pgouband
commented
11 months ago Hi,
Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1361.
Closed minsis closed 10 months ago
pgouband
commented
11 months ago Hi,
Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1361.
pgouband
commented
11 months ago Hi @minsis,
Resource group needs to be created before, it's a requirement for the module used.
Have you tried the following example? https://github.com/F5Networks/terraform-azure-bigip-module/blob/main/examples/bigip_azure_1nic_deploy/main.tf
minsis
commented
11 months ago As you said, the resource group has to be created. So the examples don’t work.
The module doesn’t work unless the resource group is created which prevents you from being able to build an entire resource group with everything in it as a single project. Meaning in order to utilize this you would need to create two separate projects to be able to build out your stuff.
You probably don’t need the requirement but instead just ask for the resource group name and location. That way you won’t need to do a data lookup but instead rely on terraform’s planning to deal with it.
RavinderReddyF5
commented
11 months ago Hi @minsis, In example provided we are creating Resource Group(https://github.com/F5Networks/terraform-azure-bigip-module/blob/main/examples/bigip_azure_1nic_deploy/main.tf#L14-L19) and referencing it to module as here (https://github.com/F5Networks/terraform-azure-bigip-module/blob/main/examples/bigip_azure_1nic_deploy/main.tf#L30-L40)
It was created with the intention there might be existed RG and networks, we can make use of these RG and networks to deploy instance.
can you please run through example and let me know if you see any problem there. example take care of creating RG and referencing it to module as input.
minsis
commented
11 months ago Even in the example the resource group has to be created first before passing the name in. This is due to terraforms planning phase.
If this was a fresh run the planning stage fails because the module is doing a data lookup to get the resource information, but obviously it can’t because the resource group hasn’t even been created yet.
RavinderReddyF5
commented
11 months ago Hi @minsis
I don't see any issue for running example, resource group creation and referring it in module can be done single file
➜ bigip_azure_1nic_deploy git:(main) ✗ terraform apply
module.bigip[0].data.azurerm_subscription.current: Reading...
module.bigip[0].data.azurerm_client_config.current: Reading...
module.bigip[0].data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD0wNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0wMmY5ZTFiZjdiNDY7b2JqZWN0SWQ9MmRkZjNmMDUtY2UxYy00MGMwLWFmMjktYTlhMGM4NzBjNTIzO3N1YnNjcmlwdGlvbklkPWQzMWU0ZTU0LTc1NzctNGY0My1iNDA3LWJhZTZjYzBmNGY1NTt0ZW5hbnRJZD1kMTA2ODcxZS03YjkxLTQ3MzMtODQyMy1mOTg1ODYzMDNiNjg=]
module.bigip[0].data.azurerm_subscription.current: Read complete after 0s [id=/subscriptions/d31e4e54-7577-4f43-b407-bae6cc0f4f55]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# data.azurerm_subnet.mgmt will be read during apply
# (config refers to values not yet known)
<= data "azurerm_subnet" "mgmt" {
+ address_prefix = (known after apply)
+ address_prefixes = (known after apply)
+ enforce_private_link_endpoint_network_policies = (known after apply)
+ enforce_private_link_service_network_policies = (known after apply)
+ id = (known after apply)
+ name = "mgmt-subnet"
+ network_security_group_id = (known after apply)
+ private_endpoint_network_policies_enabled = (known after apply)
+ private_link_service_network_policies_enabled = (known after apply)
+ resource_group_name = (known after apply)
+ route_table_id = (known after apply)
+ service_endpoints = (known after apply)
+ virtual_network_name = (known after apply)
}
