diff --git a/README.md b/README.md
index dcf26b9..cfeeaec 100644
--- a/README.md
+++ b/README.md
@@ -129,12 +129,6 @@ Description: Azure region where the resource should be deployed.
Type: `string`
-### [management\_adapters](#input\_management\_adapters)
-
-Description: A list of management adapters.
-
-Type: `list(string)`
-
### [name](#input\_name)
Description: The name of the HCI cluster. Must be the same as the name when preparing AD.
@@ -184,26 +178,6 @@ Description: The starting IP address of the IP address range.
Type: `string`
-### [storage\_connectivity\_switchless](#input\_storage\_connectivity\_switchless)
-
-Description: Indicates whether storage connectivity is switchless.
-
-Type: `bool`
-
-### [storage\_networks](#input\_storage\_networks)
-
-Description: A list of storage networks.
-
-Type:
-
-```hcl
-list(object({
- name = string
- networkAdapterName = string
- vlanId = string
- }))
-```
-
## Optional Inputs
The following input variables are optional (have default values):
@@ -447,6 +421,14 @@ Type: `map(string)`
Default: `null`
+### [deployment\_configuration\_version](#input\_deployment\_configuration\_version)
+
+Description: The version of deployment configuration. Latest version will be used if not specified.
+
+Type: `string`
+
+Default: `null`
+
### [drift\_control\_enforced](#input\_drift\_control\_enforced)
Description: When set to true, the security baseline is re-applied regularly.
@@ -602,6 +584,14 @@ object({
Default: `null`
+### [management\_adapters](#input\_management\_adapters)
+
+Description: A list of management adapters.
+
+Type: `list(string)`
+
+Default: `[]`
+
### [min\_tls\_version](#input\_min\_tls\_version)
Description: The minimum TLS version.
@@ -792,6 +782,14 @@ map(list(object({
Default: `null`
+### [storage\_connectivity\_switchless](#input\_storage\_connectivity\_switchless)
+
+Description: Indicates whether storage connectivity is switchless.
+
+Type: `bool`
+
+Default: `false`
+
### [storage\_intent\_name](#input\_storage\_intent\_name)
Description: The name of storage intent.
@@ -800,6 +798,22 @@ Type: `string`
Default: `"Storage"`
+### [storage\_networks](#input\_storage\_networks)
+
+Description: A list of storage networks.
+
+Type:
+
+```hcl
+list(object({
+ name = string
+ networkAdapterName = string
+ vlanId = string
+ }))
+```
+
+Default: `[]`
+
### [storage\_override\_adapter\_property](#input\_storage\_override\_adapter\_property)
Description: Indicates whether to override adapter property for storage network.
diff --git a/locals.tf b/locals.tf
index 77b8a8c..dbbee79 100644
--- a/locals.tf
+++ b/locals.tf
@@ -41,20 +41,10 @@ locals {
overrideAdapterProperty = var.override_adapter_property,
adapterPropertyOverrides = var.rdma_enabled ? local.rdma_adapter_properties : local.adapter_properties
}]
- decoded_user_storages = jsondecode(data.azapi_resource_list.user_storages.output).value
+ decoded_user_storages = jsondecode(data.azapi_resource_list.user_storages.output).value
+ deployment_configuration_version = var.deployment_configuration_version != null ? var.deployment_configuration_version : (var.operation_type == "ClusterUpgrade" ? "10.1.0.0" : "10.0.0.0")
deployment_data = {
- securitySettings = {
- hvciProtection = var.hvci_protection
- drtmProtection = var.drtm_protection
- driftControlEnforced = var.drift_control_enforced
- credentialGuardEnforced = var.credential_guard_enforced
- smbSigningEnforced = var.smb_signing_enforced
- smbClusterEncryption = var.smb_cluster_encryption
- sideChannelMitigationEnforced = var.side_channel_mitigation_enforced
- bitlockerBootVolume = var.bitlocker_boot_volume
- bitlockerDataVolumes = var.bitlocker_data_volumes
- wdacEnforced = var.wdac_enforced
- }
+ securitySettings = local.security_settings
observability = {
streamingDataClient = true
euLocation = var.eu_location
@@ -70,30 +60,14 @@ locals {
storage = {
configurationMode = var.configuration_mode
}
- namingPrefix = var.naming_prefix == "" ? var.site_id : var.naming_prefix
- domainFqdn = var.domain_fqdn
- infrastructureNetwork = [{
- useDhcp = false
- subnetMask = var.subnet_mask
- gateway = var.default_gateway
- ipPools = [
- {
- startingAddress = var.starting_address
- endingAddress = var.ending_address
- }
- ]
- dnsServers = flatten(var.dns_servers)
- }]
- physicalNodes = flatten(var.servers)
- hostNetwork = {
- enableStorageAutoIp = true
- intents = local.converged ? local.converged_intents : local.seperate_intents
- storageNetworks = local.storage_networks
- storageConnectivitySwitchless = var.storage_connectivity_switchless
- }
- adouPath = var.adou_path
- secretsLocation = var.use_legacy_key_vault_model ? local.secrets_location : (var.secrets_location == "" ? null : var.secrets_location)
- secrets = var.use_legacy_key_vault_model ? null : local.keyvault_secrets
+ namingPrefix = var.naming_prefix == "" ? var.site_id : var.naming_prefix
+ domainFqdn = var.domain_fqdn
+ infrastructureNetwork = local.infrastructure_network
+ physicalNodes = flatten(var.servers)
+ hostNetwork = local.host_network
+ adouPath = var.adou_path
+ secretsLocation = var.use_legacy_key_vault_model ? local.secrets_location : (var.secrets_location == "" ? null : var.secrets_location)
+ secrets = var.use_legacy_key_vault_model ? null : local.keyvault_secrets
optionalServices = {
customLocation = var.custom_location_name
