Skip to content
This repository has been archived by the owner on Feb 14, 2024. It is now read-only.

Commit

Permalink
feat(vmseries)!: Basic config bootstrap support (#142)
Browse files Browse the repository at this point in the history
* feat(vmseries)!: Add support for simple bootstrap

* feat(vmss)!: Add support for simple bootstrap in vmseries scaleset
  • Loading branch information
michalbil authored Mar 1, 2022
1 parent 4b60487 commit f5f28d8
Show file tree
Hide file tree
Showing 12 changed files with 125 additions and 113 deletions.
8 changes: 4 additions & 4 deletions examples/transit_vnet_common/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ $ terraform apply
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13, < 2.0 |
| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | = 2.64 |
| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | = 2.97 |
| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.0 |

## Modules
Expand All @@ -34,9 +34,9 @@ $ terraform apply

| Name | Type |
|------|------|
| [azurerm_network_security_rule.mgmt](https://registry.terraform.io/providers/hashicorp/azurerm/2.64/docs/resources/network_security_rule) | resource |
| [azurerm_public_ip.public](https://registry.terraform.io/providers/hashicorp/azurerm/2.64/docs/resources/public_ip) | resource |
| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/2.64/docs/resources/resource_group) | resource |
| [azurerm_network_security_rule.mgmt](https://registry.terraform.io/providers/hashicorp/azurerm/2.97/docs/resources/network_security_rule) | resource |
| [azurerm_public_ip.public](https://registry.terraform.io/providers/hashicorp/azurerm/2.97/docs/resources/public_ip) | resource |
| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/2.97/docs/resources/resource_group) | resource |
| [random_password.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |

## Inputs
Expand Down
2 changes: 1 addition & 1 deletion examples/transit_vnet_common/example.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ vmseries = {
common_vmseries_version = "9.1.3"
common_vmseries_sku = "bundle1"
storage_account_name = "pantfstorage"
storage_share_name = "ibbootstrapshare"
storage_share_name = "bootstrapshare"

files = {
"files/authcodes" = "license/authcodes" # authcode is required only with common_vmseries_sku = "byol"
Expand Down
35 changes: 21 additions & 14 deletions examples/transit_vnet_common/main.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Create the Resource Group.
resource "azurerm_resource_group" "this" {
name = coalesce(var.resource_group_name, "${var.name_prefix}vmseries")
name = coalesce(var.resource_group_name, "${var.name_prefix}vmseries-transit-vnet-common")
location = var.location
}

Expand Down Expand Up @@ -115,19 +115,24 @@ module "common_vmseries" {

for_each = var.vmseries

location = var.location
resource_group_name = azurerm_resource_group.this.name
name = "${var.name_prefix}${each.key}"
avzone = try(each.value.avzone, 1)
username = var.username
password = coalesce(var.password, random_password.this.result)
img_version = var.common_vmseries_version
img_sku = var.common_vmseries_sku
vm_size = var.common_vmseries_vm_size
tags = var.common_vmseries_tags
enable_zones = var.enable_zones
bootstrap_storage_account = module.bootstrap.storage_account
bootstrap_share_name = module.bootstrap.storage_share.name
location = var.location
resource_group_name = azurerm_resource_group.this.name
name = "${var.name_prefix}${each.key}"
avzone = try(each.value.avzone, 1)
username = var.username
password = coalesce(var.password, random_password.this.result)
img_version = var.common_vmseries_version
img_sku = var.common_vmseries_sku
vm_size = var.common_vmseries_vm_size
tags = var.common_vmseries_tags
enable_zones = var.enable_zones
bootstrap_options = join(",",
[
"storage-account=${module.bootstrap.storage_account.name}",
"access-key=${module.bootstrap.storage_account.primary_access_key}",
"file-share=${module.bootstrap.storage_share.name}",
"share-directory=None"
])
interfaces = [
{
name = "${each.key}-mgmt"
Expand All @@ -153,5 +158,7 @@ module "common_vmseries" {
},
]

