WIP

deployments/aws/deployment.cfg

@@ -17,17 +17,24 @@ VTS_PORT=${VTS_PORT:-50051}
 PROVISIONING_PORT=${PROVISIONING_PORT:-8888}
 VERIFICATION_PORT=${VERIFICATION_PORT:-8080}
 MANAGEMENT_PORT=${MANAGEMENT_PORT:-8088}
+KEYCLOAK_PORT=${KEYCLOAK_PORT:-11111}
 
 # The location of the Python venv that will be used to run the deployment
 # script. This venv must have appropriate dependencies installed (see
-# misc/requirements.txt).
+# misc/requirements.txt). The environment may be initialized using the
+# bootstrap command of the deployment.sh script.
 VERAISON_AWS_VENV=${VERAISON_AWS_VENV:-~/venv/aws}
 
 # The name of the deployment. This will be used to name the CloudFormation
 # stack. Additionally, all crated resources will have a tag with key
 # "veraison-deployment" and this value.
 VERAISON_AWS_DEPLOYMENT=${VERAISON_AWS_DEPLOYMENT:-veraison-deployment}
 
+# The name of the AWS region into which Veraison will be deployed. Must be a valid
+# AWS region name, see:
+# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions
+VERAISON_AWS_REGION=${VERAISON_AWS_REGION:-eu-west-1}
+
 # ID of the VPC into which the deployment will be created. This must exist in
 # the account.
 VERAISON_AWS_VPC_ID=${VERAISON_AWS_VPC_ID:-}
@@ -39,3 +46,9 @@ VERAISON_AWS_SUBNET_ID=${VERAISON_AWS_SUBNET_ID:-}
 # Instances' security groups will be configures to allow connections from this
 # CIDR.
 VERAISON_AWS_ADMIN_CIDR=${VERAISON_AWS_ADMIN_CIDR:-217.140.96.0/20}
+
+# Keycloak initial admin account credentials. If the password is not specified, it
+# will be randomly generated during image creation, and will be written into the 
+# deployment cache.
+KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN:-admin}
+KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD:-}

deployments/aws/deployment.sh

@@ -51,12 +51,14 @@ function bootstrap() {
 				     cut -f2 -d= | tr -d \")
 
 			case $distrib_id in
-			Arch) sudo pacman -Syy packer ssh;;
+			Arch) sudo pacman -Syy packer ssh openssl;;
 			Ubuntu)
-				sudo apt --yes install curl
+				sudo apt update
+				sudo apt --yes install curl openssl
+
 				curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
 				sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
-				sudo apt update && sudo apt --yes install packer
+				sudo apt --yes install packer
 				;;
 			*)
 				echo -e "$_error: Boostrapping is currently only supported for Arch and Ubuntu."
@@ -96,68 +98,48 @@ function bootstrap() {
 	echo "$message"
 }
 
-function create_image() {
+function bringup() {
+	_check_installed openssl
 	_check_installed packer
 
-	veraison create-image --vpc-id "${VERAISON_AWS_VPC_ID}" \
-		--subnet-id "${VERAISON_AWS_SUBNET_ID}"
-}
-
-function delete_image() {
-	veraison delete-image
-}
-
-function create_key_pair() {
-	veraison create-key-pair
-}
-
-function delete_key_pair() {
-	veraison delete-key-pair
-}
-
-function create_deb() {
-	veraison create-deb
-}
-
-function cache() {
-	veraison cache
-}
-
-function create_stack() {
-	veraison create-stack --vpc-id "${VERAISON_AWS_VPC_ID}" \
+	veraison configure --init \
+		--vpc-id "${VERAISON_AWS_VPC_ID}" \
 		--subnet-id "${VERAISON_AWS_SUBNET_ID}" \
-		--admin-cidr "${VERAISON_AWS_ADMIN_CIDR}"
-}
+		--admin-cidr "${VERAISON_AWS_ADMIN_CIDR}" \
+		--region "${VERAISON_AWS_REGION}"
 
-function delete_stack() {
-	veraison delete-stack
-}
+	veraison create-deb
+	veraison create-key-pair
+	veraison create-combined-image
+	veraison create-keycloak-image
+	veraison create-combined-stack
 
-function update_security_groups() {
 	veraison update-security-groups
+	veraison create-certs --ca-cert "${VERAISON_CA_CERT}" \
+		--ca-cert-key "${VERAISON_CA_CERT_KEY}"
+	veraison setup-keycloak --realm-file "${_this_dir}/misc/veraison-realm.json"
+	veraison setup-services
 }
 
-function update_certs() {
-	veraison update-certs
-}
+function redeploy_stack() {
+	_check_installed openssl
 
-function bringup() {
-	_check_installed packer
+	veraison delete-stack combined
+	veraison delete-certs
 
-	veraison create-deb
-	veraison create-key-pair
-	veraison create-image --vpc-id "${VERAISON_AWS_VPC_ID}" \
-		--subnet-id "${VERAISON_AWS_SUBNET_ID}"
-	veraison create-stack --vpc-id "${VERAISON_AWS_VPC_ID}" \
-		--subnet-id "${VERAISON_AWS_SUBNET_ID}" \
-		--admin-cidr "${VERAISON_AWS_ADMIN_CIDR}"
+	veraison create-combined-stack
 	veraison update-security-groups
-	veraison update-certs
+	veraison create-certs --ca-cert "${VERAISON_CA_CERT}" \
+		--ca-cert-key "${VERAISON_CA_CERT_KEY}"
+	veraison setup-keycloak --realm-file "${_this_dir}/misc/veraison-realm.json"
+	veraison setup-services
 }
 
 function teardown() {
-	veraison delete-stack
-	veraison delete-image
+	veraison delete-stack combined
+	veraison delete-certs
+	veraison delete-image keycloak
+	veraison delete-image combined
 	veraison delete-key-pair
 	veraison delete-deb
 }
@@ -206,17 +188,8 @@ case $_command in
 	help) help;;
         bootstrap) bootstrap;;
 	bringup) bringup;;
+	redeploy-stack) redeploy_stack;;
 	teardown) teardown;;
-        create-image) create_image;;
-        delete-image) delete_image;;
-        create-key-pair | create-key) create_key_pair;;
-        delete-key-pair | delete-key) delete_key_pair;;
-        create-stack) create_stack;;
-        delete-stack) delete_stack;;
-        create-deb) create_deb;;
-	update-security-groups) update_security_groups;;
-	update-certs) update_certs;;
-	cache) cache;;
 	*) echo -e "$_error: unexpected command: \"$_command\"";;
 esac
 # vim: set noet sts=8 sw=8:

deployments/aws/misc/requirements.txt

@@ -1,6 +1,7 @@
-ar==1.0.0
 boto3==1.35.8
 botocore==1.35.8
+cryptography==43.0.1
+envsubst==0.1.5
 fabric==3.2.2
 pyxdg==0.28
 PyYAML==6.0.2