I'm trying to build hub-spoke topology in Azure.
Hub VNET - includes Azure firewall with default rules, has it's own TF state file
Spoke VNET - includes other Azure resources (Blobs, Key vaults etc.), there are many Spoke VNETs (each per project/environment) each with it's own TF state file.
Problem: After deploying each Spoke VNET, there is randomly generated Blob Storage name which I need to pass and update Azure firewall rule in other TF configuration.
Question: Is it possible to do it automatically?
Possible solution: I will terraform apply Spoke VNET and use randomly generated blob storage name as an output. Pass it to .sh script which will update .tfvars file used by Hub VNET with Firewall. Then terraform apply this Hub VNET configuration.
I have to do this also in reverse while destroying any of the Spoke VNETs. But this is not very elegant. Is there any better way? Maybe using Terragrunt hooks?
In case of terragrunt, you can easily pass outputs from one module (i.e. Hub VNET) as inputs to the modules that depend on it (i.e. Spoke VNET). The code snippet would look like the following:
hub-vnet/terragrunt.hcl:
dependency "spoke-a-vnet" {
config_path = "../spoke-a-vnet"
mock_ouptuts = {
blob-name = ""
}
}
dependency "spoke-b-vnet" {
config_path = "../spoke-b-vnet"
mock_ouptuts = {
blob-name = ""
}
}
inputs {
blob-names = [dependency.spoke-a-vnet.outputs.blob-name, dependency.spoke-v-vnet.outputs.blob-name]
}
And then in your Hub VNET module you'll have a behavior configured that a blob-name should be skipped, if it equals "".
During the Spoke removal operation, you'll need to run two steps:
run destroy for the relevant Spoke VNET module
run apply afterwards (effectively it's a re-apply) for the Hub VNET module, where the mock value "" would take effect as the blob-storage input and therefore skipped (based on the conditional approach described above).
Related
There are multiple Azure VNets across multiple Subscriptions peered to a single Virtual WAN Hub outside of Terraform (in Terraform, this would be an azurerm_virtual_hub_connection resource each).
I would like to use terraform to create IP Groups for the networks, grouped by parts of their name.
How do I dynamically list all of the networks including their name and range independent of their source Subscription in Terraform?
My first attempt was to use the generic azurerm_resources data provider like
data "azurerm_resources" "peerings" {
type = "Microsoft.Network/virtualHubs/hubVirtualNetworkConnections"
}
but that didn't yield any result.
Do you have any idea how this can be accomplished?
I have 5 FunctionApps with One AppServicePlan[Premium] .
One VNET with one subnet already there[Not to be created], which to be used with FunctionApp along with storage.
When I try with azurerm_app_service_virtual_network_swift_connection it can not integrate all funcion apps.
Any solution for same or may be any code example link.
https://discuss.hashicorp.com/t/multiple-functionapp-on-single-appserviceplan-vnet-integration/43022?u=mukteswarp
This is the sample template for function app deployment via terraform. Please review your template with the sample template to see if there are any differences
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_virtual_network_swift_connection#example-usage-with-function-app
if you have 5 function apps that are already created, then you should pull your data and iterate for each to do the entire association.
This is an example of how I would do it if I were to create a list of 1-2-3-4-5-6 or 110 function apps. where linux_app_name is the list of names -> type (list) , the reason why I did it in a local is because I'm checking before to see if it's empty or not. then for each app service id , doing the azurerm linux function app each key.id and of course the subnet that you're interested in.
Ensure you're putting the correct format of each value in the resource block. This serves purely as an example:
resource "azurerm_app_service_virtual_network_swift_connection" "funclinux" {
for_each = toset(local.linux_app_name)
app_service_id = azurerm_linux_function_app.linuxfunction[each.key].id
subnet_id = subnetid
}
I am using the "azurerm_windows_web_app" resource type in terraform to create an app service. I am using this resource because the "azurerm_app_service" is being deprecated as indicated by the docs.
I need to setup the outbound traffic section of the app service to use a virtual network like below. I already have the virtual network being created successfully, so I just need to find a way to link it to the app service via terraform.