diagnostics_storage_uri = module.bootstrap.storage_account.primary_blob_endpoint

depends_on = [module.bootstrap]
}
2 changes: 1 addition & 1 deletion examples/transit_vnet_common/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "= 2.64"
version = "= 2.97"
}
random = {
source = "hashicorp/random"
Expand Down
68 changes: 41 additions & 27 deletions examples/transit_vnet_dedicated/main.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Create the Resource Group.
resource "azurerm_resource_group" "this" {
name = coalesce(var.resource_group_name, "${var.name_prefix}vmseries")
name = coalesce(var.resource_group_name, "${var.name_prefix}vmseries-transit-vnet-dedicated")
location = var.location
}

Expand Down Expand Up @@ -124,19 +124,24 @@ module "inbound_vmseries" {

for_each = var.inbound_vmseries

location = var.location
resource_group_name = azurerm_resource_group.this.name
name = "${var.name_prefix}${each.key}"
avzone = try(each.value.avzone, 1)
username = var.username
password = coalesce(var.password, random_password.this.result)
img_sku = var.common_vmseries_sku
img_version = var.inbound_vmseries_version
vm_size = var.inbound_vmseries_vm_size
tags = var.inbound_vmseries_tags
enable_zones = var.enable_zones
bootstrap_storage_account = module.bootstrap.storage_account
bootstrap_share_name = module.bootstrap.storage_share.name
location = var.location
resource_group_name = azurerm_resource_group.this.name
name = "${var.name_prefix}${each.key}"
avzone = try(each.value.avzone, 1)
username = var.username
password = coalesce(var.password, random_password.this.result)
img_sku = var.common_vmseries_sku
img_version = var.inbound_vmseries_version
vm_size = var.inbound_vmseries_vm_size
tags = var.inbound_vmseries_tags
enable_zones = var.enable_zones
bootstrap_options = join(",",
[
"storage-account=${module.bootstrap.storage_account.name}",
"access-key=${module.bootstrap.storage_account.primary_access_key}",
"file-share=${module.bootstrap.storage_share.name}",
"share-directory=None"
])
interfaces = [
{
name = "${each.key}-mgmt"
Expand All @@ -160,6 +165,8 @@ module "inbound_vmseries" {
},
]

diagnostics_storage_uri = module.bootstrap.storage_account.primary_blob_endpoint

depends_on = [module.bootstrap]
}

Expand All @@ -171,19 +178,24 @@ module "outbound_vmseries" {

for_each = var.outbound_vmseries

location = var.location
resource_group_name = azurerm_resource_group.this.name
name = "${var.name_prefix}${each.key}"
avzone = try(each.value.avzone, 1)
username = var.username
password = coalesce(var.password, random_password.this.result)
img_sku = var.common_vmseries_sku
img_version = var.outbound_vmseries_version
vm_size = var.outbound_vmseries_vm_size
tags = var.outbound_vmseries_tags
enable_zones = var.enable_zones
bootstrap_storage_account = module.outbound_bootstrap.storage_account
bootstrap_share_name = module.outbound_bootstrap.storage_share.name
location = var.location
resource_group_name = azurerm_resource_group.this.name
name = "${var.name_prefix}${each.key}"
avzone = try(each.value.avzone, 1)
username = var.username
password = coalesce(var.password, random_password.this.result)
img_sku = var.common_vmseries_sku
img_version = var.outbound_vmseries_version
vm_size = var.outbound_vmseries_vm_size
tags = var.outbound_vmseries_tags
enable_zones = var.enable_zones
bootstrap_options = join(",",
[
"storage-account=${module.outbound_bootstrap.storage_account.name}",
"access-key=${module.outbound_bootstrap.storage_account.primary_access_key}",
"file-share=${module.outbound_bootstrap.storage_share.name}",
"share-directory=None"
])
interfaces = [
{
name = "${each.key}-mgmt"
Expand All @@ -208,5 +220,7 @@ module "outbound_vmseries" {
},
]

