Skip to content

Commit

Permalink
feat: Introduce universal settings block for VMs & VMSSs (#60)
Browse files Browse the repository at this point in the history
  • Loading branch information
@acelebanski
acelebanski authored Jun 28, 2024
1 parent fc96097 commit 4593c95
Show file tree
Hide file tree
Showing 23 changed files with 743 additions and 160 deletions.
58 changes: 52 additions & 6 deletions examples/common_vmseries/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,7 @@ Name | Type | Description
[`availability_sets`](#availability_sets) | `map` | A map defining availability sets.
[`ngfw_metrics`](#ngfw_metrics) | `object` | A map controlling metrics-relates resources.
[`bootstrap_storages`](#bootstrap_storages) | `map` | A map defining Azure Storage Accounts used to host file shares for bootstrapping NGFWs.
[`vmseries_universal`](#vmseries_universal) | `object` | A map defining common settings for all created VM-Series instances.
[`vmseries`](#vmseries) | `map` | A map defining Azure Virtual Machines based on Palo Alto Networks Next Generation Firewall image.
[`test_infrastructure`](#test_infrastructure) | `map` | A map defining test infrastructure including test VMs and Azure Bastion hosts.

Expand Down Expand Up @@ -922,6 +923,50 @@ map(object({
```


Default value: `map[]`

<sup>[back to list](#modules-optional-inputs)</sup>

#### vmseries_universal

A map defining common settings for all created VM-Series instances.

It duplicates popular properties from `vmseries` variable, specifically `vmseries.image` and `vmseries.virtual_machine` maps.
However, if values are set in those maps, they still take precedence over the ones set within this variable. As a result, all
universal properties can be overriden on a per-VM basis.

Following properties are supported:

- `version` - (`string`, optional) describes the PAN-OS image version from Azure Marketplace.
- `size` - (`string`, optional, defaults to module default) Azure VM size (type). Consult the *VM-Series
Deployment Guide* as only a few selected sizes are supported.
- `bootstrap_options` - (`string`, optional, mutually exclusive with `bootstrap_package`) bootstrap options passed to PAN-OS
when launched for the 1st time, for details see module documentation.
- `bootstrap_package` - (`map`, optional, mutually exclusive with `bootstrap_options`) a map defining content of the bootstrap
package. For details and available properties refer to `vmseries` variable.


Type:

```hcl
object({
version = optional(string)
size = optional(string)
bootstrap_options = optional(string)
bootstrap_package = optional(object({
bootstrap_storage_key = string
static_files = optional(map(string), {})
bootstrap_package_path = optional(string)
bootstrap_xml_template = optional(string)
private_snet_key = optional(string)
public_snet_key = optional(string)
ai_update_interval = optional(number, 5)
intranet_cidr = optional(string)
}))
})
```


Default value: `map[]`

<sup>[back to list](#modules-optional-inputs)</sup>
Expand Down Expand Up @@ -949,8 +994,9 @@ The most basic properties are as follows:

For all properties and their default values see [module's documentation](../../modules/vmseries/README.md#authentication).

- `image` - (`map`, required) properties defining a base image used by the deployed VM. The `image` property is
required but there are only 2 properties (mutually exclusive) that have to be set, either:
- `image` - (`map`, optional) properties defining a base image used by the deployed VM. The `image` property is
required (if no common properties were set within `vmseries_universal` variable) but there are only 2
properties (mutually exclusive) that have to be set, either:

- `version` - (`string`, optional) describes the PAN-OS image version from Azure Marketplace.
- `custom_id` - (`string`, optional) absolute ID of your own custom PAN-OS image.
Expand All @@ -962,8 +1008,8 @@ The most basic properties are as follows:

- `size` - (`string`, optional, defaults to module default) Azure VM size (type). Consult the *VM-Series
Deployment Guide* as only a few selected sizes are supported.
- `zone` - (`string`, optional, defaults to module default) the Availability Zone in which the VM and (if
deployed) public IP addresses will be created.
- `zone` - (`string`, required) the Availability Zone in which the VM and (if deployed) public IP addresses will
be created.
