Merge pull request #54 from Azure/fix/remove-observervm

Remove observer vm resources
Azure · Jan 19, 2024 · fa09603 · fa09603
2 parents 6805845 + a996c1f
commit fa09603
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 102 deletions.
diff --git a/terraform/bootstrap/data_guard/module.tf b/terraform/bootstrap/data_guard/module.tf
@@ -92,48 +92,6 @@ module "vm_secondary" {
   }
 }
 
-module "vm_observer" {
-  source = "../../../terraform_units/modules/compute"
-
-  subscription_id           = module.common_infrastructure.current_subscription.subscription_id
-  resource_group            = module.common_infrastructure.resource_group
-  vm_name                   = "vm-observer"
-  public_key                = var.ssh_key
-  sid_username              = "oracle"
-  nic_id                    = module.network.nics_oracledb_observer.id
-  vm_sku                    = var.vm_sku
-  vm_source_image_reference = var.vm_source_image_reference
-
-  vm_os_disk = {
-    name                   = "osdisk-observer"
-    caching                = "ReadWrite"
-    storage_account_type   = "Premium_LRS"
-    disk_encryption_set_id = null
-    disk_size_gb           = 128
-  }
-
-  aad_system_assigned_identity    = false
-  assign_subscription_permissions = true
-
-  is_diagnostic_settings_enabled = module.common_infrastructure.is_diagnostic_settings_enabled
-  diagnostic_target              = module.common_infrastructure.diagnostic_target
-  storage_account_id             = module.common_infrastructure.target_storage_account_id
-  storage_account_sas_token      = module.common_infrastructure.target_storage_account_sas
-  log_analytics_workspace_id     = module.common_infrastructure.log_analytics_workspace_id
-  eventhub_authorization_rule_id = module.common_infrastructure.eventhub_authorization_rule_id
-  partner_solution_id            = module.common_infrastructure.partner_solution_id
-  tags                           = module.common_infrastructure.tags
-
-  availability_zone = 3
-
-  role_assignments = {
-    role_assignment_1 = {
-      name                             = "Virtual Machine Contributor"
-      skip_service_principal_aad_check = false
-    }
-  }
-}
-
 module "network" {
   source = "../../../terraform_units/modules/network"
 
@@ -229,29 +187,6 @@ module "storage_secondary" {
   }
 }
 
-module "storage_observer" {
-  source = "../../../terraform_units/modules/storage"
-
-  resource_group = module.common_infrastructure.resource_group
-  is_data_guard  = module.common_infrastructure.is_data_guard
-  naming         = "oracle-observer"
-  vm             = module.vm_observer.vm[0]
-  tags           = module.common_infrastructure.tags
-  database_disks_options = {
-    data_disks = var.database_disks_options.data_disks
-    asm_disks  = var.database_disks_options.asm_disks
-    redo_disks = var.database_disks_options.redo_disks
-  }
-  availability_zone = module.vm_observer.availability_zone
-
-  role_assignments = {
-    role_assignment_1 = {
-      name                             = "Contributor"
-      skip_service_principal_aad_check = false
-    }
-  }
-}
-
 #########################################################################################
 #                                                                                       #
 #  JIT Access Policy                                                                    #
@@ -308,29 +243,3 @@ resource "azapi_resource" "jit_ssh_policy_secondary" {
 
   depends_on = [module.vm_secondary]
 }
-
-resource "azapi_resource" "jit_ssh_policy_observer" {
-  count                     = module.vm_observer.database_server_count
-  name                      = "JIT-SSH-Policy-observer"
-  parent_id                 = "${module.common_infrastructure.resource_group.id}/providers/Microsoft.Security/locations/${module.common_infrastructure.resource_group.location}"
-  type                      = "Microsoft.Security/locations/jitNetworkAccessPolicies@2020-01-01"
-  schema_validation_enabled = false
-  body = jsonencode({
-    "kind" : "Basic"
-    "properties" : {
-      "virtualMachines" : [{
-        "id" : "/subscriptions/${module.common_infrastructure.current_subscription.subscription_id}/resourceGroups/${module.common_infrastructure.resource_group.name}/providers/Microsoft.Compute/virtualMachines/${module.vm_observer.vm[0].name}",
-        "ports" : [
-          {
-            "number" : 22,
-            "protocol" : "TCP",
-            "allowedSourceAddressPrefix" : "*",
-            "maxRequestAccessDuration" : "PT3H"
-          }
-        ]
-      }]
-    }
-  })
-
-  depends_on = [module.vm_observer]
-}
diff --git a/terraform_units/modules/network/diagnostic_settings.tf b/terraform_units/modules/network/diagnostic_settings.tf
@@ -36,7 +36,7 @@ resource "azurerm_monitor_diagnostic_setting" "nsg" {
 }
 
