cyclecloud_as_code/scripts/cloud-config.yaml.tftpl at main · 430am/cyclecloud_as_code · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#cloud-config

package_update: true
package_upgrade: true
packages:
  - curl
  - gnupg2
  - lsb-release
  - apt-transport-https
  - ca-certificates
  - openjdk-8-jdk
  - unzip
  - python3-venv
  - jq

# Render Terraform-driven config files onto the VM before runcmd executes.
# Secrets are NOT inlined here -- they are pulled from Key Vault at runtime
# by the managed identity (see /usr/local/sbin/cc-bootstrap.sh).
write_files:
  - path: /tmp/cyclecloud/account_data.json
    permissions: "0600"
    owner: root:root
    content: |
      [
        {
          "AdType": "Application.Setting",
          "Name": "cycleserver.installation.initial_user",
          "Value": "${admin_user}"
        },
        {
          "AdType": "AuthenticatedUser",
          "Name": "${admin_user}",
          "RawPassword": "__CCPASSWORD__",
          "Superuser": true
        },
        {
          "AdType": "Credential",
          "CredentialType": "PublicKey",
          "Name": "${admin_user}/public",
          "PublicKey": "__CCPUBKEY__"
        },
        {
          "AdType": "Application.Setting",
          "Name": "cycleserver.installation.complete",
          "Value": true
        }
      ]

  - path: /tmp/cyclecloud/azure_data.json
    permissions: "0644"
    owner: root:root
    content: |
      {
        "Environment": "public",
        "AzureRMUseManagedIdentity": true,
        "AzureResourceGroup": "${resource_group_name}",
        "AzureRMApplicationId": null,
        "AzureRMApplicationSecret": null,
        "AzureRMSubscriptionId": "${subscription_id}",
        "AzureRMTenantId": null,
        "DefaultAccount": true,
        "Location": "${location}",
        "Name": "azure",
        "Provider": "azure",
        "ProviderId": "${subscription_id}",
        "RMStorageAccount": "${storage_account_name}",
        "RMStorageContainer": "${storage_container_name}",
        "LockerAuthMode": "ManagedIdentity",
        "LockerIdentity": "${locker_identity_id}",
        "AcceptMarketplaceTerms": true
      }

  # The bootstrap script that runs after CycleCloud is installed. Rendered by
  # Terraform from scripts/cc-bootstrap.sh.tftpl so we get real bash, real
  # logging, and a clean re-runnable file on the VM for debugging.
  - path: /usr/local/sbin/cc-bootstrap.sh
    permissions: "0750"
    owner: root:root
    content: |
      ${indent(6, bootstrap_script)}

runcmd:
  # ----- Base install: Java 8 + Azure CLI + CycleCloud -----------------------
  - update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java

  - install -d -m 0755 /etc/apt/keyrings
  - curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /etc/apt/keyrings/microsoft.gpg
  - chmod go+r /etc/apt/keyrings/microsoft.gpg

  - |
    AZ_DIST=$(lsb_release -cs)
    cat <<EOF > /etc/apt/sources.list.d/azure-cli.sources
    Types: deb
    URIs: https://packages.microsoft.com/repos/azure-cli/
    Suites: $${AZ_DIST}
    Components: main
    Architectures: $(dpkg --print-architecture)
    Signed-by: /etc/apt/keyrings/microsoft.gpg
    EOF

  - echo "deb [signed-by=/etc/apt/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/cyclecloud stable main" > /etc/apt/sources.list.d/cyclecloud.list

  - apt-get -qq update
  - DEBIAN_FRONTEND=noninteractive apt-get -y install azure-cli cyclecloud8

  # ----- Wait for the cycle_server service to be live ------------------------
  - /opt/cycle_server/cycle_server await_startup

  # ----- Install the bundled CycleCloud CLI ----------------------------------
  - unzip -o /opt/cycle_server/tools/cyclecloud-cli.zip -d /tmp/cyclecloud
  - python3 /tmp/cyclecloud/cyclecloud-cli-installer/install.py -y --system --installdir /opt/cycle_server/.cycle

  # ----- Bootstrap: admin user, CLI init, subscription registration ----------
  # The script is idempotent and writes /var/lib/cc-bootstrap.{done,failed}
  # plus a full transcript at /var/log/cc-bootstrap.log. The Terraform
  # null_resource `cyclecloud_ready` polls for the sentinel before declaring
  # the apply complete.
  - /usr/local/sbin/cc-bootstrap.sh