diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf index f2af821a..f807ac9c 100644 --- a/modules/dns/variables.tf +++ b/modules/dns/variables.tf @@ -6,11 +6,6 @@ variable "resource_group_name" { variable "resource_name_prefix" { description = "Resource name prefix used for tagging and naming Azure resources" type = string - - validation { - condition = can(regex("^[a-zA-Z0-9-]+$", var.resource_name_prefix)) && !can(regex("^-", var.resource_name_prefix)) - error_message = "Resource name prefix cannot start with a hyphen and can only contain letters, numbers, and hyphens." - } } variable "identity_name" { diff --git a/modules/vm/templates/entrypoint.sh.tpl b/modules/vm/templates/entrypoint.sh.tpl index c9bc2a24..25ffa857 100644 --- a/modules/vm/templates/entrypoint.sh.tpl +++ b/modules/vm/templates/entrypoint.sh.tpl @@ -28,11 +28,11 @@ ATTACHED_DISK=$(az vmss list-instances --resource-group "$RESOURCE_GROUP" --name if [ -z "$ATTACHED_DISK" ]; then for i in $(seq 1 6); do - # Wait for existing disks in the VMSS which are unattached - existingUnattachedDisk=$( - az disk list --resource-group $RESOURCE_GROUP \ - --query "[?diskState=='Unattached' && starts_with(name, 'Disk-$${RESOURCE_GROUP}') && zones[0]=='$${ZONE_ID}'].{Name:name}" \ - --output tsv + # Wait for existing disks in the VMSS which are unattached + existingUnattachedDisk=$( + az disk list --resource-group $RESOURCE_GROUP \ + --query "[?diskState=='Unattached' && starts_with(name, 'Disk-$${RESOURCE_GROUP}') && zones[0]=='$${ZONE_ID}'].{Name:name}" \ + --output tsv ) if [ -z "$${existingUnattachedDisk:-}" ]; then @@ -53,44 +53,38 @@ if [ -z "$ATTACHED_DISK" ]; then DISK_NAME="Disk-$${RESOURCE_GROUP}-$${ZONE_ID}-$${DISK_ORDER}" az disk create --resource-group $RESOURCE_GROUP \ - --name $DISK_NAME \ - --size-gb $DISK_SIZE_GB \ - --location $REGION_ID \ - --sku PremiumV2_LRS \ - --zone $ZONE_ID \ - --os-type Linux \ - --disk-iops-read-write $DISK_IOPS \ - --disk-mbps-read-write $DISK_THROUGHPUT \ - --tags createdBy=$INSTANCE_HOSTNAME \ - --public-network-access Disabled \ - --network-access-policy DenyAll + --name $DISK_NAME \ + --size-gb $DISK_SIZE_GB \ + --location $REGION_ID \ + --sku PremiumV2_LRS \ + --zone $ZONE_ID \ + --os-type Linux \ + --disk-iops-read-write $DISK_IOPS \ + --disk-mbps-read-write $DISK_THROUGHPUT \ + --tags createdBy=$INSTANCE_HOSTNAME \ + --public-network-access Disabled \ + --network-access-policy DenyAll fi - # Checks if a managed disk is attached to the instance - ATTACHED_DISK=$(az vmss list-instances --resource-group "$RESOURCE_GROUP" --name "$VMSS_NAME" --query "[?instanceId=='$INSTANCE_ID'].storageProfile.dataDisks[].name" --output tsv) - - if [ -z "$ATTACHED_DISK" ]; then - echo "No data disks attached for instance ID $INSTANCE_ID in VMSS $VMSS_NAME." - # Try to attach an existing managed disk - availableDisks=$(az disk list --resource-group $RESOURCE_GROUP --query "[?diskState=='Unattached' && starts_with(name, 'Disk-$${RESOURCE_GROUP}') && zones[0]=='$${ZONE_ID}'].{Name:name}" --output tsv) - echo "Attaching available disk $availableDisks." - # Set Internal Field Separator to newline to handle spaces in names - IFS=$'\n' - # Would iterate through all available disks and attempt to attach them - for availableDisk in $availableDisks; do - az vmss disk attach --vmss-name $VMSS_NAME --resource-group $RESOURCE_GROUP --instance-id $INSTANCE_ID --lun $LUN --disk "$availableDisk" || true - done - fi + # Try to attach an existing managed disk + availableDisks=$(az disk list --resource-group $RESOURCE_GROUP --query "[?diskState=='Unattached' && starts_with(name, 'Disk-$${RESOURCE_GROUP}') && zones[0]=='$${ZONE_ID}'].{Name:name}" --output tsv) + echo "Attaching available disk $availableDisks." + # Set Internal Field Separator to newline to handle spaces in names + IFS=$'\n' + # Would iterate through all available disks and attempt to attach them + for availableDisk in $availableDisks; do + az vmss disk attach --vmss-name $VMSS_NAME --resource-group $RESOURCE_GROUP --instance-id $INSTANCE_ID --lun $LUN --disk "$availableDisk" || true + done fi # Gets device name based on LUN graphdb_device=$(lsscsi --scsi --size | awk '/\[1:.