 resource "azurerm_monitor_diagnostic_setting" "pip" {
-  count                          = var.is_diagnostic_settings_enabled ? var.is_data_guard ? 3 : 1 : 0
+  count                          = var.is_diagnostic_settings_enabled ? var.is_data_guard ? 2 : 1 : 0
   name                           = "pip"
   target_resource_id             = azurerm_public_ip.vm_pip[count.index].id
   storage_account_id             = var.diagnostic_target == "Storage_Account" ? var.storage_account_id : null
@@ -110,7 +110,7 @@ data "azurerm_monitor_diagnostic_categories" "vnet" {
 }
 
 data "azurerm_network_interface" "nic" {
-  count               = var.is_data_guard ? 3 : 1
+  count               = var.is_data_guard ? 2 : 1
   name                = "oraclevmnic-${count.index}"
   resource_group_name = var.resource_group.name
 
@@ -126,7 +126,7 @@ data "azurerm_network_security_group" "nsg" {
 }
 
 data "azurerm_public_ip" "pip" {
-  count               = var.is_data_guard ? 3 : 1
+  count               = var.is_data_guard ? 2 : 1
   name                = "vmpip-${count.index}"
   resource_group_name = var.resource_group.name
 

diff --git a/terraform_units/modules/network/nic.tf b/terraform_units/modules/network/nic.tf
@@ -4,7 +4,7 @@
 #                                                                                       #
 #########################################################################################
 resource "azurerm_network_interface" "oracle_db" {
-  count = var.is_data_guard ? 3 : 1
+  count = var.is_data_guard ? 2 : 1
   name  = "oraclevmnic-${count.index}"
 
   location                      = var.resource_group.location
@@ -41,15 +41,15 @@ resource "azurerm_network_interface" "oracle_db" {
 }
 
 data "azurerm_network_interface" "oracle_db" {
-  count               = var.is_data_guard ? 3 : 1
+  count               = var.is_data_guard ? 2 : 1
   name                = "oraclevmnic-${count.index}"
   resource_group_name = var.resource_group.name
 
   depends_on = [azurerm_network_interface.oracle_db]
 }
 
 resource "azurerm_public_ip" "vm_pip" {
-  count               = var.is_data_guard ? 3 : 1
+  count               = var.is_data_guard ? 2 : 1
   name                = "vmpip-${count.index}"
   location            = var.resource_group.location
   resource_group_name = var.resource_group.name
@@ -60,7 +60,7 @@ resource "azurerm_public_ip" "vm_pip" {
 }
 
 data "azurerm_public_ip" "vm_pip" {
-  count               = var.is_data_guard ? 3 : 1
+  count               = var.is_data_guard ? 2 : 1
   name                = "vmpip-${count.index}"
   resource_group_name = var.resource_group.name
 

diff --git a/terraform_units/modules/network/outputs.tf b/terraform_units/modules/network/outputs.tf
@@ -23,10 +23,6 @@ output "nics_oracledb_secondary" {
   value = var.is_data_guard ? azurerm_network_interface.oracle_db[1] : null
 }
 
-output "nics_oracledb_observer" {
-  value = var.is_data_guard ? azurerm_network_interface.oracle_db[2] : null
-}
-
 output "db_server_ips" {
   value = azurerm_network_interface.oracle_db[*].private_ip_addresses[0]
 }