Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Nov 30 08:02
    arnaudlh labeled #215
  • Nov 30 08:02
    arnaudlh assigned #215
  • Nov 29 18:25
    owenfarrell edited #203
  • Nov 29 18:24
    owenfarrell synchronize #203
  • Nov 29 10:00
    arnaudlh closed #196
  • Nov 29 10:00
    arnaudlh review_requested #203
  • Nov 29 10:00
    arnaudlh assigned #140
  • Nov 29 02:47
    arnaudlh closed #170
  • Nov 29 02:46
    arnaudlh closed #212
  • Nov 29 02:46
    arnaudlh closed #213
  • Nov 29 02:34
    arnaudlh closed #210
  • Nov 29 02:34
    arnaudlh closed #211
  • Nov 29 02:20
    arnaudlh labeled #213
  • Nov 29 02:20
    arnaudlh assigned #213
  • Nov 29 02:16
    arnaudlh edited #211
  • Nov 29 02:16
    arnaudlh closed #207
  • Nov 25 12:06
    Pasukaru edited #215
  • Nov 25 11:50
    Pasukaru edited #215
  • Nov 25 11:49
    Pasukaru edited #215
  • Nov 25 11:48
    Pasukaru edited #215
Roland
@schoenr79
Finished implementation of runbook support in terraform-azurerm-caf
PR is open aztfmod/terraform-azurerm-caf#1361 @arnaudlh
Bryanzab
@bzabber
image.png
1 reply
Jason Horn
@jarhorn

Hello all, running standalone Terraform here from within a ADO pipeline agent. Getting the following error trying to setup AKS cluster (from https://github.com/aztfmod/terraform-azurerm-caf/blob/5.6.1/modules/compute/aks/aks.tf line 41)... Any ideas on how to overcome this? I found the following link that should resolve, but will require a decent amount of legwork (change/testing) in our ADO pipeline templates to implement an az login:

│ Error running command 'az feature register --namespace
│ Microsoft.ContainerService -n AutoUpgradePreview': exit status 1. Output:
│ ERROR: Please run 'az login' to setup account.

3 replies
Traiano Welcome
@archmangler
Hi all/anyone - for anyone using the Azure/terraform-azurerm-caf-enterprise-scale supermodule, how are azure firewall policies managed in the configuration of this module ?
Sebastien Tardif
@sebtardif.verituity_gitlab
Is that project supported by Microsoft? Microsoft support said they don't support "Terraform", but it's mentioned in their own website -> https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/resources/tools-templates#ready
Eric Huggins
@ehuggz1
Getting the following after running rover ignite and then attempting to run plan on launchpad: There are multiple instances of the same error. Where should I look to resolve this issue?
data.azurerm_client_config.current: Read complete after 0s [id=2022-10-04 21:09:34.0664396 +0000 UTC]

│ Error: Incorrect attribute value type

│ on /home/vscode/.terraform.cache/rightrez/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│ 6: owners = coalescelist(
│ 7: try(tolist(var.azuread_groups.owners), []),
│ 8: [
│ 9: var.client_config.object_id
│ 10: ]
│ 11: )
│ ├────────────────
│ │ var.azuread_groups.owners is tuple with 1 element
│ │ var.client_config.object_id is "06cc14d2-686c-4007-b2bd-5bb7a7603679"

│ Inappropriate value for attribute "owners": incorrect set element type: string required.
2 replies
Roland
@schoenr79

Question to the crew. Is it possible to adress a resource group for a mssql server that was created in a another landingzone?

In #landingzone1 i created the resrouce group, and in #landingzone2 i would like to create a sql server that should be created in the in the RG of landingzone1
If i run the rover it will not resolve / find my created RG of in lz1.

# landingzone1
landingzone = {
  backend_type        = "azurerm"
  level               = "level3"
  key                 = "workload_base"
  global_settings_key = "connectivity"
  tfstates = {
    connectivity= {
      level   = "lower"
      tfstate = "connectivity.tfstate"
    }
  }
}

resource_groups = {
  workload_backend = {
    name = "backend-db"
    region = "region1"
}

#landingzone2
landingzone = {
  backend_type        = "azurerm"
  level               = "level3"
  key                 = "workload03_backend"
  global_settings_key = "connectivity"
  tfstates = {
    workload_base = {
      level   = "current"
      tfstate = "workload_base.tfstate"
    }    
    connectivity = {
      level   = "lower"
      tfstate = "connectivity.tfstate"
    }
  }
}

mssql_servers = {
  sqlsrv_01 = {
    name                = "db-server"
    region              = "region1"

     resource_group_key  = "workload_backend"

