Installation
AosCloud Azure project
AosEdge cloud infrastructure is dep- loyed with Terraform and requires a few manual steps. This document assumes to use the Ubuntu system. It is possible to use other Linux-like systems, but this document only covers the Ubuntu system.
Currently, AosEdge Azure infrastructure installation supports 3 predefined environments:
- dev
- stage
- prod
Note: You can use both one environment or three, depending on your needs. We recommend using stage and prod environments
Prerequisites
- Container registry to transfer AosEdge images.
- Email account for the AosEdge application notifications.
- Domain name
- The certificate for the domain has 4 options:
- Pre-bought wildcard domain certificate
- Letsencrypt certificate (automatically obtains)
- Issued by AosCloud CA
- Issued by Enterprise CA
- Infrastructure repository on Gitlab
- Kubernetes repository on Gitlab
- Azure CLI
- Azure extension graph
- Terraform CLI
- Terraform code provided by AosEdge team
- Administrative rights for the Azure subscription
Install Azure CLI
sudo apt-get update
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg jq
curl -sL https://packages.microsoft.com/keys/microsoft.asc |
gpg --dearmor |
sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
AZ_REPO=$(lsb_release -cs)
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |
sudo tee /etc/apt/sources.list.d/azure-cli.list
sudo apt-get update
sudo apt-get install azure-cli
Install Terraform
sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install terraform
Install Azure extension graph
az extension add --name resource-graph
Start working with the AosEdge project
This AosEdge project contains Terraform code, scripts, and Gitlab code
Installation flow
- setup
- infrastructure
- configuration
- image_build
Setup installation
The initial installation step "setup" starts locally. It assumes of creation the basic infrastructure background for the further installation
- Move to the "terraform/setup/gitlab/<environment>" directory
- Configure environment-wide variables in the "configuration-<environment>.auto.tfvars" file. To prevent committing sensitive data Terraform accepts variables from the environment or via the Terraform CLI
or
export TF_VAR_terraform_gitlab_repo_token="XXXXXXXX"
export TF_VAR_smtp_mail_server_login="XXXXXXXX"
export TF_VAR_smtp_mail_server_password="XXXXXXXX"
az login
terraform applyaz login
terraform apply \
-var="terraform_gitlab_repo_token="XXXXXXX" \
-var="smtp_mail_server_login="XXXXXXX" \
-var="smtp_mail_server_password="XXXXXXX"
The setup code creates:
- Resource group terraform
- Resource group base
- Resource group message-queue
- Storage account for the Terraform remote state
- Key Vault for the Terraform sensitive data
- Network base
- Network message-queue
- Virtual machine with gitlab-runner
- Identities and permissions
- Variables for the future running with Gitlab CI/CD
After work is done, you can move Terraform tfstate files to the Azure storage account with the command below
az login
export ARM_SAS_TOKEN=$(az keyvault secret show --vault-name <project_name>-<environment>-keys2 -n SasToken --query value -o tsv)
terraform init \
-backend-config 'container_name=terraform' \
-backend-config 'storage_account_name=<project_name><environment><name>' \
-backend-config 'resource_group_name=<project_name>-<environment>-<name>' -reconfigure
To delete the setup deployment move to the "terraform/setup/gitlab/<environment>" directory and use the command below
terraform destroy
Infrastructure installation
- You need open the previously-created Kubernetes repository on Gitlab (we assume that you use the same Gitlab server) and copy:
- Kubernetes project id
- Kubernetes project specific runner token
- In your Infrastructure Gitlab repo, you need to create CI/CD variables with previously-copied values:
- TF_VAR_kubernetes_gitlab_project_id
- TF_VAR_kubernetes_repo_token
- Configure variables in the "terraform/infrastructure/terraform.tfvars"
- Commit and push the AosEdge project to the Infrastructure repo
Starting from here, further deployment is done automatically with the runner on Gitlab by committing and pushing the code to the Infrastructure repo
The main part of the Azure infrastructure installation. It may take a lot of time. Also, Terraform may produce unexpected errors. The reasons could be a misconfiguration or Terraform/Microsoft Azure API errors. Try to run a pipeline again and see if the error still exists.
To delete the infrastructure deployment move to the "terraform/infrastructure" directory and use the command below
az login
export ARM_SAS_TOKEN=$(az keyvault secret show --vault-name <project_name>-<environment>-keys2 -n SasToken --query value -o tsv)
terraform init \
-backend-config 'container_name=terraform' \
-backend-config 'storage_account_name=<project_name><environment><name>' \
-backend-config 'resource_group_name=<project_name>-<environment>-<name>' -reconfigure
terraform destroy
Manual steps
Configure CDN manually (this step doesn't have any automation tools): CDN configuration Add a role Virtual Machine Contributor for <project>-<environment>-aks-agentpool on AKS resource group Add the roles Disk Snapshot Contributor and Disk Restore Operator for <project>-<environment>-backup on AKS resource group Add AzureEctokenKey from CDN to appsec and tasksec