diagnostics_storage_uri = module.bootstrap.storage_account.primary_blob_endpoint

depends_on = [module.outbound_bootstrap]
}
34 changes: 24 additions & 10 deletions examples/vmseries_scaleset/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -240,11 +240,18 @@ module "inbound_scale_set" {
subnet_mgmt = { id = module.vnet.subnet_ids["management"] }
subnet_private = { id = module.vnet.subnet_ids["inbound_private"] }
subnet_public = { id = module.vnet.subnet_ids["inbound_public"] }
bootstrap_storage_account = module.inbound_bootstrap.storage_account
bootstrap_share_name = module.inbound_bootstrap.storage_share.name
public_backend_pool_id = module.inbound_lb.backend_pool_id
create_mgmt_pip = false
create_public_pip = false
bootstrap_options = (join(",",
[
"storage-account=${module.inbound_bootstrap.storage_account.name}",
"access-key=${module.inbound_bootstrap.storage_account.primary_access_key}",
"file-share=${module.inbound_bootstrap.storage_share.name}",
"share-directory=None"
]
))
public_backend_pool_id = module.inbound_lb.backend_pool_id
create_mgmt_pip = false
create_public_pip = false
diagnostics_storage_uri = module.inbound_bootstrap.storage_account.primary_blob_endpoint
}

# Create the outbound scale set.
Expand Down Expand Up @@ -277,9 +284,16 @@ module "outbound_scale_set" {
subnet_mgmt = { id = module.vnet.subnet_ids["management"] }
subnet_private = { id = module.vnet.subnet_ids["outbound_private"] }
subnet_public = { id = module.vnet.subnet_ids["outbound_public"] }
bootstrap_storage_account = module.outbound_bootstrap.storage_account
bootstrap_share_name = module.outbound_bootstrap.storage_share.name
private_backend_pool_id = module.outbound_lb.backend_pool_id
create_mgmt_pip = false
create_public_pip = false
bootstrap_options = (join(",",
[
"storage-account=${module.outbound_bootstrap.storage_account.name}",
"access-key=${module.outbound_bootstrap.storage_account.primary_access_key}",
"file-share=${module.outbound_bootstrap.storage_share.name}",
"share-directory=None"
]
))
private_backend_pool_id = module.outbound_lb.backend_pool_id
create_mgmt_pip = false
create_public_pip = false
diagnostics_storage_uri = module.outbound_bootstrap.storage_account.primary_blob_endpoint
}
4 changes: 2 additions & 2 deletions modules/vmseries/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,9 @@ No modules.
| <a name="input_accelerated_networking"></a> [accelerated\_networking](#input\_accelerated\_networking) | Enable Azure accelerated networking (SR-IOV) for all network interfaces except the primary one (it is the PAN-OS management interface, which [does not support](https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/virtualization-features/support-for-azure-accelerated-networking-sriov) acceleration). | `bool` | `true` | no |
| <a name="input_avset_id"></a> [avset\_id](#input\_avset\_id) | The identifier of the Availability Set to use. When using this variable, set `avzone = null`. | `string` | `null` | no |
| <a name="input_avzone"></a> [avzone](#input\_avzone) | The availability zone to use, for example "1", "2", "3". Ignored if `enable_zones` is false. Conflicts with `avset_id`, in which case use `avzone = null`. | `string` | `"1"` | no |
| <a name="input_bootstrap_share_name"></a> [bootstrap\_share\_name](#input\_bootstrap\_share\_name) | Azure File Share holding the bootstrap data. Should reside on `bootstrap_storage_account`. Bootstrapping is omitted if `bootstrap_share_name` is left at null. | `string` | `null` | no |
| <a name="input_bootstrap_storage_account"></a> [bootstrap\_storage\_account](#input\_bootstrap\_storage\_account) | Existing storage account object for bootstrapping and for holding small-sized boot diagnostics. Usually the object is passed from a bootstrap module's output. | `any` | `null` | no |
| <a name="input_bootstrap_options"></a> [bootstrap\_options](#input\_bootstrap\_options) | Bootstrap options to pass to VM-Series instance. | `string` | `""` | no |
| <a name="input_custom_image_id"></a> [custom\_image\_id](#input\_custom\_image\_id) | Absolute ID of your own Custom Image to be used for creating new VM-Series. If set, the `username`, `password`, `img_version`, `img_publisher`, `img_offer`, `img_sku` inputs are all ignored (these are used only for published images, not custom ones). The Custom Image is expected to contain PAN-OS software. | `string` | `null` | no |
| <a name="input_diagnostics_storage_uri"></a> [diagnostics\_storage\_uri](#input\_diagnostics\_storage\_uri) | The storage account's blob endpoint to hold diagnostic files. | `string` | `null` | no |
| <a name="input_enable_plan"></a> [enable\_plan](#input\_enable\_plan) | Enable usage of the Offer/Plan on Azure Marketplace. Even plan sku "byol", which means "bring your own license", still requires accepting on the Marketplace (as of 2021). Can be set to `false` when using a custom image. | `bool` | `true` | no |
| <a name="input_enable_zones"></a> [enable\_zones](#input\_enable\_zones) | If false, the input `avzone` is ignored and also all created Public IP addresses default to not to use Availability Zones (the `No-Zone` setting). It is intended for the regions that do not yet support Availability Zones. | `bool` | `true` | no |
| <a name="input_identity_ids"></a> [identity\_ids](#input\_identity\_ids) | See the [provider documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine#identity_ids). | `list(string)` | `null` | no |
Expand Down
14 changes: 3 additions & 11 deletions modules/vmseries/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -90,15 +90,7 @@ resource "azurerm_virtual_machine" "this" {
computer_name = var.name
admin_username = var.username
admin_password = var.password
custom_data = var.bootstrap_share_name == null ? null : join(
",",
[
"storage-account=${var.bootstrap_storage_account.name}",
"access-key=${var.bootstrap_storage_account.primary_access_key}",
"file-share=${var.bootstrap_share_name}",
"share-directory=None"
]
)
custom_data = var.bootstrap_options
}