I cannot see any property on the resource that allows me to achieve this. On the "azurerm_app_service" resource I can see a "azurerm_app_service_virtual_network_swift_connection" which I think might achieve this, but I cannot see a corresponding resource for a "azurerm_windows_web_app" resource to connect it to a virtual network.
Does anybody know if there is currently a way to achieve this?
app_service_virtual_network_swift_connection should still be the right one. The app services resources have been split up with the latest 3.0 TF provider release but I believe the swift resource will cover both, Windows and Linux app services.
I'm using Azure DataFactory for my data ingestion and using an Azure Databricks notebook through ADF's Notebook activity.
The Notebook uses an existing instance pool of Standard DS3_V2 (2-5 nodes autoscaled) with 7.3LTS Spark Runtime version. The same Azure subscription is used by multiple teams for their respective data pipelines.
During the ADF pipeline execution, I'm facing a notebook activity failure frequently with the below error message
{
"reason": {
"code": "CLOUD_PROVIDER_LAUNCH_FAILURE",
"type": "CLOUD_FAILURE",
"parameters": {
"azure_error_code": "SubnetIsFull",
"azure_error_message": "Subnet /subscriptions/<Subscription>/resourceGroups/<RG>/providers/Microsoft.Network/virtualNetworks/<VN>/subnets/<subnet> with address prefix 10.237.35.128/26 does not have enough capacity for 2 IP addresses."
}
}
}
Can anyone explain what this error is and how I can reduce the occurrence of this? (The documents I found are not explanatory)
Looks like your data bricks has been created within a VNET see this link or this link. When this is done, the databricks instances are created within one of the subnets within this VNET. It seems that at the point of triggering, all the IPs within the subnet were already utilized.
You cannot ad should not extend the IP space. Please do not attempt to change the existing VNET configuration as this will affect your databricks cluster.
You have the following options.
Check when less number of databricks instances are being instantiated and
schedule your ADF during this time. You should be looking at
distributing the execution across the time so we don't attempt to
peak over the existing IPs in the subnet.
Request your IT department to create a new VNET and subnet and
create a new Databricks cluster in this VNET.
The problem arise from the fact that when your workspace was created, the network and subnet sizes wasn't planned correctly (see docs). As result, when you're trying to launch a cluster, then there is not enough IP addresses in a given subnet, and given this error.
Unfortunately right now it's not possible to expand network/subnets size, so if you need a bigger network, then you need to deploy a new workspace and migrate into it.
This would appear to be a fairly simple and basic scenario but I'm frankly at a loss on how to get around this using Terraform and would appreciate any suggestions.
The issue is this. In Azure, I have a number of resource groups, each containing a number of resources, including virtual networks, subnets, storage accounts, etc. What I would now like to do is add new resources to one or two of the resource groups. Typical example, I would like to provision a new virtual machine in each of the resource groups.
Now, so far all of the documentation and blogs I seem to come across only provide guidance on how to create resources whereby you also create a new resource group, vnet, subnet, from scratch. This is definitely not what I wish to do.
All I'm looking to do is get Terraform to add a single virtual machine to an existing resource group, going on to configure it to connect to existing networking resources such as a VNet, Subnet, etc. Any ideas?
I tested for ECS by destroying the launch configuration.
terraform destroy -target module.ecs.module.ec2_alb.aws_launch_configuration.launchcfg
I recreated the launch configuration and it worked:
terraform plan -target=module.ecs.module.ec2_alb.aws_launch_configuration
terraform apply -target=module.ecs.module.ec2_alb.aws_launch_configuration
Also, you can go read more on Terraform target here: https://learn.hashicorp.com/tutorials/terraform/resource-targeting
If you just want to be able to reference your existing resources in your TF script, you normally would use data sources in TF to fetch their information.
So for resource group, you would use data source azurerm_resource_group, for vnet there is azurerm_virtual_network and so forth.
These data sources would allow you to only reference and get details of existing resources, not to manage them in your TF script. Thus if you would like to actually manage these resources using TF (modify, delete, etc), you would have to import them first to TF.