Skip to content
This repository has been archived by the owner on Mar 6, 2023. It is now read-only.
/ terraform-azurerm-run-iaas Public archive

[Deprecated] Terraform module composition (feature) to setup Claranet MSP Azure IaaS/VM tools

License

Apache-2.0 license
3 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

claranet/terraform-azurerm-run-iaas

BranchesTags

Repository files navigation

DEPRECATED - Azure RUN IaaS/VM

Changelog Notice Apache V2 License TF Registry

âš  This module is deprecated, please use run module

A terraform feature which includes services needed for Claranet RUN/MSP on Azure IaaS resources (VMs).

It includes:

Requirements

  • You need to have at least the Contributor role on the subscriptions to use update_center_periodic_assessment_enabled with Update Management Center module.

Global versioning rule for Claranet Azure modules

Module version Terraform version AzureRM version
>= 7.x.x 1.3.x >= 3.0
>= 6.x.x 1.x >= 3.0
>= 5.x.x 0.15.x >= 2.0
>= 4.x.x 0.13.x / 0.14.x >= 2.0
>= 3.x.x 0.12.x >= 2.0
>= 2.x.x 0.12.x < 2.0
< 2.x.x 0.11.x < 2.0

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

module "azure_region" {
  source  = "claranet/regions/azurerm"
  version = "x.x.x"

  azure_region = var.azure_region
}

module "rg" {
  source  = "claranet/rg/azurerm"
  version = "x.x.x"

  location    = module.azure_region.location
  client_name = var.client_name
  environment = var.environment
  stack       = var.stack
}

module "logs" {
  source  = "claranet/run-common/azurerm//modules/logs"
  version = "x.x.x"

  client_name    = var.client_name
  location       = module.azure_region.location
  location_short = module.azure_region.location_short
  environment    = var.environment
  stack          = var.stack

  resource_group_name = module.rg.resource_group_name
}

resource "time_offset" "update_template" {
  offset_hours = 4
}

locals {
  update_template_time = format("%02d:%02d", time_offset.update_template.hour, time_offset.update_template.minute)
  update_template_date = substr(time_offset.update_template.rfc3339, 0, 10)
}

module "run_iaas" {
  source  = "claranet/run-iaas/azurerm"
  version = "x.x.x"

  client_name    = var.client_name
  location       = module.azure_region.location
  location_short = module.azure_region.location_short
  environment    = var.environment
  stack          = var.stack

  resource_group_name        = module.rg.resource_group_name
  log_analytics_workspace_id = module.logs.log_analytics_workspace_id

  update_management_os_list        = ["Linux"]
  update_management_scope          = [module.rg.resource_group_id]
  update_management_tags_filtering = { update_color = ["blue"] }
  update_management_schedule = [{
    startTime  = "${local.update_template_date}T${local.update_template_time}:00+00:00"
    expiryTime = "9999-12-31T23:59:00+00:00"
    isEnabled  = true
    interval   = 1
    frequency  = "Month"
    timeZone   = "UTC"
    advancedSchedule = {
      monthlyOccurrences = [
        {
          occurrence = 3
          day        = "Monday"
        }
      ]
    }
  }]

  logs_destinations_ids = [module.logs.log_analytics_workspace_id]

  extra_tags = {
    foo = "bar"
  }
}

Providers

No providers.

Modules

Name Source Version
automation_account ./modules/automation-account n/a
backup ./modules/backup n/a
update_management ./modules/update-management n/a
update_management_center ./modules/update-center n/a
vm_monitoring ./modules/vm-monitoring n/a

Resources

No resources.

Inputs

Name Description Type Default Required
automation_account_extra_tags Extra tags to add to automation account. map(string) {} no
automation_account_identity_type Automation Account identity type. Possible values include: null, SystemAssigned and UserAssigned. 
object({
    type         = string
    identity_ids = list(string)
  })
 
