зеркало из https://github.com/Azure/Avere.git
Azure rendering solution deployment framework
This commit is contained in:
Rick Shahid
Родитель
e3d6b5a06e
Коммит
bc36a4e822
|
|
@ -184,3 +184,11 @@ expressRouteGateway = {
|
|||
enableFastPath = false # https://learn.microsoft.com/azure/expressroute/about-fastpath
|
||||
}
|
||||
}
|
||||
|
||||
######################################################################
|
||||
# Monitor (https://learn.microsoft.com/azure/azure-monitor/overview) #
|
||||
######################################################################
|
||||
|
||||
monitor = {
|
||||
enablePrivateLink = false # https://learn.microsoft.com/azure/azure-monitor/logs/private-link-security
|
||||
}
|
||||
|
|
|
|||
|
|
@ -182,6 +182,14 @@ variable "expressRouteGateway" {
|
|||
)
|
||||
}
|
||||
|
||||
variable "monitor" {
|
||||
type = object(
|
||||
{
|
||||
enablePrivateLink = bool
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
data "azurerm_key_vault" "render" {
|
||||
name = module.global.keyVaultName
|
||||
resource_group_name = module.global.resourceGroupName
|
||||
|
|
@ -197,13 +205,19 @@ data "azurerm_storage_account" "render" {
|
|||
resource_group_name = module.global.resourceGroupName
|
||||
}
|
||||
|
||||
data "azurerm_log_analytics_workspace" "render" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = module.global.monitorWorkspaceName
|
||||
resource_group_name = module.global.resourceGroupName
|
||||
}
|
||||
|
||||
locals {
|
||||
computeNetwork = var.computeNetwork.regionName == "" ? merge(var.computeNetwork,
|
||||
computeNetwork = var.computeNetwork.regionName != "" ? var.computeNetwork : merge(var.computeNetwork,
|
||||
{ regionName = module.global.regionName }
|
||||
) : var.computeNetwork
|
||||
storageNetwork = var.storageNetwork.regionName == "" ? merge(var.storageNetwork,
|
||||
)
|
||||
storageNetwork = var.storageNetwork.regionName != "" ? var.storageNetwork : merge(var.storageNetwork,
|
||||
{ regionName = module.global.regionName }
|
||||
) : var.storageNetwork
|
||||
)
|
||||
computeNetworkSubnets = [
|
||||
for virtualNetworkSubnet in local.computeNetwork.subnets : merge(virtualNetworkSubnet,
|
||||
{ virtualNetworkName = local.computeNetwork.name }
|
||||
|
|
@ -222,17 +236,22 @@ locals {
|
|||
virtualNetworksSubnets = flatten([
|
||||
for virtualNetwork in local.virtualNetworks : [
|
||||
for virtualNetworkSubnet in virtualNetwork.subnets : merge(virtualNetworkSubnet,
|
||||
{ regionName = virtualNetwork.regionName },
|
||||
{ virtualNetworkName = virtualNetwork.name }
|
||||
{ virtualNetworkName = virtualNetwork.name },
|
||||
{ regionName = virtualNetwork.regionName }
|
||||
)
|
||||
]
|
||||
])
|
||||
virtualNetworksSubnetsSecurity = [
|
||||
for virtualNetworksSubnet in local.virtualNetworksSubnets : virtualNetworksSubnet if virtualNetworksSubnet.name != "GatewaySubnet" && virtualNetworksSubnet.name != "AzureBastionSubnet" && virtualNetworksSubnet.serviceDelegation == ""
|
||||
]
|
||||
virtualGatewayNetworks = flatten([
|
||||
for virtualNetwork in local.virtualNetworks : [
|
||||
for virtualNetworkSubnet in virtualNetwork.subnets : virtualNetwork if virtualNetworkSubnet.name == "GatewaySubnet"
|
||||
]
|
||||
])
|
||||
virtualGatewayNetworkNames = [for virtualGatewayNetwork in local.virtualGatewayNetworks : virtualGatewayNetwork.name]
|
||||
virtualGatewayNetworkNames = [
|
||||
for virtualGatewayNetwork in local.virtualGatewayNetworks : virtualGatewayNetwork.name
|
||||
]
|
||||
virtualGatewayActiveActive = var.networkGateway.type == "Vpn" && var.vpnGateway.enableActiveActive
|
||||
}
|
||||
|
||||
|
|
