Merge branch 'master' into dev

add min_numeric = 1
2025-07-11 11:16:13 +02:00 · 2025-07-11 11:14:50 +02:00 · 2025-06-02 10:21:00 +10:00 · 2025-01-30 10:49:44 +11:00 · 2025-01-30 10:33:37 +11:00 · 2024-11-12 16:27:51 +11:00
49 changed files with 284 additions and 180 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/.gitignore
+++ b/.gitignore
@@ -1 +0,0 @@
 .DS_Store
--- a/adls/main.tf
+++ b/adls/main.tf
@@ -25,10 +25,6 @@ resource "azurerm_storage_account" "saccount" {
  tags = var.tags
 }
 locals {
  catalog_access_connector = (var.location == "westeurope" || var.location == "West Europe")? var.catalog_access_connector.eu : (var.location == "eastus" || var.location == "East US")? var.catalog_access_connector.us : var.catalog_access_connector.sea
 }
 resource "azurerm_storage_container" "scontainer" {
  name                  = var.container_name != null? var.container_name : "qmicontainer"
@@ -61,26 +57,6 @@ resource "azurerm_role_assignment" "data-contributor-dbricksapp2" {
  principal_id         = var.dbricks_app_registration_principal_id
 }
 data "azurerm_databricks_access_connector" "dbaccssconn" {
  count = local.catalog_access_connector != null? 1 : 0
  name                = local.catalog_access_connector
  resource_group_name = "QMI-QDI-Shared"
 }
 resource "azurerm_role_assignment" "dbricks-1" {
  scope                = azurerm_storage_account.saccount.id
  role_definition_name = "Storage Blob Data Contributor"
  principal_id         = local.catalog_access_connector != null? data.azurerm_databricks_access_connector.dbaccssconn[0].identity[0].principal_id : "ed282f15-1796-46c9-89b1-712efbda33d4"
 }
 resource "azurerm_role_assignment" "dbricks-2" {
  scope                = azurerm_storage_account.saccount.id
  role_definition_name = "Storage Queue Data Contributor"
  principal_id         = local.catalog_access_connector != null? data.azurerm_databricks_access_connector.dbaccssconn[0].identity[0].principal_id : "ed282f15-1796-46c9-89b1-712efbda33d4"
 }
 ###### EXTRA ASSIGN ROLE #######
--- a/adls/variable.tf
+++ b/adls/variable.tf
@@ -43,12 +43,4 @@ variable "sa_config_type" {
 variable "account_replication_type" {
  default = null
 }
 variable "catalog_access_connector" {
  default = {
    eu = "qmi-databricks-accessconnector-eu"
    sea = "qmi-databricks-accessconnector-sea"
    us = null
  }
 }
--- a/databases/.DS_Store
+++ b/databases/.DS_Store
--- a/databases/aws-emr/main.tf
+++ b/databases/aws-emr/main.tf
@@ -41,7 +41,6 @@ module "s3_bucket" {
    ProvID   = var.provision_id
    Name     = "qmi-emr-${var.provision_id}"
    Owner    = var.user_id
    force_destroy = var.forced_destroy
  }
 }
@@ -145,6 +144,5 @@ module "emr" {
    Owner    = var.user_id
    ProvID   = var.provision_id
    Name     = "qmi-emr-${var.provision_id}"
    force_destroy = var.forced_destroy
  }
 }
--- a/databases/aws-emr/variables.tf
+++ b/databases/aws-emr/variables.tf
@@ -32,7 +32,3 @@ variable "subnet_ids_eu" {
 variable "subnet_ids_us" {
  default = ["subnet-4d26552b", "subnet-0414685b", "subnet-c97f7c84", "subnet-7f695c71", "subnet-96acd2b7", "subnet-88ab2cb9"]
 }
 variable "forced_destroy" {
  default = null
 }
--- a/databases/aws-kinesis/main.tf
+++ b/databases/aws-kinesis/main.tf
@@ -30,7 +30,6 @@ locals {
    Owner    = var.user_id
    ProvID   = var.provision_id
    Name     = "qmi-${var.provision_id}"
    force_destroy = var.forced_destroy
  }
 }
--- a/databases/aws-kinesis/variables.tf
+++ b/databases/aws-kinesis/variables.tf
@@ -8,7 +8,3 @@ variable "provision_id" {
 variable "user_id" {
 }
 variable "forced_destroy" {
  default = null
 }
--- a/databases/aws-rds/main.tf
+++ b/databases/aws-rds/main.tf