- `disk_type` - (`string`, optional, defaults to module default) type of a Managed Disk which should be created,
possible values are `Standard_LRS`, `StandardSSD_LRS` or `Premium_LRS` (works only for selected
`size` values).
Expand Down Expand Up @@ -1049,14 +1095,14 @@ map(object({
disable_password_authentication = optional(bool, false)
ssh_keys = optional(list(string), [])
}), {})
image = object({
image = optional(object({
version = optional(string)
publisher = optional(string)
offer = optional(string)
sku = optional(string)
enable_marketplace_plan = optional(bool)
custom_id = optional(string)
})
}))
virtual_machine = object({
size = optional(string)
bootstrap_options = optional(string)
Expand Down
24 changes: 10 additions & 14 deletions examples/common_vmseries/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,17 +228,18 @@ appgws = {

# VM-SERIES

vmseries_universal = {
version = "10.2.901"
size = "Standard_DS3_v2"
bootstrap_options = "type=dhcp-client"
}

vmseries = {
"fw-1" = {
name = "firewall01"
vnet_key = "transit"
image = {
version = "10.2.901"
}
virtual_machine = {
size = "Standard_DS3_v2"
zone = 1
bootstrap_options = "type=dhcp-client"
zone = 1
}
interfaces = [
{
Expand All @@ -261,16 +262,11 @@ vmseries = {
]
}
"fw-2" = {
name = "firewall02"
image = {
version = "10.2.901"
}
name = "firewall02"
vnet_key = "transit"
virtual_machine = {
size = "Standard_DS3_v2"
zone = 2
bootstrap_options = "type=dhcp-client"
zone = 2
}
vnet_key = "transit"
interfaces = [
{
name = "vm02-mgmt"
Expand Down
14 changes: 12 additions & 2 deletions examples/common_vmseries/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -364,15 +364,22 @@ module "vmseries" {
resource_group_name = local.resource_group.name

authentication = local.authentication[each.key]
image = each.value.image
image = merge(
each.value.image,
{
version = try(each.value.image.version, var.vmseries_universal.version, null)
}
)
virtual_machine = merge(
each.value.virtual_machine,
{
disk_name = "${var.name_prefix}${coalesce(each.value.virtual_machine.disk_name, "${each.value.name}-osdisk")}"
avset_id = try(azurerm_availability_set.this[each.value.virtual_machine.avset_key].id, null)
size = try(coalesce(each.value.virtual_machine.size, var.vmseries_universal.size), null)
bootstrap_options = try(
coalesce(
each.value.virtual_machine.bootstrap_options,
var.vmseries_universal.bootstrap_options,
try(
join(",", [
"storage-account=${module.bootstrap[
Expand All @@ -386,6 +393,10 @@ module "vmseries" {
),
null
)
bootstrap_package = try(
coalesce(each.value.virtual_machine.bootstrap_package, var.vmseries_universal.bootstrap_package),
null
)
}
)

Expand All @@ -400,7 +411,6 @@ module "vmseries" {
private_ip_address = v.private_ip_address
attach_to_lb_backend_pool = v.load_balancer_key != null
lb_backend_pool_id = try(module.load_balancer[v.load_balancer_key].backend_pool_id, null)

}]

tags = var.tags
Expand Down
75 changes: 68 additions & 7 deletions examples/common_vmseries/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -605,6 +605,65 @@ variable "bootstrap_storages" {
}))
}

variable "vmseries_universal" {
description = <<-EOF
A map defining common settings for all created VM-Series instances.
It duplicates popular properties from `vmseries` variable, specifically `vmseries.image` and `vmseries.virtual_machine` maps.
However, if values are set in those maps, they still take precedence over the ones set within this variable. As a result, all
universal properties can be overriden on a per-VM basis.
Following properties are supported:
- `version` - (`string`, optional) describes the PAN-OS image version from Azure Marketplace.
- `size` - (`string`, optional, defaults to module default) Azure VM size (type). Consult the *VM-Series
Deployment Guide* as only a few selected sizes are supported.
- `bootstrap_options` - (`string`, optional, mutually exclusive with `bootstrap_package`) bootstrap options passed to PAN-OS
when launched for the 1st time, for details see module documentation.
