feat(corebuild): add terraform infrastructure

conplementAG · Feb 6, 2024 · f0afe41 · f0afe41
1 parent 68348c8
commit f0afe41
Show file tree

Hide file tree

Showing 5 changed files with 207 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,11 @@ cmd/copsctl/copsctl
 cmd/copsctl/logs\.log
 
 cmd/copsctl/copsctl\.log
+
+# ignore terrform related files
+.plans/
+.terraform/
+.terraform*
+*.tfvars
+terraform.tfstate
+terraform.tfstate.backup
diff --git a/internal/corebuild/terraform/config/cloud-config.txt b/internal/corebuild/terraform/config/cloud-config.txt
@@ -0,0 +1,33 @@
+#cloud-config
+
+bootcmd:
+  - mkdir -p /etc/systemd/system/walinuxagent.service.d
+  - echo "[Unit]\nAfter=cloud-final.service" > /etc/systemd/system/walinuxagent.service.d/override.conf
+  - sed "s/After=multi-user.target//g" /lib/systemd/system/cloud-final.service > /etc/systemd/system/cloud-final.service
+  - systemctl daemon-reload
+
+apt:
+  sources:
+    docker.list:
+      source: deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE stable
+      keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+
+packages:
+  - docker-ce
+  - docker-ce-cli
+
+groups:
+  - docker
+
+disk_setup:
+  ephemeral0:
+    table_type: gpt
+    layout: [66, [33,82]]
+    overwrite: true
+
+fs_setup:
+  - device: ephemeral0.1
+    filesystem: ext4
+
+mounts:
+  - ["ephemeral0.1", "/agent"]
diff --git a/internal/corebuild/terraform/main.tf b/internal/corebuild/terraform/main.tf
@@ -0,0 +1,130 @@
+####################################
+// Common
+####################################
+
+resource "azurerm_resource_group" "buildagentpool" {
+  name     = var.resource_group_name
+  location = var.region
+}
+
+####################################
+// Identity
+####################################
+
+resource "azurerm_user_assigned_identity" "buildagentpool" {
+  location            = azurerm_resource_group.buildagentpool.location
+  name                = var.managed_identity_name
+  resource_group_name = azurerm_resource_group.buildagentpool.name
+}
+
+####################################
+// Network
+####################################
+
+resource "azurerm_virtual_network" "buildagentpool" {
+  name                = var.vnet_name
+  resource_group_name = azurerm_resource_group.buildagentpool.name
+  location            = azurerm_resource_group.buildagentpool.location
+  address_space       = ["10.0.0.0/16"]
+}
+
+resource "azurerm_subnet" "buildagentpool" {
+  name                 = "internal"
+  resource_group_name  = azurerm_resource_group.buildagentpool.name
+  virtual_network_name = azurerm_virtual_network.buildagentpool.name
+  address_prefixes     = ["10.0.2.0/24"]
+}
+
+resource "azurerm_public_ip" "buildagentpool" {
+  name                = var.build_agent_pool_public_ip_name
+  location            = azurerm_resource_group.buildagentpool.location
+  resource_group_name = azurerm_resource_group.buildagentpool.name
+  allocation_method   = "Static"
+  sku                 = "Standard"
+}
+
+resource "azurerm_lb" "buildagentpool" {
+  name                = var.build_agent_pool_lb_name
+  location            = azurerm_resource_group.buildagentpool.location
+  resource_group_name = azurerm_resource_group.buildagentpool.name
+  sku                 = "Standard"
+
+  frontend_ip_configuration {
+    name                 = "public-ip-config"
+    public_ip_address_id = azurerm_public_ip.buildagentpool.id
+  }
+}
+
+resource "azurerm_lb_backend_address_pool" "buildagentpool" {
+  loadbalancer_id = azurerm_lb.buildagentpool.id
+  name            = "backend-pool"
+}
+
+resource "azurerm_lb_outbound_rule" "buildagentpool_outbound_default" {
+  name                    = "outbound-rule"
+  loadbalancer_id         = azurerm_lb.buildagentpool.id
+  protocol                = "All"
+  backend_address_pool_id = azurerm_lb_backend_address_pool.buildagentpool.id
+  frontend_ip_configuration {
+    name = "public-ip-config"
+  }
+}
+
+####################################
+// Buildagent Pool
+####################################
+resource "random_password" "password" {
+  length           = 64
+  special          = true
+  override_special = "!#$%&*()-_=+[]{}<>:?"
+}
+
+resource "azurerm_linux_virtual_machine_scale_set" "buildagentpool" {
+  name                = var.build_agent_pool_name
+  resource_group_name = azurerm_resource_group.buildagentpool.name
+  location            = azurerm_resource_group.buildagentpool.location
+  sku                 = "Standard_B2s"
+  instances           = 1
+
+  // either password or sshkey is required. push admin password in future to
+  // devops keyvault when available
+  disable_password_authentication = false
+  admin_username                  = "corebuildadm"
+  admin_password                  = random_password.password.result
+
+  overprovision               = false
+  upgrade_mode                = "Manual"
+  single_placement_group      = false
+  platform_fault_domain_count = 1
+  custom_data                 = filebase64("${path.module}/config/cloud-config.txt")
+
+  # https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade#supported-os-images
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "0001-com-ubuntu-server-jammy"
+    sku       = "22_04-LTS"
+    version   = "latest"
+  }
+
+  os_disk {
+    storage_account_type = "StandardSSD_LRS"
+    caching              = "ReadWrite"
+  }
+
+  identity {
+    type         = "UserAssigned"
+    identity_ids = [azurerm_user_assigned_identity.buildagentpool.id]
+  }
+
+  network_interface {
+    name    = "default"
+    primary = true
+
+    ip_configuration {
+      name                                   = "internal"
+      primary                                = true
+      subnet_id                              = azurerm_subnet.buildagentpool.id
+      load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.buildagentpool.id]
+    }
+  }
+}
diff --git a/internal/corebuild/terraform/providers.tf b/internal/corebuild/terraform/providers.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "3.8.0"
+    }
+  }
+
+  required_version = ">= 1.6"
+}
+
+provider "azurerm" {
+  features {}
+}
diff --git a/internal/corebuild/terraform/variables.tf b/internal/corebuild/terraform/variables.tf
@@ -0,0 +1,22 @@
+####################################
+// Common
+####################################
+variable "resource_group_name" {}
+variable "region" {}
+
+####################################
+// Identity
+####################################
+variable "managed_identity_name" {}
+
+####################################
+// Network
+####################################
+variable "vnet_name" {}
+variable "build_agent_pool_public_ip_name" {}
+variable "build_agent_pool_lb_name" {}
+
+####################################
+// Buildagent Pool
+####################################
+variable "build_agent_pool_name" {}