diff --git a/CHANGELOG.md b/CHANGELOG.md index c5024fd286..61bac4fa19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,21 @@ -## 0.17.0 (Unreleased) +## 0.18.0 (Unreleased) **BREAKING CHANGES & MIGRATIONS**: FEATURES: +ENHANCEMENTS: + +BUG FIXES: + +COMPONENTS: + +## 0.17.0 + +**BREAKING CHANGES & MIGRATIONS**: +* Update terraform MySQL resources to MySQL Flexible resources to fix depricating recources. ([#3892](https://github.com/microsoft/AzureTRE/pull/3892)) - Migration to new version of Gitea and MySQL, needs to be carried out manually, details to be included in a later release. + ENHANCEMENTS: * Switch from OpenCensus to OpenTelemetry for logging ([#3762](https://github.com/microsoft/AzureTRE/pull/3762)) * Extend PowerShell auto start script to start core VMs ([#3811](https://github.com/microsoft/AzureTRE/issues/3811)) @@ -19,8 +30,40 @@ BUG FIXES: * Airlock: Creating an import/export request causes a routing error ([#3830](https://github.com/microsoft/AzureTRE/issues/3830)) * Fix registration of templates with no 'authorizedRoles' or 'required' defined ([#3849](https://github.com/microsoft/AzureTRE/pull/3849)) * Update terraform for services bus to move network rules into namespace resource to avoid depreciation warning, and update setup_local_debugging.sh to use network_rule_sets ([#3858](https://github.com/microsoft/AzureTRE/pull/3858)) +* Update terraform MySQL resources to MySQL Flexible resources to fix depricating recources. ([#3892](https://github.com/microsoft/AzureTRE/pull/3892)) +* Fix issue with firewall failing to deploy on a new TRE deploy ([#3775](https://github.com/microsoft/AzureTRE/issues/3775)) COMPONENTS: +| name | version | +| ----- | ----- | +| devops | 0.5.1 | +| core | 0.9.6 | +| ui | 0.5.21 | +| tre-service-guacamole-linuxvm | 0.6.9 | +| tre-service-guacamole-import-reviewvm | 0.2.8 | +| tre-service-guacamole-export-reviewvm | 0.1.8 | +| tre-service-guacamole-windowsvm | 0.7.9 | +| tre-service-guacamole | 0.10.6 | +| tre-service-databricks | 1.0.3 | +| tre-service-mlflow | 0.7.7 | +| tre-service-innereye | 0.6.4 | +| tre-workspace-service-ohdsi | 0.2.4 | +| tre-workspace-service-gitea | 1.0.1 | +| tre-workspace-service-mysql | 1.0.1 | +| tre-user-resource-aml-compute-instance | 0.5.7 | +| tre-service-azureml | 0.8.10 | +| tre-workspace-service-health | 0.2.5 | +| tre-workspace-airlock-import-review | 0.12.16 | +| tre-workspace-unrestricted | 0.11.4 | +| tre-workspace-base | 1.5.3 | +| tre-shared-service-cyclecloud | 0.5.5 | +| tre-shared-service-databricks-private-auth | 0.1.5 | +| tre-shared-service-sonatype-nexus | 2.8.13 | +| tre-shared-service-admin-vm | 0.4.3 | +| tre-shared-service-firewall | 1.1.7 | +| tre-shared-service-gitea | 1.0.1 | +| tre-shared-service-certs | 0.5.1 | +| tre-shared-service-airlock-notifier | 0.9.0 | ## 0.16.0 (December 1, 2023) diff --git a/docs/tre-templates/shared-services/gitea.md b/docs/tre-templates/shared-services/gitea.md index b846d042b2..173611a5ae 100644 --- a/docs/tre-templates/shared-services/gitea.md +++ b/docs/tre-templates/shared-services/gitea.md @@ -47,3 +47,7 @@ Gitea needs to be able to access the following resource outside the Azure TRE VN | AzureActiveDirectory | Authorize the signed in user against Azure Active Directory. | | AzureContainerRegistry | Pull the Gitea container image, as it is located in Azure Container Registry. | | (www.)github.com | Allows Gitea to mirror any repo on GitHub | + +## Upgrading to version 1.0.0 + +Migrating existing Gitea services to the major version 1.0.0 is not currently supported. This is due to the breaking change in the Terraform to migrate from the deprecated mysql_server to the new mysql_flexible_server. diff --git a/docs/tre-templates/workspace-services/gitea.md b/docs/tre-templates/workspace-services/gitea.md index b62b9778aa..054e21bd67 100644 --- a/docs/tre-templates/workspace-services/gitea.md +++ b/docs/tre-templates/workspace-services/gitea.md @@ -24,3 +24,7 @@ The Gitea worskpace service opens outbound access to: 3. Click sign in with OpenID button and sign in with the same credentials used to access the workspace. 