    version             = "12.0"
   .....
  }
}

thanks for your help

1 reply
Rashabihari Panda
@rashabihari.panda_gitlab
Hello All, just checking if any implementation of Azure Landing zone ES module into CAF Terraform landing zone.. I can see one add-on solution (caf_eslz), any example would help to understand the solution better. Thank you
1 reply
Zaid Mohammad
@zaidmohd
Hi Team,
What is the version upgrade guidance? We are currently using CAF module 5.5.5 and LZ 2203.1. What is the guidance for the upgrade to TF Modules 5.6.1? I tried using the version 5.6.1, but the pipeline fails due to version constraints mismatch. Do we use the main branch for LZ repo or which branch/tag?
Current setup:
CAF TF Modules: Tag 5.5.5
CAF LZ Framework: Tag 2203.1
ROver: 1.2.3-2207.0210
Need to upgrade to CAF TF Modules Tag 5.6.1 or 5.6.2
Zaid Mohammad
@zaidmohd
Team, I want to deploy latest CAF module 5.6.2 (https://github.com/aztfmod/terraform-azurerm-caf/tree/5.6.2).
Which version / branch / tag can i use from LZ framework as the last released version was on Mar 31 (https://github.com/Azure/caf-terraform-landingzones)?
6 replies
Bryanzab
@bzabber
Hi all, I have a question regarding setting up the app registration that's documented here: https://github.com/aztfmod/level0/blob/master/launchpads/launchpad_opensource/documentation/setup_prereqs.md
The Legacy AAD Graph API isn't available anymore so do I just create the permissions in Graph?
Mohammad Javad Kazemi
@ishabakeh
Hi All,
I've made a blog post, comparing different Landing zone tools which is out there like Azure landing zone terraform module, or CAF TF modules,...
This is a highly overview and might help deciding with which one do you want to start your cloud adoption journey.
I would really appreciate if you read it and give me your feedback.
https://www.meshcloud.io/2022/09/27/azure-landing-zone-comparison/
2 replies
Eric Huggins
@ehuggz1
@ishabakeh Read your blog post and left a comment. Nice job.
1 reply
Gregory ESNAUD
@greegthegeek:matrix.org
[m]
Hi community!
Nice to meet you! I'm cloud engineer and I'm beginning my rover journey :)
(France)
Gregory ESNAUD
@greegthegeek:matrix.org
[m]
I would like to know if there's a way to configure the Azure Rover to import existing ressources. I'm committed on deploying policies on existing Management Group by using the Rover. The magement group have been deployed by another rover session, but indeed rover now complain that ressrouce are existing...
1 reply
Gregory ESNAUD
@greegthegeek:matrix.org
[m]

use "rover import 'module reference' /<object-id>" - just as how you use with Terraform.

Thanks @nusrath432 !

Gregory ESNAUD
@greegthegeek:matrix.org
[m]
One more question: One of our customer is using an old version of the Rover.
I'm not expert enough to declare upgrading is safe.
Moreover, I must deploy new policy (backup, patch etc.).
Then, I would like to use exising rover code to deploy policy on existing MG and on new MG.
Is there any way to cleanly extend rover possibilities? any ./landingzone.d/myTerraform/main.tf where I can deploy my custom caf IaC Code?
Thanks,
2 replies
intikhabalam
@intikhabalam
I am new to azure landing zone. please can someone guide me how to just deploy storage account (for tf files), log analytics, keyvault, security center and azure policies using ALZ terraform.
1 reply
Zaid Mohammad
@zaidmohd
Is it possible to extract the output from the Landing Zone/CAF and feed to another pipeline?
2 replies
intikhabalam
@intikhabalam
I am trying to deploy single subscription based ALZ and getting error about storage account and container.
│ Error: "storage_account_name": required field is not set
│ Error: "container_name": required field is not set
Please can you tell me, where should i put the values for these?
nusrath432
@nusrath432

Exporting Output Values using "dynamic_keyvault_secrets": Does anyone have an example for exporting a specific Output value, for eg: for Redis Cache - I am trying to export the "primary_access_key" to a KV Secrets using dynamic_keyvault_secrets but getting error "Inappropriate value for attribute "value": string required."

Block used:

    redis_app = {
      output_key    = "redis_caches"
      resource_key  = "my_redis"
      secret_name   = "my-redis-secret"
      attribute_key = "primary_access_key" or attribute_key="redis_cache"
    }

Note: the resource is a map in the state:

          "redis_caches": {
            "dm_redis": {
                "redis_cache": {
                    "primary_access_key": "xyz1234"
2 replies
Hein Tonny Køien
@heintonny
Hi, I wonder if there are any planned updates for https://github.com/Azure/caf-terraform-landingzones-platform-starter and https://github.com/Azure/caf-terraform-landingzones repositories. The latest release 2203.1 appears to be from March this year.
jamesyoung007
@jamesyoung007
agree with Hein, having the same question.
2 replies
need this part to be released: Multi subscriptions (reuse existing subscriptions)
Jason Dossett
@jtdossett
We've deployed the level 0-3 components and are moving towards building landing zones and apps on them. Can someone explain what an ASVM template is supposed to be? Is that a general LZ template that we would use to generate all our LZs? Or should you have a template per LZ so to generate everything for dev and prod? Once level 3 is in place based on the LZ template, how would you approach adding level 4 resources to the LZ? Is it reasonable to create those in a different repo than your base infrastructure repo?
1 reply
Shane Holder
@shaneholder

Hi, I was wondering if anyone has run into issues with running rover state rm. I can successfully run the state show on a given resource but when I try and use the same command replacing show with rm I receive the following error.

running terraform state rm -state=/home/vscode/.terraform.cache/Production/rover_jobs/20221103204757433104860/tfstates/level3/tfstate/app_landingzone_vmmgmt_10009.tfstate  module.solution.module.networking["corpvnet"].azurerm_virtual_network.vnet
Terraform state rm return code: 1
Terraform returned errors:
No state file was found!

