-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.bicep
52 lines (46 loc) · 4.42 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
param location string = resourceGroup().location
param csadminSshKey string = 'ssh-rsa APublicSshKey2EAAAADAQABAAACAQCpXKIzGlb9fnLJmwrVPFQyntzOngz8QE4SOMHyXueVb4bO2IgSdHk8cD2LDToX3lDOUQzzWz+AiUO3iIRNJPOzZj/6aN+BJZXpi8+cdGOyaQmDyzk0T2w0mwTxXBk3DkXAw+lw13Q9SlFY+YLKsqHyKF7aXiy7RiJl4O3QUMGLKuGtmsqRFcrarp20pyH1UXQbvXUUoPU92AU4cSmx4AS8coWaDoQxWr7EA6toF0hgXsKFf/8MlkzJty0P7IhZ8KPzJg9lFNfBCUZHFEQWSb7FQBV6mFXxVcus1eCtoLEXkIDSkkYGd+edMO6t/Hc73c66M1vL9Ae6RUx2m39kZGF9bpVmcs8pZ2Hy2QukcGR8r61Jx913a32hRmk5fWpCnEo0NfE9XQJ7ibMNU97XL/QSeNZp3yzAyZqIYBkaYp8bFNjjMnVNyVdaANw2rjmxTY2XJlc0jVgucMWim8zT4YDQgKR8UuzXZBtC5uxlqhgZ8Zj+tRqgq/ZGo1MBacj89gQJjiiyFgf9hewVtdxlAEnDUHo0KI/Ro2geI+f2ylf1m0bUuPpwjO8sybJg/ZkA48LyOMbwj9wLHbiNJnPmoJROGGO/pAdvrzMlDuD/2BLf5Xmn3RkvnseS6/qCXZAfsrwlhb/LtCkWF2j+7e5EWXArhT14fGdWHi+5f09UY7ybAQ== user@Somewhere'
param ccadminRawPassword string
param myIp string = '20.49.199.4'
var roleDefinitions = {
owner: '8e3af657-a8ff-443c-a75c-2fe8c4bcb635'
contributor: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
reader: 'acdd72a7-3385-48ef-bd42-f606fba81ae7'
}
var saName = take('cclocker${replace(guid(resourceGroup().id), '-', '')}', 24)
var customData = '#cloud-config\n#\n# installs CycleCloud on the VM\n#\n\nyum_repos:\n azure-cli:\n baseurl: https://packages.microsoft.com/yumrepos/azure-cli\n enabled: true\n gpgcheck: true\n gpgkey: https://packages.microsoft.com/keys/microsoft.asc\n name: Azure CLI\n cyclecloud:\n baseurl: https://packages.microsoft.com/yumrepos/cyclecloud\n enabled: true\n gpgcheck: true\n gpgkey: https://packages.microsoft.com/keys/microsoft.asc\n name: Cycle Cloud\n\npackages:\n- java-1.8.0-openjdk-headless\n- azure-cli\n- cyclecloud8\n\nwrite_files:\n- content: |\n [{\n "AdType": "Application.Setting",\n "Name": "cycleserver.installation.initial_user",\n "Value": "ccadmin"\n },\n {\n "AdType": "Application.Setting",\n "Name": "cycleserver.installation.complete",\n "Value": true\n },\n {\n "AdType": "AuthenticatedUser",\n "Name": "ccadmin",\n "RawPassword": "${ccadminRawPassword}",\n "Superuser": true\n }] \n owner: root:root\n path: ./account_data.json\n permissions: \'0644\'\n- content: |\n {\n "Name": "Azure",\n "Environment": "public",\n "AzureRMSubscriptionId": "${subscription().subscriptionId}",\n "AzureRMUseManagedIdentity": true,\n "Location": "westeurope",\n "RMStorageAccount": "${saName}",\n "RMStorageContainer": "cyclecloud"\n }\n owner: root:root\n path: ./azure_data.json\n permissions: \'0644\'\n\nruncmd:\n- sed -i --follow-symlinks "s/webServerPort=.*/webServerPort=80/g" /opt/cycle_server/config/cycle_server.properties\n- sed -i --follow-symlinks "s/webServerSslPort=.*/webServerSslPort=443/g" /opt/cycle_server/config/cycle_server.properties\n- sed -i --follow-symlinks "s/webServerEnableHttps=.*/webServerEnableHttps=true/g" /opt/cycle_server/config/cycle_server.properties\n- systemctl restart cycle_server\n- mv ./account_data.json /opt/cycle_server/config/data/\n- sleep 5\n- /opt/cycle_server/cycle_server execute "update Application.Setting set Value = false where name == \\"authorization.check_datastore_permissions\\""\n- unzip /opt/cycle_server/tools/cyclecloud-cli\n- ./cyclecloud-cli-installer/install.sh --system\n- sleep 60\n- /usr/local/bin/cyclecloud initialize --batch --url=https://localhost --verify-ssl=false --username="ccadmin" --password="${ccadminRawPassword}"\n- /usr/local/bin/cyclecloud account create -f ./azure_data.json'
module network './network.bicep' = {
name: 'network'
params: {
myIp: myIp
}
}
resource storage 'Microsoft.Storage/storageAccounts@2019-06-01' = {
name: saName
location: location
kind: 'Storage'
sku: {
name: 'Standard_LRS'
}
}
resource mid 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
name: 'CycleCloud-MI'
location: location
}
module vm './cycleserver-vm.bicep' = {
name: 'cycleserver'
params: {
csadminSshKey: csadminSshKey
customData: customData
subnetId: '${network.outputs.vnetId}/subnets/Default'
userAssignedIdentity: mid.id
}
}
resource rbac 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(resourceGroup().id)
properties: {
roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitions.contributor)
principalId: mid.properties.principalId
principalType: 'ServicePrincipal'
}
}