4. Once succesfully signed in choose a username. 5. Navigate to the user settings and under the account tab set a password for your account( `https:///user/settings/account` ). This username and passowrd should be used to authenticate against Gitea when carrying out git operations. + +## Upgrading to version 1.0.0 + +Migrating existing Gitea services to the major version 1.0.0 is not currently supported. This is due to the breaking change in the Terraform to migrate from the deprecated mysql_server to the new mysql_flexible_server. \ No newline at end of file diff --git a/docs/tre-templates/workspace-services/mysql.md b/docs/tre-templates/workspace-services/mysql.md new file mode 100644 index 0000000000..8d000135fc --- /dev/null +++ b/docs/tre-templates/workspace-services/mysql.md @@ -0,0 +1,22 @@ +# MySQL Workspace Service + +See: [MySQL Azure](https://learn.microsoft.com/en-GB/azure/mysql/) + +## Prerequisites + +- [A base workspace deployed](../workspaces/base.md) + +- The MySQL workspace service container image needs building and pushing: + + `make workspace_service_bundle BUNDLE=mysql` + +## Authenticating to MySQL + +1. Navigate to the MySQL workspace service using the `Mysql fqdn` from the details tab. +2. Using the Password found in Key Vault and the Username `mysqladmin` +3. Connect to the MySQL server on a VM with the following command shown below + `mysql -h [fqdn] -u [username] -p [password]` + +## Upgrading to version 1.0.0 + +Migrating existing MySQL services to the major version 1.0.0 is not currently supported. This is due to the breaking change in the Terraform to migrate from the deprecated mysql_server to the new mysql_flexible_server. \ No newline at end of file diff --git a/templates/shared_services/firewall/porter.yaml b/templates/shared_services/firewall/porter.yaml index e15ce6cc0b..fa65582077 100644 --- a/templates/shared_services/firewall/porter.yaml +++ b/templates/shared_services/firewall/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-firewall -version: 1.1.6 +version: 1.1.7 description: "An Azure TRE Firewall shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/firewall/terraform/routetable.tf b/templates/shared_services/firewall/terraform/routetable.tf index d5b82072f6..77aa64e15e 100644 --- a/templates/shared_services/firewall/terraform/routetable.tf +++ b/templates/shared_services/firewall/terraform/routetable.tf @@ -18,6 +18,13 @@ resource "azurerm_route_table" "rt" { resource "azurerm_subnet_route_table_association" "rt_shared_subnet_association" { subnet_id = data.azurerm_subnet.shared.id route_table_id = azurerm_route_table.rt.id + + depends_on = [ + azurerm_firewall.fw, + azurerm_firewall_policy_rule_collection_group.core, + azurerm_firewall_policy_rule_collection_group.dynamic_network, + azurerm_firewall_policy_rule_collection_group.dynamic_application + ] } resource "azurerm_subnet_route_table_association" "rt_resource_processor_subnet_association" { @@ -28,25 +35,55 @@ resource "azurerm_subnet_route_table_association" "rt_resource_processor_subnet_ depends_on = [ azurerm_firewall.fw, azurerm_firewall_policy_rule_collection_group.core, + azurerm_firewall_policy_rule_collection_group.dynamic_network, + azurerm_firewall_policy_rule_collection_group.dynamic_application ] } resource "azurerm_subnet_route_table_association" "rt_web_app_subnet_association" { subnet_id = data.azurerm_subnet.web_app.id route_table_id = azurerm_route_table.rt.id + + depends_on = [ + azurerm_firewall.fw, + azurerm_firewall_policy_rule_collection_group.core, + azurerm_firewall_policy_rule_collection_group.dynamic_network, + azurerm_firewall_policy_rule_collection_group.dynamic_application + ] } resource "azurerm_subnet_route_table_association" "rt_airlock_processor_subnet_association" { subnet_id = data.azurerm_subnet.airlock_processor.id route_table_id = azurerm_route_table.rt.id + + depends_on = [ + azurerm_firewall.fw, + azurerm_firewall_policy_rule_collection_group.core, + azurerm_firewall_policy_rule_collection_group.dynamic_network, + azurerm_firewall_policy_rule_collection_group.dynamic_application + ] } resource "azurerm_subnet_route_table_association" "rt_airlock_storage_subnet_association" { subnet_id = data.azurerm_subnet.airlock_storage.id route_table_id = azurerm_route_table.rt.id + + depends_on = [ + azurerm_firewall.fw, + azurerm_firewall_policy_rule_collection_group.core, + azurerm_firewall_policy_rule_collection_group.dynamic_network, + azurerm_firewall_policy_rule_collection_group.dynamic_application + ] } resource "azurerm_subnet_route_table_association" "rt_airlock_events_subnet_association" { subnet_id = data.azurerm_subnet.airlock_events.id route_table_id = azurerm_route_table.rt.id + + depends_on = [ + azurerm_firewall.fw, + azurerm_firewall_policy_rule_collection_group.core, + azurerm_firewall_policy_rule_collection_group.dynamic_network, + azurerm_firewall_policy_rule_collection_group.dynamic_application + ] } diff --git a/templates/shared_services/gitea/parameters.json b/templates/shared_services/gitea/parameters.json index 71aebc5306..22a4df7f1d 100755 --- a/templates/shared_services/gitea/parameters.json +++ b/templates/shared_services/gitea/parameters.json @@ -45,6 +45,12 @@ "source": { "env": "ARM_ENVIRONMENT" } + }, + { + "name": "sql_sku", + "source": { + "env": "SQL_SKU" + } } ] } diff --git a/templates/shared_services/gitea/porter.yaml b/templates/shared_services/gitea/porter.yaml index 0133a6d015..e6c2fc70b8 100644 --- a/templates/shared_services/gitea/porter.yaml +++ b/templates/shared_services/gitea/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-gitea -version: 0.6.10 +version: 1.0.1 description: "A Gitea shared service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -51,6 +51,9 @@ parameters: env: ARM_ENVIRONMENT type: string default: "public" + - name: sql_sku + type: string + default: "B | 4GB 2vCores" mixins: - terraform: @@ -89,6 +92,7 @@ install: mgmt_resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } acr_name: ${ bundle.parameters.mgmt_acr_name } arm_environment: ${ bundle.parameters.arm_environment } + sql_sku: ${ bundle.parameters.sql_sku } backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } @@ -109,6 +113,7 @@ upgrade: mgmt_resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } acr_name: ${ bundle.parameters.mgmt_acr_name } arm_environment: ${ bundle.parameters.arm_environment } + sql_sku: ${ bundle.parameters.sql_sku } backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } @@ -129,6 +134,7 @@ uninstall: mgmt_resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } acr_name: ${ bundle.parameters.mgmt_acr_name } arm_environment: ${ bundle.parameters.arm_environment } + sql_sku: ${ bundle.parameters.sql_sku } backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } diff --git a/templates/shared_services/gitea/template_schema.json b/templates/shared_services/gitea/template_schema.json index 145f8fe57e..463a6715f0 100644 --- a/templates/shared_services/gitea/template_schema.json +++ b/templates/shared_services/gitea/template_schema.json @@ -27,6 +27,19 @@ "default": "The Gitea shared service is used for mirroring external Git repositories. For instructions on how to create Git mirrors see [https://docs.gitea.com/usage/repo-mirror](https://docs.gitea.com/usage/repo-mirror).", "updateable": true }, + "sql_sku": { + "$id": "#/properties/sql_sku", + "type": "string", + "title": "MySQL server SKU", + "description": "MySQL server SKU", + "updateable": true, + "enum": [ + "B | 4GB 2vCores", + "GP | 8GB 2vCores", + "BC | 16GB 2vCores" + ], + "default": "B | 4GB 2vCores" + }, "is_exposed_externally": { "$id": "#/properties/is_exposed_externally", "type": "boolean", diff --git a/templates/shared_services/gitea/terraform/gitea-webapp.tf b/templates/shared_services/gitea/terraform/gitea-webapp.tf index f755033e2f..0fb5918777 100644 --- a/templates/shared_services/gitea/terraform/gitea-webapp.tf +++ b/templates/shared_services/gitea/terraform/gitea-webapp.tf @@ -46,9 +46,9 @@ resource "azurerm_linux_web_app" "gitea" { GITEA__database__SSL_MODE = "true" GITEA__database__DB_TYPE = "mysql" - GITEA__database__HOST = azurerm_mysql_server.gitea.fqdn - GITEA__database__NAME = azurerm_mysql_database.gitea.name - GITEA__database__USER = "${azurerm_mysql_server.gitea.administrator_login}@${azurerm_mysql_server.gitea.fqdn}" + GITEA__database__HOST = azurerm_mysql_flexible_server.gitea.fqdn + GITEA__database__NAME = azurerm_mysql_flexible_database.gitea.name + GITEA__database__USER = azurerm_mysql_flexible_server.gitea.administrator_login GITEA__database__PASSWD = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.db_password.id})" } diff --git a/templates/shared_services/gitea/terraform/locals.tf b/templates/shared_services/gitea/terraform/locals.tf index d5cc148fcf..5322583f29 100644 --- a/templates/shared_services/gitea/terraform/locals.tf +++ b/templates/shared_services/gitea/terraform/locals.tf @@ -6,6 +6,11 @@ locals { keyvault_name = "kv-${var.tre_id}" version = replace(replace(replace(data.local_file.version.content, "__version__ = \"", ""), "\"", ""), "\n", "") gitea_allowed_fqdns_list = distinct(compact(split(",", replace(var.gitea_allowed_fqdns, " ", "")))) + sql_sku = { + "B | 4GB 2vCores" = { value = "B_Standard_B2s" }, + "GP | 8GB 2vCores" = { value = "GP_Standard_D2ds_v4" }, + "BC | 16GB 2vCores" = { value = "MO_Standard_E2ds_v4" } + } tre_shared_service_tags = { tre_id = var.tre_id tre_shared_service_id = var.tre_resource_id diff --git a/templates/shared_services/gitea/terraform/mysql.tf b/templates/shared_services/gitea/terraform/mysql.tf index 42bea9c4ff..33d4a0fe9f 100644 --- a/templates/shared_services/gitea/terraform/mysql.tf +++ b/templates/shared_services/gitea/terraform/mysql.tf @@ -6,31 +6,25 @@ resource "random_password" "password" { min_special = 2 } -resource "azurerm_mysql_server" "gitea" { - name = "mysql-${var.tre_id}" - resource_group_name = local.core_resource_group_name - location = data.azurerm_resource_group.rg.location - administrator_login = "mysqladmin" - administrator_login_password = random_password.password.result - sku_name = "GP_Gen5_2" - storage_mb = 5120 - version = "8.0" - auto_grow_enabled = true - backup_retention_days = 7 - geo_redundant_backup_enabled = false - infrastructure_encryption_enabled = false - public_network_access_enabled = false - ssl_enforcement_enabled = true - ssl_minimal_tls_version_enforced = "TLS1_2" - tags = local.tre_shared_service_tags +resource "azurerm_mysql_flexible_server" "gitea" { + name = "mysql-${var.tre_id}" + resource_group_name = local.core_resource_group_name + location = data.azurerm_resource_group.rg.location + administrator_login = "mysqladmin" + administrator_password = random_password.password.result + sku_name = local.sql_sku[var.sql_sku].value + version = "8.0.21" + backup_retention_days = 7 + geo_redundant_backup_enabled = false + tags = local.tre_shared_service_tags - lifecycle { ignore_changes = [tags, threat_detection_policy] } + lifecycle { ignore_changes = [tags, zone] } } -resource "azurerm_mysql_database" "gitea" { +resource "azurerm_mysql_flexible_database" "gitea" { name = "gitea" resource_group_name = local.core_resource_group_name - server_name = azurerm_mysql_server.gitea.name + server_name = azurerm_mysql_flexible_server.gitea.name charset = "utf8" collation = "utf8_unicode_ci" } @@ -41,15 +35,15 @@ moved { } resource "azurerm_private_endpoint" "private_endpoint" { - name = "pe-${azurerm_mysql_server.gitea.name}" + name = "pe-${azurerm_mysql_flexible_server.gitea.name}" location = data.azurerm_resource_group.rg.location resource_group_name = local.core_resource_group_name subnet_id = data.azurerm_subnet.shared.id tags = local.tre_shared_service_tags private_service_connection { - private_connection_resource_id = azurerm_mysql_server.gitea.id - name = "psc-${azurerm_mysql_server.gitea.name}" + private_connection_resource_id = azurerm_mysql_flexible_server.gitea.id + name = "psc-${azurerm_mysql_flexible_server.gitea.name}" subresource_names = ["mysqlServer"] is_manual_connection = false } @@ -63,7 +57,7 @@ resource "azurerm_private_endpoint" "private_endpoint" { } resource "azurerm_key_vault_secret" "db_password" { - name = "${azurerm_mysql_server.gitea.name}-administrator-password" + name = "${azurerm_mysql_flexible_server.gitea.name}-administrator-password" value = random_password.password.result key_vault_id = data.azurerm_key_vault.keyvault.id tags = local.tre_shared_service_tags diff --git a/templates/shared_services/gitea/terraform/variables.tf b/templates/shared_services/gitea/terraform/variables.tf index a71d12ee5b..d0bf6da91d 100644 --- a/templates/shared_services/gitea/terraform/variables.tf +++ b/templates/shared_services/gitea/terraform/variables.tf @@ -33,3 +33,7 @@ variable "acr_name" { variable "arm_environment" { type = string } + +variable "sql_sku" { + type = string +} diff --git a/templates/workspace_services/gitea/parameters.json b/templates/workspace_services/gitea/parameters.json index 446a3685f4..811e0a5f3b 100755 --- a/templates/workspace_services/gitea/parameters.json +++ b/templates/workspace_services/gitea/parameters.json @@ -63,6 +63,12 @@ "source": { "env": "ARM_ENVIRONMENT" } + }, + { + "name": "sql_sku", + "source": { + "env": "SQL_SKU" + } } ] } diff --git a/templates/workspace_services/gitea/porter.yaml b/templates/workspace_services/gitea/porter.yaml index a56ed459a3..6c5f739872 100644 --- a/templates/workspace_services/gitea/porter.yaml +++ b/templates/workspace_services/gitea/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-gitea -version: 0.8.7 +version: 1.0.1 description: "A Gitea workspace service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -60,6 +60,9 @@ parameters: env: ARM_ENVIRONMENT type: string default: "public" + - name: sql_sku + type: string + default: "B | 4GB 2vCores" - name: aad_authority_url type: string default: "https://login.microsoftonline.com" @@ -102,6 +105,7 @@ install: mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } aad_authority_url: ${ bundle.parameters.aad_authority_url } arm_environment: ${ bundle.parameters.arm_environment } + sql_sku: ${ bundle.parameters.sql_sku } backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } @@ -124,6 +128,7 @@ upgrade: mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } aad_authority_url: ${ bundle.parameters.aad_authority_url } arm_environment: ${ bundle.parameters.arm_environment } + sql_sku: ${ bundle.parameters.sql_sku } backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } @@ -146,6 +151,7 @@ uninstall: mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } aad_authority_url: ${ bundle.parameters.aad_authority_url } arm_environment: ${ bundle.parameters.arm_environment } + sql_sku: ${ bundle.parameters.sql_sku } backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } diff --git a/templates/workspace_services/gitea/template_schema.json b/templates/workspace_services/gitea/template_schema.json index d9f10c1d8d..ef53192e76 100644 --- a/templates/workspace_services/gitea/template_schema.json +++ b/templates/workspace_services/gitea/template_schema.json @@ -27,6 +27,19 @@ "description": "Long form description of the workspace service, in markdown syntax", "default": "Gitea is a lightweight DevOps platform. Features include code hosting, code review, CI/CD, project management and package management. Documentation can be found here: [https://docs.gitea.com/](https://docs.gitea.com/).", "updateable": true + }, + "sql_sku": { + "$id": "#/properties/sql_sku", + "type": "string", + "title": "MySQL server SKU", + "description": "MySQL server SKU", + "updateable": true, + "enum": [ + "B | 4GB 2vCores", + "GP | 8GB 2vCores", + "BC | 16GB 2vCores" + ], + "default": "B | 4GB 2vCores" }, "is_exposed_externally": { "$id": "#/properties/is_exposed_externally", diff --git a/templates/workspace_services/gitea/terraform/gitea-webapp.tf b/templates/workspace_services/gitea/terraform/gitea-webapp.tf