@@ -43,7 +43,6 @@ locals {
    ProvID   = var.provision_id
    Name     = "qmi-${var.provision_id}"
    Owner    = var.user_id
    forced_destroy = var.forced_destroy
  }
  is_postgres = length(regexall("postgres", local.family)) > 0 ? true : false
@@ -177,8 +176,6 @@ module "aurora_rds_instance" {
  engine_version = local.engine_version
  instance_class  = var.instance_size
  apply_immediately = true
  database_name = local.name
  instances       = { 1 = {} }
--- a/databases/aws-rds/output.tf
+++ b/databases/aws-rds/output.tf
@@ -1,4 +1,4 @@
- output "db_username" {
+output "db_username" {
  description = "The master username for the database"
  value       = (local.aurora)? nonsensitive(module.aurora_rds_instance[0].cluster_master_username) : nonsensitive(module.common_rds_instance[0].db_instance_username)
 } 
--- a/databases/aws-rds/variables.tf
+++ b/databases/aws-rds/variables.tf
@@ -50,13 +50,17 @@ variable "engine_version" {
  type = map
  default = {
 <<<<<<< HEAD
    "mysql"  = "8.0.32"
 =======
    "mysql"  = "8.0.36"
 >>>>>>> master
    "postgres"  = "14.12" 
    "oracle-se2"  = "19.0.0.0.ru-2023-04.rur-2023-04.r1"
    "sqlserver-ex" = "15.00.4236.7.v1"
    "mariadb" = "10.5"
-    "aurora-mysql" = "8.0.mysql_aurora.3.05.2" #"5.7.mysql_aurora.2.11.2"
+    "aurora-mysql" = "8.0.mysql_aurora.3.02.3" #"5.7.mysql_aurora.2.11.2"
-    "aurora-postgresql"  = "14.9"
+    "aurora-postgresql"  = "14.5"
  }
 }
@@ -110,7 +114,3 @@ variable "port" {
 variable "dummydata" {
  default = null
 }
 variable "forced_destroy" {
  default = null
 }
--- a/databases/aws-redshift/main.tf
+++ b/databases/aws-redshift/main.tf
@@ -37,7 +37,6 @@ locals {
    ProvID   = var.provision_id
    Name     = "qmi-${var.provision_id}"
    Owner    = var.user_id
    forced_destroy = var.forced_destroy
  }
 }
@@ -47,8 +46,6 @@ module "qmi-s3-bucket" {
  provision_id                  = var.provision_id
  user_id                       = var.user_id
  forced_destroy                = var.forced_destroy
 }
--- a/databases/aws-redshift/variables.tf
+++ b/databases/aws-redshift/variables.tf
@@ -39,8 +39,4 @@ variable "cluster_database_name" {
 variable "cluster_master_username" {
    default = "qmiuser"
 }
 variable "forced_destroy" {
  default = null
 }
--- a/databases/azure-eventhub/main.tf
+++ b/databases/azure-eventhub/main.tf
@@ -27,7 +27,6 @@ resource "azurerm_eventhub_namespace" "ehbnamespace" {
    "Cost Center" = "3100"
    QMI_user = var.user_id
    Owner    = var.user_id
    ProvId = var.provision_id
  }
  network_rulesets {
--- a/databases/azure-hdinsight-hadoop/outputs.tf
+++ b/databases/azure-hdinsight-hadoop/outputs.tf
@@ -30,7 +30,11 @@ output "Azure_Application_Registration_Client_ID" {
 }
 output "Azure_Application_Registration_Secret" {
 <<<<<<< HEAD
  value = "~qp8Q~utl~YJ3skNM9kAuq25VY~rKxxOWpaVYcnQ"
 =======
  value = "i3F8Q~FxhoyOP1-4r9sstaohnjxXaf~ulhVJFav_"
 >>>>>>> master
 }
@@ -55,5 +59,9 @@ output "adls_Azure_Application_Registration_Client_ID" {
 }
 output "adls_Azure_Application_Registration_Secret" {
 <<<<<<< HEAD
  value = "~qp8Q~utl~YJ3skNM9kAuq25VY~rKxxOWpaVYcnQ"
 =======
  value = "i3F8Q~FxhoyOP1-4r9sstaohnjxXaf~ulhVJFav_"
 >>>>>>> master
 }
--- a/databases/azure-rds-flexmysql/main.tf
+++ b/databases/azure-rds-flexmysql/main.tf
@@ -34,7 +34,6 @@ resource "azurerm_mysql_flexible_server" "mysql-server" {
    "Cost Center" = "3100"
    QMI_user = var.user_id
    Owner = var.user_id
    ProvId = var.provision_id
  }
 }
--- a/databases/azure-rds-flexmysql/variables.tf
+++ b/databases/azure-rds-flexmysql/variables.tf
@@ -30,7 +30,11 @@ variable "mysql-version" {
 variable "mysql-sku-name" {
  type = string
  description = "MySQL SKU Name"
