From efa63dfec364cfec1bb5f3e49b3f2453f6ec129a Mon Sep 17 00:00:00 2001 From: Vedant Kalia Date: Thu, 9 Jan 2025 16:25:31 +0530 Subject: [PATCH] Feat : Added Recovery Service Vault & Backup Policy (#74) * Feat : Added Recovery Service Vault & Backup Policy --------- Co-authored-by: Ravi Malvia Co-authored-by: Deepak verma <89906661+d4kverma@users.noreply.github.com> --- README.yaml | 1 + examples/linux-vm/example.tf | 25 ++++---- examples/linux-vm/versions.tf | 2 +- examples/windows-vm/versions.tf | 2 +- main.tf | 62 ++++++++++++++++++++ outputs.tf | 16 +++++ variables.tf | 100 ++++++++++++++++++++++++++++++++ 7 files changed, 193 insertions(+), 15 deletions(-) diff --git a/README.yaml b/README.yaml index b495d59..568dd5b 100644 --- a/README.yaml +++ b/README.yaml @@ -194,4 +194,5 @@ usage: |- diagnostic_setting_enable = false log_analytics_workspace_id = "" } + ``` diff --git a/examples/linux-vm/example.tf b/examples/linux-vm/example.tf index 41edc90..0098ceb 100644 --- a/examples/linux-vm/example.tf +++ b/examples/linux-vm/example.tf @@ -134,7 +134,7 @@ module "key_vault" { module "log-analytics" { source = "clouddrove/log-analytics/azure" version = "2.0.0" - name = "app" + name = "app1" environment = "test" label_order = ["name", "environment"] create_log_analytics_workspace = true @@ -170,16 +170,15 @@ module "virtual-machine" { ## Public IP public_ip_enabled = true ## Virtual Machine - vm_size = "Standard_B1s" - public_key = "ssh-rsa AAAA" - admin_username = "ubuntu" - caching = "ReadWrite" - disk_size_gb = 30 - image_publisher = "Canonical" - image_offer = "0001-com-ubuntu-server-jammy" - image_sku = "22_04-lts-gen2" - image_version = "latest" - + vm_size = "Standard_B1s" + public_key = "ssh-rsa AAAA" + admin_username = "ubuntu" + caching = "ReadWrite" + disk_size_gb = 30 + image_publisher = "Canonical" + image_offer = "0001-com-ubuntu-server-jammy" + image_sku = "22_04-lts-gen2" + image_version = "latest" enable_disk_encryption_set = true key_vault_id = module.key_vault.id data_disks = [ @@ -204,5 +203,5 @@ module "virtual-machine" { log_analytics_workspace_id = module.log-analytics.workspace_id ## when diagnostic_setting_enable enable, add log analytics workspace id #vm With User Data - user_data = file("user-data.sh") -} \ No newline at end of file + user_data = base64encode(file("user-data.sh")) +} diff --git a/examples/linux-vm/versions.tf b/examples/linux-vm/versions.tf index a32fb80..d7ab930 100644 --- a/examples/linux-vm/versions.tf +++ b/examples/linux-vm/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">=3.112.0" + version = ">=3.108.0" } } } diff --git a/examples/windows-vm/versions.tf b/examples/windows-vm/versions.tf index a32fb80..d7ab930 100644 --- a/examples/windows-vm/versions.tf +++ b/examples/windows-vm/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">=3.112.0" + version = ">=3.108.0" } } } diff --git a/main.tf b/main.tf index e98aaf1..3a64fae 100644 --- a/main.tf +++ b/main.tf @@ -462,3 +462,65 @@ resource "azurerm_monitor_diagnostic_setting" "nic_diagnostic" { ignore_changes = [log_analytics_destination_type] } } + + +resource "azurerm_recovery_services_vault" "example" { + count = (var.vault_service == null && var.backup_enabled && var.enabled) ? 1 : (var.vault_service != null ? 1 : 0) + name = var.vm_addon_name == null ? format("%s-vm-service-vault-%s", module.labels.id, count.index + 1) : format("vm-%s-service-vault-%s", module.labels.id, var.vm_addon_name) + location = var.location + resource_group_name = var.resource_group_name + sku = var.vault_sku + tags = module.labels.tags + public_network_access_enabled = var.public_network_access_enabled + identity { + type = "SystemAssigned" + } +} + +resource "azurerm_backup_policy_vm" "policy" { + count = (var.backup_policy == null && var.backup_enabled && var.enabled) ? 1 : (var.backup_policy != null ? 