@ -283,7 +302,7 @@ resource "azurerm_subnet" "network" {
|
|||
|
||||
resource "azurerm_network_security_group" "network" {
|
||||
for_each = {
|
||||
for virtualNetworksSubnet in local.virtualNetworksSubnets : "${virtualNetworksSubnet.virtualNetworkName}.${virtualNetworksSubnet.name}" => virtualNetworksSubnet if virtualNetworksSubnet.name != "GatewaySubnet" && virtualNetworksSubnet.name != "AzureBastionSubnet" && virtualNetworksSubnet.serviceDelegation == ""
|
||||
for virtualNetworksSubnet in local.virtualNetworksSubnetsSecurity : "${virtualNetworksSubnet.virtualNetworkName}.${virtualNetworksSubnet.name}" => virtualNetworksSubnet
|
||||
}
|
||||
name = "${each.value.virtualNetworkName}.${each.value.name}"
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
|
|
@ -381,7 +400,7 @@ resource "azurerm_network_security_group" "network" {
|
|||
|
||||
resource "azurerm_subnet_network_security_group_association" "network" {
|
||||
for_each = {
|
||||
for virtualNetworksSubnet in local.virtualNetworksSubnets : "${virtualNetworksSubnet.virtualNetworkName}.${virtualNetworksSubnet.name}" => virtualNetworksSubnet if virtualNetworksSubnet.name != "GatewaySubnet" && virtualNetworksSubnet.name != "AzureBastionSubnet" && virtualNetworksSubnet.serviceDelegation == ""
|
||||
for virtualNetworksSubnet in local.virtualNetworksSubnetsSecurity : "${virtualNetworksSubnet.virtualNetworkName}.${virtualNetworksSubnet.name}" => virtualNetworksSubnet
|
||||
}
|
||||
subnet_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${each.value.virtualNetworkName}/subnets/${each.value.name}"
|
||||
network_security_group_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/networkSecurityGroups/${each.value.virtualNetworkName}.${each.value.name}"
|
||||
|
|
@ -968,6 +987,109 @@ resource "azurerm_virtual_network_gateway_connection" "express_route" {
|
|||
authorization_key = var.expressRouteGateway.connection.authorizationKey
|
||||
}
|
||||
|
||||
######################################################################
|
||||
# Monitor (https://learn.microsoft.com/azure/azure-monitor/overview) #
|
||||
######################################################################
|
||||
|
||||
resource "azurerm_private_dns_zone" "monitor" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = "privatelink.monitor.azure.com"
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
}
|
||||
|
||||
resource "azurerm_private_dns_zone" "monitor_opinsights_oms" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = "privatelink.oms.opinsights.azure.com"
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
}
|
||||
|
||||
resource "azurerm_private_dns_zone" "monitor_opinsights_ods" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = "privatelink.ods.opinsights.azure.com"
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
}
|
||||
|
||||
resource "azurerm_private_dns_zone" "monitor_automation" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = "privatelink.agentsvc.azure-automation.net"
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
}
|
||||
|
||||
resource "azurerm_private_dns_zone_virtual_network_link" "monitor" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = "${local.computeNetwork.name}.monitor"
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
private_dns_zone_name = azurerm_private_dns_zone.monitor[0].name
|
||||
virtual_network_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${local.computeNetwork.name}"
|
||||
}
|
||||
|
||||
resource "azurerm_private_dns_zone_virtual_network_link" "monitor_opinsights_oms" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = "${local.computeNetwork.name}.monitor.opinsights.oms"
