From 107cf665824f2f9c3346b23d7a0d8db24d28a729 Mon Sep 17 00:00:00 2001 From: Glenn Musa <4622125+glennmusa@users.noreply.github.com> Date: Wed, 7 Apr 2021 12:29:50 -0400 Subject: [PATCH 01/20] generate .mlzconfig and .tfvars --- .gitignore | 3 + src/deploy.sh | 128 ++++++++++++++++++ src/scripts/config/append_prereq_endpoints.sh | 13 +- src/scripts/config/generate_config_file.sh | 8 +- .../terraform/create_globals_from_config.sh | 57 ++++++++ 5 files changed, 197 insertions(+), 12 deletions(-) create mode 100755 src/deploy.sh create mode 100755 src/scripts/terraform/create_globals_from_config.sh diff --git a/.gitignore b/.gitignore index 3276b3bfe..62eb42c47 100644 --- a/.gitignore +++ b/.gitignore @@ -49,3 +49,6 @@ __pycache__/ **/.idea/ **/config_output/ **/exec_output + +# ignore deploy.sh output +**/generated-configurations/* \ No newline at end of file diff --git a/src/deploy.sh b/src/deploy.sh new file mode 100755 index 000000000..a712bd986 --- /dev/null +++ b/src/deploy.sh @@ -0,0 +1,128 @@ +#!/bin/bash +# +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# create all the configuration and deploy Terraform resources with minimal input + +set -e + +error_log() { + echo "${1}" 1>&2; +} + +show_help() { + print_formatted() { + long_name=$1 + char_name=$2 + desc=$3 + printf "%20s %2s %s \n" "$long_name" "$char_name" "$desc" + } + print_formatted "argument" "" "description" + print_formatted "--subscription-id" "-s" "Subscription ID for MissionLZ resources" + print_formatted "--location" "-l" "[OPTIONAL] The location that you're deploying to (defaults to 'eastus')" + print_formatted "--tf-environment" "-e" "[OPTIONAL] Terraform azurerm environment (defaults to 'public') see: https://www.terraform.io/docs/language/settings/backends/azurerm.html#environment" + print_formatted "--mlz-env-name" "-z" "[OPTIONAL] Unique name for MLZ environment (defaults to 'mlz' + UNIX timestamp)" + print_formatted "--hub-sub-id" "-h" "[OPTIONAL] subscription ID for the hub network and resources (defaults to the value provided for -s --subscription-id)" + print_formatted "--tier0-sub-id" "-0" "[OPTIONAL] subscription ID for tier 0 network and resources (defaults to the value provided for -s --subscription-id)" + print_formatted "--tier1-sub-id" "-1" "[OPTIONAL] subscription ID for tier 1 network and resources (defaults to the value provided for -s --subscription-id)" + print_formatted "--tier2-sub-id" "-2" "[OPTIONAL] subscription ID for tier 2 network and resources (defaults to the value provided for -s --subscription-id)" +} + +usage() { + echo "deploy.sh: create all the configuration and deploy Terraform resources with minimal input" + show_help +} + +this_script_path=$(realpath "${BASH_SOURCE%/*}") +configuration_output_path="${this_script_path}/generated-configurations" +timestamp=$(date +%s) + +##### check for dependencies ##### + +"${this_script_path}/scripts/util/checkforazcli.sh" +"${this_script_path}/scripts/util/checkforterraform.sh" + +##### generate an MLZ config file ##### + +# set helpful defaults that can be overridden or 'notset' for mandatory input +mlz_config_subid="notset" +mlz_config_location="eastus" +tf_environment="public" +mlz_env_name="mlz${timestamp}" +subs_args=() + +# inspect user input +while [ $# -gt 0 ] ; do + case $1 in + -s | --subscription-id) mlz_config_subid="$2" ;; + -l | --location) mlz_config_location="$2" ;; + -e | --tf-environment) tf_environment="$2" ;; + -z | --mlz-env-name) mlz_env_name="$2" ;; + -h | --hub-sub-id) subs_args+=("-h ${2}") ;; + -0 | --tier0-sub-id) subs_args+=("-0 ${2}") ;; + -1 | --tier1-sub-id) subs_args+=("-1 ${2}") ;; + -2 | --tier2-sub-id) subs_args+=("-2 ${2}") ;; + esac + shift +done + +# check mandatory parameters +for i in { $mlz_config_subid } +do + if [[ $i == "notset" ]]; then + error_log "ERROR: Missing required arguments. These arguments are mandatory: -s" + usage + exit 1 + fi +done + +# switch to the MLZ subscription +echo "INFO: setting current subscription to ${mlz_config_subid}..." +az account set \ + --subscription "${mlz_config_subid}" \ + --only-show-errors \ + --output none + +# retrieve tenant ID for the MLZ subscription +mlz_tenantid=$(az account show \ + --query "tenantId" \ + --output tsv) + +# create MLZ configuration file based on user input +mlz_config_file="${configuration_output_path}/${mlz_env_name}.mlzconfig" +echo "INFO: creating a MLZ config file based on user input at $(realpath "$mlz_config_file")..." + +# derive args from user input +gen_config_args=() +gen_config_args+=("-f ${mlz_config_file}") +gen_config_args+=("-e ${tf_environment}") +gen_config_args+=("-z ${mlz_env_name}") +gen_config_args+=("-l ${mlz_config_location}") +gen_config_args+=("-s ${mlz_config_subid}") +gen_config_args+=("-t ${mlz_tenantid}") + +# add hubs and spokes input, if present +for j in "${subs_args[@]}" +do + gen_config_args+=("$j") +done + +# expand array into a string of space separated arguments +gen_config_args_str=$(printf '%s ' "${gen_config_args[*]}") + +# create the file +# do not quote args $gen_config_args_str, we intend to split +# ignoring shellcheck for word splitting because that is the desired behavior +# shellcheck disable=SC2086 +"${this_script_path}/scripts/config/generate_config_file.sh" $gen_config_args_str + +##### create global terraform variables based on the MLZ config ##### + +tfvars_filename="${mlz_env_name}.tfvars" +tfvars_path="${configuration_output_path}/${tfvars_filename}" +"${this_script_path}/scripts/terraform/create_globals_from_config.sh" "${tfvars_path}" "${mlz_config_file}" + +##### create MLZ resources ##### + +##### apply terraform using MLZ resources ##### \ No newline at end of file diff --git a/src/scripts/config/append_prereq_endpoints.sh b/src/scripts/config/append_prereq_endpoints.sh index 1c42330ca..0bd97992c 100755 --- a/src/scripts/config/append_prereq_endpoints.sh +++ b/src/scripts/config/append_prereq_endpoints.sh @@ -24,13 +24,9 @@ fi file_to_append=$1 cloudEndpoints=($(az cloud show \ - --query '[endpoints.resourceManager, suffixes.acrLoginServerEndpoint, suffixes.keyvaultDns]' \ + --query '[endpoints.resourceManager, suffixes.acrLoginServerEndpoint, suffixes.keyvaultDns, name]' \ --output tsv)) -resourceManager=${cloudEndpoints[0]} -acrLoginServerEndpoint=${cloudEndpoints[1]} -keyvaultDns=${cloudEndpoints[2]} - append_if_not_empty() { key_name=$1 key_value=$2 @@ -40,6 +36,7 @@ append_if_not_empty() { fi } -append_if_not_empty "metadatahost" ${cloudEndpoints[0]} ${file_to_append} -append_if_not_empty "acrLoginServerEndpoint" ${cloudEndpoints[1]} ${file_to_append} -append_if_not_empty "keyvaultDns" ${cloudEndpoints[2]} ${file_to_append} +append_if_not_empty "mlz_metadatahost" ${cloudEndpoints[0]} ${file_to_append} +append_if_not_empty "mlz_acrLoginServerEndpoint" ${cloudEndpoints[1]} ${file_to_append} +append_if_not_empty "mlz_keyvaultDns" ${cloudEndpoints[2]} ${file_to_append} +append_if_not_empty "mlz_cloudname" ${cloudEndpoints[3]} ${file_to_append} diff --git a/src/scripts/config/generate_config_file.sh b/src/scripts/config/generate_config_file.sh index 1fd0edb85..35042838d 100755 --- a/src/scripts/config/generate_config_file.sh +++ b/src/scripts/config/generate_config_file.sh @@ -51,7 +51,6 @@ while [ $# -gt 0 ] ; do case $1 in -f | --file) dest_file="$2" ;; -e | --tf-env) tf_environment="$2" ;; - -m | --metadatahost) metadatahost="$2" ;; -z | --mlz-env-name) mlz_env_name="$2" ;; -l | --location) mlz_config_location="$2" ;; -s | --config-sub-id) mlz_config_subid="$2" ;; @@ -65,10 +64,10 @@ while [ $# -gt 0 ] ; do done # check mandatory parameters -for i in { $dest_file $tf_environment $metadatahost $mlz_env_name $mlz_config_location $mlz_config_subid $mlz_tenant_id } +for i in { $dest_file $tf_environment $mlz_env_name $mlz_config_location $mlz_config_subid $mlz_tenant_id } do if [[ $i == "notset" ]]; then - error_log "ERROR: Missing required arguments. These arguments are mandatory: -f, -e, -m, -z, -l, -s, -t" + error_log "ERROR: Missing required arguments. These arguments are mandatory: -f, -e, -z, -l, -s, -t" usage exit 1 fi @@ -76,10 +75,11 @@ done # write the file to the desired path rm -f "$dest_file" +dest_file_dir=$(dirname ${dest_file}) +mkdir -p "${dest_file_dir}" touch "$dest_file" { echo "tf_environment=${tf_environment}" - echo "mlz_metadatahost=${metadatahost}" echo "mlz_env_name=${mlz_env_name}" echo "mlz_config_location=${mlz_config_location}" echo "mlz_config_subid=${mlz_config_subid}" diff --git a/src/scripts/terraform/create_globals_from_config.sh b/src/scripts/terraform/create_globals_from_config.sh new file mode 100755 index 000000000..bc455c686 --- /dev/null +++ b/src/scripts/terraform/create_globals_from_config.