/az-vm-suse-docker

SUSE Linux Enterprise Server with Docker Compose running on Azure VM

Primary LanguageHCLMIT LicenseMIT

Azure VM: SLES + Docker + Azure Artifacts

SUSE Linux Enterprise Server deployment with Docker Compose on Azure VMs.

Deployment

Generate the temporary keys to be used:

ssh-keygen -f modules/suse/id_rsa

Create the .auto.tfvars file from the template:

# Choose your distro
cp templates/suse(15|12).auto.tfvars .auto.tfvars

Create the resources:

terraform init
terraform apply -auto-approve

Connect to the virtual machine:

ssh -i modules/suse/id_rsa suseadmin@<<PUBLIC-IP>>

Check cloud-init:

cloud-init status

Azure Artifacts

Azure DevOps setup

Create an Artifact Feed of type Universal Packages in an ADO project.

💡 For practical implementation of this project, it is possible to select all members. However, implement minimal privilege in production.

You must give Contributor permissions for the pipeline to publish packages. Check the Pipelines permissions sections for more information.

Now create a pipeline on ADO using azure-pipeline.yaml as a template. Add the variables projectName and feedName accordingly.

Run the pipeline and confirm that the artifact has been generated.

VM access to ADO

Add the VM System-Assigned identity to Azure DevOps.

When logged into the VM, login with the VM Managed Identity:

az login --identity --allow-no-subscriptions

The Azure DevOps Extension for the CLI is already installed via userdata.

It is necessary to run additional commands to allow a Managed Identity to connect to Azure DevOps. Follow the documentation to implemented that.

CNI

To enable containers with advanced features, such as service endpoints, you need the CNI.

More information on how to deploy the plugin and the project on GitHub.

Crontab (SUSE 12)

Following tutorial 1 and tutorial 2, install Nginx.

This was tested on SUSE 12 only

Prepare the installation:

sudo zypper addrepo -G -t yum -c 'http://nginx.org/packages/sles/12' nginx
wget http://nginx.org/keys/nginx_signing.key
sudo rpm --import nginx_signing.key

Install Nginx:

sudo zypper install nginx

Commands to control Nginx:

sudo systemctl start nginx
sudo systemctl restart nginx
sudo systemctl stop nginx
sudo systemctl status nginx

Instead of enabling the service directly, let's configure a crontab.

Create a file named /opt/start-nginx.sh:

echo "Starting NGINX"
sudo systemctl start nginx
echo "Completed starting NGINX"

Add the required permissions:

chmod +x /opt/start-nginx.sh

Edit the crontab:

crontab -e

Set the script path:

@reboot /opt/start-nginx.sh

Crontab logs can be view with the journal:

journalctl --no-hostname --output=short-precise | grep -i cron

Clean-up

terraform destroy -auto-approve