Merge remote-tracking branch 'origin/main' into Azure-Monitor-gitignore

microsoft · Jan 14, 2025 · 96c1484 · 96c1484
2 parents 6c2e424 + acbba13
commit 96c1484
Show file tree

Hide file tree

Showing 46 changed files with 3,012 additions and 0 deletions.
diff --git a/03-Azure/01-03-Infrastructure/10_Oracle_on_Azure/Challenges/README.md b/03-Azure/01-03-Infrastructure/10_Oracle_on_Azure/Challenges/README.md
diff --git a/03-Azure/01-03-Infrastructure/10_Oracle_on_Azure/Walkthrough/README.md b/03-Azure/01-03-Infrastructure/10_Oracle_on_Azure/Walkthrough/README.md
@@ -0,0 +1 @@
+TODO
diff --git a/...e/01-03-Infrastructure/10_Oracle_on_Azure/resources/environment_setup/README.md b/...e/01-03-Infrastructure/10_Oracle_on_Azure/resources/environment_setup/README.md
@@ -0,0 +1,78 @@
+# Step-by-step Instructions how to Deploy Oracle Data Guard on Azure VMs - Terraform Automation
+
+## Overview
+
+This repository contains code to install and configure Oracle databases on Azure VM IaaS in an automated fashion. The scenario of two VMs in an Oracle Dataguard configuration, deployed through Terraform  (TODO: and Ansible).
+
+For more information about how to install and configure Data Guard on an Azure virtual machine (VM) with CLI refer to the documentation [here](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/oracle-dataguard).
+
+__Important Note - Disclaimer__: The code of this repository is largely based on the Oracle Deployment Automation repository (lza-oracle), which can be found [here](https://github.com/Azure/lza-oracle). The goal of the Terraform automation scripts in this repository is primarily to facilitate the successful execution of the Microhack. The code in this repository is not intended for production use and should be used with caution.
+At the lza-oracle repository, you can find the code for deploying Oracle databases on Azure VMs using different scenarios, such as single and Dataguard using Terraform, Bicept and Ansible.
+If you are interested in deploying Oracle databases on Azure VMs, we recommend you to check the [lza-oracle](https://github.com/Azure/lza-oracle) repository.
+
+Note that Oracle licensing is not a part of this solution. Please verify that you have the necessary Oracle licenses to run Oracle software on Azure IaaS.
+
+
+The above resources can be deployed using the sample Github action workflows provided in the repository. The workflows are designed to deploy the infrastructure and configure the Oracle database on the VMs. This is the recommended way to deploy the infrastructure and configure the Oracle database. Alternatively the infrastructure can be deployed using Azure CLI and the Oracle database can be configured using Ansible.
+
+Note that the code provided in this repository is for demonstration purposes only and should not be used in a production environment without thorough testing.
+
+## Prerequisites
+
+1. Azure Entra ID Tenant.
+2. Minimum 1 subscription, for when deploying VMs. If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/en-us/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio) before you begin.
+3. Azure CLI installed on your local machine. You can install Azure CLI from [here](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
+4. Terraform installed on your local machine. You can install Terraform from [here](https://learn.hashicorp.com/tutorials/terraform/install-cli).
+
+
+## 1. Authenticate Terraform to Azure
+
+To use Terraform commands against your Azure subscription, you must first authenticate Terraform to that subscription. [This doc](https://learn.microsoft.com/en-us/azure/developer/terraform/authenticate-to-azure?tabs=bash) describes how to authenticate Terraform to your Azure subscription.
+
+### 2. Create SSH Key
+
+To deploy Oracle Data Guard on the VMs, you can use **data_guard** module in this repo. The module is located on `terraform/data_guard` directory.
+
+Before using this module, you have to create your own ssh key to deploy and connect to the two virtual machines you will create.
+
+```bash
+ssh-keygen -f ~/.ssh/mh-oracle-data-guard
+
+ls -lha ~/.ssh/
+-rw-------   1 yourname  staff   2.6K  8 17  2023 mh-oracle-data-guard
+-rw-r--r--   1 yourname  staff   589B  8 17  2023 mh-oracle-data-guard.pub
+```
+
+### 4. Define Variables
+
+Define the variables such as location and Resource Group name in the `global_variables.tf` file. For more reference on all variables you can set, see [variables description](variables.md)
+
+Next, you go to `terraform/data_guard` directory and create `fixtures.tfvars` file, then copy the contents of the ssh public key used for deploying virtual machines on Azure (~/.ssh/mh-oracle-data-guard.pub).
+
+This is a sample `fixtures.tfvars` file. 
+
+```tf:fixtures.tfvars
+ssh_key = "ssh-rsa xxxxxxxxxxxxxx="
+```
+### 5. Execute Terraform Commands
+Execute below Terraform commands. When you deploy resources to Azure, you have to indicate `fixtures.tfvars` as a variable file, which contains the ssh public key.
+
+```bash
+
+$ terraform init
+
+$ terraform plan -var-file=fixtures.tfvars
