diff --git a/data.tf b/data.tf deleted file mode 100644 index 4a74dfb..0000000 --- a/data.tf +++ /dev/null @@ -1,37 +0,0 @@ -data "cloudinit_config" "config" { - gzip = true - base64_encode = true - - part { - content_type = "text/cloud-config" - content = templatefile("${path.module}/templates/sensor_init.tpl", - { - api_password = var.community_string - sensor_license = var.license_key - mgmt_int = "eth0" - mon_int = "eth1" - } - ) - filename = "sensor-build.yaml" - } -} - -data "cloudinit_config" "config_with_enrichment" { - gzip = true - base64_encode = true - - part { - content_type = "text/cloud-config" - content = templatefile("${path.module}/templates/sensor_init_with_enrichment.tpl", - { - api_password = var.community_string - sensor_license = var.license_key - mgmt_int = "eth0" - mon_int = "eth1" - container_name = var.enrichment_storage_container_name - storage_account_name = var.enrichment_storage_account_name - } - ) - filename = "sensor-build.yaml" - } -} diff --git a/scale_set.tf b/scale_set.tf index d046e2f..8815549 100644 --- a/scale_set.tf +++ b/scale_set.tf @@ -9,7 +9,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "sensor_scale_set" { resource_group_name = var.resource_group_name sku = var.virtual_machine_size instances = 1 - custom_data = var.enrichment_storage_account_name == "" ? data.cloudinit_config.config.rendered : data.cloudinit_config.config_with_enrichment.rendered + custom_data = module.sensor_config.cloudinit_config.rendered source_image_id = var.corelight_sensor_image_id @@ -31,8 +31,8 @@ resource "azurerm_linux_virtual_machine_scale_set" "sensor_scale_set" { primary = true ip_configuration { - primary = false name = "management-nic-ip-cfg" + primary = true subnet_id = azurerm_subnet.subnet.id load_balancer_backend_address_pool_ids = [ azurerm_lb_backend_address_pool.management_pool.id @@ -43,8 +43,8 @@ resource "azurerm_linux_virtual_machine_scale_set" "sensor_scale_set" { network_interface { name = "monitoring-nic" ip_configuration { - primary = false name = "monitoring-nic-ip-cfg" + primary = true subnet_id = azurerm_subnet.subnet.id load_balancer_backend_address_pool_ids = [ azurerm_lb_backend_address_pool.monitoring_pool.id diff --git a/sensor_config.tf b/sensor_config.tf new file mode 100644 index 0000000..ea1f6e9 --- /dev/null +++ b/sensor_config.tf @@ -0,0 +1,21 @@ +locals { + # https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview#probe-source-ip-address + azure_lb_health_check_probe_ip = "168.63.129.16/32" +} + +module "sensor_config" { + source = "github.com/corelight/terraform-config-sensor" + + fleet_community_string = var.community_string + sensor_license = var.license_key + sensor_management_interface_name = "eth0" + sensor_monitoring_interface_name = "eth1" + sensor_health_check_probe_source_ranges_cidr = [local.azure_lb_health_check_probe_ip] + sensor_health_check_http_port = 443 + gzip_config = true + base64_encode_config = true + enrichment_enabled = var.enrichment_storage_account_name != "" && var.enrichment_storage_container_name != "" + enrichment_cloud_provider_name = "azure" + enrichment_storage_account_name = var.enrichment_storage_account_name + enrichment_bucket_name = var.enrichment_storage_container_name +} \ No newline at end of file diff --git a/templates/sensor_init.tpl b/templates/sensor_init.tpl deleted file mode 100644 index c62ed3a..0000000 --- a/templates/sensor_init.tpl +++ /dev/null @@ -1,30 +0,0 @@ -#cloud-config - -write_files: - - content: | - sensor: - api: - password: ${api_password} - license_key: ${sensor_license} - management_interface: - name: ${mgmt_int} - wait: true - monitoring_interface: - name: ${mon_int} - wait: true - kubernetes: - allow_ports: - - protocol: tcp - port: 80 - net: 0.0.0.0/0 - - protocol: tcp - port: 443 - net: 0.0.0.0/0 - owner: root:root - path: /etc/corelight/corelightctl.yaml - permissions: '0644' - -runcmd: - - corelightctl sensor bootstrap -v - - corelightctl sensor deploy -v - diff --git a/templates/sensor_init_with_enrichment.tpl b/templates/sensor_init_with_enrichment.tpl deleted file mode 100644 index 8dc9f59..0000000 --- a/templates/sensor_init_with_enrichment.tpl +++ /dev/null @@ -1,33 +0,0 @@ -#cloud-config - -write_files: - - content: | - sensor: - api: - password: ${api_password} - license_key: ${sensor_license} - management_interface: - name: ${mgmt_int} - wait: true - monitoring_interface: - name: ${mon_int} - wait: true - kubernetes: - allow_ports: - - protocol: tcp - port: 80 - net: 0.0.0.0/0 - - protocol: tcp - port: 443 - net: 0.0.0.0/0 - owner: root:root - path: /etc/corelight/corelightctl.yaml - permissions: '0644' - -runcmd: - - [ corelightctl, sensor, bootstrap, -v ] - - [ corelightctl, sensor, deploy, -v ] - - | - echo '{"cloud_enrichment.enable": "true", "cloud_enrichment.cloud_provider": "azure","cloud_enrichment.bucket_name": "${container_name}", "cloud_enrichment.azure_storage_account": "${storage_account_name}"}' | corelightctl sensor cfg put - - diff --git a/variables.tf b/variables.tf index 473fcf5..ad49198 100644 --- a/variables.tf +++ b/variables.tf @@ -159,8 +159,6 @@ variable "lb_ssh_rule_name" { default = "management-ssh-lb-rule" } - - variable "tags" { description = "Any tags that should be applied to resources deployed by the module" type = object({})