 <<<<<<< HEAD
  default = "GP_Standard_D4ds_v4"
 =======
  default = "B_Standard_B2s"
 >>>>>>> master
 }
 variable "mysql-storage" {
  type = string
--- a/databases/azure-rds-flexpostgres/main.tf
+++ b/databases/azure-rds-flexpostgres/main.tf
@@ -30,7 +30,6 @@ resource "azurerm_postgresql_flexible_server" "postgresql-server" {
    "Cost Center" = "3100"
    QMI_user = var.user_id
    Owner = var.user_id
    ProvId = var.provision_id
  }
 }
--- a/databases/azure-rds-mariadb/main.tf
+++ b/databases/azure-rds-mariadb/main.tf
@@ -36,7 +36,6 @@ resource "azurerm_mariadb_server" "mariadb-server" {
    "Cost Center" = "3100"
    QMI_user = var.user_id
    Owner = var.user_id
    ProvId = var.provision_id
  }
 }
--- a/databases/azure-rds-mssql/main.tf
+++ b/databases/azure-rds-mssql/main.tf
@@ -38,7 +38,6 @@ resource "azurerm_mssql_server" "sqlserver" {
    "Cost Center" = "3100"
    QMI_user = var.user_id
    Owner = var.user_id
    ProvId = var.provision_id
  }
  identity {
--- a/databases/azure-rds-mysql/main.tf
+++ b/databases/azure-rds-mysql/main.tf
@@ -34,7 +34,6 @@ resource "azurerm_mysql_server" "mysql-server" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
    ProvId = var.provision_id
  }
 }
--- a/databases/azure-rds-postgres/main.tf
+++ b/databases/azure-rds-postgres/main.tf
@@ -31,11 +31,10 @@ resource "azurerm_postgresql_server" "postgresql-server" {
  ssl_enforcement_enabled           = false
  ssl_minimal_tls_version_enforced  = "TLSEnforcementDisabled"
-  tags = {
+    tags = {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
    ProvId = var.provision_id
  }
--- a/databases/dbricks/main.tf
+++ b/databases/dbricks/main.tf
@@ -84,13 +84,6 @@ resource "databricks_sql_endpoint" "sqlep" {
  cluster_size     = var.cluster_size
  max_num_clusters = 1
  tags {
    custom_tags {
        key = "ProvId"
        value = var.provision_id
    }
  }
 }
 resource "databricks_sql_global_config" "this" {
@@ -150,8 +143,4 @@ resource "databricks_cluster" "dbrickscluster" {
  }
  autotermination_minutes = 45
  custom_tags = {
    "ProvId": var.provision_id
  }
 }
--- a/databases/dbricks/varaibles.tf
+++ b/databases/dbricks/varaibles.tf
@@ -36,8 +36,4 @@ variable "app_reg_secret" {
 variable "cluster_size" {
  default = "Small"
 }
 variable "provision_id" {
  default = null
 }
--- a/databases/firewall_ips/output.tf
+++ b/databases/firewall_ips/output.tf
@@ -31,10 +31,6 @@ locals {
    T_SV2_3     = ["149.97.160.217","149.97.160.218"]
    T_SV2_4     = ["149.97.160.221","149.97.160.222"]
    T_SV2_5     = ["149.97.185.1","149.97.185.30"]
    T_Blr_1     = ["14.97.166.193","14.97.166.198"]
    T_Blr_2     = ["14.97.167.21","14.97.167.22"]
    T_Blr_3     = ["122.185.123.61","122.185.123.62"]
    T_Blr_4     = ["182.79.10.25","182.79.10.26"]
  }
  fullvpn = {
@@ -167,11 +163,6 @@ output "cidr_blocks" {
    "149.97.160.216/30",
    "149.97.160.220/30",
    "149.97.185.0/27",
    # T Blr Office
    "14.97.166.192/29",
    "14.97.167.20/30",
    "122.185.123.60/30",
    "182.79.10.24/29",
    # QCS Amercias (us)
    "18.205.71.36/32", 
    "18.232.32.199/32", 
@@ -269,4 +260,4 @@ output "cidr_blocks_others" {
    "18.158.251.55/32",
    "52.57.235.168/32",
  ]
-}
+}
--- a/databases/synapse-ws/main.tf
+++ b/databases/synapse-ws/main.tf
@@ -46,7 +46,6 @@ resource "azurerm_synapse_workspace" "synapsews" {
    QMI_user = var.user_id != null? var.user_id : null
    Owner    = var.user_id != null? var.user_id : null
    ADAAutomation = "SQLDWSuspend"
    ProvId = var.provision_id
  }
 }
@@ -56,7 +55,6 @@ resource "azurerm_synapse_sql_pool" "db" {
  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
  sku_name             = var.pool_sku_name
