From e8a8bf1cd7ca3d34976ee193140c01e805d6b2e1 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Mon, 6 Jul 2020 10:18:51 +0800 Subject: [PATCH 01/23] Add support for TF013 beta 3 --- .github/workflows/vnext.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/vnext.yml b/.github/workflows/vnext.yml index 518d669d..7c190421 100644 --- a/.github/workflows/vnext.yml +++ b/.github/workflows/vnext.yml @@ -52,10 +52,10 @@ jobs: - name: Build the rover (beta 0.13) run: | set -e - docker_tag=vnext-13-beta2 + docker_tag=vnext-13-beta3 # Override .env variable - export versionTerraform="0.13.0-beta2" + export versionTerraform="0.13.0-beta3" # Build the rover base image docker-compose build --build-arg versionRover="aztfmod/roverdev:$docker_tag" From 907220b71d56ab6526537bda555d0db10bec1a01 Mon Sep 17 00:00:00 2001 From: lolorol Date: Mon, 6 Jul 2020 13:50:10 +0000 Subject: [PATCH 02/23] Remove workspace and transition settings to devcontainer --- .devcontainer/devcontainer.json | 9 ++++++--- workspace.code-workspace | 11 ----------- 2 files changed, 6 insertions(+), 14 deletions(-) delete mode 100644 workspace.code-workspace diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index a4969c80..f6a0ee91 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -15,8 +15,10 @@ // Use 'settings' to set *default* container specific settings.json values on container create. // You can edit these settings after create using File > Preferences > Settings > Remote. "settings": { - // If you are using an Alpine-based image, change this to /bin/ash - "terminal.integrated.shell.linux": "/bin/bash" + "files.eol": "\n", + "terminal.integrated.shell.linux": "/bin/bash", + "editor.tabSize": 2, + "terminal.integrated.scrollback": 2000, }, // Uncomment the next line if you want start specific services in your Docker Compose config. @@ -31,6 +33,7 @@ // Add the IDs of extensions you want installed when the container is created in the array below. "extensions": [ "4ops.terraform", - "mutantdino.resourcemonitor" + "mutantdino.resourcemonitor", + "eamodio.gitlens" ] } \ No newline at end of file diff --git a/workspace.code-workspace b/workspace.code-workspace deleted file mode 100644 index bc35ebc8..00000000 --- a/workspace.code-workspace +++ /dev/null @@ -1,11 +0,0 @@ -{ - "folders": [ - { - "path": "./" - } - ], - "settings": { - "files.eol": "\n" - }, - -} \ No newline at end of file From fcd32fafe998becd63eeb20b2e235ff836ff3a27 Mon Sep 17 00:00:00 2001 From: lolorol Date: Mon, 6 Jul 2020 13:50:35 +0000 Subject: [PATCH 03/23] Add --clone-launchpad --- scripts/functions.sh | 19 +++++++++++++++++++ scripts/rover.sh | 39 +++++++++++++++++++++++++++++++++++---- 2 files changed, 54 insertions(+), 4 deletions(-) diff --git a/scripts/functions.sh b/scripts/functions.sh index d240a9bd..1d09bcf0 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -918,3 +918,22 @@ function get_storage_id { id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}'].{id:id}" -o json | jq -r .[0].id) fi } + + +function verify_clone_repository { + echo "@calling verify_clone_repository" + + if [[ "${clone_landingzone}" == "true" || "${clone_launchpad}" == "true" ]]; then + echo "cloning respository" + + if [ "${clone_launchpad}" == "true" ]; then + launchpad_path="caf-terraform-landingzones-${landingzone_branch}/landingzones/launchpad" + fi + + rm -rf /tf/caf/landingzones + mkdir -p /tf/caf/landingzones + curl https://codeload.github.com/Azure/caf-terraform-landingzones/tar.gz/${landingzone_branch} | tar -zxv --strip=2 -C /tf/caf/landingzones ${launchpad_path} + + exit 0 + fi +} \ No newline at end of file diff --git a/scripts/rover.sh b/scripts/rover.sh index a2777ccb..ccfad847 100755 --- a/scripts/rover.sh +++ b/scripts/rover.sh @@ -5,6 +5,38 @@ # deploy a landingzone with # rover [landingzone_folder_name] [plan | apply | destroy] [parameters] +while (( "$#" )); do + case "${1}" in + --clone-launchpad) + export landingzone_branch=${landingzone_branch:="master"} + export clone_launchpad="true" + export clone_landingzone="false" + echo "cloning launchpad" + shift 1 + ;; + --clone-landingzones) + export landingzone_branch=${landingzone_branch:="master"} + export clone_landingzone="true" + export clone_launchpad="false" + echo "cloning landingzone" + shift 1 + ;; + --clone-branch) + export landingzone_branch=${2} + echo "cloning branch ${landingzone_branch}" + shift 2 + ;; + *) + break + ;; + esac +done + +source /tf/rover/functions.sh +source /tf/rover/banner.sh + +verify_clone_repository + current_path=$(pwd) landingzone_name=$1 tf_action=$2 @@ -12,7 +44,6 @@ shift 2 cd ${landingzone_name} -# capture the current path export TF_VAR_workspace=${TF_VAR_workspace:="sandpit"} export TF_VAR_environment=${TF_VAR_environment:="sandpit"} export TF_VAR_rover_version=$(echo $(cat /tf/rover/version.txt)) @@ -64,8 +95,6 @@ done set -ETe trap 'error ${LINENO}' ERR 1 2 3 6 -source /tf/rover/functions.sh -source /tf/rover/banner.sh tf_command=$(echo $PARAMS | sed -e 's/^[ \t]*//') @@ -76,7 +105,7 @@ echo "tf_action : '$(echo ${tf_action})'" echo "tf_command : '$(echo ${tf_command})'" echo "landingzone : '$(echo ${landingzone_name})'" echo "terraform command output file : '$(echo ${tf_output_file})' " -echo "level : '$(echo ${TF_VAR_level})'" +echo "level (current) : '$(echo ${TF_VAR_level})'" echo "environment : '$(echo ${TF_VAR_environment})'" # echo "workspace : '$(echo ${TF_VAR_workspace})'" echo "tfstate : '$(echo ${TF_VAR_tf_name})'" @@ -85,6 +114,8 @@ echo "" verify_azure_session verify_parameters +cd ${landingzone_name} + # Trying to retrieve the terraform state storage account id get_storage_id From 38e49d78f94bd4c1c76be0506984f76cdb31c8ad Mon Sep 17 00:00:00 2001 From: lolorol Date: Thu, 9 Jul 2020 01:00:31 +0000 Subject: [PATCH 04/23] Remove --clone-error writing to stdout download progress --- changelog.md | 29 ++++++++++++++++++++++++++++- scripts/functions.sh | 2 +- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/changelog.md b/changelog.md index 4483330d..bf78cb32 100644 --- a/changelog.md +++ b/changelog.md @@ -1,4 +1,31 @@ -## 2002.dev (Unrelease) +## 2007.dev (Unrelease) + +NEW COMMANDS +* Launchpad commands moved into the rover with +```bash +rover /tf/caf/landingzones/launchpad apply -launchpad +``` + +* Clone the public launchpad folder +```bash +# Clone the public open source launchpad from master branch +rover --clone-launchpad + +# Clone the public open source launchpad from vnext branch +rover --clone-launchpad --clone-branch vnext +``` + +* Clone the public landingzones folder (includes the launchpad) +```bash +# Clone the public open source landingzones from master branch +rover --clone-landingzones + +# Clone the public open source landingzones from vnext branch +rover --clone-landingzones --clone-branch vnext +``` + +REMOVED COMMANDS +* # v2002 refresh diff --git a/scripts/functions.sh b/scripts/functions.sh index 1d09bcf0..2484ae24 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -932,7 +932,7 @@ function verify_clone_repository { rm -rf /tf/caf/landingzones mkdir -p /tf/caf/landingzones - curl https://codeload.github.com/Azure/caf-terraform-landingzones/tar.gz/${landingzone_branch} | tar -zxv --strip=2 -C /tf/caf/landingzones ${launchpad_path} + curl https://codeload.github.com/Azure/caf-terraform-landingzones/tar.gz/${landingzone_branch} --fail --silent --show-error | tar -zxv --strip=2 -C /tf/caf/landingzones ${launchpad_path} exit 0 fi From 95cd1d84538c56f1ee0219cd14ce689fb60785b8 Mon Sep 17 00:00:00 2001 From: lolorol Date: Thu, 9 Jul 2020 01:04:31 +0000 Subject: [PATCH 05/23] Remove launchpad command Remove launchpad landing zone from rover --- Dockerfile | 12 ---- changelog.md | 6 +- scripts/launchpad.sh | 163 ------------------------------------------- 3 files changed, 5 insertions(+), 176 deletions(-) delete mode 100755 scripts/launchpad.sh diff --git a/Dockerfile b/Dockerfile index def6879d..9eb7ab89 100644 --- a/Dockerfile +++ b/Dockerfile @@ -219,16 +219,6 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu echo ${USERNAME} ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/${USERNAME} && \ chmod 0440 /etc/sudoers.d/${USERNAME} - -# to force the docker cache to invalidate when there is a new version -ADD https://api.github.com/repos/aztfmod/level0/git/refs/heads/${versionLaunchpadOpensource} version.json -RUN echo "cloning the launchpads version ${versionLaunchpadOpensource}" && \ - mkdir -p /tf && \ - git clone https://github.com/aztfmod/level0.git /tf --branch ${versionLaunchpadOpensource} && \ - chown -R ${USERNAME}:1000 /tf/launchpads && \ - chmod +x /tf/bootstrap/**/*.sh && \ - chmod +x /tf/bootstrap/*.sh - # Add Community terraform providers # COPY --from=devops /tmp/terraform-provider-azuredevops/bin /bin/ COPY --from=azurecaf /tmp/terraform-provider-azurecaf/terraform-provider-azurecaf /bin/ @@ -238,13 +228,11 @@ COPY --from=terraform-docs /go/bin/terraform-docs /bin/ WORKDIR /tf/rover COPY ./scripts/rover.sh . -COPY ./scripts/launchpad.sh . COPY ./scripts/functions.sh . COPY ./scripts/banner.sh . COPY --from=rover_version version.txt /tf/rover/version.txt RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \ - echo "alias launchpad=/tf/rover/launchpad.sh" >> /home/${USERNAME}/.bashrc && \ echo "alias t=/usr/bin/terraform" >> /home/${USERNAME}/.bashrc && \ chown -R ${USERNAME}:1000 /tf/rover diff --git a/changelog.md b/changelog.md index bf78cb32..a6fde8cf 100644 --- a/changelog.md +++ b/changelog.md @@ -25,7 +25,11 @@ rover --clone-landingzones --clone-branch vnext ``` REMOVED COMMANDS -* +* launchpad.sh as now been replaced with +``` +# Clone the launchpad with the new clone command +rover launchpad_path plan -launchpad +``` # v2002 refresh diff --git a/scripts/launchpad.sh b/scripts/launchpad.sh deleted file mode 100755 index b034aec5..00000000 --- a/scripts/launchpad.