/
infra-azure-windows-desktop.yaml
127 lines (111 loc) · 4.21 KB
/
infra-azure-windows-desktop.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: infra-azure-windows-desktop
labels:
app.kubernetes.io/version: "0.6.3"
annotations:
tekton.dev/pipelines.minVersion: "0.24.x"
tekton.dev/categories: infrastructure
tekton.dev/tags: infrastructure, azure
tekton.dev/displayName: "azure manager"
tekton.dev/platforms: "linux/amd64"
spec:
description: |
This task will provision / decomission windows desktop machines on azure
The output will give required information to connect within the remote provisioned host
params:
- name: project-name
description: identifier for project.
- name: operation
description: operation to execute within the infrastructure. Current values (create, destroy)
default: create
- name: windows-featurepack
description: windows feature pack (default "22h2-pro")
default: 22h2-pro
- name: windows-version
description: Major version for windows desktop 10 or 11 (default "11")
default: '11'
- name: vmsize
description: size for the machine
default: Standard_D8s_v4
- name: spot
description: in case spot is set to true it will check for best spot price and create the VM on the target region
default: 'true'
- name: workspace-resources-path
description: path on workspace where to store ephemeral assets related with the provisioning
- name: remove-lock
description: in case a previous run fails the stack can be locked. This value allows to control if remove lock
default: 'true'
results:
- name: host
description: ip to connect to the provisioned machine
- name: username
description: username to connect to the provisioned machine
- name: userpassword
description: password for the user to connect to the provisioned machine
- name: key-filename
description: filename for the private key. The key is located at workspace-resources-path
steps:
- name: provisioner
image: quay.io/rhqp/qenvs:v0.6.3
imagePullPolicy: Always
script: |
#!/bin/sh
# Added verbosity
set -xuo
# Credentials
export ARM_TENANT_ID=$(cat /opt/credentials/tenant_id)
export ARM_SUBSCRIPTION_ID=$(cat /opt/credentials/subscription_id)
export ARM_CLIENT_ID=$(cat /opt/credentials/client_id)
export ARM_CLIENT_SECRET=$(cat /opt/credentials/client_secret)
# Output folder
workspace_path=$(workspaces.pipelines-data.path)/$(params.workspace-resources-path)
mkdir -p ${workspace_path}
# Remove lock
if [[ $(params.remove-lock) == "true" ]]; then
rm -rf ${workspace_path}/.pulumi/locks/*
fi
# Run qenvs
cmd="qenvs azure windows $(params.operation) "
cmd="$cmd --project-name $(params.project-name) "
cmd="$cmd --backed-url file://${workspace_path} "
if [[ $(params.operation) == "create" ]]; then
cmd="$cmd --conn-details-output ${workspace_path} "
cmd="$cmd --windows-featurepack $(params.windows-featurepack) "
cmd="$cmd --windows-version $(params.windows-version) "
cmd="$cmd --vmsize $(params.vmsize) "
if [[ $(params.spot) == "true" ]]; then
cmd="$cmd --spot "
fi
fi
eval "${cmd}"
create_exit_code=$?
# set task results
cat "${workspace_path}/host" | tee $(results.host.path)
cat "${workspace_path}/username" | tee $(results.username.path)
cat "${workspace_path}/userpassword" | tee $(results.userpassword.path)
echo -n "id_rsa" | tee $(results.key-filename.path)
if [[ ${create_exit_code} -ne 0 ]]; then
exit 1
fi
resources:
requests:
memory: "200Mi"
cpu: "100m"
limits:
memory: "600Mi"
cpu: "300m"
workspaces:
- name: pipelines-data
description: workspace to store outputs to connect within the target machine + state file for the infrastructure
- name: az-credentials
description: |
ocp secret holding the azure credentials. Secret should be accessible to this task.
To be a valid secret it should contains the following fields:
* tenant_id
* subscription_id
* client_id
* client_secret
mountPath: /opt/credentials