  create_mode          = "Default"
  storage_account_type = "GRS"
  tags = {
@@ -65,7 +63,6 @@ resource "azurerm_synapse_sql_pool" "db" {
    QMI_user = var.user_id != null? var.user_id : null
    Owner = var.user_id != null? var.user_id : null
    ADAAutomation = "SQLDWSuspend"
    ProvId = var.provision_id
  }
 }
--- a/databases/synapse-ws/variables.tf
+++ b/databases/synapse-ws/variables.tf
@@ -30,8 +30,4 @@ variable "sql_administrator_login" {
 variable "sql_administrator_login_password" {
    default = "Attunity123123123"
 }
 variable "provision_id" {
    default = null
 }
--- a/linux-common/centos/common/extract-certs.sh
+++ b/linux-common/centos/common/extract-certs.sh
@@ -4,27 +4,19 @@ echo "--- Executing: $0 $@"
 BASEDIR=$(dirname "$0")
-CERTSFOLDER=$BASEDIR/qmicerts
+mkdir -p $BASEDIR/qmicerts
-mkdir -p $CERTSFOLDER
+wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx
 wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O $CERTSFOLDER/wildcard_qmi_qlik-poc_com.pfx
 wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pem -O $CERTSFOLDER/wildcard_qmi_qlik-poc_com.pem
 PASSWORD=$1
 echo "CERT_PASSWORD: $PASSWORD"
 # Extract the private key
-openssl pkcs12 -in $CERTSFOLDER/wildcard_qmi_qlik-poc_com.pfx -nocerts -nodes -out $CERTSFOLDER/wildcard_qmi_qlik-poc_com.key -passin pass:$PASSWORD
+openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -nocerts -nodes -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.key -passin pass:$PASSWORD
 # Extract the public key
-openssl pkcs12 -in $CERTSFOLDER/wildcard_qmi_qlik-poc_com.pfx -clcerts -nokeys -out $CERTSFOLDER/wildcard_qmi_qlik-poc_com.crt -passin pass:$PASSWORD
+openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -clcerts -nokeys -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt -passin pass:$PASSWORD
 # Extract the CA cert chain
-openssl pkcs12 -in $CERTSFOLDER/wildcard_qmi_qlik-poc_com.pfx -cacerts -nokeys -out $CERTSFOLDER/wildcard_qmi_qlik-poc_com-ca.crt -passin pass:$PASSWORD
+openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -cacerts -nokeys -chain -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt -passin pass:$PASSWORD
 cat $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt >> $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-fullchain.crt
-cat $CERTSFOLDER/wildcard_qmi_qlik-poc_com-ca.crt $CERTSFOLDER/wildcard_qmi_qlik-poc_com.crt > $CERTSFOLDER/wildcard_qmi_qlik-poc_com-fullchain.crt
+rm -fr $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt
-rm -fr $CERTSFOLDER/wildcard_qmi_qlik-poc_com.crt $CERTSFOLDER/wildcard_qmi_qlik-poc_com-ca.crt
+echo $PASSWORD > $BASEDIR/qmicerts/pfx-cert-password.txt
 echo $PASSWORD > $CERTSFOLDER/pfx-cert-password.txt
--- a/linux-common/centos/common/resizedisk.sh
+++ b/linux-common/centos/common/resizedisk.sh
@@ -2,6 +2,24 @@
 echo "--- Executing: $0 $@"
 <<<<<<< HEAD
 echo "Resizing main partition to max available disk"
 (
 echo u # Change the units to sectors
 echo p # List the partitions details
 echo d # Delete  partition
 echo 2 # Partition number
 echo n # Add a new partition
 echo p # Primary partition
 echo 2 # Partition number
 echo   # First sector (Accept default)
 echo   # Last sector (Accept default: varies)
 echo w # Write changes
 ) | sudo fdisk /dev/sda
 sudo partprobe
 sudo xfs_growfs -d /
 =======
 if  grep -Pq '/dev/(mapper/|disk/by-id/dm)' /etc/fstab  ||  mount | grep -q /dev/mapper/
 then
    echo "LVM is in use (Oracle Linux)"
@@ -28,10 +46,8 @@ else
    echo   # Last sector (Accept default: varies)
    echo w # Write changes
    ) | sudo fdisk /dev/sda
 >>>>>>> master
    sudo partprobe
    sudo xfs_growfs -d /
 fi
 echo "Done resize!"