*:0:2\]/ {print $7}') # Check if the device is present after attaching the disk if [ -b "$graphdb_device" ]; then - echo "Device $graphdb_device is available." + echo "Device $graphdb_device is available." else - echo "Device $graphdb_device is not available. Something went wrong." - exit 1 + echo "Device $graphdb_device is not available. Something went wrong." + exit 1 fi # create a file system if there isn't any @@ -107,7 +101,7 @@ if ! mount | grep -q "$graphdb_device"; then # Add an entry to the fstab file to automatically mount the disk if ! grep -q "$graphdb_device" /etc/fstab; then - echo "$graphdb_device $disk_mount_point ext4 defaults 0 2" >> /etc/fstab + echo "$graphdb_device $disk_mount_point ext4 defaults 0 2" >>/etc/fstab fi # Mount the disk @@ -127,11 +121,11 @@ chown -R graphdb:graphdb /var/opt/graphdb # DNS hack # This provides stable network addresses for GDB instances in Azure VMSS # -IP_ADDRESS=$(hostname -I | xargs) +IP_ADDRESS=$(hostname -I | awk '{print $1}') for i in $(seq 1 6); do -# Waits for DNS zone to be created and role assigned -DNS_ZONE_NAME=$(az network private-dns zone list --query "[].name" --output tsv) + # Waits for DNS zone to be created and role assigned + DNS_ZONE_NAME=$(az network private-dns zone list --query "[].name" --output tsv) if [ -z "$${DNS_ZONE_NAME:-}" ]; then echo 'Zone not available yet' sleep 10 @@ -153,16 +147,16 @@ HIGHEST_INSTANCE_ID=$${SORTED_INSTANCE_IDs[2]} # Will ping a DNS record, if no response is returned, will update the DNS record with the IP of the instance ping_and_set_dns_record() { - local dns_record="$1" - echo "Pinging $dns_record" - if ping -c 5 "$dns_record"; then - echo "Ping successful" - else - echo "Ping failed for $dns_record" - # Extracts the record name - RECORD_NAME=$(echo "$dns_record" | awk -F'.' '{print $1}') - az network private-dns record-set a update --resource-group $RESOURCE_GROUP --zone-name $DNS_ZONE_NAME --name $RECORD_NAME --set ARecords[0].ipv4Address="$IP_ADDRESS" - fi + local dns_record="$1" + echo "Pinging $dns_record" + if ping -c 5 "$dns_record"; then + echo "Ping successful" + else + echo "Ping failed for $dns_record" + # Extracts the record name + RECORD_NAME=$(echo "$dns_record" | awk -F'.' '{print $1}') + az network private-dns record-set a update --resource-group $RESOURCE_GROUP --zone-name $DNS_ZONE_NAME --name $RECORD_NAME --set ARecords[0].ipv4Address="$IP_ADDRESS" + fi } # assign DNS record name based on instanceId @@ -204,14 +198,14 @@ az keyvault secret download --vault-name ${key_vault_name} --name graphdb-licens graphdb_cluster_token=$(az keyvault secret show --vault-name ${key_vault_name} --name graphdb-cluster-token | jq -rj .value | base64 -d) # TODO: where is the vhost here? -cat << EOF > /etc/graphdb/graphdb.properties +cat </etc/graphdb/graphdb.properties graphdb.auth.token.secret=$graphdb_cluster_token graphdb.connector.port=7200 graphdb.external-url=http://$${node_dns}:7200/ graphdb.rpc.address=$${node_dns}:7300 EOF -cat << EOF > /etc/graphdb-cluster-proxy/graphdb.properties +cat </etc/graphdb-cluster-proxy/graphdb.properties graphdb.auth.token.secret=$graphdb_cluster_token graphdb.connector.port=7201 graphdb.external-url=https://${graphdb_external_address_fqdn} @@ -231,7 +225,7 @@ jvm_max_memory=$(echo "$total_memory_gb * 0.85" | bc | cut -d'.' -f1) mkdir -p /etc/systemd/system/graphdb.service.d/ -cat << EOF > /etc/systemd/system/graphdb.service.d/overrides.conf +cat </etc/systemd/system/graphdb.service.d/overrides.conf [Service] Environment="GDB_HEAP_SIZE=$${jvm_max_memory}g" EOF @@ -240,7 +234,7 @@ EOF # Appends configuration overrides to graphdb.properties if [[ $secrets == *"graphdb-properties"* ]]; then echo "Using graphdb.properties overrides" - az keyvault secret show --vault-name ${key_vault_name} --name graphdb-properties | jq -rj .value | base64 -d >> /etc/graphdb/graphdb.properties + az keyvault secret show --vault-name ${key_vault_name} --name graphdb-properties | jq -rj .value | base64 -d >>/etc/graphdb/graphdb.properties fi # Appends environment overrides to GDB_JAVA_OPTS @@ -249,13 +243,13 @@ if [[ $secrets == *"graphdb-java-options"* ]]; then extra_graphdb_java_options=$(az keyvault secret show --vault-name ${key_vault_name} --name graphdb-java-options | jq -rj .value | base64 -d) ( source /etc/graphdb/graphdb.env - echo "GDB_JAVA_OPTS=$GDB_JAVA_OPTS $extra_graphdb_java_options" >> /etc/graphdb/graphdb.env + echo "GDB_JAVA_OPTS=$GDB_JAVA_OPTS $extra_graphdb_java_options" >>/etc/graphdb/graphdb.env ) fi # Configure the GraphDB backup cron job -cat <<-EOF > /usr/bin/graphdb_backup +cat <<-EOF >/usr/bin/graphdb_backup #!