You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-machines/workloads/sap/automation-configure-control-plane.md
+60-54Lines changed: 60 additions & 54 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ The control plane for the [SAP deployment automation framework on Azure](automat
19
19
20
20
## Deployer
21
21
22
-
The [deployer](automation-deployment-framework.md#deployment-components) is the execution engine of the [SAP automation framework](automation-deployment-framework.md). It's a pre-configured virtual machine (VM) that is used for executing Terraform and Ansible commands.
22
+
The [deployer](automation-deployment-framework.md#deployment-components) is the execution engine of the [SAP automation framework](automation-deployment-framework.md). It's a pre-configured virtual machine (VM) that is used for executing Terraform and Ansible commands.
23
23
24
24
The configuration of the deployer is performed in a Terraform tfvars variable file.
25
25
@@ -29,8 +29,8 @@ The table below contains the Terraform parameters, these parameters need to be
> |`resource_group_name`| Name of the resource group to be created | Optional |
55
-
> |`resource_group_arm_id`| Azure resource identifier for an existing resource group | Optional |
56
-
> |`resourcegroup_tags`| Tags to be associated with the resource group | Optional |
55
+
> |`resource_group_arm_id`| Azure resource identifier for an existing resource group | Optional |
56
+
> |`resourcegroup_tags`| Tags to be associated with the resource group | Optional |
57
57
58
58
59
59
### Network Parameters
60
60
61
61
The automation framework supports both creating the virtual network and the subnets (green field) or using an existing virtual network and existing subnets (brown field) or a combination of green field and brown field.
62
-
- For the green field scenario, the virtual network address space and the subnet address prefixes must be specified
62
+
- For the green field scenario, the virtual network address space and the subnet address prefixes must be specified
63
63
- For the brown field scenario, the Azure resource identifier for the virtual network and the subnets must be specified
64
64
65
-
The recommended CIDR of the virtual network address space is /27, which allows space for 32 IP addresses. A CIDR value of /28 only allows 16 IP addresses. If you want to include Azure Firewall, use a CIDR value of /25, because Azure Firewall requires a range of /26.
65
+
The recommended CIDR of the virtual network address space is /27, which allows space for 32 IP addresses. A CIDR value of /28 only allows 16 IP addresses. If you want to include Azure Firewall, use a CIDR value of /25, because Azure Firewall requires a range of /26.
66
66
67
67
The recommended CIDR value for the management subnet is /28 that allows 16 IP addresses.
68
68
The recommended CIDR value for the firewall subnet is /26 that allows 64 IP addresses.
@@ -82,58 +82,74 @@ The table below contains the networking parameters.
82
82
> |`management_subnet_arm_id`| The Azure resource identifier for the subnet | Mandatory | For brown field deployments. |
83
83
> |`management_subnet_nsg_name`| The name of the Network Security Group name | Optional ||
84
84
> |`management_subnet_nsg_arm_id`| The Azure resource identifier for the Network Security Group | Mandatory | Mandatory For brown field deployments. |
85
-
> |`management_subnet_nsg_allowed_ips`| Range of allowed IP addresses to add to Azure Firewall | Optional ||
85
+
> |`management_subnet_nsg_allowed_ips`| Range of allowed IP addresses to add to Azure Firewall | Optional ||
86
86
> |||||
87
87
> |`management_firewall_subnet_arm_id`| The Azure resource identifier for the Firewall subnet | Mandatory | For brown field deployments. |
88
-
> |`management_firewall_subnet_address_prefix`| The address range for the subnet | Mandatory | For green field deployments. |
88
+
> |`management_firewall_subnet_address_prefix`| The address range for the subnet | Mandatory | For green field deployments. |
89
89
> |||||
90
90
> |`management_bastion_subnet_arm_id`| The Azure resource identifier for the Bastion subnet | Mandatory | For brown field deployments. |
91
91
> |`management_bastion_subnet_address_prefix`| The address range for the subnet | Mandatory | For green field deployments. |
92
92
> |||||
93
93
> |`webapp_subnet_arm_id`| The Azure resource identifier for the web app subnet | Mandatory | For brown field deployments using the web app |
94
-
> |`webapp_subnet_address_prefix`| The address range for the subnet | Mandatory | For green field deployments using the web app |
94
+
> |`webapp_subnet_address_prefix`| The address range for the subnet | Mandatory | For green field deployments using the web app |
95
95
96
96
> [!NOTE]
97
97
> When using an existing subnet for the web app, the subnet must be empty, in the same region as the resource group being deployed, and delegated to Microsoft.Web/serverFarms
98
-
98
+
99
99
100
100
### Deployer Virtual Machine Parameters
101
101
102
-
The table below contains the parameters related to the deployer virtual machine.