# azurerm_network_security_rule.mgmt_allow_http will be created
+ resource "azurerm_network_security_rule" "mgmt_allow_http" {
+ access = "Allow"
+ destination_address_prefix = "*"
+ destination_port_range = "80"
+ direction = "Inbound"
+ id = (known after apply)
+ name = "Allow_Http"
+ network_security_group_name = (known after apply)
+ priority = 201
+ protocol = "Tcp"
+ resource_group_name = (known after apply)
+ source_address_prefixes = [
+ "0.0.0.0/0",
]
+ source_port_range = "*"
}
# azurerm_network_security_rule.mgmt_allow_https will be created
+ resource "azurerm_network_security_rule" "mgmt_allow_https" {
+ access = "Allow"
+ destination_address_prefix = "*"
+ destination_port_range = "8443"
+ direction = "Inbound"
+ id = (known after apply)
+ name = "Allow_Https"
+ network_security_group_name = (known after apply)
+ priority = 200
+ protocol = "Tcp"
+ resource_group_name = (known after apply)
+ source_address_prefixes = [
+ "0.0.0.0/0",
]
+ source_port_range = "*"
}
# azurerm_network_security_rule.mgmt_allow_ssh will be created
+ resource "azurerm_network_security_rule" "mgmt_allow_ssh" {
+ access = "Allow"
+ destination_address_prefix = "*"
+ destination_port_range = "22"
+ direction = "Inbound"
+ id = (known after apply)
+ name = "Allow_ssh"
+ network_security_group_name = (known after apply)
+ priority = 202
+ protocol = "Tcp"
+ resource_group_name = (known after apply)
+ source_address_prefixes = [
+ "0.0.0.0/0",
]
+ source_port_range = "*"
}
# azurerm_resource_group.rg will be created
+ resource "azurerm_resource_group" "rg" {
+ id = (known after apply)
+ location = "eastus"
+ name = (known after apply)
}
# azurerm_ssh_public_key.f5_key will be created
+ resource "azurerm_ssh_public_key" "f5_key" {
+ id = (known after apply)
+ location = "eastus"
+ name = (known after apply)
+ public_key = <<-EOT
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC65CYwTigMlzqll/1z3yQ0Yvpl27oGsXSXqTh4g2o3hPhFugxGFODjuQeZpF/1ywuG9Pcg2OCiP2vwjcyjcrOH/Sob6XufbPjnKLqi2cMFdav3LbaGE4p4eprzR0UIIVJFwB/SFGHeIJu5VgR2GPDbg3lwF+ZYKiBP4K/UJvuKAT9t0fesXeZeKaHyHNZCpl9ltGW16qivyoeMXavI5z3c3bjYOrCXOI3A2MQQJ3p7DBN3mP8es/lpKoCF7oPya5BnB125otQ3e5j9stX79LBtB5w7iQRXKUtM+ZaqhQCgKprIe+pnw33zJ08ta130nnbZqWgPUXGtCHDJ5dZV7Ggz0uHEB71ARFWHGpCdvJAKa46jQGWJC06sydP7zVNJbwWmuVcngxkpaKQ+O5v1M0WztI/7RfOxGrQQOCVs5r4zinvw+CmDQ7AhYqHrvlh4iR/yWhrayPpUlk6cxbqW1bRqxP04SoNroP6RHWbhYEd+b/dqPtR6yVVcUDaiC7mPd9ifitX4q+mc0cb182thZtsWhJ7jzkwu5KytpViT7BEn5mTt6cv/yIEd/9HIBB9cFGf8Mc2dsR++Z1GEQqyBeyjH5NmnoZnc9P/8NSEv0wtQUEGFo5LLAnxt7nego9IRjGzYRUgql30mQTc3gGc/fmQnlouqSKJVYSPP+BrYJAw/tw== r.chinthalapalli@JP27H964T7
EOT
+ resource_group_name = (known after apply)
}
# null_resource.clusterDO[0] will be created
+ resource "null_resource" "clusterDO" {
+ id = (known after apply)
}
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 2
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
# module.bigip[0].data.azurerm_resource_group.bigiprg will be read during apply
# (config refers to values not yet known)
<= data "azurerm_resource_group" "bigiprg" {
+ id = (known after apply)
+ location = (known after apply)
+ managed_by = (known after apply)
+ name = (known after apply)
+ tags = (known after apply)
}
# module.bigip[0].azurerm_linux_virtual_machine.f5vm01 will be created
+ resource "azurerm_linux_virtual_machine" "f5vm01" {
+ admin_password = (sensitive value)
+ admin_username = "bigipuser"
+ allow_extension_operations = true
+ computer_name = (known after apply)
+ custom_data = (sensitive value)
+ disable_password_authentication = false
+ extensions_time_budget = "PT1H30M"
+ id = (known after apply)
+ location = (known after apply)
+ max_bid_price = -1
+ name = (known after apply)
+ network_interface_ids = (known after apply)
+ patch_assessment_mode = "ImageDefault"
+ patch_mode = "ImageDefault"
+ platform_fault_domain = -1