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/bash - -# capture the current path -export TF_VAR_rover_version="$(echo $(cat /tf/rover/version.txt))" -current_path=$(pwd) -landingzone_name=$1 -tf_action=$2 -shift 2 - -export TF_VAR_workspace="level0" -export caf_command="launchpad" - - -while (( "$#" )); do - case "$1" in - -o|--output) - tf_output_file=$2 - shift 2 - ;; - *) # preserve positional arguments - echo "else $1" - - PARAMS+="$1 " - shift - ;; - esac -done - -tf_command=$(echo $PARAMS | sed -e 's/^[ \t]*//') - -echo "" -echo "Launchpad management tool started with:" -echo " tool is : '$(echo ${caf_command})'" -echo " tf_action is : '$(echo ${tf_action})'" -echo " tf_command is : '$(echo ${tf_command})'" -echo " landingzone is : '$(echo ${landingzone_name})'" -echo " workspace is : '$(echo ${TF_VAR_workspace})'" -echo "" - - -set -ETe -trap 'error ${LINENO}' ERR 1 2 3 6 - -source /tf/rover/functions.sh -source /tf/rover/banner.sh - -verify_azure_session - - - -# Trying to retrieve the terraform state storage account id -id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].id) - -function launchpad_opensource { - - case "${id}" in - "null") - echo "No launchpad found." - - if [ "${tf_action}" == "destroy" ]; then - if [ -e "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/$(basename ${landingzone_name}).tfstate" ]; then - echo "Recover from an un-finished initialisation" - destroy - else - rm -rf "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}" - echo "There is no launchpad in this subscription" - fi - else - echo "Deploying from scratch the launchpad" - rm -rf "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}" - initialize_state - display_instructions - fi - ;; - '') - error ${LINENO} "you must login to an Azure subscription first or logout / login again" 2 - ;; - *) - - if [ -e "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/$(basename ${landingzone_name}).tfstate" ]; then - echo "Recover from an un-finished initialisation" - if [ "${tf_action}" == "destroy" ]; then - destroy - else - initialize_state - fi - exit 0 - else - case "${tf_action}" in - "destroy") - destroy_from_remote_state - ;; - "plan"|"apply") - deploy_from_remote_state - ;; - *) - get_launchpad_coordinates - display_instructions - ;; - esac - fi - ;; - esac - - -} - -function landing_zone { - case "${tf_action}" in - "list") - echo "Listing the deployed landing zones" - list_deployed_landingzones - ;; - *) - echo "launchpad landing_zone [ list | unlock [landing_zone_tfstate_name]]" - ;; - esac -} - -## Workspaces are used to isolate environments like sandpit, dev, sit, production -function workspace { - - if [ "${id}" == "null" ]; then - display_launchpad_instructions - exit 1000 - fi - - case "${tf_action}" in - "list") - workspace_list - ;; - "create") - workspace_create ${tf_command} - ;; - "delete") - ;; - *) - echo "launchpad workspace [ list | create | delete ]" - ;; - esac -} - -case "${landingzone_name}" in - "landing_zone") - landing_zone - ;; - "workspace") - workspace - ;; - "") - if [ "${id}" == "null" ]; then - display_launchpad_instructions - exit 1000 - else - get_launchpad_coordinates - display_instructions - fi - ;; - *) - launchpad_opensource "level0" -esac - -clean_up_variables \ No newline at end of file From 10bad22f64a492b9eb2420e6f722a91493ff674e Mon Sep 17 00:00:00 2001 From: lolorol Date: Thu, 9 Jul 2020 01:07:11 +0000 Subject: [PATCH 06/23] Cleanup dockerfile --- Dockerfile | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9eb7ab89..77263dd7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,18 +50,6 @@ FROM golang:1.13 as tfsec # to force the docker cache to invalidate when there is a new version RUN env GO111MODULE=on go get -u github.com/liamg/tfsec/cmd/tfsec -# ########################################################### -# # Getting latest version of Azure DevOps Terraform provider -# ########################################################### -# FROM golang:1.13 as devops - -# # to force the docker cache to invalidate when there is a new version -# ADD https://api.github.com/repos/microsoft/terraform-provider-azuredevops/git/refs/heads/master version.json -# RUN cd /tmp && \ -# git clone https://github.com/microsoft/terraform-provider-azuredevops.git && \ -# cd terraform-provider-azuredevops && \ -# ./scripts/build.sh - ########################################################### # Getting latest version of Azure CAF Terraform provider ########################################################### @@ -220,7 +208,6 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu chmod 0440 /etc/sudoers.d/${USERNAME} # Add Community terraform providers -# COPY --from=devops /tmp/terraform-provider-azuredevops/bin /bin/ COPY --from=azurecaf /tmp/terraform-provider-azurecaf/terraform-provider-azurecaf /bin/ COPY --from=msgraph /tmp/terraform-provider-msgraph/terraform-provider-msgraph /bin/ COPY --from=tfsec /go/bin/tfsec /bin/ From 9d48f0ab0465ea02f4c40e41ebbbca6b8c935bf7 Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 14 Jul 2020 03:41:37 +0000 Subject: [PATCH 07/23] Refactor the command logic for more scalability --- scripts/functions.sh | 170 ++++++++++++++++++++++++++++++++----------- scripts/rover.sh | 153 +++++++++++++++++++------------------- 2 files changed, 202 insertions(+), 121 deletions(-) diff --git a/scripts/functions.sh b/scripts/functions.sh index 2484ae24..02d8e523 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -25,6 +25,32 @@ exit_if_error() { } } +function process_actions { + echo "@calling process_actions" + verify_azure_session + + case "${caf_command}" in + "workspace") + workspace ${tf_command} + exit 0 + ;; + "clone") + clone_repository + exit 0 + ;; + "landingzone_mgmt") + landing_zone ${tf_command} + exit 0 + ;; + launchpad|landingzone) + verify_parameters + deploy ${TF_VAR_workspace} + ;; + *) + display_instructions + esac +} + function display_login_instructions { echo "" echo "To login the rover to azure:" @@ -58,7 +84,11 @@ function display_instructions { function display_launchpad_instructions { echo "" echo "You need to deploy the launchpad from the rover by running:" - echo " rover /tf/caf/landingzones/launchpad apply -launchpad" + if [ -z "${TF_VAR_environment}" ]; then + echo " rover /tf/caf/landingzones/launchpad apply -launchpad" + else + echo " rover /tf/caf/landingzones/launchpad apply -launchpad -env ${TF_VAR_environment}" + fi echo "" } @@ -66,10 +96,19 @@ function display_launchpad_instructions { function verify_parameters { echo "@calling verify_parameters" - # Must provide an action when the tf_command is set - if [ -z "${tf_action}" ] && [ ! -z "${tf_command}" ]; then - display_instructions - error ${LINENO} "landingzone and action must be set" 11 + if [ -z "${landingzone_name}" ]; then + echo "landingzone : '' (not specified)" + else + echo "landingzone : '$(echo ${landingzone_name})'" + cd ${landingzone_name} + export TF_VAR_tf_name=${TF_VAR_tf_name:="$(basename $(pwd)).tfstate"} + export TF_VAR_tf_plan=${TF_VAR_tf_plan:="$(basename $(pwd)).tfplan"} + + # Must provide an action when the tf_command is set + if [ -z "${tf_action}" ] && [ ! -z "${tf_command}" ]; then + display_instructions + error ${LINENO} "action and action must be set when deploying a landing zone" 11 + fi fi } @@ -78,7 +117,7 @@ function verify_parameters { function verify_azure_session { echo "@calling verify_azure_session" - if [ "${landingzone_name}" == "login" ]; then + if [ "${caf_command}" == "login" ]; then echo "" echo "Checking existing Azure session" session=$(az account show 2>/dev/null || true) @@ -106,7 +145,7 @@ function verify_azure_session { exit fi - if [ "${landingzone_name}" == "logout" ]; then + if [ "${caf_command}" == "logout" ]; then echo "Closing Azure session" az logout || true @@ -187,8 +226,8 @@ function initialize_state { # Create sandpit workspace get_storage_id - workspace_create "sandpit" - workspace_create ${TF_VAR_workspace} + workspace create "sandpit" + workspace create ${TF_VAR_workspace} upload_tfstate ;; "validate") @@ -707,6 +746,32 @@ function deploy_landingzone { ##### workspace functions +## Workspaces are used for an additional level of isolation. Mainly used by CI +function workspace { + + echo "@calling workspace function with $@" + get_storage_id + + if [ "${id}" == "null" ]; then + display_launchpad_instructions + exit 1000 + fi + + case "${1}" in + "list") + workspace_list + ;; + "create") + workspace_create ${2} + ;; + "delete") + workspace_delete ${2} + ;; + *) + echo "launchpad workspace [ list | create | delete ]" + ;; + esac +} function workspace_list { echo "@calling workspace_list" @@ -747,6 +812,26 @@ function workspace_create { echo "" } +function workspace_delete { + echo "@calling workspace_delete" + + stg=$(az storage account show --ids ${id} -o json) + + export storage_account_name=$(echo ${stg} | jq -r .name) + + echo " Delete $1 workspace" + echo "" + az storage container delete \ + --name $1 \ + --auth-mode login \ + --account-name ${storage_account_name} + + mkdir -p ${TF_DATA_DIR}/tfstates/${TF_VAR_workspace} + + echo "" +} + + function clean_up_variables { echo "@calling clean_up_variables" @@ -804,6 +889,7 @@ function get_logged_user_object_id { function deploy { + get_storage_id case "${id}" in "null") @@ -876,51 +962,48 @@ function deploy { } function landing_zone { - case "${tf_action}" in - "list") - echo "Listing the deployed landing zones" - list_deployed_landingzones - ;; - *) - echo "launchpad landing_zone [ list | unlock [landing_zone_tfstate_name]]" - ;; - esac -} - -## Workspaces are used to isolate environments like sandpit, dev, sit, production -function workspace { - - if [ "${id}" == "null" ]; then - display_launchpad_instructions - exit 1000 - fi + echo "@calling landing_zone" + + get_storage_id - case "${tf_action}" in - "list") - workspace_list - ;; - "create") - workspace_create ${tf_command} - ;; - "delete") - ;; - *) - echo "launchpad workspace [ list | create | delete ]" - ;; - esac + case "${1}" in + "list") + echo "Listing the deployed landing zones" + list_deployed_landingzones + ;; + *) + echo "rover landingzone [ list ]" + ;; + esac } + function get_storage_id { echo "@calling get_storage_id" #1510 launchpad version id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].id) if [ ${id} == null ]; then id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}'].{id:id}" -o json | jq -r .[0].id) + if [ ${id} == null ] && [ "${caf_action}" != "launchpad" } ]; then + # Check if other launchpad are installed + id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}'].{id:id}" -o json | jq -r .[0].id) + + if [ ${id} == null ]; then + display_launchpad_instructions + exit 1000 + else + echo "There is no launchpad in the environment: ${TF_VAR_environment}" + echo "List of the other launchpad deployed" + az storage account list --query "[?tags.tfstate=='${TF_VAR_level}'].{name:name,environment:tags.environment, launchpad:tags.launchpad}" -o table + + exit 0 + fi + fi fi } -function verify_clone_repository { +function clone_repository { echo "@calling verify_clone_repository" if [[ "${clone_landingzone}" == "true" || "${clone_launchpad}" == "true" ]]; then @@ -933,7 +1016,6 @@ function verify_clone_repository { rm -rf /tf/caf/landingzones mkdir -p /tf/caf/landingzones curl https://codeload.github.com/Azure/caf-terraform-landingzones/tar.gz/${landingzone_branch} --fail --silent --show-error | tar -zxv --strip=2 -C /tf/caf/landingzones ${launchpad_path} - - exit 0 fi -} \ No newline at end of file +} + diff --git a/scripts/rover.sh b/scripts/rover.sh index ccfad847..4cbd6b64 100755 --- a/scripts/rover.sh +++ b/scripts/rover.sh @@ -5,9 +5,31 @@ # deploy a landingzone with # rover [landingzone_folder_name] [plan | apply | destroy] [parameters] +source /tf/rover/functions.sh +source /tf/rover/banner.sh + +export TF_VAR_workspace=${TF_VAR_workspace:="sandpit"} +export TF_VAR_environment=${TF_VAR_environment:="sandpit"} +export TF_VAR_rover_version=$(echo $(cat /tf/rover/version.txt)) +export TF_VAR_level=${TF_VAR_level:="level0"} +export caf_command="rover" + + +current_path=$(pwd) + while (( "$#" )); do case "${1}" in + -lz|--landingzone) + export caf_command="landingzone" + export landingzone_name=${2} + shift 2 + ;; + -a|--action) + export tf_action=${2} + shift 2 + ;; --clone-launchpad) + export caf_command="clone" export landingzone_branch=${landingzone_branch:="master"} export clone_launchpad="true" export clone_landingzone="false" @@ -15,6 +37,7 @@ while (( "$#" )); do shift 1 ;; --clone-landingzones) + export caf_command="clone" export landingzone_branch=${landingzone_branch:="master"} export clone_landingzone="true" export clone_launchpad="false" @@ -26,116 +49,92 @@ while (( "$#" )); do echo "cloning branch ${landingzone_branch}" shift 2 ;; - *) - break + workspace) + shift 1 + export caf_command="workspace" ;; - esac -done - -source /tf/rover/functions.sh -source /tf/rover/banner.sh - -verify_clone_repository - -current_path=$(pwd) -landingzone_name=$1 -tf_action=$2 -shift 2 - -cd ${landingzone_name} - -export TF_VAR_workspace=${TF_VAR_workspace:="sandpit"} -export TF_VAR_environment=${TF_VAR_environment:="sandpit"} -export TF_VAR_rover_version=$(echo $(cat /tf/rover/version.txt)) -export TF_VAR_tf_name=${TF_VAR_tf_name:="$(basename $(pwd)).tfstate"} -export TF_VAR_tf_plan=${TF_VAR_tf_plan:="$(basename $(pwd)).tfplan"} -export TF_VAR_level=${TF_VAR_level:="level0"} -export caf_command="rover" - - -while (( "$#" )); do - case "${1}" in - -o|--output) - tf_output_file=${2} - shift 2 + landingzone) + shift 1 + export caf_command="landingzone_mgmt" ;; - -w|--workspace) - export TF_VAR_workspace=${2} - shift 2 - echo "set workspace to ${TF_VAR_workspace}" + login) + shift 1 + export caf_command="login" ;; - -env|--environment) - export TF_VAR_environment=${2} - shift 2 + logout) + shift 1 + export caf_command="logout" ;; -tfstate) export TF_VAR_tf_name="${2}.tfstate" export TF_VAR_tf_plan="${2}.tfplan" shift 2 ;; - -level) - export TF_VAR_level=${2} + -env|--environment) + export TF_VAR_environment=${2} shift 2 ;; -launchpad) export caf_command="launchpad" export TF_VAR_workspace="level0" shift 1 - echo "set rover to mode ${caf_command}" - echo "set workspace to level0" + ;; + -o|--output) + tf_output_file=${2} + shift 2 + ;; + -w|--workspace) + export TF_VAR_workspace=${2} + shift 2 + ;; + -level) + export TF_VAR_level=${2} + shift 2 ;; *) # preserve positional arguments - PARAMS+="${1} " shift ;; esac done + set -ETe trap 'error ${LINENO}' ERR 1 2 3 6 - tf_command=$(echo $PARAMS | sed -e 's/^[ \t]*//') echo "" - echo "mode : '$(echo ${caf_command})'" +echo "terraform command output file : '$(echo ${tf_output_file})'" echo "tf_action : '$(echo ${tf_action})'" -echo "tf_command : '$(echo ${tf_command})'" -echo "landingzone : '$(echo ${landingzone_name})'" -echo "terraform command output file : '$(echo ${tf_output_file})' " +echo "command and parameters : '$(echo ${tf_command})'" echo "level (current) : '$(echo ${TF_VAR_level})'" echo "environment : '$(echo ${TF_VAR_environment})'" -# echo "workspace : '$(echo ${TF_VAR_workspace})'" +echo "workspace : '$(echo ${TF_VAR_workspace})'" echo "tfstate : '$(echo ${TF_VAR_tf_name})'" echo "" -verify_azure_session -verify_parameters - -cd ${landingzone_name} - -# Trying to retrieve the terraform state storage account id -get_storage_id - -case "${landingzone_name}" in - "landing_zone") - landing_zone - ;; - "workspace") - workspace - ;; - "") - if [ "${id}" == "null" ]; then - display_launchpad_instructions - exit 1000 - else - # login_as_launchpad - # get_launchpad_coordinates - display_instructions - fi - ;; - *) - deploy ${TF_VAR_workspace} -esac \ No newline at end of file +process_actions +# verify_clone_repository + + + +# # Trying to retrieve the terraform state storage account id +# get_storage_id + +# case "${landingzone_name}" in +# "landing_zone") +# landing_zone +# ;; +# "") +# if [ "${id}" == "null" ]; then +# display_launchpad_instructions +# exit 1000 +# else +# display_instructions +# fi +# ;; +# *) +# deploy ${TF_VAR_workspace} +# esac \ No newline at end of file From 83ddea82f6165904f357f7c1ac10a014a9d29728 Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 14 Jul 2020 04:11:36 +0000 Subject: [PATCH 08/23] Fix a destroy condition --- scripts/functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/functions.sh b/scripts/functions.sh index 02d8e523..f5f50ec3 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -984,7 +984,7 @@ function get_storage_id { id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].id) if [ ${id} == null ]; then id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}'].