diff --git a/azure/README.md b/azure/README.md --- a/azure/README.md +++ b/azure/README.md @@ -9,6 +9,15 @@ [1] https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest [2] https://portal.azure.com +Note: `azure-cli` is actually a Python package, so it can also be installed in +a virtualenv (preferably a frech dedicated one, since it pulls something like +130 packages.): + +``` sh +$ mkvirtualenv -p /usr/bin/python3 -a $PWD azure +(azure) $ +``` + # Create vm ``` sh diff --git a/azure/terraform/init.tf b/azure/terraform/init.tf --- a/azure/terraform/init.tf +++ b/azure/terraform/init.tf @@ -46,6 +46,11 @@ default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZarzgHrzUYspvrgSI6fszrALo92BDys7QOkJgUfZa9t9m4g7dUANNtwBiqIbqijAQPmB1zKgG6QTZC5rJkRy6KqXCW/+Qeedw/FWIbuI7jOD5WxnglbEQgvPkkB8kf1xIF7icRfWcQmK2je/3sFd9yS4/+jftNMPPXkBCxYm74onMenyllA1akA8FLyujLu6MNA1D8iLLXvz6pBDTT4GZ5/bm3vSE6Go8Xbuyu4SCtYZSHaHC2lXZ6Hhi6dbli4d3OwkUWz+YhFGaEra5Fx45Iig4UCL6kXPkvL/oSc9KGerpT//Xj9qz1K7p/IrBS8+eA4X69bHYYV0UZKDADZSn ardumont@yavin4" } +variable "ssh_key_data_douardda" { + type = string + default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoON7De2Bx03owpZfzbOyucZTmyQdm7F+LP4D4H9EyOFxtyMpjH2S9Ve/JvMoFIWGQQlXSkYzRv63Z0BzPLKD2NsYgomcjOLdw1Baxnv8VOH+Q01g4B3cabcP2LMVjerHt/KRkY3E6dnKLQGE5UiER/taQ7KazAwvu89nUd4BJsV43rJ3X3DtFEfH3lR4ZEIgFyPUkVemQAjBhueFmN3w8debOdr7t9cBpnYvYKzLQN+G/kQVFc+fgs+fFOtOv+Az9kTXChfLs5pKPBm+MuGxz4gS3fPiAjY9cN6vGzr7ZNkCRUSUjJ10Hlm7Gf2EN8f+k6iSR4CPeixDcZ+scbCg4dCORqTsliSQzUORIJED9fbUR6bBjF4rRwm5GvnXx5ZTToWDJu0PSHYOkomqffp30wqvAvs6gLb+bG1daYsOLp+wYru3q09J9zUAA8vNXoWYaERFxgwsmsf57t8+JevUuePJGUC45asHjQh/ON1H5PDXtULmeD1GKkjqyaS7SBNbpOWgQb21l3pwhLet3Mq3TJmxVqzGMDnYvQMUCkiPdZq2pDplzfpDpOKLaDg8q82rR5+/tAfB4P2Z9RCOqnMLRcQk9AluTyO1D472Mkp+v5VA4di0eTWZ0tuzwYJEft0OVo+QOVTslCGsyGiEUoOcHzkrdgsT5uQziyAfgTMSuiw== david.douard@sdfa3.org" +} + variable "ssh_key_data_olasd" { type = string default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ1TCpfzrvxLhEMhxjbxqPDCwY0nazIr1cyIbhGD2bUdAbZqVMdNtr7MeDnlLIKrIPJWuvltauvLNkYU0iLc1jMntdBCBM3hgXjmTyDtc8XvXseeBp5tDqccYNR/cnDUuweNcL5tfeu5kzaAg3DFi5Dsncs5hQK5KQ8CPKWcacPjEk4ir9gdFrtKG1rZmg/wi7YbfxrJYWzb171hdV13gSgyXdsG5UAFsNyxsKSztulcLKxvbmDgYbzytr38FK2udRk7WuqPbtEAW1zV4yrBXBSB/uw8EAMi+wwvLTwyUcEl4u0CTlhREljUx8LhYrsQUCrBcmoPAmlnLCD5Q9XrGH nicolasd@darboux id_rsa.inria.pub" diff --git a/azure/terraform/mirror.tf b/azure/terraform/mirror.tf new file mode 100644 --- /dev/null +++ b/azure/terraform/mirror.tf @@ -0,0 +1,311 @@ +# Define a new resource for a (test) mirror +# matching what we name elsewhere "euwest-${resource}" + +variable "mirror_replay_servers" { + default = 4 +} + +data "azurerm_platform_image" "debian10" { + location = "westeurope" + publisher = "debian" + offer = "debian-10" + sku = "10" +} + +resource "azurerm_resource_group" "euwest-mirror-test" { + name = "euwest-mirror-test" + location = "westeurope" + + tags = { + environment = "SWH Mirror" + } +} + +resource "azurerm_network_security_group" "mirror-nsg" { + name = "mirror-nsg" + resource_group_name = "euwest-mirror-test" + location = "westeurope" +} + +locals { + mirror_replay_servers = { + for i in range(var.mirror_replay_servers): + format("mirror-replay%02d", i + 1) => { + datadisks = {} + } + } +} + + +# master machine - run the docker swarm master node on which will run +# most of the services but the db and replayers +resource "azurerm_network_interface" "mirror-master-interface" { + name = "mirror-master-interface" + location = "westeurope" + resource_group_name = "euwest-mirror-test" + network_security_group_id = azurerm_network_security_group.mirror-nsg.id + + ip_configuration { + name = "mirrorMasterNicConfiguration" + subnet_id = data.azurerm_subnet.default.id + public_ip_address_id = "" + private_ip_address_allocation = "Dynamic" + } +} +#resource "azurerm_managed_disk" "mirror-master-osdisk" { +# name = "mirror-master-osdisk" +# create_option = "FromImage" +# location = "westeurope" +# resource_group_name = "euwest-mirror-test" +# storage_account_type = "Premium_LRS" +# image_reference_id = data.azurerm_platform_image.debian10.id + #image_reference_id = "/Subscriptions/49b7f681-8efc-4689-8524-870fc0c1db09/Providers/Microsoft.Compute/Locations/westeurope/Publishers/Debian/ArtifactTypes/VMImage/Offers/debian-10/Skus/10" +#} +resource "azurerm_virtual_machine" "mirror-master" { + name = "mirror-master" + location = "westeurope" + resource_group_name = "euwest-mirror-test" + network_interface_ids = [azurerm_network_interface.mirror-master-interface.id] + vm_size = "Standard_B2ms" + + + delete_os_disk_on_termination = true + +# storage_os_disk { +# create_option = "attach" +# name = "mirror-master-osdisk" +# caching = "ReadWrite" +# managed_disk_id = azurerm_managed_disk.mirror-master-osdisk.id +# os_type = "Linux" +# } + + storage_os_disk { + name = "mirror-master-osdisk" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Premium_LRS" + } + + storage_image_reference { + publisher = "debian" + offer = "debian-10" + sku = "10" + version = "latest" + } + + os_profile { + computer_name = "mirror-master" + admin_username = var.user_admin + } + + os_profile_linux_config { + disable_password_authentication = true + ssh_keys { + path = "/home/${var.user_admin}/.ssh/authorized_keys" + key_data = var.ssh_key_data_douardda + } + } + + provisioner "remote-exec" { + inline = [ + "sudo mkdir /root/.ssh", + "echo ${var.ssh_key_data_ardumont} | sudo tee -a /root/.ssh/authorized_keys", + "echo ${var.ssh_key_data_douardda} | sudo tee -a /root/.ssh/authorized_keys", + "echo ${var.ssh_key_data_olasd} | sudo tee -a /root/.ssh/authorized_keys" + ] + + connection { + type = "ssh" + user = var.user_admin + host = azurerm_network_interface.mirror-master-interface.private_ip_address + } + } + + tags = { + environment = "SWH Mirror" + } +} + +# the DB host +resource "azurerm_network_interface" "mirror-db-interface" { + name = "mirror-db-interface" + location = "westeurope" + resource_group_name = "euwest-mirror-test" + network_security_group_id = azurerm_network_security_group.mirror-nsg.id + + ip_configuration { + name = "mirrorDbNicConfiguration" + subnet_id = data.azurerm_subnet.default.id + public_ip_address_id = "" + private_ip_address_allocation = "Dynamic" + } +} +resource "azurerm_managed_disk" "mirror-db-storage" { + name = "mirror-db-disk1" + location = azurerm_resource_group.euwest-mirror-test.location + resource_group_name = azurerm_resource_group.euwest-mirror-test.name + storage_account_type = "Standard_LRS" + create_option = "Empty" + disk_size_gb = 1024 +} + +resource "azurerm_virtual_machine_data_disk_attachment" "mirror-db-storage" { + managed_disk_id = azurerm_managed_disk.mirror-db-storage.id + virtual_machine_id = azurerm_virtual_machine.mirror-db.id + lun = "10" + caching = "ReadWrite" +} + +resource "azurerm_virtual_machine" "mirror-db" { + name = "mirror-db" + location = "westeurope" + resource_group_name = "euwest-mirror-test" + network_interface_ids = [azurerm_network_interface.mirror-db-interface.id] + vm_size = "Standard_F8s_v2" + delete_os_disk_on_termination = true + + storage_os_disk { + name = "mirror-db-osdisk" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Premium_LRS" + } + + storage_image_reference { + publisher = "debian" + offer = "debian-10" + sku = "10" + version = "latest" + } + + os_profile { + computer_name = "mirror-db" + admin_username = var.user_admin + } + + os_profile_linux_config { + disable_password_authentication = true + ssh_keys { + path = "/home/${var.user_admin}/.ssh/authorized_keys" + key_data = var.ssh_key_data_douardda + } + } + + provisioner "remote-exec" { + inline = [ + "sudo mkdir /root/.ssh", + "echo ${var.ssh_key_data_ardumont} | sudo tee -a /root/.ssh/authorized_keys", + "echo ${var.ssh_key_data_douardda} | sudo tee -a /root/.ssh/authorized_keys", + "echo ${var.ssh_key_data_olasd} | sudo tee -a /root/.ssh/authorized_keys" + ] + + connection { + type = "ssh" + user = var.user_admin + host = azurerm_network_interface.mirror-db-interface.private_ip_address + } + } + + tags = { + environment = "SWH Mirror" + } +} + +# replayer machines +resource "azurerm_network_interface" "mirror-replayer-interface" { + for_each = local.mirror_replay_servers + + name = format("%s-interface", each.key) + location = "westeurope" + resource_group_name = azurerm_resource_group.euwest-mirror-test.name + network_security_group_id = azurerm_network_security_group.mirror-nsg.id + #enable_accelerated_networking = true + + ip_configuration { + name = "mirrorReplayerNicConfiguration" + subnet_id = data.azurerm_subnet.default.id + public_ip_address_id = "" + private_ip_address_allocation = "Dynamic" + } + + depends_on = [azurerm_resource_group.euwest-mirror-test] +} +resource "azurerm_virtual_machine" "mirror-replayer" { + for_each = local.mirror_replay_servers + name = each.key + location = "westeurope" + resource_group_name = "euwest-mirror-test" + network_interface_ids = [azurerm_network_interface.mirror-replayer-interface[each.key].id] + vm_size = "Standard_B2s" + + delete_os_disk_on_termination = true + delete_data_disks_on_termination = true + + storage_os_disk { + name = format("%s-osdisk", each.key) + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Premium_LRS" + } + + storage_image_reference { + publisher = "debian" + offer = "debian-10" + sku = "10" + version = "latest" + } + + os_profile { + computer_name = each.key + admin_username = var.user_admin + } + + os_profile_linux_config { + disable_password_authentication = true + ssh_keys { + path = "/home/${var.user_admin}/.ssh/authorized_keys" + key_data = var.ssh_key_data_douardda + } + } + + provisioner "remote-exec" { + inline = [ + "sudo mkdir /root/.ssh", + "echo ${var.ssh_key_data_ardumont} | sudo tee -a /root/.ssh/authorized_keys", + "echo ${var.ssh_key_data_douardda} | sudo tee -a /root/.ssh/authorized_keys", + "echo ${var.ssh_key_data_olasd} | sudo tee -a /root/.ssh/authorized_keys" + ] + + connection { + type = "ssh" + user = var.user_admin + host = azurerm_network_interface.mirror-replayer-interface[self.name].private_ip_address + } + } + + tags = { + environment = "SWH Mirror" + } +} + +# for the obj storage, if any +#resource "azurerm_storage_account" "mirror-storage" { +# name = "mirror-storage" +# resource_group_name = "${azurerm_resource_group.euwest-mirror-test.name}" +# location = "westeurope" +# account_tier = "Standard" +# account_replication_type = "LRS" +# account_kind = "BlobStorage" +# access_tier = "Cool" +# tags = { +# environment = "SWH Mirror Storage" +# } +#} + +# A container for the blob storage named 'contents' (as other blob storages) +#resource "azurerm_storage_container" "mirror-graph-storage" { +# name = "mirror-graph-storage" +# resource_group_name = "${azurerm_resource_group.euwest-mirror-test.name}" +# storage_account_name = "${azurerm_storage_account.mirror-storage.name}" +# container_access_type = "private" +#} diff --git a/azure/terraform/vault.tf b/azure/terraform/vault.tf --- a/azure/terraform/vault.tf +++ b/azure/terraform/vault.tf @@ -41,7 +41,6 @@ # A container for the blob storage named 'contents' (as other blob storages) resource "azurerm_storage_container" "contents" { name = "contents" - resource_group_name = azurerm_resource_group.euwest-vault.name storage_account_name = azurerm_storage_account.vault-storage.name container_access_type = "private" } @@ -85,4 +84,3 @@ environment = "SWH Vault" } } -