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# generate a terraform globals tfvars file given an MLZ config and a desired tfvars file name + +set -e + +error_log() { + echo "${1}" 1>&2; +} + +usage() { + echo "create_globals_from_config.sh: generate a terraform tfvars file given an MLZ config and a desired tfvars file name" + echo "create_globals_from_config.sh: " + show_help +} + +if [[ "$#" -lt 2 ]]; then + usage + exit 1 +fi + +file_to_create=$1 +mlz_config=$2 + +# source config +. "${mlz_config}" + +# write the file to the desired path +rm -f "$file_to_create" +dest_file_dir=$(dirname ${file_to_create}) +mkdir -p "${dest_file_dir}" +touch "$file_to_create" +{ + echo "tf_environment=${tf_environment}" + echo "mlz_cloud=${mlz_cloudname}" + echo "mlz_tenantid=${mlz_tenantid}" + echo "mlz_location=${mlz_config_location}" + echo "mlz_metadatahost=${mlz_metadatahost}" + echo "tier0_subid=${mlz_tier0_subid}" + echo "tier0_rgname=rg-t0-${mlz_env_name}" + echo "tier0_vnetname=vn-t0-${mlz_env_name}" + echo "tier1_subid=${mlz_tier1_subid}" + echo "tier1_rgname=rg-t1-${mlz_env_name}" + echo "tier1_vnetname=vn-t1-${mlz_env_name}" + echo "tier2_subid=${mlz_tier2_subid}" + echo "tier2_rgname=rg-t2-${mlz_env_name}" + echo "tier2_vnetname=vn-t2-${mlz_env_name}" + echo "saca_subid=${mlz_saca_subid}" + echo "saca_rgname=rg-saca-${mlz_env_name}" + echo "saca_vnetname=vn-saca-${mlz_env_name}" + echo "saca_fwname=Firewall${mlz_env_name}" + echo "saca_lawsname=laws-${mlz_env_name}" +} >> "$file_to_create" + From 434cf36443d29154a8a335f450459aac452560f6 Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Wed, 7 Apr 2021 12:46:41 -0400 Subject: [PATCH 02/20] shellcheck --- src/deploy.sh | 6 ++++-- src/scripts/config/generate_config_file.sh | 12 ++++++------ src/scripts/terraform/create_globals_from_config.sh | 5 +++++ 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/deploy.sh b/src/deploy.sh index a712bd986..3c64410eb 100755 --- a/src/deploy.sh +++ b/src/deploy.sh @@ -91,7 +91,7 @@ mlz_tenantid=$(az account show \ # create MLZ configuration file based on user input mlz_config_file="${configuration_output_path}/${mlz_env_name}.mlzconfig" -echo "INFO: creating a MLZ config file based on user input at $(realpath "$mlz_config_file")..." +echo "INFO: creating an MLZ config file at $mlz_config_file..." # derive args from user input gen_config_args=() @@ -121,8 +121,10 @@ gen_config_args_str=$(printf '%s ' "${gen_config_args[*]}") tfvars_filename="${mlz_env_name}.tfvars" tfvars_path="${configuration_output_path}/${tfvars_filename}" +echo "INFO: creating terraform variables at $tfvars_path..." "${this_script_path}/scripts/terraform/create_globals_from_config.sh" "${tfvars_path}" "${mlz_config_file}" ##### create MLZ resources ##### +# "${this_script_path}/scripts/mlz_tf_setup.sh" "${mlz_config_file}" -##### apply terraform using MLZ resources ##### \ No newline at end of file +##### apply terraform using MLZ resources ##### diff --git a/src/scripts/config/generate_config_file.sh b/src/scripts/config/generate_config_file.sh index 35042838d..491b4f558 100755 --- a/src/scripts/config/generate_config_file.sh +++ b/src/scripts/config/generate_config_file.sh @@ -3,6 +3,8 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # +# shellcheck disable=1083,1090,2154 +# # Generate a configuration file for MLZ prerequisites and optional SACA and T0-T2 subscriptions. set -e @@ -21,7 +23,6 @@ show_help() { print_formatted "argument" "" "description" print_formatted "--file" "-f" "the destination file path and name (e.g. 'src/mlz_tf_cfg.var')" print_formatted "--tf-env" "-e" "Terraform azurerm environment (e.g. 'public') see: https://www.terraform.io/docs/language/settings/backends/azurerm.html#environment" - print_formatted "--metadatahost" "-m" "Azure Metadata Service endpoint. (e.g 'management.azure.com' or 'management.usgovcloudapi.net')" print_formatted "--mlz-env-name" "-z" "Unique name for MLZ environment" print_formatted "--location" "-l" "The location that you're deploying to (e.g. 'eastus')" print_formatted "--config-sub-id" "-s" "Subscription ID for MissionLZ configuration resources" @@ -40,7 +41,6 @@ usage() { # stage required parameters as not set dest_file="notset" tf_environment="notset" -metadatahost="notset" mlz_env_name="notset" mlz_config_location="notset" mlz_config_subid="notset" @@ -75,7 +75,7 @@ done # write the file to the desired path rm -f "$dest_file" -dest_file_dir=$(dirname ${dest_file}) +dest_file_dir=$(dirname "${dest_file}") mkdir -p "${dest_file_dir}" touch "$dest_file" { @@ -93,9 +93,9 @@ append_optional_args() { default_value=$3 file_to_append=$4 if [[ $key_value ]]; then - printf "${key_name}=${key_value}\n" >> "${file_to_append}" + printf "%s=%s\n" "${key_name}" "${key_value}" >> "${file_to_append}" else - printf "${key_name}=${default_value}\n" >> "${file_to_append}" + printf "%s=%s\n" "${key_name}" "${default_value}" >> "${file_to_append}" fi } append_optional_args "mlz_saca_subid" "${mlz_saca_subid}" "${mlz_config_subid}" "${dest_file}" @@ -105,4 +105,4 @@ append_optional_args "mlz_tier2_subid" "${mlz_tier2_subid}" "${mlz_config_subid} # append cloud specific endpoints this_script_path=$(realpath "${BASH_SOURCE%/*}") -. "${this_script_path}/append_prereq_endpoints.sh" ${dest_file} +. "${this_script_path}/append_prereq_endpoints.sh" "${dest_file}" diff --git a/src/scripts/terraform/create_globals_from_config.sh b/src/scripts/terraform/create_globals_from_config.sh index bc455c686..0fa1a43aa 100755 --- a/src/scripts/terraform/create_globals_from_config.sh +++ b/src/scripts/terraform/create_globals_from_config.sh @@ -3,6 +3,10 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # +# shellcheck disable=1090,2154 +# SC1090: Can't follow non-constant source. This file is dynamic +# SC2154: "var is referenced but not assigned". These values come from an external file. +# # generate a terraform globals tfvars file given an MLZ config and a desired tfvars file name set -e @@ -34,6 +38,7 @@ dest_file_dir=$(dirname ${file_to_create}) mkdir -p "${dest_file_dir}" touch "$file_to_create" { + echo "deploymentname=${mlz_env_name}" echo "tf_environment=${tf_environment}" echo "mlz_cloud=${mlz_cloudname}" echo "mlz_tenantid=${mlz_tenantid}" From 8b24c6570188c3690fe5e5c3e8f5666116f8f2b1 Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Wed, 7 Apr 2021 15:28:32 -0400 Subject: [PATCH 03/20] deploys terraform --- src/build/apply_tf.sh | 6 +- src/core/saca-hub/variables.tf | 3 + src/core/tier-0/variables.tf | 39 ++++++++++++ src/core/tier-1/variables.tf | 39 ++++++++++++ src/core/tier-2/variables.tf | 39 ++++++++++++ src/deploy.sh | 11 +++- .../terraform/create_globals_from_config.sh | 60 +++++++++++-------- 7 files changed, 170 insertions(+), 27 deletions(-) diff --git a/src/build/apply_tf.sh b/src/build/apply_tf.sh index c0db1513c..ca01061b3 100755 --- a/src/build/apply_tf.sh +++ b/src/build/apply_tf.sh @@ -35,8 +35,10 @@ tier2_vars=$6 display_tf_output=${7:-n} # reference paths -core_path=$(realpath ../core/) -scripts_path=$(realpath ../scripts/) +this_script_path=$(realpath "${BASH_SOURCE%/*}") +src_dir=$(dirname "${this_script_path}") +core_path="${src_dir}/core/" +scripts_path="${src_dir}/scripts/" # apply function apply() { diff --git a/src/core/saca-hub/variables.tf b/src/core/saca-hub/variables.tf index 4b169f903..e867a9d70 100644 --- a/src/core/saca-hub/variables.tf +++ b/src/core/saca-hub/variables.tf @@ -73,14 +73,17 @@ variable "firewall_address_space" { variable "saca_fwname" { description = "Name of the Hub Firewall" + default = "mlzDemoFirewall" } variable "firewall_ipconfig_name" { description = "The name of the Firewall IP Configuration" + default = "mlzDemoFirewallIpConfiguration" } variable "public_ip_name" { description = "The name of the Firewall Public IP" + default = "mlzDemoFirewallPip" } variable "create_network_watcher" { diff --git a/src/core/tier-0/variables.tf b/src/core/tier-0/variables.tf index 214a8070f..874968339 100644 --- a/src/core/tier-0/variables.tf +++ b/src/core/tier-0/variables.tf @@ -76,6 +76,7 @@ variable "tier0_vnetname" { variable "tier0_vnet_address_space" { description = "Address space prefixes list of strings" type = list(string) + default = ["10.0.110.0/26"] } variable "subnets" { @@ -103,6 +104,44 @@ variable "subnets" { routetable_name = string })) + default = { + "tier0vms" = { + name = "tier0vms" + address_prefixes = ["10.0.110.0/27"] + service_endpoints = ["Microsoft.Storage"] + + enforce_private_link_endpoint_network_policies = false + enforce_private_link_service_network_policies = false + + nsg_name = "tier0vmsnsg" + nsg_rules = { + "allow_ssh" = { + name = "allow_ssh" + priority = "100" + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "22" + destination_port_range = "" + source_address_prefix = "*" + destination_address_prefix = "" + }, + "allow_rdp" = { + name = "allow_rdp" + priority = "200" + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "3389" + destination_port_range = "" + source_address_prefix = "*" + destination_address_prefix = "" + } + } + } + + routetable_name = "tier0vmsrt" + } } variable "create_network_watcher" { diff --git a/src/core/tier-1/variables.tf b/src/core/tier-1/variables.tf index 156270850..3b0464d32 100644 --- a/src/core/tier-1/variables.tf +++ b/src/core/tier-1/variables.tf @@ -76,6 +76,7 @@ variable "tier1_vnetname" { variable "tier1_vnet_address_space" { description = "Address space prefixes for the virtual network" type = list(string) + default = ["10.0.115.0/26"] } variable "subnets" { @@ -103,6 +104,44 @@ variable "subnets" { routetable_name = string })) + default = { + "tier1vms" = { + name = "tier1vms" + address_prefixes = ["10.0.115.0/27"] + service_endpoints = ["Microsoft.Storage"] + + enforce_private_link_endpoint_network_policies = false + enforce_private_link_service_network_policies = false + + nsg_name = "tier1vmsnsg" + nsg_rules = { + "allow_ssh" = { + name = "allow_ssh" + priority = "100" + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "22" + destination_port_range = "" + source_address_prefix = "*" + destination_address_prefix = "" + }, + "allow_rdp" = { + name = "allow_rdp" + priority = "200" + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "3389" + destination_port_range = "" + source_address_prefix = "*" + destination_address_prefix = "" + } + } + + routetable_name = "tier1vmsrt" + } + } } variable "create_network_watcher" { diff --git a/src/core/tier-2/variables.tf b/src/core/tier-2/variables.tf index ccc3af44f..2b05521cc 100644 --- a/src/core/tier-2/variables.tf +++ b/src/core/tier-2/variables.tf @@ -76,6 +76,7 @@ variable "tier2_vnetname" { variable "tier2_vnet_address_space" { description = "Address space prefixes list of strings" type = list(string) + default = ["10.0.120.0/26"] } variable "subnets" { @@ -103,6 +104,44 @@ variable "subnets" { routetable_name = string })) + default = { + "tier2vms" = { + name = "tier2vms" + address_prefixes = ["10.0.120.0/27"] + service_endpoints = ["Microsoft.Storage"] + + enforce_private_link_endpoint_network_policies = false + enforce_private_link_service_network_policies = false + + nsg_name = "tier2vmsnsg" + nsg_rules = { + "allow_ssh" = { + name = "allow_ssh" + priority = "100" + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "22" + destination_port_range = "" + source_address_prefix = "*" + destination_address_prefix = "" + }, + "allow_rdp" = { + name = "allow_rdp" + priority = "200" + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "3389" + destination_port_range = "" + source_address_prefix = "*" + destination_address_prefix = "" + } + } + + routetable_name = "tier2vmsrt" + } + } } variable "create_network_watcher" { diff --git a/src/deploy.sh b/src/deploy.sh index 3c64410eb..63b600de7 100755 --- a/src/deploy.sh +++ b/src/deploy.sh @@ -68,6 +68,7 @@ while [ $# -gt 0 ] ; do done # check mandatory parameters +# shellcheck disable=1083 for i in { $mlz_config_subid } do if [[ $i == "notset" ]]; then @@ -125,6 +126,14 @@ echo "INFO: creating terraform variables at $tfvars_path..." "${this_script_path}/scripts/terraform/create_globals_from_config.sh" "${tfvars_path}" "${mlz_config_file}" ##### create MLZ resources ##### -# "${this_script_path}/scripts/mlz_tf_setup.sh" "${mlz_config_file}" +"${this_script_path}/scripts/mlz_tf_setup.sh" "${mlz_config_file}" ##### apply terraform using MLZ resources ##### +"${this_script_path}/build/apply_tf.sh" \ + "${mlz_config_file}" \ + "${tfvars_path}" \ + "${tfvars_path}" \ + "${tfvars_path}" \ + "${tfvars_path}" \ + "${tfvars_path}" \ + "y" \ No newline at end of file diff --git a/src/scripts/terraform/create_globals_from_config.sh b/src/scripts/terraform/create_globals_from_config.sh index 0fa1a43aa..cf57255df 100755 --- a/src/scripts/terraform/create_globals_from_config.sh +++ b/src/scripts/terraform/create_globals_from_config.sh @@ -4,7 +4,7 @@ # Licensed under the MIT License. # # shellcheck disable=1090,2154 -# SC1090: Can't follow non-constant source. This file is dynamic +# SC1090: Can't follow non-constant source. This file is input. # SC2154: "var is referenced but not assigned". These values come from an external file. # # generate a terraform globals tfvars file given an MLZ config and a desired tfvars file name @@ -32,31 +32,43 @@ mlz_config=$2 # source config . "${mlz_config}" +# given a key and value write a key="value" new line to a file +append_kvp() { + key=$1 + value=$2 + printf "%s=\"%s\"\n" "${key}" "${value}" >> "${file_to_create}" +} + # write the file to the desired path rm -f "$file_to_create" -dest_file_dir=$(dirname ${file_to_create}) +dest_file_dir=$(dirname "${file_to_create}") mkdir -p "${dest_file_dir}" touch "$file_to_create" -{ - echo "deploymentname=${mlz_env_name}" - echo "tf_environment=${tf_environment}" - echo "mlz_cloud=${mlz_cloudname}" - echo "mlz_tenantid=${mlz_tenantid}" - echo "mlz_location=${mlz_config_location}" - echo "mlz_metadatahost=${mlz_metadatahost}" - echo "tier0_subid=${mlz_tier0_subid}" - echo "tier0_rgname=rg-t0-${mlz_env_name}" - echo "tier0_vnetname=vn-t0-${mlz_env_name}" - echo "tier1_subid=${mlz_tier1_subid}" - echo "tier1_rgname=rg-t1-${mlz_env_name}" - echo "tier1_vnetname=vn-t1-${mlz_env_name}" - echo "tier2_subid=${mlz_tier2_subid}" - echo "tier2_rgname=rg-t2-${mlz_env_name}" - echo "tier2_vnetname=vn-t2-${mlz_env_name}" - echo "saca_subid=${mlz_saca_subid}" - echo "saca_rgname=rg-saca-${mlz_env_name}" - echo "saca_vnetname=vn-saca-${mlz_env_name}" - echo "saca_fwname=Firewall${mlz_env_name}" - echo "saca_lawsname=laws-${mlz_env_name}" -} >> "$file_to_create" + +append_kvp "deploymentname" "${mlz_env_name}" + +append_kvp "tf_environment" "${tf_environment}" + +append_kvp "mlz_cloud" "${mlz_cloudname}" +append_kvp "mlz_tenantid" "${mlz_tenantid}" +append_kvp "mlz_location" "${mlz_config_location}" +append_kvp "mlz_metadatahost" "${mlz_metadatahost}" + +append_kvp "tier0_subid" "${mlz_tier0_subid}" +append_kvp "tier0_rgname" "rg-t0-${mlz_env_name}" +append_kvp "tier0_vnetname" "vn-t0-${mlz_env_name}" + +append_kvp "tier1_subid" "${mlz_tier1_subid}" +append_kvp "tier1_rgname" "rg-t1-${mlz_env_name}" +append_kvp "tier1_vnetname" "vn-t1-${mlz_env_name}" + +append_kvp "tier2_subid" "${mlz_tier2_subid}" +append_kvp "tier2_rgname" "rg-t2-${mlz_env_name}" +append_kvp "tier2_vnetname" "vn-t2-${mlz_env_name}" + +append_kvp "saca_subid" "${mlz_saca_subid}" +append_kvp "saca_rgname" "rg-saca-${mlz_env_name}" +append_kvp "saca_vnetname" "vn-saca-${mlz_env_name}" +append_kvp "saca_fwname" "Firewall${mlz_env_name}" +append_kvp "saca_lawsname" "laws-${mlz_env_name}" From aea84e02ac4219cc40ac0ebce8e7abdc5da27c39 Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Wed, 7 Apr 2021 16:07:07 -0400 Subject: [PATCH 04/20] fix default var for tier0 --- src/core/tier-0/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/tier-0/variables.tf b/src/core/tier-0/variables.tf index 874968339..677d69ddd 100644 --- a/src/core/tier-0/variables.tf +++ b/src/core/tier-0/variables.tf @@ -138,9 +138,9 @@ variable "subnets" { destination_address_prefix = "" } } - } - routetable_name = "tier0vmsrt" + routetable_name = "tier0vmsrt" + } } } From 49d9196c3c143722e3f57a2c066156563eb56bd9 Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Wed, 7 Apr 2021 17:14:21 -0400 Subject: [PATCH 05/20] add deployment name to resources for cleanup --- src/core/saca-hub/main.tf | 4 +++ src/core/tier-0/main.tf | 6 +++- src/core/tier-1/main.tf | 4 +++ src/core/tier-2/main.tf | 4 +++ src/deploy.sh | 22 ++++++++++++-- src/scripts/config/config_create.sh | 20 +++++++------ src/scripts/config/mlz_config_create.sh | 40 +++++++++++++------------ 7 files changed, 69 insertions(+), 31 deletions(-) diff --git a/src/core/saca-hub/main.tf b/src/core/saca-hub/main.tf index 0cf864f19..0b90edc9c 100644 --- a/src/core/saca-hub/main.tf +++ b/src/core/saca-hub/main.tf @@ -27,6 +27,10 @@ provider "random" { resource "azurerm_resource_group" "hub" { location = var.mlz_location name = var.saca_rgname + + tags = { + DeploymentName = var.deploymentname + } } module "saca-hub-network" { diff --git a/src/core/tier-0/main.tf b/src/core/tier-0/main.tf index adfb9b208..40800adeb 100644 --- a/src/core/tier-0/main.tf +++ b/src/core/tier-0/main.tf @@ -59,6 +59,10 @@ data "azurerm_firewall" "firewall" { resource "azurerm_resource_group" "t0" { location = var.mlz_location name = var.tier0_rgname + + tags = { + DeploymentName = var.deploymentname + } } module "t0-network" { @@ -133,4 +137,4 @@ module "t0-inbound-peering" { tags = { DeploymentName = var.deploymentname } -} \ No newline at end of file +} diff --git a/src/core/tier-1/main.tf b/src/core/tier-1/main.tf index 82f4ca74e..8cb009648 100644 --- a/src/core/tier-1/main.tf +++ b/src/core/tier-1/main.tf @@ -59,6 +59,10 @@ data "azurerm_firewall" "firewall" { resource "azurerm_resource_group" "t1" { location = var.mlz_location name = var.tier1_rgname + + tags = { + DeploymentName = var.deploymentname + } } module "t1-network" { diff --git a/src/core/tier-2/main.tf b/src/core/tier-2/main.tf index a835446a4..945b1c808 100644 --- a/src/core/tier-2/main.tf +++ b/src/core/tier-2/main.tf @@ -59,6 +59,10 @@ data "azurerm_firewall" "firewall" { resource "azurerm_resource_group" "t2" { location = var.mlz_location name = var.tier2_rgname + + tags = { + DeploymentName = var.deploymentname + } } module "t2-network" { diff --git a/src/deploy.sh b/src/deploy.sh index 63b600de7..618dc48cc 100755 --- a/src/deploy.sh +++ b/src/deploy.sh @@ -3,6 +3,7 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # +# shellcheck disable=1090,2154 # create all the configuration and deploy Terraform resources with minimal input set -e @@ -92,7 +93,7 @@ mlz_tenantid=$(az account show \ # create MLZ configuration file based on user input mlz_config_file="${configuration_output_path}/${mlz_env_name}.mlzconfig" -echo "INFO: creating an MLZ config file at $mlz_config_file..." +echo "INFO: creating an MLZ config file at ${mlz_config_file}..." # derive args from user input gen_config_args=() @@ -126,9 +127,14 @@ echo "INFO: creating terraform variables at $tfvars_path..." "${this_script_path}/scripts/terraform/create_globals_from_config.sh" "${tfvars_path}" "${mlz_config_file}" ##### create MLZ resources ##### +echo "INFO: creating MLZ resources using ${mlz_config_file}..." "${this_script_path}/scripts/mlz_tf_setup.sh" "${mlz_config_file}" +# generate names for reference +. "${this_script_path}/scripts/config/generate_names.sh" "${mlz_config_file}" + ##### apply terraform using MLZ resources ##### +echo "INFO: applying Terraform using ${mlz_config_file} and ${tfvars_path}..." "${this_script_path}/build/apply_tf.sh" \ "${mlz_config_file}" \ "${tfvars_path}" \ @@ -136,4 +142,16 @@ echo "INFO: creating terraform variables at $tfvars_path..." "${tfvars_path}" \ "${tfvars_path}" \ "${tfvars_path}" \ - "y" \ No newline at end of file + "y" + +echo "INFO: Complete!" +echo "INFO: All finished? Want to clean up?" +echo "" +echo "To delete all resources created by this deployment try this command:" +echo "az group list --tag DeploymentName=${mlz_env_name} --query [].name -o tsv | xargs -otl az group delete -n" +echo "" +echo "To delete the service principal created by this deployment try this command:" +echo "az ad sp delete --id http://${mlz_sp_name}" +echo "" +echo "To delete the files generated by this deployment try this command:" +echo "rm -f ${mlz_config_file} && rm -f ${tfvars_path}" diff --git a/src/scripts/config/config_create.sh b/src/scripts/config/config_create.sh index ab04313fc..f8fcffcf8 100755 --- a/src/scripts/config/config_create.sh +++ b/src/scripts/config/config_create.sh @@ -38,30 +38,32 @@ tf_name=$(basename "${tf_dir}") # generate names . "${BASH_SOURCE%/*}/generate_names.sh" "${mlz_tf_cfg}" "${tf_sub_id}" "${tf_name}" +echo "INFO: creating resources for ${tf_name} Terraform state..." + # create TF Resource Group and Storage Account for Terraform State files -echo "Validating Resource Group for Terraform state..." +echo "INFO: sourcing resource group ${tf_rg_name} for Terraform state..." rg_exists="az group show \ --name ${tf_rg_name} \ --subscription ${tf_sub_id}" if ! $rg_exists &> /dev/null; then - echo "Resource Group does not exist...creating resource group ${tf_rg_name}" + echo "INFO: creating resource group ${tf_rg_name}..." az group create \ --subscription "${tf_sub_id}" \ --location "${mlz_config_location}" \ --name "${tf_rg_name}" \ + --tags "DeploymentName=${mlz_env_name}" \ --output none -else - echo "Resource Group already exists...getting resource group" + echo "INFO: resource group ${tf_rg_name} created!" fi -echo "Validating Storage Account for Terraform state..." +echo "INFO: sourcing storage account ${tf_sa_name} for Terraform state..." sa_exists="az storage account show \ --name ${tf_sa_name} \ --subscription ${tf_sub_id}" if ! $sa_exists &> /dev/null; then - echo "Storage Account does not exist...creating storage account ${tf_sa_name}" + echo "INFO: creating storage account ${tf_sa_name}..." az storage account create \ --name "${tf_sa_name}" \ --subscription "${tf_sub_id}" \ @@ -84,9 +86,7 @@ if ! $sa_exists &> /dev/null; then --account-name "${tf_sa_name}" \ --account-key "${sa_key}" \ --output none - echo "Storage account and container for Terraform state created!" -else - echo "Storage Account already exists" + echo "INFO: storage account ${tf_sa_name} and container ${container_name} created!" fi # generate a config.vars file @@ -95,3 +95,5 @@ fi "${tf_sub_id}" \ "${tf_name}" \ "${tf_dir}" + +echo "INFO: Terraform state resources for ${tf_name} created!" \ No newline at end of file diff --git a/src/scripts/config/mlz_config_create.sh b/src/scripts/config/mlz_config_create.sh index eb7a28e64..22f920960 100755 --- a/src/scripts/config/mlz_config_create.sh +++ b/src/scripts/config/mlz_config_create.sh @@ -36,20 +36,20 @@ sp_exists () { max_wait_in_seconds=180 max_retries=$((max_wait_in_seconds/sleep_time_in_seconds)) - echo "Maximum time to wait in seconds = ${max_wait_in_seconds}" - echo "Maximum number of retries = ${max_retries}" - + echo "INFO: maximum time to wait in seconds = ${max_wait_in_seconds}" + echo "INFO: maximum number of retries = ${max_retries}" + count=1 while ! $sp_query &> /dev/null do - echo "Waiting for Service Principal ${sp_property} to complete provisioning (${count}/${max_retries})" - echo "Trying again in ${sleep_time_in_seconds} seconds..." + echo "INFO: waiting for service principal ${sp_name} to populate property ${sp_property} (${count}/${max_retries})" + echo "INFO: trying again in ${sleep_time_in_seconds} seconds..." sleep "${sleep_time_in_seconds}" if [[ ${count} -eq max_retries ]]; then - echo "Provisioning the Service Principal ${sp_property} has exceeded ${max_wait_in_minutes} minutes. Investigate and re-run script." + error_log "ERROR: unable to determine ${sp_property} for the service principal ${sp_property} in ${max_wait_in_minutes} minutes. Investigate and re-run script." exit 1 fi @@ -82,6 +82,8 @@ subs=() # generate MLZ configuration names . "${BASH_SOURCE%/*}/generate_names.sh" "${mlz_tf_cfg}" +echo "INFO: creating MLZ resources for ${mlz_env_name}..." + for mlz_sub in $mlz_subs do # Grab value of variable @@ -93,9 +95,9 @@ done # Create Azure AD application registration and Service Principal # TODO: Lift the subscription scoping out of here and move into conditional -echo "Verifying Service Principal is unique (${mlz_sp_name})" +echo "INFO: verifying service principal ${mlz_sp_name} is unique..." if [[ -z $(az ad sp list --filter "displayName eq '${mlz_sp_name}'" --query "[].displayName" -o tsv) ]];then - echo "Service Principal does not exist...creating" + echo "INFO: creating service principal ${mlz_sp_name}..." sp_pwd=$(az ad sp create-for-rbac \ --name "http://${mlz_sp_name}" \ --skip-assignment true \ @@ -128,7 +130,7 @@ if [[ -z $(az ad sp list --filter "displayName eq '${mlz_sp_name}'" --query "[]. # Assign Contributor role to Service Principal for sub in "${subs[@]}" do - echo "Setting Contributor role assignment for ${mlz_sp_name} on subscription ID: ${sub}" + echo "INFO: setting Contributor role assignment for ${mlz_sp_name} on subscription ${sub}..." az role assignment create \ --role Contributor \ --assignee-object-id "${sp_objid}" \ @@ -137,7 +139,7 @@ if [[ -z $(az ad sp list --filter "displayName eq '${mlz_sp_name}'" --query "[]. --output none done else - error_log "Service Principal named ${mlz_sp_name} already exists. This must be a unique Service Principal for your use only. Try again with a new enclave name. Exiting script." + error_log "ERROR: A service principal named ${mlz_sp_name} already exists. This must be a unique service principal for your use only. Try again with a new mlz-env-name. Exiting script." exit 1 fi @@ -146,15 +148,15 @@ rg_exists="az group show \ --name ${mlz_rg_name} \ --subscription ${mlz_config_subid}" +echo "INFO: sourcing resource group ${mlz_rg_name} for MLZ resources..." if ! $rg_exists &> /dev/null; then - echo "Resource Group does