102
+
The table below contains the parameters related to the deployer virtual machine.
> |`deployer_size`| Defines the Virtual machine SKU to use, for example Standard_D4s_v3 | Optional |
108
108
> |`deployer_count`| Defines the number of Deployers | Optional |
109
109
> |`deployer_image`| Defines the Virtual machine image to use, see below | Optional |
110
+
> |`plan`| Defines the plan associated to the Virtual machine image, see below | Optional |
110
111
> |`deployer_disk_type`| Defines the disk type, for example Premium_LRS | Optional |
111
112
> |`deployer_use_DHCP`| Controls if Azure subnet provided IP addresses should be used (dynamic) true | Optional |
112
113
> |`deployer_private_ip_address`| Defines the Private IP address to use | Optional |
113
114
> |`deployer_enable_public_ip`| Defines if the deployer has a public IP | Optional |
114
115
> |`auto_configure_deployer`| Defines deployer will be configured with the required software (Terraform and Ansible) | Optional |
115
116
116
117
117
-
The Virtual Machine image is defined using the following structure:
118
-
```python
119
-
{
120
-
os_type=""
121
-
source_image_id=""
122
-
publisher="Canonical"
123
-
offer="0001-com-ubuntu-server-focal"
124
-
sku="20_04-lts"
125
-
version="latest"
118
+
The Virtual Machine image is defined using the following structure:
119
+
```python
120
+
{
121
+
"os_type" = ""
122
+
"source_image_id" = ""
123
+
"publisher" = "Canonical"
124
+
"offer" = "0001-com-ubuntu-server-focal"
125
+
"sku" = "20_04-lts"
126
+
"version" = "latest"
126
127
}
127
128
```
128
129
130
+
The plan defined using the following structure:
131
+
```python
132
+
{
133
+
"use" = false
134
+
"name" = "0001-com-ubuntu-server-focal"
135
+
"publisher" = "Canonical"
136
+
"product" = "20_04-lts"
137
+
}
138
+
```
139
+
140
+
> [!NOTE]
141
+
> Note that using the plan attribute will require that the image in question has been used at least once in the subscription. This is because the first usage prompts the user to accept the License terms and the automation has no mean to approve it.
142
+
143
+
144
+
129
145
### Authentication Parameters
130
146
131
147
The table below defines the parameters used for defining the Virtual Machine authentication
> |`firewall_deployment`| Boolean flag controlling if an Azure firewall is to be deployed | Optional ||
165
-
> |`bastion_deployment`| Boolean flag controlling if Azure Bastion host is to be deployed | Optional ||
181
+
> |`bastion_deployment`| Boolean flag controlling if Azure Bastion host is to be deployed | Optional ||
166
182
> |`enable_purge_control_for_keyvaults`| Boolean flag controlling if purge control is enabled on the Key Vault. | Optional | Use only for test deployments |
167
183
> |`use_private_endpoint`| Are private endpoints created for storage accounts and key vaults. | Optional ||
168
184
> |`use_service_endpoint`| Are service endpoints defined for the subnets. | Optional ||
@@ -198,7 +214,7 @@ bastion_deployment=true
198
214
199
215
## SAP Library
200
216
201
-
The [SAP Library](automation-deployment-framework.md#deployment-components) provides the persistent storage of the Terraform state files and the downloaded SAP installation media for the control plane.
217
+
The [SAP Library](automation-deployment-framework.md#deployment-components) provides the persistent storage of the Terraform state files and the downloaded SAP installation media for the control plane.
202
218
203
219
The configuration of the SAP Library is performed in a Terraform tfvars variable file.
204
220
@@ -207,9 +223,9 @@ The configuration of the SAP Library is performed in a Terraform tfvars variable
207
223
The table below contains the Terraform parameters, these parameters need to be entered manually when not using the deployment scripts
> |`deployer_environment`| Identifier for the control plane (max 5 chars) | Mandatory | For example, `PROD` for a production environment and `NP` for a non-production environment. |
245
-
> |`deployer_location`| The Azure region in which to deploy. | Mandatory ||
246
-
> |`deployer_vnet`| The logical name for the deployer VNet | Mandatory ||
0 commit comments