 echo ""
 df -h
--- a/linux-common/ubuntu/common/extract-certs.sh
+++ b/linux-common/ubuntu/common/extract-certs.sh
@@ -4,26 +4,19 @@ echo "--- Executing: $0 $@"
 BASEDIR=$(dirname "$0")
-CERTSFOLDER=$BASEDIR/qmicerts
+mkdir -p $BASEDIR/qmicerts
-mkdir -p $CERTSFOLDER
+wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx
 wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx -O $CERTSFOLDER/wildcard_qmi_qlik-poc_com.pfx
 wget --quiet https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pem -O $CERTSFOLDER/wildcard_qmi_qlik-poc_com.pem
 PASSWORD=$1
 echo "CERT_PASSWORD: $PASSWORD"
 # Extract the private key
-openssl pkcs12 -in $CERTSFOLDER/wildcard_qmi_qlik-poc_com.pfx -nocerts -nodes -out $CERTSFOLDER/wildcard_qmi_qlik-poc_com.key -passin pass:$PASSWORD
+openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -nocerts -nodes -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.key -passin pass:$PASSWORD
 # Extract the public key
-openssl pkcs12 -in $CERTSFOLDER/wildcard_qmi_qlik-poc_com.pfx -clcerts -nokeys -out $CERTSFOLDER/wildcard_qmi_qlik-poc_com.crt -passin pass:$PASSWORD
+openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -clcerts -nokeys -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt -passin pass:$PASSWORD
 # Extract the CA cert chain
-openssl pkcs12 -in $CERTSFOLDER/wildcard_qmi_qlik-poc_com.pfx -cacerts -nokeys -out $CERTSFOLDER/wildcard_qmi_qlik-poc_com-ca.crt -passin pass:$PASSWORD
+openssl pkcs12 -in $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.pfx -cacerts -nokeys -chain -out $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt -passin pass:$PASSWORD
-cat $CERTSFOLDER/wildcard_qmi_qlik-poc_com-ca.crt $CERTSFOLDER/wildcard_qmi_qlik-poc_com.crt > $CERTSFOLDER/wildcard_qmi_qlik-poc_com-fullchain.crt
+cat $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt >> $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-fullchain.crt
-rm -fr $CERTSFOLDER/wildcard_qmi_qlik-poc_com.crt $CERTSFOLDER/wildcard_qmi_qlik-poc_com-ca.crt
+rm -fr $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com.crt $BASEDIR/qmicerts/wildcard_qmi_qlik-poc_com-ca.crt
-
+echo $PASSWORD > $BASEDIR/qmicerts/pfx-cert-password.txt
 echo $PASSWORD > $CERTSFOLDER/pfx-cert-password.txt
--- a/qmicerts/.DS_Store
+++ b/qmicerts/.DS_Store
--- a/qmicerts/wildcard_qmi_qlik-poc_com.pfx
+++ b/qmicerts/wildcard_qmi_qlik-poc_com.pfx
--- a/s3-bucket-sftp-public/main.tf
+++ b/s3-bucket-sftp-public/main.tf
@@ -18,7 +18,6 @@ locals {
    QMI_user = var.user_id
    ProvID   = var.provision_id
    Name     = "sftp-${var.provision_id}"
    forced_destroy = var.forced_destroy
  }
 }
--- a/s3-bucket-sftp-public/variables.tf
+++ b/s3-bucket-sftp-public/variables.tf
@@ -54,7 +54,3 @@ variable "sftp_users" {
  type    = map(string)
  default = { sftpusr = "sftpusr" }
 }
 variable "forced_destroy" {
  default = null
 }
--- a/s3-bucket-sftp/main.tf
+++ b/s3-bucket-sftp/main.tf
@@ -51,7 +51,6 @@ locals {
    #QMI_user = var.user_id
    ProvID   = var.provision_id
    Name     = "sftp-${var.provision_id}"
    forced_destroy = var.forced_destroy
  }
 }
@@ -139,7 +138,14 @@ resource "aws_transfer_server" "sftp" {
      aws_security_group.allow_tls_2.id
    ]
  }
-  tags = local.tags
+  tags = {
    Deployment = "QMI"
    "Cost Center" = "3100"
    QMI_user = var.user_id
    Owner    = var.user_id
    ProvID   = var.provision_id
    Name     = "sftp-${var.provision_id}"
  }
 }
 resource "aws_iam_role" "user" {
--- a/s3-bucket-sftp/variables.tf
+++ b/s3-bucket-sftp/variables.tf
@@ -35,8 +35,4 @@ variable "security_policy_name" {
  description = "Specifies the name of the [security policy](https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html) to associate with the server"
 }
 variable "forced_destroy" {
  default = null
 }
--- a/s3-bucket/main.tf
+++ b/s3-bucket/main.tf
@@ -191,4 +191,4 @@ resource "aws_iam_role_policy" "aws_s3_bucket_policy" {
      },
    ]
  })
-}
+}
--- a/vm-centos/main.tf
+++ b/vm-centos/main.tf
@@ -10,7 +10,7 @@ resource "random_id" "randomMachineId" {
 resource "random_password" "password" {
  length = 16
  special = true
-  override_special = "_!"