+ priority = "Regular"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ provision_vm_agent = true
+ public_ip_address = (known after apply)
+ public_ip_addresses = (known after apply)
+ resource_group_name = (known after apply)
+ size = "Standard_D8s_v4"
+ tags = (known after apply)
+ virtual_machine_id = (known after apply)
+ zone = "1"
+ admin_ssh_key {
+ public_key = <<-EOT
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC65CYwTigMlzqll/1z3yQ0Yvpl27oGsXSXqTh4g2o3hPhFugxGFODjuQeZpF/1ywuG9Pcg2OCiP2vwjcyjcrOH/Sob6XufbPjnKLqi2cMFdav3LbaGE4p4eprzR0UIIVJFwB/SFGHeIJu5VgR2GPDbg3lwF+ZYKiBP4K/UJvuKAT9t0fesXeZeKaHyHNZCpl9ltGW16qivyoeMXavI5z3c3bjYOrCXOI3A2MQQJ3p7DBN3mP8es/lpKoCF7oPya5BnB125otQ3e5j9stX79LBtB5w7iQRXKUtM+ZaqhQCgKprIe+pnw33zJ08ta130nnbZqWgPUXGtCHDJ5dZV7Ggz0uHEB71ARFWHGpCdvJAKa46jQGWJC06sydP7zVNJbwWmuVcngxkpaKQ+O5v1M0WztI/7RfOxGrQQOCVs5r4zinvw+CmDQ7AhYqHrvlh4iR/yWhrayPpUlk6cxbqW1bRqxP04SoNroP6RHWbhYEd+b/dqPtR6yVVcUDaiC7mPd9ifitX4q+mc0cb182thZtsWhJ7jzkwu5KytpViT7BEn5mTt6cv/yIEd/9HIBB9cFGf8Mc2dsR++Z1GEQqyBeyjH5NmnoZnc9P/8NSEv0wtQUEGFo5LLAnxt7nego9IRjGzYRUgql30mQTc3gGc/fmQnlouqSKJVYSPP+BrYJAw/tw== r.chinthalapalli@JP27H964T7
EOT
+ username = "bigipuser"
}
+ identity {
+ identity_ids = (known after apply)
+ principal_id = (known after apply)
+ tenant_id = (known after apply)
+ type = "UserAssigned"
}
+ os_disk {
+ caching = "ReadWrite"
+ disk_size_gb = 84
+ name = (known after apply)
+ storage_account_type = "Standard_LRS"
+ write_accelerator_enabled = false
}
+ plan {
+ name = "f5-big-best-plus-hourly-25mbps"
+ product = "f5-big-ip-best"
+ publisher = "f5-networks"
}
+ source_image_reference {
+ offer = "f5-big-ip-best"
+ publisher = "f5-networks"
+ sku = "f5-big-best-plus-hourly-25mbps"
+ version = "latest"
}
}
# module.bigip[0].azurerm_network_interface.mgmt_nic[0] will be created
+ resource "azurerm_network_interface" "mgmt_nic" {
+ applied_dns_servers = (known after apply)
+ dns_servers = (known after apply)
+ enable_accelerated_networking = false
+ enable_ip_forwarding = false
+ id = (known after apply)
+ internal_dns_name_label = (known after apply)
+ internal_domain_name_suffix = (known after apply)
+ location = (known after apply)
+ mac_address = (known after apply)
+ name = (known after apply)
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ resource_group_name = (known after apply)
+ tags = (known after apply)
+ virtual_machine_id = (known after apply)
+ ip_configuration {
+ gateway_load_balancer_frontend_ip_configuration_id = (known after apply)
+ name = (known after apply)
+ primary = (known after apply)
+ private_ip_address = (known after apply)
+ private_ip_address_allocation = "Dynamic"
+ private_ip_address_version = "IPv4"
+ public_ip_address_id = (known after apply)
+ subnet_id = (known after apply)
}
}
# module.bigip[0].azurerm_network_interface_security_group_association.mgmt_security[0] will be created
+ resource "azurerm_network_interface_security_group_association" "mgmt_security" {
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ network_security_group_id = (known after apply)
}
# module.bigip[0].azurerm_public_ip.mgmt_public_ip[0] will be created
+ resource "azurerm_public_ip" "mgmt_public_ip" {
+ allocation_method = "Static"
+ ddos_protection_mode = "VirtualNetworkInherited"
+ domain_name_label = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ idle_timeout_in_minutes = 4
+ ip_address = (known after apply)
+ ip_version = "IPv4"
+ location = (known after apply)
+ name = (known after apply)
+ resource_group_name = (known after apply)
+ sku = "Standard"
+ sku_tier = "Regional"
+ tags = (known after apply)
}
# module.bigip[0].azurerm_user_assigned_identity.user_identity[0] will be created
+ resource "azurerm_user_assigned_identity" "user_identity" {
+ client_id = (known after apply)
+ id = (known after apply)