{id:id}" -o json | jq -r .[0].id) - if [ ${id} == null ] && [ "${caf_action}" != "launchpad" } ]; then + if [ ${id} == null ] && [ "${caf_action}" != "launchpad" ]; then # Check if other launchpad are installed id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}'].{id:id}" -o json | jq -r .[0].id) From 662ce19259a610ad56415bfb841a8dee6b198a2b Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 14 Jul 2020 07:46:11 +0000 Subject: [PATCH 09/23] Fix command conditions + cleanup --- scripts/functions.sh | 107 +++++++++++++++++++++---------------------- scripts/rover.sh | 10 +++- 2 files changed, 60 insertions(+), 57 deletions(-) diff --git a/scripts/functions.sh b/scripts/functions.sh index f5f50ec3..7333025d 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -30,15 +30,15 @@ function process_actions { verify_azure_session case "${caf_command}" in - "workspace") + workspace) workspace ${tf_command} exit 0 ;; - "clone") + clone) clone_repository exit 0 ;; - "landingzone_mgmt") + landingzone_mgmt) landing_zone ${tf_command} exit 0 ;; @@ -54,7 +54,7 @@ function process_actions { function display_login_instructions { echo "" echo "To login the rover to azure:" - echo " rover login [tenant_name.onmicrosoft.com or tenant_guid (optional)] [subscription_id_to_target(optional)]" + echo " rover login -tenant [tenant_name.onmicrosoft.com or tenant_guid (optional)] -subscription [subscription_id_to_target(optional)]" echo "" echo " rover logout" echo "" @@ -66,7 +66,7 @@ function display_login_instructions { function display_instructions { echo "" echo "You can deploy a landingzone with the rover by running:" - echo " rover [landingzone_folder_name] [plan|apply|destroy]" + echo " rover -lz [landingzone_folder_name] -a [plan|apply|destroy]" echo "" echo "List of the landingzones loaded in the rover:" @@ -85,9 +85,9 @@ function display_launchpad_instructions { echo "" echo "You need to deploy the launchpad from the rover by running:" if [ -z "${TF_VAR_environment}" ]; then - echo " rover /tf/caf/landingzones/launchpad apply -launchpad" + echo " rover -lz /tf/caf/landingzones/launchpad -a apply -launchpad" else - echo " rover /tf/caf/landingzones/launchpad apply -launchpad -env ${TF_VAR_environment}" + echo " rover -lz /tf/caf/landingzones/launchpad -a apply -launchpad -env ${TF_VAR_environment}" fi echo "" } @@ -105,9 +105,9 @@ function verify_parameters { export TF_VAR_tf_plan=${TF_VAR_tf_plan:="$(basename $(pwd)).tfplan"} # Must provide an action when the tf_command is set - if [ -z "${tf_action}" ] && [ ! -z "${tf_command}" ]; then + if [ -z "${tf_action}" ]; then display_instructions - error ${LINENO} "action and action must be set when deploying a landing zone" 11 + error ${LINENO} "action must be set when deploying a landing zone" 11 fi fi } @@ -128,17 +128,17 @@ function verify_azure_session { unset ARM_CLIENT_ID unset ARM_CLIENT_SECRET - if [ ! -z "${tf_action}" ]; then - echo "Login to azure with tenant ${tf_action}" - ret=$(az login --tenant ${tf_action} >/dev/null >&1) + if [ ! -z "${tenant}" ]; then + echo "Login to azure with tenant ${tenant}" + ret=$(az login --tenant ${tenant} >/dev/null >&1) else ret=$(az login >/dev/null >&1) fi # the second parameter would be the subscription id to target - if [ "${tf_command}" != "login" ] && [ ! -z "${tf_command}" ]; then - echo "Set default subscription to ${tf_command}" - az account set -s ${tf_command} + if [ ! -z "${subscription}" ]; then + echo "Set default subscription to ${subscription}" + az account set -s ${subscription} fi az account show @@ -168,28 +168,28 @@ function verify_azure_session { } -# Verifies the landingzone exist in the rover -function verify_landingzone { - echo "@calling verifiy_landingzone" +# # Verifies the landingzone exist in the rover +# function verify_landingzone { +# echo "@calling verifiy_landingzone" - if [ -z "${landingzone_name}" ] && [ -z "${tf_action}" ] && [ -z "${tf_command}" ]; then - # get_remote_state_details - login_as_launchpad +# if [ -z "${landingzone_name}" ] && [ -z "${tf_action}" ] && [ -z "${tf_command}" ]; then +# # get_remote_state_details +# login_as_launchpad - if [ -z ${TF_VAR_lowerlevel_storage_account_name} ]; then - display_launchpad_instructions - else - display_instructions - fi - else - echo "Verify the landingzone folder exist in the rover" - readlink -f "${landingzone_name}" - if [ $? -ne 0 ]; then - display_instructions - error ${LINENO} "landingzone does not exist" 12 - fi - fi -} +# if [ -z ${TF_VAR_lowerlevel_storage_account_name} ]; then +# display_launchpad_instructions +# else +# display_instructions +# fi +# else +# echo "Verify the landingzone folder exist in the rover" +# readlink -f "${landingzone_name}" +# if [ $? -ne 0 ]; then +# display_instructions +# error ${LINENO} "landingzone does not exist" 12 +# fi +# fi +# } function initialize_state { echo "@calling initialize_state" @@ -260,8 +260,6 @@ function deploy_from_remote_state { login_as_launchpad - # get_launchpad_coordinates - deploy_landingzone cd "${current_path}" @@ -410,14 +408,14 @@ function login_as_launchpad { export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}" launchpad_mode=$(az keyvault secret show -n launchpad-mode --vault-name ${keyvault} -o json | jq -r .value) && echo " - launchpad mode: ${launchpad_mode}" - if [ ${launchpad_mode} == "launchpad" ]; then + if [ ${caf_command} == "launchpad" ]; then echo "Set terraform provider context to Azure AD application launchpad " export ARM_CLIENT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}" export ARM_CLIENT_SECRET=$(az keyvault secret show -n ${SECRET_PREFIX}-client-secret --vault-name ${keyvault} -o json | jq -r .value) export ARM_TENANT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}" fi - if [ ${caf_command} == "rover" ] && [ ${launchpad_mode} == "launchpad" ]; then + if [ ${caf_command} == "landingzone" ] && [ ${launchpad_mode} == "launchpad" ]; then echo "rover mode" if [ ${TF_VAR_lowerlevel_key} == ${TF_VAR_tf_name} ] && [ ${tf_action} == "destroy" ]; then @@ -455,7 +453,7 @@ function login_as_launchpad_1510 { export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}" - if [ ${caf_command} == "rover" ] && [ "${caf_launchpad}" == "launchpad_opensource" ]; then + if [ ${caf_command} == "landingzone" ] && [ "${launchpad_mode}" == "launchpad_opensource" ]; then echo "" echo "Impersonating with the launchpad service principal to deploy the landingzone" @@ -563,7 +561,7 @@ function destroy { get_logged_user_object_id - if [ $(whoami) == "vscode" ] && [ ${TF_VAR_user_type} != "user" ] && [ "${caf_command}" == "launchpad" ] && []; then + if [ $(whoami) == "vscode" ] && [ ${TF_VAR_user_type} != "user" ] && [ "${caf_command}" == "launchpad" ]; then error "You must be connected with the user who did the original launchpad initialization to destroy it" fi @@ -697,21 +695,17 @@ function deploy_landingzone { mkdir -p "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}" - # get_remote_state_details - # login_as_launchpad - export ARM_ACCESS_KEY=$(az storage account keys list --account-name ${TF_VAR_lowerlevel_storage_account_name} --resource-group ${TF_VAR_lowerlevel_resource_group_name} -o json | jq -r .