/bin/bash set -euxo pipefail @@ -320,10 +314,10 @@ GRAPHDB_ADMIN_PASSWORD="$(az keyvault secret show --vault-name ${key_vault_name} check_gdb() { local gdb_address="$1:7200/protocol" - if curl -s --head -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" --fail $gdb_address > /dev/null; then - return 0 # Success, endpoint is available + if curl -s --head -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" --fail $gdb_address >/dev/null; then + return 0 # Success, endpoint is available else - return 1 # Endpoint not available yet + return 1 # Endpoint not available yet fi } @@ -339,22 +333,25 @@ wait_dns_records() { wait_dns_records if [ "$INSTANCE_ID" == "$${LOWEST_INSTANCE_ID}" ]; then - for record in "$${ALL_FQDN_RECORDS[@]}"; do - echo $record - # Removes the '.' at the end of the DNS address - cleanedAddress=$${record%?} - while ! check_gdb $cleanedAddress ; do - echo "Waiting for GDB $record to start" - sleep 5 - done + for record in "$${ALL_FQDN_RECORDS[@]}"; do + echo $record + # Removes the '.' at the end of the DNS address + cleanedAddress=$${record%?} + while ! check_gdb $cleanedAddress; do + echo "Waiting for GDB $record to start" + sleep 5 done + done echo "All GDB instances are available. Creating cluster" # Checks if the cluster already exists is_cluster=$(curl -s -o /dev/null -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" -w "%%{http_code}" http://localhost:7200/rest/monitor/cluster) if [ "$is_cluster" != 200 ]; then - curl -X POST -H 'Content-type: application/json' -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" http://localhost:7200/rest/cluster/config -d "{\"nodes\": [\"node-1.$${DNS_ZONE_NAME}:7300\",\"node-2.$${DNS_ZONE_NAME}:7300\",\"node-3.$${DNS_ZONE_NAME}:7300\"]}" + curl -X POST http://localhost:7200/rest/cluster/config \ + -H 'Content-type: application/json' \ + -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" \ + -d "{\"nodes\": [\"node-1.$${DNS_ZONE_NAME}:7300\",\"node-2.$${DNS_ZONE_NAME}:7300\",\"node-3.$${DNS_ZONE_NAME}:7300\"]}" else echo "Cluster exists" fi @@ -367,14 +364,14 @@ security_enabled=$(curl -s -X GET --header 'Accept: application/json' -u "admin: # Check if GDB security is enabled if [[ $security_enabled == "true" ]]; then - echo "Security is enabled" + echo "Security is enabled" else - # Set the admin password - curl --location --request PATCH 'http://localhost:7200/rest/security/users/admin' \ + # Set the admin password + curl --location --request PATCH 'http://localhost:7200/rest/security/users/admin' \ --header 'Content-Type: application/json' \ --data "{ \"password\": \"$${GRAPHDB_ADMIN_PASSWORD}\" }" - # Enable the security - curl -X POST --header 'Content-Type: application/json' --header 'Accept: */*' -d 'true' 'http://localhost:7200/rest/security' + # Enable the security + curl -X POST --header 'Content-Type: application/json' --header 'Accept: */*' -d 'true' 'http://localhost:7200/rest/security' fi echo "Script completed." diff --git a/variables.tf b/variables.tf index 7e83cb9a..e740b410 100644 --- a/variables.tf +++ b/variables.tf @@ -3,6 +3,11 @@ variable "resource_name_prefix" { description = "Resource name prefix used for tagging and naming Azure resources" type = string + + validation { + condition = can(regex("^[a-zA-Z0-9-]+$", var.resource_name_prefix)) && !can(regex("^-", var.resource_name_prefix)) + error_message = "Resource name prefix cannot start with a hyphen and can only contain letters, numbers, and hyphens." + } } variable "location" {