+ location = (known after apply)
+ name = (known after apply)
+ principal_id = (known after apply)
+ resource_group_name = (known after apply)
+ tags = (known after apply)
+ tenant_id = (known after apply)
}
# module.bigip[0].azurerm_virtual_machine_extension.vmext will be created
+ resource "azurerm_virtual_machine_extension" "vmext" {
+ failure_suppression_enabled = false
+ id = (known after apply)
+ name = (known after apply)
+ publisher = "Microsoft.Azure.Extensions"
+ settings = <<-EOT
{
"commandToExecute": "bash /var/lib/waagent/CustomData; exit 0;"
}
EOT
+ tags = (known after apply)
+ type = "CustomScript"
+ type_handler_version = "2.0"
+ virtual_machine_id = (known after apply)
}
# module.bigip[0].random_id.module_id will be created
+ resource "random_id" "module_id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 2
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
# module.bigip[0].random_string.password will be created
+ resource "random_string" "password" {
+ id = (known after apply)
+ length = 16
+ lower = true
+ min_lower = 1
+ min_numeric = 1
+ min_special = 0
+ min_upper = 1
+ number = true
+ numeric = true
+ result = (known after apply)
+ special = false
+ upper = true
}
# module.bigip[0].time_sleep.wait_for_azurerm_virtual_machine_f5vm will be created
+ resource "time_sleep" "wait_for_azurerm_virtual_machine_f5vm" {
+ create_duration = "300s"
+ id = (known after apply)
}
# module.mgmt-network-security-group.data.azurerm_resource_group.nsg will be read during apply
# (config refers to values not yet known)
<= data "azurerm_resource_group" "nsg" {
+ id = (known after apply)
+ location = (known after apply)
+ managed_by = (known after apply)
+ name = (known after apply)
+ tags = (known after apply)
}
# module.mgmt-network-security-group.azurerm_network_security_group.nsg will be created
+ resource "azurerm_network_security_group" "nsg" {
+ id = (known after apply)
+ location = (known after apply)
+ name = (known after apply)
+ resource_group_name = (known after apply)
+ security_rule = (known after apply)
+ tags = {
+ "costcenter" = "terraform"
+ "environment" = "dev"
}
}
# module.network.azurerm_subnet.subnet[0] will be created
+ resource "azurerm_subnet" "subnet" {
+ address_prefixes = [
+ "10.2.1.0/24",
]
+ enforce_private_link_endpoint_network_policies = false
+ enforce_private_link_service_network_policies = false
+ id = (known after apply)
+ name = "mgmt-subnet"
+ private_endpoint_network_policies_enabled = (known after apply)
+ private_link_service_network_policies_enabled = (known after apply)
+ resource_group_name = (known after apply)
+ virtual_network_name = (known after apply)
}
# module.network.azurerm_virtual_network.vnet will be created
+ resource "azurerm_virtual_network" "vnet" {
+ address_space = [
+ "10.2.0.0/16",
]
+ dns_servers = []
+ guid = (known after apply)
+ id = (known after apply)
+ location = "eastus"
+ name = (known after apply)
+ resource_group_name = (known after apply)
+ subnet = (known after apply)
+ tags = {
+ "costcenter" = "it"
+ "environment" = "dev"
}
}
Plan: 19 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ bigip_instance_ids = [
+ (known after apply),
]
+ bigip_password = [
+ (known after apply),
]
+ bigip_username = [
+ "bigipuser",
]
+ mgmtPort = [
+ "8443",
]
+ mgmtPublicDNS = [
+ (known after apply),
]
+ mgmtPublicIP = [
+ (known after apply),
]
+ mgmtPublicURL = [
+ (known after apply),
]
+ private_addresses = [
+ {
+ external_private = {
+ private_ip = []
+ private_ips = []
}
+ internal_private = {
+ private_ip = []
+ private_ips = []
}
+ mgmt_private = {
+ private_ip = [
+ (known after apply),
]
+ private_ips = [
+ (known after apply),
]
}
+ public_private = {
+ private_ip = []
+ private_ips = []
}
},
]
+ public_addresses = [
+ {
+ external_primary_public = []
+ external_secondary_public = []
