From 3b769e818394bda3fc8e400f1be1547f7c0da1f6 Mon Sep 17 00:00:00 2001 From: Kohei Saito Date: Mon, 15 Jan 2024 23:13:50 +0900 Subject: [PATCH 1/2] remove observer vm resources --- terraform/bootstrap/data_guard/module.tf | 91 ------------------------ 1 file changed, 91 deletions(-) diff --git a/terraform/bootstrap/data_guard/module.tf b/terraform/bootstrap/data_guard/module.tf index c2e9626..a00283f 100644 --- a/terraform/bootstrap/data_guard/module.tf +++ b/terraform/bootstrap/data_guard/module.tf @@ -92,48 +92,6 @@ module "vm_secondary" { } } -module "vm_observer" { - source = "../../../terraform_units/modules/compute" - - subscription_id = module.common_infrastructure.current_subscription.subscription_id - resource_group = module.common_infrastructure.resource_group - vm_name = "vm-observer" - public_key = var.ssh_key - sid_username = "oracle" - nic_id = module.network.nics_oracledb_observer.id - vm_sku = var.vm_sku - vm_source_image_reference = var.vm_source_image_reference - - vm_os_disk = { - name = "osdisk-observer" - caching = "ReadWrite" - storage_account_type = "Premium_LRS" - disk_encryption_set_id = null - disk_size_gb = 128 - } - - aad_system_assigned_identity = false - assign_subscription_permissions = true - - is_diagnostic_settings_enabled = module.common_infrastructure.is_diagnostic_settings_enabled - diagnostic_target = module.common_infrastructure.diagnostic_target - storage_account_id = module.common_infrastructure.target_storage_account_id - storage_account_sas_token = module.common_infrastructure.target_storage_account_sas - log_analytics_workspace_id = module.common_infrastructure.log_analytics_workspace_id - eventhub_authorization_rule_id = module.common_infrastructure.eventhub_authorization_rule_id - partner_solution_id = module.common_infrastructure.partner_solution_id - tags = module.common_infrastructure.tags - - availability_zone = 3 - - role_assignments = { - role_assignment_1 = { - name = "Virtual Machine Contributor" - skip_service_principal_aad_check = false - } - } -} - module "network" { source = "../../../terraform_units/modules/network" @@ -229,29 +187,6 @@ module "storage_secondary" { } } -module "storage_observer" { - source = "../../../terraform_units/modules/storage" - - resource_group = module.common_infrastructure.resource_group - is_data_guard = module.common_infrastructure.is_data_guard - naming = "oracle-observer" - vm = module.vm_observer.vm[0] - tags = module.common_infrastructure.tags - database_disks_options = { - data_disks = var.database_disks_options.data_disks - asm_disks = var.database_disks_options.asm_disks - redo_disks = var.database_disks_options.redo_disks - } - availability_zone = module.vm_observer.availability_zone - - role_assignments = { - role_assignment_1 = { - name = "Contributor" - skip_service_principal_aad_check = false - } - } -} - ######################################################################################### # # # JIT Access Policy # @@ -308,29 +243,3 @@ resource "azapi_resource" "jit_ssh_policy_secondary" { depends_on = [module.vm_secondary] } - -resource "azapi_resource" "jit_ssh_policy_observer" { - count = module.vm_observer.database_server_count - name = "JIT-SSH-Policy-observer" - parent_id = "${module.common_infrastructure.resource_group.id}/providers/Microsoft.Security/locations/${module.common_infrastructure.resource_group.location}" - type = "Microsoft.Security/locations/jitNetworkAccessPolicies@2020-01-01" - schema_validation_enabled = false - body = jsonencode({ - "kind" : "Basic" - "properties" : { - "virtualMachines" : [{ - "id" : "/subscriptions/${module.common_infrastructure.current_subscription.subscription_id}/resourceGroups/${module.common_infrastructure.resource_group.name}/providers/Microsoft.Compute/virtualMachines/${module.vm_observer.vm[0].name}", - "ports" : [ - { - "number" : 22, - "protocol" : "TCP", - "allowedSourceAddressPrefix" : "*", - "maxRequestAccessDuration" : "PT3H" - } - ] - }] - } - }) - - depends_on = [module.vm_observer] -} From a996c1f573442bfe8e80435b152cd88ab4f23d64 Mon Sep 17 00:00:00 2001 From: Kohei Saito Date: Fri, 19 Jan 2024 16:48:23 +0900 Subject: [PATCH 2/2] remove pip and nic for the observer node --- terraform_units/modules/network/diagnostic_settings.tf | 6 +++--- terraform_units/modules/network/nic.tf | 8 ++++---- terraform_units/modules/network/outputs.tf | 4 ---- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/terraform_units/modules/network/diagnostic_settings.tf b/terraform_units/modules/network/diagnostic_settings.tf index f9a8c73..d511f43 100644 --- a/terraform_units/modules/network/diagnostic_settings.tf +++ b/terraform_units/modules/network/diagnostic_settings.tf @@ -36,7 +36,7 @@ resource "azurerm_monitor_diagnostic_setting" "nsg" { } resource "azurerm_monitor_diagnostic_setting" "pip" { - count = var.is_diagnostic_settings_enabled ? var.is_data_guard ? 3 : 1 : 0 + count = var.is_diagnostic_settings_enabled ? var.is_data_guard ? 2 : 1 : 0 name = "pip" target_resource_id = azurerm_public_ip.vm_pip[count.index].id storage_account_id = var.diagnostic_target == "Storage_Account" ? var.storage_account_id : null @@ -110,7 +110,7 @@ data "azurerm_monitor_diagnostic_categories" "vnet" { } data "azurerm_network_interface" "nic" { - count = var.is_data_guard ? 3 : 1 + count = var.is_data_guard ? 2 : 1 name = "oraclevmnic-${count.index}" resource_group_name = var.resource_group.name @@ -126,7 +126,7 @@ data "azurerm_network_security_group" "nsg" { } data "azurerm_public_ip" "pip" { - count = var.is_data_guard ? 3 : 1 + count = var.is_data_guard ? 2 : 1 name = "vmpip-${count.index}" resource_group_name = var.resource_group.name diff --git a/terraform_units/modules/network/nic.tf b/terraform_units/modules/network/nic.tf index 785e904..0124a7d 100644 --- a/terraform_units/modules/network/nic.tf +++ b/terraform_units/modules/network/nic.tf @@ -4,7 +4,7 @@ # # ######################################################################################### resource "azurerm_network_interface" "oracle_db" { - count = var.is_data_guard ? 3 : 1 + count = var.is_data_guard ? 2 : 1 name = "oraclevmnic-${count.index}" location = var.resource_group.location @@ -41,7 +41,7 @@ resource "azurerm_network_interface" "oracle_db" { } data "azurerm_network_interface" "oracle_db" { - count = var.is_data_guard ? 3 : 1 + count = var.is_data_guard ? 2 : 1 name = "oraclevmnic-${count.index}" resource_group_name = var.resource_group.name @@ -49,7 +49,7 @@ data "azurerm_network_interface" "oracle_db" { } resource "azurerm_public_ip" "vm_pip" { - count = var.is_data_guard ? 3 : 1 + count = var.is_data_guard ? 2 : 1 name = "vmpip-${count.index}" location = var.resource_group.location resource_group_name = var.resource_group.name @@ -60,7 +60,7 @@ resource "azurerm_public_ip" "vm_pip" { } data "azurerm_public_ip" "vm_pip" { - count = var.is_data_guard ? 3 : 1 + count = var.is_data_guard ? 2 : 1 name = "vmpip-${count.index}" resource_group_name = var.resource_group.name diff --git a/terraform_units/modules/network/outputs.tf b/terraform_units/modules/network/outputs.tf index 9317fc1..8c0abff 100644 --- a/terraform_units/modules/network/outputs.tf +++ b/terraform_units/modules/network/outputs.tf @@ -23,10 +23,6 @@ output "nics_oracledb_secondary" { value = var.is_data_guard ? azurerm_network_interface.oracle_db[1] : null } -output "nics_oracledb_observer" { - value = var.is_data_guard ? azurerm_network_interface.oracle_db[2] : null -} - output "db_server_ips" { value = azurerm_network_interface.oracle_db[*].private_ip_addresses[0] }