{
  "identity_ids": [],
  "type": "SystemAssigned"
}
 no
automation_account_sku Automation account Sku. string "Basic" no
client_name Client name. string n/a yes
custom_automation_account_name Automation account custom name. string "" no
custom_diagnostic_settings_name Custom name of the diagnostics settings, name will be 'default' if not set. string "default" no
data_collection_syslog_facilities_names List of syslog to retrieve in Data Collection Rule. list(string) 
[
  "auth",
  "authpriv",
  "cron",
  "daemon",
  "mark",
  "kern",
  "local0",
  "local1",
  "local2",
  "local3",
  "local4",
  "local5",
  "local6",
  "local7",
  "lpr",
  "mail",
  "news",
  "syslog",
  "user",
  "uucp"
]
 no
data_collection_syslog_levels List of syslog levels to retrieve in Data Collection Rule. list(string) 
[
  "Error",
  "Critical",
  "Alert",
  "Emergency"
]
 no
dcr_custom_name VM Monitoring - Data Collection rule custom name. string "" no
default_tags_enabled Option to enable or disable default tags. bool true no
deploy_update_management_solution Should we deploy the Log Analytics Update solution or not. bool true no
environment Environment name. string n/a yes
extra_tags Extra tags to add. map(string) {} no
file_share_backup_daily_policy_retention The number of daily file share backups to keep. Must be between 7 and 9999. number 30 no
file_share_backup_monthly Map to configure the monthly File Share backup policy according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share#retention_monthly. any {} no
file_share_backup_policy_custom_name Azure Backup - File share backup policy custom name. Empty by default, using naming convention. string "" no
file_share_backup_policy_frequency Specifies the frequency for file_share backup schedules. Must be either Daily or Weekly. string "Daily" no
file_share_backup_policy_time The time of day to perform the file share backup in 24hour format. string "04:00" no
file_share_backup_policy_timezone Specifies the timezone for file share backup schedules. Defaults to UTC. string "UTC" no
file_share_backup_weekly Map to configure the weekly File Share backup policy according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share#retention_weekly. any {} no
file_share_backup_yearly Map to configure the yearly File Share backup policy according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share#retention_yearly. any {} no
linux_update_management_config_name Custom configuration name for Linux Update management. string "Standard Linux Update Schedule" no
linux_update_management_configuration Linux specific update management configuration. Possible values for reboot_setting are IfRequired, RebootOnly, Never, Always. More informations on the documentation. any 
{
  "excluded_packages": [],
  "included_packages": [],
  "reboot_setting": "IfRequired",
  "update_classifications": "Critical, Security"
}
 no
linux_update_management_duration To set the maintenance window for Linux machines, the duration must be a minimum of 30 minutes and less than 6 hours. The last 20 minutes of the maintenance window is dedicated for machine restart and any remaining updates will not be started once this interval is reached. In-progress updates will finish being applied. This parameter needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. Defaults to 2 hours (PT2H). string null no
linux_update_management_schedule Map of specific schedule parameters for update management of Linux machines. All parameters are available on the documentation. list(any) null no
linux_update_management_scope Scope of the update management for Linux machines, it can be a subscription ID, a resource group ID etc.. list(string) null no
linux_update_management_tags_filtering Filter scope for Linux machines using tags on VMs. Example :
{ os_family = ["linux"] }
.		 map(any) null no
linux_update_management_tags_filtering_operator Filter Linux VMs by Any or All specified tags. Possible values are All or Any. string null no
location Azure location. string n/a yes
location_short Short string for Azure location. string n/a yes
log_analytics_resource_group_name Log Analytics Workspace resource group name (if different from resource_group_name variable.). string null no
log_analytics_workspace_id Log Analytics Workspace ID where the logs are sent and linked to Automation account. string n/a yes
log_analytics_workspace_link_enabled Enable Log Analytics Workspace that will be connected with the automation account. bool true no
logs_categories Log categories to send to destinations. list(string) null no
logs_destinations_ids List of destination resources IDs for logs diagnostic destination.
Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.
If you want to specify an Azure EventHub to send logs and metrics to, you need to provide a formated string with both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the `		 ` character. list(string) n/a
logs_metrics_categories Metrics categories to send to destinations. list(string) null no
logs_retention_days Number of days to keep logs on storage account. number 30 no
name_prefix Optional prefix for the generated name. string "" no
name_suffix Optional suffix for the generated name. string "" no
recovery_vault_cross_region_restore_enabled Is cross region restore enabled for this Vault? Only can be true, when storage_mode_type is GeoRedundant. Defaults to false. bool true no
recovery_vault_custom_name Azure Recovery Vault custom name. Empty by default, using naming convention. string "" no
recovery_vault_extra_tags Extra tags to add to recovery vault. map(string) {} no
recovery_vault_identity_type Azure Recovery Vault identity type. Possible values include: null, SystemAssigned. Default to SystemAssigned. string "SystemAssigned" no
recovery_vault_sku Azure Recovery Vault SKU. Possible values include: Standard, RS0. Default to Standard. string "Standard" no
recovery_vault_soft_delete_enabled Is soft delete enable for this Vault? Defaults to true. bool true no
recovery_vault_storage_mode_type The storage type of the Recovery Services Vault. Possible values are GeoRedundant, LocallyRedundant and ZoneRedundant. Defaults to GeoRedundant. string "GeoRedundant" no
resource_group_name Resource Group the resources will belong to. string n/a yes
stack Stack name. string n/a yes
update_center_enabled Enable the Update Management Center. bool false no
update_center_maintenance_configurations Update Management Center maintenance configurations. https://learn.microsoft.com/en-us/azure/virtual-machines/maintenance-configurations. 
