diff --git a/data.tf b/data.tf deleted file mode 100644 index 4a74dfb..0000000 --- a/data.tf +++ /dev/null @@ -1,37 +0,0 @@ -data "cloudinit_config" "config" { - gzip = true - base64_encode = true - - part { - content_type = "text/cloud-config" - content = templatefile("${path.module}/templates/sensor_init.tpl", - { - api_password = var.community_string - sensor_license = var.license_key - mgmt_int = "eth0" - mon_int = "eth1" - } - ) - filename = "sensor-build.yaml" - } -} - -data "cloudinit_config" "config_with_enrichment" { - gzip = true - base64_encode = true - - part { - content_type = "text/cloud-config" - content = templatefile("${path.module}/templates/sensor_init_with_enrichment.tpl", - { - api_password = var.community_string - sensor_license = var.license_key - mgmt_int = "eth0" - mon_int = "eth1" - container_name = var.enrichment_storage_container_name - storage_account_name = var.enrichment_storage_account_name - } - ) - filename = "sensor-build.yaml" - } -} diff --git a/load_balancer.tf b/load_balancer.tf index 316980f..5d78e79 100644 --- a/load_balancer.tf +++ b/load_balancer.tf @@ -25,7 +25,7 @@ resource "azurerm_lb_backend_address_pool" "monitoring_pool" { resource "azurerm_lb_probe" "sensor_health_check_probe" { loadbalancer_id = azurerm_lb.scale_set_lb.id name = var.lb_health_check_probe_name - port = 443 + port = 41080 request_path = "/api/system/healthcheck/" protocol = "Https" interval_in_seconds = 30 @@ -62,8 +62,8 @@ resource "azurerm_lb_rule" "monitoring_health_check_rule" { name = var.lb_health_check_rule_name loadbalancer_id = azurerm_lb.scale_set_lb.id protocol = "Tcp" - backend_port = 443 - frontend_port = 443 + backend_port = var.health_check_port + frontend_port = var.health_check_port frontend_ip_configuration_name = azurerm_lb.scale_set_lb.frontend_ip_configuration[0].name backend_address_pool_ids = [ azurerm_lb_backend_address_pool.management_pool.id diff --git a/scale_set.tf b/scale_set.tf index d046e2f..ef13526 100644 --- a/scale_set.tf +++ b/scale_set.tf @@ -9,7 +9,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "sensor_scale_set" { resource_group_name = var.resource_group_name sku = var.virtual_machine_size instances = 1 - custom_data = var.enrichment_storage_account_name == "" ? data.cloudinit_config.config.rendered : data.cloudinit_config.config_with_enrichment.rendered + custom_data = module.sensor_config.cloudinit_config.rendered source_image_id = var.corelight_sensor_image_id diff --git a/sensor_config.tf b/sensor_config.tf new file mode 100644 index 0000000..fec0749 --- /dev/null +++ b/sensor_config.tf @@ -0,0 +1,16 @@ +module "sensor_config" { + source = "github.com/corelight/terraform-config-sensor" + + fleet_community_string = var.community_string + sensor_license = var.license_key + sensor_management_interface_name = "eth0" + sensor_monitoring_interface_name = "eth1" + sensor_health_check_probe_source_ranges_cidr = azurerm_subnet.subnet.address_prefixes + sensor_health_check_http_port = var.health_check_port + gzip_config = true + base64_encode_config = true + enrichment_enabled = var.enrichment_storage_account_name != "" && var.enrichment_storage_container_name != "" + enrichment_cloud_provider_name = "azure" + enrichment_storage_account_name = var.enrichment_storage_account_name + enrichment_bucket_name = var.enrichment_storage_container_name +} \ No newline at end of file diff --git a/templates/sensor_init.tpl b/templates/sensor_init.tpl deleted file mode 100644 index c62ed3a..0000000 --- a/templates/sensor_init.tpl +++ /dev/null @@ -1,30 +0,0 @@ -#cloud-config - -write_files: - - content: | - sensor: - api: - password: ${api_password} - license_key: ${sensor_license} - management_interface: - name: ${mgmt_int} - wait: true - monitoring_interface: - name: ${mon_int} - wait: true - kubernetes: - allow_ports: - - protocol: tcp - port: 80 - net: 0.0.0.0/0 - - protocol: tcp - port: 443 - net: 0.0.0.0/0 - owner: root:root - path: /etc/corelight/corelightctl.yaml - permissions: '0644' - -runcmd: - - corelightctl sensor bootstrap -v - - corelightctl sensor deploy -v - diff --git a/templates/sensor_init_with_enrichment.tpl b/templates/sensor_init_with_enrichment.tpl deleted file mode 100644 index 8dc9f59..0000000 --- a/templates/sensor_init_with_enrichment.tpl +++ /dev/null @@ -1,33 +0,0 @@ -#cloud-config - -write_files: - - content: | - sensor: - api: - password: ${api_password} - license_key: ${sensor_license} - management_interface: - name: ${mgmt_int} - wait: true - monitoring_interface: - name: ${mon_int} - wait: true - kubernetes: - allow_ports: - - protocol: tcp - port: 80 - net: 0.0.0.0/0 - - protocol: tcp - port: 443 - net: 0.0.0.0/0 - owner: root:root - path: /etc/corelight/corelightctl.yaml - permissions: '0644' - -runcmd: - - [ corelightctl, sensor, bootstrap, -v ] - - [ corelightctl, sensor, deploy, -v ] - - | - echo '{"cloud_enrichment.enable": "true", "cloud_enrichment.cloud_provider": "azure","cloud_enrichment.bucket_name": "${container_name}", "cloud_enrichment.azure_storage_account": "${storage_account_name}"}' | corelightctl sensor cfg put - - diff --git a/variables.tf b/variables.tf index 473fcf5..ce967ca 100644 --- a/variables.tf +++ b/variables.tf @@ -153,6 +153,12 @@ variable "lb_health_check_rule_name" { default = "healthcheck-lb-rule" } +variable "health_check_port" { + description = "the port number for the HTTP health check request" + type = string + default = "41080" +} + variable "lb_ssh_rule_name" { description = "Name of the load balancer rule for SSH traffic" type = string