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
private_dns_zone_name = azurerm_private_dns_zone.monitor_opinsights_oms[0].name
|
||||
virtual_network_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${local.computeNetwork.name}"
|
||||
}
|
||||
|
||||
resource "azurerm_private_dns_zone_virtual_network_link" "monitor_opinsights_ods" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = "${local.computeNetwork.name}.monitor.opinsights.ods"
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
private_dns_zone_name = azurerm_private_dns_zone.monitor_opinsights_ods[0].name
|
||||
virtual_network_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${local.computeNetwork.name}"
|
||||
}
|
||||
|
||||
resource "azurerm_private_dns_zone_virtual_network_link" "monitor_automation" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = "${local.computeNetwork.name}.monitor.automation"
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
private_dns_zone_name = azurerm_private_dns_zone.monitor_automation[0].name
|
||||
virtual_network_id = "${azurerm_resource_group.network.id}/providers/Microsoft.Network/virtualNetworks/${local.computeNetwork.name}"
|
||||
}
|
||||
|
||||
resource "azurerm_private_endpoint" "monitor" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = "${data.azurerm_log_analytics_workspace.render[0].name}.monitor"
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
location = azurerm_resource_group.network.location
|
||||
subnet_id = "${azurerm_private_dns_zone_virtual_network_link.monitor[0].virtual_network_id}/subnets/${local.computeNetwork.subnets[local.computeNetwork.subnetIndex.storage].name}"
|
||||
private_service_connection {
|
||||
name = data.azurerm_log_analytics_workspace.render[0].name
|
||||
private_connection_resource_id = data.azurerm_log_analytics_workspace.render[0].id
|
||||
is_manual_connection = false
|
||||
subresource_names = [
|
||||
"azuremonitor"
|
||||
]
|
||||
}
|
||||
private_dns_zone_group {
|
||||
name = data.azurerm_log_analytics_workspace.render[0].name
|
||||
private_dns_zone_ids = [
|
||||
azurerm_private_dns_zone.monitor[0].id,
|
||||
azurerm_private_dns_zone.monitor_opinsights_oms[0].id,
|
||||
azurerm_private_dns_zone.monitor_opinsights_ods[0].id,
|
||||
azurerm_private_dns_zone.monitor_automation[0].id,
|
||||
azurerm_private_dns_zone.storage_blob.id
|
||||
]
|
||||
}
|
||||
depends_on = [
|
||||
azurerm_private_endpoint.storage_file
|
||||
]
|
||||
}
|
||||
|
||||
resource "azurerm_monitor_private_link_scope" "monitor" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = module.global.monitorWorkspaceName
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
}
|
||||
|
||||
resource "azurerm_monitor_private_link_scoped_service" "monitor" {
|
||||
count = var.monitor.enablePrivateLink ? 1 : 0
|
||||
name = module.global.monitorWorkspaceName
|
||||
resource_group_name = azurerm_resource_group.network.name
|
||||
linked_resource_id = data.azurerm_log_analytics_workspace.render[0].id
|
||||
scope_name = azurerm_monitor_private_link_scope.monitor[0].name
|
||||
}
|
||||
|
||||
output "resourceGroupName" {
|
||||
value = var.resourceGroupName
|
||||
}
|
||||
|
|
|
|||
|
|
@ -50,10 +50,8 @@ imageTemplates = [
|
|||
{
|
||||
name = "LnxScheduler"
|
||||
image = {
|
||||
definitionName = "Linux"
|
||||
customizeScript = "customize.sh"
|
||||
terminateScript = "onTerminate.sh"
|
||||
inputVersion = "Latest"
|
||||
definitionName = "Linux"
|
||||
inputVersion = "Latest"
|
||||
}
|
||||
build = {
|
||||
machineType = "Scheduler"
|
||||
|
|
@ -68,10 +66,8 @@ imageTemplates = [
|
|||
{
|
||||
name = "LnxFarm1"
|
||||
