Support upgrade (#33)

* support cluster upgrade * flatten infra network for upgrade * revert infra network cluster upgrade change * remove host network field for cluster upgrade * length * update validation * validation * validation * avm * < 16 * update validation * update * remove redundant = update update --------- Co-authored-by: Zidong Lu <[email protected]> Co-authored-by: DanteMustCode <[email protected]> Co-authored-by: Hangyu Xu <[email protected]>
Azure · Dec 3, 2024 · 0d53e0b · 0d53e0b
1 parent 6f1687f
commit 0d53e0b
Show file tree

Hide file tree

Showing 3 changed files with 123 additions and 87 deletions.
diff --git a/README.md b/README.md
@@ -129,12 +129,6 @@ Description: Azure region where the resource should be deployed.
 
 Type: `string`
 
-### <a name="input_management_adapters"></a> [management\_adapters](#input\_management\_adapters)
-
-Description: A list of management adapters.
-
-Type: `list(string)`
-
 ### <a name="input_name"></a> [name](#input\_name)
 
 Description: The name of the HCI cluster. Must be the same as the name when preparing AD.
@@ -184,26 +178,6 @@ Description: The starting IP address of the IP address range.
 
 Type: `string`
 
-### <a name="input_storage_connectivity_switchless"></a> [storage\_connectivity\_switchless](#input\_storage\_connectivity\_switchless)
-
-Description: Indicates whether storage connectivity is switchless.
-
-Type: `bool`
-
-### <a name="input_storage_networks"></a> [storage\_networks](#input\_storage\_networks)
-
-Description: A list of storage networks.
-
-Type:
-
-```hcl
-list(object({
-    name               = string
-    networkAdapterName = string
-    vlanId             = string
-  }))
-```
-
 ## Optional Inputs
 
 The following input variables are optional (have default values):
@@ -447,6 +421,14 @@ Type: `map(string)`
 
 Default: `null`
 
+### <a name="input_deployment_configuration_version"></a> [deployment\_configuration\_version](#input\_deployment\_configuration\_version)
+
+Description: The version of deployment configuration. Latest version will be used if not specified.
+
+Type: `string`
+
+Default: `null`
+
 ### <a name="input_drift_control_enforced"></a> [drift\_control\_enforced](#input\_drift\_control\_enforced)
 
 Description: When set to true, the security baseline is re-applied regularly.
@@ -602,6 +584,14 @@ object({
 
 Default: `null`
 
+### <a name="input_management_adapters"></a> [management\_adapters](#input\_management\_adapters)
+
+Description: A list of management adapters.
+
+Type: `list(string)`
+
+Default: `[]`
+
 ### <a name="input_min_tls_version"></a> [min\_tls\_version](#input\_min\_tls\_version)
 
 Description: The minimum TLS version.
@@ -792,6 +782,14 @@ map(list(object({
 
 Default: `null`
 
+### <a name="input_storage_connectivity_switchless"></a> [storage\_connectivity\_switchless](#input\_storage\_connectivity\_switchless)
+
+Description: Indicates whether storage connectivity is switchless.
+
+Type: `bool`
+
+Default: `false`
+
 ### <a name="input_storage_intent_name"></a> [storage\_intent\_name](#input\_storage\_intent\_name)
 
 Description: The name of storage intent.
@@ -800,6 +798,22 @@ Type: `string`
 
 Default: `"Storage"`
 
+### <a name="input_storage_networks"></a> [storage\_networks](#input\_storage\_networks)
+
+Description: A list of storage networks.
+
+Type:
+
+```hcl
+list(object({
+    name               = string
+    networkAdapterName = string
+    vlanId             = string
+  }))
+```
+
+Default: `[]`
+
 ### <a name="input_storage_override_adapter_property"></a> [storage\_override\_adapter\_property](#input\_storage\_override\_adapter\_property)
 
 Description: Indicates whether to override adapter property for storage network.

diff --git a/locals.tf b/locals.tf
@@ -41,20 +41,10 @@ locals {
     overrideAdapterProperty  = var.override_adapter_property,
     adapterPropertyOverrides = var.rdma_enabled ? local.rdma_adapter_properties : local.adapter_properties
   }]
-  decoded_user_storages = jsondecode(data.azapi_resource_list.user_storages.output).value
+  decoded_user_storages            = jsondecode(data.azapi_resource_list.user_storages.output).value
+  deployment_configuration_version = var.deployment_configuration_version != null ? var.deployment_configuration_version : (var.operation_type == "ClusterUpgrade" ? "10.1.0.0" : "10.0.0.0")
   deployment_data = {
-    securitySettings = {
-      hvciProtection                = var.hvci_protection
-      drtmProtection                = var.drtm_protection
-      driftControlEnforced          = var.drift_control_enforced
-      credentialGuardEnforced       = var.credential_guard_enforced
-      smbSigningEnforced            = var.smb_signing_enforced
-      smbClusterEncryption          = var.smb_cluster_encryption
-      sideChannelMitigationEnforced = var.side_channel_mitigation_enforced
-      bitlockerBootVolume           = var.bitlocker_boot_volume
-      bitlockerDataVolumes          = var.bitlocker_data_volumes
-      wdacEnforced                  = var.wdac_enforced
-    }
+    securitySettings = local.security_settings
     observability = {
       streamingDataClient = true
       euLocation          = var.eu_location
@@ -70,30 +60,14 @@ locals {
     storage = {
       configurationMode = var.configuration_mode
     }
-    namingPrefix = var.naming_prefix == "" ? var.site_id : var.naming_prefix
-    domainFqdn   = var.domain_fqdn
-    infrastructureNetwork = [{
-      useDhcp    = false
-      subnetMask = var.subnet_mask
-      gateway    = var.default_gateway
-      ipPools = [
-        {
-          startingAddress = var.starting_address
-          endingAddress   = var.ending_address
-        }
-      ]
-      dnsServers = flatten(var.dns_servers)
-    }]
-    physicalNodes = flatten(var.servers)
-    hostNetwork = {
-      enableStorageAutoIp           = true
-      intents                       = local.converged ? local.converged_intents : local.seperate_intents
-      storageNetworks               = local.storage_networks
-      storageConnectivitySwitchless = var.storage_connectivity_switchless
-    }
-    adouPath        = var.adou_path
-    secretsLocation = var.use_legacy_key_vault_model ? local.secrets_location : (var.secrets_location == "" ? null : var.secrets_location)
-    secrets         = var.use_legacy_key_vault_model ? null : local.keyvault_secrets
+    namingPrefix          = var.naming_prefix == "" ? var.site_id : var.naming_prefix
+    domainFqdn            = var.domain_fqdn
+    infrastructureNetwork = local.infrastructure_network
+    physicalNodes         = flatten(var.servers)
+    hostNetwork           = local.host_network
+    adouPath              = var.adou_path
+    secretsLocation       = var.use_legacy_key_vault_model ? local.secrets_location : (var.secrets_location == "" ? null : var.secrets_location)
+    secrets               = var.use_legacy_key_vault_model ? null : local.keyvault_secrets
     optionalServices = {
       customLocation = var.custom_location_name
     }
@@ -104,7 +78,7 @@ locals {
     deploymentMode     = var.is_exported ? "Deploy" : "Validate"
     operationType      = var.operation_type
     deploymentConfiguration = {
-      version = "10.0.0.0"
+      version = local.deployment_configuration_version
       scaleUnits = [
         {
           deploymentData = local.deployment_data_omit_null
@@ -113,7 +87,25 @@ locals {
     }
   }
   deployment_setting_properties_omit_null = { for k, v in local.deployment_setting_properties : k => v if v != null }
-  key_vault                               = var.create_key_vault ? azurerm_key_vault.deployment_keyvault[0] : data.azurerm_key_vault.key_vault[0]
+  host_network = var.operation_type == "ClusterUpgrade" ? null : {
+    enableStorageAutoIp           = true
+    intents                       = local.converged ? local.converged_intents : local.seperate_intents
+    storageNetworks               = local.storage_networks
+    storageConnectivitySwitchless = var.storage_connectivity_switchless
+  }
+  infrastructure_network = [{
+    useDhcp    = false
+    subnetMask = var.subnet_mask
+    gateway    = var.default_gateway
+    ipPools = [
+      {
+        startingAddress = var.starting_address
+        endingAddress   = var.ending_address
+      }
+    ]
+    dnsServers = flatten(var.dns_servers)
+  }]
+  key_vault = var.create_key_vault ? azurerm_key_vault.deployment_keyvault[0] : data.azurerm_key_vault.key_vault[0]
   keyvault_secret_names = var.use_legacy_key_vault_model ? {
     "AzureStackLCMUserCredential" = "AzureStackLCMUserCredential"
     "LocalAdminCredential"        = "LocalAdminCredential"
@@ -158,6 +150,18 @@ locals {
     ACMRM = "Azure Connected Machine Resource Manager",
   } : {}
   secrets_location = var.secrets_location == "" ? local.key_vault.vault_uri : var.secrets_location
+  security_settings = var.operation_type == "ClusterUpgrade" ? null : {
+    hvciProtection                = var.hvci_protection
+    drtmProtection                = var.drtm_protection
+    driftControlEnforced          = var.drift_control_enforced
+    credentialGuardEnforced       = var.credential_guard_enforced
+    smbSigningEnforced            = var.smb_signing_enforced
+    smbClusterEncryption          = var.smb_cluster_encryption
+    sideChannelMitigationEnforced = var.side_channel_mitigation_enforced
+    bitlockerBootVolume           = var.bitlocker_boot_volume
+    bitlockerDataVolumes          = var.bitlocker_data_volumes
+    wdacEnforced                  = var.wdac_enforced
+  }
   seperate_intents = [{
     name                               = var.compute_intent_name,
     trafficType                        = var.compute_traffic_type,

diff --git a/variables.tf b/variables.tf
@@ -63,19 +63,17 @@ variable "location" {
   nullable    = false
 }
 
-variable "management_adapters" {
-  type        = list(string)
-  description = "A list of management adapters."
-  nullable    = false
-}
-
 variable "name" {
   type        = string
   description = "The name of the HCI cluster. Must be the same as the name when preparing AD."
 
   validation {
-    condition     = length(var.name) < 16 && length(var.name) > 0
-    error_message = "value of name should be less than 16 characters and greater than 0 characters"
+    condition     = var.cluster_name != "" || (length(var.name) < 16 && length(var.name) > 0)
+    error_message = "If 'cluster_name' is empty, 'name' must be between 1 and 16 characters."
+  }
+  validation {
+    condition     = length(var.name) <= 40 && length(var.name) > 0
+    error_message = "value of name should be less than 40 characters and greater than 0 characters"
   }
 }
 
@@ -117,20 +115,6 @@ variable "starting_address" {
   description = "The starting IP address of the IP address range."
 }
 
-variable "storage_connectivity_switchless" {
-  type        = bool
-  description = "Indicates whether storage connectivity is switchless."
-}
-
-variable "storage_networks" {
-  type = list(object({
-    name               = string
-    networkAdapterName = string
-    vlanId             = string
-  }))
-  description = "A list of storage networks."
-}
-
 variable "account_replication_type" {
   type        = string
   default     = "ZRS"
@@ -183,6 +167,11 @@ variable "cluster_name" {
   type        = string
   default     = ""
   description = "The name of the HCI cluster."
+
+  validation {
+    condition     = length(var.cluster_name) < 16 && length(var.cluster_name) >= 0
+    error_message = "The value of 'cluster_name' must be less than 16 characters"
+  }
 }
 
 variable "cluster_tags" {
@@ -309,6 +298,12 @@ variable "default_arb_application_tags" {
   description = "(Optional) Tags of the default arb application."
 }
 
+variable "deployment_configuration_version" {
+  type        = string
+  default     = null
+  description = "The version of deployment configuration. Latest version will be used if not specified."
+}
+
 variable "drift_control_enforced" {
   type        = bool
   default     = true
@@ -441,6 +436,13 @@ DESCRIPTION
   }
 }
 
+variable "management_adapters" {
+  type        = list(string)
+  default     = []
+  description = "A list of management adapters."
+  nullable    = false
+}
+
 variable "min_tls_version" {
   type        = string
   default     = "TLS1_2"
@@ -587,12 +589,28 @@ variable "storage_adapter_ip_info" {
   description = "The IP information for the storage networks. Key is the storage network name."
 }
 
+variable "storage_connectivity_switchless" {
+  type        = bool
+  default     = false
+  description = "Indicates whether storage connectivity is switchless."
+}
+
 variable "storage_intent_name" {
   type        = string
   default     = "Storage"
   description = "The name of storage intent."
 }
 
+variable "storage_networks" {
+  type = list(object({
+    name               = string
+    networkAdapterName = string
+    vlanId             = string
+  }))
+  default     = []
+  description = "A list of storage networks."
+}
+
 variable "storage_override_adapter_property" {
   type        = bool
   default     = true