## SQL Server Always On Groups blueprint
This is an blueprint of building [SQL Server Always On Availability Groups](https://cloud.google.com/compute/docs/instances/sql-server/configure-availability)
using Fabric modules. It builds a two node cluster with a fileshare witness instance in an existing VPC and adds the necessary firewalling.
The actual setup process (apart from Active Directory operations) has been scripted, so that least amount of
manual works needs to performed:
- Joining the domain using appropriate credentials
- Running an automatically generated initialization script (`C:\InitializeCluster.ps1`)
- Creating the [Availability Groups using the wizard](https://cloud.google.com/compute/docs/instances/sql-server/configure-availability#creating_an_availability_group)
(please note that healthchecks are automatically configured when the appropriate AGs are created)
To monitor the installation process, the startup scripts log output to Application Log (visible under Windows Logs in Event Viewer)
and to `C:\GcpSetupLog.txt` file.
## Files
| name | description | modules |
|---|---|---|
| [instances.tf](./instances.tf) | Creates SQL Server instances and witness. | compute-vm |
| [main.tf](./main.tf) | Module-level locals and resources. | project |
| [outputs.tf](./outputs.tf) | Module outputs. | |
| [secrets.tf](./secrets.tf) | Creates SQL admin user password secret. | secret-manager |
| [service-accounts.tf](./service-accounts.tf) | Creates service accounts for the instances. | iam-service-account |
| [variables.tf](./variables.tf) | Module variables. | |
| [vpc.tf](./vpc.tf) | Creates the VPC and manages the firewall rules and LB. | net-address · net-lb-int · net-vpc · net-vpc-firewall |
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN). | string | ✓ | |
| [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS). | string | ✓ | |
| [network](variables.tf#L90) | Network to use in the project. | string | ✓ | |
| [prefix](variables.tf#L113) | Prefix used for resource names. | string | ✓ | |
| [project_id](variables.tf#L131) | Google Cloud project ID. | string | ✓ | |
| [sql_admin_password](variables.tf#L148) | Password for the SQL admin user to be created. | string | ✓ | |
| [subnetwork](variables.tf#L163) | Subnetwork to use in the project. | string | ✓ | |
| [always_on_groups](variables.tf#L33) | List of Always On Groups. | list(string) | | ["bookshelf"] |
| [boot_disk_size](variables.tf#L39) | Boot disk size in GB. | number | | 50 |
| [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix). | string | | "cluster" |
| [data_disk_size](variables.tf#L51) | Database disk size in GB. | number | | 200 |
| [health_check_config](variables.tf#L57) | Health check configuration. | … | | {…} |
| [health_check_port](variables.tf#L72) | Health check port. | number | | 59997 |
| [health_check_ranges](variables.tf#L78) | Health check ranges. | list(string) | | ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"] |
| [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com). | string | | "" |
| [node_image](variables.tf#L95) | SQL Server node machine image. | string | | "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" |
| [node_instance_type](variables.tf#L101) | SQL Server database node instance type. | string | | "n2-standard-8" |
| [node_name](variables.tf#L107) | Node base name. | string | | "node" |
| [project_create](variables.tf#L122) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null |
| [region](variables.tf#L136) | Region for resources. | string | | "europe-west4" |
| [shared_vpc_project_id](variables.tf#L142) | Shared VPC project ID for firewall rules. | string | | null |
| [sql_client_cidrs](variables.tf#L157) | CIDR ranges that are allowed to connect to SQL Server. | list(string) | | ["0.0.0.0/0"] |
| [vpc_ip_cidr_range](variables.tf#L168) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" |
| [witness_image](variables.tf#L174) | SQL Server witness machine image. | string | | "projects/windows-cloud/global/images/family/windows-2019" |
| [witness_instance_type](variables.tf#L180) | SQL Server witness node instance type. | string | | "n2-standard-2" |
| [witness_name](variables.tf#L186) | Witness base name. | string | | "witness" |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [instructions](outputs.tf#L19) | List of steps to follow after applying. | |
## Test
```hcl
module "test" {
source = "./fabric/blueprints/data-solutions/sqlserver-alwayson/"
project_create = {
billing_account_id = "123456-123456-123456"
parent = "folders/12345678"
}
project_id = "project-1"
prefix = "test"
network = "example-network"
subnetwork = "example-subnetwork"
sql_admin_password = "password"
ad_domain_fqdn = "ad.example.com"
ad_domain_netbios = "ad"
}
# tftest modules=12 resources=40
```