diff --git a/.github/workflows/handler-destroy.yml b/.github/workflows/handler-destroy.yml index 9b740f37..77e44a34 100644 --- a/.github/workflows/handler-destroy.yml +++ b/.github/workflows/handler-destroy.yml @@ -9,7 +9,7 @@ jobs: public_active_active: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from Azure Public Active/Active + name: Destroy Public Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'public-active-active' }} with: cloud: Azure @@ -26,7 +26,7 @@ jobs: private_active_active: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from Azure Private Active/Active + name: Destroy Private Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'private-active-active' }} with: cloud: Azure @@ -43,7 +43,7 @@ jobs: private_tcp_active_active: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from Azure Private TCP Active/Active + name: Destroy Private TCP Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'private-tcp-active-active' }} with: cloud: Azure @@ -60,7 +60,7 @@ jobs: standalone_external: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from Azure Standalone External + name: Destroy Standalone External if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'standalone-external' }} with: cloud: Azure @@ -84,7 +84,7 @@ jobs: standalone_mounted_disk: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from Azure Standalone Mounted Disk + name: Destroy Standalone Mounted Disk if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'standalone-mounted-disk' }} with: cloud: Azure @@ -108,11 +108,11 @@ jobs: public_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from Azure Public Active/Active (Replicated) + name: Destroy Public Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'public-active-active-replicated' }} with: cloud: Azure - test_name: Public Active/Active (Replicated) + test_name: Public Active/Active utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-azurerm-terraform-enterprise @@ -126,11 +126,11 @@ jobs: private_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from Azure Private Active/Active (Replicated) + name: Destroy Private Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'private-active-active-replicated' }} with: cloud: Azure - test_name: Private Active/Active (Replicated) + test_name: Private Active/Active utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-azurerm-terraform-enterprise @@ -144,11 +144,11 @@ jobs: private_tcp_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from Azure Private TCP Active/Active (Replicated) + name: Destroy Private TCP Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'private-tcp-active-active-replicated' }} with: cloud: Azure - test_name: Private TCP Active/Active (Replicated) + test_name: Private TCP Active/Active utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-azurerm-terraform-enterprise @@ -162,11 +162,11 @@ jobs: standalone_external_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from Azure Standalone External (Replicated) + name: Destroy Standalone External if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'standalone-external-replicated' }} with: cloud: Azure - test_name: Standalone External (Replicated) + test_name: Standalone External utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-azurerm-terraform-enterprise @@ -186,11 +186,11 @@ jobs: standalone_mounted_disk_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from Azure Standalone Mounted Disk (Replicated) + name: Destroy Standalone Mounted Disk if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'standalone-mounted-disk-replicated' }} with: cloud: Azure - test_name: Standalone Mounted Disk (Replicated) + test_name: Standalone Mounted Disk utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-azurerm-terraform-enterprise diff --git a/.github/workflows/handler-help.yml b/.github/workflows/handler-help.yml index c6783c47..a74aef20 100644 --- a/.github/workflows/handler-help.yml +++ b/.github/workflows/handler-help.yml @@ -24,20 +24,20 @@ jobs: > | /test [destroy=false] | Run the Terraform test workflow on the modules in the tests/ directory. Unnamed arguments can be "all" to run all test cases or specific test case names to only run selected cases. The named argument "destroy=false" will disable the destruction of test infrastructure for debugging purposes. | > | /destroy | Destroy any resources that may still be in Terraform state from previous tests. Unnamed arguments can be "all" to destroy all resources from all test cases or specific test case names to only destroy selected test case resources. | > | /help | Shows this help message | - - ## Test Case Names - - FDO: - * private-active-active - * private-tcp-active-active - * public-active-active - * standalone-external - * standalone-mounted-disk - - Replicated: - * private-active-active-replicated - * private-tcp-active-active-replicated - * public-active-active-replicated - * standalone-external-replicated - * standalone-mounted-disk-replicated + > + > ## Test Case Names + > + > ### FDO + > * private-active-active + > * private-tcp-active-active + > * public-active-active + > * standalone-external + > * standalone-mounted-disk + > + > ### Replicated + > * private-active-active-replicated + > * private-tcp-active-active-replicated + > * public-active-active-replicated + > * standalone-external-replicated + > * standalone-mounted-disk-replicated reaction-type: confused diff --git a/.github/workflows/handler-test.yml b/.github/workflows/handler-test.yml index 5aa4c23b..32a1f025 100644 --- a/.github/workflows/handler-test.yml +++ b/.github/workflows/handler-test.yml @@ -9,10 +9,10 @@ jobs: standalone_external: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/azure-tests.yml@main secrets: inherit - name: Run tf-test on Azure Standalone External + name: Standalone External if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'standalone-external' }} with: - test_name: Standalone External (FDO) + test_name: Standalone External is_replicated_deployment: false module_repository_id: hashicorp/terraform-azurerm-terraform-enterprise work_dir: ./tests/standalone-external @@ -33,10 +33,10 @@ jobs: standalone_mounted_disk: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/azure-tests.yml@main secrets: inherit - name: Run tf-test on Azure Standalone Mounted Disk + name: Standalone Mounted Disk if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'standalone-mounted-disk' }} with: - test_name: Standalone Mounted Disk (FDO) + test_name: Standalone Mounted Disk is_replicated_deployment: false module_repository_id: hashicorp/terraform-azurerm-terraform-enterprise work_dir: ./tests/standalone-mounted-disk @@ -57,10 +57,10 @@ jobs: public_active_active: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/azure-tests.yml@main secrets: inherit - name: Run tf-test on Azure Public Active/Active + name: Public Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'public-active-active' }} with: - test_name: Public Active/Active (FDO) + test_name: Public Active/Active is_replicated_deployment: false module_repository_id: hashicorp/terraform-azurerm-terraform-enterprise work_dir: ./tests/public-active-active @@ -74,10 +74,10 @@ jobs: private_active_active: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/azure-tests.yml@main secrets: inherit - name: Run tf-test on Azure Private Active/Active + name: Private Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'private-active-active' }} with: - test_name: Private Active/Active (FDO) + test_name: Private Active/Active is_replicated_deployment: false module_repository_id: hashicorp/terraform-azurerm-terraform-enterprise work_dir: ./tests/private-active-active @@ -92,10 +92,10 @@ jobs: private_tcp_active_active: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/azure-tests.yml@main secrets: inherit - name: Run tf-test on Azure Private TCP Active/Active + name: Private TCP Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'private-tcp-active-active' }} with: - test_name: Private TCP Active/Active (FDO) + test_name: Private TCP Active/Active is_replicated_deployment: false module_repository_id: hashicorp/terraform-azurerm-terraform-enterprise work_dir: ./tests/private-tcp-active-active @@ -110,7 +110,7 @@ jobs: standalone_external_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/azure-tests.yml@main secrets: inherit - name: Run tf-test on Azure Standalone External (Replicated) + name: Standalone External if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'standalone-external-replicated' }} with: test_name: Standalone External @@ -134,7 +134,7 @@ jobs: standalone_mounted_disk_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/azure-tests.yml@main secrets: inherit - name: Run tf-test on Azure Standalone Mounted Disk (Replicated) + name: Standalone Mounted Disk if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'standalone-mounted-disk-replicated' }} with: test_name: Standalone Mounted Disk @@ -158,7 +158,7 @@ jobs: public_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/azure-tests.yml@main secrets: inherit - name: Run tf-test on Azure Public Active/Active (Replicated) + name: Public Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'public-active-active-replicated' }} with: test_name: Public Active/Active @@ -176,7 +176,7 @@ jobs: private_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/azure-tests.yml@main secrets: inherit - name: Run tf-test on Azure Private Active/Active (Replicated) + name: Private Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'private-active-active-replicated' }} with: test_name: Private Active/Active @@ -195,7 +195,7 @@ jobs: private_tcp_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/azure-tests.yml@main secrets: inherit - name: Run tf-test on Azure Private TCP Active/Active (Replicated) + name: Private TCP Active/Active if: ${{ github.event.client_payload.slash_command.args.unnamed.all == 'all' || github.event.client_payload.slash_command.args.unnamed.all == 'private-tcp-active-active-replicated' }} with: test_name: Private TCP Active/Active diff --git a/README.md b/README.md index 81e6b3c2..e6e0fc46 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ This module is intended to run in an Azure account with minimal preparation, how ### License file -- A Terraform Enterprise license file is required, and it must be provided as a Base64 encoded secret in Azure Key Vault. +- When `var.is_replicated_deployment` is `true`, a Terraform Enterprise license file is required, and it must be provided as a Base64 encoded secret in Azure Key Vault. Otherwise, the `var.hc_license` can be provided as a string for Flexible Deployment Options. ### Azure Resources diff --git a/examples/active-active-proxy/main.tf b/examples/active-active-proxy/main.tf index fa7f39ea..47df1c7e 100644 --- a/examples/active-active-proxy/main.tf +++ b/examples/active-active-proxy/main.tf @@ -80,7 +80,7 @@ module "active_active" { # Private Active / Active Scenario create_bastion = false distribution = "rhel" - production_type = "external" + operational_mode = "external" load_balancer_public = false load_balancer_type = "load_balancer" redis_rdb_backup_enabled = true @@ -91,4 +91,4 @@ module "active_active" { vm_node_count = 2 vm_sku = "Standard_D32a_v4" tags = var.tags -} \ No newline at end of file +} diff --git a/examples/existing-network/main.tf b/examples/existing-network/main.tf index 9a5d2081..300dec45 100644 --- a/examples/existing-network/main.tf +++ b/examples/existing-network/main.tf @@ -49,7 +49,7 @@ module "existing_network" { # Public Active / Active Scenario distribution = "ubuntu" - production_type = "external" + operational_mode = "external" iact_subnet_list = var.iact_subnet_list vm_node_count = 2 vm_sku = "Standard_D4_v3" diff --git a/examples/standalone_airgap/main.tf b/examples/standalone_airgap/main.tf index 2a2adf00..25505a4b 100644 --- a/examples/standalone_airgap/main.tf +++ b/examples/standalone_airgap/main.tf @@ -28,7 +28,7 @@ module "standalone_airgap" { # Standalone, External Mode, Airgapped Installation Example distribution = "ubuntu" iact_subnet_list = var.iact_subnet_list - production_type = "external" + operational_mode = "external" load_balancer_public = true load_balancer_type = "load_balancer" vm_node_count = 1 diff --git a/examples/standalone_airgap_dev/main.tf b/examples/standalone_airgap_dev/main.tf index