image = {
|
||||
definitionName = "Linux"
|
||||
customizeScript = "customize.sh"
|
||||
terminateScript = "onTerminate.sh"
|
||||
inputVersion = "Latest"
|
||||
definitionName = "Linux"
|
||||
inputVersion = "Latest"
|
||||
}
|
||||
build = {
|
||||
machineType = "Farm"
|
||||
|
|
@ -89,10 +85,8 @@ imageTemplates = [
|
|||
{
|
||||
name = "LnxFarm2"
|
||||
image = {
|
||||
definitionName = "Linux"
|
||||
customizeScript = "customize.sh"
|
||||
terminateScript = "onTerminate.sh"
|
||||
inputVersion = "Latest"
|
||||
definitionName = "Linux"
|
||||
inputVersion = "Latest"
|
||||
}
|
||||
build = {
|
||||
machineType = "Farm"
|
||||
|
|
@ -112,10 +106,8 @@ imageTemplates = [
|
|||
{
|
||||
name = "LnxArtist1"
|
||||
image = {
|
||||
definitionName = "Linux"
|
||||
customizeScript = "customize.sh"
|
||||
terminateScript = "onTerminate.sh"
|
||||
inputVersion = "Latest"
|
||||
definitionName = "Linux"
|
||||
inputVersion = "Latest"
|
||||
}
|
||||
build = {
|
||||
machineType = "Workstation"
|
||||
|
|
@ -133,10 +125,8 @@ imageTemplates = [
|
|||
{
|
||||
name = "LnxArtist2"
|
||||
image = {
|
||||
definitionName = "Linux"
|
||||
customizeScript = "customize.sh"
|
||||
terminateScript = "onTerminate.sh"
|
||||
inputVersion = "Latest"
|
||||
definitionName = "Linux"
|
||||
inputVersion = "Latest"
|
||||
}
|
||||
build = {
|
||||
machineType = "Workstation"
|
||||
|
|
@ -156,10 +146,8 @@ imageTemplates = [
|
|||
{
|
||||
name = "WinScheduler"
|
||||
image = {
|
||||
definitionName = "WinScheduler"
|
||||
customizeScript = "customize.ps1"
|
||||
terminateScript = "onTerminate.ps1"
|
||||
inputVersion = "Latest"
|
||||
definitionName = "WinScheduler"
|
||||
inputVersion = "Latest"
|
||||
}
|
||||
build = {
|
||||
machineType = "Scheduler"
|
||||
|
|
@ -174,10 +162,8 @@ imageTemplates = [
|
|||
{
|
||||
name = "WinFarm1"
|
||||
image = {
|
||||
definitionName = "WinFarm"
|
||||
customizeScript = "customize.ps1"
|
||||
terminateScript = "onTerminate.ps1"
|
||||
inputVersion = "Latest"
|
||||
definitionName = "WinFarm"
|
||||
inputVersion = "Latest"
|
||||
}
|
||||
build = {
|
||||
machineType = "Farm"
|
||||
|
|
@ -195,10 +181,8 @@ imageTemplates = [
|
|||
{
|
||||
name = "WinFarm2"
|
||||
image = {
|
||||
definitionName = "WinFarm"
|
||||
customizeScript = "customize.ps1"
|
||||
terminateScript = "onTerminate.ps1"
|
||||
inputVersion = "Latest"
|
||||
definitionName = "WinFarm"
|
||||
inputVersion = "Latest"
|
||||
}
|
||||
build = {
|
||||
machineType = "Farm"
|
||||
|
|
@ -218,10 +202,8 @@ imageTemplates = [
|
|||
{
|
||||
name = "WinArtist1"
|
||||
image = {
|
||||
definitionName = "WinArtist"
|
||||
customizeScript = "customize.ps1"
|
||||
terminateScript = "onTerminate.ps1"
|
||||
inputVersion = "Latest"
|
||||
definitionName = "WinArtist"
|
||||
inputVersion = "Latest"
|
||||
}
|
||||
build = {
|
||||
machineType = "Workstation"
|
||||
|
|
@ -239,10 +221,8 @@ imageTemplates = [
|
|||
{
|
||||
name = "WinArtist2"
|
||||
image = {
|
||||
definitionName = "WinArtist"
|
||||
customizeScript = "customize.ps1"
|
||||
terminateScript = "onTerminate.ps1"
|
||||
inputVersion = "Latest"
|
||||
definitionName = "WinArtist"
|
||||
inputVersion = "Latest"
|
||||
}
|
||||
build = {
|
||||
machineType = "Workstation"
|
||||
|
|
|
|||
|
|
@ -54,10 +54,8 @@ variable "imageTemplates" {
|
|||
name = string
|
||||
image = object(
|
||||
{
|
||||
definitionName = string
|
||||
customizeScript = string
|
||||
terminateScript = string
|
||||
inputVersion = string
|
||||
definitionName = string
|
||||
inputVersion = string
|
||||
}
|
||||
)
|
||||
build = object(
|
||||
|
|
