Skip to content

Commit

Permalink
EDSF-290 Create full DSF installation example
Browse files Browse the repository at this point in the history
  • Loading branch information
@lindanasredin
lindanasredin committed Jul 9, 2023
1 parent 0d7351d commit 1cee48d
Show file tree
Hide file tree
Showing 28 changed files with 819 additions and 483 deletions.
20 changes: 11 additions & 9 deletions examples/installation/dsf_single_account_deployment/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,9 +114,9 @@ For example:

```tf
aws_profile = "myProfile"
aws_region_x = "us-east-1"
aws_region_y = "us-east-2"
subnet_ids= {
aws_region_1 = "us-east-1"
aws_region_2 = "us-east-2"
subnet_ids = {
hub_primary_subnet_id = "subnet-xxxxxxxxxxxxxxxx1"
hub_secondary_subnet_id = "subnet-xxxxxxxxxxxxxxxx2"
agentless_gw_primary_subnet_id = "subnet-xxxxxxxxxxxxxxxx3"
Expand All @@ -126,12 +126,14 @@ For example:
dra_admin_subnet_id = "subnet-xxxxxxxxxxxxxxxx7"
dra_analytics_subnet_id = "subnet-xxxxxxxxxxxxxxxx8"
}
security_group_ids_hub = ["sg-xxxxxxxxxxxxxxxx11", "sg-xxxxxxxxxxxxxxxx12"]
security_group_ids_agentless_gw = ["sg-xxxxxxxxxxxxxxxx21", "sg-xxxxxxxxxxxxxxxx22"]
security_group_ids_mx = ["sg-xxxxxxxxxxxxxxxx31", "sg-xxxxxxxxxxxxxxxx32"]
security_group_ids_agent_gw = ["sg-xxxxxxxxxxxxxxxx41", "sg-xxxxxxxxxxxxxxxx42"]
security_group_ids_dra_admin = ["sg-xxxxxxxxxxxxxxxx51", "sg-xxxxxxxxxxxxxxxx52"]
security_group_ids_dra_analytics = ["sg-xxxxxxxxxxxxxxxx61", "sg-xxxxxxxxxxxxxxxx62"]
security_group_ids_hub_primary = ["sg-xxxxxxxxxxxxxxxx11", "sg-xxxxxxxxxxxxxxxx12"]
security_group_ids_hub_secondary = ["sg-xxxxxxxxxxxxxxxx21", "sg-xxxxxxxxxxxxxxxx22"]
security_group_ids_agentless_gw_primary = ["sg-xxxxxxxxxxxxxxxx31", "sg-xxxxxxxxxxxxxxxx32"]
security_group_ids_agentless_gw_secondary = ["sg-xxxxxxxxxxxxxxxx41", "sg-xxxxxxxxxxxxxxxx42"]
security_group_ids_mx = ["sg-xxxxxxxxxxxxxxxx51", "sg-xxxxxxxxxxxxxxxx52"]
security_group_ids_agent_gw = ["sg-xxxxxxxxxxxxxxxx61", "sg-xxxxxxxxxxxxxxxx62"]
security_group_ids_dra_admin = ["sg-xxxxxxxxxxxxxxxx71", "sg-xxxxxxxxxxxxxxxx72"]
security_group_ids_dra_analytics = ["sg-xxxxxxxxxxxxxxxx81", "sg-xxxxxxxxxxxxxxxx82"]
tarball_location = {
s3_bucket = "bucket_name"
s3_region = "us-east-1"
Expand Down
31 changes: 0 additions & 31 deletions examples/installation/dsf_single_account_deployment/agent_sources.tf
View file

This file was deleted.

61 changes: 0 additions & 61 deletions examples/installation/dsf_single_account_deployment/agentless_sources.tf
View file

This file was deleted.

26 changes: 10 additions & 16 deletions examples/installation/dsf_single_account_deployment/dam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,29 +13,24 @@ module "mx" {

friendly_name = join("-", [local.deployment_name_salted, "mx"])
dam_version = var.dam_version
subnet_id = local.mx_subnet_id
subnet_id = var.subnet_ids.mx_subnet_id
license_file = var.license_file
key_pair = module.key_pair.key_pair.key_pair_name
key_pair = local.mx_public_key_name
secure_password = local.password
mx_password = local.password
allowed_web_console_and_api_cidrs = var.web_console_cidr
allowed_agent_gw_cidrs = [data.aws_subnet.agent_gw.cidr_block]
allowed_ssh_cidrs = local.workstation_cidr
allowed_hub_cidrs = local.hub_cidr_list
instance_profile_name = var.mx_instance_profile_name

hub_details = var.enable_dsf_hub ? {
address = coalesce(module.hub[0].public_dns, module.hub[0].private_dns)
access_token = module.hub[0].access_tokens["dam-to-hub"].token
address = coalesce(module.hub_primary[0].public_dns, module.hub_primary[0].private_dns)
access_token = module.hub_primary[0].access_tokens["dam-to-hub"].token
port = 8443
} : null
attach_persistent_public_ip = true
large_scale_mode = var.large_scale_mode.mx

create_server_group = length(var.simulation_db_types_for_agent) > 0
large_scale_mode = var.large_scale_mode.mx
tags = local.tags
depends_on = [
module.vpc
]
}

module "agent_gw" {
Expand All @@ -45,22 +40,21 @@ module "agent_gw" {

friendly_name = join("-", [local.deployment_name_salted, "agent", "gw", count.index])
dam_version = var.dam_version
subnet_id = local.agent_gw_subnet_id
key_pair = module.key_pair.key_pair.key_pair_name
subnet_id = var.subnet_ids.agent_gw_subnet_id
key_pair = local.agent_gw_public_key_name
secure_password = local.password
mx_password = local.password
allowed_agent_cidrs = [data.aws_subnet.agent_gw.cidr_block]
allowed_mx_cidrs = [data.aws_subnet.mx.cidr_block]
allowed_ssh_cidrs = [data.aws_subnet.mx.cidr_block]
allowed_gw_clusters_cidrs = [data.aws_subnet.agent_gw.cidr_block]
instance_profile_name = var.agent_gw_instance_profile_name

management_server_host_for_registration = module.mx[0].private_ip
management_server_host_for_api_access = module.mx[0].public_ip
large_scale_mode = var.large_scale_mode.agent_gw
gateway_group_name = local.gateway_group_name
tags = local.tags
depends_on = [
module.vpc
]
}

module "agent_gw_cluster_setup" {
Expand Down
17 changes: 6 additions & 11 deletions examples/installation/dsf_single_account_deployment/dra.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,20 +10,17 @@ module "dra_admin" {
count = var.enable_dra ? 1 : 0

friendly_name = join("-", [local.deployment_name_salted, "dra", "admin"])
subnet_id = local.dra_admin_subnet_id
subnet_id = var.subnet_ids.dra_admin_subnet_id
dra_version = module.globals.dra_version
ebs = var.dra_admin_ebs_details
admin_registration_password = local.password
admin_password = local.password
allowed_web_console_cidrs = var.web_console_cidr
allowed_analytics_server_cidrs = [data.aws_subnet.dra_analytics.cidr_block]
allowed_hub_cidrs = local.hub_cidr_list
attach_persistent_public_ip = true
key_pair = module.key_pair.key_pair.key_pair_name
key_pair = local.dra_admin_public_key_name
instance_profile_name = var.dra_admin_instance_profile_name
tags = local.tags
depends_on = [
module.vpc
]
}

module "analytics_server_group" {
Expand All @@ -32,20 +29,18 @@ module "analytics_server_group" {

count = local.dra_analytics_server_count
friendly_name = join("-", [local.deployment_name_salted, "dra", "analytics", "server", count.index])
subnet_id = local.dra_analytics_subnet_id
subnet_id = var.subnet_ids.dra_analytics_subnet_id
dra_version = module.globals.dra_version
ebs = var.dra_analytics_group_ebs_details
admin_registration_password = local.password
admin_password = local.password
allowed_admin_server_cidrs = [data.aws_subnet.dra_admin.cidr_block]
allowed_gateways_cidrs = distinct(concat(local.agent_gw_cidr_list, local.agentless_gw_cidr_list))
allowed_ssh_cidrs = local.hub_cidr_list
key_pair = module.key_pair.key_pair.key_pair_name
key_pair = local.dra_analytics_public_key_name
instance_profile_name = var.dra_analytics_instance_profile_name
archiver_password = local.password
admin_server_private_ip = module.dra_admin[0].private_ip
admin_server_public_ip = module.dra_admin[0].public_ip
tags = local.tags
depends_on = [
module.vpc
]
}
139 changes: 121 additions & 18 deletions examples/installation/dsf_single_account_deployment/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,33 +1,136 @@
provider "aws" {
}

provider "aws" {
region = "us-east-1"
alias = "poc_scripts_s3_region"
}

module "globals" {
source = "imperva/dsf-globals/aws"
version = "1.5.0" # latest release tag

sonar_version = var.sonar_version
dra_version = var.dra_version
dra_version = var.dra_version
tags = local.tags
}

module "key_pair" {
source = "imperva/dsf-globals/aws//modules/key_pair"
version = "1.5.0" # latest release tag

key_name_prefix = "imperva-dsf-"
private_key_filename = "ssh_keys/dsf_ssh_key-${terraform.workspace}"
tags = local.tags
}

locals {
workstation_cidr_24 = [format("%s.0/24", regex("\\d*\\.\\d*\\.\\d*", module.globals.my_ip))]
deployment_name_salted = join("-", [var.deployment_name, module.globals.salt])
password = var.password != null ? var.password : module.globals.random_password
workstation_cidr = var.workstation_cidr != null ? var.workstation_cidr : local.workstation_cidr_24
tags = merge(module.globals.tags, { "deployment_name" = local.deployment_name_salted })
additional_tags = var.additional_tags != null ? { for item in var.additional_tags : split("=", item)[0] => split("=", item)[1] } : {}
tags = merge(module.globals.tags, { "deployment_name" = local.deployment_name_salted }, local.additional_tags)

hub_primary_private_key_file_path = var.hub_primary_key_pair != null ? var.hub_primary_key_pair.private_key_file_path : module.key_pair_hub_primary[0].private_key_file_path
hub_primary_public_key_name = var.hub_primary_key_pair != null ? var.hub_primary_key_pair.public_key_name : module.key_pair_hub_primary[0].key_pair.key_pair_name
hub_secondary_private_key_file_path = var.hub_secondary_key_pair != null ? var.hub_secondary_key_pair.private_key_file_path : module.key_pair_hub_secondary[0].private_key_file_path
hub_secondary_public_key_name = var.hub_secondary_key_pair != null ? var.hub_secondary_key_pair.public_key_name : module.key_pair_hub_secondary[0].key_pair.key_pair_name
agentless_gw_primary_private_key_file_path = var.agentless_gw_primary_key_pair != null ? var.agentless_gw_primary_key_pair.private_key_file_path : module.key_pair_agentless_gw_primary[0].private_key_file_path
agentless_gw_primary_public_key_name = var.agentless_gw_primary_key_pair != null ? var.agentless_gw_primary_key_pair.public_key_name : module.key_pair_agentless_gw_primary[0].key_pair.key_pair_name
agentless_gw_secondary_private_key_file_path = var.agentless_gw_secondary_key_pair != null ? var.agentless_gw_secondary_key_pair.private_key_file_path : module.key_pair_agentless_gw_secondary[0].private_key_file_path
agentless_gw_secondary_public_key_name = var.agentless_gw_secondary_key_pair != null ? var.agentless_gw_secondary_key_pair.public_key_name : module.key_pair_agentless_gw_secondary[0].key_pair.key_pair_name
mx_private_key_file_path = var.mx_key_pair != null ? var.mx_key_pair.private_key_file_path : module.key_pair_mx[0].private_key_file_path
mx_public_key_name = var.mx_key_pair != null ? var.mx_key_pair.public_key_name : module.key_pair_mx[0].key_pair.key_pair_name
agent_gw_private_key_file_path = var.agent_gw_key_pair != null ? var.agent_gw_key_pair.private_key_file_path : module.key_pair_agent_gw[0].private_key_file_path
agent_gw_public_key_name = var.agent_gw_key_pair != null ? var.agent_gw_key_pair.public_key_name : module.key_pair_agent_gw[0].key_pair.key_pair_name
dra_admin_private_key_file_path = var.dra_admin_key_pair != null ? var.dra_admin_key_pair.private_key_file_path : module.key_pair_dra_admin[0].private_key_file_path
dra_admin_public_key_name = var.dra_admin_key_pair != null ? var.dra_admin_key_pair.public_key_name : module.key_pair_dra_admin[0].key_pair.key_pair_name
dra_analytics_private_key_file_path = var.dra_analytics_key_pair != null ? var.dra_analytics_key_pair.private_key_file_path : module.key_pair_dra_analytics[0].private_key_file_path
dra_analytics_public_key_name = var.dra_analytics_key_pair != null ? var.dra_analytics_key_pair.public_key_name : module.key_pair_dra_analytics[0].key_pair.key_pair_name
}}

##############################
# Generating ssh keys
##############################

module "key_pair_hub_primary" {
count = var.hub_primary_key_pair == null ? 1 : 0
source = "imperva/dsf-globals/aws//modules/key_pair"
version = "1.5.0" # latest release tag
key_name_prefix = "imperva-dsf-hub-primary"
private_key_filename = "ssh_keys/dsf_ssh_key-hub-primary-${terraform.workspace}"
tags = local.tags
providers = {
aws = aws.provider-1
}
}

module "key_pair_hub_secondary" {
count = var.hub_secondary_key_pair == null ? 1 : 0
source = "imperva/dsf-globals/aws//modules/key_pair"
version = "1.5.0" # latest release tag
key_name_prefix = "imperva-dsf-hub-secondary"
private_key_filename = "ssh_keys/dsf_ssh_key-hub-secondary-${terraform.workspace}"
tags = local.tags
providers = {
aws = aws.provider-1
}
}

module "key_pair_agentless_gw_primary" {
count = var.agentless_gw_primary_key_pair == null ? 1 : 0
source = "imperva/dsf-globals/aws//modules/key_pair"
version = "1.5.0" # latest release tag
key_name_prefix = "imperva-dsf-gw-primary"
private_key_filename = "ssh_keys/dsf_ssh_key-agentless-gw-primary-${terraform.workspace}"
tags = local.tags
providers = {
aws = aws.provider-2
}
}

module "key_pair_agentless_gw_secondary" {
count = var.agentless_gw_secondary_key_pair == null ? 1 : 0
source = "imperva/dsf-globals/aws//modules/key_pair"
version = "1.5.0" # latest release tag
key_name_prefix = "imperva-dsf-gw-secondary"
private_key_filename = "ssh_keys/dsf_ssh_key-agentless-gw-secondary-${terraform.workspace}"
tags = local.tags
providers = {
aws = aws.provider-2
}
}

module "key_pair_mx" {
count = var.mx_key_pair == null ? 1 : 0
source = "imperva/dsf-globals/aws//modules/key_pair"
version = "1.5.0" # latest release tag
key_name_prefix = "imperva-dsf-mx"
private_key_filename = "ssh_keys/dsf_ssh_key-mx-${terraform.workspace}"
tags = local.tags
providers = {
aws = aws.provider-1
}
}

module "key_pair_agent_gw" {
count = var.agent_gw_key_pair == null ? 1 : 0
source = "imperva/dsf-globals/aws//modules/key_pair"
version = "1.5.0" # latest release tag
key_name_prefix = "imperva-dsf-agent-gw"
private_key_filename = "ssh_keys/dsf_ssh_key-agent-gw-${terraform.workspace}"
tags = local.tags
providers = {
aws = aws.provider-2
}
}

module "key_pair_dra_admin" {
count = var.dra_admin_key_pair == null ? 1 : 0
source = "imperva/dsf-globals/aws//modules/key_pair"
version = "1.5.0" # latest release tag
key_name_prefix = "imperva-dsf-dra-admin"
private_key_filename = "ssh_keys/dsf_ssh_key-dra-admin-${terraform.workspace}"
tags = local.tags
providers = {
aws = aws.provider-1
}
}

module "key_pair_dra_analytics" {
count = var.dra_analytics_key_pair == null ? 1 : 0
source = "imperva/dsf-globals/aws//modules/key_pair"
version = "1.5.0" # latest release tag
key_name_prefix = "imperva-dsf-dra-analytics"
private_key_filename = "ssh_keys/dsf_ssh_key-dra-analytics-${terraform.workspace}"
tags = local.tags
providers = {
aws = aws.provider-2
}
}

Loading

0 comments on commit 1cee48d

Please sign in to comment.