From acf5bf63f8fb7ac7268e4bab3db6859788b37b93 Mon Sep 17 00:00:00 2001 From: Murat Ugur Eminoglu Date: Fri, 19 Apr 2024 01:45:25 +0300 Subject: [PATCH 1/2] Add terraform files for Marketplace --- terraform/GCP/main.tf | 89 +++++++++++++++++++++++++++++++++++ terraform/GCP/provider.tf | 6 +++ terraform/GCP/variables.tf | 64 +++++++++++++++++++++++++ terraform/README.md | 40 ++++++++++++++++ terraform/do/init.sh | 32 +++++++++++++ terraform/do/main.tf | 95 ++++++++++++++++++++++++++++++++++++++ terraform/do/provider.tf | 12 +++++ terraform/do/variables.tf | 26 +++++++++++ 8 files changed, 364 insertions(+) create mode 100644 terraform/GCP/main.tf create mode 100644 terraform/GCP/provider.tf create mode 100644 terraform/GCP/variables.tf create mode 100644 terraform/README.md create mode 100644 terraform/do/init.sh create mode 100644 terraform/do/main.tf create mode 100644 terraform/do/provider.tf create mode 100644 terraform/do/variables.tf diff --git a/terraform/GCP/main.tf b/terraform/GCP/main.tf new file mode 100644 index 00000000..7a342fe6 --- /dev/null +++ b/terraform/GCP/main.tf @@ -0,0 +1,89 @@ +resource "google_compute_instance" "ams-marketplace" { + + name = "ams-marketplace-${var.ams_version}" + machine_type = var.machine_type + zone = var.zone + tags = ["allow-all"] + boot_disk { + initialize_params { + image = var.image + } + } + network_interface { + network = "default" + access_config { + + } + } + + metadata = { + ssh-keys = "${var.user}:${file(var.publickeypath)}" + } +} + +resource "google_compute_firewall" "ams-allow_port_5080" { + name = "ams-allow-port-5080" + network = "default" + + allow { + protocol = "tcp" + ports = ["5080"] + } + + source_ranges = ["0.0.0.0/0"] +} + +resource "null_resource" "ams-marketplace-setup" { + provisioner "remote-exec" { + connection { + type = "ssh" + user = var.user + host = google_compute_instance.ams-marketplace.network_interface[0].access_config[0].nat_ip + private_key = file(var.privatekeypath) + } + inline = [ + "sudo sed -i 's/#\\$nrconf{kernelhints} = -1;/\\$nrconf{kernelhints} = -1;/g' /etc/needrestart/needrestart.conf", + "echo 'NEEDRESTART_SUSPEND=1' >> /etc/environment", + "sudo source /etc/environment", + "sudo apt-get update", + "sudo apt-get dist-upgrade -y", + "wget https://raw.githubusercontent.com/ant-media/Scripts/master/install_ant-media-server.sh", + "curl -L 'https://drive.usercontent.google.com/download?id=${var.zip_file_id}&export=download&confirm=t' -o 'ams.zip'", + "sudo bash ./install_ant-media-server.sh -i ams.zip", + "sudo sed -i 's/server.marketplace=.*/server.marketplace=gcp/g' /usr/local/antmedia/conf/red5.properties", + "sudo systemctl stop antmedia", + "sudo rm -rf /usr/local/antmedia/conf/instanceId", + "sudo rm -rf /usr/local/antmedia/*.db.* && sudo rm -rf /usr/local/antmedia/*.db", + "sudo rm -rf /root/*.zip && sudo rm -rf /root/install*", + "sudo rm -rf /root/.ssh", + ] + } +} + +resource "null_resource" "stop_instance" { + provisioner "local-exec" { + command = "gcloud compute instances stop ams-marketplace-${var.ams_version} --project=${var.project} --zone=${var.zone}" + } + depends_on = [null_resource.ams-marketplace-setup] +} + + +resource "google_compute_image" "ams_marketplace_image" { + name = "ams-marketplace-${var.ams_version}" + source_disk = "projects/antmedia-dev/zones/${var.zone}/disks/ams-marketplace-${var.ams_version}" + licenses = ["projects/${var.public_project}/global/licenses/cloud-marketplace-211adc9aa41170ec-df1ebeb69c0ba664"] + description = "AMS-ams-marketplace-${var.ams_version}" + project = "${var.public_project}" + depends_on = [null_resource.stop_instance] +} + + +resource "google_compute_image_iam_binding" "iam" { + image = "projects/${var.public_project}/global/images/ams-marketplace-${var.ams_version}" + role = "roles/compute.imageUser" + + members = [ + "allAuthenticatedUsers" + ] + depends_on = [google_compute_image.ams_marketplace_image] +} diff --git a/terraform/GCP/provider.tf b/terraform/GCP/provider.tf new file