From 894772ea62f7a6fa8855db69978f5ab99408ec20 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 24 Jun 2024 09:46:54 +0100 Subject: [PATCH 01/34] add register the redhat 7 system --- keyvault.tf | 10 ++++++++++ locals.tf | 2 ++ scripts/bootstrap_vm.sh | 20 ++++++++++++++++++++ variables.tf | 19 +++++++++++++++++++ 4 files changed, 51 insertions(+) diff --git a/keyvault.tf b/keyvault.tf index 23447e2..ae4b9ef 100644 --- a/keyvault.tf +++ b/keyvault.tf @@ -47,3 +47,13 @@ data "azurerm_key_vault_secret" "nessus_agent_key" { name = contains(["prod", "sbox"], var.env) ? "nessus-agent-key-${var.env}" : "nessus-agent-key-nonprod" key_vault_id = data.azurerm_key_vault.soc_vault[0].id } + +data "azurerm_key_vault" "redhat_vault" { + name = var.redhat_vault_name + resource_group_name = var.redhat_vault_rg +} + +data "azurerm_key_vault_secret" "redhat_password" { + name = "redhat-portal" + key_vault_id = data.azurerm_key_vault.redhat_vault.id +} diff --git a/locals.tf b/locals.tf index fe09a98..d9c1077 100644 --- a/locals.tf +++ b/locals.tf @@ -24,6 +24,8 @@ locals { NESSUS_SERVER = var.nessus_server == null || var.nessus_server == "" ? local.nessus_server : var.nessus_server NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups + ELS_PASSWORD = var.els_password != "" ? var.els_password : (length(data.azurerm_key_vault_secret.redhat_password.value) > 0 ? data.azurerm_key_vault_secret.redhat_password.value : "") + }), var.additional_script_path == null ? "" : file("${var.additional_script_path}"))) additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\"" diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index 3ead099..aec315a 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -188,3 +188,23 @@ if [ "${NESSUS_INSTALL}" = "true" ] then install_nessus "${NESSUS_SERVER}" "${NESSUS_KEY}" "${NESSUS_GROUPS}" fi + +# Check if the OS is RHEL 7 +if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then + echo "This is Red Hat Enterprise Linux 7." + + # Register the system and attach a subscription pool + sudo subscription-manager register --username lss-sre@abcts.net --password $ELS_PASSWORD + sudo subscription-manager attach --pool=2c948d44900ca9d401902c00cd9e75c1 + + # Refresh subscription-manager and verify identity + sudo subscription-manager refresh + sudo subscription-manager identity + + # Install insights-client and register it + sudo yum install -y insights-client + sudo insights-client --register + + # Enable repositories + sudo subscription-manager config --rhsm.manage_repos=1 + sudo subscription-manager repos --enable rhel-7-server-els-rpms \ No newline at end of file diff --git a/variables.tf b/variables.tf index 443a90a..6174ea7 100644 --- a/variables.tf +++ b/variables.tf @@ -316,3 +316,22 @@ variable "soc_vault_name" { type = string default = "soc-prod" } + +variable "redhat_vault_rg" { + description = "The name of the resource group where the redhat Key Vault is located." + type = string + default = "cft-platform-dev-rg" +} + +variable "redhat_vault_name" { + description = "The name of the redhat Key Vault." + type = string + default = "acmedcdcnpdev" +} + +variable "els_password" { + description = "Redhat ELS admin password - read input from keyvault." + type = string + default = null +} + From 0f845f8d8695dc1c8ae5754fca8ec9bf66fb881e Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 24 Jun 2024 09:54:56 +0100 Subject: [PATCH 02/34] fix typo --- scripts/bootstrap_vm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index aec315a..9c5d648 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -194,7 +194,7 @@ if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then echo "This is Red Hat Enterprise Linux 7." # Register the system and attach a subscription pool - sudo subscription-manager register --username lss-sre@abcts.net --password $ELS_PASSWORD + sudo subscription-manager register --username lss-sre@hmcts.net --password $ELS_PASSWORD sudo subscription-manager attach --pool=2c948d44900ca9d401902c00cd9e75c1 # Refresh subscription-manager and verify identity From 848c0312d260834d49b7e0cd117ea127c1f58a70 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 24 Jun 2024 09:36:36 +0000 Subject: [PATCH 03/34] terraform-docs: automated action --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 7e6c662..86fd66d 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,10 @@ A virtual machine or virtual machine scale set. | [azurerm_virtual_machine_scale_set_extension.dynatrace_oneagent](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_virtual_machine_scale_set_extension.endpoint_protection](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_key_vault.cnp_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | +| [azurerm_key_vault.redhat_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault.soc_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault_secret.nessus_agent_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_key_vault_secret.redhat_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_pass4symmkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_username](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | @@ -77,6 +79,7 @@ A virtual machine or virtual machine scale set. | [dynatrace\_tenant\_id](#input\_dynatrace\_tenant\_id) | The tenant ID of your Dynatrace environment. | `string` | `""` | no | | [dynatrace\_token](#input\_dynatrace\_token) | The API token of your Dynatrace environment. | `string` | `""` | no | | [dynatrace\_type\_handler\_version](#input\_dynatrace\_type\_handler\_version) | Version of Dynatrace OneAgent - To find: az vm extension image list --location uksouth -p dynatrace.ruxit -o table | `string` | `"2.200"` | no | +| [els\_password](#input\_els\_password) | Redhat ELS admin password - read input from keyvault. | `string` | `null` | no | | [endpoint\_protection\_handler\_version](#input\_endpoint\_protection\_handler\_version) | Enable Antimalware Protection. | `string` | `"1.6"` | no | | [endpoint\_protection\_upgrade\_minor\_version](#input\_endpoint\_protection\_upgrade\_minor\_version) | Specifies if the platform deploys the latest minor version Endpoint Protection update to the type\_handler\_version specified. | `bool` | `true` | no | | [env](#input\_env) | Environment name. | `string` | n/a | yes | @@ -93,6 +96,8 @@ A virtual machine or virtual machine scale set. | [rc\_os\_sku](#input\_rc\_os\_sku) | n/a | `any` | `null` | no | | [rc\_script\_file](#input\_rc\_script\_file) | A path to a local file for the script | `any` | `null` | no | | [realtimeprotectionenabled](#input\_realtimeprotectionenabled) | Enable Realtime Protection | `string` | `true` | no | +| [redhat\_vault\_name](#input\_redhat\_vault\_name) | The name of the redhat Key Vault. | `string` | `"acmedcdcnpdev"` | no | +| [redhat\_vault\_rg](#input\_redhat\_vault\_rg) | The name of the resource group where the redhat Key Vault is located. | `string` | `"cft-platform-dev-rg"` | no | | [run\_command](#input\_run\_command) | n/a | `bool` | `false` | no | | [run\_command\_settings](#input\_run\_command\_settings) | The settings passed to the Run Command extension, these are specified as a JSON object in a string. | `string` | `null` | no | | [run\_command\_type\_handler\_version](#input\_run\_command\_type\_handler\_version) | Type handler version number | `string` | `"1.0"` | no | From 7f5bbedc2737d381a158a770b8e04e3b9d727caa Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 24 Jun 2024 14:21:29 +0100 Subject: [PATCH 04/34] Remove pool id --- locals.tf | 1 - scripts/bootstrap_vm.sh | 1 - 2 files changed, 2 deletions(-) diff --git a/locals.tf b/locals.tf index d9c1077..56056ee 100644 --- a/locals.tf +++ b/locals.tf @@ -25,7 +25,6 @@ locals { NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups ELS_PASSWORD = var.els_password != "" ? var.els_password : (length(data.azurerm_key_vault_secret.redhat_password.value) > 0 ? data.azurerm_key_vault_secret.redhat_password.value : "") - }), var.additional_script_path == null ? "" : file("${var.additional_script_path}"))) additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\"" diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index 9c5d648..218f2e8 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -195,7 +195,6 @@ if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then # Register the system and attach a subscription pool sudo subscription-manager register --username lss-sre@hmcts.net --password $ELS_PASSWORD - sudo subscription-manager attach --pool=2c948d44900ca9d401902c00cd9e75c1 # Refresh subscription-manager and verify identity sudo subscription-manager refresh From a393531b31647e4ad9c28d06c4da6d6070e9b260 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 24 Jun 2024 14:42:35 +0100 Subject: [PATCH 05/34] cnp provider added --- keyvault.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/keyvault.tf b/keyvault.tf index ae4b9ef..e0a590f 100644 --- a/keyvault.tf +++ b/keyvault.tf @@ -49,11 +49,13 @@ data "azurerm_key_vault_secret" "nessus_agent_key" { } data "azurerm_key_vault" "redhat_vault" { + provider = azurerm.cnp name = var.redhat_vault_name resource_group_name = var.redhat_vault_rg } data "azurerm_key_vault_secret" "redhat_password" { + provider = azurerm.cnp name = "redhat-portal" key_vault_id = data.azurerm_key_vault.redhat_vault.id } From 86bcc03109fc4b659905729462891d9301d2bba2 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Tue, 25 Jun 2024 10:52:46 +0100 Subject: [PATCH 06/34] add endif --- scripts/bootstrap_vm.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index 218f2e8..91625dd 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -206,4 +206,12 @@ if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then # Enable repositories sudo subscription-manager config --rhsm.manage_repos=1 - sudo subscription-manager repos --enable rhel-7-server-els-rpms \ No newline at end of file + sudo subscription-manager repos --enable rhel-7-server-els-rpms + + echo "Configuration completed successfully." +else + echo "This script is intended for Red Hat Enterprise Linux 7 only." +fi + + + \ No newline at end of file From 1d70e524f374249194aa22f966eca7a34f7fc4a5 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Tue, 25 Jun 2024 14:06:34 +0100 Subject: [PATCH 07/34] change to defualt kv --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 6174ea7..897192f 100644 --- a/variables.tf +++ b/variables.tf @@ -326,7 +326,7 @@ variable "redhat_vault_rg" { variable "redhat_vault_name" { description = "The name of the redhat Key Vault." type = string - default = "acmedcdcnpdev" + default = "infra-vault-nonprod" } variable "els_password" { From f5783c4974ce192eca18d510ae92fde8de897a30 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 25 Jun 2024 13:06:56 +0000 Subject: [PATCH 08/34] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 86fd66d..25df93c 100644 --- a/README.md +++ b/README.md @@ -96,7 +96,7 @@ A virtual machine or virtual machine scale set. | [rc\_os\_sku](#input\_rc\_os\_sku) | n/a | `any` | `null` | no | | [rc\_script\_file](#input\_rc\_script\_file) | A path to a local file for the script | `any` | `null` | no | | [realtimeprotectionenabled](#input\_realtimeprotectionenabled) | Enable Realtime Protection | `string` | `true` | no | -| [redhat\_vault\_name](#input\_redhat\_vault\_name) | The name of the redhat Key Vault. | `string` | `"acmedcdcnpdev"` | no | +| [redhat\_vault\_name](#input\_redhat\_vault\_name) | The name of the redhat Key Vault. | `string` | `"infra-vault-nonprod"` | no | | [redhat\_vault\_rg](#input\_redhat\_vault\_rg) | The name of the resource group where the redhat Key Vault is located. | `string` | `"cft-platform-dev-rg"` | no | | [run\_command](#input\_run\_command) | n/a | `bool` | `false` | no | | [run\_command\_settings](#input\_run\_command\_settings) | The settings passed to the Run Command extension, these are specified as a JSON object in a string. | `string` | `null` | no | From e274809ab42c544a639bc76f6dd02d4f4126848f Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Tue, 25 Jun 2024 14:43:45 +0100 Subject: [PATCH 09/34] change kv resource group --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 897192f..0a829ca 100644 --- a/variables.tf +++ b/variables.tf @@ -320,7 +320,7 @@ variable "soc_vault_name" { variable "redhat_vault_rg" { description = "The name of the resource group where the redhat Key Vault is located." type = string - default = "cft-platform-dev-rg" + default = "cnp-core-infra" } variable "redhat_vault_name" { From d43cf5f2230b2f58214638fd4c54e65d3d9989a8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 25 Jun 2024 13:44:03 +0000 Subject: [PATCH 10/34] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 25df93c..9f09fa2 100644 --- a/README.md +++ b/README.md @@ -97,7 +97,7 @@ A virtual machine or virtual machine scale set. | [rc\_script\_file](#input\_rc\_script\_file) | A path to a local file for the script | `any` | `null` | no | | [realtimeprotectionenabled](#input\_realtimeprotectionenabled) | Enable Realtime Protection | `string` | `true` | no | | [redhat\_vault\_name](#input\_redhat\_vault\_name) | The name of the redhat Key Vault. | `string` | `"infra-vault-nonprod"` | no | -| [redhat\_vault\_rg](#input\_redhat\_vault\_rg) | The name of the resource group where the redhat Key Vault is located. | `string` | `"cft-platform-dev-rg"` | no | +| [redhat\_vault\_rg](#input\_redhat\_vault\_rg) | The name of the resource group where the redhat Key Vault is located. | `string` | `"cnp-core-infra"` | no | | [run\_command](#input\_run\_command) | n/a | `bool` | `false` | no | | [run\_command\_settings](#input\_run\_command\_settings) | The settings passed to the Run Command extension, these are specified as a JSON object in a string. | `string` | `null` | no | | [run\_command\_type\_handler\_version](#input\_run\_command\_type\_handler\_version) | Type handler version number | `string` | `"1.0"` | no | From 1c0d192d8b8ecb8401fbe9056e8e6f1cf070fbdf Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Wed, 26 Jun 2024 12:25:08 +0100 Subject: [PATCH 11/34] add pool id --- scripts/bootstrap_vm.sh | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index 91625dd..ff74a12 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -194,19 +194,21 @@ if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then echo "This is Red Hat Enterprise Linux 7." # Register the system and attach a subscription pool - sudo subscription-manager register --username lss-sre@hmcts.net --password $ELS_PASSWORD + subscription-manager register --username lss-sre@hmcts.net --password $ELS_PASSWORD + subscription-manager attach --pool=2c948d44900ca9d401902c00cd9e75c1 + # Refresh subscription-manager and verify identity - sudo subscription-manager refresh - sudo subscription-manager identity + subscription-manager refresh + subscription-manager identity # Install insights-client and register it - sudo yum install -y insights-client - sudo insights-client --register + yum install -y insights-client + insights-client --register # Enable repositories - sudo subscription-manager config --rhsm.manage_repos=1 - sudo subscription-manager repos --enable rhel-7-server-els-rpms + subscription-manager config --rhsm.manage_repos=1 + subscription-manager repos --enable rhel-7-server-els-rpms echo "Configuration completed successfully." else From 6caf17fb7dd4ef6052f2c29b2dac3ce2c5e690b9 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Wed, 26 Jun 2024 14:29:38 +0100 Subject: [PATCH 12/34] fix els password --- locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index 56056ee..7e74db3 100644 --- a/locals.tf +++ b/locals.tf @@ -24,7 +24,7 @@ locals { NESSUS_SERVER = var.nessus_server == null || var.nessus_server == "" ? local.nessus_server : var.nessus_server NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups - ELS_PASSWORD = var.els_password != "" ? var.els_password : (length(data.azurerm_key_vault_secret.redhat_password.value) > 0 ? data.azurerm_key_vault_secret.redhat_password.value : "") + ELS_PASSWORD = var.els_password != null || var.els_password == "" ? (length(data.azurerm_key_vault_secret.redhat_password.value) > 0 ? data.azurerm_key_vault_secret.redhat_password.value : "") : var.els_password }), var.additional_script_path == null ? "" : file("${var.additional_script_path}"))) additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\"" From b61ceee5616e1a8674a2234a73cb84589abd1448 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Wed, 26 Jun 2024 15:53:21 +0100 Subject: [PATCH 13/34] removed pool id --- scripts/bootstrap_vm.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index ff74a12..d59eabd 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -195,7 +195,6 @@ if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then # Register the system and attach a subscription pool subscription-manager register --username lss-sre@hmcts.net --password $ELS_PASSWORD - subscription-manager attach --pool=2c948d44900ca9d401902c00cd9e75c1 # Refresh subscription-manager and verify identity From 05a7f2c2d0c980409b1aaef9fbbd17b31e6e99f1 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Wed, 26 Jun 2024 20:38:40 +0100 Subject: [PATCH 14/34] remove username n password --- scripts/bootstrap_vm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index d59eabd..8037810 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -194,7 +194,7 @@ if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then echo "This is Red Hat Enterprise Linux 7." # Register the system and attach a subscription pool - subscription-manager register --username lss-sre@hmcts.net --password $ELS_PASSWORD + subscription-manager register --auto-attach # Refresh subscription-manager and verify identity From 29f9b7f6e94c8389a0a4a112b0eb82b780e2afa9 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Thu, 27 Jun 2024 16:55:13 +0100 Subject: [PATCH 15/34] add activation key name --- keyvault.tf | 10 ---------- locals.tf | 1 - scripts/bootstrap_vm.sh | 2 +- variables.tf | 16 ---------------- 4 files changed, 1 insertion(+), 28 deletions(-) diff --git a/keyvault.tf b/keyvault.tf index e0a590f..075f4ff 100644 --- a/keyvault.tf +++ b/keyvault.tf @@ -48,14 +48,4 @@ data "azurerm_key_vault_secret" "nessus_agent_key" { key_vault_id = data.azurerm_key_vault.soc_vault[0].id } -data "azurerm_key_vault" "redhat_vault" { - provider = azurerm.cnp - name = var.redhat_vault_name - resource_group_name = var.redhat_vault_rg -} -data "azurerm_key_vault_secret" "redhat_password" { - provider = azurerm.cnp - name = "redhat-portal" - key_vault_id = data.azurerm_key_vault.redhat_vault.id -} diff --git a/locals.tf b/locals.tf index 7e74db3..fe09a98 100644 --- a/locals.tf +++ b/locals.tf @@ -24,7 +24,6 @@ locals { NESSUS_SERVER = var.nessus_server == null || var.nessus_server == "" ? local.nessus_server : var.nessus_server NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups - ELS_PASSWORD = var.els_password != null || var.els_password == "" ? (length(data.azurerm_key_vault_secret.redhat_password.value) > 0 ? data.azurerm_key_vault_secret.redhat_password.value : "") : var.els_password }), var.additional_script_path == null ? "" : file("${var.additional_script_path}"))) additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\"" diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index 8037810..c81adcf 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -194,7 +194,7 @@ if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then echo "This is Red Hat Enterprise Linux 7." # Register the system and attach a subscription pool - subscription-manager register --auto-attach + subscription-manager register --org=7324337 --activationkey=Rhel-els # Refresh subscription-manager and verify identity diff --git a/variables.tf b/variables.tf index 0a829ca..d397821 100644 --- a/variables.tf +++ b/variables.tf @@ -317,21 +317,5 @@ variable "soc_vault_name" { default = "soc-prod" } -variable "redhat_vault_rg" { - description = "The name of the resource group where the redhat Key Vault is located." - type = string - default = "cnp-core-infra" -} - -variable "redhat_vault_name" { - description = "The name of the redhat Key Vault." - type = string - default = "infra-vault-nonprod" -} -variable "els_password" { - description = "Redhat ELS admin password - read input from keyvault." - type = string - default = null -} From 3a8f4a8861b601d016e0a1797068825d00c338f2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 27 Jun 2024 15:55:38 +0000 Subject: [PATCH 16/34] terraform-docs: automated action --- README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/README.md b/README.md index 9f09fa2..7e6c662 100644 --- a/README.md +++ b/README.md @@ -45,10 +45,8 @@ A virtual machine or virtual machine scale set. | [azurerm_virtual_machine_scale_set_extension.dynatrace_oneagent](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_virtual_machine_scale_set_extension.endpoint_protection](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_key_vault.cnp_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_key_vault.redhat_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault.soc_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault_secret.nessus_agent_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.redhat_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_pass4symmkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_username](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | @@ -79,7 +77,6 @@ A virtual machine or virtual machine scale set. | [dynatrace\_tenant\_id](#input\_dynatrace\_tenant\_id) | The tenant ID of your Dynatrace environment. | `string` | `""` | no | | [dynatrace\_token](#input\_dynatrace\_token) | The API token of your Dynatrace environment. | `string` | `""` | no | | [dynatrace\_type\_handler\_version](#input\_dynatrace\_type\_handler\_version) | Version of Dynatrace OneAgent - To find: az vm extension image list --location uksouth -p dynatrace.ruxit -o table | `string` | `"2.200"` | no | -| [els\_password](#input\_els\_password) | Redhat ELS admin password - read input from keyvault. | `string` | `null` | no | | [endpoint\_protection\_handler\_version](#input\_endpoint\_protection\_handler\_version) | Enable Antimalware Protection. | `string` | `"1.6"` | no | | [endpoint\_protection\_upgrade\_minor\_version](#input\_endpoint\_protection\_upgrade\_minor\_version) | Specifies if the platform deploys the latest minor version Endpoint Protection update to the type\_handler\_version specified. | `bool` | `true` | no | | [env](#input\_env) | Environment name. | `string` | n/a | yes | @@ -96,8 +93,6 @@ A virtual machine or virtual machine scale set. | [rc\_os\_sku](#input\_rc\_os\_sku) | n/a | `any` | `null` | no | | [rc\_script\_file](#input\_rc\_script\_file) | A path to a local file for the script | `any` | `null` | no | | [realtimeprotectionenabled](#input\_realtimeprotectionenabled) | Enable Realtime Protection | `string` | `true` | no | -| [redhat\_vault\_name](#input\_redhat\_vault\_name) | The name of the redhat Key Vault. | `string` | `"infra-vault-nonprod"` | no | -| [redhat\_vault\_rg](#input\_redhat\_vault\_rg) | The name of the resource group where the redhat Key Vault is located. | `string` | `"cnp-core-infra"` | no | | [run\_command](#input\_run\_command) | n/a | `bool` | `false` | no | | [run\_command\_settings](#input\_run\_command\_settings) | The settings passed to the Run Command extension, these are specified as a JSON object in a string. | `string` | `null` | no | | [run\_command\_type\_handler\_version](#input\_run\_command\_type\_handler\_version) | Type handler version number | `string` | `"1.0"` | no | From ac27028a623cab8506cd12886bd7a0c2ea152f41 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Thu, 27 Jun 2024 20:31:49 +0100 Subject: [PATCH 17/34] fix space --- keyvault.tf | 2 -- variables.tf | 1 - 2 files changed, 3 deletions(-) diff --git a/keyvault.tf b/keyvault.tf index 075f4ff..23447e2 100644 --- a/keyvault.tf +++ b/keyvault.tf @@ -47,5 +47,3 @@ data "azurerm_key_vault_secret" "nessus_agent_key" { name = contains(["prod", "sbox"], var.env) ? "nessus-agent-key-${var.env}" : "nessus-agent-key-nonprod" key_vault_id = data.azurerm_key_vault.soc_vault[0].id } - - diff --git a/variables.tf b/variables.tf index d397821..a113ada 100644 --- a/variables.tf +++ b/variables.tf @@ -318,4 +318,3 @@ variable "soc_vault_name" { } - From a9ffd1b38d49e26acf5d8b7a7e38b5bade003a92 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Thu, 27 Jun 2024 20:32:57 +0100 Subject: [PATCH 18/34] fix space --- variables.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/variables.tf b/variables.tf index a113ada..443a90a 100644 --- a/variables.tf +++ b/variables.tf @@ -316,5 +316,3 @@ variable "soc_vault_name" { type = string default = "soc-prod" } - - From 997a4e71aca2b822346662f221d846e38e9093e7 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Thu, 27 Jun 2024 20:34:45 +0100 Subject: [PATCH 19/34] rm extra spaces --- scripts/bootstrap_vm.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index c81adcf..d2745e1 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -212,7 +212,4 @@ if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then echo "Configuration completed successfully." else echo "This script is intended for Red Hat Enterprise Linux 7 only." -fi - - - \ No newline at end of file +fi \ No newline at end of file From e883bdc8b0d7b4e81c065cbdd1839d6250749eaf Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 1 Jul 2024 11:02:22 +0100 Subject: [PATCH 20/34] add kv for cert --- keyvault.tf | 12 ++++++++++++ locals.tf | 1 + scripts/bootstrap_vm.sh | 12 ++++++++++++ variables.tf | 6 ++++++ 4 files changed, 31 insertions(+) diff --git a/keyvault.tf b/keyvault.tf index 23447e2..93a67dd 100644 --- a/keyvault.tf +++ b/keyvault.tf @@ -47,3 +47,15 @@ data "azurerm_key_vault_secret" "nessus_agent_key" { name = contains(["prod", "sbox"], var.env) ? "nessus-agent-key-${var.env}" : "nessus-agent-key-nonprod" key_vault_id = data.azurerm_key_vault.soc_vault[0].id } + +data "azurerm_key_vault" "rhel_cert_vault" { + provider = azurerm.cnp + name = var.env == "prod" ? "infra-vault-prod" : "infra-vault-nonprod" + resource_group_name = local.cnp_vault_rg +} + +data "azurerm_key_vault_secret" "rhel_cert" { + provider = azurerm.cnp + name = var.env == "prod" ? "rhel-cert-prod" : "rhel-cert" + key_vault_id = data.azurerm_key_vault.cnp_vault.id +} diff --git a/locals.tf b/locals.tf index fe09a98..ee6fc78 100644 --- a/locals.tf +++ b/locals.tf @@ -24,6 +24,7 @@ locals { NESSUS_SERVER = var.nessus_server == null || var.nessus_server == "" ? local.nessus_server : var.nessus_server NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups + RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_secret.rhel_cert) > 0 ? data.azurerm_key_vault_secret.rhel_cert.value : "") : var.rhel_cert }), var.additional_script_path == null ? "" : file("${var.additional_script_path}"))) additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\"" diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index d2745e1..9a7e347 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -189,6 +189,18 @@ then install_nessus "${NESSUS_SERVER}" "${NESSUS_KEY}" "${NESSUS_GROUPS}" fi +# Create directory /etc/pki/product/. +mkdir -p /etc/pki/product/ + +# Write the certificate. +echo "${RHEL_CERT}" > /etc/pki/product/204.pem + +# Change the permission and ownership of this file. +restorecon -Rv /etc/pki/product +chown root.root /etc/pki/product/204.pem +chmod 644 /etc/pki/product/204.pem +rct cat-cert /etc/pki/product/204.pem + # Check if the OS is RHEL 7 if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then echo "This is Red Hat Enterprise Linux 7." diff --git a/variables.tf b/variables.tf index 443a90a..c604c8c 100644 --- a/variables.tf +++ b/variables.tf @@ -316,3 +316,9 @@ variable "soc_vault_name" { type = string default = "soc-prod" } + +variable "rhel_cert" { + description = "Redhat linking key - read input from keyvault." + type = string + default = null +} From 9afdc4fb81347652a931791efd1b8d0f71d06caa Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 1 Jul 2024 10:02:52 +0000 Subject: [PATCH 21/34] terraform-docs: automated action --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 7e6c662..8df5a02 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,10 @@ A virtual machine or virtual machine scale set. | [azurerm_virtual_machine_scale_set_extension.dynatrace_oneagent](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_virtual_machine_scale_set_extension.endpoint_protection](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_key_vault.cnp_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | +| [azurerm_key_vault.rhel_cert_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault.soc_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault_secret.nessus_agent_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_key_vault_secret.rhel_cert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_pass4symmkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_username](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | @@ -93,6 +95,7 @@ A virtual machine or virtual machine scale set. | [rc\_os\_sku](#input\_rc\_os\_sku) | n/a | `any` | `null` | no | | [rc\_script\_file](#input\_rc\_script\_file) | A path to a local file for the script | `any` | `null` | no | | [realtimeprotectionenabled](#input\_realtimeprotectionenabled) | Enable Realtime Protection | `string` | `true` | no | +| [rhel\_cert](#input\_rhel\_cert) | Redhat linking key - read input from keyvault. | `string` | `null` | no | | [run\_command](#input\_run\_command) | n/a | `bool` | `false` | no | | [run\_command\_settings](#input\_run\_command\_settings) | The settings passed to the Run Command extension, these are specified as a JSON object in a string. | `string` | `null` | no | | [run\_command\_type\_handler\_version](#input\_run\_command\_type\_handler\_version) | Type handler version number | `string` | `"1.0"` | no | From 5393088ba4f34e80fbc60692bcb73bf16dcad91b Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 1 Jul 2024 11:42:34 +0100 Subject: [PATCH 22/34] add count --- keyvault.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keyvault.tf b/keyvault.tf index 93a67dd..bfd119b 100644 --- a/keyvault.tf +++ b/keyvault.tf @@ -57,5 +57,5 @@ data "azurerm_key_vault" "rhel_cert_vault" { data "azurerm_key_vault_secret" "rhel_cert" { provider = azurerm.cnp name = var.env == "prod" ? "rhel-cert-prod" : "rhel-cert" - key_vault_id = data.azurerm_key_vault.cnp_vault.id + key_vault_id = data.azurerm_key_vault.cnp_vault[0].id } From e5f378eac01e850549b13dd89d242bc8f379d322 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 1 Jul 2024 11:56:21 +0100 Subject: [PATCH 23/34] change kv id to rhel cert id --- keyvault.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keyvault.tf b/keyvault.tf index bfd119b..4155216 100644 --- a/keyvault.tf +++ b/keyvault.tf @@ -57,5 +57,5 @@ data "azurerm_key_vault" "rhel_cert_vault" { data "azurerm_key_vault_secret" "rhel_cert" { provider = azurerm.cnp name = var.env == "prod" ? "rhel-cert-prod" : "rhel-cert" - key_vault_id = data.azurerm_key_vault.cnp_vault[0].id + key_vault_id = data.azurerm_key_vault.rhel_cert_vault.id } From 37181ca8427e4fa3c78ad2d7d782befad9be9763 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 1 Jul 2024 15:49:22 +0100 Subject: [PATCH 24/34] using cli to read a secret --- keyvault.tf | 22 +++++++++++----------- locals.tf | 2 +- scripts/bootstrap_vm.sh | 16 +++++++++++++++- variables.tf | 10 +++++----- 4 files changed, 32 insertions(+), 18 deletions(-) diff --git a/keyvault.tf b/keyvault.tf index 4155216..e6cde15 100644 --- a/keyvault.tf +++ b/keyvault.tf @@ -48,14 +48,14 @@ data "azurerm_key_vault_secret" "nessus_agent_key" { key_vault_id = data.azurerm_key_vault.soc_vault[0].id } -data "azurerm_key_vault" "rhel_cert_vault" { - provider = azurerm.cnp - name = var.env == "prod" ? "infra-vault-prod" : "infra-vault-nonprod" - resource_group_name = local.cnp_vault_rg -} - -data "azurerm_key_vault_secret" "rhel_cert" { - provider = azurerm.cnp - name = var.env == "prod" ? "rhel-cert-prod" : "rhel-cert" - key_vault_id = data.azurerm_key_vault.rhel_cert_vault.id -} +# data "azurerm_key_vault" "rhel_cert_vault" { +# provider = azurerm.cnp +# name = var.env == "prod" ? "infra-vault-prod" : "infra-vault-nonprod" +# resource_group_name = local.cnp_vault_rg +# } + +# data "azurerm_key_vault_secret" "rhel_cert" { +# provider = azurerm.cnp +# name = var.env == "prod" ? "rhel-cert-prod" : "rhel-cert" +# key_vault_id = data.azurerm_key_vault.rhel_cert_vault.id +# } diff --git a/locals.tf b/locals.tf index ee6fc78..ad882dc 100644 --- a/locals.tf +++ b/locals.tf @@ -24,7 +24,7 @@ locals { NESSUS_SERVER = var.nessus_server == null || var.nessus_server == "" ? local.nessus_server : var.nessus_server NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups - RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_secret.rhel_cert) > 0 ? data.azurerm_key_vault_secret.rhel_cert.value : "") : var.rhel_cert + # RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_secret.rhel_cert) > 0 ? data.azurerm_key_vault_secret.rhel_cert.value : "") : var.rhel_cert }), var.additional_script_path == null ? "" : file("${var.additional_script_path}"))) additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\"" diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index 9a7e347..e790fc2 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -189,11 +189,25 @@ then install_nessus "${NESSUS_SERVER}" "${NESSUS_KEY}" "${NESSUS_GROUPS}" fi +# Redhat ELS + +keyvaultName="infra-vault-nonprod" +secretName="rhel-cert" + +# Retrieve the certificate content from Azure Key Vault +certificateContent=$(az keyvault secret show --vault-name $keyvaultName --name $secretName --query value -o tsv) + +# Check if the retrieval was successful +if [ -z "$certificateContent" ]; then + echo "Failed to retrieve the certificate from Azure Key Vault." + exit 1 +fi + # Create directory /etc/pki/product/. mkdir -p /etc/pki/product/ # Write the certificate. -echo "${RHEL_CERT}" > /etc/pki/product/204.pem +echo "$certificateContent" > /etc/pki/product/204.pem # Change the permission and ownership of this file. restorecon -Rv /etc/pki/product diff --git a/variables.tf b/variables.tf index c604c8c..ec40c5c 100644 --- a/variables.tf +++ b/variables.tf @@ -317,8 +317,8 @@ variable "soc_vault_name" { default = "soc-prod" } -variable "rhel_cert" { - description = "Redhat linking key - read input from keyvault." - type = string - default = null -} +# variable "rhel_cert" { +# description = "Redhat linking key - read input from keyvault." +# type = string +# default = null +# } From 74063a291fbe5eb9101410371a0e34af98fb60d7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 1 Jul 2024 14:49:43 +0000 Subject: [PATCH 25/34] terraform-docs: automated action --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index 8df5a02..7e6c662 100644 --- a/README.md +++ b/README.md @@ -45,10 +45,8 @@ A virtual machine or virtual machine scale set. | [azurerm_virtual_machine_scale_set_extension.dynatrace_oneagent](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_virtual_machine_scale_set_extension.endpoint_protection](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_key_vault.cnp_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_key_vault.rhel_cert_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault.soc_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault_secret.nessus_agent_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.rhel_cert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_pass4symmkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_username](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | @@ -95,7 +93,6 @@ A virtual machine or virtual machine scale set. | [rc\_os\_sku](#input\_rc\_os\_sku) | n/a | `any` | `null` | no | | [rc\_script\_file](#input\_rc\_script\_file) | A path to a local file for the script | `any` | `null` | no | | [realtimeprotectionenabled](#input\_realtimeprotectionenabled) | Enable Realtime Protection | `string` | `true` | no | -| [rhel\_cert](#input\_rhel\_cert) | Redhat linking key - read input from keyvault. | `string` | `null` | no | | [run\_command](#input\_run\_command) | n/a | `bool` | `false` | no | | [run\_command\_settings](#input\_run\_command\_settings) | The settings passed to the Run Command extension, these are specified as a JSON object in a string. | `string` | `null` | no | | [run\_command\_type\_handler\_version](#input\_run\_command\_type\_handler\_version) | Type handler version number | `string` | `"1.0"` | no | From b054197028ca1259aff088e04f2f11110c226b9f Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 1 Jul 2024 17:07:57 +0100 Subject: [PATCH 26/34] cert add --- keyvault.tf | 22 +++++++++++----------- locals.tf | 2 +- scripts/bootstrap_vm.sh | 14 +------------- variables.tf | 10 +++++----- 4 files changed, 18 insertions(+), 30 deletions(-) diff --git a/keyvault.tf b/keyvault.tf index e6cde15..4155216 100644 --- a/keyvault.tf +++ b/keyvault.tf @@ -48,14 +48,14 @@ data "azurerm_key_vault_secret" "nessus_agent_key" { key_vault_id = data.azurerm_key_vault.soc_vault[0].id } -# data "azurerm_key_vault" "rhel_cert_vault" { -# provider = azurerm.cnp -# name = var.env == "prod" ? "infra-vault-prod" : "infra-vault-nonprod" -# resource_group_name = local.cnp_vault_rg -# } - -# data "azurerm_key_vault_secret" "rhel_cert" { -# provider = azurerm.cnp -# name = var.env == "prod" ? "rhel-cert-prod" : "rhel-cert" -# key_vault_id = data.azurerm_key_vault.rhel_cert_vault.id -# } +data "azurerm_key_vault" "rhel_cert_vault" { + provider = azurerm.cnp + name = var.env == "prod" ? "infra-vault-prod" : "infra-vault-nonprod" + resource_group_name = local.cnp_vault_rg +} + +data "azurerm_key_vault_secret" "rhel_cert" { + provider = azurerm.cnp + name = var.env == "prod" ? "rhel-cert-prod" : "rhel-cert" + key_vault_id = data.azurerm_key_vault.rhel_cert_vault.id +} diff --git a/locals.tf b/locals.tf index ad882dc..ee6fc78 100644 --- a/locals.tf +++ b/locals.tf @@ -24,7 +24,7 @@ locals { NESSUS_SERVER = var.nessus_server == null || var.nessus_server == "" ? local.nessus_server : var.nessus_server NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups - # RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_secret.rhel_cert) > 0 ? data.azurerm_key_vault_secret.rhel_cert.value : "") : var.rhel_cert + RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_secret.rhel_cert) > 0 ? data.azurerm_key_vault_secret.rhel_cert.value : "") : var.rhel_cert }), var.additional_script_path == null ? "" : file("${var.additional_script_path}"))) additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\"" diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index e790fc2..0e93434 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -189,25 +189,13 @@ then install_nessus "${NESSUS_SERVER}" "${NESSUS_KEY}" "${NESSUS_GROUPS}" fi -# Redhat ELS -keyvaultName="infra-vault-nonprod" -secretName="rhel-cert" - -# Retrieve the certificate content from Azure Key Vault -certificateContent=$(az keyvault secret show --vault-name $keyvaultName --name $secretName --query value -o tsv) - -# Check if the retrieval was successful -if [ -z "$certificateContent" ]; then - echo "Failed to retrieve the certificate from Azure Key Vault." - exit 1 -fi # Create directory /etc/pki/product/. mkdir -p /etc/pki/product/ # Write the certificate. -echo "$certificateContent" > /etc/pki/product/204.pem +echo "${RHEL_CERT}" > /etc/pki/product/204.pem # Change the permission and ownership of this file. restorecon -Rv /etc/pki/product diff --git a/variables.tf b/variables.tf index ec40c5c..c604c8c 100644 --- a/variables.tf +++ b/variables.tf @@ -317,8 +317,8 @@ variable "soc_vault_name" { default = "soc-prod" } -# variable "rhel_cert" { -# description = "Redhat linking key - read input from keyvault." -# type = string -# default = null -# } +variable "rhel_cert" { + description = "Redhat linking key - read input from keyvault." + type = string + default = null +} From 78c5881e2ca25b1f4ff00a79ce09f048d008771f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 1 Jul 2024 16:08:23 +0000 Subject: [PATCH 27/34] terraform-docs: automated action --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 7e6c662..8df5a02 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,10 @@ A virtual machine or virtual machine scale set. | [azurerm_virtual_machine_scale_set_extension.dynatrace_oneagent](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_virtual_machine_scale_set_extension.endpoint_protection](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_key_vault.cnp_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | +| [azurerm_key_vault.rhel_cert_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault.soc_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault_secret.nessus_agent_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_key_vault_secret.rhel_cert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_pass4symmkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_username](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | @@ -93,6 +95,7 @@ A virtual machine or virtual machine scale set. | [rc\_os\_sku](#input\_rc\_os\_sku) | n/a | `any` | `null` | no | | [rc\_script\_file](#input\_rc\_script\_file) | A path to a local file for the script | `any` | `null` | no | | [realtimeprotectionenabled](#input\_realtimeprotectionenabled) | Enable Realtime Protection | `string` | `true` | no | +| [rhel\_cert](#input\_rhel\_cert) | Redhat linking key - read input from keyvault. | `string` | `null` | no | | [run\_command](#input\_run\_command) | n/a | `bool` | `false` | no | | [run\_command\_settings](#input\_run\_command\_settings) | The settings passed to the Run Command extension, these are specified as a JSON object in a string. | `string` | `null` | no | | [run\_command\_type\_handler\_version](#input\_run\_command\_type\_handler\_version) | Type handler version number | `string` | `"1.0"` | no | From c58212d69a5373bc946582e7a855c90239f06588 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 1 Jul 2024 20:08:48 +0100 Subject: [PATCH 28/34] change secret to certificate --- keyvault.tf | 2 +- locals.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/keyvault.tf b/keyvault.tf index 4155216..01a6392 100644 --- a/keyvault.tf +++ b/keyvault.tf @@ -54,7 +54,7 @@ data "azurerm_key_vault" "rhel_cert_vault" { resource_group_name = local.cnp_vault_rg } -data "azurerm_key_vault_secret" "rhel_cert" { +data "azurerm_key_vault_certificate" "rhel_cert" { provider = azurerm.cnp name = var.env == "prod" ? "rhel-cert-prod" : "rhel-cert" key_vault_id = data.azurerm_key_vault.rhel_cert_vault.id diff --git a/locals.tf b/locals.tf index ee6fc78..5161405 100644 --- a/locals.tf +++ b/locals.tf @@ -24,7 +24,7 @@ locals { NESSUS_SERVER = var.nessus_server == null || var.nessus_server == "" ? local.nessus_server : var.nessus_server NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups - RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_secret.rhel_cert) > 0 ? data.azurerm_key_vault_secret.rhel_cert.value : "") : var.rhel_cert + RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_certificate.rhel_cert) > 0 ? data.azurerm_key_vault_certificate.rhel_cert.value : "") : var.rhel_cert }), var.additional_script_path == null ? "" : file("${var.additional_script_path}"))) additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\"" From b7f3561af6daba4df8f215741fc7b7ac846d05a1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 1 Jul 2024 19:09:09 +0000 Subject: [PATCH 29/34] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8df5a02..efa0291 100644 --- a/README.md +++ b/README.md @@ -47,8 +47,8 @@ A virtual machine or virtual machine scale set. | [azurerm_key_vault.cnp_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault.rhel_cert_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault.soc_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | +| [azurerm_key_vault_certificate.rhel_cert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | | [azurerm_key_vault_secret.nessus_agent_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.rhel_cert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_pass4symmkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_username](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | From 01702cf8ea1a0ed251abbcc3e855e392d93375d8 Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 1 Jul 2024 20:31:25 +0100 Subject: [PATCH 30/34] change value to certificate --- locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index 5161405..b742b5a 100644 --- a/locals.tf +++ b/locals.tf @@ -24,7 +24,7 @@ locals { NESSUS_SERVER = var.nessus_server == null || var.nessus_server == "" ? local.nessus_server : var.nessus_server NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups - RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_certificate.rhel_cert) > 0 ? data.azurerm_key_vault_certificate.rhel_cert.value : "") : var.rhel_cert + RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_certificate.rhel_cert) > 0 ? data.azurerm_key_vault_certificate.rhel_cert.certificate : "") : var.rhel_cert }), var.additional_script_path == null ? "" : file("${var.additional_script_path}"))) additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\"" From 6e1db9fe31e6a2e2126c788ed3318edd6bfa363a Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 1 Jul 2024 21:05:28 +0100 Subject: [PATCH 31/34] set to certificate_data_base64 --- locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index b742b5a..f413ceb 100644 --- a/locals.tf +++ b/locals.tf @@ -24,7 +24,7 @@ locals { NESSUS_SERVER = var.nessus_server == null || var.nessus_server == "" ? local.nessus_server : var.nessus_server NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups - RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_certificate.rhel_cert) > 0 ? data.azurerm_key_vault_certificate.rhel_cert.certificate : "") : var.rhel_cert + RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_certificate.rhel_cert) > 0 ? data.azurerm_key_vault_certificate.rhel_cert.certificate_data_base64 : "") : var.rhel_cert }), var.additional_script_path == null ? "" : file("${var.additional_script_path}"))) additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\"" From 24aea5d3948e31783e83a949f777bb4dcd6a557e Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Mon, 1 Jul 2024 23:22:28 +0100 Subject: [PATCH 32/34] removed kv --- keyvault.tf | 12 ------------ locals.tf | 1 - scripts/bootstrap_vm.sh | 8 -------- variables.tf | 5 ----- 4 files changed, 26 deletions(-) diff --git a/keyvault.tf b/keyvault.tf index 01a6392..23447e2 100644 --- a/keyvault.tf +++ b/keyvault.tf @@ -47,15 +47,3 @@ data "azurerm_key_vault_secret" "nessus_agent_key" { name = contains(["prod", "sbox"], var.env) ? "nessus-agent-key-${var.env}" : "nessus-agent-key-nonprod" key_vault_id = data.azurerm_key_vault.soc_vault[0].id } - -data "azurerm_key_vault" "rhel_cert_vault" { - provider = azurerm.cnp - name = var.env == "prod" ? "infra-vault-prod" : "infra-vault-nonprod" - resource_group_name = local.cnp_vault_rg -} - -data "azurerm_key_vault_certificate" "rhel_cert" { - provider = azurerm.cnp - name = var.env == "prod" ? "rhel-cert-prod" : "rhel-cert" - key_vault_id = data.azurerm_key_vault.rhel_cert_vault.id -} diff --git a/locals.tf b/locals.tf index f413ceb..fe09a98 100644 --- a/locals.tf +++ b/locals.tf @@ -24,7 +24,6 @@ locals { NESSUS_SERVER = var.nessus_server == null || var.nessus_server == "" ? local.nessus_server : var.nessus_server NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups - RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_certificate.rhel_cert) > 0 ? data.azurerm_key_vault_certificate.rhel_cert.certificate_data_base64 : "") : var.rhel_cert }), var.additional_script_path == null ? "" : file("${var.additional_script_path}"))) additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\"" diff --git a/scripts/bootstrap_vm.sh b/scripts/bootstrap_vm.sh index 0e93434..84b9efb 100644 --- a/scripts/bootstrap_vm.sh +++ b/scripts/bootstrap_vm.sh @@ -189,14 +189,6 @@ then install_nessus "${NESSUS_SERVER}" "${NESSUS_KEY}" "${NESSUS_GROUPS}" fi - - -# Create directory /etc/pki/product/. -mkdir -p /etc/pki/product/ - -# Write the certificate. -echo "${RHEL_CERT}" > /etc/pki/product/204.pem - # Change the permission and ownership of this file. restorecon -Rv /etc/pki/product chown root.root /etc/pki/product/204.pem diff --git a/variables.tf b/variables.tf index c604c8c..8d3ee30 100644 --- a/variables.tf +++ b/variables.tf @@ -317,8 +317,3 @@ variable "soc_vault_name" { default = "soc-prod" } -variable "rhel_cert" { - description = "Redhat linking key - read input from keyvault." - type = string - default = null -} From b40086e9a6c799cc1f58ccf4a1ecd07dfc7fb3ab Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 1 Jul 2024 22:22:50 +0000 Subject: [PATCH 33/34] terraform-docs: automated action --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index efa0291..7e6c662 100644 --- a/README.md +++ b/README.md @@ -45,9 +45,7 @@ A virtual machine or virtual machine scale set. | [azurerm_virtual_machine_scale_set_extension.dynatrace_oneagent](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_virtual_machine_scale_set_extension.endpoint_protection](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource | | [azurerm_key_vault.cnp_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_key_vault.rhel_cert_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault.soc_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_key_vault_certificate.rhel_cert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | | [azurerm_key_vault_secret.nessus_agent_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_pass4symmkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | @@ -95,7 +93,6 @@ A virtual machine or virtual machine scale set. | [rc\_os\_sku](#input\_rc\_os\_sku) | n/a | `any` | `null` | no | | [rc\_script\_file](#input\_rc\_script\_file) | A path to a local file for the script | `any` | `null` | no | | [realtimeprotectionenabled](#input\_realtimeprotectionenabled) | Enable Realtime Protection | `string` | `true` | no | -| [rhel\_cert](#input\_rhel\_cert) | Redhat linking key - read input from keyvault. | `string` | `null` | no | | [run\_command](#input\_run\_command) | n/a | `bool` | `false` | no | | [run\_command\_settings](#input\_run\_command\_settings) | The settings passed to the Run Command extension, these are specified as a JSON object in a string. | `string` | `null` | no | | [run\_command\_type\_handler\_version](#input\_run\_command\_type\_handler\_version) | Type handler version number | `string` | `"1.0"` | no | From 20e5dc12a8ff805e8bd1a527f01518e1e532033f Mon Sep 17 00:00:00 2001 From: salim abdulkareem Date: Tue, 2 Jul 2024 12:16:55 +0100 Subject: [PATCH 34/34] add readme for rhel 7 --- README.md | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7e6c662..7e3f9dc 100644 --- a/README.md +++ b/README.md @@ -107,4 +107,32 @@ A virtual machine or virtual machine scale set. | [virtual\_machine\_id](#input\_virtual\_machine\_id) | Virtual machine resource id. | `string` | `null` | no | | [virtual\_machine\_scale\_set\_id](#input\_virtual\_machine\_scale\_set\_id) | Virtual machine scale set resource id. | `string` | `null` | no | | [virtual\_machine\_type](#input\_virtual\_machine\_type) | vm or vmss. | `string` | n/a | yes | - \ No newline at end of file + + +## Redhat ELS for RHEL 7.* +This README provides instructions for logging into Redhat ELS, checking the Subscription Manager and Insights-client, and other relevant details. + +## Logging into Redhat +To log into Redhat, use the following credentials stored in the Key Vault (KV): + +Username: lss-sre@hmcts.net +Password: https://portal.azure.com/#@HMCTS.NET/asset/Microsoft_Azure_KeyVault/Secret/https://acmedcdcnpdev.vault.azure.net/secrets/redhat-portal/cd61d615bffe415f8dd6c1907df3115b + + +## Certificate Information +The certificate is placed under the following directory: +/etc/pki/product/204.pem + +## Checking Subscription Manager and Insights-client Installation +Ensure that both the Subscription Manager and Insights-client are installed correctly and show an active status. + +## Inventory Check +You can verify the status of both Subscription Manager and Insights-client by visiting the following inventory link: + +https://console.redhat.com/insights/inventory + +Both Subscription Manager and Insights-client should display an active status. + +Documentation links - https://tools.hmcts.net/confluence/display/~thomas.thornton/RHEL+7+ELS+Support + +For more detailed documentation, please refer to the RHEL 7 ELS Support Documentation. \ No newline at end of file