1 : 0) + name = var.vm_addon_name == null ? format("%s-policy-vm-%d", module.labels.id, count.index + 1) : format("%s-policy-vm-%d", module.labels.id, var.vm_addon_name) + resource_group_name = var.resource_group_name + recovery_vault_name = azurerm_recovery_services_vault.example[count.index].name + policy_type = var.backup_policy_type != null ? var.backup_policy_type : "V2" + + timezone = var.backup_policy_time_zone != null ? var.backup_policy_time_zone : "UTC" + + backup { + frequency = var.backup_policy_frequency != null ? var.backup_policy_frequency : "Daily" + time = var.backup_policy_time != null ? var.backup_policy_time : "23:00" + } + + dynamic "retention_daily" { + for_each = var.backup_policy_retention["daily"].enabled ? [1] : [] + content { + count = var.backup_policy_retention["daily"].count + } + } + + dynamic "retention_weekly" { + for_each = var.backup_policy_retention["weekly"].enabled ? [1] : [] + content { + count = var.backup_policy_retention["weekly"].count + weekdays = var.backup_policy_retention["weekly"].weekdays + } + } + + dynamic "retention_monthly" { + for_each = var.backup_policy_retention["monthly"].enabled ? [1] : [] + content { + count = var.backup_policy_retention["monthly"].count + weekdays = var.backup_policy_retention["monthly"].weekdays + weeks = var.backup_policy_retention["monthly"].weeks + } + } + +} + +resource "azurerm_backup_protected_vm" "example" { + count = var.enabled && var.backup_enabled ? var.machine_count : 0 + resource_group_name = var.resource_group_name + recovery_vault_name = azurerm_recovery_services_vault.example[count.index].name + backup_policy_id = azurerm_backup_policy_vm.policy[count.index].id + source_vm_id = var.is_vm_linux ? azurerm_linux_virtual_machine.default[count.index].id : azurerm_windows_virtual_machine.win_vm[count.index].id +} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index 387aac4..9bfe9c8 100644 --- a/outputs.tf +++ b/outputs.tf @@ -56,3 +56,19 @@ output "extension_id" { value = { for id in azurerm_virtual_machine_extension.vm_insight_monitor_agent : id.name => id.id } description = "The ID of the Virtual Machine Extension." } + +output "service_vault_id" { + description = "The Principal ID associated with this Managed Service Identity." + value = azurerm_recovery_services_vault.example[*].identity[0].principal_id +} + +output "service_vault_tenant_id" { + description = "The Tenant ID associated with this Managed Service Identity." + value = azurerm_recovery_services_vault.example[*].identity[0].tenant_id + +} + +output "vm_backup_policy_id" { + description = "The ID of the VM Backup Policy." + value = azurerm_backup_policy_vm.policy[*].id +} diff --git a/variables.tf b/variables.tf index 51718a4..011de4d 100644 --- a/variables.tf +++ b/variables.tf @@ -612,3 +612,103 @@ variable "user_data" { default = null // Adjust this path accordingly description = "(Optional) A string of the desired User Data for the vm.(path/to/user-data.sh)" } + +variable "public_network_access_enabled" { + default = true + type = bool +} + +variable "vault_sku" { + default = "Standard" + type = string +} + + +variable "backup_policy_time" { + description = "(Optional) Indicates the time for when to execute the backup policy" + default = "23:00" + type = string +} + +variable "backup_policy_time_zone" { + description = "(Optional) Indicates the timezone that the policy will use" + default = "UTC" + type = string +} + +variable "backup_policy_frequency" { + description = "(Optional) Indicate the fequency to use for the backup policy" + default = "Daily" + type = string + + validation { + condition = contains(["Daily", "Weekly", "Hourly"], var.backup_policy_frequency) + error_message = "The value must be set to one of the following: Daily, Weekly, Hourly" + } + +} + +variable "backup_policy_type" { + description = "(Optional) Indicates which version type to use when creating the backup policy" + default = "V1" + type = string + + validation { + condition = contains(["V1", "V2"], var.backup_policy_type) + error_message = "The value must be set to one of the following: V1, V2" + } +} + + +variable "backup_enabled" { + description = "Added Backup Policy and Service Vault for the Virtual Machine" + type = bool + default = false +} + + +variable "backup_policy_retention" { + type = map(object({ + enabled = bool + frequency = string + count = string + weekdays = list(string) + weeks = list(string) + })) + default = { + daily = { + enabled = true + frequency = "Daily" + count = "7" + weekdays = [] + weeks = [] + }, + weekly = { + enabled = false + frequency = "Weekly" + count = "4" + weekdays = ["Saturday"] + weeks = [] + }, + monthly = { + enabled = false + frequency = "Monthly" + count = "3" + weekdays = ["Saturday"] + weeks = ["Last"] + } + } +} + +variable "vault_service" { + default = null + type = string + description = "Value for Service Vault ID" +} + +variable "backup_policy" { + default = null + type = string + description = "Value for Backup Policy ID" + +} \ No newline at end of file