Terraform config to provision a full RASENMAEHER+TAK in Azure

Usage

Provisioning requires Terraform & Azure CLI. Before provisioning you need to authenticate, different authentication schemes are documented here.

After the authentication is completed, you must once initialize your local TF state:

terraform init

To preserve your sanity create myname.tfvars -file with the RSA key you use for SSH (needed to get the first time login code):

SSH_PUBLIC_KEY = "ssh-rsa REDACTED me@mymachine.local!"

Make sure you have jq installed. Then to provision a new instance run:

terraform workspace new my_deployment
./tf_wrapper.sh myname.tfvars

Any extra options given to tf_wrapper.sh will be passed to terraform apply. if you like to live dangerously--auto-approve is a good one.

The script will then do things, if you didn't add auto-approve TF will ask for confirmation, it will then do more things and finally you get a bit more instructions that looke like this:

** Run following curl command to test that at least RASENMAEHER container is up **
  curl -s https://deployment-name.pvarki.fi/api/v1/healthcheck/services | jq .
** When curl replies run following SSH command to get the admin login code **
  ssh azureuser@deployment-name.pvarki.fi 'sudo docker exec rmvm-rmapi-1 /bin/bash -lc "rasenmaeher_api addcode"'

Since TF will return long before cloud-init finishes running you need to use curl to check when RASENMAEHER container is actually up, after that it's just a call over SSH to generate admin login code.

Usage with Azure DevOps pipeline

Requires Azure crendentials for PVARKI and access to keyvault pvarki-shared-kv001.

Log in to portal.azure.com with our PVARKI credentials and use service search and navigate to AzureDevops organizations. Go to My Azure DevOps Organizations link. Link opens to new tab.

Under projects, navigate to PVARKI then to Pipelines. Under pipelines, choose pvarki.terraform-miniwerk-deployment. There will be warning shown, ignore that. Choose Run Pipeline. From Branch/tag change branch to azurepipelines and variables will be shown.

To SSH_PUBLIC_KEY copy and paste contents of sshpubkey (SSH public key). Optionally you can use your own key pair. To WORKSPACE_NAME put unique name for your unique name for deployment. Other variables are auto-generated. Click Run. You can check progress by clicking Create action. When pipeline has ran through, you can check deployment name from Terraform apply steps outputs.

It will take some time after Terraform deployment has completed to all of the containers be up and running. You can check status with:

** Run following curl command to test that at least RASENMAEHER container is up **
  curl -s https://deployment-name.pvarki.fi/api/v1/healthcheck/services | jq .

Once service reports to be healthy, for admin login code run:

** When curl replies run following SSH command to get the admin login code **
  ssh azureuser@deployment-name.pvarki.fi 'sudo docker exec rmvm-rmapi-1 /bin/bash -lc "rasenmaeher_api addcode"'

To clean up, run pipeline again with same WORKSPACE_NAME and uncheck CREATE checkbox. This will run Terraform destroy for said deployment.

pre-commit considerations

We use pre-commit framework for various things, most notably it will autogenerate the docs below, you need to run pre-commit run --all-files before committing to make sure everything is ok and up-to-date.

Remember to also enable pre-commit on your local checkout with pre-commit install

You will need terraform-docs and tflint installed in PATH, everything else pre-commit should be able to handle by itself.

Terraform docs (autogenerarated)

Requirements

Providers

Modules

No modules.

Resources

Inputs

Outputs