From f0afe412eb1b13f331456742c91d9bfd64d6d99a Mon Sep 17 00:00:00 2001 From: Christian Gottinger Date: Tue, 23 Jan 2024 16:10:23 +0100 Subject: [PATCH] feat(corebuild): add terraform infrastructure --- .gitignore | 8 ++ .../terraform/config/cloud-config.txt | 33 +++++ internal/corebuild/terraform/main.tf | 130 ++++++++++++++++++ internal/corebuild/terraform/providers.tf | 14 ++ internal/corebuild/terraform/variables.tf | 22 +++ 5 files changed, 207 insertions(+) create mode 100644 internal/corebuild/terraform/config/cloud-config.txt create mode 100644 internal/corebuild/terraform/main.tf create mode 100644 internal/corebuild/terraform/providers.tf create mode 100644 internal/corebuild/terraform/variables.tf diff --git a/.gitignore b/.gitignore index 378942b..09d1d53 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,11 @@ cmd/copsctl/copsctl cmd/copsctl/logs\.log cmd/copsctl/copsctl\.log + +# ignore terrform related files +.plans/ +.terraform/ +.terraform* +*.tfvars +terraform.tfstate +terraform.tfstate.backup diff --git a/internal/corebuild/terraform/config/cloud-config.txt b/internal/corebuild/terraform/config/cloud-config.txt new file mode 100644 index 0000000..ae3d774 --- /dev/null +++ b/internal/corebuild/terraform/config/cloud-config.txt @@ -0,0 +1,33 @@ +#cloud-config + +bootcmd: + - mkdir -p /etc/systemd/system/walinuxagent.service.d + - echo "[Unit]\nAfter=cloud-final.service" > /etc/systemd/system/walinuxagent.service.d/override.conf + - sed "s/After=multi-user.target//g" /lib/systemd/system/cloud-final.service > /etc/systemd/system/cloud-final.service + - systemctl daemon-reload + +apt: + sources: + docker.list: + source: deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE stable + keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 + +packages: + - docker-ce + - docker-ce-cli + +groups: + - docker + +disk_setup: + ephemeral0: + table_type: gpt + layout: [66, [33,82]] + overwrite: true + +fs_setup: + - device: ephemeral0.1 + filesystem: ext4 + +mounts: + - ["ephemeral0.1", "/agent"] \ No newline at end of file diff --git a/internal/corebuild/terraform/main.tf b/internal/corebuild/terraform/main.tf new file mode 100644 index 0000000..90a8acc --- /dev/null +++ b/internal/corebuild/terraform/main.tf @@ -0,0 +1,130 @@ +#################################### +// Common +#################################### + +resource "azurerm_resource_group" "buildagentpool" { + name = var.resource_group_name + location = var.region +} + +#################################### +// Identity +#################################### + +resource "azurerm_user_assigned_identity" "buildagentpool" { + location = azurerm_resource_group.buildagentpool.location + name = var.managed_identity_name + resource_group_name = azurerm_resource_group.buildagentpool.name +} + +#################################### +// Network +#################################### + +resource "azurerm_virtual_network" "buildagentpool" { + name = var.vnet_name + resource_group_name = azurerm_resource_group.buildagentpool.name + location = azurerm_resource_group.buildagentpool.location + address_space = ["10.0.0.0/16"] +} + +resource "azurerm_subnet" "buildagentpool" { + name = "internal" + resource_group_name = azurerm_resource_group.buildagentpool.name + virtual_network_name = azurerm_virtual_network.buildagentpool.name + address_prefixes = ["10.0.2.0/24"] +} + +resource "azurerm_public_ip" "buildagentpool" { + name = var.build_agent_pool_public_ip_name + location = azurerm_resource_group.buildagentpool.location + resource_group_name = azurerm_resource_group.buildagentpool.name + allocation_method = "Static" + sku = "Standard" +} + +resource "azurerm_lb" "buildagentpool" { + name = var.build_agent_pool_lb_name + location = azurerm_resource_group.buildagentpool.location + resource_group_name = azurerm_resource_group.buildagentpool.name + sku = "Standard" + + frontend_ip_configuration { + name = "public-ip-config" + public_ip_address_id = azurerm_public_ip.buildagentpool.id + } +} + +resource "azurerm_lb_backend_address_pool" "buildagentpool" { + loadbalancer_id = azurerm_lb.buildagentpool.id + name = "backend-pool" +} + +resource "azurerm_lb_outbound_rule" "buildagentpool_outbound_default" { + name = "outbound-rule" + loadbalancer_id = azurerm_lb.buildagentpool.id + protocol = "All" + backend_address_pool_id = azurerm_lb_backend_address_pool.buildagentpool.id + frontend_ip_configuration { + name = "public-ip-config" + } +} + +#################################### +// Buildagent Pool +#################################### +resource "random_password" "password" { + length = 64 + special = true + override_special = "!#$%&*()-_=+[]{}<>:?" +} + +resource "azurerm_linux_virtual_machine_scale_set" "buildagentpool" { + name = var.build_agent_pool_name + resource_group_name = azurerm_resource_group.buildagentpool.name + location = azurerm_resource_group.buildagentpool.location + sku = "Standard_B2s" + instances = 1 + + // either password or sshkey is required. push admin password in future to + // devops keyvault when available + disable_password_authentication = false + admin_username = "corebuildadm" + admin_password = random_password.password.result + + overprovision = false + upgrade_mode = "Manual" + single_placement_group = false + platform_fault_domain_count = 1 + custom_data = filebase64("${path.module}/config/cloud-config.txt") + + # https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade#supported-os-images + source_image_reference { + publisher = "Canonical" + offer = "0001-com-ubuntu-server-jammy" + sku = "22_04-LTS" + version = "latest" + } + + os_disk { + storage_account_type = "StandardSSD_LRS" + caching = "ReadWrite" + } + + identity { + type = "UserAssigned" + identity_ids = [azurerm_user_assigned_identity.buildagentpool.id] + } + + network_interface { + name = "default" + primary = true + + ip_configuration { + name = "internal" + primary = true + subnet_id = azurerm_subnet.buildagentpool.id + load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.buildagentpool.id] + } + } +} \ No newline at end of file diff --git a/internal/corebuild/terraform/providers.tf b/internal/corebuild/terraform/providers.tf new file mode 100644 index 0000000..1af9a83 --- /dev/null +++ b/internal/corebuild/terraform/providers.tf @@ -0,0 +1,14 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.8.0" + } + } + + required_version = ">= 1.6" +} + +provider "azurerm" { + features {} +} \ No newline at end of file diff --git a/internal/corebuild/terraform/variables.tf b/internal/corebuild/terraform/variables.tf new file mode 100644 index 0000000..ecd7e79 --- /dev/null +++ b/internal/corebuild/terraform/variables.tf @@ -0,0 +1,22 @@ +#################################### +// Common +#################################### +variable "resource_group_name" {} +variable "region" {} + +#################################### +// Identity +#################################### +variable "managed_identity_name" {} + +#################################### +// Network +#################################### +variable "vnet_name" {} +variable "build_agent_pool_public_ip_name" {} +variable "build_agent_pool_lb_name" {} + +#################################### +// Buildagent Pool +#################################### +variable "build_agent_pool_name" {} \ No newline at end of file