index 92c0b68ac8..c354a0ac84 100644 --- a/templates/workspace_services/gitea/terraform/gitea-webapp.tf +++ b/templates/workspace_services/gitea/terraform/gitea-webapp.tf @@ -56,9 +56,9 @@ resource "azurerm_linux_web_app" "gitea" { GITEA__service__SHOW_REGISTRATION_BUTTON = false GITEA__database__SSL_MODE = "true" GITEA__database__DB_TYPE = "mysql" - GITEA__database__HOST = azurerm_mysql_server.gitea.fqdn - GITEA__database__NAME = azurerm_mysql_database.gitea.name - GITEA__database__USER = "${azurerm_mysql_server.gitea.administrator_login}@${azurerm_mysql_server.gitea.fqdn}" + GITEA__database__HOST = azurerm_mysql_flexible_server.gitea.fqdn + GITEA__database__NAME = azurerm_mysql_flexible_database.gitea.name + GITEA__database__USER = azurerm_mysql_flexible_server.gitea.administrator_login GITEA__database__PASSWD = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.db_password.id})" } diff --git a/templates/workspace_services/gitea/terraform/locals.tf b/templates/workspace_services/gitea/terraform/locals.tf index 57122a09d3..f37c1e270a 100644 --- a/templates/workspace_services/gitea/terraform/locals.tf +++ b/templates/workspace_services/gitea/terraform/locals.tf @@ -8,6 +8,11 @@ locals { core_resource_group_name = "rg-${var.tre_id}" keyvault_name = lower("kv-${substr(local.workspace_resource_name_suffix, -20, -1)}") version = replace(replace(replace(data.local_file.version.content, "__version__ = \"", ""), "\"", ""), "\n", "") + sql_sku = { + "B | 4GB 2vCores" = { value = "B_Standard_B2s" }, + "GP | 8GB 2vCores" = { value = "GP_Standard_D2ds_v4" }, + "BC | 16GB 2vCores" = { value = "MO_Standard_E2ds_v4" } + } workspace_service_tags = { tre_id = var.tre_id tre_workspace_id = var.workspace_id diff --git a/templates/workspace_services/gitea/terraform/mysql.tf b/templates/workspace_services/gitea/terraform/mysql.tf index ddd855edf4..ce03f835c7 100644 --- a/templates/workspace_services/gitea/terraform/mysql.tf +++ b/templates/workspace_services/gitea/terraform/mysql.tf @@ -6,31 +6,25 @@ resource "random_password" "password" { min_special = 2 } -resource "azurerm_mysql_server" "gitea" { - name = "mysql-${local.service_resource_name_suffix}" - resource_group_name = data.azurerm_resource_group.ws.name - location = data.azurerm_resource_group.ws.location - administrator_login = "mysqladmin" - administrator_login_password = random_password.password.result - sku_name = "GP_Gen5_2" - storage_mb = 5120 - version = "8.0" - auto_grow_enabled = true - backup_retention_days = 7 - geo_redundant_backup_enabled = false - infrastructure_encryption_enabled = false - public_network_access_enabled = false - ssl_enforcement_enabled = true - ssl_minimal_tls_version_enforced = "TLS1_2" - tags = local.workspace_service_tags +resource "azurerm_mysql_flexible_server" "gitea" { + name = "mysql-${local.service_resource_name_suffix}" + resource_group_name = data.azurerm_resource_group.ws.name + location = data.azurerm_resource_group.ws.location + administrator_login = "mysqladmin" + administrator_password = random_password.password.result + sku_name = local.sql_sku[var.sql_sku].value + version = "8.0.21" + backup_retention_days = 7 + geo_redundant_backup_enabled = false + tags = local.workspace_service_tags - lifecycle { ignore_changes = [tags] } + lifecycle { ignore_changes = [tags, zone] } } -resource "azurerm_mysql_database" "gitea" { +resource "azurerm_mysql_flexible_database" "gitea" { name = "gitea" resource_group_name = data.azurerm_resource_group.ws.name - server_name = azurerm_mysql_server.gitea.name + server_name = azurerm_mysql_flexible_server.gitea.name charset = "utf8" collation = "utf8_unicode_ci" } @@ -41,15 +35,15 @@ moved { } resource "azurerm_private_endpoint" "private_endpoint" { - name = "pe-${azurerm_mysql_server.gitea.name}" + name = "pe-${azurerm_mysql_flexible_server.gitea.name}" location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name subnet_id = data.azurerm_subnet.services.id tags = local.workspace_service_tags private_service_connection { - private_connection_resource_id = azurerm_mysql_server.gitea.id - name = "psc-${azurerm_mysql_server.gitea.name}" + private_connection_resource_id = azurerm_mysql_flexible_server.gitea.id + name = "psc-${azurerm_mysql_flexible_server.gitea.name}" subresource_names = ["mysqlServer"] is_manual_connection = false } @@ -63,7 +57,7 @@ resource "azurerm_private_endpoint" "private_endpoint" { } resource "azurerm_key_vault_secret" "db_password" { - name = "${azurerm_mysql_server.gitea.name}-administrator-password" + name = "${azurerm_mysql_flexible_server.gitea.name}-administrator-password" value = random_password.password.result key_vault_id = data.azurerm_key_vault.ws.id tags = local.workspace_service_tags diff --git a/templates/workspace_services/gitea/terraform/variables.tf b/templates/workspace_services/gitea/terraform/variables.tf index 105bb3e014..181a27045e 100644 --- a/templates/workspace_services/gitea/terraform/variables.tf +++ b/templates/workspace_services/gitea/terraform/variables.tf @@ -24,3 +24,6 @@ variable "gitea_storage_limit" { variable "arm_environment" { type = string } +variable "sql_sku" { + type = string +} diff --git a/templates/workspace_services/gitea/version.txt b/templates/workspace_services/gitea/version.txt index 906d362f7d..43c4ab0058 100644 --- a/templates/workspace_services/gitea/version.txt +++ b/templates/workspace_services/gitea/version.txt @@ -1 +1 @@ -__version__ = "0.6.0" +__version__ = "0.6.1" diff --git a/templates/workspace_services/mysql/porter.yaml b/templates/workspace_services/mysql/porter.yaml index fd665488b8..7f7baccfe1 100644 --- a/templates/workspace_services/mysql/porter.yaml +++ b/templates/workspace_services/mysql/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-mysql -version: 0.4.5 +version: 1.0.1 description: "A MySQL workspace service" registry: azuretre dockerfile: Dockerfile.tmpl @@ -47,7 +47,7 @@ parameters: default: "public" - name: sql_sku type: string - default: "GP | 5GB 2vCores" + default: "B | 4GB 2vCores" - name: storage_mb type: integer default: 5120 @@ -65,6 +65,7 @@ outputs: type: string applyTo: - install + - upgrade install: - terraform: @@ -85,11 +86,23 @@ install: outputs: - name: mysql_fqdn upgrade: - - exec: - description: "Upgrade shared service" - command: echo - arguments: - - "This shared service does not implement upgrade action" + - terraform: + description: "Upgrade MySQL workspace service" + vars: + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + sql_sku: ${ bundle.parameters.sql_sku } + storage_mb: ${ bundle.parameters.storage_mb } + db_name: ${ bundle.parameters.db_name } + arm_environment: ${ bundle.parameters.arm_environment } + backendConfig: + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-mysql-${ bundle.parameters.id } + outputs: + - name: mysql_fqdn uninstall: - terraform: description: "Tear down MySQL workspace service" diff --git a/templates/workspace_services/mysql/template_schema.json b/templates/workspace_services/mysql/template_schema.json index 5513e5f115..d0cafd2bf9 100644 --- a/templates/workspace_services/mysql/template_schema.json +++ b/templates/workspace_services/mysql/template_schema.json @@ -11,13 +11,13 @@ "type": "string", "title": "MySQL server SKU", "description": "MySQL server SKU", + "updateable": true, "enum": [ - "GP | 5GB 2vCores", - "GP | 5GB 4vCores", - "GP | 5GB 6vCores", - "GP | 5GB 8vCores" + "B | 4GB 2vCores", + "GP | 8GB 2vCores", + "BC | 16GB 2vCores" ], - "default": "GP | 5GB 2vCores" + "default": "B | 4GB 2vCores" }, "storage_mb": { "$id": "#/properties/storage_mb", @@ -30,7 +30,8 @@ "$id": "#/properties/db_name", "type": "string", "title": "Database name", - "description": "Database name" + "description": "Database name", + "default": "tredb" } } } diff --git a/templates/workspace_services/mysql/terraform/locals.tf b/templates/workspace_services/mysql/terraform/locals.tf index d666bfa202..296c0b93e7 100644 --- a/templates/workspace_services/mysql/terraform/locals.tf +++ b/templates/workspace_services/mysql/terraform/locals.tf @@ -6,10 +6,9 @@ locals { keyvault_name = lower("kv-${substr(local.workspace_resource_name_suffix, -20, -1)}") core_resource_group_name = "rg-${var.tre_id}" sql_sku = { - "GP | 5GB 2vCores" = { value = "GP_Gen5_2" }, - "GP | 5GB 4vCores" = { value = "GP_Gen5_4" }, - "GP | 5GB 6vCores" = { value = "GP_Gen5_6" }, - "GP | 5GB 8vCores" = { value = "GP_Gen5_8" } + "B | 4GB 2vCores" = { value = "B_Standard_B2s" }, + "GP | 8GB 2vCores" = { value = "GP_Standard_D2ds_v4" }, + "BC | 16GB 2vCores" = { value = "MO_Standard_E2ds_v4" } } workspace_service_tags = { tre_id = var.tre_id diff --git a/templates/workspace_services/mysql/terraform/mysql.tf b/templates/workspace_services/mysql/terraform/mysql.tf index 9c0f387392..09d188e2eb 100644 --- a/templates/workspace_services/mysql/terraform/mysql.tf +++ b/templates/workspace_services/mysql/terraform/mysql.tf @@ -6,45 +6,39 @@ resource "random_password" "password" { min_special = 2 } -resource "azurerm_mysql_server" "mysql" { - name = "mysql-${local.service_resource_name_suffix}" - resource_group_name = data.azurerm_resource_group.ws.name - location = data.azurerm_resource_group.ws.location - administrator_login = "mysqladmin" - administrator_login_password = random_password.password.result - sku_name = local.sql_sku[var.sql_sku].value - storage_mb = var.storage_mb - version = "8.0" - auto_grow_enabled = true - backup_retention_days = 7 - geo_redundant_backup_enabled = false - infrastructure_encryption_enabled = false - public_network_access_enabled = false - ssl_enforcement_enabled = true - ssl_minimal_tls_version_enforced = "TLS1_2" - tags = local.workspace_service_tags - - lifecycle { ignore_changes = [tags] } +resource "azurerm_mysql_flexible_server" "mysql" { + name = "mysql-${local.service_resource_name_suffix}" + resource_group_name = data.azurerm_resource_group.ws.name + location = data.azurerm_resource_group.ws.location + administrator_login = "mysqladmin" + administrator_password = random_password.password.result + sku_name = local.sql_sku[var.sql_sku].value + version = "8.0.21" + backup_retention_days = 7 + geo_redundant_backup_enabled = false + tags = local.workspace_service_tags + + lifecycle { ignore_changes = [tags, zone] } } -resource "azurerm_mysql_database" "db" { +resource "azurerm_mysql_flexible_database" "db" { name = var.db_name resource_group_name = data.azurerm_resource_group.ws.name - server_name = azurerm_mysql_server.mysql.name + server_name = azurerm_mysql_flexible_server.mysql.name charset = "utf8" collation = "utf8_unicode_ci" } resource "azurerm_private_endpoint" "mysql_private_endpoint" { - name = "pe-${azurerm_mysql_server.mysql.name}" + name = "pe-${azurerm_mysql_flexible_server.mysql.name}" location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name subnet_id = data.azurerm_subnet.services.id tags = local.workspace_service_tags private_service_connection { - private_connection_resource_id = azurerm_mysql_server.mysql.id - name = "psc-${azurerm_mysql_server.mysql.name}" + private_connection_resource_id = azurerm_mysql_flexible_server.mysql.id + name = "psc-${azurerm_mysql_flexible_server.mysql.name}" subresource_names = ["mysqlServer"] is_manual_connection = false } @@ -58,7 +52,7 @@ resource "azurerm_private_endpoint" "mysql_private_endpoint" { } resource "azurerm_key_vault_secret" "db_password" { - name = "${azurerm_mysql_server.mysql.name}-administrator-password" + name = "${azurerm_mysql_flexible_server.mysql.name}-administrator-password" value = random_password.password.result key_vault_id = data.azurerm_key_vault.ws.id tags = local.workspace_service_tags diff --git a/templates/workspace_services/mysql/terraform/outputs.tf b/templates/workspace_services/mysql/terraform/outputs.tf index 824c5705ab..4b6aaa7fe0 100644 --- a/templates/workspace_services/mysql/terraform/outputs.tf +++ b/templates/workspace_services/mysql/terraform/outputs.tf @@ -1,3 +1,3 @@ output "mysql_fqdn" { - value = azurerm_mysql_server.mysql.fqdn + value = azurerm_mysql_flexible_server.mysql.fqdn }