From a393cea1e321133530618ecd3bddaf48e5bcab0c Mon Sep 17 00:00:00 2001 From: Anais Date: Mon, 22 Jan 2024 18:39:25 +0100 Subject: [PATCH] cloud setup scripts --- .../cloud-startup-script/setup-azure.sh | 66 ++++++++++++++ .../cloud-startup-script/setup-runner.sh | 85 +++++++++++++++++++ 2 files changed, 151 insertions(+) create mode 100644 deployement/cloud-startup-script/setup-azure.sh create mode 100644 deployement/cloud-startup-script/setup-runner.sh diff --git a/deployement/cloud-startup-script/setup-azure.sh b/deployement/cloud-startup-script/setup-azure.sh new file mode 100644 index 0000000..f5f2f56 --- /dev/null +++ b/deployement/cloud-startup-script/setup-azure.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +# TODO(before): +# - connect to az CLI with az login before running this script + +# TODO (after): +# - retrieve $UAMI_CLIENT_ID and change AZURE_CLIENT_ID value in Github +# - retrieve the private key +# - connect to the VM ssh -i ./path/to/key.pem $USERNAME@$RUNNER_IP_ADDRESS +# - apply the setup-runner.sh script + +# TERRAFORM FILES ON AZURE STORAGE +RESOURCE_GROUP_NAME=rg-rtw-tfstate +STORAGE_ACCOUNT_NAME=rtwtfstate18005 +CONTAINER_NAME=rtw-tfstate +LOCATION=westus3 + +# Create resource group +az group create --name $RESOURCE_GROUP_NAME --location $LOCATION + +# Create storage account +az storage account create --resource-group $RESOURCE_GROUP_NAME --name $STORAGE_ACCOUNT_NAME --sku Standard_LRS --encryption-services blob + +# Create blob container +az storage container create --name $CONTAINER_NAME --account-name $STORAGE_ACCOUNT_NAME + +# USER MANAGED IDENTITY AND GITHUB RUNNER VM +RESOURCE_GROUP_NAME=rg-rtw-UAMI +VM_NAME=rg-rtw-github-action +VM_IMAGE="20_04-lts-gen2" +USERNAME=azureuser +UAMI_NAME=UAMI1 + +# Create resource group +az group create --name $RESOURCE_GROUP_NAME --location $LOCATION + +# Create user assigned managed indentity +az identity create -g $RESOURCE_GROUP_NAME -n $UAMI_NAME +export UAMI_CLIENT_ID=$(az identity show --resource-group $RESOURCE_GROUP_NAME --name $UAMI_NAME --query clientId --output tsv) +UAMI_OBJECT_ID=$(az identity list --resource-group $RESOURCE_GROUP_NAME --query "[?name=='${UAMI_NAME}'].{principalId:principalId}" --output tsv) + +# Get Azure Sub. ID +AZURE_SUB_ID=$(az account list --query "[].{id:id}" --output tsv) + +# Get the Contributor role id +ROLE_ID=$(az role definition list --name "Contributor" --query "[].{name:name}" --output tsv) + +# Assign the user assigned managed identity to the azure account +az role assignment create --assignee $UAMI_OBJECT_ID \ + --role $ROLE_ID \ + --scope "/subscriptions/${AZURE_SUB_ID}" + +# Create the VM for the runner +az vm create \ + --resource-group $RESOURCE_GROUP_NAME \ + --name $VM_NAME \ + --image $VM_IMAGE \ + --admin-username $USERNAME \ + --generate-ssh-keys \ + --public-ip-sku Standard + +export RUNNER_IP_ADDRESS=$(az vm show --show-details --resource-group $RESOURCE_GROUP_NAME --name $VM_NAME --query publicIps --output tsv) +export USERNAME=$USERNAME + +# Assign the user assigned managed indentity to the VM +az vm identity assign -g $RESOURCE_GROUP_NAME -n $VM_NAME --identities $UAMI_NAME \ No newline at end of file diff --git a/deployement/cloud-startup-script/setup-runner.sh b/deployement/cloud-startup-script/setup-runner.sh new file mode 100644 index 0000000..04f2b16 --- /dev/null +++ b/deployement/cloud-startup-script/setup-runner.sh @@ -0,0 +1,85 @@ +#!/bin/bash + +# TODO: +# - change token here provided by github: https://github.com/msi-se/reveal-the-world/settings/actions/runners/new?arch=x64&os=linux +# - copy and run this script as sudo in the home directory of azureuser +GITHUB_TOKEN= + +# Install jq +echo "Installing jq..." +sudo apt-get update +sudo apt-get install -y jq + +# Install Azure CLI (az) +echo "Installing Azure CLI..." +curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash + +# Install Helm +echo "Installing Helm..." +curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +chmod +x get_helm.sh +./get_helm.sh +rm get_helm.sh + +# Install Terraform +echo "Installing Terraform..." +wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg +echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list +sudo apt update && sudo apt install -y terraform + +# Install kubectl +echo "Installing kubectl..." +sudo apt-get install -y kubectl + +# Install pip + python packages +echo "Installing pip..." +sudo apt-get install -y python3-pip +pip install pynacl + +# Install docker +sudo apt install -y docker.io +sudo usermod -aG docker azureuser + +echo "Installation complete!" + +# Runner installation +echo "Turning this VM into a runner..." +mkdir actions-runner && cd actions-runner +curl -o actions-runner-linux-x64-2.311.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.311.0/actions-runner-linux-x64-2.311.0.tar.gz +echo "29fc8cf2dab4c195bb147384e7e2c94cfd4d4022c793b346a6175435265aa278 actions-runner-linux-x64-2.311.0.tar.gz" | shasum -a 256 -c +tar xzf ./actions-runner-linux-x64-2.311.0.tar.gz +./config.sh --url https://github.com/msi-se/reveal-the-world --token $GITHUB_TOKEN + +# Add runner script as a systemd service +SERVICE_NAME="runner" +DESCRIPTION="Github runner" +EXECUTABLE_PATH="/home/azureuser/actions-runner/run.sh" + +# Create systemd service file +SERVICE_FILE="/etc/systemd/system/$SERVICE_NAME.service" +sudo touch $SERVICE_FILE +echo "[Unit]" | sudo tee -a $SERVICE_FILE +echo "Description=$DESCRIPTION" | sudo tee -a $SERVICE_FILE +echo "After=network.target" | sudo tee -a $SERVICE_FILE +echo "" | sudo tee -a $SERVICE_FILE +echo "[Service]" | sudo tee -a $SERVICE_FILE +echo "ExecStart=$EXECUTABLE_PATH" | sudo tee -a $SERVICE_FILE +echo "Restart=always" | sudo tee -a $SERVICE_FILE +echo "User=azureuser" | sudo tee -a $SERVICE_FILE +echo "Group=azureuser" | sudo tee -a $SERVICE_FILE +echo "" | sudo tee -a $SERVICE_FILE +echo "[Install]" | sudo tee -a $SERVICE_FILE +echo "WantedBy=default.target" | sudo tee -a $SERVICE_FILE + +# Reload systemd to pick up the new service +systemctl daemon-reload + +# Enable and start the service +systemctl enable $SERVICE_NAME +systemctl start $SERVICE_NAME + + + + + +