@ -123,17 +121,8 @@ data "azurerm_virtual_network" "compute" {
|
|||
resource_group_name = !local.stateExistsNetwork ? var.computeNetwork.resourceGroupName : data.terraform_remote_state.network.outputs.resourceGroupName
|
||||
}
|
||||
|
||||
data "azurerm_storage_account" "storage" {
|
||||
name = module.global.storageAccountName
|
||||
resource_group_name = module.global.resourceGroupName
|
||||
}
|
||||
|
||||
locals {
|
||||
stateExistsNetwork = try(length(data.terraform_remote_state.network.outputs) >= 0, false)
|
||||
customizeScriptLinux = "customize.sh"
|
||||
customizeScriptWindows = "customize.ps1"
|
||||
terminateScriptLinux = "onTerminate.sh"
|
||||
terminateScriptWindows = "onTerminate.ps1"
|
||||
stateExistsNetwork = try(length(data.terraform_remote_state.network.outputs) >= 0, false)
|
||||
}
|
||||
|
||||
resource "azurerm_resource_group" "image" {
|
||||
|
|
@ -147,55 +136,12 @@ resource "azurerm_role_assignment" "network" {
|
|||
scope = data.azurerm_resource_group.network.id
|
||||
}
|
||||
|
||||
resource "azurerm_role_assignment" "storage" {
|
||||
role_definition_name = "Storage Blob Data Reader" # https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#storage-blob-data-reader
|
||||
principal_id = data.azurerm_user_assigned_identity.render.principal_id
|
||||
scope = data.azurerm_storage_account.storage.id
|
||||
}
|
||||
|
||||
resource "azurerm_role_assignment" "image" {
|
||||
role_definition_name = "Contributor" # https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#contributor
|
||||
principal_id = data.azurerm_user_assigned_identity.render.principal_id
|
||||
scope = azurerm_resource_group.image.id
|
||||
}
|
||||
|
||||
resource "azurerm_storage_container" "container" {
|
||||
name = "image"
|
||||
storage_account_name = data.azurerm_storage_account.storage.name
|
||||
}
|
||||
|
||||
resource "azurerm_storage_blob" "customize_script_linux" {
|
||||
name = local.customizeScriptLinux
|
||||
storage_account_name = data.azurerm_storage_account.storage.name
|
||||
storage_container_name = azurerm_storage_container.container.name
|
||||
source = local.customizeScriptLinux
|
||||
type = "Block"
|
||||
}
|
||||
|
||||
resource "azurerm_storage_blob" "customize_script_windows" {
|
||||
name = local.customizeScriptWindows
|
||||
storage_account_name = data.azurerm_storage_account.storage.name
|
||||
storage_container_name = azurerm_storage_container.container.name
|
||||
source = local.customizeScriptWindows
|
||||
type = "Block"
|
||||
}
|
||||
|
||||
resource "azurerm_storage_blob" "terminate_script_linux" {
|
||||
name = local.terminateScriptLinux
|
||||
storage_account_name = data.azurerm_storage_account.storage.name
|
||||
storage_container_name = azurerm_storage_container.container.name
|
||||
source = local.terminateScriptLinux
|
||||
type = "Block"
|
||||
}
|
||||
|
||||
resource "azurerm_storage_blob" "terminate_script_windows" {
|
||||
name = local.terminateScriptWindows
|
||||
storage_account_name = data.azurerm_storage_account.storage.name
|
||||
storage_container_name = azurerm_storage_container.container.name
|
||||
source = local.terminateScriptWindows
|
||||
type = "Block"
|
||||
}
|
||||
|
||||
resource "azurerm_shared_image_gallery" "gallery" {
|
||||
name = var.imageGallery.name
|
||||
resource_group_name = azurerm_resource_group.image.name
|
||||
|
|
@ -237,9 +183,6 @@ resource "azurerm_resource_group_template_deployment" "image_builder" {
|
|||
"imageTemplates" = {
|
||||
value = var.imageTemplates
|
||||
}
|
||||
"imageScriptContainer" = {
|
||||
value = "https://${data.azurerm_storage_account.storage.name}.blob.core.windows.net/${azurerm_storage_container.container.name}/"
