diff --git a/tools/terraform-azure-uashield/README.md b/tools/terraform-azure-uashield/README.md new file mode 100644 index 0000000..d0af494 --- /dev/null +++ b/tools/terraform-azure-uashield/README.md @@ -0,0 +1,13 @@ +# Terraform to deploy uashield application + +## Requirements +- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) +- [Free Azure account](https://azure.microsoft.com/en-us/free/) +- [Log to Azure from terminal](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli) +``` +az login +``` + +## Deploy + +TODO: diff --git a/tools/terraform-azure-uashield/provider.tf b/tools/terraform-azure-uashield/provider.tf new file mode 100644 index 0000000..3cbefea --- /dev/null +++ b/tools/terraform-azure-uashield/provider.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>2.0" + } + } +} + +provider "azurerm" { + features {} +} diff --git a/tools/terraform-azure-uashield/scripts/uashield.sh b/tools/terraform-azure-uashield/scripts/uashield.sh new file mode 100644 index 0000000..d0d4e01 --- /dev/null +++ b/tools/terraform-azure-uashield/scripts/uashield.sh @@ -0,0 +1,37 @@ +#!/bin/sh + +sudo apt-get install -y \ + ca-certificates \ + curl \ + gnupg \ + lsb-release \ + wget + +wget -O - https://get.docker.com/ | bash + +sudo systemctl enable docker.service +sudo systemctl start docker.service + +mkdir -p /home/adminuser/.docker/cli-plugins/ +curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o /home/adminuser/.docker/cli-plugins/docker-compose +chmod +x /home/adminuser/.docker/cli-plugins/docker-compose +sudo chown $USER /var/run/docker.sock + +sudo echo " +version: \"3.3\" +services: + worker: + image: ghcr.io/opengs/uashield:latest + restart: always + command: + - \"7500\" + - \"true\"" >> /home/docker-compose.yaml + +sudo apt install -y docker-compose + +cd /home/ + +sudo docker-compose pull && sudo docker-compose up -d --scale worker=$(grep -c ^processor /proc/cpuinfo) + +sudo echo "*/30 * * * * cd /home/ && sudo docker-compose down -t 1 && sudo docker-compose pull && sudo docker-compose up -d --scale worker=$(grep -c ^processor /proc/cpuinfo)" >> /home/cronjob +crontab /home/cronjob diff --git a/tools/terraform-azure-uashield/uashield.tf b/tools/terraform-azure-uashield/uashield.tf new file mode 100644 index 0000000..2e2c848 --- /dev/null +++ b/tools/terraform-azure-uashield/uashield.tf @@ -0,0 +1,122 @@ +locals { + ssh_username = "adminuser" +} + +resource "azurerm_resource_group" "main" { + name = "${var.prefix}-resources" + location = var.location +} +resource "azurerm_virtual_network" "main" { + name = "${var.prefix}-network" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.main.location + resource_group_name = azurerm_resource_group.main.name +} + +resource "azurerm_subnet" "internal" { + name = "internal" + resource_group_name = azurerm_resource_group.main.name + virtual_network_name = azurerm_virtual_network.main.name + address_prefixes = ["10.0.2.0/24"] +} + +resource "azurerm_public_ip" "main" { + name = "${var.prefix}-public-ip" + location = azurerm_resource_group.main.location + resource_group_name = azurerm_resource_group.main.name + # fields may not be fully populated for Dynamic Public IP's. + allocation_method = "Static" + + tags = { + environment = "Production" + } +} +output "vm_public_ip" { + value = azurerm_public_ip.main.ip_address + sensitive = true +} + +resource "azurerm_network_interface" "internal" { + name = "${var.prefix}-nic" + location = azurerm_resource_group.main.location + resource_group_name = azurerm_resource_group.main.name + + ip_configuration { + name = "internal" + subnet_id = azurerm_subnet.internal.id + private_ip_address_allocation = "Dynamic" + public_ip_address_id = azurerm_public_ip.main.id + } +} +resource "tls_private_key" "ssh_key" { + algorithm = "RSA" + rsa_bits = 4096 +} +output "tls_private_key" { + value = tls_private_key.ssh_key.private_key_pem + sensitive = true +} + +resource "azurerm_linux_virtual_machine" "uashield" { + count = var.instance_number + name = "uashield-${count.index}" + location = azurerm_resource_group.main.location + resource_group_name = azurerm_resource_group.main.name + network_interface_ids = [element(azurerm_network_interface.internal.*.id, count.index)] + size = var.instance_size + priority = "Spot" + eviction_policy = "Deallocate" + disable_password_authentication = true + admin_username = local.ssh_username + + + source_image_reference { + publisher = "Canonical" + offer = "0001-com-ubuntu-server-focal" + sku = "20_04-lts-gen2" + version = "latest" + } + + os_disk { + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + } + + admin_ssh_key { + username = local.ssh_username + public_key = trimspace(chomp(tls_private_key.ssh_key.public_key_openssh)) + } + + provisioner "file" { + source = "scripts/uashield.sh" + destination = "/home/adminuser/uashield.sh" + + connection { + host = azurerm_public_ip.main.ip_address + user = local.ssh_username + type = "ssh" + private_key = tls_private_key.ssh_key.private_key_pem + timeout = "1m" + } + } + + provisioner "remote-exec" { + inline = [ + "chmod +x /home/adminuser/uashield.sh", + "sudo /home/adminuser/uashield.sh", + ] + + connection { + host = azurerm_public_ip.main.ip_address + user = local.ssh_username + type = "ssh" + private_key = tls_private_key.ssh_key.private_key_pem + timeout = "1m" + } + } + + tags = { + environment = "staging" + } +} + diff --git a/tools/terraform-azure-uashield/variables.tf b/tools/terraform-azure-uashield/variables.tf new file mode 100644 index 0000000..147dc55 --- /dev/null +++ b/tools/terraform-azure-uashield/variables.tf @@ -0,0 +1,22 @@ +variable "location" { + type = string + description = "Azure VM's location" + default = "Japan East" +} + +variable "instance_number" { + type = number + description = "Azure VM's instace number" + default = 1 +} + +variable "instance_size" { + type = string + description = "Azure VM's size" + default = "Standard_D2s_v3" +} + +variable "prefix" { + type = string + default = "uashield" +}