not exist...creating resource group ${mlz_rg_name}" + echo "INFO: creating resource group ${mlz_rg_name} for MLZ resources..." az group create \ --subscription "${mlz_config_subid}" \ --location "${mlz_config_location}" \ --name "${mlz_rg_name}" \ + --tags "DeploymentName=${mlz_env_name}" \ --output none -else - echo "Resource Group already exists...getting resource group" fi # Create Key Vault @@ -162,19 +164,19 @@ kv_exists="az keyvault show \ --name ${mlz_kv_name} \ --subscription ${mlz_config_subid}" +echo "INFO: sourcing keyvault ${mlz_kv_name} for MLZ resources..." if ! $kv_exists &> /dev/null; then - echo "Key Vault ${mlz_kv_name} does not exist...creating Key Vault" + echo "INFO: creating keyvault ${mlz_kv_name} for MLZ resources..." az keyvault create \ --name "${mlz_kv_name}" \ --subscription "${mlz_config_subid}" \ --resource-group "${mlz_rg_name}" \ --location "${mlz_config_location}" \ --output none - echo "Key Vault ${mlz_kv_name} created!" fi # Create Key Vault Access Policy for Service Principal -echo "Setting Access Policy for Service Principal..." +echo "INFO: setting access policy on ${mlz_kv_name} for service principal ${mlz_sp_name}..." az keyvault set-policy \ --name "${mlz_kv_name}" \ --subscription "${mlz_config_subid}" \ @@ -182,10 +184,9 @@ az keyvault set-policy \ --object-id "${sp_objid}" \ --secret-permissions get list set \ --output none -echo "Access Policy for Service Principal set!" # Set Key Vault Secrets -echo "Updating KeyVault with Service Principal secrets..." +echo "INFO: setting secrets in ${mlz_kv_name} for service principal ${mlz_sp_name}..." az keyvault secret set \ --name "${mlz_sp_kv_password}" \ --subscription "${mlz_config_subid}" \ @@ -199,4 +200,5 @@ az keyvault secret set \ --vault-name "${mlz_kv_name}" \ --value "${sp_clientid}" \ --output none -echo "KeyVault updated with Service Principal secrets!" + +echo "INFO: MLZ resources for ${mlz_env_name} created!" \ No newline at end of file From 307a0ccce25ac9e7352ebee1d3c4bb91f5fce767 Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Wed, 7 Apr 2021 21:17:29 +0000 Subject: [PATCH 06/20] fix paths on destroy --- src/build/destroy_tf.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/build/destroy_tf.sh b/src/build/destroy_tf.sh index 8cbec1861..9fc4e5b4c 100755 --- a/src/build/destroy_tf.sh +++ b/src/build/destroy_tf.sh @@ -35,8 +35,10 @@ tier2_vars=$6 display_tf_output=${7:-n} # reference paths -core_path=$(realpath ../core/) -scripts_path=$(realpath ../scripts/) +this_script_path=$(realpath "${BASH_SOURCE%/*}") +src_dir=$(dirname "${this_script_path}") +core_path="${src_dir}/core/" +scripts_path="${src_dir}/scripts/" # destroy function destroy() { From 7ed73560e3d688ba888e5f16cdf52781978d13bd Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Wed, 7 Apr 2021 21:21:10 +0000 Subject: [PATCH 07/20] line endings --- src/scripts/config/config_create.sh | 2 +- src/scripts/config/mlz_config_create.sh | 2 +- src/scripts/terraform/create_globals_from_config.sh | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/scripts/config/config_create.sh b/src/scripts/config/config_create.sh index f8fcffcf8..df5123f4a 100755 --- a/src/scripts/config/config_create.sh +++ b/src/scripts/config/config_create.sh @@ -96,4 +96,4 @@ fi "${tf_name}" \ "${tf_dir}" -echo "INFO: Terraform state resources for ${tf_name} created!" \ No newline at end of file +echo "INFO: Terraform state resources for ${tf_name} created!" diff --git a/src/scripts/config/mlz_config_create.sh b/src/scripts/config/mlz_config_create.sh index 22f920960..6ad605a92 100755 --- a/src/scripts/config/mlz_config_create.sh +++ b/src/scripts/config/mlz_config_create.sh @@ -201,4 +201,4 @@ az keyvault secret set \ --value "${sp_clientid}" \ --output none -echo "INFO: MLZ resources for ${mlz_env_name} created!" \ No newline at end of file +echo "INFO: MLZ resources for ${mlz_env_name} created!" diff --git a/src/scripts/terraform/create_globals_from_config.sh b/src/scripts/terraform/create_globals_from_config.sh index cf57255df..c2e4332c8 100755 --- a/src/scripts/terraform/create_globals_from_config.sh +++ b/src/scripts/terraform/create_globals_from_config.sh @@ -71,4 +71,3 @@ append_kvp "saca_rgname" "rg-saca-${mlz_env_name}" append_kvp "saca_vnetname" "vn-saca-${mlz_env_name}" append_kvp "saca_fwname" "Firewall${mlz_env_name}" append_kvp "saca_lawsname" "laws-${mlz_env_name}" - From 80c2af046d96254e6cd3026fa8492d5491b9a12a Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Wed, 7 Apr 2021 21:35:49 +0000 Subject: [PATCH 08/20] line endings and logging --- .gitignore | 2 +- src/build/apply_tf.sh | 8 ++++---- src/build/destroy_tf.sh | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index 62eb42c47..d7243e768 100644 --- a/.gitignore +++ b/.gitignore @@ -51,4 +51,4 @@ __pycache__/ **/exec_output # ignore deploy.sh output -**/generated-configurations/* \ No newline at end of file +**/generated-configurations/* diff --git a/src/build/apply_tf.sh b/src/build/apply_tf.sh index ca01061b3..d174bbe2d 100755 --- a/src/build/apply_tf.sh +++ b/src/build/apply_tf.sh @@ -92,24 +92,24 @@ apply() { while [ $apply_success == "false" ] do - echo "Applying ${name} (${attempts}/${max_attempts})..." + echo "INFO: applying ${name} (${attempts}/${max_attempts})..." if ! eval "$apply_command"; then # if we fail, run terraform destroy and try again - error_log "Failed to apply ${name} (${attempts}/${max_attempts}). Trying some manual clean-up and Terraform destroy..." + error_log "ERROR: failed to apply ${name} (${attempts}/${max_attempts}). Trying some manual clean-up and Terraform destroy..." eval "$destroy_command" ((attempts++)) if [[ $attempts -gt $max_attempts ]]; then - error_log "Failed ${max_attempts} times to apply ${name}. Exiting." + error_log "ERROR: failed ${max_attempts} times to apply ${name}. Exiting." exit 1 fi else # if we succeed meet the base case apply_success="true" - echo "Finished applying ${name}!" + echo "INFO: finished applying ${name}!" fi done } diff --git a/src/build/destroy_tf.sh b/src/build/destroy_tf.sh index 9fc4e5b4c..f185ebbca 100755 --- a/src/build/destroy_tf.sh +++ b/src/build/destroy_tf.sh @@ -90,22 +90,22 @@ destroy() { while [ $destroy_success == "false" ] do - echo "Destroying ${name} (${attempts}/${max_attempts})..." + echo "INFO: destroying ${name} (${attempts}/${max_attempts})..." if ! eval "$destroy_command"; then # if we fail, run terraform destroy again until $max_attempts - error_log "Failed to destroy ${name} (${attempts}/${max_attempts})" + error_log "ERROR: failed to destroy ${name} (${attempts}/${max_attempts})" ((attempts++)) if [[ $attempts -gt $max_attempts ]]; then - error_log "Failed ${max_attempts} times to destroy ${name}. Exiting." + error_log "ERROR: failed ${max_attempts} times to destroy ${name}. Exiting." exit 1 fi else destroy_success="true" - echo "Finished destroying ${name}!" + echo "INFO: finished destroying ${name}!" fi done } From 232c2a35f30d665fa65298c3fba84ad8ba936ea2 Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Wed, 7 Apr 2021 21:37:00 +0000 Subject: [PATCH 09/20] auto approve delete of tagged resources --- src/deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deploy.sh b/src/deploy.sh index 618dc48cc..acf6f9249 100755 --- a/src/deploy.sh +++ b/src/deploy.sh @@ -148,7 +148,7 @@ echo "INFO: Complete!" echo "INFO: All finished? Want to clean up?" echo "" echo "To delete all resources created by this deployment try this command:" -echo "az group list --tag DeploymentName=${mlz_env_name} --query [].name -o tsv | xargs -otl az group delete -n" +echo "az group list --tag DeploymentName=${mlz_env_name} --query [].name -o tsv | xargs -otl az group delete -y -n" echo "" echo "To delete the service principal created by this deployment try this command:" echo "az ad sp delete --id http://${mlz_sp_name}" From 394bdaa798197009bce5074865d65f463b4ad297 Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Thu, 8 Apr 2021 13:02:10 +0000 Subject: [PATCH 10/20] add a clean command, update docs --- src/clean.sh | 93 +++++++++++++++++++++++++++++ src/deploy.sh | 11 +--- src/docs/command-line-deployment.md | 46 +++++++++++++- src/scripts/apply_terraform.sh | 3 +- src/scripts/config/generate_vars.sh | 4 ++ src/scripts/destroy_terraform.sh | 3 +- src/scripts/init_terraform.sh | 1 + 7 files changed, 147 insertions(+), 14 deletions(-) create mode 100755 src/clean.sh diff --git a/src/clean.sh b/src/clean.sh new file mode 100755 index 000000000..740c1cba6 --- /dev/null +++ b/src/clean.sh @@ -0,0 +1,93 @@ +#!