Merge pull request #26 from pkgw/more-dev

Yet more work on the development instance

dev/.gitignore

@@ -0,0 +1,2 @@
+bastion_rsa
+bastion_rsa.pub

dev/constellations-backend.tf

@@ -66,6 +66,9 @@ resource "azurerm_linux_web_app" "cx_backend" {
 
   app_settings = {
     "AZURE_COSMOS_CONNECTIONSTRING" = azurerm_cosmosdb_account.cx_backend.connection_strings[0]
+    "CX_PREVIEW_BASE_URL"           = "https://${azurerm_cdn_endpoint_custom_domain.cxdata.host_name}/previews"
+    "CX_PREVIEW_SERVICE_URL"        = "http://${azurerm_private_dns_a_record.cx_previewer_server.name}.azurewebsites.net"
+    "CX_SESSION_SECRETS"            = var.sessionSecrets
     "CX_SUPERUSER_ACCOUNT_ID"       = var.superuserAccountId
     "KEYCLOAK_URL"                  = "https://${var.tld}/auth/"
   }
@@ -77,6 +80,18 @@ resource "azurerm_linux_web_app" "cx_backend" {
     app_command_line       = "yarn start"
   }
 
+  logs {
+    detailed_error_messages = false
+    failed_request_tracing  = false
+
+    http_logs {
+      file_system {
+        retention_in_days = 0
+        retention_in_mb   = 35
+      }
+    }
+  }
+
   virtual_network_subnet_id = azurerm_subnet.cx_backend_app.id
 }
 

dev/constellations-cdn.tf

@@ -0,0 +1,90 @@
+# The CDN layer
+
+resource "azurerm_resource_group" "cx_cdn" {
+  name     = "${var.prefix}-cxcdn"
+  location = var.location
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "azurerm_cdn_profile" "cx" {
+  name                = "${var.prefix}-cx"
+  resource_group_name = azurerm_resource_group.cx_cdn.name
+  location            = "global"
+  sku                 = "Standard_Microsoft"
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "azurerm_cdn_endpoint" "cxdata" {
+  name                = "${var.prefix}-cxdata"
+  profile_name        = azurerm_cdn_profile.cx.name
+  resource_group_name = azurerm_resource_group.cx_cdn.name
+  location            = "global"
+
+  optimization_type             = "GeneralWebDelivery"
+  origin_host_header            = azurerm_storage_account.constellations.primary_blob_host
+  querystring_caching_behaviour = "UseQueryString"
+
+  origin {
+    name      = "constellations"
+    host_name = azurerm_storage_account.constellations.primary_blob_host
+  }
+
+  global_delivery_rule {
+    modify_response_header_action {
+      action = "Overwrite"
+      name   = "Access-Control-Allow-Origin"
+      value  = "*"
+    }
+
+    modify_response_header_action {
+      action = "Overwrite"
+      name   = "Access-Control-Allow-Methods"
+      value  = "GET"
+    }
+
+    modify_response_header_action {
+      action = "Overwrite"
+      name   = "Access-Control-Allow-Headers"
+      value  = "Content-Disposition,Content-Encoding,Content-Type"
+    }
+  }
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "azurerm_cdn_endpoint_custom_domain" "cxdata" {
+  name = "${var.prefix}-cxdata"
+  # Capitalization consistency issue:
+  cdn_endpoint_id = replace(azurerm_cdn_endpoint.cxdata.id, "resourcegroups", "resourceGroups")
+  host_name       = "assets.${var.tld}"
+
+  cdn_managed_https {
+    certificate_type = "Dedicated"
+    protocol_type    = "ServerNameIndication"
+    tls_version      = "TLS12"
+  }
+
+  lifecycle {
+    prevent_destroy = true
+  }
+
+  depends_on = [
+    azurerm_dns_cname_record.assets,
+  ]
+}
+
+resource "azurerm_dns_cname_record" "assets" {
+  name                = "assets"
+  resource_group_name = azurerm_dns_zone.flagship.resource_group_name # must be same as the zone
+  zone_name           = azurerm_dns_zone.flagship.name
+  ttl                 = 3600
+  target_resource_id  = azurerm_cdn_endpoint.cxdata.id
+}

dev/constellations-frontend.tf

@@ -22,8 +22,10 @@ resource "azurerm_linux_web_app" "cx_frontend" {
   service_plan_id     = azurerm_service_plan.cx_backend.id
 
   app_settings = {
-    "NUXT_PUBLIC_API_URL"      = "https://api.${var.tld}"
-    "NUXT_PUBLIC_KEYCLOAK_URL" = "https://${var.tld}/auth"
+    "NUXT_PUBLIC_API_URL"              = "https://api.${var.tld}"
+    "NUXT_PUBLIC_GOOGLE_ANALYTICS_TAG" = var.googleAnalyticsTag
+    "NUXT_PUBLIC_HOST_URL"             = "https://${var.tld}"
+    "NUXT_PUBLIC_KEYCLOAK_URL"         = "https://${var.tld}/auth"
   }
 
   site_config {

dev/constellations-previewer.tf

@@ -42,10 +42,13 @@ resource "azurerm_linux_web_app" "cx_previewer" {
   service_plan_id     = azurerm_service_plan.cx_previewer.id
 
   app_settings = {
+    "CONSTELLATIONS_MAX_THREADS"      = "2"
     "MONGO_CONNECTION_STRING"         = azurerm_cosmosdb_account.cx_backend.connection_strings[0]
     "AZURE_STORAGE_CONNECTION_STRING" = azurerm_storage_account.constellations.primary_connection_string
     "NUXT_PUBLIC_API_URL"             = "https://api.${var.tld}"
     "DOCKER_REGISTRY_SERVER_URL"      = "https://index.docker.io/v1"
+    #"CX_PREVIEW_DUMPIO"               = "true"
+    #"CX_PREVIEW_LOG_LEVEL"            = "debug"
   }
 
   site_config {

dev/variables.tf

@@ -25,6 +25,15 @@ variable "cxkeycloakAdminPassword" {
   sensitive   = true
 }
 
+variable "googleAnalyticsTag" {
+  description = "The Google Analytics tag for frontend telemetry (of the form G-XXXXXXXXXX)"
+}
+
+variable "sessionSecrets" {
+  description = "Space-separated list of secrets for backend session management"
+  sensitive   = true
+}
+
 variable "tmpVaultId" {
   description = "The Azure resource ID of the keyvault to use"
 }