e7898d4d..841951f4 100644 --- a/examples/standalone_airgap_dev/main.tf +++ b/examples/standalone_airgap_dev/main.tf @@ -44,7 +44,7 @@ module "standalone_airgap_dev" { # Standalone External Scenario distribution = "ubuntu" - production_type = "external" + operational_mode = "external" iact_subnet_list = var.iact_subnet_list vm_node_count = 1 vm_sku = "Standard_D4_v3" diff --git a/examples/standalone_mounted_disk/main.tf b/examples/standalone_mounted_disk/main.tf index a9aaedad..3357ead5 100644 --- a/examples/standalone_mounted_disk/main.tf +++ b/examples/standalone_mounted_disk/main.tf @@ -46,7 +46,7 @@ module "standalone_mounted_disk" { iact_subnet_list = var.iact_subnet_list load_balancer_public = true load_balancer_type = "application_gateway" - production_type = "disk" + operational_mode = "disk" vm_node_count = 1 vm_sku = "Standard_D4_v3" vm_image_id = "ubuntu" diff --git a/locals.tf b/locals.tf index d99b91e0..f8101617 100644 --- a/locals.tf +++ b/locals.tf @@ -6,9 +6,7 @@ locals { # TFE Architecture # ---------------- - # Determine whether or not TFE in active-active mode based on node count, by default standalone is assumed - active_active = var.vm_node_count >= 2 ? true : false - disk_mode = var.production_type == "disk" ? true : false + disk_mode = var.operational_mode == "disk" # Network # ------- @@ -48,6 +46,17 @@ locals { # User Data # --------- + no_proxy = concat([ + "127.0.0.1", + "localhost", + "169.254.169.254", + ".azure.com", + ".windows.net", + ".microsoft.com", + module.load_balancer.fqdn, + var.network_cidr, + ], var.no_proxy) + trusted_proxies = concat( var.trusted_proxies, [var.network_frontend_subnet_cidr] diff --git a/main.tf b/main.tf index 5a80de8f..fb72d643 100644 --- a/main.tf +++ b/main.tf @@ -59,7 +59,7 @@ module "network" { resource_group_name = module.resource_groups.resource_group_name location = var.location - active_active = local.active_active + active_active = var.operational_mode == "active-active" enable_ssh = var.enable_ssh is_replicated_deployment = var.is_replicated_deployment @@ -85,7 +85,7 @@ module "network" { # ----------------------------------------------------------------------------- module "redis" { source = "./modules/redis" - count = local.active_active == true ? 1 : 0 + count = var.operational_mode == "active-active" ? 1 : 0 resource_group_name = module.resource_groups.resource_group_name location = var.location @@ -143,8 +143,8 @@ module "tfe_init_fdo" { cloud = "azurerm" distribution = var.distribution disk_path = var.disk_path - disk_device_name = var.production_type == "disk" ? "disk/azure/scsi1/lun${var.vm_data_disk_lun}" : null - operational_mode = var.production_type + disk_device_name = var.operational_mode == "disk" ? "disk/azure/scsi1/lun${var.vm_data_disk_lun}" : null + operational_mode = var.operational_mode custom_image_tag = var.custom_image_tag enable_monitoring = var.enable_monitoring @@ -164,34 +164,44 @@ module "tfe_init_fdo" { var.network_cidr ] - registry_username = var.registry_username - registry_password = var.registry_password - docker_compose_yaml = module.docker_compose_config[0].docker_compose_yaml + registry = var.registry + registry_password = var.registry == "images.releases.hashicorp.com" ? var.hc_license : var.registry_password + registry_username = var.registry_username + + container_runtime_engine = var.container_runtime_engine + tfe_image = var.tfe_image + podman_kube_yaml = module.runtime_container_engine_config[0].podman_kube_yaml + docker_compose_yaml = module.runtime_container_engine_config[0].docker_compose_yaml } # ------------------------------------------------------------------------------------ # Docker Compose File Config for TFE on instance(s) using Flexible Deployment Options # ------------------------------------------------------------------------------------ -module "docker_compose_config" { - source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/docker_compose_config?ref=main" +module "runtime_container_engine_config" { + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/runtime_container_engine_config?ref=main" count = var.is_replicated_deployment ? 0 : 1 - hostname = module.load_balancer.fqdn - tfe_license = var.hc_license - license_reporting_opt_out = var.license_reporting_opt_out - cert_file = "/etc/ssl/private/terraform-enterprise/cert.pem" - key_file = "/etc/ssl/private/terraform-enterprise/key.pem" - operational_mode = local.active_active ? "active-active" : var.production_type - tfe_image = var.tfe_image - tls_ca_bundle_file = var.tls_ca_bundle_file - tls_ciphers = var.tls_ciphers - tls_version = var.tls_version - run_pipeline_image = var.run_pipeline_image - capacity_concurrency = var.capacity_concurrency - capacity_cpu = var.capacity_cpu - capacity_memory = var.capacity_memory - iact_subnets = join(",", var.iact_subnet_list) - iact_time_limit = var.iact_subnet_time_limit + license_reporting_opt_out = var.license_reporting_opt_out + hostname = module.load_balancer.fqdn + capacity_concurrency = var.capacity_concurrency + capacity_cpu = var.capacity_cpu + capacity_memory = var.capacity_memory + disk_path = local.disk_mode ? var.disk_path : null + iact_subnets = join(",", var.iact_subnet_list) + iact_time_limit = var.iact_subnet_time_limit + operational_mode = var.operational_mode + run_pipeline_image = var.run_pipeline_image + tfe_image = var.tfe_image + tfe_license = var.hc_license + tls_ciphers = var.tls_ciphers + tls_version = var.tls_version + metrics_endpoint_enabled = var.metrics_endpoint_enabled + metrics_endpoint_port_http = var.metrics_endpoint_port_http + metrics_endpoint_port_https = var.metrics_endpoint_port_https + + cert_file = "/etc/ssl/private/terraform-enterprise/cert.pem" + key_file = "/etc/ssl/private/terraform-enterprise/key.pem" + tls_ca_bundle_file = var.ca_certificate_secret != null ? "/etc/ssl/private/terraform-enterprise/bundle.pem" : null database_user = local.database.server.administrator_login database_password = local.database.server.administrator_password @@ -205,17 +215,25 @@ module "docker_compose_config" { azure_account_name = local.object_storage.storage_account_name azure_container = local.object_storage.storage_account_container_name + http_port = var.http_port + https_port = var.https_port + http_proxy = var.proxy_ip != null ? "${var.proxy_ip}:${var.proxy_port}" : null + https_proxy = var.proxy_ip != null ? "${var.proxy_ip}:${var.proxy_port}" : null + no_proxy = local.no_proxy + trusted_proxies = local.trusted_proxies + redis_host = local.redis.hostname redis_user = "" redis_password = local.redis.primary_access_key redis_use_tls = local.redis.hostname == null ? null : var.redis_use_tls redis_use_auth = local.redis.hostname == null ? null : var.redis_use_password_auth - vault_address = var.extern_vault_addr - vault_namespace = var.extern_vault_namespace - vault_path = var.extern_vault_path - vault_role_id = var.extern_vault_role_id - vault_secret_id = var.extern_vault_secret_id + vault_address = var.extern_vault_addr + vault_namespace = var.extern_vault_namespace + vault_path = var.extern_vault_path + vault_role_id = var.extern_vault_role_id + vault_secret_id = var.extern_vault_secret_id + vault_token_renew = var.extern_vault_token_renew } # ------------------------------------------------------------------------------------------------ @@ -226,30 +244,20 @@ module "settings" { count = var.is_replicated_deployment ? 1 : 0 # TFE Base Configuration - consolidated_services_enabled = var.consolidated_services_enabled - custom_image_tag = var.custom_image_tag - custom_agent_image_tag = var.custom_agent_image_tag - disk_path = var.disk_path - hairpin_addressing = var.hairpin_addressing - iact_subnet_list = var.iact_subnet_list - pg_extra_params = var.pg_extra_params - production_type = var.production_type - release_sequence = var.release_sequence - trusted_proxies = local.trusted_proxies - - extra_no_proxy = [ - "127.0.0.1", - "169.254.169.254", - ".azure.com", - ".windows.net", - ".microsoft.com", - module.load_balancer.fqdn, - var.network_cidr - ] + custom_image_tag = var.custom_image_tag + custom_agent_image_tag = var.custom_agent_image_tag + disk_path = var.disk_path + hairpin_addressing = var.hairpin_addressing + iact_subnet_list = var.iact_subnet_list + pg_extra_params = var.pg_extra_params + production_type = var.operational_mode + release_sequence = var.release_sequence + trusted_proxies = local.trusted_proxies + + extra_no_proxy = local.no_proxy # Replicated Base Configuration hostname = module.load_balancer.fqdn - enable_active_active = local.active_active tfe_license_bootstrap_airgap_package_path = var.tfe_license_bootstrap_airgap_package_path tfe_license_file_location = var.tfe_license_file_location tls_bootstrap_cert_pathname = var.tls_bootstrap_cert_pathname @@ -290,7 +298,7 @@ module "tfe_init_replicated" { cloud = "azurerm" distribution = var.distribution disk_path = var.disk_path - disk_device_name = var.production_type == "disk" ? "disk/azure/scsi1/lun${var.vm_data_disk_lun}" : null + disk_device_name = var.operational_mode == "disk" ? "disk/azure/scsi1/lun${var.vm_data_disk_lun}" : null tfe_configuration = module.settings[0].tfe_configuration replicated_configuration = module.settings[0].replicated_configuration airgap_url = var.airgap_url @@ -334,7 +342,7 @@ module "load_balancer" { zones = var.zones # General - active_active = local.active_active + active_active = var.operational_mode == "active-active" domain_name = var.domain_name is_replicated_deployment = var.is_replicated_deployment tfe_subdomain = var.tfe_subdomain diff --git a/modules/database/main.tf b/modules/database/main.tf index 9be58baf..f3439f5e 100644 --- a/modules/database/main.tf +++ b/modules/database/main.tf @@ -4,7 +4,7 @@ resource "random_string" "tfe_pg_password" { length = 24 special = true - override_special = "?!%&*" + override_special = "!#$%&*()-_=+[]{}<>?" } resource "azurerm_postgresql_flexible_server" "tfe" { diff --git a/modules/vm/main.tf b/modules/vm/main.tf index 04672a31..3a2710fa 100644 --- a/modules/vm/main.tf +++ b/modules/vm/main.tf @@ -155,3 +155,8 @@ resource "azurerm_virtual_machine_scale_set_extension" "main" { "requestPath" : "/_health_check" }) } + +data "azurerm_virtual_machine_scale_set" "tfe_vmss" { + name = azurerm_linux_virtual_machine_scale_set.tfe_vmss.name + resource_group_name = var.resource_group_name +} diff --git a/modules/vm/outputs.tf b/modules/vm/outputs.tf index 48753c8f..4de9d821 100644 --- a/modules/vm/outputs.tf +++ b/modules/vm/outputs.tf @@ -1,3 +1,12 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 +output "vmss_name" { + value = azurerm_linux_virtual_machine_scale_set.tfe_vmss.name + description = "The name of the virtual machine scale set" +} + +output "vmss_instance_ids" { + value = toset([for i in data.azurerm_virtual_machine_scale_set.tfe_vmss.instances[*] : i.instance_id]) + description = "A list of the virual machine scale set VMs ids" +} diff --git a/outputs.tf b/outputs.tf index 6427c4f8..5f06de5f 100644 --- a/outputs.tf +++ b/outputs.tf @@ -92,17 +92,17 @@ output "tfe_console_password" { # Redis # ----- output "redis_hostname" { - value = local.active_active == true ? module.redis[0].redis_cache.hostname : null + value = var.operational_mode == "active-active" ? module.redis[0].redis_cache.hostname : null description = "The Hostname of the Redis Instance" } output "redis_ssl_port" { - value = local.active_active == true ? module.redis[0].redis_cache.ssl_port : null + value = var.operational_mode == "active-active" ? module.redis[0].redis_cache.ssl_port : null description = "The SSL Port of the Redis Instance" } output "redis_pass" { - value = local.active_active == true ? module.redis[0].redis_cache.primary_access_key : null + value = var.operational_mode == "active-active" ? module.redis[0].redis_cache.primary_access_key : null description = "The Primary Access Key for the Redis Instance" } @@ -124,3 +124,13 @@ output "instance_user_name" { value = var.vm_user description = "The admin user on the TFE instance(s)" } + +output "vmss_name" { + value = module.vm.vmss_name + description = "The name of the virtual machine scale set" +} + +output "vmss_instance_ids" { + value = module.vm.vmss_instance_ids + description = "A list of the virual machine scale set VMs ids" +} diff --git a/tests/private-active-active/locals.tf b/tests/private-active-active/locals.tf