+  override_special = "_!@"
  upper = true
  lower = true
  min_lower = 2
--- a/vm-fromsnapshot-linux/main.tf
+++ b/vm-fromsnapshot-linux/main.tf
@@ -10,7 +10,7 @@ resource "random_id" "randomMachineId" {
 resource "random_password" "password" {
  length = 16
  special = true
-  override_special = "_!"
+  override_special = "_!@"
  upper = true
  lower = true
  min_lower = 2
@@ -21,11 +21,9 @@ resource "random_password" "password" {
 locals {
  virtual_machine_name = (var.virtual_machine_name != null)? var.virtual_machine_name :  "${var.prefix}-${random_id.randomMachineId.hex}"
  admin_username = var.admin_username
-  admin_password = var.new_password != null? var.new_password : nonsensitive(random_password.password.result)
+  admin_password = nonsensitive(random_password.password.result)
  snaploc = (var.location == "westeurope")? "weu" : (var.location == "eastus")? "" : "sea"
  storage_account_id = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Storage/storageAccounts/machinesnapshots${local.snaploc}"
  restartAfter = (var.restartAfterRename == true)? "YES" : "NO"
 }
 resource "azurerm_managed_disk" "md-import" {
@@ -173,11 +171,11 @@ resource "null_resource" "post-vm-fromsnapshot-linux" {
    inline = [
        "echo ${var.initial_password} | sudo -S chmod a+x /home/${local.admin_username}/provision-scripts/*.sh",
        "sudo /home/${local.admin_username}/provision-scripts/rename-machine.sh ${local.virtual_machine_name}",
        "sudo /home/${local.admin_username}/provision-scripts/setnewpassword.sh ${local.admin_username} ${local.admin_password}",
        "sudo /home/${local.admin_username}/provision-scripts/rename-machine.sh ${local.virtual_machine_name} ${local.restartAfter}",
    ]
  }
-    
+  
 }
--- a/vm-fromsnapshot-linux/outputs.tf
+++ b/vm-fromsnapshot-linux/outputs.tf
@@ -7,11 +7,11 @@ output "virtual_machine_name" {
 }
 output "admin_username" {
-  value = local.admin_username
+  value = var.admin_username
 }
 output "admin_password" {
-  value = local.admin_password
+  value = nonsensitive(random_password.password.result)
 }
 output "nic_id" {
--- a/vm-fromsnapshot-linux/provision-scripts/rename-machine.sh
+++ b/vm-fromsnapshot-linux/provision-scripts/rename-machine.sh
@@ -1,12 +1,4 @@
 #!/bin/bash
-echo "--- Renaming machine to $1"
+echo "Renaming machine to $1"
-echo "--- Restart after renamed: $2"
+hostnamectl set-hostname $1
 hostnamectl set-hostname $1
 if [ "$2" = "YES" ]; then 
    echo "--- Linux machine will restart in 1 minute...." 
    shutdown -r +1
 else
    echo "--- No need to restart linux machine."  
 fi;
--- a/vm-fromsnapshot-linux/variables.tf
+++ b/vm-fromsnapshot-linux/variables.tf
@@ -44,10 +44,6 @@ variable "initial_password" {
  default = null
 }
 variable "new_password" {
  default = null
 }
 variable "user_id" {
  default = null
 }
@@ -69,8 +65,4 @@ variable "startupTime"{
  default = null
 }
 variable "restartAfterRename" {
  default = false
 }
--- a/vm-oraclelinux81/main.tf
+++ b/vm-oraclelinux81/main.tf
@@ -9,13 +9,14 @@ resource "random_id" "randomMachineId" {
 resource "random_password" "password" {
  length = 16
-  special = true
+  special = false
-  override_special = "_!"
