Provisioning requires Terraform & Azure CLI. Before provisioning you need to authenticate, different authentication schemes are documented here.
After the authentication is completed, you must once initialize your local TF state:
terraform initTo preserve your sanity create myname.tfvars -file with the RSA key you
use for SSH (needed to get the first time login code):
SSH_PUBLIC_KEY = "ssh-rsa REDACTED [email protected]!"Make sure you have jq installed. Then to provision a new instance run:
terraform workspace new my_deployment
./tf_wrapper.sh myname.tfvarsAny extra options given to tf_wrapper.sh will be passed to terraform apply.
if you like to live dangerously--auto-approve is a good one.
The script will then do things, if you didn't add auto-approve TF will ask for confirmation, it will then do more things and finally you get a bit more instructions that looke like this:
** Run following curl command to test that at least RASENMAEHER container is up **
curl -s https://deployment-name.pvarki.fi/api/v1/healthcheck/services | jq .
** When curl replies run following SSH command to get the admin login code **
ssh [email protected] 'sudo docker exec rmvm-rmapi-1 /bin/bash -lc "rasenmaeher_api addcode"'
Since TF will return long before cloud-init finishes running you need to use curl to check when RASENMAEHER container is actually up, after that it's just a call over SSH to generate admin login code.
Requires Azure crendentials for PVARKI and access to keyvault pvarki-shared-kv001.
Log in to portal.azure.com with our PVARKI credentials and use service search and navigate to
AzureDevops organizations. Go to My Azure DevOps Organizations link. Link opens to new tab.
Under projects, navigate to PVARKI then to Pipelines. Under pipelines, choose pvarki.terraform-miniwerk-deployment. There will be warning shown, ignore that. Choose Run Pipeline. From Branch/tag change branch to azurepipelines and variables will be shown.
To SSH_PUBLIC_KEY copy and paste contents of sshpubkey (SSH public key). Optionally you can use your own key pair. To WORKSPACE_NAME put unique name for your unique name for deployment. Other variables are auto-generated. Click Run. You can check progress by clicking Create action. When pipeline has ran through, you can check deployment name from Terraform apply steps outputs.
It will take some time after Terraform deployment has completed to all of the containers be up and running. You can check status with:
** Run following curl command to test that at least RASENMAEHER container is up **
curl -s https://deployment-name.pvarki.fi/api/v1/healthcheck/services | jq .
Once service reports to be healthy, for admin login code run:
** When curl replies run following SSH command to get the admin login code **
ssh [email protected] 'sudo docker exec rmvm-rmapi-1 /bin/bash -lc "rasenmaeher_api addcode"'
To clean up, run pipeline again with same WORKSPACE_NAME and uncheck CREATE checkbox. This will run Terraform destroy for said deployment.
We use pre-commit framework for various things, most notably it will autogenerate
the docs below, you need to run pre-commit run --all-files before committing to
make sure everything is ok and up-to-date.
Remember to also enable pre-commit on your local checkout with pre-commit install
You will need terraform-docs and tflint installed in PATH, everything else pre-commit
should be able to handle by itself.
| Name | Version |
|---|---|
| terraform | >=1.2.0 |
| azurerm | ~>3.0 |
| random | ~>3.0 |
| xkcdpass | ~>1.0 |
| Name | Version |
|---|---|
| azurerm | 3.82.0 |
| random | 3.5.1 |
| xkcdpass | 1.0.0 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| CERTBOT_EMAIL | Email address to send certificate expiration notifications. | string |
"[email protected]" |
no |
| DEPLOYMENT_NAME | Set DNS name, if not set will be automatically generated | string |
null |
no |
| DOCKER_COMPOSITION_REPO | The repo to use to get the docker-composition from | string |
"https://github.com/pvarki/docker-rasenmaeher-integration.git" |
no |
| DOCKER_REPO_TAG | The branch/tag in DOCKER_COMPOSITION_REPO to use | string |
"1.6.0" |
no |
| DOCKER_TAG_EXTRA | If you want to deploy for example a PR tagged version, messing this up is a good way to make everything take forever | string |
"" |
no |
| EXPIRES | ISO 8601 date (yyyy-mm-dd) after which this resource is cleaned up, defaults to 30days from now | string |
null |
no |
| RESOURCE_GROUP_LOCATION | Location of the resource group. | string |
"northeurope" |
no |
| RESOURCE_GROUP_NAME_PREFIX | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | string |
"rg-miniwerk" |
no |
| SSH_PUBLIC_KEY | RSA (Azure does not support Elliptic Curve keys) Public key for admin SSH-connections (required) | string |
n/a | yes |
| VITE_ASSET_SET | Which asset set to use for RM UI | string |
"neutral" |
no |
| VM_SIZE | The SKU which should be used for this Virtual Machine, e.g. Standard_B4ms | string |
"Standard_B4ms" |
no |
| ZONE_DNS_NAME | DNS Zone to place mumbler server under | string |
"solution.dev.pvarki.fi" |
no |
| ZONE_RESOURCE_GROUP | Resource group where the DNS zone resides | string |
"FDF-PVARKI-SOLUTION-static" |
no |
| Name | Description |
|---|---|
| dns_name | FQDN for RASENMAEHER |