State management commands require a state file. Run this command
in a directory where Terraform has been run or use the -state flag
to point the command to a specific state location.
Error on or near line 613: Error running terraform state rm; exiting with status 2003

version: aztfmod/rover:1.2.5-2208.0208

8 replies
Mohammad Alhussan
@malhussan
Hi everyone, my colleagues and I published a YT video and a blog post for textual content fans on building landing zones in Azure. They describe how to quickly build an Azure landing zone based on open source tools landing zone construction kit + collie-cli. collie-cli uses Terragrunt under the hood to manage multiple stages, which can be comparable to the levels provided by rover, but is not as sophisticated. It builds "Platform Landing Zones" using the "enterprise-scale" terraform module and can be expanded as necessary. If you're interested, I would appreciate your feedback!
szymon-polak
@szymon-polak
Hello everyone, I would like to ask you for some advice because just started to support the infrastructure in the Azure cloud built on the ALZ managed by CAF. Unfortunately, the version is a bit outdated: caf-terraform-landingzones 2102.0.1 and terraform-azurerm-caf 5.2.2. Do you know where I can find some information on how to start the upgrade proces? Thank you in advance.
2 replies
Blake Moon
@moon0440

Hello everyone, I created an example environment using 100-simple-vnet-subnets-nsgs example and deployed without rover using CAF as a standalone provider.

After the initial deployment, if I change the nsg key name and reference in the subnet. Then run terraform plan the output shows it will destroy and recreate resources.

Is recreation of resources expected when CAF key names are changed without a resource configuration change?

knomdivad
@knomdivad:matrix.org
[m]
Hello. I am having some difficulty in finding the documentation on all the various options for this supermodule. Is there hierarchical docs somewhere?
2 replies
I am particularly looking for how to override the naming convention. Almost all resources are being prefixed with ffgv-
1 reply
Is there an override I can't find?
nusrath432
@nusrath432
Ad-hoc Bash Script: Has anyone run ad-hoc az-cli based bash script via CAF? - need to run few things that are not part of CAF *.tvars
4 replies
Wako-x
@Wako-x
Hello all, I trying to deploy the caf but I continu receiving the following error. I tried the different launchpad versions but no luck var.azuread_groups.owners is tuple with 1 element
│ │ var.client_config.object_id is "d8e404b4-77f4-44d6-942c-a40e59aa65a8"

│ Inappropriate value for attribute "owners": incorrect set element type: string required.
6 replies
image.png
Castiel
@CarlosAugustoDeSouzaJunior
Look at ignite.yaml, do what it is asking in the top of the file.
Question. I cannot "destroy" level1/alz/mg, after deploy it.
Rover is a great tool, but If do not want use it it, What I should do by my self.
The is many repos liked to this solution, I'm already lost...:)
Castiel
@CarlosAugustoDeSouzaJunior
Should I use caf module exemples than user CaF Azue getting stat ?
Castiel
@CarlosAugustoDeSouzaJunior
Why destroy is not working??
Castiel
@CarlosAugustoDeSouzaJunior
It is working..now. :)
chrisbryant-devops
@chrisbryant-devops
image.png

Hello all, I am transitioning caf from the local dev container to Azure Pipelines and am running into some headaches. I am using a self hosted VM and would like it to use a local container similar to https://github.com/aztfmod/rover/blob/main/docs/DEV_CONTAINER.md

Has anyone been successful with this?

I also have an error when running the pipeline of too many arguments and am having trouble finding any documentation on that.

Similar to https://github.com/Azure/caf-terraform-landingzones-accelerator/blob/HN_github_runner/configuration/sandpit/pipelines/end_to_end.yaml

chrisbryant-devops
@chrisbryant-devops
@Wako-x I had something similar and commented out the owner lines (I think there are a couple in that file.
pikamar
@pikamar

Hello! I am using terraform-azurerm-caf as standalone module, to deploy extra resources on top of existing landin zone, like storage accounts, virtual machines etc. All good when all resources are created from scratch, but how to import and use existing resources, somewhere above I saw recommendation to import by id, like
vnet = { id= "/rf/ds/ds/f" }, seems it does not work...

My example terraform-azurerm-caf-standalone
terraform apply -auto-approve -var-file=config/dev.tfvars works as expected, but
terraform apply -auto-approve -var-file=config/dev2.tfvars does not import my RG.
Definition is following

resource_groups = {
  ebdv-rg = {
    //name = "ebdv-rg-storage-shared-02"
    id = "/subscriptions/123e8dcf-01be-4f6d-b18d-fdd89e62d672/resourceGroups/ebdv-rg-storage-shared-02"
  }
}
Castiel
@CarlosAugustoDeSouzaJunior
seraphically
@seraphically
HEllo Guys