mode 100644 index 00000000..16553a49 --- /dev/null +++ b/terraform/GCP/provider.tf @@ -0,0 +1,6 @@ +provider "google" { +# credentials = file("antmedia-dev.json") + project = var.project + region = var.region + zone = var.zone +} \ No newline at end of file diff --git a/terraform/GCP/variables.tf b/terraform/GCP/variables.tf new file mode 100644 index 00000000..c48a47c3 --- /dev/null +++ b/terraform/GCP/variables.tf @@ -0,0 +1,64 @@ +variable "project" { + type = string + description = "The project ID to deploy to" + default = "antmedia-dev" +} + +variable "public_project" { + type = string + description = "The project ID to deploy to" + default = "antmedia-public-385620" +} + + +variable "region" { + type = string + description = "The region to deploy to" + default = "us-central1" + +} + +variable "zone" { + type = string + description = "The zone to deploy to" + default = "us-central1-a" +} + +variable "machine_type" { + type = string + description = "The machine type to deploy to" + default = "e2-medium" +} + +variable "image" { + type = string + description = "The image to deploy to" + default = "ubuntu-os-cloud/ubuntu-2204-lts" +} + +variable "ams_version" { + type = string + description = "Version number of AMS" +} + +variable "publickeypath" { + type = string + default = "./ssh/id_rsa.pub" +} + +variable "privatekeypath" { + type = string + default = "./ssh/id_rsa" +} + +variable "user" { + type = string + default = "root" + +} + +variable "zip_file_id" { + description = "Google drive ID" + type = string + #default = "xxxxxxx" +} diff --git a/terraform/README.md b/terraform/README.md new file mode 100644 index 00000000..a78d735c --- /dev/null +++ b/terraform/README.md @@ -0,0 +1,40 @@ +# GCP + +1. Log in first +``` +gcloud auth application-default login +``` +2. Create a file called terraforms.tfvars and add the following variables +``` +zip_file_id = "" +ams_version = "" + +``` +3. Generate a new SSH key +``` +ssh-keygen -t rsa -f ./ssh/id_rsa +``` +# DO + +1. First create a DO token + +2. Create a file called terraforms.tfvars and add the following variables + +``` +zip_file_id = "" +do_token = "" +ams_version = "" +``` +3. Generate a new SSH key +``` +ssh-keygen -t rsa -f ./ssh/id_rsa +``` + +## Make sure everything works properly +``` +terraform plan +``` +## Install the deployments +``` +terraform apply -auto-approve +``` \ No newline at end of file diff --git a/terraform/do/init.sh b/terraform/do/init.sh new file mode 100644 index 00000000..84cf9d81 --- /dev/null +++ b/terraform/do/init.sh @@ -0,0 +1,32 @@ +#!/bin/bash +sudo sed -i 's/#\\$nrconf{kernelhints} = -1;/\\$nrconf{kernelhints} = -1;/g' /etc/needrestart/needrestart.conf +echo 'NEEDRESTART_SUSPEND=1' >> /etc/environment +sudo source /etc/environment +sudo apt-get update +sudo DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y +sudo apt-get purge droplet-agent -y +sudo ufw default deny incoming +sudo ufw default allow outgoing +sudo ufw allow 22/tcp +sudo ufw allow 443/tcp +sudo ufw allow 80/tcp +sudo ufw allow 5080/tcp +sudo ufw allow 1935/tcp +sudo ufw allow 5443/tcp +sudo ufw allow 50000:65000/udp +sudo ufw allow 4200/udp +echo "y" | sudo ufw enable +sudo systemctl stop antmedia +sudo sed -i 's/server.marketplace=.*/server.marketplace=do/g' /usr/local/antmedia/conf/red5.properties +sudo rm -rf /root/.ssh +sudo rm -rf /usr/local/antmedia/conf/instanceId +sudo rm -rf /usr/local/antmedia/*.db.* +sudo rm -rf /usr/local/antmedia/*.db +sudo rm -rf /root/*.zip && rm -rf /root/install* + +wget https://raw.githubusercontent.com/digitalocean/marketplace-partners/master/scripts/90-cleanup.sh +wget https://raw.githubusercontent.com/digitalocean/marketplace-partners/master/scripts/99-img-check.sh + +bash 90-cleanup.sh +bash 99-img-check.sh +history -c diff --git a/terraform/do/main.tf b/terraform/do/main.tf new file mode 100644 index 00000000..a2f426e9 --- /dev/null +++ b/terraform/do/main.tf @@ -0,0 +1,95 @@ +resource "digitalocean_ssh_key" "default" { + name = "Terraform_Temp" + public_key = file("./ssh/id_rsa.pub") +} + +resource "digitalocean_droplet" "enterprise" { + count = var.do_droplet_enable ? 