diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 7115337..751b16a 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.78.0" - constraints = ">= 3.71.0, >= 3.76.0" + version = "3.81.0" + constraints = ">= 3.71.0, >= 3.76.0, >= 3.80.0" hashes = [ - "h1:DWJ+qB1AY68Is827deEJH4pV7BL4PhDmaaWLlYkhqLM=", - "h1:oXXa023punihP4XHVp1gUlkflXJ6Y/Oa3+tYIDz3HXM=", - "zh:09a965d5a35ddf418c0cc0eda507f79ba65ce679faa1ffc636c965c22cd2da88", - "zh:144523f78596df2843ccf9c4dfa53670c71c66ef1edb96853b4d06b8d2973e26", - "zh:1b2bbd1b2a7a8715f1bc828a174fc8f6810831cfebf3bffef141638b59aa4589", - "zh:223b5f2c07a71ee5d7f4e5cf9b814b276bb27be5f771f886cfd236db4ae67475", - "zh:26cd02f9496b8b9e9465eff24e9c29b0c99076fc3958ceaa84a1a0d6f02984eb", - "zh:6bec0065ba87ea80b151b6398b1ba2295eb967993f15322f25f1c74defc56c6d", - "zh:8aaa89e3403630c73a5280b57aa6e7c993686247b141ec9801365e1bb1677439", - "zh:8d8dd6a9a2baee8e9fea3b1e181d0a17d6a71e64d9692265770a72bfee012a15", - "zh:97ba1582da8ac1b65c9e01b43d1b5ba842c3b8a97d5dee9e033e018d13dbdeda", - "zh:b05930cfe84c06a764f611d3a93035ab779766aeefa22c41616e948b99659da8", - "zh:da5e5752dff248356afb0c861df680e3345fdc3a52dfc92a7f150f4a780128c7", + "h1:lD3zASEoi00Dy2Nvj7agxd0RSV0wsElBWr8XJhnTbg0=", + "zh:000c3a458b6623fdfb1e3b08fa40f38bf4563193a9387886f10080047673cb13", + "zh:05cff5c0ac90b626d566981e4622d00f5465c71eef545877f7461eea3fde4152", + "zh:1de5b14c0d1eb51592e7d01c9df763ba610e2b559725d0a7a1616374d6094e7a", + "zh:35f9a458b4e54e488103a0f081a0e79a8e31aa6f8ad16fa8aff755d0806de2f4", + "zh:6762619a09dfb56f95b7fc5268cfcfd46950160d6b62d00bc1c9f5c7cd65f663", + "zh:786c3ea3a0ae173c23b01daf7bd2318a713588a50b9c4be886da0a0cb0c94905", + "zh:a5253e9fed9e487e7eb7f483b34d6131f2c457caa02674a2ada67f75a659e4cc", + "zh:ae0c2bf657bee5cf6f66a42c8960cdd2402a9c96b5fd28ce561f4b32b95f3620", + "zh:af4ddc88ae7a7b115f0327fca381c1ea9866e100169b6a9ae1c0ac8417a631a5", + "zh:afaf51e32b9da123187d568a9a6f59974c89a18f67ca87651ecd0cf30fa8f113", + "zh:e4c34b238272ed178d165628ce2a4a3fbe3e8f9b65c632f047b55685c18f7160", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } @@ -26,7 +25,6 @@ provider "registry.terraform.io/hashicorp/random" { version = "3.5.1" constraints = "~> 3.0" hashes = [ - "h1:3hjTP5tQBspPcFAJlfafnWrNrKnr7J4Cp0qB9jbqf30=", "h1:VSnd9ZIPyfKHOObuQCaKfnjIHRtR7qTw19Rz8tJxm+k=", "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", @@ -42,24 +40,3 @@ provider "registry.terraform.io/hashicorp/random" { "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", ] } - -provider "registry.terraform.io/microsoft/azuredevops" { - version = "0.10.0" - constraints = ">= 0.9.0" - hashes = [ - "h1:GazdScTk4i4y9aIsvsO7GYkHYPYJBfaddaU+VlkLnZg=", - "h1:GwFmEDohB4JeBGMMvSOdSw7SHxh1xZqQUfko7eaW+l4=", - "zh:07e596c045f8ee411c630e29e180e946d5e75af615e0223877de9c4718ff0265", - "zh:18c07b7b610a85079b510117296da1fe2cd99da3664ece2a98390329dac2b58a", - "zh:220949b1271420864d324f0494739b70ed79f66ad3d2928d9acb804bc04d1e75", - "zh:28638f4105ffe8db80fee3ac10de93b79e6e6812473f53e216c495e6a16151b5", - "zh:28a1882bbc8fa1b0eea908623ac6d45aa15757ca96b0a7acc784fc64e92d8ad9", - "zh:3dbed2631472baa0b38fb8ce644436f8e9373e650644d8b99ad372ad69733dca", - "zh:4662e1e782b25c29aa93f76d8182af8ef54798289219d4085715b53628365eda", - "zh:878caf183e77fbd3771fdb9c1e007ab8783ff47b6b383dee4d0a82f10d3a0c21", - "zh:bb021e2450534c3a47c4960bd91ccb36b8d68dab5fc172a70aaa3562f94607fa", - "zh:cc6eda6ae28755521a62545ca1a04423672756edd7370542101c5963b6a248f1", - "zh:fa50613fec6b8fc856810b80846bba32030dd5163c034061b667897851ff1c4e", - "zh:ffc9d217b9c1db1a4cbcd6d2d28360821145fa8e1d31c5c00d29128044018c31", - ] -} diff --git a/main.tf b/main.tf index 7db510a..b0f2145 100644 --- a/main.tf +++ b/main.tf @@ -46,6 +46,13 @@ resource "azurerm_virtual_network" "graphdb" { tags = local.tags } +resource "azurerm_subnet" "graphdb-gateway" { + name = "${var.resource_name_prefix}-gateway" + resource_group_name = azurerm_resource_group.graphdb.name + virtual_network_name = azurerm_virtual_network.graphdb.name + address_prefixes = var.app_gateway_subnet_address_prefix +} + resource "azurerm_subnet" "graphdb-vmss" { name = "${var.resource_name_prefix}-vmss" resource_group_name = azurerm_resource_group.graphdb.name @@ -55,6 +62,21 @@ resource "azurerm_subnet" "graphdb-vmss" { # ------------------------------------------------------------ +# Creates a public IP address with assigned FQDN from the regional Azure DNS +module "address" { + source = "./modules/address" + + resource_name_prefix = var.resource_name_prefix + resource_group_name = azurerm_resource_group.graphdb.name + # TODO: Rename to availability_zones for clarity... + zones = var.zones + + # TODO: Could rename to common_tags + tags = local.tags + + depends_on = [azurerm_resource_group.graphdb] +} + # Creates a user assigned identity which will be provided to GraphDB VMs. module "identity" { source = "./modules/identity" @@ -101,17 +123,40 @@ module "configuration" { ] } -# Creates a public load balancer for forwarding internet traffic to the GraphDB proxies -module "load_balancer" { - source = "./modules/load_balancer" +module "tls" { + source = "./modules/tls" resource_name_prefix = var.resource_name_prefix resource_group_name = azurerm_resource_group.graphdb.name - zones = var.zones + + key_vault_name = module.vault.key_vault_name + tls_certificate = filebase64(var.gateway_ssl_certificate_path) + # TODO: tls vs ssl + tls_certificate_password = var.gateway_ssl_certificate_password + + tags = local.tags + + depends_on = [azurerm_resource_group.graphdb, module.identity, module.vault] +} + +# Creates a public application gateway for forwarding internet traffic to the GraphDB proxies +module "application_gateway" { + source = "./modules/application_gateway" + + resource_name_prefix = var.resource_name_prefix + resource_group_name = azurerm_resource_group.graphdb.name + # TODO: Naming.. + network_interface_name = azurerm_virtual_network.graphdb.name + + gateway_subnet_name = azurerm_subnet.graphdb-gateway.name + + gateway_public_ip_name = module.address.public_ip_address_name + gateway_identity_name = module.tls.tls_identity_name + gateway_tls_certificate_secret_id = module.tls.tls_certificate_key_vault_secret_id tags = local.tags - depends_on = [azurerm_resource_group.graphdb, azurerm_virtual_network.graphdb] + depends_on = [azurerm_resource_group.graphdb, azurerm_virtual_network.graphdb, azurerm_subnet.graphdb-vmss, module.address] } # Module for resolving the GraphDB shared image ID @@ -149,11 +194,12 @@ module "vm" { network_interface_name = azurerm_virtual_network.graphdb.name zones = var.zones - graphdb_subnet_name = azurerm_subnet.graphdb-vmss.name - load_balancer_backend_address_pool_id = module.load_balancer.load_balancer_backend_address_pool_id - load_balancer_fqdn = module.load_balancer.load_balancer_fqdn - identity_name = module.identity.identity_name - key_vault_name = module.vault.key_vault_name + # TODO: A NAMING AAAAAA + graphdb_subnet_name = azurerm_subnet.graphdb-vmss.name + load_balancer_backend_address_pool_ids = [module.application_gateway.gateway_backend_address_pool_id] + load_balancer_fqdn = module.address.public_ip_address_fqdn + identity_name = module.identity.identity_name + key_vault_name = module.vault.key_vault_name data_disk_performance_tier = var.data_disk_performance_tier disk_size_gb = var.disk_size_gb diff --git a/modules/address/README.md b/modules/address/README.md new file mode 100644 index 0000000..77b2297 --- /dev/null +++ b/modules/address/README.md @@ -0,0 +1 @@ +# GraphDB Public IP Address Module diff --git a/modules/address/main.tf b/modules/address/main.tf new file mode 100644 index 0000000..bb01370 --- /dev/null +++ b/modules/address/main.tf @@ -0,0 +1,33 @@ +data "azurerm_resource_group" "graphdb" { + name = var.resource_group_name +} + +locals { + resource_group = data.azurerm_resource_group.graphdb.name + location = data.azurerm_resource_group.graphdb.location +} + +resource "random_string" "fqdn" { + length = 6 + special = false + upper = false + numeric = true +} + +resource "azurerm_public_ip" "graphdb-public-ip-address" { + name = "${var.resource_name_prefix}-public-address" + resource_group_name = local.resource_group + location = local.location + + sku = "Standard" + allocation_method = "Static" + zones = var.zones + + # TODO: idle_timeout_in_minutes is between 4 and 30 minutes, gotta test if this affects our data loading + + # TODO: This could be conditional or provided + # TODO: If we use a dedicated domain with TLS, this would not be needed + domain_name_label = "${var.resource_name_prefix}-${random_string.fqdn.result}" + + tags = var.tags +} diff --git a/modules/address/outputs.tf b/modules/address/outputs.tf new file mode 100644 index 0000000..b109bf5 --- /dev/null +++ b/modules/address/outputs.tf @@ -0,0 +1,9 @@ +output "public_ip_address_name" { + description = "Name of the public IP address" + value = azurerm_public_ip.graphdb-public-ip-address.name +} + +output "public_ip_address_fqdn" { + description = "The assigned FQDN of the public IP address" + value = azurerm_public_ip.graphdb-public-ip-address.fqdn +} diff --git a/modules/address/variables.tf b/modules/address/variables.tf new file mode 100644 index 0000000..5cb03aa --- /dev/null +++ b/modules/address/variables.tf @@ -0,0 +1,23 @@ +# General configurations + +variable "resource_name_prefix" { + description = "Resource name prefix used for tagging and naming AWS resources" + type = string +} + +variable "zones" { + description = "Availability zones for the public IP address." + type = list(number) + default = [1, 2, 3] +} + +variable "tags" { + description = "Common resource tags." + type = map(string) + default = {} +} + +variable "resource_group_name" { + description = "Name of the resource group where GraphDB will be deployed." + type = string +} diff --git a/modules/address/versions.tf b/modules/address/versions.tf new file mode 100644 index 0000000..26a04bb --- /dev/null +++ b/modules/address/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.3.1" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.71.0" + } + random = { + source = "hashicorp/random" + version = "~>3.0" + } + } +} diff --git a/modules/application_gateway/README.md b/modules/application_gateway/README.md new file mode 100644 index 0000000..c94eaa4 --- /dev/null +++ b/modules/application_gateway/README.md @@ -0,0 +1 @@ +# GraphDB Application Gateway Module diff --git a/modules/application_gateway/main.tf b/modules/application_gateway/main.tf new file mode 100644 index 0000000..8e941fc --- /dev/null +++ b/modules/application_gateway/main.tf @@ -0,0 +1,126 @@ +data "azurerm_resource_group" "graphdb" { + name = var.resource_group_name +} + +data "azurerm_subnet" "graphdb-gateway" { + name = var.gateway_subnet_name + resource_group_name = var.resource_group_name + virtual_network_name = var.network_interface_name +} + +data "azurerm_public_ip" "graphdb-gateway" { + name = var.gateway_public_ip_name + resource_group_name = var.resource_group_name +} + +data "azurerm_user_assigned_identity" "graphdb-gateway-tls" { + name = var.gateway_identity_name + resource_group_name = var.resource_group_name +} + +locals { + resource_group = data.azurerm_resource_group.graphdb.name + location = data.azurerm_resource_group.graphdb.location + + gateway_ip_configuration_name = "${var.resource_name_prefix}-gateway-ip-configuration" + gateway_frontend_port_name = "${var.resource_name_prefix}-gateway-public-port-configuration" + gateway_frontend_ip_configuration_name = "${var.resource_name_prefix}-gateway-public-ip-configuration" + gateway_backend_address_pool_name = "${var.resource_name_prefix}-gateway-backend-address-pool" + gateway_backend_http_settings_name = "${var.resource_name_prefix}-gateway-backend-http-settings" + gateway_http_probe_name = "${var.resource_name_prefix}-gateway-http-probe" + gateway_http_listener_name = "${var.resource_name_prefix}-gateway-http-listener" + gateway_request_routing_rule_name = "${var.resource_name_prefix}-gateway-request-routing-rule" + gateway_ssl_certificate_name = "${var.resource_name_prefix}-ssl" +} + +resource "azurerm_application_gateway" "graphdb" { + name = var.resource_name_prefix + resource_group_name = local.resource_group + location = local.location + + autoscale_configuration { + min_capacity = var.gateway_min_capacity + max_capacity = var.gateway_max_capacity + } + + enable_http2 = true + + # TODO: Connection draining? + + sku { + name = "Standard_v2" + tier = "Standard_v2" + } + + identity { + type = "UserAssigned" + identity_ids = [data.azurerm_user_assigned_identity.graphdb-gateway-tls.id] + } + + ssl_certificate { + name = local.gateway_ssl_certificate_name + key_vault_secret_id = var.gateway_tls_certificate_secret_id + } + + gateway_ip_configuration { + name = local.gateway_ip_configuration_name + subnet_id = data.azurerm_subnet.graphdb-gateway.id + } + + frontend_port { + name = local.gateway_frontend_port_name + port = 443 + } + + frontend_ip_configuration { + name = local.gateway_frontend_ip_configuration_name + public_ip_address_id = data.azurerm_public_ip.graphdb-gateway.id + } + + backend_address_pool { + name = local.gateway_backend_address_pool_name + } + + probe { + name = local.gateway_http_probe_name + + host = "127.0.0.1" + path = var.gateway_probe_path + protocol = var.gateway_backend_protocol + interval = var.gateway_probe_interval + timeout = var.gateway_probe_timeout + unhealthy_threshold = var.gateway_probe_threshold + } + + backend_http_settings { + name = local.gateway_backend_http_settings_name + path = var.gateway_backend_path + port = var.gateway_backend_port + protocol = var.gateway_backend_protocol + request_timeout = var.gateway_backend_request_timeout + + # Use dedicated HTTP probe + probe_name = local.gateway_http_probe_name + + cookie_based_affinity = "Disabled" + } + + http_listener { + name = local.gateway_http_listener_name + frontend_ip_configuration_name = local.gateway_frontend_ip_configuration_name + frontend_port_name = local.gateway_frontend_port_name + protocol = "Https" + ssl_certificate_name = local.gateway_ssl_certificate_name + } + + request_routing_rule { + name = local.gateway_request_routing_rule_name + priority = 1 + rule_type = "Basic" + http_listener_name = local.gateway_http_listener_name + backend_address_pool_name = local.gateway_backend_address_pool_name + backend_http_settings_name = local.gateway_backend_http_settings_name + } + + tags = var.tags +} diff --git a/modules/application_gateway/outputs.tf b/modules/application_gateway/outputs.tf new file mode 100644 index 0000000..6835f2c --- /dev/null +++ b/modules/application_gateway/outputs.tf @@ -0,0 +1,9 @@ +output "gateway_id" { + description = "Identifier of the application gateway for GraphDB" + value = azurerm_application_gateway.graphdb.id +} + +output "gateway_backend_address_pool_id" { + description = "Identifier of the application gateway backend address pool" + value = one(azurerm_application_gateway.graphdb.backend_address_pool).id +} diff --git a/modules/application_gateway/variables.tf b/modules/application_gateway/variables.tf new file mode 100644 index 0000000..ceaba96 --- /dev/null +++ b/modules/application_gateway/variables.tf @@ -0,0 +1,116 @@ +# General configurations + +variable "resource_name_prefix" { + description = "Resource name prefix used for tagging and naming AWS resources" + type = string +} + +variable "zones" { + description = "Availability zones" + type = list(number) + default = [1, 2, 3] +} + +variable "tags" { + description = "Common resource tags." + type = map(string) + default = {} +} + +variable "resource_group_name" { + description = "Name of the resource group where GraphDB will be deployed." + type = string +} + +# Networking + +variable "network_interface_name" { + description = "Network ID where GraphDB will be deployed" + type = string +} + +variable "gateway_subnet_name" { + description = "Subnet where the Application Gateway will be deployed" + type = string +} + +variable "gateway_public_ip_name" { + # TODO: descr + type = string +} + +# Application gateway specific configurations + +variable "gateway_min_capacity" { + # TODO: descr + type = number + default = 1 +} + +variable "gateway_max_capacity" { + # TODO: descr + type = number + default = 2 +} + +# TODO: update descriptions to mention gateway, not lb + +variable "gateway_backend_port" { + description = "Backend port for the load balancer rules" + type = number + default = 7201 +} + +variable "gateway_backend_path" { + description = "Backend path for the load balancer rules" + type = string + default = "/" +} + +variable "gateway_backend_protocol" { + # TODO : descr + type = string + default = "Http" +} + +variable "gateway_backend_request_timeout" { + # TODO : descr + type = number + default = 86400 # 1 day +} + +variable "gateway_probe_path" { + description = "The endpoint to check for GraphDB's health status" + type = string + default = "/rest/cluster/node/status" +} + +variable "gateway_probe_interval" { + description = "Interval in seconds between the health probe checks" + type = number + default = 10 +} + +variable "gateway_probe_timeout" { + description = "Timeout in seconds for the health probe checks" + type = number + default = 1 +} + +variable "gateway_probe_threshold" { + description = "Number of consecutive health checks to consider the probe passing or failing" + type = number + default = 1 +} + +# TLS certificate + +variable "gateway_tls_certificate_secret_id" { + description = "Secret identifier of the TLS certificate in the Key Vault." + type = string +} + +variable "gateway_identity_name" { + # TODO: descr + type = string +} diff --git a/modules/application_gateway/versions.tf b/modules/application_gateway/versions.tf new file mode 100644 index 0000000..26a04bb --- /dev/null +++ b/modules/application_gateway/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.3.1" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.71.0" + } + random = { + source = "hashicorp/random" + version = "~>3.0" + } + } +} diff --git a/modules/configuration/main.tf b/modules/configuration/main.tf index 2c838d4..728601a 100644 --- a/modules/configuration/main.tf +++ b/modules/configuration/main.tf @@ -65,7 +65,7 @@ resource "azurerm_key_vault_secret" "graphdb-java-options" { resource "azurerm_role_assignment" "graphdb-license-reader" { principal_id = data.azurerm_user_assigned_identity.graphdb-instances.principal_id scope = data.azurerm_key_vault.graphdb.id - role_definition_name = "Reader" + role_definition_name = "Key Vault Reader" } # Give rights to the provided identity to actually get the secret value diff --git a/modules/tls/README.md b/modules/tls/README.md new file mode 100644 index 0000000..421a61c --- /dev/null +++ b/modules/tls/README.md @@ -0,0 +1 @@ +# GraphDB TLS Module diff --git a/modules/tls/main.tf b/modules/tls/main.tf new file mode 100644 index 0000000..d55bd4a --- /dev/null +++ b/modules/tls/main.tf @@ -0,0 +1,39 @@ +data "azurerm_resource_group" "graphdb" { + name = var.resource_group_name +} + +data "azurerm_key_vault" "graphdb" { + name = var.key_vault_name + resource_group_name = var.resource_group_name +} + +locals { + resource_group = data.azurerm_resource_group.graphdb.name + location = data.azurerm_resource_group.graphdb.location +} + +resource "azurerm_user_assigned_identity" "graphdb-tls-certificate" { + name = "${var.resource_name_prefix}-tls" + resource_group_name = local.resource_group + location = local.location + + tags = var.tags +} + +# TODO: probably have to add Key Vault Reader as well + +resource "azurerm_role_assignment" "graphdb-tls-certificate-reader" { + principal_id = azurerm_user_assigned_identity.graphdb-tls-certificate.principal_id + scope = data.azurerm_key_vault.graphdb.id + role_definition_name = "Key Vault Secrets User" +} + +resource "azurerm_key_vault_certificate" "graphdb-tls-certificate" { + name = "${var.resource_name_prefix}-tls" + key_vault_id = data.azurerm_key_vault.graphdb.id + + certificate { + contents = var.tls_certificate + password = var.tls_certificate_password + } +} diff --git a/modules/tls/outputs.tf b/modules/tls/outputs.tf new file mode 100644 index 0000000..f5201ef --- /dev/null +++ b/modules/tls/outputs.tf @@ -0,0 +1,9 @@ +output "tls_certificate_key_vault_secret_id" { + description = "Secret identifier of the TLS certificate in the Key Vault" + value = azurerm_key_vault_certificate.graphdb-tls-certificate.secret_id +} + +output "tls_identity_name" { + description = "Name of the user assigned identity having permissions for reading the TLS certificate secret" + value = azurerm_user_assigned_identity.graphdb-tls-certificate.name +} diff --git a/modules/tls/variables.tf b/modules/tls/variables.tf new file mode 100644 index 0000000..2eddc58 --- /dev/null +++ b/modules/tls/variables.tf @@ -0,0 +1,37 @@ +# General configurations + +variable "resource_name_prefix" { + description = "Resource name prefix used for tagging and naming AWS resources" + type = string +} + +variable "tags" { + description = "Common resource tags." + type = map(string) + default = {} +} + +variable "resource_group_name" { + description = "Name of the resource group where GraphDB will be deployed." + type = string +} + +# + +variable "key_vault_name" { + description = "Name of a Key Vault containing GraphDB configurations" + type = string +} + +# TLS + +variable "tls_certificate" { + description = "TLS certificate in base64 encoding to be imported in Azure Key Vault." + type = string +} + +variable "tls_certificate_password" { + description = "TLS certificate password for password protected certificates." + type = string + default = null +} diff --git a/modules/tls/versions.tf b/modules/tls/versions.tf new file mode 100644 index 0000000..4811298 --- /dev/null +++ b/modules/tls/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.1" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.71.0" + } + } +} diff --git a/modules/vm/main.tf b/modules/vm/main.tf index 1314486..302117d 100644 --- a/modules/vm/main.tf +++ b/modules/vm/main.tf @@ -5,6 +5,7 @@ data "azurerm_resource_group" "graphdb" { data "azurerm_subnet" "graphdb" { name = var.graphdb_subnet_name resource_group_name = var.resource_group_name + # TODO: Rename the variable to match virtual_network_name = var.network_interface_name } @@ -106,11 +107,11 @@ resource "azurerm_linux_virtual_machine_scale_set" "graphdb" { network_security_group_id = azurerm_network_security_group.graphdb.id ip_configuration { - name = "${var.resource_name_prefix}-ip-config" - primary = true - subnet_id = local.subnet_id - - load_balancer_backend_address_pool_ids = [var.load_balancer_backend_address_pool_id] + name = "${var.resource_name_prefix}-ip-config" + primary = true + subnet_id = local.subnet_id + # TODO: Rename var + application_gateway_backend_address_pool_ids = var.load_balancer_backend_address_pool_ids # TODO: Temporary for testing. Remove after configuring the LB public_ip_address { diff --git a/modules/vm/templates/entrypoint.sh.tpl b/modules/vm/templates/entrypoint.sh.tpl index a1cf837..5318a38 100644 --- a/modules/vm/templates/entrypoint.sh.tpl +++ b/modules/vm/templates/entrypoint.sh.tpl @@ -140,8 +140,8 @@ EOF cat << EOF > /etc/graphdb-cluster-proxy/graphdb.properties graphdb.auth.token.secret=$graphdb_cluster_token graphdb.connector.port=7201 -graphdb.external-url=http://${load_balancer_fqdn} -graphdb.vhosts=http://${load_balancer_fqdn},http://$${node_dns}:7201 +graphdb.external-url=https://${load_balancer_fqdn} +graphdb.vhosts=https://${load_balancer_fqdn},http://$${node_dns}:7201 graphdb.rpc.address=$${node_dns}:7301 graphdb.proxy.hosts=$${node_dns}:7300 EOF diff --git a/modules/vm/variables.tf b/modules/vm/variables.tf index 5c00f0b..a228f16 100644 --- a/modules/vm/variables.tf +++ b/modules/vm/variables.tf @@ -46,11 +46,13 @@ variable "key_vault_name" { type = string } -# Load balancer +# Application Gateway -variable "load_balancer_backend_address_pool_id" { - description = "Identifier of the load balancer backend pool for GraphDB nodes" - type = string +#TODO: Update names +variable "load_balancer_backend_address_pool_ids" { + description = "Array of identifiers of load balancer backend pools for the GraphDB nodes" + type = list(string) + default = [] } variable "load_balancer_fqdn" { diff --git a/output.tf b/output.tf index a29b512..c7abbdb 100644 --- a/output.tf +++ b/output.tf @@ -1,4 +1,4 @@ -output "load_balancer_fqdn" { - description = "FQDN of the load balancer for GraphDB" - value = module.load_balancer.load_balancer_fqdn +output "public_address_fqdn" { + description = "FQDN of the application gateway for GraphDB" + value = module.address.public_ip_address_fqdn } diff --git a/variables.tf b/variables.tf index aef62b1..2d4ff27 100644 --- a/variables.tf +++ b/variables.tf @@ -36,12 +36,34 @@ variable "virtual_network_address_space" { default = ["10.0.0.0/16"] } +variable "app_gateway_subnet_address_prefix" { + description = "Subnet address prefix CIDRs where the application gateway will reside." + type = list(string) + default = ["10.0.1.0/24"] +} + variable "graphdb_subnet_address_prefix" { description = "Subnet address prefix CIDRs where GraphDB VMs will reside." type = list(string) default = ["10.0.2.0/24"] } +# Application Gateway + +variable "gateway_ssl_certificate_path" { + # TODO: Wording + description = "Path to a TLS certificate, imported in Azure Key Vault, which will be used for the TLS listener on the application gateway." + type = string + default = null +} + +variable "gateway_ssl_certificate_password" { + # TODO: Wording + description = "Path to a TLS certificate, imported in Azure Key Vault, which will be used for the TLS listener on the application gateway." + type = string + default = null +} + # GraphDB variable "graphdb_version" { diff --git a/versions.tf b/versions.tf index 8e696ac..75ec34d 100644 --- a/versions.tf +++ b/versions.tf @@ -1,14 +1,11 @@ terraform { - required_version = ">= 1.3.1" + # TODO: Update all verions.tf + required_version = ">= 1.5.0" required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">=3.71.0" - } - azuredevops = { - source = "microsoft/azuredevops" - version = ">= 0.9.0" + version = ">=3.80.0" } random = { source = "hashicorp/random"