- `bootstrap_package` - (`map`, optional, mutually exclusive with `bootstrap_options`) a map defining content of the bootstrap
package. For details and available properties refer to `vmseries` variable.
EOF
default = {}
type = object({
version = optional(string)
size = optional(string)
bootstrap_options = optional(string)
bootstrap_package = optional(object({
bootstrap_storage_key = string
static_files = optional(map(string), {})
bootstrap_package_path = optional(string)
bootstrap_xml_template = optional(string)
private_snet_key = optional(string)
public_snet_key = optional(string)
ai_update_interval = optional(number, 5)
intranet_cidr = optional(string)
}))
})
validation { # bootstrap_options & bootstrap_package
condition = alltrue([
var.vmseries_universal.bootstrap_options != null && var.vmseries_universal.bootstrap_package == null ||
var.vmseries_universal.bootstrap_options == null && var.vmseries_universal.bootstrap_package != null ||
var.vmseries_universal.bootstrap_options == null && var.vmseries_universal.bootstrap_package == null
])
error_message = <<-EOF
Either `bootstrap_options` or `bootstrap_package` property can be set.
EOF
}
validation { # bootstrap_package
condition = alltrue([
var.vmseries_universal.bootstrap_package != null ? (
var.vmseries_universal.bootstrap_package.bootstrap_xml_template != null ? (
var.vmseries_universal.bootstrap_package.private_snet_key != null &&
var.vmseries_universal.bootstrap_package.public_snet_key != null
) : true
) : true
])
error_message = <<-EOF
The `private_snet_key` and `public_snet_key` are required when `bootstrap_xml_template` is set.
EOF
}
}

variable "vmseries" {
description = <<-EOF
A map defining Azure Virtual Machines based on Palo Alto Networks Next Generation Firewall image.
Expand All @@ -628,8 +687,9 @@ variable "vmseries" {
For all properties and their default values see [module's documentation](../../modules/vmseries/README.md#authentication).
- `image` - (`map`, required) properties defining a base image used by the deployed VM. The `image` property is
required but there are only 2 properties (mutually exclusive) that have to be set, either:
- `image` - (`map`, optional) properties defining a base image used by the deployed VM. The `image` property is
required (if no common properties were set within `vmseries_universal` variable) but there are only 2
properties (mutually exclusive) that have to be set, either:
- `version` - (`string`, optional) describes the PAN-OS image version from Azure Marketplace.
- `custom_id` - (`string`, optional) absolute ID of your own custom PAN-OS image.
Expand All @@ -641,8 +701,8 @@ variable "vmseries" {
- `size` - (`string`, optional, defaults to module default) Azure VM size (type). Consult the *VM-Series
Deployment Guide* as only a few selected sizes are supported.
- `zone` - (`string`, optional, defaults to module default) the Availability Zone in which the VM and (if
deployed) public IP addresses will be created.
- `zone` - (`string`, required) the Availability Zone in which the VM and (if deployed) public IP addresses will
be created.
- `disk_type` - (`string`, optional, defaults to module default) type of a Managed Disk which should be created,
possible values are `Standard_LRS`, `StandardSSD_LRS` or `Premium_LRS` (works only for selected
`size` values).
Expand Down Expand Up @@ -726,14 +786,14 @@ variable "vmseries" {
disable_password_authentication = optional(bool, false)
ssh_keys = optional(list(string), [])
}), {})
image = object({
image = optional(object({
version = optional(string)
publisher = optional(string)
offer = optional(string)
sku = optional(string)
enable_marketplace_plan = optional(bool)
custom_id = optional(string)
})
}))
virtual_machine = object({
size = optional(string)
bootstrap_options = optional(string)
Expand Down Expand Up @@ -775,7 +835,8 @@ variable "vmseries" {
condition = alltrue([
for _, v in var.vmseries :
v.virtual_machine.bootstrap_options != null && v.virtual_machine.bootstrap_package == null ||
v.virtual_machine.bootstrap_options == null && v.virtual_machine.bootstrap_package != null
v.virtual_machine.bootstrap_options == null && v.virtual_machine.bootstrap_package != null ||
v.virtual_machine.bootstrap_options == null && v.virtual_machine.bootstrap_package == null
])
error_message = <<-EOF
Either `bootstrap_options` or `bootstrap_package` property can be set.