|
||||
}
|
||||
"keyVaultSecretAdminUsername" = {
|
||||
value = data.azurerm_key_vault_secret.admin_username.value
|
||||
}
|
||||
|
|
@ -267,9 +210,6 @@ resource "azurerm_resource_group_template_deployment" "image_builder" {
|
|||
"imageTemplates": {
|
||||
"type": "array"
|
||||
},
|
||||
"imageScriptContainer": {
|
||||
"type": "string"
|
||||
},
|
||||
"keyVaultSecretAdminUsername": {
|
||||
"type": "string"
|
||||
},
|
||||
|
|
@ -279,9 +219,7 @@ resource "azurerm_resource_group_template_deployment" "image_builder" {
|
|||
},
|
||||
"variables": {
|
||||
"imageBuilderApiVersion": "2022-02-14",
|
||||
"imageGalleryApiVersion": "2022-08-03",
|
||||
"localDownloadPathLinux": "/tmp/",
|
||||
"localDownloadPathWindows": "/Windows/Temp/"
|
||||
"imageGalleryApiVersion": "2022-08-03"
|
||||
},
|
||||
"functions": [
|
||||
{
|
||||
|
|
@ -289,18 +227,10 @@ resource "azurerm_resource_group_template_deployment" "image_builder" {
|
|||
"members": {
|
||||
"GetCustomizeCommandsLinux": {
|
||||
"parameters": [
|
||||
{
|
||||
"name": "imageScriptContainer",
|
||||
"type": "string"
|
||||
},
|
||||
{
|
||||
"name": "imageTemplate",
|
||||
"type": "object"
|
||||
},
|
||||
{
|
||||
"name": "scriptFilePath",
|
||||
"type": "string"
|
||||
},
|
||||
{
|
||||
"name": "renderManager",
|
||||
"type": "string"
|
||||
|
|
@ -325,18 +255,18 @@ resource "azurerm_resource_group_template_deployment" "image_builder" {
|
|||
},
|
||||
{
|
||||
"type": "File",
|
||||
"sourceUri": "[concat(parameters('imageScriptContainer'), parameters('imageTemplate').image.customizeScript)]",
|
||||
"destination": "[concat(parameters('scriptFilePath'), parameters('imageTemplate').image.customizeScript)]"
|
||||
"sourceUri": "https://github.com/Azure/Avere/blob/main/src/terraform/examples/e2e/4.image.builder/customize.sh",
|
||||
"destination": "/tmp/customize.sh"
|
||||
},
|
||||
{
|
||||
"type": "File",
|
||||
"sourceUri": "[concat(parameters('imageScriptContainer'), parameters('imageTemplate').image.terminateScript)]",
|
||||
"destination": "[concat(parameters('scriptFilePath'), parameters('imageTemplate').image.terminateScript)]"
|
||||
"sourceUri": "https://github.com/Azure/Avere/blob/main/src/terraform/examples/e2e/4.image.builder/onTerminate.sh",
|
||||
"destination": "/tmp/onTerminate.sh"
|
||||
},
|
||||
{
|
||||
"type": "Shell",
|
||||
"inline": [
|
||||
"[format('cat {0} | tr -d \r | {1} /bin/bash', concat(parameters('scriptFilePath'), parameters('imageTemplate').image.customizeScript), concat('buildConfigEncoded=', base64(string(union(parameters('imageTemplate').build, createObject('renderManager', parameters('renderManager')), createObject('adminUsername', parameters('adminUsername')), createObject('adminPassword', parameters('adminPassword')))))))]"
|
||||
"[format('cat /tmp/customize.sh | tr -d \r | {0} /bin/bash', concat('buildConfigEncoded=', base64(string(union(parameters('imageTemplate').build, createObject('renderManager', parameters('renderManager')), createObject('adminUsername', parameters('adminUsername')), createObject('adminPassword', parameters('adminPassword')))))))]"
|
||||
]
|
||||
}
|
||||
]
|
||||
|
|
@ -344,18 +274,10 @@ resource "azurerm_resource_group_template_deployment" "image_builder" {
|
|||
},
|
||||
"GetCustomizeCommandsWindows": {
|
||||
"parameters": [
|
||||
{
|
||||
"name": "imageScriptContainer",
|
||||
"type": "string"
|
||||
},
|
||||
{
|
||||
"name": "imageTemplate",
|
||||
"type": "object"
|
||||
},
|
||||
{
|
||||
"name": "scriptFilePath",
|
||||
"type": "string"
|
||||
},
|
||||
{
|
||||
"name": "renderManager",
|
||||
"type": "string"
