Skip to content

Commit

Permalink
Enable secure boot and vtpm on RP, package mirror and admin VM
Browse files Browse the repository at this point in the history
  • Loading branch information
@jonnyry
jonnyry committed Jan 9, 2025
1 parent d06eb51 commit 3ce50cc
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 2 deletions.
2 changes: 2 additions & 0 deletions core/terraform/resource_processor/vmss_porter/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,8 @@ resource "azurerm_linux_virtual_machine_scale_set" "vm_linux" {
encryption_at_host_enabled = false
upgrade_mode = "Automatic"
tags = local.tre_core_tags
secure_boot_enabled = true
vtpm_enabled = true

extension {
auto_upgrade_minor_version = true
Expand Down
7 changes: 6 additions & 1 deletion templates/shared_services/admin-vm/terraform/admin-jumpbox.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ resource "azurerm_windows_virtual_machine" "jumpbox" {
admin_username = "adminuser"
admin_password = random_password.password.result
tags = local.tre_shared_service_tags
secure_boot_enabled = true
vtpm_enabled = true

source_image_reference {
publisher = "MicrosoftWindowsDesktop"
Expand All @@ -51,7 +53,10 @@ resource "azurerm_windows_virtual_machine" "jumpbox" {
disk_encryption_set_id = var.enable_cmk_encryption ? azurerm_disk_encryption_set.jumpbox_disk_encryption[0].id : null
}

lifecycle { ignore_changes = [tags] }
# ignore changes to secure_boot_enabled and vtpm_enabled as these are destructive
# (may be allowed once https://github.com/hashicorp/terraform-provider-azurerm/issues/25808 is fixed)
#
lifecycle { ignore_changes = [tags, secure_boot_enabled, vtpm_enabled] }
}

resource "azurerm_disk_encryption_set" "jumpbox_disk_encryption" {
Expand Down
7 changes: 6 additions & 1 deletion templates/shared_services/sonatype-nexus-vm/terraform/vm.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,10 +103,15 @@ resource "azurerm_linux_virtual_machine" "nexus" {
admin_username = "adminuser"
admin_password = random_password.nexus_vm_password.result
tags = local.tre_shared_service_tags
secure_boot_enabled = true
vtpm_enabled = true

custom_data = data.template_cloudinit_config.nexus_config.rendered

lifecycle { ignore_changes = [tags] }
# ignore changes to secure_boot_enabled and vtpm_enabled as these are destructive
# (may be allowed once https://github.com/hashicorp/terraform-provider-azurerm/issues/25808 is fixed)
#
lifecycle { ignore_changes = [tags, secure_boot_enabled, vtpm_enabled] }

source_image_reference {
publisher = "Canonical"
Expand Down

0 comments on commit 3ce50cc

Please sign in to comment.