/bin/bash +# +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# shellcheck disable=1090,2154 +# +# remove resources deployed by deploy.sh by mlz env name + +set -e + +error_log() { + echo "${1}" 1>&2; +} + +show_help() { + print_formatted() { + long_name=$1 + char_name=$2 + desc=$3 + printf "%20s %2s %s \n" "$long_name" "$char_name" "$desc" + } + print_formatted "argument" "" "description" + print_formatted "--mlz-env-name" "-z" "[OPTIONAL] Unique name for MLZ environment (defaults to 'mlz' + UNIX timestamp)" +} + +usage() { + echo "clean.sh: remove resources deployed by deploy.sh by mlz env name" + show_help +} + +this_script_path=$(realpath "${BASH_SOURCE%/*}") +configuration_output_path="${this_script_path}/generated-configurations" + +# check for dependencies + +"${this_script_path}/scripts/util/checkforazcli.sh" +"${this_script_path}/scripts/util/checkforterraform.sh" + +# inspect user input +while [ $# -gt 0 ] ; do + case $1 in + -z | --mlz-env-name) mlz_env_name="$2" ;; + esac + shift +done + +# check mandatory parameters +# shellcheck disable=1083 +for i in { $mlz_env_name } +do + if [[ $i == "notset" ]]; then + error_log "ERROR: Missing required arguments. These arguments are mandatory: -z" + usage + exit 1 + fi +done + +# source generated config +mlz_config_file="${configuration_output_path}/${mlz_env_name}.mlzconfig" +. "${mlz_config_file}" + +# generate names for reference +. "${this_script_path}/scripts/config/generate_names.sh" "${mlz_config_file}" + +# source generated terraform vars +tfvars_filename="${mlz_env_name}.tfvars" +tfvars_path="${configuration_output_path}/${tfvars_filename}" + +# login +echo "INFO: setting current subscription to ${mlz_config_subid}..." +az account set \ + --subscription "${mlz_config_subid}" \ + --only-show-errors \ + --output none + +# destroy terraform +echo "INFO: destroying Terraform using ${mlz_config_file} and ${tfvars_path}..." +"${this_script_path}/build/destroy_tf.sh" \ + "${mlz_config_file}" \ + "${tfvars_path}" \ + "${tfvars_path}" \ + "${tfvars_path}" \ + "${tfvars_path}" \ + "${tfvars_path}" \ + "y" + +# clean up MLZ config resources +echo "INFO: cleaning up MLZ resources with tag 'DeploymentName=${mlz_env_name}'..." +az group list --tag DeploymentName="${mlz_env_name}" --query [].name -o tsv | xargs -otl az group delete -y -n + +echo "INFO: deleting service principal ${mlz_sp_name}..." +az ad sp delete --id "http://${mlz_sp_name}" diff --git a/src/deploy.sh b/src/deploy.sh index acf6f9249..060978a76 100755 --- a/src/deploy.sh +++ b/src/deploy.sh @@ -146,12 +146,5 @@ echo "INFO: applying Terraform using ${mlz_config_file} and ${tfvars_path}..." echo "INFO: Complete!" echo "INFO: All finished? Want to clean up?" -echo "" -echo "To delete all resources created by this deployment try this command:" -echo "az group list --tag DeploymentName=${mlz_env_name} --query [].name -o tsv | xargs -otl az group delete -y -n" -echo "" -echo "To delete the service principal created by this deployment try this command:" -echo "az ad sp delete --id http://${mlz_sp_name}" -echo "" -echo "To delete the files generated by this deployment try this command:" -echo "rm -f ${mlz_config_file} && rm -f ${tfvars_path}" +echo "INFO: Try this command:" +echo "INFO: ${this_script_path}/clean.sh -z ${mlz_env_name}" diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md index b4957f21b..55c846102 100644 --- a/src/docs/command-line-deployment.md +++ b/src/docs/command-line-deployment.md @@ -8,10 +8,55 @@ az login ``` +1. [Quickstart](#Quickstart) 1. [Configure the Terraform Backend](#Configure-the-Terraform-Backend) 1. [Set Terraform Configuration Variables](#Set-Terraform-Configuration-Variables) 1. [Deploy Terraform Configuration](#Deploy-Terraform-Configuration) +### Quickstart + +Interested in just getting started and seeing what this does? Login to Azure CLI and try this command to deploy MLZ with some default configuration: + +```bash +src/deploy.sh -s {your_subscription_id} +``` + +Once the deployment is complete, you'll be presented with a command that will clean up all of the resources that were deployed: + +```bash +INFO: Complete! +INFO: All finished? Want to clean up? +INFO: Try this command: +INFO: src/clean.sh -z mymlzenv +``` + +Which you can then execute like: + +```bash +src/clean.sh -z mymlzenv +``` + +The `clean.sh` command will call Terraform destroy for all the resources Terraform created and delete the MLZ resources and service principal. + +The `deploy.sh` command deploys all of the MLZ and Terraform resources, and by default, into a single subscription in Azure Commercial EastUS with a timestamped name. + +If you don't wish to use those defaults, you can customize this command to target multiple subscriptions, different regions, and using different Terraform environments and azurerm configurations with the full set of arguments: + +```plaintext +deploy.sh: create all the configuration and deploy Terraform resources with minimal input + argument description + --subscription-id -s Subscription ID for MissionLZ resources + --location -l [OPTIONAL] The location that you're deploying to (defaults to 'eastus') + --tf-environment -e [OPTIONAL] Terraform azurerm environment (defaults to 'public') see: https://www.terraform.io/docs/language/settings/backends/azurerm.html#environment + --mlz-env-name -z [OPTIONAL] Unique name for MLZ environment (defaults to 'mlz' + UNIX timestamp) + --hub-sub-id -h [OPTIONAL] subscription ID for the hub network and resources (defaults to the value provided for -s --subscription-id) + --tier0-sub-id -0 [OPTIONAL] subscription ID for tier 0 network and resources (defaults to the value provided for -s --subscription-id) + --tier1-sub-id -1 [OPTIONAL] subscription ID for tier 1 network and resources (defaults to the value provided for -s --subscription-id) + --tier2-sub-id -2 [OPTIONAL] subscription ID for tier 2 network and resources (defaults to the value provided for -s --subscription-id) +``` + +Need further customization? The rest of this documentation covers in detail how to customize this deployment to your needs. + ### Configure the Terraform Backend The MLZ deployment architecture uses a single Service Principal whose credentials are stored in a central "config" Key Vault. Terraform state storage is distributed into a separate storage account for each tier. When deploying the MLZ architecture, all tiers can be deployed into a single subscription or each tier can be deployed into its own subscription. @@ -81,7 +126,6 @@ The script `destroy_terraform.sh` at [src/scripts/destroy_terraform.sh](/src/scr 1. The Global variables file 1. The directory that contains the main.tf and *.tfvars variables file of the configuration to apply - The hub network must be deployed first. See [Networking](https://github.com/Azure/missionlz#networking) for a description of the hub and spoke and what each network is used for. For saca-hub, run the following command to apply the terraform configuration from the root of this repository. diff --git a/src/scripts/apply_terraform.sh b/src/scripts/apply_terraform.sh index f28f81f1c..8d3dda7c2 100755 --- a/src/scripts/apply_terraform.sh +++ b/src/scripts/apply_terraform.sh @@ -13,8 +13,6 @@ set -e -PGM=$(basename "${0}") - if [[ "$#" -lt 2 ]]; then echo "apply_terraform.sh: initializes Terraform for a given directory using given a .env file for backend configuration" echo "usage: apply_terraform.sh " @@ -55,6 +53,7 @@ key="${mlz_env_name}${tf_name}" # initialize terraform in the configuration directory cd "${tf_dir}" || exit terraform init \ + -backend-config "metadata_host=${metadata_host}" \ -backend-config "key=${key}" \ -backend-config "resource_group_name=${tf_be_rg_name}" \ -backend-config "storage_account_name=${tf_be_sa_name}" \ diff --git a/src/scripts/config/generate_vars.sh b/src/scripts/config/generate_vars.sh index 80bdd236d..ec9b72e0c 100755 --- a/src/scripts/config/generate_vars.sh +++ b/src/scripts/config/generate_vars.sh @@ -30,6 +30,9 @@ tf_sub_id=${2} tf_name=${3} tf_dir=$(realpath "${4}") +# source mlz config +. "${mlz_tf_cfg}" + # generate names . "${BASH_SOURCE%/*}/generate_names.sh" "${mlz_tf_cfg}" "${tf_sub_id}" "${tf_name}" @@ -38,6 +41,7 @@ config_vars="${tf_dir}/config.vars" rm -f "$config_vars" touch "$config_vars" { + echo "metadata_host=${mlz_metadatahost}" echo "tenant_id=${mlz_tenantid}" echo "mlz_env_name=${mlz_env_name}" echo "mlz_cfg_sub_id=${mlz_config_subid}" diff --git a/src/scripts/destroy_terraform.sh b/src/scripts/destroy_terraform.sh index e3a568e65..f92b7541a 100755 --- a/src/scripts/destroy_terraform.sh +++ b/src/scripts/destroy_terraform.sh @@ -13,8 +13,6 @@ set -e -PGM=$(basename "${0}") - if [[ "$#" -lt 2 ]]; then echo "destroy_terraform.sh: initializes Terraform for a given directory using given a .env file for backend configuration" echo "usage: destroy_terraform.sh " @@ -55,6 +53,7 @@ key="${mlz_env_name}${tf_name}" # initialize terraform in the configuration directory cd "${tf_dir}" || exit terraform init \ + -backend-config "metadata_host=${metadata_host}" \ -backend-config "key=${key}" \ -backend-config "resource_group_name=${tf_be_rg_name}" \ -backend-config "storage_account_name=${tf_be_sa_name}" \ diff --git a/src/scripts/init_terraform.sh b/src/scripts/init_terraform.sh index 2abbba346..b6f6e0391 100755 --- a/src/scripts/init_terraform.sh +++ b/src/scripts/init_terraform.sh @@ -48,6 +48,7 @@ key="${mlz_env_name}${tf_name}" # Initialize terraform in the configuration directory cd "${tf_dir}" || exit terraform init \ + -backend-config "metadata_host=${metadata_host}" \ -backend-config "key=${key}" \ -backend-config "resource_group_name=${tf_be_rg_name}" \ -backend-config "storage_account_name=${tf_be_sa_name}" \ From ba4acfa4750251c23437a8358384b00ff49e660e Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Thu, 8 Apr 2021 13:19:23 +0000 Subject: [PATCH 11/20] add more documentation for overriding defaults --- src/docs/command-line-deployment.