From 171ed17a87b3c00f7df97b35b709f17c8521810d Mon Sep 17 00:00:00 2001 From: Ryan Haney <25014745+thathaneydude@users.noreply.github.com> Date: Thu, 27 Jun 2024 10:01:01 -0500 Subject: [PATCH] latest changes working in local testing --- load_balancer.tf | 6 +++--- scale_set.tf | 4 ++-- sensor_config.tf | 9 +++++++-- variables.tf | 8 -------- 4 files changed, 12 insertions(+), 15 deletions(-) diff --git a/load_balancer.tf b/load_balancer.tf index 5d78e79..316980f 100644 --- a/load_balancer.tf +++ b/load_balancer.tf @@ -25,7 +25,7 @@ resource "azurerm_lb_backend_address_pool" "monitoring_pool" { resource "azurerm_lb_probe" "sensor_health_check_probe" { loadbalancer_id = azurerm_lb.scale_set_lb.id name = var.lb_health_check_probe_name - port = 41080 + port = 443 request_path = "/api/system/healthcheck/" protocol = "Https" interval_in_seconds = 30 @@ -62,8 +62,8 @@ resource "azurerm_lb_rule" "monitoring_health_check_rule" { name = var.lb_health_check_rule_name loadbalancer_id = azurerm_lb.scale_set_lb.id protocol = "Tcp" - backend_port = var.health_check_port - frontend_port = var.health_check_port + backend_port = 443 + frontend_port = 443 frontend_ip_configuration_name = azurerm_lb.scale_set_lb.frontend_ip_configuration[0].name backend_address_pool_ids = [ azurerm_lb_backend_address_pool.management_pool.id diff --git a/scale_set.tf b/scale_set.tf index ef13526..8815549 100644 --- a/scale_set.tf +++ b/scale_set.tf @@ -31,8 +31,8 @@ resource "azurerm_linux_virtual_machine_scale_set" "sensor_scale_set" { primary = true ip_configuration { - primary = false name = "management-nic-ip-cfg" + primary = true subnet_id = azurerm_subnet.subnet.id load_balancer_backend_address_pool_ids = [ azurerm_lb_backend_address_pool.management_pool.id @@ -43,8 +43,8 @@ resource "azurerm_linux_virtual_machine_scale_set" "sensor_scale_set" { network_interface { name = "monitoring-nic" ip_configuration { - primary = false name = "monitoring-nic-ip-cfg" + primary = true subnet_id = azurerm_subnet.subnet.id load_balancer_backend_address_pool_ids = [ azurerm_lb_backend_address_pool.monitoring_pool.id diff --git a/sensor_config.tf b/sensor_config.tf index fec0749..ea1f6e9 100644 --- a/sensor_config.tf +++ b/sensor_config.tf @@ -1,3 +1,8 @@ +locals { + # https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview#probe-source-ip-address + azure_lb_health_check_probe_ip = "168.63.129.16/32" +} + module "sensor_config" { source = "github.com/corelight/terraform-config-sensor" @@ -5,8 +10,8 @@ module "sensor_config" { sensor_license = var.license_key sensor_management_interface_name = "eth0" sensor_monitoring_interface_name = "eth1" - sensor_health_check_probe_source_ranges_cidr = azurerm_subnet.subnet.address_prefixes - sensor_health_check_http_port = var.health_check_port + sensor_health_check_probe_source_ranges_cidr = [local.azure_lb_health_check_probe_ip] + sensor_health_check_http_port = 443 gzip_config = true base64_encode_config = true enrichment_enabled = var.enrichment_storage_account_name != "" && var.enrichment_storage_container_name != "" diff --git a/variables.tf b/variables.tf index ce967ca..ad49198 100644 --- a/variables.tf +++ b/variables.tf @@ -153,20 +153,12 @@ variable "lb_health_check_rule_name" { default = "healthcheck-lb-rule" } -variable "health_check_port" { - description = "the port number for the HTTP health check request" - type = string - default = "41080" -} - variable "lb_ssh_rule_name" { description = "Name of the load balancer rule for SSH traffic" type = string default = "management-ssh-lb-rule" } - - variable "tags" { description = "Any tags that should be applied to resources deployed by the module" type = object({})