+  override_special = "_"
  upper = true
  lower = true
  min_lower = 2
  min_upper = 2
-  min_special = 2
+  min_special = 0
  min_numeric = 2
 }
 locals {
@@ -63,7 +64,7 @@ resource "azurerm_linux_virtual_machine" "vm" {
  source_image_reference {
    publisher = "Oracle"
    offer     = "Oracle-Linux"
-    sku       = "ol86-lvm"
+    sku       = "81"
    version   = "latest"
  }
--- a/vm-qs/scripts/bootstrap-qs.ps1
+++ b/vm-qs/scripts/bootstrap-qs.ps1
@@ -11,7 +11,7 @@ function New-Credential($u,$p) {
 Write-Log "--- Current logged-on user: $env:USERNAME"
-New-NetFirewallRule -DisplayName "Qlik Sense More" -Direction Inbound -LocalPort 4244, 4747, 4242, 4432, 4444, 5355, 5353, 80, 4248, 3090, 4000, 5555, 5556, 4993, 4994 -Protocol TCP -Action Allow -ea Stop | Out-Null
+New-NetFirewallRule -DisplayName "Qlik Sense More" -Direction Inbound -LocalPort 4244,4242, 4432, 4444, 5355, 5353, 80, 4248, 3090, 4000, 5555, 5556, 4993, 4994 -Protocol TCP -Action Allow -ea Stop | Out-Null
 REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
@@ -105,6 +105,16 @@ $shortcut.Save()  ## Save
 Rename-Item -Path $destination -NewName "Qlik Sense Hub.lnk"
 ####
 $Folder = 'C:\Program Files\Qlik\Sense\Tools\QlikSenseCLI'
 Write-Log "Test to see if QlikSenseCLI  exists"
 if (Test-Path -Path $Folder) {
    Write-Log "Installing QlikSenseCLI module"
 	Install-Module QLikSenseCLI -Scope AllUsers -Force
    #copy-item  -Path$Folder -Destination  'C:\Program Files\WindowsPowerShell\Modules' -Recurse
 } else {
    Write-Log  "QlikSenseCLI not supported in this version."
 } 
 Write-Log "--- New Certs: CurrentUser\My"
 Get-ChildItem cert:"CurrentUser\My"
--- a/vm-rockylinux/main.tf
+++ b/vm-rockylinux/main.tf
@@ -0,0 +1,106 @@
 resource "random_id" "randomMachineId" {
    keepers = {
        # Generate a new ID only when a new resource group is defined
        resource_group = var.resource_group_name
    }
    byte_length = 3
 }
 resource "random_password" "password" {
  length = 16
  special = false
  override_special = "_"
  upper = true
  lower = true
  min_lower = 2
  min_upper = 2
  min_special = 0
  min_numeric = 2
 }
 locals {
  virtual_machine_name = "${var.prefix}-${random_id.randomMachineId.hex}"
  admin_username = var.admin_username
  admin_password = nonsensitive(random_password.password.result)
 }
 module "qmi-nic" {
  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
  prefix = local.virtual_machine_name
  location = var.location
  subnet_id = var.subnet_id
  resource_group_name = var.resource_group_name
  user_id = var.user_id
 }
 resource "azurerm_virtual_machine" "vm" {
  name                  = local.virtual_machine_name
  location              = var.location
  resource_group_name   = var.resource_group_name
  network_interface_ids = [module.qmi-nic.id]
  vm_size               = var.vm_type
  delete_os_disk_on_termination = true
  delete_data_disks_on_termination = true
  identity {
    type = "SystemAssigned"
  }
  storage_image_reference {
    # this is the Oracle linux image I found.
    # az vm image list --all --publisher Oracle  -o table
    publisher = "erockyenterprisesoftwarefoundationinc1653071250513"
    offer     = "rockylinux"
    sku       = "free"
    version   = "8.7.20230215"
  }
  storage_os_disk {
    name              = "${local.virtual_machine_name}-osdisk"
    caching           = "ReadWrite"
    create_option     = "FromImage"
    managed_disk_type = var.managed_disk_type
    disk_size_gb      = var.disk_size_gb
  }
  os_profile_linux_config {
      disable_password_authentication = false
  }
  os_profile {
    computer_name  = local.virtual_machine_name
    admin_username = local.admin_username
    admin_password = local.admin_password
  }
  tags = {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    "ProvId"  = var.provId != null? var.provId : null
    "QMI_user" = var.user_id != null? var.user_id : null
    "24x7" = var.is_24x7 == true? "" : null
    "ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
    "StartupTime": var.is_24x7 == false? var.startupTime : null
  }
 }
 module "linux-common" {
  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//linux-common"
  depends_on = [
    azurerm_virtual_machine.vm
  ]
  os_type             = "centos"
  private_ip_address  = module.qmi-nic.private_ip_address
  admin_username      = local.admin_username
  admin_password      = local.admin_password  
 }
--- a/vm-rockylinux/outputs.tf
+++ b/vm-rockylinux/outputs.tf
@@ -0,0 +1,31 @@
 output "virtual_machine_id" {
  value = azurerm_virtual_machine.vm.id
 }
 output "virtual_machine_name" {
    value = "${var.prefix}-${random_id.randomMachineId.hex}"
 }
 output "admin_username" {
  value = var.admin_username
 }
 output "admin_password" {
  value = nonsensitive(random_password.password.result)
 }
 output "nic_id" {
  value = module.qmi-nic.id
 }
 output "nic_private_ip_address" {
  value = module.qmi-nic.private_ip_address
 }
 output "nic_ip_configuration_name" {
  value = module.qmi-nic.ip_configuration_name
 }
 output "principal_id" {
  value = azurerm_virtual_machine.vm.identity.0.principal_id
 }
--- a/vm-rockylinux/variables.tf
+++ b/vm-rockylinux/variables.tf
@@ -0,0 +1,56 @@
 variable "subnet_id" {
  default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-VM-Deployments"
 }
 variable "prefix" {
  description = "The Prefix used for all resources in this example"
  default = "QMI-ROCKYLINUX"
 }
 variable "location" {
  default = "East US"
 }
 variable "resource_group_name" {
 }
 variable "vm_type" {
  default = "Standard_DS3_v2"
 }
 variable "managed_disk_type" {
  default = "Premium_LRS"
 }
 variable "disk_size_gb" {
  default = "128"
 }
 variable "admin_username" {
  default = "qmi"
 }
 variable "user_id" {
  default = null
 }
 variable "provId" {
  default = null
 }
 variable "is_24x7"{
  type = bool
  default = null
 }
 variable "shutdownTime"{
  default = null
 }
 variable "startupTime"{
  default = null
 }
 # variable "subnet_id" {
 #   default = "/subscriptions/1f3d4c1d-6509-4c52-8dee-c15fb83f2920/resourceGroups/lkn-rg/providers/Microsoft.Network/virtualNetworks/lkn-vn/subnets/default"
 # }
--- a/vm-ubuntu/main.tf
+++ b/vm-ubuntu/main.tf
@@ -10,7 +10,7 @@ resource "random_id" "randomMachineId" {
 resource "random_password" "password" {
  length = 16
  special = true
-  override_special = "_!"
+  override_special = "_!@"
  upper = true
  lower = true
  min_lower = 2
Author	SHA1	Message	Date
Manuel Romero	102e18b11d	Merge branch 'master' into dev	2025-07-11 11:16:13 +02:00
Manuel Romero	5977b92864	Merge branch 'master' into dev	2025-07-11 11:14:50 +02:00
Leigh Kennedy	3f5a46b64a	add min_numeric = 1	2025-06-02 10:21:00 +10:00
Leigh Kennedy	62bb7d4f05	pg version	2025-01-30 10:49:44 +11:00
Leigh Kennedy	5f37c6d6ad	change postgres version	2025-01-30 10:33:37 +11:00
Leigh Kennedy	3e4cfca251	lk	2024-11-12 16:27:51 +11:00
Leigh Kennedy	5d048a714d	Merge branch 'master' into dev	2024-11-12 16:24:39 +11:00
Leigh Kennedy	e60c5316c0	change default version in dev	2024-07-30 11:51:41 +10:00
Madhavan	03f0583f27	talend Public ip update	2024-02-28 18:14:22 +05:30
Manuel Romero	a2e80b7766	Merge branch 'master' into dev	2024-02-22 11:35:32 +01:00
Leigh Kennedy	810363e332	add rockylinux	2024-02-02 15:29:25 +11:00
Leigh Kennedy	3f2ab9e395	change version	2023-10-13 10:03:42 +11:00
Leigh Kennedy	1831f87093	storage_encrypted = false	2023-10-13 09:56:48 +11:00
Leigh Kennedy	1b162bbb80	add encrypt_at_rest variable	2023-10-12 17:11:23 +11:00
Leigh Kennedy	e2653b162a	storage_encrypted = false	2023-10-12 15:36:08 +11:00
Leigh Kennedy	7d15e4e2b3	storage_encrypted = false	2023-10-12 15:16:45 +11:00
Leigh Kennedy	42f63b9dd7	switch RDS from t3 to m5	2023-10-12 11:45:56 +11:00
Leigh Kennedy	0dd6eeca7b	add support for QlikSenseCli	2023-09-14 15:16:56 +10:00