corelight · thathaneydude · Nov 21, 2024 · Nov 20, 2024
diff --git a/README.md b/README.md
@@ -13,13 +13,12 @@ module "sensor" {
   license_key                    = "<your Corelight sensor license key>"
   location                       = "<Azure location to deploy resources in>"
   resource_group_name            = "<resource group to deploy in>"
-  virtual_network_name           = "<virtual network where VMSS subnet should be deployed>"
-  virtual_network_resource_group = "<virtual network resource group>"
-  virtual_network_address_space  = "<virtual network address space (CIDR) used to create subnet>"
   corelight_sensor_image_id      = "<image resource id from Corelight>"
   community_string               = "<the community string (api string) often times referenced by Fleet>"
   sensor_ssh_public_key          = "<path to ssh public key>"
-
+  management_subnet_id           = "<full management NIC subnet resource ID>"
+  monitoring_subnet_id           = "<full management NIC subnet resource ID>"
+
   tags = {
     foo: bar,
     terraform: true,

diff --git a/load_balancer.tf b/load_balancer.tf
@@ -6,7 +6,7 @@ resource "azurerm_lb" "scale_set_lb" {
 
   frontend_ip_configuration {
     name      = var.lb_frontend_ip_config_name
-    subnet_id = azurerm_subnet.subnet.id
+    subnet_id = var.monitoring_subnet_id
   }
 
   tags = var.tags
@@ -25,11 +25,12 @@ resource "azurerm_lb_backend_address_pool" "monitoring_pool" {
 resource "azurerm_lb_probe" "sensor_health_check_probe" {
   loadbalancer_id     = azurerm_lb.scale_set_lb.id
   name                = var.lb_health_check_probe_name
-  port                = 443
-  request_path        = "/api/system/healthcheck/"
-  protocol            = "Https"
+  port                = 41080
+  request_path        = "/api/system/healthcheck"
+  protocol            = "Http"
   interval_in_seconds = 30
-  probe_threshold     = 3
+  number_of_probes    = 2
+  probe_threshold     = 2
 }
 
 resource "azurerm_lb_rule" "monitoring_vxlan_lb_rule" {
@@ -45,28 +46,15 @@ resource "azurerm_lb_rule" "monitoring_vxlan_lb_rule" {
   probe_id = azurerm_lb_probe.sensor_health_check_probe.id
 }
 
-resource "azurerm_lb_rule" "monitoring_geneve_lb_rule" {
-  name                           = var.lb_geneve_rule_name
-  loadbalancer_id                = azurerm_lb.scale_set_lb.id
-  protocol                       = "Udp"
-  backend_port                   = 6081
-  frontend_port                  = 6081
-  frontend_ip_configuration_name = azurerm_lb.scale_set_lb.frontend_ip_configuration[0].name
-  backend_address_pool_ids = [
-    azurerm_lb_backend_address_pool.monitoring_pool.id
-  ]
-  probe_id = azurerm_lb_probe.sensor_health_check_probe.id
-}
-
 resource "azurerm_lb_rule" "monitoring_health_check_rule" {
   name                           = var.lb_health_check_rule_name
   loadbalancer_id                = azurerm_lb.scale_set_lb.id
   protocol                       = "Tcp"
-  backend_port                   = 443
-  frontend_port                  = 443
+  backend_port                   = 41080
+  frontend_port                  = 41080
   frontend_ip_configuration_name = azurerm_lb.scale_set_lb.frontend_ip_configuration[0].name
   backend_address_pool_ids = [
-    azurerm_lb_backend_address_pool.management_pool.id
+    azurerm_lb_backend_address_pool.monitoring_pool.id
   ]
   probe_id = azurerm_lb_probe.sensor_health_check_probe.id
 }

diff --git a/nat_gateway.tf b/nat_gateway.tf
@@ -17,7 +17,7 @@ resource "azurerm_nat_gateway" "lb_nat_gw" {
 }
 
 resource "azurerm_subnet_nat_gateway_association" "nat_gw_association" {
-  subnet_id      = azurerm_subnet.subnet.id
+  subnet_id      = var.management_subnet_id
   nat_gateway_id = azurerm_nat_gateway.lb_nat_gw.id
 }
 

diff --git a/outputs.tf b/outputs.tf
@@ -18,6 +18,6 @@ output "sensor_scale_set_name" {
   value = azurerm_linux_virtual_machine_scale_set.sensor_scale_set.name
 }
 