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md index 55c846102..7f42c56ff 100644 --- a/src/docs/command-line-deployment.md +++ b/src/docs/command-line-deployment.md @@ -55,6 +55,27 @@ deploy.sh: create all the configuration and deploy Terraform resources with mini --tier2-sub-id -2 [OPTIONAL] subscription ID for tier 2 network and resources (defaults to the value provided for -s --subscription-id) ``` +For example, if I wanted to deploy into four subscriptions (one for each network) and provide my own name for created resource, I could do so like: + +```bash +src/deploy.sh -s {my_mlz_configuration_subscription_id} \ + -h {my_hub_network_subscription_id} \ + -0 {my_identity_network_subscription_id} \ + -1 {my_operations_network_subscription_id} \ + -2 {my_shared_services_network_subscription_id} \ + -z {my_mlz_environment_name} +``` + +If I needed to deploy into another cloud, say Azure Government, I would need to override the default region and default azurerm terraform environment like: + +```bash +az cloud set -n AzureUSGovernment +az login +src/deploy.sh -s {my_mlz_configuration_subscription_id} \ + --location usgovvirginia + --tf-environment usgovernment +``` + Need further customization? The rest of this documentation covers in detail how to customize this deployment to your needs. ### Configure the Terraform Backend From f7b889caa541e0ebb0d314ab64093175f9d5b9a2 Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Thu, 8 Apr 2021 09:21:26 -0400 Subject: [PATCH 12/20] fix typo --- src/docs/command-line-deployment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md index 7f42c56ff..421542144 100644 --- a/src/docs/command-line-deployment.md +++ b/src/docs/command-line-deployment.md @@ -23,7 +23,7 @@ src/deploy.sh -s {your_subscription_id} Once the deployment is complete, you'll be presented with a command that will clean up all of the resources that were deployed: -```bash +```plaintext INFO: Complete! INFO: All finished? Want to clean up? INFO: Try this command: @@ -55,7 +55,7 @@ deploy.sh: create all the configuration and deploy Terraform resources with mini --tier2-sub-id -2 [OPTIONAL] subscription ID for tier 2 network and resources (defaults to the value provided for -s --subscription-id) ``` -For example, if I wanted to deploy into four subscriptions (one for each network) and provide my own name for created resource, I could do so like: +For example, if I wanted to deploy into four subscriptions (one for each network) and provide my own name for created resources, I could do so like: ```bash src/deploy.sh -s {my_mlz_configuration_subscription_id} \ From 2fcbdbce17dac9fc4c37b2ddebddb6200d7228da Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Thu, 8 Apr 2021 13:24:24 +0000 Subject: [PATCH 13/20] improve docs --- src/docs/command-line-deployment.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md index 421542144..2af110a75 100644 --- a/src/docs/command-line-deployment.md +++ b/src/docs/command-line-deployment.md @@ -21,6 +21,8 @@ Interested in just getting started and seeing what this does? Login to Azure CLI src/deploy.sh -s {your_subscription_id} ``` +Deploying to another cloud? See [Quickstart in another cloud](#Quickstart-in-another-cloud) for how to do that. + Once the deployment is complete, you'll be presented with a command that will clean up all of the resources that were deployed: ```plaintext @@ -40,6 +42,8 @@ The `clean.sh` command will call Terraform destroy for all the resources Terrafo The `deploy.sh` command deploys all of the MLZ and Terraform resources, and by default, into a single subscription in Azure Commercial EastUS with a timestamped name. +#### Quickstart Arguments + If you don't wish to use those defaults, you can customize this command to target multiple subscriptions, different regions, and using different Terraform environments and azurerm configurations with the full set of arguments: ```plaintext @@ -66,6 +70,8 @@ src/deploy.sh -s {my_mlz_configuration_subscription_id} \ -z {my_mlz_environment_name} ``` +#### Quickstart in another cloud + If I needed to deploy into another cloud, say Azure Government, I would need to override the default region and default azurerm terraform environment like: ```bash From bfb8dc8467318ff7aff5b20ec5821cdc14d4e380 Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Thu, 8 Apr 2021 09:26:28 -0400 Subject: [PATCH 14/20] add links in docs --- src/docs/command-line-deployment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md index 2af110a75..c9f3d7321 100644 --- a/src/docs/command-line-deployment.md +++ b/src/docs/command-line-deployment.md @@ -72,13 +72,13 @@ src/deploy.sh -s {my_mlz_configuration_subscription_id} \ #### Quickstart in another cloud -If I needed to deploy into another cloud, say Azure Government, I would need to override the default region and default azurerm terraform environment like: +If I needed to deploy into another cloud, say Azure Government, I would need to [override the default region](https://azure.microsoft.com/en-us/global-infrastructure/geographies/#overview) and [default azurerm terraform environment](https://www.terraform.io/docs/language/settings/backends/azurerm.html#environment) like: ```bash az cloud set -n AzureUSGovernment az login src/deploy.sh -s {my_mlz_configuration_subscription_id} \ - --location usgovvirginia + --location usgovvirginia \ --tf-environment usgovernment ``` From 92436602de48195acd17b60215bb98f9281a31e7 Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Thu, 8 Apr 2021 13:32:37 +0000 Subject: [PATCH 15/20] improve docs --- src/docs/command-line-deployment.md | 31 ++++++++++++++++------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md index c9f3d7321..5f76efdcd 100644 --- a/src/docs/command-line-deployment.md +++ b/src/docs/command-line-deployment.md @@ -15,13 +15,29 @@ ### Quickstart +#### Quickstart Deploy + Interested in just getting started and seeing what this does? Login to Azure CLI and try this command to deploy MLZ with some default configuration: ```bash src/deploy.sh -s {your_subscription_id} ``` -Deploying to another cloud? See [Quickstart in another cloud](#Quickstart-in-another-cloud) for how to do that. +The `deploy.sh` command deploys all of the MLZ and Terraform resources, and by default, into a single subscription in Azure Commercial EastUS with a timestamped name. + +If I needed to deploy into another cloud, say Azure Government, I would need to [override the default region](https://azure.microsoft.com/en-us/global-infrastructure/geographies/#overview) and [default azurerm terraform environment](https://www.terraform.io/docs/language/settings/backends/azurerm.html#environment) like: + +```bash +az cloud set -n AzureUSGovernment +az login +src/deploy.sh -s {my_mlz_configuration_subscription_id} \ + --location usgovvirginia \ + --tf-environment usgovernment +``` + +For a complete list of arguments see [Quickstart Arguments](#Quickstart-Arguments). + +#### Quickstart Clean Once the deployment is complete, you'll be presented with a command that will clean up all of the resources that were deployed: @@ -40,8 +56,6 @@ src/clean.sh -z mymlzenv The `clean.sh` command will call Terraform destroy for all the resources Terraform created and delete the MLZ resources and service principal. -The `deploy.sh` command deploys all of the MLZ and Terraform resources, and by default, into a single subscription in Azure Commercial EastUS with a timestamped name. - #### Quickstart Arguments If you don't wish to use those defaults, you can