1 : 0 + image = var.do_image + name = "ams-server-enterprise" + region = var.do_region + size = var.do_instance_type + ssh_keys = [digitalocean_ssh_key.default.fingerprint] + + provisioner "file" { + source = "init.sh" + destination = "/tmp/init.sh" + + connection { + type = "ssh" + user = "root" + private_key = file("./ssh/id_rsa") + host = digitalocean_droplet.enterprise[count.index].ipv4_address + } + + } + + + provisioner "remote-exec" { + inline = [ + "sudo apt-get purge droplet-agent -y", + "wget https://raw.githubusercontent.com/ant-media/Scripts/master/install_ant-media-server.sh", + "curl -L 'https://drive.usercontent.google.com/download?id=${var.zip_file_id}&export=download&confirm=t' -o 'ams.zip'", + "bash install_ant-media-server.sh -i ams.zip", + "bash /tmp/init.sh", + ] + + connection { + type = "ssh" + user = "root" + private_key = file("./ssh/id_rsa") + host = digitalocean_droplet.enterprise[count.index].ipv4_address + } + } +} + +resource "digitalocean_droplet_snapshot" "ams-enterprise-snapshot" { + count = var.do_droplet_enable ? 1 : 0 + droplet_id = digitalocean_droplet.enterprise[count.index].id + name = "ams-enterprise-snapshot-01" +} + +resource "digitalocean_droplet" "community" { + count = var.do_droplet_enable ? 1 : 0 + image = var.do_image + name = "ams-server-community" + region = var.do_region + size = var.do_instance_type + ssh_keys = [digitalocean_ssh_key.default.fingerprint] + + provisioner "file" { + source = "init.sh" + destination = "/tmp/init.sh" + + connection { + type = "ssh" + user = "root" + private_key = file("./ssh/id_rsa") + host = digitalocean_droplet.community[count.index].ipv4_address + } + + } + + + provisioner "remote-exec" { + inline = [ + "sudo apt-get purge droplet-agent -y", + "wget https://raw.githubusercontent.com/ant-media/Scripts/master/install_ant-media-server.sh", + "bash install_ant-media-server.sh", + "bash /tmp/init.sh", + ] + + connection { + type = "ssh" + user = "root" + private_key = file("./ssh/id_rsa") + host = digitalocean_droplet.community[count.index].ipv4_address + } + } +} + +resource "digitalocean_droplet_snapshot" "ams-community-snapshot" { + count = var.do_droplet_enable ? 1 : 0 + droplet_id = digitalocean_droplet.community[count.index].id + name = "ams-community-snapshot-01" +} diff --git a/terraform/do/provider.tf b/terraform/do/provider.tf new file mode 100644 index 00000000..f296b17b --- /dev/null +++ b/terraform/do/provider.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "~> 2.0" + } + } +} + +provider "digitalocean"{ + token = var.do_token +} \ No newline at end of file diff --git a/terraform/do/variables.tf b/terraform/do/variables.tf new file mode 100644 index 00000000..4a3a1c16 --- /dev/null +++ b/terraform/do/variables.tf @@ -0,0 +1,26 @@ +variable "do_token" { + type = string +} + +variable "do_droplet_enable" { + default = true +} + +variable "do_region" { + default = "fra1" +} + +variable "do_instance_type" { + default = "c-2" +} + +variable "do_image" { + default = "ubuntu-22-04-x64" +} + +variable "zip_file_id" { + description = "Google drive ID" + type = string + #default = "xxxxxxx" +} + From 05633d8468e498327bf35ff5a06dc601861786eb Mon Sep 17 00:00:00 2001 From: Murat Ugur Eminoglu Date: Fri, 19 Apr 2024 08:23:38 +0300 Subject: [PATCH 2/2] Update README.md --- terraform/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/terraform/README.md b/terraform/README.md index a78d735c..6e694ced 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -12,6 +12,7 @@ ams_version = "" ``` 3. Generate a new SSH key ``` +mkdir ./ssh ssh-keygen -t rsa -f ./ssh/id_rsa ``` # DO @@ -27,6 +28,7 @@ ams_version = "" ``` 3. Generate a new SSH key ``` +mkdir ./ssh ssh-keygen -t rsa -f ./ssh/id_rsa ``` @@ -37,4 +39,4 @@ terraform plan ## Install the deployments ``` terraform apply -auto-approve -``` \ No newline at end of file +```