources created."
default = {}
Expand All @@ -156,12 +150,6 @@ variable "identity_ids" {
type = list(string)
}

variable "metrics_retention_in_days" {
description = "Specifies the retention period in days. Possible values are 0, 30, 60, 90, 120, 180, 270, 365, 550 or 730. Defaults to 90. A special value 0 disables creation of Application Insights altogether."
default = null
type = number
}

variable "accelerated_networking" {
description = "Enable Azure accelerated networking (SR-IOV) for all network interfaces except the primary one (it is the PAN-OS management interface, which [does not support](https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/virtualization-features/support-for-azure-accelerated-networking-sriov) acceleration)."
default = true
Expand All @@ -188,4 +176,33 @@ variable "avzones" {
EOF
default = []
type = list(string)
}

variable "app_insights_settings" {
description = <<-EOF
Application Insights variable list:
- `create`: (optional|bool) Enable usage of the Application Insights. The default vailue is set to `false`.
- `name`: (optional|string) The name of the Applications Insights instance. Can be `null`, in which case a default name is auto-generated.
- `workspace_mode`: (optional|bool) If `true` the Application Insights mode is set to \"Workspace-based\". Otherwise, the legacy \"Classic\" mode is used.
- `metrics_retention_in_days`: (optional|number) Specifies the retention period in days. Possible values are 0, 30, 60, 90, 120, 180, 270, 365, 550 or 730. If not set, Azure defaults it to 90.
- `application_type`: (optional|string) Specifies the type of Application Insights to create. Valid value is `other`.
- `log_analytics_name`: (optional|string) The name of the Log Analytics workspace. Can be `null`, in which case a default name is auto-generated.
- `log_analytics_sku`: (optional|string) Azure Log Analytics Workspace mode SKU. The default value is set to \"PerGB2018\".
Example:
```
{
create = true
name = "AppInsights"
workspace_mode = true
metrics_retention_in_days = 30
application_type = "other"
log_analytics_name = "LogAnalyticsName"
log_analytics_sku = "PerGB2018"
}
```
EOF
default = {}
type = map(any)
}
Loading

0 comments on commit 72eb2f7

Please sign in to comment.