},
]
+ resourcegroup_name = (known after apply)
╷
│ Warning: Argument is deprecated
│
│ with module.network.azurerm_subnet.subnet[0],
│ on .terraform/modules/network/main.tf line 26, in resource "azurerm_subnet" "subnet":
│ 26: enforce_private_link_endpoint_network_policies = lookup(var.subnet_enforce_private_link_endpoint_network_policies, var.subnet_names[count.index], false)
│
│ `enforce_private_link_endpoint_network_policies` will be removed in favour of the property `private_endpoint_network_policies_enabled` in version 4.0 of the AzureRM Provider
│
│ (and one more similar warning elsewhere)
╵
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
here is usage of module
module "bigip" {
count = var.instance_count
source = "F5Networks/bigip-module/azure"
# source = "../../"
prefix = format("%s-1nic", var.prefix)
resource_group_name = azurerm_resource_group.rg.name
f5_ssh_publickey = azurerm_ssh_public_key.f5_key.public_key
mgmt_subnet_ids = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
mgmt_securitygroup_ids = [module.mgmt-network-security-group.network_security_group_id]
availability_zone = var.availability_zone
availabilityZones_public_ip = var.availabilityZones_public_ip
}hi @minsis, you don't need data source here for referring data group.
module "bigip" {
count = var.instance_count
source = "F5Networks/bigip-module/azure"
# source = "../../"
prefix = format("%s-1nic", var.prefix)
resource_group_name = azurerm_resource_group.rg.name
f5_ssh_publickey = azurerm_ssh_public_key.f5_key.public_key
mgmt_subnet_ids = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
mgmt_securitygroup_ids = [module.mgmt-network-security-group.network_security_group_id]
availability_zone = var.availability_zone
availabilityZones_public_ip = var.availabilityZones_public_ip
}Here's a very simple example of whats happening here.
resource "azurerm_resource_group" "example" {
name = "example"
location = "West Europe"
}
data "azurerm_resource_group" "example" {
name = "example"
}So here you can see that it knows it needs to create a resource group, but I can't do a data look up on said resource because it doesn't exist yet.
tf-test $ tf plan
data.azurerm_resource_group.example: Reading...
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform planned the following actions, but then encountered a problem:
# azurerm_resource_group.example will be created
+ resource "azurerm_resource_group" "example" {
+ id = (known after apply)
+ location = "westeurope"
+ name = "example"
}
Plan: 1 to add, 0 to change, 0 to destroy.
╷
│ Error: Error: Resource Group "example" was not found
│
│ with data.azurerm_resource_group.example,
│ on main.tf line 6, in data "azurerm_resource_group" "example":
│ 6: data "azurerm_resource_group" "example" {
│
╵Now, I can get around this by setting a dependency on it:
resource "azurerm_resource_group" "example" {
name = "example"
location = "West Europe"
}
data "azurerm_resource_group" "example" {
name = "example"
depends_on = [ azurerm_resource_group.example ]
}Which works nicely:
tf-test $ tf plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# data.azurerm_resource_group.example will be read during apply
# (depends on a resource or a module with changes pending)
<= data "azurerm_resource_group" "example" {
+ id = (known after apply)
+ location = (known after apply)
+ managed_by = (known after apply)
+ name = "example"
+ tags = (known after apply)
}
# azurerm_resource_group.example will be created
+ resource "azurerm_resource_group" "example" {
+ id = (known after apply)
+ location = "westeurope"
+ name = "example"
}
Plan: 1 to add, 0 to change, 0 to destroy.However, because the data look up is in the module, I can't force this. I have tried to put the dependancy on the module itself when declared but this still didn't work.