Expand Down
43 changes: 38 additions & 5 deletions examples/common_vmseries_and_autoscale/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,6 +254,7 @@ Name | Type | Description
[`load_balancers`](#load_balancers) | `map` | A map containing configuration for all (both private and public) Load Balancers.
[`appgws`](#appgws) | `map` | A map defining all Application Gateways in the current deployment.
[`ngfw_metrics`](#ngfw_metrics) | `object` | A map controlling metrics-relates resources.
[`scale_sets_universal`](#scale_sets_universal) | `object` | A map defining common settings for all created VM-Series Scale Sets.
[`scale_sets`](#scale_sets) | `map` | A map defining Azure Virtual Machine Scale Sets based on Palo Alto Networks Next Generation Firewall image.
[`test_infrastructure`](#test_infrastructure) | `map` | A map defining test infrastructure including test VMs and Azure Bastion hosts.

Expand Down Expand Up @@ -822,6 +823,38 @@ Default value: `&{}`

<sup>[back to list](#modules-optional-inputs)</sup>

#### scale_sets_universal

A map defining common settings for all created VM-Series Scale Sets.

It duplicates popular properties from `scale_sets` variable, specifically `scale_sets.image` and
`scale_sets.virtual_machine_scale_set` maps. However, if values are set in those maps, they still take precedence over the ones
set within this variable. As a result, all universal properties can be overriden on a per-VMSS basis.

Following properties are supported:

- `version` - (`string`, optional) describes the PAN-OS image version from Azure Marketplace.
- `size` - (`string`, optional, defaults to module default) Azure VM size (type). Consult the *VM-Series
Deployment Guide* as only a few selected sizes are supported.
- `bootstrap_options` - (`string`, optional, mutually exclusive with `bootstrap_package`) bootstrap options passed to PAN-OS
when launched for the 1st time, for details see module documentation.


Type:

```hcl
object({
version = optional(string)
size = optional(string)
bootstrap_options = optional(string)
})
```


Default value: `map[]`

<sup>[back to list](#modules-optional-inputs)</sup>

#### scale_sets

A map defining Azure Virtual Machine Scale Sets based on Palo Alto Networks Next Generation Firewall image.
Expand All @@ -848,9 +881,9 @@ The basic Scale Set configuration properties are as follows:

For all properties and their default values refer to [module's documentation](../../modules/vmss/README.md#authentication).

- `image` - (`map`, required) properties defining a base image used to spawn VMs in this Scale Set. The
`image` property is required but there are only 2 properties (mutually exclusive) that have to
be set up, either:
- `image` - (`map`, optional) properties defining a base image used to spawn VMs in this Scale Set. The
`image` property is required (if no common properties were set within `scale_sets_universal`
variable) but there are only 2 properties (mutually exclusive) that have to be set up, either:

- `version` - (`string`, optional) describes the PAN-OS image version from Azure Marketplace.
- `custom_id` - (`string`, optional) absolute ID of your own custom PAN-OS image.
Expand Down Expand Up @@ -913,14 +946,14 @@ map(object({
disable_password_authentication = optional(bool, true)
ssh_keys = optional(list(string), [])
})
image = object({
image = optional(object({
version = optional(string)
publisher = optional(string)
offer = optional(string)
sku = optional(string)
enable_marketplace_plan = optional(bool)
custom_id = optional(string)
})
}))
virtual_machine_scale_set = optional(object({
size = optional(string)
bootstrap_options = optional(string)
Expand Down
1 change: 1 addition & 0 deletions examples/common_vmseries_and_autoscale/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,7 @@ scale_sets = {
disable_password_authentication = false
}
virtual_machine_scale_set = {
size = "Standard_D3_v2"
bootstrap_options = "type=dhcp-client"
zones = ["1", "2", "3"]
}
Expand Down
Loading

0 comments on commit 4593c95

Please sign in to comment.