os_profile_linux_config {
Expand All @@ -108,11 +100,11 @@ resource "azurerm_virtual_machine" "this" {
# After converting to azurerm_linux_virtual_machine, an empty block boot_diagnostics {} will use managed storage. Want.
# 2.36 in required_providers per https://github.com/terraform-providers/terraform-provider-azurerm/pull/8917
dynamic "boot_diagnostics" {
for_each = var.bootstrap_storage_account != null ? ["one"] : []
for_each = var.diagnostics_storage_uri != null ? ["one"] : []

content {
enabled = true
storage_uri = var.bootstrap_storage_account.primary_blob_endpoint
storage_uri = var.diagnostics_storage_uri
}
}

Expand Down
24 changes: 12 additions & 12 deletions modules/vmseries/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -58,18 +58,6 @@ variable "interfaces" {
EOF
}

variable "bootstrap_storage_account" {
description = "Existing storage account object for bootstrapping and for holding small-sized boot diagnostics. Usually the object is passed from a bootstrap module's output."
default = null
type = any
}

variable "bootstrap_share_name" {
description = "Azure File Share holding the bootstrap data. Should reside on `bootstrap_storage_account`. Bootstrapping is omitted if `bootstrap_share_name` is left at null."
default = null
type = string
}

variable "username" {
description = "Initial administrative username to use for VM-Series. Mind the [Azure-imposed restrictions](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/faq#what-are-the-username-requirements-when-creating-a-vm)."
type = string
Expand Down Expand Up @@ -173,3 +161,15 @@ variable "enable_zones" {
default = true
type = bool
}

variable "bootstrap_options" {
description = "Bootstrap options to pass to VM-Series instance."
default = ""
type = string
}

variable "diagnostics_storage_uri" {
description = "The storage account's blob endpoint to hold diagnostic files."
default = null
type = string
}
Loading

0 comments on commit f5f28d8

Please sign in to comment.