RavinderReddyF5
commented
11 months ago Hi @minsis you don't need of data source here for pointing RG to module, as I mentioned in my previous comment.
resource "azurerm_resource_group" "example" {
name = "example"
location = "West Europe"
}
module "bigip" {
count = var.instance_count
source = "F5Networks/bigip-module/azure"
prefix = format("%s-1nic", var.prefix)
resource_group_name = azurerm_resource_group.example.name
f5_ssh_publickey = azurerm_ssh_public_key.f5_key.public_key
mgmt_subnet_ids = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
mgmt_securitygroup_ids = [module.mgmt-network-security-group.network_security_group_id]
availability_zone = var.availability_zone
availabilityZones_public_ip = var.availabilityZones_public_ip
}I dont know why its successful for you but failing for me. The error output given in my OP was exactly from the referenced example, obviously with name changes.
RavinderReddyF5
commented
11 months ago Hi @minsis
just copy below code in main.tf and run it by providing required inputs. and let me know if you still see issue
provider "azurerm" {
// version = "~>2.0"
features {}
}
#
# Create a random id
#
resource "random_id" "id" {
byte_length = 2
}
#
# Create a resource group
#
resource "azurerm_resource_group" "rg" {
name = format("%s-rg-%s", var.prefix, random_id.id.hex)
location = var.location
}
resource "azurerm_ssh_public_key" "f5_key" {
name = format("%s-pubkey-%s", var.prefix, random_id.id.hex)
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
public_key = file("~/.ssh/id_rsa.pub")
}
#
#Create N-nic bigip
#
module "bigip" {
count = var.instance_count
source = "F5Networks/bigip-module/azure"
# source = "../../"
prefix = format("%s-1nic", var.prefix)
resource_group_name = azurerm_resource_group.rg.name
f5_ssh_publickey = azurerm_ssh_public_key.f5_key.public_key
mgmt_subnet_ids = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
mgmt_securitygroup_ids = [module.mgmt-network-security-group.network_security_group_id]
availability_zone = var.availability_zone
availabilityZones_public_ip = var.availabilityZones_public_ip
}
#
# Create the Network Module to associate with BIGIP
#
module "network" {
source = "Azure/vnet/azurerm"
version = "3.0.0"
vnet_name = format("%s-vnet-%s", var.prefix, random_id.id.hex)
resource_group_name = azurerm_resource_group.rg.name
vnet_location = var.location
address_space = [var.cidr]
subnet_prefixes = [cidrsubnet(var.cidr, 8, 1)]
subnet_names = ["mgmt-subnet"]
tags = {
environment = "dev"
costcenter = "it"
}
}
data "azurerm_subnet" "mgmt" {
name = "mgmt-subnet"
virtual_network_name = module.network.vnet_name
resource_group_name = azurerm_resource_group.rg.name
depends_on = [module.network]
}
#
# Create the Network Security group Module to associate with BIGIP-Mgmt-Nic
#
module "mgmt-network-security-group" {
source = "Azure/network-security-group/azurerm"
resource_group_name = azurerm_resource_group.rg.name
security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
tags = {
environment = "dev"
costcenter = "terraform"
}
}
resource "azurerm_network_security_rule" "mgmt_allow_https" {
name = "Allow_Https"
priority = 200
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "8443"
destination_address_prefix = "*"
source_address_prefixes = var.AllowedIPs
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
depends_on = [module.mgmt-network-security-group]
}
resource "azurerm_network_security_rule" "mgmt_allow_http" {
name = "Allow_Http"
priority = 201
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
destination_address_prefix = "*"
source_address_prefixes = var.AllowedIPs
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
depends_on = [module.mgmt-network-security-group]
}
resource "azurerm_network_security_rule" "mgmt_allow_ssh" {
name = "Allow_ssh"
priority = 202
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
destination_address_prefix = "*"
source_address_prefixes = var.AllowedIPs
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
depends_on = [module.mgmt-network-security-group]
}
Hi @minsis,
We didn't get any feedback from our last message so we are closing this issue. Please reopen a new one if you are still facing the issue.
This module requires a resource group to be created beforehand, making it unusable in a single project.
https://github.com/F5Networks/terraform-azure-bigip-module/blob/main/main.tf#L190