customize this command to target multiple subscriptions, different regions, and using different Terraform environments and azurerm configurations with the full set of arguments: @@ -70,17 +84,6 @@ src/deploy.sh -s {my_mlz_configuration_subscription_id} \ -z {my_mlz_environment_name} ``` -#### Quickstart in another cloud - -If I needed to deploy into another cloud, say Azure Government, I would need to [override the default region](https://azure.microsoft.com/en-us/global-infrastructure/geographies/#overview) and [default azurerm terraform environment](https://www.terraform.io/docs/language/settings/backends/azurerm.html#environment) like: - -```bash -az cloud set -n AzureUSGovernment -az login -src/deploy.sh -s {my_mlz_configuration_subscription_id} \ - --location usgovvirginia \ - --tf-environment usgovernment -``` Need further customization? The rest of this documentation covers in detail how to customize this deployment to your needs. From b36a735de0ddec0c4281b64f496a8dd75fb085a1 Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Thu, 8 Apr 2021 09:40:06 -0400 Subject: [PATCH 16/20] improve docs --- src/docs/command-line-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md index 5f76efdcd..1efa5355f 100644 --- a/src/docs/command-line-deployment.md +++ b/src/docs/command-line-deployment.md @@ -30,7 +30,7 @@ If I needed to deploy into another cloud, say Azure Government, I would need to ```bash az cloud set -n AzureUSGovernment az login -src/deploy.sh -s {my_mlz_configuration_subscription_id} \ +src/deploy.sh -s {your_subscription_id} \ --location usgovvirginia \ --tf-environment usgovernment ``` From 5de2e656fd0cd5cd605a1b5d6e08d135bc4c0bee Mon Sep 17 00:00:00 2001 From: Glenn Musa <4622125+glennmusa@users.noreply.github.com> Date: Thu, 8 Apr 2021 11:19:06 -0400 Subject: [PATCH 17/20] delete tagged resources in multiple subscriptions --- src/clean.sh | 36 +++++++++++++++++++++++++++++++++++- src/mlz_tf_cfg.var.sample | 1 + 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/src/clean.sh b/src/clean.sh index 740c1cba6..4e1d37989 100755 --- a/src/clean.sh +++ b/src/clean.sh @@ -87,7 +87,41 @@ echo "INFO: destroying Terraform using ${mlz_config_file} and ${tfvars_path}..." # clean up MLZ config resources echo "INFO: cleaning up MLZ resources with tag 'DeploymentName=${mlz_env_name}'..." -az group list --tag DeploymentName="${mlz_env_name}" --query [].name -o tsv | xargs -otl az group delete -y -n + +# Create array of unique subscription IDs. The 'sed' command below search thru the source +# variables file looking for all lines that do not have a '#' in the line. If a line with +# a '#' is found, the '#' and ever character after it in the line is ignored. The output +# of what remains from the sed command is then piped to grep to find the words that match +# the pattern. These words are what make up the 'mlz_subs' array. +mlz_sub_pattern="mlz_.*._subid" +mlz_subs=$(< "${mlz_config_file}" sed 's:#.*$::g' | grep -w "${mlz_sub_pattern}") +subs=() + +for mlz_sub in $mlz_subs +do + mlz_sub_id=$(echo "${mlz_sub#*=}" | tr -d '"') + if [[ ! "${subs[*]}" =~ ${mlz_sub_id} ]];then + subs+=("${mlz_sub_id}") + fi +done + +# delete resource groups where deploymentname is mlz_env_name in each subscription +for sub in "${subs[@]}"; +do + rgs_to_delete=$(az group list --subscription ${sub} --tag DeploymentName="${mlz_env_name}" --query [].name -o tsv) + for rg in $rgs_to_delete; + do + echo "INFO: deleting ${rg}..." + + az group delete \ + --name "${rg}" \ + --yes \ + --only-show-errors \ + --output none + done +done echo "INFO: deleting service principal ${mlz_sp_name}..." az ad sp delete --id "http://${mlz_sp_name}" + +echo "INFO: Complete! Resources for ${mlz_env_name} deleted!" diff --git a/src/mlz_tf_cfg.var.sample b/src/mlz_tf_cfg.var.sample index 9092fb5e7..d9a6652bb 100644 --- a/src/mlz_tf_cfg.var.sample +++ b/src/mlz_tf_cfg.var.sample @@ -1,6 +1,7 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. tf_environment="{TF_ENVIRONMENT}" # https://www.terraform.io/docs/language/settings/backends/azurerm.html#environment +mlz_metadatahost="{MLZ_METADATAHOST}" mlz_env_name="{MLZ_ENV_NAME}" # Unique name for MLZ environment mlz_config_subid="{MLZ_CONFIG_SUBID}" # Subscription ID for MissionLZ configuration resources mlz_config_location="{MLZ_CONFIG_LOCATION}" # Azure Region for deploying Mission LZ configuration resources From 49243f87e2d620521520cc9bc25a0a489acf372d Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Thu, 8 Apr 2021 11:42:45 -0400 Subject: [PATCH 18/20] docs linting --- src/docs/command-line-deployment.md | 1 - 1 file changed, 1 deletion(-) diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md index 1efa5355f..d7818af0e 100644 --- a/src/docs/command-line-deployment.md +++ b/src/docs/command-line-deployment.md @@ -84,7 +84,6 @@ src/deploy.sh -s {my_mlz_configuration_subscription_id} \ -z {my_mlz_environment_name} ``` - Need further customization? The rest of this documentation covers in detail how to customize this deployment to your needs. ### Configure the Terraform Backend From a1967985b3bfa2646fd9124a37b446ba44446fed Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Thu, 8 Apr 2021 17:47:08 +0000 Subject: [PATCH 19/20] update with cli prerequisites --- src/docs/command-line-deployment.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md index d7818af0e..0eb46ac24 100644 --- a/src/docs/command-line-deployment.md +++ b/src/docs/command-line-deployment.md @@ -17,15 +17,21 @@ #### Quickstart Deploy -Interested in just getting started and seeing what this does? Login to Azure CLI and try this command to deploy MLZ with some default configuration: +Interested in just getting started and seeing what this does? Login to Azure CLI and try this command to deploy Mission LZ with some default configuration: ```bash src/deploy.sh -s {your_subscription_id} ``` +> **NOTE** This implies some software pre-requisites. We highly [recommend using the .devcontainer](https://github.com/Azure/missionlz/blob/main/src/docs/getting-started.md#use-the-development-container-for-command-line-deployments) described in this repository to make thing easier. However, deploying Mission LZ via BASH shell is possible with these minimum requirements: +> +> - An Azure Subscription where you have ['Owner' RBAC permissions]() +> - The current version of Azure CLI (you can check this with `az cli -v` or see ) +> - Terraform CLI version > v0.13.4 (you can check this with `terraform -v` or see ) + The `deploy.sh` command deploys all of the MLZ and Terraform resources, and by default, into a single subscription in Azure Commercial EastUS with a timestamped name. -If I needed to deploy into another cloud, say Azure Government, I would need to [override the default region](https://azure.microsoft.com/en-us/global-infrastructure/geographies/#overview) and [default azurerm terraform environment](https://www.terraform.io/docs/language/settings/backends/azurerm.html#environment) like: +If you needed to deploy into another cloud, say Azure Government, you would [override the default region](https://azure.microsoft.com/en-us/global-infrastructure/geographies/#overview) and [default azurerm terraform environment](https://www.terraform.io/docs/language/settings/backends/azurerm.html#environment) like: ```bash az cloud set -n AzureUSGovernment From 321f41d4ea5eeec2808512a857df61b5ce4f188c Mon Sep 17 00:00:00 2001 From: Glenn Musa Date: Thu, 8 Apr 2021 17:49:29 +0000 Subject: [PATCH 20/20] improve docs --- src/docs/command-line-deployment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md index 0eb46ac24..ab8eac5f8 100644 --- a/src/docs/command-line-deployment.md +++ b/src/docs/command-line-deployment.md @@ -26,8 +26,8 @@ src/deploy.sh -s {your_subscription_id} > **NOTE** This implies some software pre-requisites. We highly [recommend using the .devcontainer](https://github.com/Azure/missionlz/blob/main/src/docs/getting-started.md#use-the-development-container-for-command-line-deployments) described in this repository to make thing easier. However, deploying Mission LZ via BASH shell is possible with these minimum requirements: > > - An Azure Subscription where you have ['Owner' RBAC permissions]() -> - The current version of Azure CLI (you can check this with `az cli -v` or see ) -> - Terraform CLI version > v0.13.4 (you can check this with `terraform -v` or see ) +> - The current version of Azure CLI (try `az cli -v` or see ) +> - Terraform CLI version > v0.13.4 (try `terraform -v` or see ) The `deploy.sh` command deploys all of the MLZ and Terraform resources, and by default, into a single subscription in Azure Commercial EastUS with a timestamped name.