}
@@ -104,7 +78,7 @@ locals {
deploymentMode = var.is_exported ? "Deploy" : "Validate"
operationType = var.operation_type
deploymentConfiguration = {
- version = "10.0.0.0"
+ version = local.deployment_configuration_version
scaleUnits = [
{
deploymentData = local.deployment_data_omit_null
@@ -113,7 +87,25 @@ locals {
}
}
deployment_setting_properties_omit_null = { for k, v in local.deployment_setting_properties : k => v if v != null }
- key_vault = var.create_key_vault ? azurerm_key_vault.deployment_keyvault[0] : data.azurerm_key_vault.key_vault[0]
+ host_network = var.operation_type == "ClusterUpgrade" ? null : {
+ enableStorageAutoIp = true
+ intents = local.converged ? local.converged_intents : local.seperate_intents
+ storageNetworks = local.storage_networks
+ storageConnectivitySwitchless = var.storage_connectivity_switchless
+ }
+ infrastructure_network = [{
+ useDhcp = false
+ subnetMask = var.subnet_mask
+ gateway = var.default_gateway
+ ipPools = [
+ {
+ startingAddress = var.starting_address
+ endingAddress = var.ending_address
+ }
+ ]
+ dnsServers = flatten(var.dns_servers)
+ }]
+ key_vault = var.create_key_vault ? azurerm_key_vault.deployment_keyvault[0] : data.azurerm_key_vault.key_vault[0]
keyvault_secret_names = var.use_legacy_key_vault_model ? {
"AzureStackLCMUserCredential" = "AzureStackLCMUserCredential"
"LocalAdminCredential" = "LocalAdminCredential"
@@ -158,6 +150,18 @@ locals {
ACMRM = "Azure Connected Machine Resource Manager",
} : {}
secrets_location = var.secrets_location == "" ? local.key_vault.vault_uri : var.secrets_location
+ security_settings = var.operation_type == "ClusterUpgrade" ? null : {
+ hvciProtection = var.hvci_protection
+ drtmProtection = var.drtm_protection
+ driftControlEnforced = var.drift_control_enforced
+ credentialGuardEnforced = var.credential_guard_enforced
+ smbSigningEnforced = var.smb_signing_enforced
+ smbClusterEncryption = var.smb_cluster_encryption
+ sideChannelMitigationEnforced = var.side_channel_mitigation_enforced
+ bitlockerBootVolume = var.bitlocker_boot_volume
+ bitlockerDataVolumes = var.bitlocker_data_volumes
+ wdacEnforced = var.wdac_enforced
+ }
seperate_intents = [{
name = var.compute_intent_name,
trafficType = var.compute_traffic_type,
diff --git a/variables.tf b/variables.tf
index e4fced7..e10e052 100644
--- a/variables.tf
+++ b/variables.tf
@@ -63,19 +63,17 @@ variable "location" {
nullable = false
}
-variable "management_adapters" {
- type = list(string)
- description = "A list of management adapters."
- nullable = false
-}
-
variable "name" {
type = string
description = "The name of the HCI cluster. Must be the same as the name when preparing AD."
validation {
- condition = length(var.name) < 16 && length(var.name) > 0
- error_message = "value of name should be less than 16 characters and greater than 0 characters"
+ condition = var.cluster_name != "" || (length(var.name) < 16 && length(var.name) > 0)
+ error_message = "If 'cluster_name' is empty, 'name' must be between 1 and 16 characters."
+ }
+ validation {
+ condition = length(var.name) <= 40 && length(var.name) > 0
+ error_message = "value of name should be less than 40 characters and greater than 0 characters"
}
}
@@ -117,20 +115,6 @@ variable "starting_address" {
description = "The starting IP address of the IP address range."
}
-variable "storage_connectivity_switchless" {
- type = bool
- description = "Indicates whether storage connectivity is switchless."
-}
-
-variable "storage_networks" {
- type = list(object({
- name = string
- networkAdapterName = string
- vlanId = string
- }))
- description = "A list of storage networks."
-}
-
variable "account_replication_type" {
type = string
default = "ZRS"
@@ -183,6 +167,11 @@ variable "cluster_name" {
type = string
default = ""
description = "The name of the HCI cluster."
+
+ validation {
+ condition = length(var.cluster_name) < 16 && length(var.cluster_name) >= 0
+ error_message = "The value of 'cluster_name' must be less than 16 characters"
+ }
}
variable "cluster_tags" {
@@ -309,6 +298,12 @@ variable "default_arb_application_tags" {
description = "(Optional) Tags of the default arb application."
}
+variable "deployment_configuration_version" {
+ type = string
+ default = null
+ description = "The version of deployment configuration. Latest version will be used if not specified."
+}
+
variable "drift_control_enforced" {
type = bool
default = true
@@ -441,6 +436,13 @@ DESCRIPTION
}
}
+variable "management_adapters" {
+ type = list(string)
+ default = []
+ description = "A list of management adapters."
+ nullable = false
+}
+
variable "min_tls_version" {
type = string
default = "TLS1_2"
@@ -587,12 +589,28 @@ variable "storage_adapter_ip_info" {
description = "The IP information for the storage networks. Key is the storage network name."
}
+variable "storage_connectivity_switchless" {
+ type = bool
+ default = false
+ description = "Indicates whether storage connectivity is switchless."
+}
+
variable "storage_intent_name" {
type = string
default = "Storage"
description = "The name of storage intent."
}
+variable "storage_networks" {
+ type = list(object({
+ name = string
+ networkAdapterName = string
+ vlanId = string
+ }))
+ default = []
+ description = "A list of storage networks."
+}
+
variable "storage_override_adapter_property" {
type = bool
default = true