|
||||
|
|
@ -375,20 +297,23 @@ resource "azurerm_resource_group_template_deployment" "image_builder" {
|
|||
},
|
||||
{
|
||||
"type": "File",
|
||||
"sourceUri": "[concat(parameters('imageScriptContainer'), parameters('imageTemplate').image.customizeScript)]",
|
||||
"destination": "[concat(parameters('scriptFilePath'), parameters('imageTemplate').image.customizeScript)]"
|
||||
"sourceUri": "https://github.com/Azure/Avere/blob/main/src/terraform/examples/e2e/4.image.builder/customize.ps1",
|
||||
"destination": "C:\\Users\\Public\\Downloads\\customize.ps1"
|
||||
},
|
||||
{
|
||||
"type": "File",
|
||||
"sourceUri": "[concat(parameters('imageScriptContainer'), parameters('imageTemplate').image.terminateScript)]",
|
||||
"destination": "[concat(parameters('scriptFilePath'), parameters('imageTemplate').image.terminateScript)]"
|
||||
"sourceUri": "https://github.com/Azure/Avere/blob/main/src/terraform/examples/e2e/4.image.builder/onTerminate.ps1",
|
||||
"destination": "C:\\Users\\Public\\Downloads\\onTerminate.ps1"
|
||||
},
|
||||
{
|
||||
"type": "PowerShell",
|
||||
"inline": [
|
||||
"[format('{0} {1}', concat(parameters('scriptFilePath'), parameters('imageTemplate').image.customizeScript), concat('-buildConfigEncoded ', base64(string(union(parameters('imageTemplate').build, createObject('renderManager', parameters('renderManager')))))))]"
|
||||
"[concat('C:\\Users\\Public\\Downloads\\customize.ps1 -buildConfigEncoded ', base64(string(union(parameters('imageTemplate').build, createObject('renderManager', parameters('renderManager'))))))]"
|
||||
],
|
||||
"runElevated": "[if(and(equals(parameters('renderManager'), 'Deadline'), equals(parameters('imageTemplate').build.machineType, 'Scheduler')), true(), false())]"
|
||||
},
|
||||
{
|
||||
"type": "WindowsRestart"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -421,7 +346,7 @@ resource "azurerm_resource_group_template_deployment" "image_builder" {
|
|||
"sku": "[reference(resourceId('Microsoft.Compute/galleries/images', parameters('imageGalleryName'), parameters('imageTemplates')[copyIndex()].image.definitionName), variables('imageGalleryApiVersion')).identifier.sku]",
|
||||
"version": "[parameters('imageTemplates')[copyIndex()].image.inputVersion]"
|
||||
},
|
||||
"customize": "[if(equals(reference(resourceId('Microsoft.Compute/galleries/images', parameters('imageGalleryName'), parameters('imageTemplates')[copyIndex()].image.definitionName), variables('imageGalleryApiVersion')).osType, 'Windows'), fx.GetCustomizeCommandsWindows(parameters('imageScriptContainer'), parameters('imageTemplates')[copyIndex()], variables('localDownloadPathWindows'), parameters('renderManager')), fx.GetCustomizeCommandsLinux(parameters('imageScriptContainer'), parameters('imageTemplates')[copyIndex()], variables('localDownloadPathLinux'), parameters('renderManager'), parameters('keyVaultSecretAdminUsername'), parameters('keyVaultSecretAdminPassword')))]",
|
||||
"customize": "[if(equals(reference(resourceId('Microsoft.Compute/galleries/images', parameters('imageGalleryName'), parameters('imageTemplates')[copyIndex()].image.definitionName), variables('imageGalleryApiVersion')).osType, 'Windows'), fx.GetCustomizeCommandsWindows(parameters('imageTemplates')[copyIndex()], parameters('renderManager')), fx.GetCustomizeCommandsLinux(parameters('imageTemplates')[copyIndex()], parameters('renderManager'), parameters('keyVaultSecretAdminUsername'), parameters('keyVaultSecretAdminPassword')))]",
|
||||
"buildTimeoutInMinutes": "[parameters('imageTemplates')[copyIndex()].build.timeoutMinutes]",
|
||||
"distribute": [
|
||||
{
|
||||
|
|
