forked from apatilgtn/liquibase-infra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
120 lines (95 loc) · 4.14 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
locals {
location = {
australiaeast = "aue"
}
suffix = format("%s-%s-%s",
local.location[var.location],
var.environment,
var.project)
custom_data = <<EOF
#cloud-config
runcmd:
- [mkdir, '/actions-runner']
- cd /actions-runner
- [curl, -o, 'actions-runner.tar.gz', -L, 'https://github.com/actions/runner/releases/download/v${var.runner_version}/actions-runner-linux-x64-${var.runner_version}.tar.gz']
- [tar, -xzf, 'actions-runner.tar.gz']
- [chmod, -R, 777, '/actions-runner']
- [su, runner-admin, -c, '/actions-runner/config.sh --url https://github.com/${var.github_organisation} --token ${var.runner_token} --runnergroup ${var.runner_group_name}']
- ./svc.sh install
- ./svc.sh start
- [rm, '/actions-runner/actions-runner.tar.gz']
EOF
}
/* Now that we have our dependencies available to us through the locals we now need to build out the basic Azure components.
azurerm_resource_group - This is the resource group where the resources will be deployed.
azurerm_storage_account - This is the storage account where the boot diagnostics logs will be stored from our IaaS instance.
tls_private_key - The key that we will use to authenticate to our GHAR.*/
resource "azurerm_resource_group" "liquibase" {
name = format("rg-%s", local.suffix)
location = var.location
}
resource "azurerm_storage_account" "liquibase" {
name = format("sa%s", replace(local.suffix, "-", ""))
resource_group_name = azurerm_resource_group.liquibase.name
location = azurerm_resource_group.liquibase.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "tls_private_key" "liquibase" {
algorithm = "RSA"
rsa_bits = 2048
}
/*The next cab off the rank will be the networking stack.
azurerm_virtual_network - Network where our GHARs will be connected to.
azurerm_subnet - Subnet where our GHARs will be connected to.
azurerm_network_interface - The network interface that will be used by the IaaS instance, and it will lie in the defined subnet.*/
resource "azurerm_virtual_network" "liquibase" {
name = format("vn-%s", local.suffix)
resource_group_name = azurerm_resource_group.liquibase.name
location = azurerm_resource_group.liquibase.location
address_space = [var.network_range]
}
resource "azurerm_subnet" "runners" {
name = format("sn-%s", local.suffix)
resource_group_name = azurerm_resource_group.liquibase.name
virtual_network_name = azurerm_virtual_network.liquibase.name
address_prefixes = [cidrsubnet(var.network_range, 0, 0)]
}
resource "azurerm_network_interface" "liquibase" {
name = format("ni-%s", local.suffix)
resource_group_name = azurerm_resource_group.liquibase.name
location = azurerm_resource_group.liquibase.location
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.runners.id
private_ip_address_allocation = "Dynamic"
}
}
/*The last piece of the puzzle is the IaaS instance itself.
azurerm_linux_virtual_machine - The IaaS instance that will be used to run the Github Actions runner.*/
resource "azurerm_linux_virtual_machine" "runners" {
name = replace(format("vm-%s", local.suffix), "-", "")
resource_group_name = azurerm_resource_group.liquibase.name
location = azurerm_resource_group.liquibase.location
size = var.runner_size
admin_username = "runner-admin"
network_interface_ids = [azurerm_network_interface.liquibase.id]
admin_ssh_key {
username = "runner-admin"
public_key = tls_private_key.liquibase.public_key_openssh
}
os_disk {
caching = "None"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = split(":", var.image_urn)[0]
offer = split(":", var.image_urn)[1]
sku = split(":", var.image_urn)[2]
version = split(":", var.image_urn)[3]
}
boot_diagnostics {
storage_account_uri = azurerm_storage_account.liquibase.primary_blob_endpoint
}
custom_data = base64encode(local.custom_data)
}