index 1e42bed8..3fd0dd2a 100644 --- a/tests/private-active-active/locals.tf +++ b/tests/private-active-active/locals.tf @@ -3,17 +3,17 @@ locals { common_tags = { - Terraform = "cloud" Environment = "${local.friendly_name_prefix}-test-private-active-active" Description = "Private Active/Active" Repository = "hashicorp/terraform-azurerm-terraform-enterprise" - Team = "Terraform Enterprise on Prem" + Team = "Terraform Enterprise" OkToDelete = "True" } friendly_name_prefix = random_string.friendly_name.id - resource_group_name = module.private_active_active.resource_group_name + network_proxy_subnet_cidr = "10.0.80.0/20" proxy_user = "proxyuser" proxy_port = "3128" - network_proxy_subnet_cidr = "10.0.80.0/20" + registry = "quay.io" + resource_group_name = module.private_active_active.resource_group_name } diff --git a/tests/private-active-active/main.tf b/tests/private-active-active/main.tf index 5fc63a47..95e0c14e 100644 --- a/tests/private-active-active/main.tf +++ b/tests/private-active-active/main.tf @@ -63,11 +63,7 @@ module "private_active_active" { proxy_port = local.proxy_port # Private Active / Active Scenario - consolidated_services_enabled = var.consolidated_services_enabled distribution = "rhel" - vm_node_count = 2 - vm_sku = "Standard_D16as_v4" - vm_image_id = "rhel" load_balancer_public = false load_balancer_type = "application_gateway" load_balancer_sku_name = "WAF_v2" @@ -75,7 +71,10 @@ module "private_active_active" { load_balancer_waf_rule_set_version = var.is_replicated_deployment ? "3.1" : "3.2" redis_use_password_auth = true redis_use_tls = false - production_type = "external" + operational_mode = "external" + vm_image_id = "rhel" + vm_node_count = 2 + vm_sku = "Standard_D16as_v4" create_bastion = false tags = local.common_tags @@ -83,8 +82,11 @@ module "private_active_active" { # FDO Specific Values is_replicated_deployment = var.is_replicated_deployment hc_license = var.hc_license + http_port = 8080 + https_port = 8443 license_reporting_opt_out = true + registry = local.registry registry_password = var.registry_password registry_username = var.registry_username - tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" + tfe_image = "${local.registry}/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } diff --git a/tests/private-active-active/variables.tf b/tests/private-active-active/variables.tf index 26f40de1..65867c36 100644 --- a/tests/private-active-active/variables.tf +++ b/tests/private-active-active/variables.tf @@ -6,12 +6,6 @@ variable "bastion_public_ssh_key_secret_name" { description = "The name of the public SSH key secret for the bastion." } -variable "consolidated_services_enabled" { - default = true - type = bool - description = "(Required) True if TFE uses consolidated services." -} - variable "domain_name" { type = string description = "Domain to create Terraform Enterprise subdomain within" @@ -55,16 +49,16 @@ variable "proxy_public_ssh_key_secret_name" { description = "The name of the public SSH key secret for the proxy." } -variable "registry_username" { +variable "registry_password" { default = null type = string - description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } -variable "registry_password" { +variable "registry_username" { default = null type = string - description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "resource_group_name_dns" { diff --git a/tests/private-tcp-active-active/locals.tf b/tests/private-tcp-active-active/locals.tf index 6e0c36bd..1fac9c2f 100644 --- a/tests/private-tcp-active-active/locals.tf +++ b/tests/private-tcp-active-active/locals.tf @@ -3,17 +3,17 @@ locals { common_tags = { - Terraform = "cloud" Environment = "${local.friendly_name_prefix}-test-private-tcp-active-active" Description = "Private TCP Active/Active" Repository = "hashicorp/terraform-azurerm-terraform-enterprise" - Team = "Terraform Enterprise on Prem" + Team = "Terraform Enterprise" OkToDelete = "True" } friendly_name_prefix = random_string.friendly_name.id - resource_group_name = module.private_tcp_active_active.resource_group_name + network_proxy_subnet_cidr = "10.0.80.0/20" proxy_user = "proxyuser" proxy_port = "3128" - network_proxy_subnet_cidr = "10.0.80.0/20" + registry = "quay.io" + resource_group_name = module.private_tcp_active_active.resource_group_name } diff --git a/tests/private-tcp-active-active/main.tf b/tests/private-tcp-active-active/main.tf index 59666c92..8e509cb2 100644 --- a/tests/private-tcp-active-active/main.tf +++ b/tests/private-tcp-active-active/main.tf @@ -65,18 +65,17 @@ module "private_tcp_active_active" { proxy_port = local.proxy_port # Private Active / Active Scenario - consolidated_services_enabled = var.consolidated_services_enabled - distribution = "rhel" - vm_node_count = 2 - vm_sku = "Standard_D32a_v4" - vm_image_id = "rhel" - load_balancer_public = false - load_balancer_type = "load_balancer" - redis_use_password_auth = true - redis_use_tls = true - redis_rdb_backup_enabled = true - redis_rdb_backup_frequency = 60 - production_type = "external" + distribution = "rhel" + load_balancer_public = false + load_balancer_type = "load_balancer" + redis_use_password_auth = true + redis_use_tls = true + redis_rdb_backup_enabled = true + redis_rdb_backup_frequency = 60 + operational_mode = "external" + vm_node_count = 2 + vm_sku = "Standard_D32a_v4" + vm_image_id = "rhel" create_bastion = false tags = local.common_tags @@ -84,8 +83,11 @@ module "private_tcp_active_active" { # FDO Specific Values is_replicated_deployment = var.is_replicated_deployment hc_license = var.hc_license + http_port = 8080 + https_port = 8443 license_reporting_opt_out = true + registry = local.registry registry_password = var.registry_password registry_username = var.registry_username - tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" + tfe_image = "${local.registry}/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } diff --git a/tests/private-tcp-active-active/variables.tf b/tests/private-tcp-active-active/variables.tf index e1bad9f7..4f2acc57 100644 --- a/tests/private-tcp-active-active/variables.tf +++ b/tests/private-tcp-active-active/variables.tf @@ -16,12 +16,6 @@ variable "ca_key_secret_name" { description = "The name of a Key Vault secret which contains the Base64 encoded version of a PEM encoded private key of a certificate authority (CA)." } -variable "consolidated_services_enabled" { - default = true - type = bool - description = "(Required) True if TFE uses consolidated services." -} - variable "domain_name" { type = string description = "Domain to create Terraform Enterprise subdomain within" @@ -60,16 +54,16 @@ variable "proxy_public_ssh_key_secret_name" { description = "The name of the public SSH key secret for the proxy." } -variable "registry_username" { +variable "registry_password" { default = null type = string - description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } -variable "registry_password" { +variable "registry_username" { default = null type = string - description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "resource_group_name_dns" { diff --git a/tests/public-active-active/locals.tf b/tests/public-active-active/locals.tf index 85774e6e..adf37d27 100644 --- a/tests/public-active-active/locals.tf +++ b/tests/public-active-active/locals.tf @@ -3,13 +3,13 @@ locals { common_tags = { - Terraform = "cloud" Environment = "${local.friendly_name_prefix}-test-public-active-active" Description = "Public Active/Active" Repository = "hashicorp/terraform-azurerm-terraform-enterprise" - Team = "Terraform Enterprise on Prem" + Team = "Terraform Enterprise" OkToDelete = "True" } friendly_name_prefix = random_string.friendly_name.id + registry = "quay.io" } diff --git a/tests/public-active-active/main.tf b/tests/public-active-active/main.tf index db83cac4..69f3c2a6 100644 --- a/tests/public-active-active/main.tf +++ b/tests/public-active-active/main.tf @@ -25,26 +25,27 @@ module "public_active_active" { tls_bootstrap_key_pathname = "/var/lib/terraform-enterprise/key.pem" # Public Active / Active Scenario - consolidated_services_enabled = var.consolidated_services_enabled - distribution = "ubuntu" - production_type = "external" - iact_subnet_list = var.iact_subnet_list - vm_node_count = 2 - vm_sku = "Standard_D4_v3" - vm_image_id = "ubuntu" - load_balancer_public = true - load_balancer_type = "application_gateway" - redis_use_password_auth = false - redis_use_tls = false + distribution = "ubuntu" + iact_subnet_list = var.iact_subnet_list + load_balancer_public = true + load_balancer_type = "application_gateway" + operational_mode = "external" + redis_use_password_auth = false + redis_use_tls = false + vm_node_count = 2 + vm_sku = "Standard_D4_v3" + vm_image_id = "ubuntu" tags = local.common_tags # FDO Specific Values is_replicated_deployment = var.is_replicated_deployment hc_license = var.hc_license + http_port = 8080 + https_port = 8443 license_reporting_opt_out = true + registry = local.registry registry_password = var.registry_password registry_username = var.registry_username - tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" + tfe_image = "${local.registry}/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } - diff --git a/tests/public-active-active/variables.tf b/tests/public-active-active/variables.tf index f02eba2e..112709ea 100644 --- a/tests/public-active-active/variables.tf +++ b/tests/public-active-active/variables.tf @@ -1,12 +1,6 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 -variable "consolidated_services_enabled" { - default = true - type = bool - description = "(Required) True if TFE uses consolidated services." -} - variable "domain_name" { type = string description = "Domain to create Terraform Enterprise subdomain within" @@ -45,16 +39,16 @@ variable "key_vault_id" { description = "The identity of the Key Vault which contains secrets and certificates." } -variable "registry_username" { +variable "registry_password" { default = null type = string - description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } -variable "registry_password" { +variable "registry_username" { default = null type = string - description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "resource_group_name_dns" { diff --git a/tests/standalone-external/locals.tf b/tests/standalone-external/locals.tf index f67977c5..7a92e3ad 100644 --- a/tests/standalone-external/locals.tf +++ b/tests/standalone-external/locals.tf @@ -3,14 +3,14 @@ locals { common_tags = { - Terraform = "False" Environment = "${local.friendly_name_prefix}-test-standalone-external" - Description = "Standalone, External Services scenario deployed from CircleCI" + Description = "Standalone, External Services scenario" Repository = "hashicorp/terraform-azurerm-terraform-enterprise" - Team = "Terraform Enterprise on Prem" + Team = "Terraform Enterprise" OkToDelete = "True" } - utility_module_test = var.license_file == null friendly_name_prefix = random_string.friendly_name.id + registry = "quay.io" + utility_module_test = var.license_file == null } diff --git a/tests/standalone-external/main.tf b/tests/standalone-external/main.tf index ed0b561f..09c352b2 100644 --- a/tests/standalone-external/main.tf +++ b/tests/standalone-external/main.tf @@ -38,16 +38,15 @@ module "standalone_external" { custom_agent_image_tag = "hashicorp/tfc-agent:latest" # Standalone External Scenario - consolidated_services_enabled = var.consolidated_services_enabled - distribution = "ubuntu" - database_version = var.database_version - production_type = "external" - iact_subnet_list = ["0.0.0.0/0"] - vm_node_count = 1 - vm_sku = "Standard_D4_v3" - vm_image_id = "ubuntu" - load_balancer_public = true - load_balancer_type = "load_balancer" + distribution = "ubuntu" + database_version = var.database_version + iact_subnet_list = ["0.0.0.0/0"] + load_balancer_public = true + load_balancer_type = "load_balancer" + operational_mode = "external" + vm_node_count = 1 + vm_sku = "Standard_D4_v3" + vm_image_id = "ubuntu" enable_ssh = true create_bastion = false @@ -56,8 +55,11 @@ module "standalone_external" { # FDO Specific Values is_replicated_deployment = var.is_replicated_deployment hc_license = var.hc_license + http_port = 8080 + https_port = 8443 license_reporting_opt_out = true + registry = local.registry registry_password = var.registry_password registry_username = var.registry_username - tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" + tfe_image = "${local.registry}/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } diff --git a/tests/standalone-external/outputs.tf b/tests/standalone-external/outputs.tf index c43b242a..e31df0a6 100644 --- a/tests/standalone-external/outputs.tf +++ b/tests/standalone-external/outputs.tf @@ -7,7 +7,7 @@ output "replicated_console_password" { } output "replicated_console_url" { - value = "${module.standalone_external.tfe_application_url}:8800" + value = module.standalone_external.tfe_console_url description = "Terraform Enterprise Console URL" } diff --git a/tests/standalone-external/variables.tf b/tests/standalone-external/variables.tf index 6b10eff8..9912ca5a 100644 --- a/tests/standalone-external/variables.tf +++ b/tests/standalone-external/variables.tf @@ -7,12 +7,6 @@ variable "bypass_preflight_checks" { description = "Allow the TFE application to start without preflight checks." } -variable "consolidated_services_enabled" { - default = true - type = bool - description = "(Required) True if TFE uses consolidated services." -} - variable "database_version" { default = 12 type = number @@ -48,16 +42,16 @@ variable "license_file" { description = "The local path to the Terraform Enterprise license to be provided by CI." } -variable "registry_username" { +variable "registry_password" { default = null type = string - description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } -variable "registry_password" { +variable "registry_username" { default = null type = string - description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "resource_group_name_dns" { diff --git a/tests/standalone-mounted-disk/locals.tf b/tests/standalone-mounted-disk/locals.tf index de23af0e..d6e7db6f 100644 --- a/tests/standalone-mounted-disk/locals.tf +++ b/tests/standalone-mounted-disk/locals.tf @@ -3,11 +3,10 @@ locals { common_tags = { - Terraform = "False" Environment = "${local.friendly_name_prefix}-test-standalone-mounted-disk" - Description = "Standalone, Mounted Disk scenario deployed from CircleCI" + Description = "Standalone, Mounted Disk scenario" Repository = "hashicorp/terraform-azurerm-terraform-enterprise" - Team = "Terraform Enterprise on Prem" + Team = "Terraform Enterprise" OkToDelete = "True" } vm_image_id = ( @@ -40,6 +39,8 @@ locals { var.vm_image_sku != null && var.vm_image_version != null ) ? var.vm_image_version : null - utility_module_test = var.license_file == null + friendly_name_prefix = random_string.friendly_name.id + registry = "quay.io" + utility_module_test = var.license_file == null } diff --git a/tests/standalone-mounted-disk/main.tf b/tests/standalone-mounted-disk/main.tf index 4fcc1a31..ad1c84e0 100644 --- a/tests/standalone-mounted-disk/main.tf +++ b/tests/standalone-mounted-disk/main.tf @@ -38,19 +38,18 @@ module "standalone_mounted_disk" { bypass_preflight_checks = var.bypass_preflight_checks # Standalone Mounted Disk Mode Scenario - consolidated_services_enabled = var.consolidated_services_enabled - distribution = var.distribution - production_type = "disk" - disk_path = "/opt/hashicorp/data" - vm_node_count = 1 - vm_sku = "Standard_D4_v3" - vm_image_id = local.vm_image_id - vm_image_publisher = local.vm_image_publisher - vm_image_offer = local.vm_image_offer - vm_image_sku = local.vm_image_sku - vm_image_version = local.vm_image_version - load_balancer_public = true - load_balancer_type = "load_balancer" + distribution = var.distribution + operational_mode = "disk" + disk_path = "/opt/hashicorp/data" + load_balancer_public = true + load_balancer_type = "load_balancer" + vm_image_id = local.vm_image_id + vm_image_publisher = local.vm_image_publisher + vm_image_offer = local.vm_image_offer + vm_image_sku = local.vm_image_sku + vm_image_version = local.vm_image_version + vm_node_count = 1 + vm_sku = "Standard_D4_v3" # VM Data Disk vm_data_disk_caching = "ReadWrite" @@ -66,8 +65,11 @@ module "standalone_mounted_disk" { # FDO Specific Values is_replicated_deployment = var.is_replicated_deployment hc_license = var.hc_license + http_port = 8080 + https_port = 8443 license_reporting_opt_out = true + registry = local.registry registry_password = var.registry_password registry_username = var.registry_username - tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" + tfe_image = "${local.registry}/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } diff --git a/tests/standalone-mounted-disk/outputs.tf b/tests/standalone-mounted-disk/outputs.tf index 7374b979..359a15fe 100644 --- a/tests/standalone-mounted-disk/outputs.tf +++ b/tests/standalone-mounted-disk/outputs.tf @@ -7,7 +7,7 @@ output "replicated_console_password" { } output "replicated_console_url" { - value = "${module.standalone_mounted_disk.tfe_application_url}:8800" + value = module.standalone_mounted_disk.tfe_console_url description = "Terraform Enterprise Console URL" } diff --git a/tests/standalone-mounted-disk/variables.tf b/tests/standalone-mounted-disk/variables.tf index f9321cba..b160a658 100644 --- a/tests/standalone-mounted-disk/variables.tf +++ b/tests/standalone-mounted-disk/variables.tf @@ -8,12 +8,6 @@ variable "bypass_preflight_checks" { description = "Allow the TFE application to start without preflight checks." } -variable "consolidated_services_enabled" { - default = true - type = bool - description = "(Required) True if TFE uses consolidated services." -} - variable "distribution" { type = string description = "(Required) What is the OS distribution of the instance on which Terraoform Enterprise will be deployed?" @@ -53,16 +47,16 @@ variable "license_file" { description = "The local path to the Terraform Enterprise license to be provided by CI." } -variable "registry_username" { +variable "registry_password" { default = null type = string - description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } -variable "registry_password" { +variable "registry_username" { default = null type = string - description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "resource_group_name_dns" { diff --git a/variables.tf b/variables.tf index 914d63f2..8d54de66 100644 --- a/variables.tf +++ b/variables.tf @@ -14,6 +14,16 @@ variable "friendly_name_prefix" { description = "(Required) Name prefix used for resources" } +variable "container_runtime_engine" { + default = "docker" + type = string + description = "The container runtime engine to run the FDO container on. Default is docker." + validation { + condition = contains(["docker", "podman"], var.container_runtime_engine) + error_message = "Supported values for container_runtime_enginer are docker and podman." + } +} + variable "distribution" { type = string description = "(Required) What is the OS distribution of the instance on which Terraoform Enterprise will be deployed?" @@ -36,9 +46,9 @@ variable "tfe_subdomain" { } variable "tfe_image" { - default = "quay.io/hashicorp/terraform-enterprise:latest" + default = "images.releases.hashicorp.com/hashicorp/terraform-enterprise:v202311-1" type = string - description = "(Not needed if is_replicated_deployment is true) The registry path, image name, and image version (e.g. \"quay.io/hashicorp/terraform-enterprise:1234567\")" + description = "(Not needed if is_replicated_deployment is true) The registry path, image name, and image version" } # DNS @@ -87,6 +97,12 @@ variable "extern_vault_secret_id" { description = "(Required if var.extern_vault_enable = true) AppRole SecretId to use to authenticate with the Vault cluster." } +variable "extern_vault_token_renew" { + default = 3600 + type = number + description = "(Optional if var.extern_vault_enable = true) How often (in seconds) to renew the Vault token. Defaults to 3600." +} + # Provider # -------- variable "location" { @@ -544,6 +560,18 @@ variable "redis_minimum_tls_version" { # VM # -- +variable "http_port" { + default = 80 + type = number + description = "(Optional if is_replicated_deployment is false) Port application listens on for HTTP. Default is 80." +} + +variable "https_port" { + default = 443 + type = number + description = "(Optional if is_replicated_deployment is false) Port application listens on for HTTPS. Default is 443." +} + variable "vm_node_count" { default = 2 type = number @@ -799,12 +827,6 @@ variable "capacity_memory" { description = "The maximum amount of memory (in megabytes) that a Terraform plan or apply can use on the system; defaults to `512` for replicated mode and `2048` for FDO." } -variable "consolidated_services_enabled" { - default = true - type = bool - description = "(Required if var.is_replicated_deployment is true) True if TFE uses consolidated services." -} - variable "custom_agent_image_tag" { default = null type = string @@ -829,16 +851,22 @@ variable "hairpin_addressing" { description = "In some cloud environments, HTTP clients running on instances behind a loadbalancer cannot send requests to the public hostname of that load balancer. Use this setting to configure TFE services to redirect requests for the installation's FQDN to the instance's internal IP address. Defaults to false." } -variable "registry_username" { - default = null +variable "registry" { + default = "images.releases.hashicorp.com" type = string - description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The docker registry from which to source the terraform_enterprise container images." } variable "registry_password" { default = null type = string - description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true or if registry is 'images.releases.hashicorp.com') The password for the docker registry from which to source the terraform_enterprise container images." +} + +variable "registry_username" { + default = "terraform" + type = string + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "run_pipeline_image" { @@ -865,12 +893,6 @@ variable "tls_bootstrap_key_pathname" { description = "The path on the TFE instance to put the key. ex. '/var/lib/terraform-enterprise/key.pem'" } -variable "tls_ca_bundle_file" { - default = null - type = string - description = "(Not needed if is_replicated_deployment is true) Path to a file containing TLS CA certificates to be added to the OS CA certificates bundle. Leave blank to not add CA certificates to the OS CA certificates bundle. Defaults to ''." -} - variable "tls_ciphers" { default = null type = string @@ -891,19 +913,15 @@ variable "tls_version" { } } -variable "production_type" { - default = null +variable "operational_mode" { + default = "disk" type = string - description = "Where Terraform Enterprise application data will be stored. Valid values are `external`, `disk`, or `null`. Choose `external` when storing application data in an external object storage service and database. Choose `disk` when storing application data in a directory on the Terraform Enterprise instance itself. Leave it `null` when you want Terraform Enterprise to use its own default." + description = "Where Terraform Enterprise application data will be stored. Valid values are `external`, `disk`, `active-active` or `null`. Choose `external` when storing application data in an external object storage service and database. Choose `disk` when storing application data in a directory on the Terraform Enterprise instance itself. Chose `active-active` when deploying more than 1 node. Leave it `null` when you want Terraform Enterprise to use its own default." validation { - condition = ( - var.production_type == "external" || - var.production_type == "disk" || - var.production_type == null - ) + condition = contains(["external", "disk", "active-active"], var.operational_mode) - error_message = "The production_type must be 'external', 'disk', or omitted." + error_message = "The operational_mode must be 'external', 'disk', `active-active` or omitted." } } @@ -932,7 +950,7 @@ variable "iact_subnet_time_limit" { } variable "metrics_endpoint_enabled" { - default = null + default = false type = bool description = "(Optional) Metrics are used to understand the behavior of Terraform Enterprise and to troubleshoot and tune performance. Enable an endpoint to expose container metrics. Defaults to false." } @@ -1004,6 +1022,12 @@ variable "vm_key_secret" { # Proxy # ----- +variable "no_proxy" { + type = list(string) + description = "(Optional) List of IP addresses to not proxy" + default = [] +} + variable "proxy_ip" { default = null type = string