[0].value) - terraform init \ - -reconfigure \ - -backend=true \ - -get-plugins=true \ - -upgrade=true \ - -backend-config storage_account_name=${TF_VAR_lowerlevel_storage_account_name} \ - -backend-config container_name=${TF_VAR_workspace} \ - -backend-config access_key=${ARM_ACCESS_KEY} \ - -backend-config key=${TF_VAR_tf_name} + -reconfigure \ + -backend=true \ + -get-plugins=true \ + -upgrade=true \ + -backend-config storage_account_name=${TF_VAR_lowerlevel_storage_account_name} \ + -backend-config container_name=${TF_VAR_workspace} \ + -backend-config access_key=${ARM_ACCESS_KEY} \ + -backend-config key=${TF_VAR_tf_name} RETURN_CODE=$? && echo "Terraform init return code ${RETURN_CODE}" @@ -844,6 +838,7 @@ function clean_up_variables { unset ARM_TENANT_ID unset ARM_SUBSCRIPTION_ID unset ARM_CLIENT_ID + unset ARM_USE_MSI unset TF_VAR_rover_pilot_application_id unset ARM_CLIENT_SECRET unset TF_VAR_logged_user_objectId @@ -932,8 +927,8 @@ function deploy { if [ -e "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}" ]; then echo "Recover from an un-finished previous execution" if [ "${tf_action}" == "destroy" ]; then - if [ "${caf_command}" == "rover" ]; then - login_as_launchpad + if [ "${caf_command}" == "landingzone" ]; then + login_as_launchpad fi destroy else @@ -984,7 +979,7 @@ function get_storage_id { id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].id) if [ ${id} == null ]; then id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}'].{id:id}" -o json | jq -r .[0].id) - if [ ${id} == null ] && [ "${caf_action}" != "launchpad" ]; then + if [ ${id} == null ] && [ "${caf_command}" != "launchpad" ]; then # Check if other launchpad are installed id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}'].{id:id}" -o json | jq -r .[0].id) diff --git a/scripts/rover.sh b/scripts/rover.sh index 4cbd6b64..5719f2d8 100755 --- a/scripts/rover.sh +++ b/scripts/rover.sh @@ -3,7 +3,7 @@ # Initialize the launchpad first with rover # deploy a landingzone with -# rover [landingzone_folder_name] [plan | apply | destroy] [parameters] +# rover -lz [landingzone_folder_name] -a [plan | apply | destroy] [parameters] source /tf/rover/functions.sh source /tf/rover/banner.sh @@ -61,6 +61,14 @@ while (( "$#" )); do shift 1 export caf_command="login" ;; + -t|--tenant) + export tenant=${2} + shift 2 + ;; + -s|--subscription) + export subscription=${2} + shift 2 + ;; logout) shift 1 export caf_command="logout" From 3ebe25c7865b95e14c173f781b75372bc170567b Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 14 Jul 2020 09:19:15 +0000 Subject: [PATCH 10/23] Fix rover clone --- scripts/functions.sh | 18 ++++--- scripts/rover.sh | 121 +++++++++++++++++++------------------------ 2 files changed, 64 insertions(+), 75 deletions(-) diff --git a/scripts/functions.sh b/scripts/functions.sh index 7333025d..8cbc9f26 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -66,7 +66,7 @@ function display_login_instructions { function display_instructions { echo "" echo "You can deploy a landingzone with the rover by running:" - echo " rover -lz [landingzone_folder_name] -a [plan|apply|destroy]" + echo " rover -lz [landingzone_folder_name] -a [plan|apply|destroy|validate]" echo "" echo "List of the landingzones loaded in the rover:" @@ -98,6 +98,10 @@ function verify_parameters { if [ -z "${landingzone_name}" ]; then echo "landingzone : '' (not specified)" + if [ ${caf_command} == "launchpad" ]; then + display_instructions + error ${LINENO} "action must be set when deploying a landing zone" 11 + fi else echo "landingzone : '$(echo ${landingzone_name})'" cd ${landingzone_name} @@ -940,12 +944,10 @@ function deploy { "destroy") destroy_from_remote_state ;; - "plan"|"apply") + "plan"|"apply"|"validate") deploy_from_remote_state ;; *) - login_as_launchpad - # get_launchpad_coordinates display_instructions ;; esac @@ -984,7 +986,11 @@ function get_storage_id { id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}'].{id:id}" -o json | jq -r .[0].id) if [ ${id} == null ]; then - display_launchpad_instructions + if [ ${TF_VAR_level} != "level0" ]; then + echo "Multi-level support is not yet support. Coming soon." + else + display_launchpad_instructions + fi exit 1000 else echo "There is no launchpad in the environment: ${TF_VAR_environment}" @@ -1006,9 +1012,9 @@ function clone_repository { if [ "${clone_launchpad}" == "true" ]; then launchpad_path="caf-terraform-landingzones-${landingzone_branch}/landingzones/launchpad" + rm -rf /tf/caf/landingzones/launchpad fi - rm -rf /tf/caf/landingzones mkdir -p /tf/caf/landingzones curl https://codeload.github.com/Azure/caf-terraform-landingzones/tar.gz/${landingzone_branch} --fail --silent --show-error | tar -zxv --strip=2 -C /tf/caf/landingzones ${launchpad_path} fi diff --git a/scripts/rover.sh b/scripts/rover.sh index 5719f2d8..68cd6bd2 100755 --- a/scripts/rover.sh +++ b/scripts/rover.sh @@ -18,64 +18,69 @@ export caf_command="rover" current_path=$(pwd) while (( "$#" )); do - case "${1}" in + case "${1}" in -lz|--landingzone) - export caf_command="landingzone" - export landingzone_name=${2} - shift 2 - ;; + export caf_command="landingzone" + export landingzone_name=${2} + export TF_VAR_tf_name=${TF_VAR_tf_name:="$(basename ${landingzone_name}).tfstate"} + shift 2 + ;; -a|--action) - export tf_action=${2} - shift 2 - ;; + export tf_action=${2} + shift 2 + ;; --clone-launchpad) - export caf_command="clone" - export landingzone_branch=${landingzone_branch:="master"} - export clone_launchpad="true" - export clone_landingzone="false" - echo "cloning launchpad" - shift 1 - ;; + export caf_command="clone" + export landingzone_branch=${landingzone_branch:="master"} + export clone_launchpad="true" + export clone_landingzone="false" + echo "cloning launchpad" + shift 1 + ;; --clone-landingzones) - export caf_command="clone" - export landingzone_branch=${landingzone_branch:="master"} - export clone_landingzone="true" - export clone_launchpad="false" - echo "cloning landingzone" - shift 1 - ;; + export caf_command="clone" + export landingzone_branch=${landingzone_branch:="master"} + export clone_landingzone="true" + export clone_launchpad="false" + echo "cloning landingzone" + shift 1 + ;; --clone-branch) - export landingzone_branch=${2} - echo "cloning branch ${landingzone_branch}" - shift 2 - ;; + export landingzone_branch=${2} + echo "cloning branch ${landingzone_branch}" + shift 2 + ;; workspace) - shift 1 - export caf_command="workspace" - ;; + shift 1 + export caf_command="workspace" + ;; landingzone) - shift 1 - export caf_command="landingzone_mgmt" - ;; + shift 1 + export caf_command="landingzone_mgmt" + ;; login) - shift 1 - export caf_command="login" - ;; + shift 1 + export caf_command="login" + ;; -t|--tenant) - export tenant=${2} - shift 2 - ;; + export tenant=${2} + shift 2 + ;; -s|--subscription) - export subscription=${2} - shift 2 - ;; + export subscription=${2} + shift 2 + ;; logout) - shift 1 - export caf_command="logout" - ;; + shift 1 + export caf_command="logout" + ;; -tfstate) - export TF_VAR_tf_name="${2}.tfstate" - export TF_VAR_tf_plan="${2}.tfplan" + export TF_VAR_tf_name=${2} + if [ ${TF_VAR_tf_name##*.} != "tfstate" ]; then + echo "tfstate name extension must be .tfstate" + exit 50 + fi + export TF_VAR_tf_plan="${TF_VAR_tf_name%.*}.tfplan" shift 2 ;; -env|--environment) @@ -95,7 +100,7 @@ while (( "$#" )); do export TF_VAR_workspace=${2} shift 2 ;; - -level) + -l|-level) export TF_VAR_level=${2} shift 2 ;; @@ -124,25 +129,3 @@ echo "tfstate : '$(echo ${TF_VAR_tf_name})'" echo "" process_actions -# verify_clone_repository - - - -# # Trying to retrieve the terraform state storage account id -# get_storage_id - -# case "${landingzone_name}" in -# "landing_zone") -# landing_zone -# ;; -# "") -# if [ "${id}" == "null" ]; then -# display_launchpad_instructions -# exit 1000 -# else -# display_instructions -# fi -# ;; -# *) -# deploy ${TF_VAR_workspace} -# esac \ No newline at end of file From 1d832931fb3a27d9d43e9df3d411853ac190172d Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 14 Jul 2020 11:28:44 +0000 Subject: [PATCH 11/23] Fix a CI destroy condition --- scripts/functions.sh | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/scripts/functions.sh b/scripts/functions.sh index 8cbc9f26..f02c6876 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -412,16 +412,20 @@ function login_as_launchpad { export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}" launchpad_mode=$(az keyvault secret show -n launchpad-mode --vault-name ${keyvault} -o json | jq -r .value) && echo " - launchpad mode: ${launchpad_mode}" - if [ ${caf_command} == "launchpad" ]; then - echo "Set terraform provider context to Azure AD application launchpad " + # if [ ${caf_command} == "launchpad" ]; then + # echo "Set terraform provider context to Azure AD application launchpad " + # export ARM_CLIENT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}" + # export ARM_CLIENT_SECRET=$(az keyvault secret show -n ${SECRET_PREFIX}-client-secret --vault-name ${keyvault} -o json | jq -r .value) + # export ARM_TENANT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}" + # fi + + if [ ${caf_command} == "landingzone" ] && [ ${launchpad_mode} == "launchpad" ]; then + + echo "Set terraform provider context to Azure AD application launchpad " export ARM_CLIENT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}" export ARM_CLIENT_SECRET=$(az keyvault secret show -n ${SECRET_PREFIX}-client-secret --vault-name ${keyvault} -o json | jq -r .value) export ARM_TENANT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}" - fi - - if [ ${caf_command} == "landingzone" ] && [ ${launchpad_mode} == "launchpad" ]; then - echo "rover mode" if [ ${TF_VAR_lowerlevel_key} == ${TF_VAR_tf_name} ] && [ ${tf_action} == "destroy" ]; then error "You must run the rover in launchpad mode to destroy the launchpad" fi From 08f3e0818e1ec2b8766d5ac3508c3228a901c27b Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 17 Jul 2020 10:31:37 +0000 Subject: [PATCH 12/23] #56 --- .devcontainer/docker-compose.yml | 4 +- .gitignore | 1 + Dockerfile | 1 + scripts/clone.sh | 176 +++++++++++++++++++++++++++++++ scripts/functions.sh | 19 +--- scripts/rover.sh | 20 ++-- 6 files changed, 187 insertions(+), 34 deletions(-) create mode 100644 scripts/clone.sh diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index 41e946d1..00fcfada 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -6,8 +6,8 @@ version: '3.7' services: rover: - image: aztfmod/roverdev:vnext - + image: aztfmod/rover:latest + labels: - "caf=Azure CAF" diff --git a/.gitignore b/.gitignore index 771d7988..da04f020 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ **/~*.* **/*.log version.txt +landingzones diff --git a/Dockerfile b/Dockerfile index 77263dd7..66797fb5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -217,6 +217,7 @@ WORKDIR /tf/rover COPY ./scripts/rover.sh . COPY ./scripts/functions.sh . COPY ./scripts/banner.sh . +COPY ./scripts/clone.sh . COPY --from=rover_version version.txt /tf/rover/version.txt RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \ diff --git a/scripts/clone.sh b/scripts/clone.sh new file mode 100644 index 00000000..355145b4 --- /dev/null +++ b/scripts/clone.sh @@ -0,0 +1,176 @@ +#!/bin/bash + +export clone_destination=${clone_destination:="/tf/caf/landingzones"} +export clone_folder=${clone_folder:="/"} +export clone_folder_strip=${clone_folder_strip:=2} +export clone_project_name=${clone_project_name:="Azure/caf-terraform-landingzones"} +export landingzone_branch=${landingzone_branch:="master"} + +current_path=$(pwd) + + +function display_clone_instructions { + + while (( "$#" )); do + case "${1}" in + --intro) + echo + echo "Rover clone is used to bring the landing zones dependencies you need to deploy your landing zone" + echo + shift 1 + ;; + --clone) + display_clone_instructions --intro --examples --clone-branch --clone-destination --clone-folder --clone-folder-strip + echo "--clone specify a GitHub organization and project in the for org/project" + echo " The default setting if not set is azure/caf-terraform-landingzones" + echo + shift 1 + ;; + --clone-branch) + echo "--clone-branch set the branch to pull the package." + echo " By default is not set use the master branch." + echo + shift 1 + ;; + --clone-destination) + echo "--clone-destination change the destination local folder." + echo " By default clone the package into the /tf/caf/landingzones folder of the rover" + echo + shift 1 + ;; + --clone-folder) + echo "--clone-folder specify the folder to extract from the original project" + echo + echo " Example: --clone-folder /landingzones/landingzone_caf_foundations will only extract the caf foundations landing zone" + echo + shift 1 + ;; + --clone-folder-strip) + echo "--clone-folder-strip is used strip the base folder structure from the original folder" + echo + echo " In the GitHub package of azure/caf-terraform-landingzones, the data are packaged in the following structure" + echo " caf-terraform-landingzones-master/landingzones/launchpad/main.tf" + echo " [project]-[branch]/landgingzones/[landingzone]" + echo " To reproduce a nice folder structure in the rover it it possible to set the --clone-folder-strip to 2 to remove [project]-[branch]/landingzones and only retrieve the third level folder" + echo "" + echo " Default to 2 when using azure/caf-terraform-landingzones and 1 for all other git projects" + echo + shift 1 + ;; + --examples) + echo "By default the rover will clone the azure/caf-terraform-landingzones into the local rover folder /tf/caf/landinzones" + echo + echo "Examples:" + echo " - Clone the launchpad: rover --clone-folder /landingzones/launchpad" + echo " - Clone the launchpad in different folder: rover --clone-destination /tf/caf/landingzones/public --clone-folder /landingzones/launchpad" + echo " - Clone the launchpad (branch vnext): rover --clone-folder-strip 2 --clone-destination /tf/rover/landingzones --clone-folder /landingzones/launchpad --clone-branch vnext" + echo + echo " - Clone the CAF foundations landingzone: rover --clone-folder /landingzones/landingzone_caf_foundations" + echo " - Clone the AKS landingzone: rover --clone aztfmod/landingzone_aks --clone-destination /tf/caf/landingzones/landingzone_aks" + echo + echo + shift 1 + ;; + esac + done +} + + +function clone_repository { + echo "@calling clone_repository" + + url="https://codeload.github.com/${clone_project_name}/tar.gz/${landingzone_branch}" + + echo + echo "clone_project_name : ${clone_project_name}" + echo "landingzone_branch : ${landingzone_branch}" + echo "clone_folder : ${clone_folder}" + echo "clone_folder_strip : ${clone_folder_strip}" + echo "clone_destination : ${clone_destination}" + echo "clone_url : ${url}" + echo "" + + mkdir -p ${clone_destination} + + curl https://codeload.github.com/${clone_project_name}/tar.gz/${landingzone_branch} --fail --silent --show-error | tar -zxv --strip=${clone_folder_strip} -C ${clone_destination} "$(basename ${clone_project_name})-${landingzone_branch}${clone_folder}" + + echo + echo "Clone complete" + echo +} + +function process_clone_parameter { + echo "@calling process_clone_parameter with $@" + + + case "${1}" in + --clone) + if [ $# -eq 1 ]; then + display_clone_instructions ${1} + exit 21 + else + export caf_command="clone" + export landingzone_branch=${landingzone_branch:="master"} + export clone_project_name=${2} + export clone_folder_strip=1 + fi + ;; + --clone-branch) + echo $# + if [ $# -eq 1 ]; then + display_clone_instructions ${1} + exit 22 + else + export landingzone_branch=${2} + fi + ;; + --clone-destination) + if [ $# -eq 1 ]; then + display_clone_instructions ${1} + exit 23 + else + export clone_destination=${2} + fi + ;; + --clone-folder) + if [ $# -eq 1 ]; then + display_clone_instructions ${1} + exit 24 + else + export clone_folder=${2} + fi + ;; + --clone-folder-strip) + if [ $# -eq 1 ]; then + display_clone_instructions ${1} + exit 24 + else + export clone_folder_strip=${2} + fi + ;; + esac +} + + +# echo "running rover with $#" +# if [ $# -eq 0 ]; then +# display_clone_instructions +# exit 20 +# fi + +# while (( "$#" )); do +# case "${1}" in +# --clone|--clone-branch|--clone-folder|--clone-destination|--clone-folder-strip) +# export caf_command="clone" +# process_clone_parameter $@ +# shift 2 +# ;; +# *) # preserve positional arguments +# PARAMS+="${1} " +# shift +# ;; +# esac +# done + + +# clone_repository \ No newline at end of file diff --git a/scripts/functions.sh b/scripts/functions.sh index f02c6876..cf348d21 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -373,7 +373,7 @@ function list_deployed_landingzones { -c ${TF_VAR_workspace} \ --account-key ${access_key} \ --account-name ${storage_account_name} -o json | \ - jq -r '["lnanding zone", "size in Kb", "last modification"], (.[] | [.name, .properties.contentLength / 1024, .properties.lastModified]) | @csv' | \ + jq -r '["landing zone", "size in Kb", "last modification"], (.