@ -448,11 +373,7 @@ resource "azurerm_resource_group_template_deployment" "image_builder" {
|
|||
}
|
||||
TEMPLATE
|
||||
depends_on = [
|
||||
azurerm_shared_image.definitions,
|
||||
azurerm_storage_blob.customize_script_linux,
|
||||
azurerm_storage_blob.customize_script_windows,
|
||||
azurerm_storage_blob.terminate_script_linux,
|
||||
azurerm_storage_blob.terminate_script_windows
|
||||
azurerm_shared_image.definitions
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -127,7 +127,7 @@ if [ ${cycleCloud.enable} == true ]; then
|
|||
echo "mkdir -p /mnt/show/read" >> $clusterTemplateFile
|
||||
echo "" >> $clusterTemplateFile
|
||||
echo "echo 'scheduler.artist.studio:/DeadlineRepository /mnt/scheduler nfs defaults 0 0' >> /etc/fstab" >> $clusterTemplateFile
|
||||
echo "echo 'azrender1.privatelink.blob.core.windows.net:/azrender1/show /mnt/show/write nfs sec=sys,vers=3,proto=tcp,nolock 0 0' >> /etc/fstab" >> $clusterTemplateFile
|
||||
echo "echo 'azrender1.blob.core.windows.net:/azrender1/show /mnt/show/write nfs sec=sys,vers=3,proto=tcp,nolock 0 0' >> /etc/fstab" >> $clusterTemplateFile
|
||||
echo "echo 'cache.artist.studio:/mnt/show /mnt/show/read nfs hard,proto=tcp,mountproto=tcp,retry=30,nolock 0 0' >> /etc/fstab" >> $clusterTemplateFile
|
||||
echo "" >> $clusterTemplateFile
|
||||
echo "mount -a" >> $clusterTemplateFile
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ virtualMachineScaleSets = [
|
|||
imageId = "/subscriptions/5cc0d8f1-3643-410c-8646-1a2961134bd3/resourceGroups/ArtistAnywhere.Image/providers/Microsoft.Compute/galleries/Gallery/images/Linux/versions/1.0.0"
|
||||
machine = {
|
||||
size = "Standard_HB120rs_v2"
|
||||
count = 1
|
||||
count = 10
|
||||
}
|
||||
operatingSystem = {
|
||||
type = "Linux"
|
||||
|
|
@ -33,7 +33,7 @@ virtualMachineScaleSets = [
|
|||
fileName = "initialize.sh"
|
||||
parameters = {
|
||||
fileSystemMountsStorage = [
|
||||
"azrender1.privatelink.blob.core.windows.net:/azrender1/show /mnt/show/write nfs sec=sys,vers=3,proto=tcp,nolock 0 0"
|
||||
"azrender1.blob.core.windows.net:/azrender1/show /mnt/show/write nfs sec=sys,vers=3,proto=tcp,nolock 0 0"
|
||||
]
|
||||
fileSystemMountsStorageCache = [
|
||||
# "cache.artist.studio:/mnt/show /mnt/show/read nfs hard,proto=tcp,mountproto=tcp,retry=30,nolock 0 0"
|
||||
|
|
@ -90,7 +90,7 @@ virtualMachineScaleSets = [
|
|||
fileName = "initialize.ps1"
|
||||
parameters = {
|
||||
fileSystemMountsStorage = [
|
||||
"mount -o anon nolock \\\\azrender1.privatelink.blob.core.windows.net\\azrender1\\show W:"
|
||||
"mount -o anon nolock \\\\azrender1.blob.core.windows.net\\azrender1\\show W:"
|
||||
]
|
||||
fileSystemMountsStorageCache = [
|
||||
# "mount -o anon nolock \\\\cache.artist.studio\\mnt\\show R:"
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ virtualMachines = [
|
|||
fileName = "initialize.sh"
|
||||
parameters = {
|
||||
fileSystemMountsStorage = [
|
||||
"azrender1.privatelink.blob.core.windows.net:/azrender1/show /mnt/show nfs sec=sys,vers=3,proto=tcp,nolock 0 0"
|
||||
"azrender1.blob.core.windows.net:/azrender1/show /mnt/show nfs sec=sys,vers=3,proto=tcp,nolock 0 0"
|
||||
]
|
||||
fileSystemMountsStorageCache = [
|
||||
]
|
||||
|
|
@ -64,7 +64,7 @@ virtualMachines = [
|
|||
fileName = "initialize.ps1"
|
||||
parameters = {
|
||||
fileSystemMountsStorage = [
|
||||
"mount -o anon nolock \\\\azrender1.privatelink.blob.core.windows.net\\azrender1\\show W:"
|
||||
"mount -o anon nolock \\\\azrender1.blob.core.windows.net\\azrender1\\show W:"
|
||||
]
|
||||
fileSystemMountsStorageCache = [
|
||||
]
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче