Hi,
I’ve set up a dynamic host catalog on azure and two host sets
resource "boundary_host_catalog_plugin" "azure" {
name = "azure_dynamic_host_catalog"
description = "Dynamic Host Catalog plugin for Azure"
plugin_name = "azure"
attributes_json = jsonencode({
disable_credential_rotation = true
tenant_id = var.tenant_id
subscription_id = var.subscription_id
client_id = var.dynamic_host_catalog_client_id
})
secrets_json = jsonencode({
secret_value = var.dynamic_host_catalog_client_secret
})
scope_id = boundary_scope.core_infra.id
}
resource "boundary_host_set_plugin" "ssh" {
name = "azure_dynamic_host_set_ssh"
description = "Dynamic Azure host set all systems with tag service-type ssh"
host_catalog_id = boundary_host_catalog_plugin[0].azure.id
attributes_json = jsonencode({
filter = "tagName eq 'service-type' and tagValue eq 'ssh'"
})
}
resource "boundary_host_set_plugin" "db" {
name = "azure_dynamic_host_set_db"
description = "Dynamic Azure host set all systems with tag service-type db"
host_catalog_id = boundary_host_catalog_plugin[0].azure.id
attributes_json = jsonencode({
filter = "tagName eq 'service-type' and tagValue eq 'db'"
})
}
In addition I have tagged a virtual machine with the service-type:ssh and a postgresql server with service-type:db
resource "azurerm_linux_virtual_machine" "backend" {
count = var.backend_vm_count
name = "${local.backend_vm}-${count.index}"
location = var.location
resource_group_name = azurerm_resource_group.boundary.name
size = var.backend_vm_size
admin_username = "azureuser"
computer_name = "backend-${count.index}"
availability_set_id = azurerm_availability_set.controller.id
network_interface_ids = [
azurerm_network_interface.backend[count.index].id,
]
admin_ssh_key {
username = "azureuser"
public_key = tls_private_key.boundary.public_key_openssh
}
os_disk {
caching = "ReadWrite"
storage_account_type = "StandardSSD_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
tags = {
service-type = "ssh"
}
}
resource "azurerm_postgresql_server" "boundary_backend" {
name = local.backend_db
location = var.location
resource_group_name = azurerm_resource_group.boundary.name
administrator_login = var.db_username
administrator_login_password = local.db_password
sku_name = "GP_Gen5_2"
version = "11"
storage_mb = 10240
backup_retention_days = 7
geo_redundant_backup_enabled = false
auto_grow_enabled = true
public_network_access_enabled = false
ssl_enforcement_enabled = true
ssl_minimal_tls_version_enforced = "TLS1_2"
tags = {
service-type = "db"
}
}
The tags are properly on the resources
16:18 $ az tag list --resource-id /subscriptions/[redacted]/resourceGroups/msamend-rg/providers/Microsoft.Compute/virtualMachines/backend-0332fcaa-0
{
"id": "/subscriptions/[redacted]/resourceGroups/msamend-rg/providers/Microsoft.Compute/virtualMachines/backend-0332fcaa-0/providers/Microsoft.Resources/tags/default",
"name": "default",
"properties": {
"tags": {
"service-type": "ssh"
}
},
"resourceGroup": "msamend-rg",
"type": "Microsoft.Resources/tags"
}
16:18 $ az tag list --resource-id /subscriptions/[redacted]/resourceGroups/msamend-rg/providers/Microsoft.DBforPostgreSQL/servers/backend-db-0332fcaa
{
"id": "/subscriptions/[redacted]/resourceGroups/msamend-rg/providers/Microsoft.DBforPostgreSQL/servers/backend-db-0332fcaa/providers/Microsoft.Resources/tags/default",
"name": "default",
"properties": {
"tags": {
"service-type": "db"
}
},
"resourceGroup": "msamend-rg",
"type": "Microsoft.Resources/tags"
}
and the host sets seem to be properly set up
16:14 $ boundary host-sets read -id hs_9JbFtOVOhV
Host Set information:
Created Time: Sun, 21 Aug 2022 22:41:49 CEST
Description: Dynamic Azure host set all systems with tag service-type db
Host Catalog ID: hc_y303lUoebD
ID: hs_9JbFtOVOhV
Name: azure_dynamic_host_set_db
Type: plugin
Updated Time: Tue, 23 Aug 2022 16:07:31 CEST
Version: 228
Scope:
ID: p_sqSV5nSeRJ
Name: core_infra
Parent Scope ID: o_2VdoYDMQDZ
Type: project
Plugin:
ID: pl_GXzeSR6y7H
Name: azure
Attributes:
filter: tagName eq 'service-type' and tagValue eq 'db'
Authorized Actions:
no-op
read
update
delete
16:14 $ boundary host-sets read -id hs_FNKNUFRufW
Host Set information:
Created Time: Fri, 19 Aug 2022 15:33:02 CEST
Description: Dynamic Azure host set all systems with tag service-type ssh
Host Catalog ID: hc_y303lUoebD
ID: hs_FNKNUFRufW
Name: azure_dynamic_host_set_ssh
Type: plugin
Updated Time: Tue, 23 Aug 2022 16:07:31 CEST
Version: 528
Scope:
ID: p_sqSV5nSeRJ
Name: core_infra
Parent Scope ID: o_2VdoYDMQDZ
Type: project
Plugin:
ID: pl_GXzeSR6y7H
Name: azure
Attributes:
filter: tagName eq 'service-type' and tagValue eq 'ssh'
Authorized Actions:
no-op
read
update
delete
Host IDs:
h_46lXdGinbM
While the ssh host is detected the db is not.
Now I’m a bit lost on how to debug this further, any idea what the problem could be or how I can further debug?
Thanks,
Marc