+
+$ terraform apply -var-file=fixtures.tfvars
+```
+
+You can connect to the virtual machine with ssh private key. While deploying resources, a public ip address is generated and attached to the virtual machine, so that you can connect to the virtual machine with this IP address. The username is `oracle`, which is fixed in `terraform/data_guard/module.tf`.
+
+```
+$ ssh -i ~/.ssh/mh-oracle-data-guard  oracle@<PUBLIC_IP_ADDRESS>
+
+
+
+## Trademarks
+
+This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general). Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
diff --git a/...nfrastructure/10_Oracle_on_Azure/resources/environment_setup/terraform/data_guard/LICENSE b/...nfrastructure/10_Oracle_on_Azure/resources/environment_setup/terraform/data_guard/LICENSE
@@ -0,0 +1,21 @@
+    MIT License
+
+    Copyright (c) Microsoft Corporation.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE
diff --git a/...astructure/10_Oracle_on_Azure/resources/environment_setup/terraform/data_guard/backend.tf b/...astructure/10_Oracle_on_Azure/resources/environment_setup/terraform/data_guard/backend.tf
@@ -0,0 +1,3 @@
+terraform {
+  backend "local" {}
+}
diff --git a/...structure/10_Oracle_on_Azure/resources/environment_setup/terraform/data_guard/jit_rule.tf b/...structure/10_Oracle_on_Azure/resources/environment_setup/terraform/data_guard/jit_rule.tf
@@ -0,0 +1,91 @@
+#########################################################################################
+#                                                                                       #
+#  JIT Access Policy                                                                    #
+#                                                                                       #
+#########################################################################################
+data "azurerm_virtual_machine" "oracle_primary_vm" {
+  name                = module.vm_primary.vm.name
+  resource_group_name = module.common_infrastructure.resource_group.name
+
+  depends_on = [module.vm_primary,
+    module.storage_primary
+  ]
+}
+
+data "azurerm_virtual_machine" "oracle_secondary_vm" {
+  name                = module.vm_secondary.vm.name
+  resource_group_name = module.common_infrastructure.resource_group.name
+
+  depends_on = [module.vm_secondary
+    , module.storage_secondary
+  ]
+}
+
+resource "time_sleep" "wait_for_primary_vm_creation" {
+  create_duration = var.jit_wait_for_vm_creation
+
+  depends_on = [data.azurerm_virtual_machine.oracle_primary_vm,
+    module.storage_primary
+  ]
+}
+
+resource "time_sleep" "wait_for_secondary_vm_creation" {
+  create_duration = var.jit_wait_for_vm_creation
+
+  depends_on = [data.azurerm_virtual_machine.oracle_secondary_vm
+    , module.storage_secondary
+  ]
+}
+
+
+resource "azapi_resource" "jit_ssh_policy_primary" {
+  count                     = module.vm_primary.database_server_count
+  name                      = "JIT-SSH-Policy-primary"
+  parent_id                 = "${module.common_infrastructure.resource_group.id}/providers/Microsoft.Security/locations/${module.common_infrastructure.resource_group.location}"
+  type                      = "Microsoft.Security/locations/jitNetworkAccessPolicies@2020-01-01"
+  schema_validation_enabled = false
+  body = jsonencode({
+    "kind" : "Basic"
+    "properties" : {
+      "virtualMachines" : [{
+        "id" : "/subscriptions/${module.common_infrastructure.current_subscription.subscription_id}/resourceGroups/${module.common_infrastructure.resource_group.name}/providers/Microsoft.Compute/virtualMachines/${module.vm_primary.vm.name}",
+        "ports" : [
+          {
+            "number" : 22,
+            "protocol" : "TCP",
+            "allowedSourceAddressPrefix" : "*",
+            "maxRequestAccessDuration" : "PT3H"
+          }
+        ]
+      }]
+    }
+  })
+
+  depends_on = [time_sleep.wait_for_primary_vm_creation]
+}
+
+resource "azapi_resource" "jit_ssh_policy_secondary" {
+  count                     = module.vm_secondary.database_server_count
+  name                      = "JIT-SSH-Policy-secondary"
+  parent_id                 = "${module.common_infrastructure.resource_group.id}/providers/Microsoft.Security/locations/${module.common_infrastructure.resource_group.location}"
+  type                      = "Microsoft.Security/locations/jitNetworkAccessPolicies@2020-01-01"
+  schema_validation_enabled = false
+  body = jsonencode({
+    "kind" : "Basic"
+    "properties" : {
+      "virtualMachines" : [{
+        "id" : "/subscriptions/${module.common_infrastructure.current_subscription.subscription_id}/resourceGroups/${module.common_infrastructure.resource_group.name}/providers/Microsoft.Compute/virtualMachines/${module.vm_secondary.vm.name}",
+        "ports" : [
+          {
+            "number" : 22,
+            "protocol" : "TCP",
+            "allowedSourceAddressPrefix" : "*",
+            "maxRequestAccessDuration" : "PT3H"
+          }
+        ]
+      }]
+    }
+  })
+
+  depends_on = [time_sleep.wait_for_secondary_vm_creation]
+}