-output "sensor_scale_set_subnet_name" {
-  value = azurerm_subnet.subnet.name
+output "sensor_load_balancer_frontend_ip_address" {
+  value = azurerm_lb.scale_set_lb.frontend_ip_configuration[0].private_ip_address
 }
diff --git a/scale_set.tf b/scale_set.tf
@@ -33,25 +33,41 @@ resource "azurerm_linux_virtual_machine_scale_set" "sensor_scale_set" {
     ip_configuration {
       name      = "management-nic-ip-cfg"
       primary   = true
-      subnet_id = azurerm_subnet.subnet.id
+      subnet_id = var.management_subnet_id
       load_balancer_backend_address_pool_ids = [
         azurerm_lb_backend_address_pool.management_pool.id
       ]
     }
   }
 
   network_interface {
-    name = "monitoring-nic"
+    name                          = "monitoring-nic"
+    enable_accelerated_networking = true
     ip_configuration {
       name      = "monitoring-nic-ip-cfg"
-      primary   = true
-      subnet_id = azurerm_subnet.subnet.id
+      subnet_id = var.monitoring_subnet_id
       load_balancer_backend_address_pool_ids = [
         azurerm_lb_backend_address_pool.monitoring_pool.id
       ]
     }
   }
 
+  extension {
+    name                       = "HealthExtension"
+    publisher                  = "Microsoft.ManagedServices"
+    type                       = "ApplicationHealthLinux"
+    type_handler_version       = "2.0"
+    auto_upgrade_minor_version = true
+    settings = jsonencode({
+      protocol          = "https"
+      port              = 41080
+      requestPath       = "/api/system/healthcheck"
+      intervalInSeconds = 15
+      numberOfProbes    = 2
+      gracePeriod       = 600
+    })
+  }
+
   tags = var.tags
 
   depends_on = [

diff --git a/sensor_config.tf b/sensor_config.tf
@@ -17,7 +17,6 @@ module "sensor_config" {
   sensor_management_interface_name             = "eth0"
   sensor_monitoring_interface_name             = "eth1"
   sensor_health_check_probe_source_ranges_cidr = [local.azure_lb_health_check_probe_ip]
-  sensor_health_check_http_port                = 443
   gzip_config                                  = true
   base64_encode_config                         = true
   enrichment_enabled                           = var.enrichment_storage_account_name != "" && var.enrichment_storage_container_name != ""

diff --git a/subnet.tf b/subnet.tf
diff --git a/variables.tf b/variables.tf
@@ -14,18 +14,13 @@ variable "license_key" {
   sensitive   = true
 }
 
-variable "virtual_network_name" {
-  description = "The name of the virtual network the sensor will be deployed in"
+variable "management_subnet_id" {
+  description = "The subnet used to access the sensor"
   type        = string
 }
 
-variable "virtual_network_address_space" {
-  description = "The address space of the virtual network the sensor be deployed in"
-  type        = string
-}
-
-variable "virtual_network_resource_group" {
-  description = "The resource group where the virtual network is deployed"
+variable "monitoring_subnet_id" {
+  description = "The subnet used for monitoring traffic"
   type        = string
 }
 
@@ -54,7 +49,7 @@ variable "sensor_subnet_name" {
 variable "sensor_admin_username" {
   description = "The name of the admin user on the corelight sensor VM in the VMSS"
   type        = string
-  default     = "corelight"
+  default     = "ubuntu"
 }
 
 variable "nat_gateway_ip_name" {
@@ -202,3 +197,9 @@ variable "fleet_no_proxy" {
   default     = ""
   description = "(optional) hosts or domains to bypass the proxy for fleet traffic"
 }
+
+variable "monitoring_nsg_name" {
+  type        = string
+  default     = "corelight-monitoring-nsg"
+  description = "(optional) Name of the monitoring network security group"
+}