[] | [.name, .properties.contentLength / 1024, .properties.lastModified]) | @csv' | \ awk 'BEGIN{ FS=OFS="," }NR>1{ $2=sprintf("%.2f",$2) }1' | \ column -t -s ',' @@ -1007,20 +1007,3 @@ function get_storage_id { fi } - -function clone_repository { - echo "@calling verify_clone_repository" - - if [[ "${clone_landingzone}" == "true" || "${clone_launchpad}" == "true" ]]; then - echo "cloning respository" - - if [ "${clone_launchpad}" == "true" ]; then - launchpad_path="caf-terraform-landingzones-${landingzone_branch}/landingzones/launchpad" - rm -rf /tf/caf/landingzones/launchpad - fi - - mkdir -p /tf/caf/landingzones - curl https://codeload.github.com/Azure/caf-terraform-landingzones/tar.gz/${landingzone_branch} --fail --silent --show-error | tar -zxv --strip=2 -C /tf/caf/landingzones ${launchpad_path} - fi -} - diff --git a/scripts/rover.sh b/scripts/rover.sh index 68cd6bd2..0c88a485 100755 --- a/scripts/rover.sh +++ b/scripts/rover.sh @@ -5,6 +5,7 @@ # deploy a landingzone with # rover -lz [landingzone_folder_name] -a [plan | apply | destroy] [parameters] +source /tf/rover/clone.sh source /tf/rover/functions.sh source /tf/rover/banner.sh @@ -12,13 +13,17 @@ export TF_VAR_workspace=${TF_VAR_workspace:="sandpit"} export TF_VAR_environment=${TF_VAR_environment:="sandpit"} export TF_VAR_rover_version=$(echo $(cat /tf/rover/version.txt)) export TF_VAR_level=${TF_VAR_level:="level0"} -export caf_command="rover" current_path=$(pwd) while (( "$#" )); do case "${1}" in + --clone|--clone-branch|--clone-folder|--clone-destination|--clone-folder-strip) + export caf_command="clone" + process_clone_parameter $@ + shift 2 + ;; -lz|--landingzone) export caf_command="landingzone" export landingzone_name=${2} @@ -37,19 +42,6 @@ while (( "$#" )); do echo "cloning launchpad" shift 1 ;; - --clone-landingzones) - export caf_command="clone" - export landingzone_branch=${landingzone_branch:="master"} - export clone_landingzone="true" - export clone_launchpad="false" - echo "cloning landingzone" - shift 1 - ;; - --clone-branch) - export landingzone_branch=${2} - echo "cloning branch ${landingzone_branch}" - shift 2 - ;; workspace) shift 1 export caf_command="workspace" From e7f4f1d71147da9e6c20e6607891da3f20ff247f Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 21 Jul 2020 14:38:13 +0000 Subject: [PATCH 13/23] Add ssh server for Azure aci --- Dockerfile | 17 ++++++++++++++++- scripts/clone.sh | 25 +------------------------ scripts/rover.sh | 3 ++- scripts/sshd_config | 18 ++++++++++++++++++ 4 files changed, 37 insertions(+), 26 deletions(-) create mode 100644 scripts/sshd_config diff --git a/Dockerfile b/Dockerfile index 66797fb5..f79a54fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -207,6 +207,17 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu echo ${USERNAME} ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/${USERNAME} && \ chmod 0440 /etc/sudoers.d/${USERNAME} +# ssh server for Azure ACI +ENV SSH_PASSWD "vscode:Caf!" +RUN yum install -y openssh-server && \ + rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_rsa_key && \ + ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_ecdsa_key && \ + ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key && \ + ssh-keygen -A && \ + echo "$SSH_PASSWD" | chpasswd +COPY ./scripts/sshd_config /etc/ssh + + # Add Community terraform providers COPY --from=azurecaf /tmp/terraform-provider-azurecaf/terraform-provider-azurecaf /bin/ COPY --from=msgraph /tmp/terraform-provider-msgraph/terraform-provider-msgraph /bin/ @@ -222,6 +233,10 @@ COPY --from=rover_version version.txt /tf/rover/version.txt RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \ echo "alias t=/usr/bin/terraform" >> /home/${USERNAME}/.bashrc && \ - chown -R ${USERNAME}:1000 /tf/rover + mkdir -p /tf/caf && \ + chown -R ${USERNAME}:1000 /tf/rover /tf/caf USER ${USERNAME} + +EXPOSE 2222 +CMD ["/usr/sbin/sshd", "-D"] \ No newline at end of file diff --git a/scripts/clone.sh b/scripts/clone.sh index 355145b4..a1158d02 100644 --- a/scripts/clone.sh +++ b/scripts/clone.sh @@ -90,6 +90,7 @@ function clone_repository { echo "clone_url : ${url}" echo "" + rm -rf ${clone_destination}/$(basename ${clone_folder}) mkdir -p ${clone_destination} curl https://codeload.github.com/${clone_project_name}/tar.gz/${landingzone_branch} --fail --silent --show-error | tar -zxv --strip=${clone_folder_strip} -C ${clone_destination} "$(basename ${clone_project_name})-${landingzone_branch}${clone_folder}" @@ -150,27 +151,3 @@ function process_clone_parameter { ;; esac } - - -# echo "running rover with $#" -# if [ $# -eq 0 ]; then -# display_clone_instructions -# exit 20 -# fi - -# while (( "$#" )); do -# case "${1}" in -# --clone|--clone-branch|--clone-folder|--clone-destination|--clone-folder-strip) -# export caf_command="clone" -# process_clone_parameter $@ -# shift 2 -# ;; -# *) # preserve positional arguments -# PARAMS+="${1} " -# shift -# ;; -# esac -# done - - -# clone_repository \ No newline at end of file diff --git a/scripts/rover.sh b/scripts/rover.sh index 0c88a485..c627e331 100755 --- a/scripts/rover.sh +++ b/scripts/rover.sh @@ -13,7 +13,8 @@ export TF_VAR_workspace=${TF_VAR_workspace:="sandpit"} export TF_VAR_environment=${TF_VAR_environment:="sandpit"} export TF_VAR_rover_version=$(echo $(cat /tf/rover/version.txt)) export TF_VAR_level=${TF_VAR_level:="level0"} - +export TF_DATA_DIR=${TF_DATA_DIR:="/home/vscode"} +export LC_ALL=en_US.UTF-8 current_path=$(pwd) diff --git a/scripts/sshd_config b/scripts/sshd_config new file mode 100644 index 00000000..d03a203a --- /dev/null +++ b/scripts/sshd_config @@ -0,0 +1,18 @@ +# +# /etc/ssh/sshd_config +# + +Port 2222 +ListenAddress 0.0.0.0 +LoginGraceTime 180 +X11Forwarding yes +Ciphers aes256-ctr,aes128-ctr,aes192-ctr +KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256 +StrictModes no +SyslogFacility DAEMON +PrintMotd no +IgnoreRhosts no +PasswordAuthentication yes +PermitEmptyPasswords no +PermitRootLogin no +LogLevel VERBOSE \ No newline at end of file From d7d3530df8624a343158a81f95427367ca0499cf Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 21 Jul 2020 14:40:00 +0000 Subject: [PATCH 14/23] Updating port for Azure bastion --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f79a54fd..0d7b53a0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -238,5 +238,5 @@ RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \ USER ${USERNAME} -EXPOSE 2222 +EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"] \ No newline at end of file From f01270c110f025b8a06eb444d2b421f162d8e4c7 Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 21 Jul 2020 15:09:55 +0000 Subject: [PATCH 15/23] Fix sshd port to 22 for aci --- scripts/sshd_config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sshd_config b/scripts/sshd_config index d03a203a..5012b826 100644 --- a/scripts/sshd_config +++ b/scripts/sshd_config @@ -2,7 +2,7 @@ # /etc/ssh/sshd_config # -Port 2222 +Port 22 ListenAddress 0.0.0.0 LoginGraceTime 180 X11Forwarding yes From 979144fc99ce886f47b42de98bd95521bc8e2f57 Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 21 Jul 2020 15:59:02 +0000 Subject: [PATCH 16/23] Regenerate sshd keys if missing --- Dockerfile | 3 ++- scripts/sshd.sh | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 scripts/sshd.sh diff --git a/Dockerfile b/Dockerfile index 0d7b53a0..a7db0ee9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -229,6 +229,7 @@ COPY ./scripts/rover.sh . COPY ./scripts/functions.sh . COPY ./scripts/banner.sh . COPY ./scripts/clone.sh . +COPY ./scripts/sshd.sh . COPY --from=rover_version version.txt /tf/rover/version.txt RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \ @@ -239,4 +240,4 @@ RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \ USER ${USERNAME} EXPOSE 22 -CMD ["/usr/sbin/sshd", "-D"] \ No newline at end of file +CMD ["/tf/rover/sshd.sh"] \ No newline at end of file diff --git a/scripts/sshd.sh b/scripts/sshd.sh new file mode 100644 index 00000000..7f7c3293 --- /dev/null +++ b/scripts/sshd.sh @@ -0,0 +1,12 @@ +#!/bin/bash +set -Eeo pipefail + +# Generate unique ssh keys , if needed +if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then + ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' +fi +if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then + ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N '' +fi + +exec /usr/sbin/sshd -D -e \ No newline at end of file From 5d3c80580a7f597f8ab601755a8479b7830c3556 Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 21 Jul 2020 16:15:30 +0000 Subject: [PATCH 17/23] Make the sshd.sh executable --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a7db0ee9..8baf269c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -235,7 +235,8 @@ COPY --from=rover_version version.txt /tf/rover/version.txt RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \ echo "alias t=/usr/bin/terraform" >> /home/${USERNAME}/.bashrc && \ mkdir -p /tf/caf && \ - chown -R ${USERNAME}:1000 /tf/rover /tf/caf + chown -R ${USERNAME}:1000 /tf/rover /tf/caf && \ + chmod +x /tf/rover/sshd.sh USER ${USERNAME} From a4ea501e3cf35c8a491f0294be38a2132085608e Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 21 Jul 2020 17:40:12 +0000 Subject: [PATCH 18/23] Run sshd in non-root container --- Dockerfile | 17 +++++++++-------- scripts/sshd.sh | 9 +++------ scripts/sshd_config | 5 ++++- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8baf269c..9cf88a77 100644 --- a/Dockerfile +++ b/Dockerfile @@ -209,13 +209,14 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu # ssh server for Azure ACI ENV SSH_PASSWD "vscode:Caf!" + RUN yum install -y openssh-server && \ - rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_rsa_key && \ - ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_ecdsa_key && \ - ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key && \ - ssh-keygen -A && \ - echo "$SSH_PASSWD" | chpasswd -COPY ./scripts/sshd_config /etc/ssh + rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_rsa_key /home/${USERNAME}/.ssh/ssh_host_rsa_key && \ + ssh-keygen -q -N "" -t rsa -b 4096 -f /home/${USERNAME}/.ssh/ssh_host_rsa_key && \ + echo "$SSH_PASSWD" | chpasswd && \ + mkdir -p /home/${USERNAME}/.ssh + +COPY ./scripts/sshd_config /home/${USERNAME}/.ssh/sshd_config # Add Community terraform providers @@ -235,10 +236,10 @@ COPY --from=rover_version version.txt /tf/rover/version.txt RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \ echo "alias t=/usr/bin/terraform" >> /home/${USERNAME}/.bashrc && \ mkdir -p /tf/caf && \ - chown -R ${USERNAME}:1000 /tf/rover /tf/caf && \ + chown -R ${USERNAME}:1000 /tf/rover /tf/caf /home/${USERNAME}/.ssh && \ chmod +x /tf/rover/sshd.sh USER ${USERNAME} EXPOSE 22 -CMD ["/tf/rover/sshd.sh"] \ No newline at end of file +CMD ["/tf/rover/sshd.sh"] \ No newline at end of file diff --git a/scripts/sshd.sh b/scripts/sshd.sh index 7f7c3293..b6b90324 100644 --- a/scripts/sshd.sh +++ b/scripts/sshd.sh @@ -2,11 +2,8 @@ set -Eeo pipefail # Generate unique ssh keys , if needed -if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then - ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' -fi -if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then - ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N '' +if [ ! -f /home/vscode/.ssh/ssh_host_rsa_key ]; then + ssh-keygen -t rsa -b 4096 -f /home/vscode/.ssh/ssh_host_rsa_key -N '' fi -exec /usr/sbin/sshd -D -e \ No newline at end of file +sudo /usr/sbin/sshd -f /home/vscode/.ssh/sshd_config -D -e \ No newline at end of file diff --git a/scripts/sshd_config b/scripts/sshd_config index 5012b826..2ec9496e 100644 --- a/scripts/sshd_config +++ b/scripts/sshd_config @@ -15,4 +15,7 @@ IgnoreRhosts no PasswordAuthentication yes PermitEmptyPasswords no PermitRootLogin no -LogLevel VERBOSE \ No newline at end of file +UsePrivilegeSeparation no +UsePam no +LogLevel VERBOSE +HostKey /home/vscode/.ssh/ssh_host_rsa_key From 1c0e441df497f878967c9426cec55d634a538079 Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 22 Jul 2020 11:10:12 +0000 Subject: [PATCH 19/23] Fix docker in non-root mode --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9cf88a77..22123c09 100644 --- a/Dockerfile +++ b/Dockerfile @@ -134,6 +134,8 @@ RUN yum -y install \ # yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \ yum -y install docker-ce-cli && \ + touch /var/run/docker.sock && \ + chmod 666 /var/run/docker.sock && \ # # Install Terraform # From 5bbfad641ceeb23c0efc55842713f38909a3eb18 Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 22 Jul 2020 11:48:49 +0000 Subject: [PATCH 20/23] Upgrade tools version Cleanup variables --- .env | 11 +++++------ docker-compose.yml | 1 - 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.env b/.env index 99ab761e..7427b86a 100644 --- a/.env +++ b/.env @@ -1,11 +1,10 @@ versionTerraform=0.12.28 -versionAzureCli=2.7.0 -versionKubectl=v1.18.2 -versionGit=2.25.0 -versionTflint=v0.16.2 +versionAzureCli=2.9.1 +versionKubectl=v1.18.6 +versionGit=2.27.0 +versionTflint=v0.18.0 versionJq=1.6 versionDockerCompose=1.25.5 -versionLaunchpadOpensource=master versionAzureCafTerraform=v.0.3.1 -versionTfsec=v0.21.0 +versionTfsec=v0.24.1 versionTerraformDocs=v0.9.1 \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 8283ecff..47c26600 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,7 +20,6 @@ services: - versionTflint - versionJq - versionDockerCompose - - versionLaunchpadOpensource - versionAzureCafTerraform - versionRover - versionTfsec From c285d26d689971dd53f95fdae1b2c2b474345967 Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 22 Jul 2020 15:11:09 +0000 Subject: [PATCH 21/23] Remove password for ssh Change ssh server config --- Dockerfile | 19 ++++++------------- scripts/sshd.sh | 10 ++++++++-- scripts/sshd_config | 4 ++-- 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index 22123c09..62b8fe3d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -92,21 +92,22 @@ ARG versionTflint ARG versionGit ARG versionJq ARG versionDockerCompose -ARG versionLaunchpadOpensource ARG versionTfsec ARG USERNAME=vscode ARG USER_UID=1000 ARG USER_GID=${USER_UID} +ARG SSH_PASSWD -ENV versionTerraform=${versionTerraform} \ +ENV SSH_PASSWD=${SSH_PASSWD} \ + USERNAME=${USERNAME} \ + versionTerraform=${versionTerraform} \ versionAzureCli=${versionAzureCli} \ versionKubectl=${versionKubectl} \ versionTflint=${versionTflint} \ versionJq=${versionJq} \ versionGit=${versionGit} \ versionDockerCompose=${versionDockerCompose} \ - versionLaunchpadOpensource=${versionLaunchpadOpensource} \ versionTfsec=${versionTfsec} \ TF_DATA_DIR="/home/${USERNAME}/.terraform.cache" \ TF_PLUGIN_CACHE_DIR="/home/${USERNAME}/.terraform.cache/plugin-cache" @@ -184,11 +185,6 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu echo "Installing pre-commit ..." && \ python3 -m pip install pre-commit && \ # - # Install graphviz - # - # echo "Installing graphviz ..." && \ - # yum -y install graphviz && \ - # # Install tflint # echo "Installing tflint ..." && \ @@ -210,12 +206,9 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu chmod 0440 /etc/sudoers.d/${USERNAME} # ssh server for Azure ACI -ENV SSH_PASSWD "vscode:Caf!" - RUN yum install -y openssh-server && \ - rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_rsa_key /home/${USERNAME}/.ssh/ssh_host_rsa_key && \ - ssh-keygen -q -N "" -t rsa -b 4096 -f /home/${USERNAME}/.ssh/ssh_host_rsa_key && \ - echo "$SSH_PASSWD" | chpasswd && \ + rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_rsa_key /home/${USERNAME}/.ssh/ssh_host_ecdsa_key && \ + ssh-keygen -q -N "" -t ecdsa -b 521 -f /home/${USERNAME}/.ssh/ssh_host_ecdsa_key && \ mkdir -p /home/${USERNAME}/.ssh COPY ./scripts/sshd_config /home/${USERNAME}/.ssh/sshd_config diff --git a/scripts/sshd.sh b/scripts/sshd.sh index b6b90324..a9b7ae7e 100644 --- a/scripts/sshd.sh +++ b/scripts/sshd.sh @@ -1,9 +1,15 @@ #!/bin/bash set -Eeo pipefail + +echo "user ${USERNAME}" +echo "password ${SSH_PASSWD}" + # Generate unique ssh keys , if needed -if [ ! -f /home/vscode/.ssh/ssh_host_rsa_key ]; then - ssh-keygen -t rsa -b 4096 -f /home/vscode/.ssh/ssh_host_rsa_key -N '' +if [ ! -f /home/vscode/.ssh/ssh_host_ecdsa_key ]; then + ssh-keygen -t ecdsa -b 521 -f /home/vscode/.ssh/ssh_host_ecdsa_key -N '' fi +echo "${USERNAME}:${SSH_PASSWD}" | sudo chpasswd + sudo /usr/sbin/sshd -f /home/vscode/.ssh/sshd_config -D -e \ No newline at end of file diff --git a/scripts/sshd_config b/scripts/sshd_config index 2ec9496e..db089cd0 100644 --- a/scripts/sshd_config +++ b/scripts/sshd_config @@ -16,6 +16,6 @@ PasswordAuthentication yes PermitEmptyPasswords no PermitRootLogin no UsePrivilegeSeparation no -UsePam no +#UsePam no LogLevel VERBOSE -HostKey /home/vscode/.ssh/ssh_host_rsa_key +HostKey /home/vscode/.ssh/ssh_host_ecdsa_key From e80fa9ba5988a537f22aecfdb0bb38bd69340cfa Mon Sep 17 00:00:00 2001 From: lolorol Date: Thu, 23 Jul 2020 00:38:32 +0000 Subject: [PATCH 22/23] Add terraform 0.12.29 --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index 7427b86a..2d69cffe 100644 --- a/.env +++ b/.env @@ -1,4 +1,4 @@ -versionTerraform=0.12.28 +versionTerraform=0.12.29 versionAzureCli=2.9.1 versionKubectl=v1.18.6 versionGit=2.27.0 From b8c31e2e5d17195728a652b107c3c0a5ca731751 Mon Sep 17 00:00:00 2001 From: lolorol Date: Thu, 23 Jul 2020 00:43:11 +0000 Subject: [PATCH 23/23] Add 0.13.0-rc1 docker image --- .github/workflows/vnext.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/vnext.yml b/.github/workflows/vnext.yml index 7c190421..f3db5532 100644 --- a/.github/workflows/vnext.yml +++ b/.github/workflows/vnext.yml @@ -52,10 +52,10 @@ jobs: - name: Build the rover (beta 0.13) run: | set -e - docker_tag=vnext-13-beta3 + docker_tag=vnext-13-rc1 # Override .env variable - export versionTerraform="0.13.0-beta3" + export versionTerraform="0.13.0-rc1" # Build the rover base image docker-compose build --build-arg versionRover="aztfmod/roverdev:$docker_tag"