cloud setup scripts

msi-se · Jan 22, 2024 · a393cea · a393cea
1 parent 5bf2817
commit a393cea
Show file tree

Hide file tree

Showing 2 changed files with 151 additions and 0 deletions.
diff --git a/deployement/cloud-startup-script/setup-azure.sh b/deployement/cloud-startup-script/setup-azure.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# TODO(before):
+# - connect to az CLI with az login before running this script
+
+# TODO (after):
+# - retrieve $UAMI_CLIENT_ID and change AZURE_CLIENT_ID value in Github
+# - retrieve the private key 
+# - connect to the VM ssh -i ./path/to/key.pem $USERNAME@$RUNNER_IP_ADDRESS
+# - apply the setup-runner.sh script 
+
+# TERRAFORM FILES ON AZURE STORAGE
+RESOURCE_GROUP_NAME=rg-rtw-tfstate
+STORAGE_ACCOUNT_NAME=rtwtfstate18005
+CONTAINER_NAME=rtw-tfstate
+LOCATION=westus3
+
+# Create resource group
+az group create --name $RESOURCE_GROUP_NAME --location $LOCATION
+
+# Create storage account
+az storage account create --resource-group $RESOURCE_GROUP_NAME --name $STORAGE_ACCOUNT_NAME --sku Standard_LRS --encryption-services blob
+
+# Create blob container
+az storage container create --name $CONTAINER_NAME --account-name $STORAGE_ACCOUNT_NAME
+
+# USER MANAGED IDENTITY AND GITHUB RUNNER VM
+RESOURCE_GROUP_NAME=rg-rtw-UAMI
+VM_NAME=rg-rtw-github-action
+VM_IMAGE="20_04-lts-gen2"
+USERNAME=azureuser 
+UAMI_NAME=UAMI1
+
+# Create resource group
+az group create --name $RESOURCE_GROUP_NAME --location $LOCATION
+
+# Create user assigned managed indentity
+az identity create -g $RESOURCE_GROUP_NAME -n $UAMI_NAME
+export UAMI_CLIENT_ID=$(az identity show --resource-group $RESOURCE_GROUP_NAME --name $UAMI_NAME --query clientId --output tsv)
+UAMI_OBJECT_ID=$(az identity list --resource-group $RESOURCE_GROUP_NAME --query "[?name=='${UAMI_NAME}'].{principalId:principalId}" --output tsv)
+
+# Get Azure Sub. ID
+AZURE_SUB_ID=$(az account list --query "[].{id:id}" --output tsv)
+
+# Get the Contributor role id
+ROLE_ID=$(az role definition list --name "Contributor" --query "[].{name:name}" --output tsv)
+
+# Assign the user assigned managed identity to the azure account
+az role assignment create --assignee $UAMI_OBJECT_ID \
+    --role $ROLE_ID \
+    --scope "/subscriptions/${AZURE_SUB_ID}"
+
+# Create the VM for the runner
+az vm create \
+  --resource-group $RESOURCE_GROUP_NAME \
+  --name $VM_NAME \
+  --image $VM_IMAGE \
+  --admin-username $USERNAME \
+  --generate-ssh-keys \
+  --public-ip-sku Standard
+
+export RUNNER_IP_ADDRESS=$(az vm show --show-details --resource-group $RESOURCE_GROUP_NAME --name $VM_NAME --query publicIps --output tsv)
+export USERNAME=$USERNAME
+
+# Assign the user assigned managed indentity to the VM
+az vm identity assign -g $RESOURCE_GROUP_NAME -n $VM_NAME --identities $UAMI_NAME
diff --git a/deployement/cloud-startup-script/setup-runner.sh b/deployement/cloud-startup-script/setup-runner.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+# TODO:
+# - change token here provided by github: https://github.com/msi-se/reveal-the-world/settings/actions/runners/new?arch=x64&os=linux
+# - copy and run this script as sudo in the home directory of azureuser
+GITHUB_TOKEN=<token given by github>
+
+# Install jq
+echo "Installing jq..."
+sudo apt-get update
+sudo apt-get install -y jq
+
+# Install Azure CLI (az)
+echo "Installing Azure CLI..."
+curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
+
+# Install Helm
+echo "Installing Helm..."
+curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+chmod +x get_helm.sh
+./get_helm.sh
+rm get_helm.sh
+
+# Install Terraform
+echo "Installing Terraform..."
+wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
+echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
+sudo apt update && sudo apt install -y terraform
+
+# Install kubectl
+echo "Installing kubectl..."
+sudo apt-get install -y kubectl
+
+# Install pip + python packages
+echo "Installing pip..."
+sudo apt-get install -y python3-pip
+pip install pynacl
+
+# Install docker
+sudo apt install -y docker.io
+sudo usermod -aG docker azureuser
+
+echo "Installation complete!"
+
+# Runner installation
+echo "Turning this VM into a runner..."
+mkdir actions-runner && cd actions-runner
+curl -o actions-runner-linux-x64-2.311.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.311.0/actions-runner-linux-x64-2.311.0.tar.gz
+echo "29fc8cf2dab4c195bb147384e7e2c94cfd4d4022c793b346a6175435265aa278  actions-runner-linux-x64-2.311.0.tar.gz" | shasum -a 256 -c
+tar xzf ./actions-runner-linux-x64-2.311.0.tar.gz
+./config.sh --url https://github.com/msi-se/reveal-the-world --token $GITHUB_TOKEN
+
+# Add runner script as a systemd service
+SERVICE_NAME="runner"
+DESCRIPTION="Github runner"
+EXECUTABLE_PATH="/home/azureuser/actions-runner/run.sh"
+
+# Create systemd service file
+SERVICE_FILE="/etc/systemd/system/$SERVICE_NAME.service"
+sudo touch $SERVICE_FILE
+echo "[Unit]" | sudo tee -a $SERVICE_FILE
+echo "Description=$DESCRIPTION" | sudo tee -a $SERVICE_FILE
+echo "After=network.target" | sudo tee -a $SERVICE_FILE
+echo "" | sudo tee -a $SERVICE_FILE
+echo "[Service]" | sudo tee -a $SERVICE_FILE
+echo "ExecStart=$EXECUTABLE_PATH" | sudo tee -a $SERVICE_FILE
+echo "Restart=always" | sudo tee -a $SERVICE_FILE
+echo "User=azureuser" | sudo tee -a $SERVICE_FILE
+echo "Group=azureuser" | sudo tee -a $SERVICE_FILE
+echo "" | sudo tee -a $SERVICE_FILE
+echo "[Install]" | sudo tee -a $SERVICE_FILE
+echo "WantedBy=default.target" | sudo tee -a $SERVICE_FILE
+
+# Reload systemd to pick up the new service
+systemctl daemon-reload
+
+# Enable and start the service
+systemctl enable $SERVICE_NAME
+systemctl start $SERVICE_NAME
+
+
+
+
+
+