list(object({
    configuration_name = string
    start_date_time    = string
    duration           = optional(string, "02:00")
    time_zone          = optional(string, "UTC")
    recur_every        = string
    reboot_setting     = optional(string, "IfRequired")
    windows_classifications_to_include = optional(list(string), [
      "Critical",
      "Definition",
      "FeaturePack",
      "Security",
      "ServicePack",
      "Tools",
      "UpdateRollup",
      "Updates",
    ])
    linux_classifications_to_include = optional(list(string), [
      "Critical",
      "Security",
      "Other",
    ])
  }))
 [] no
update_center_periodic_assessment_enabled Enable auto-assessment (every 24 hours) for OS updates on native Azure virtual machines by assigning Azure Policy. bool true no
update_center_periodic_assessment_exclusions Exclude some resources from auto-assessment. list(string) [] no
update_center_periodic_assessment_scopes Scope to assign the Azure Policy for auto-assessment. Can be Management Groups, Subscriptions, Resource Groups or Virtual Machines. list(string) [] no
update_management_duration To set the maintenance window, the duration must be a minimum of 30 minutes and less than 6 hours. The last 20 minutes of the maintenance window is dedicated for machine restart and any remaining updates will not be started once this interval is reached. In-progress updates will finish being applied. This parameter needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. Defaults to 2 hours (PT2H). string "PT2H" no
update_management_name_prefix Name prefix to apply on Update Management resources. string null no
update_management_os_list List of OS to cover. Possible values can be Windows or Linux. Define empty list to disable update management. list(string) n/a yes
update_management_schedule List of Map with schedule parameters for update management. All parameters are available on the documentation. list(any) n/a yes
update_management_scope Scope of the update management, it can be a subscription ID, a resource group ID etc.. list(string) null no
update_management_tags_filtering Filter scope using tags on VMs. Example :
{ os_family = ["linux"] }
.		 map(any) {} no
update_management_tags_filtering_operator Filter VMs by Any or All specified tags. Possible values are All or Any. string "Any" no
use_caf_naming Use the Azure CAF naming provider to generate default resource name. custom_automation_account_name override this if set. Legacy default name is used if this is set to false. bool true no
vm_backup_daily_policy_retention The number of daily VM backups to keep. Must be between 7 and 9999. number 30 no
vm_backup_monthly Map to configure the monthly backup policy according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_vm#retention_monthly. any {} no
vm_backup_policy_custom_name Azure Backup - VM backup policy custom name. Empty by default, using naming convention. string "" no
vm_backup_policy_frequency Specifies the frequency for VM backup schedules. Must be either Daily or Weekly. string "Daily" no
vm_backup_policy_time The time of day to preform the backup in 24hour format. string "04:00" no
vm_backup_policy_timezone Specifies the timezone for schedules. Defaults to UTC. string "UTC" no
vm_backup_weekly Map to configure the weekly backup policy according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_vm#retention_weekly. any {} no
vm_backup_yearly Map to configure the yearly backup policy according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_vm#retention_yearly. any {} no
windows_update_management_configuration Windows specific update management configuration. Possible values for reboot_setting are IfRequired, RebootOnly, Never, Always. More informations on the documentation. any 
{
  "excluded_kb_numbers": [],
  "included_kb_numbers": [],
  "reboot_setting": "IfRequired",
  "update_classifications": "Critical, Security"
}
 no
windows_update_management_configuration_name Custom configuration name for Windows Update management. string "Standard Windows Update Schedule" no
windows_update_management_duration To set the maintenance window for Windows machines, the duration must be a minimum of 30 minutes and less than 6 hours. The last 20 minutes of the maintenance window is dedicated for machine restart and any remaining updates will not be started once this interval is reached. In-progress updates will finish being applied. This parameter needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. Defaults to 2 hours (PT2H). string null no
windows_update_management_schedule Map of specific schedule parameters for update management of Windows machines. All parameters are available on the documentation. list(any) null no
windows_update_management_scope Scope of the update management for Windows machines, it can be a subscription ID, a resource group ID etc.. list(string) null no
windows_update_management_tags_filtering Filter scope for Windows machines using tags on VMs. Example :
{ os_family = ["windows"] }
.		 map(any) null no
windows_update_management_tags_filtering_operator Filter Windows VMs by Any or All specified tags. Possible values are All or Any. string null no

Outputs

Name Description
automation_account_dsc_primary_access_key Azure Automation Account DSC Primary Acess Key.
automation_account_dsc_secondary_access_key Azure Automation Account DSC Secondary Acess Key.
automation_account_dsc_server_endpoint Azure Automation Account DSC Server Endpoint.
automation_account_id Azure Automation Account ID.
automation_account_name Azure Automation Account name.
data_collection_rule Azure Monitor Data Collection Rule object.
data_collection_rule_id Id of the Azure Monitor Data Collection Rule.
data_collection_rule_name Name of the Azure Monitor Data Collection Rule.
file_share_backup_policy_id File share Backup policy ID.
file_share_backup_policy_name File share Backup policy name.
maintenance_configurations Maintenance Configurations informations.
recovery_vault_id Azure Recovery Services Vault ID.
recovery_vault_name Azure Recovery Services Vault name.
vm_backup_policy_id VM Backup policy ID.
vm_backup_policy_name VM Backup policy name.

Related documentation

About

[Deprecated] Terraform module composition (feature) to setup Claranet MSP Azure IaaS/VM tools

Topics

module azure terraform claranet

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

7 watching

Forks

6 forks
Report repository

Releases

23 tags

Packages

No packages published

Contributors 8

Languages