most_recent=True, filters=[ aws.ec2.GetAmiFilterArgs( name='name', values=[ 'ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*' ], ), aws.ec2.GetAmiFilterArgs( name='virtualization-type', values=['hvm'], ) ], ) private_key = tls.PrivateKey("node-key", algorithm="RSA") rke_key_pair = aws.ec2.KeyPair("rke-node-keypair", public_key=private_key.public_key_openssh) rke_role = aws.iam.Role('rke-role', assume_role_policy="""{ "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "ec2.amazonaws.com" }, "Effect": "Allow", "Sid": ""
# Create an AD service principal ad_app = azuread.Application("aks", display_name="aks") ad_sp = azuread.ServicePrincipal("aksSp", application_id=ad_app.application_id) # Generate random password password = random.RandomPassword("password", length=20, special=True) # Create the Service Principal Password ad_sp_password = azuread.ServicePrincipalPassword( "aksSpPassword", service_principal_id=ad_sp.id, value=password.result, end_date="2099-01-01T00:00:00Z") # Generate an SSH key ssh_key = tls.PrivateKey("ssh-key", algorithm="RSA", rsa_bits=4096) # Create cluster managed_cluster_name = config.get("managedClusterName") if managed_cluster_name is None: managed_cluster_name = "azure-native-aks" managed_cluster = containerservice.ManagedCluster( managed_cluster_name, resource_group_name=resource_group.name, agent_pool_profiles=[{ "count": 3, "max_pods": 110, "mode": "System", "name": "agentpool", "node_labels": {},
def __init__(self, name: str, opts: ResourceOptions = None): super().__init__('custom:resource:LibvirtHost', name, {}, opts) basename = f"{name}-kvm" username = "******" computername = "kvmhost" # Resource group, etc for the KVM host resource_group = resources.ResourceGroup( f"{basename}-rg", opts=ResourceOptions(parent=self)) net = network.VirtualNetwork(f"{basename}-net", resource_group_name=resource_group.name, address_space=network.AddressSpaceArgs( address_prefixes=["10.0.0.0/16"], ), subnets=[ network.SubnetArgs( name="default", address_prefix="10.0.1.0/24", ) ], opts=ResourceOptions(parent=self)) public_ip = network.PublicIPAddress( f"{basename}-ip", resource_group_name=resource_group.name, public_ip_allocation_method=network.IPAllocationMethod.DYNAMIC, opts=ResourceOptions(parent=self)) network_iface = network.NetworkInterface( f"{basename}-nic", resource_group_name=resource_group.name, ip_configurations=[ network.NetworkInterfaceIPConfigurationArgs( name="serveripcfg", subnet=network.SubnetArgs(id=net.subnets[0].id), private_ip_allocation_method=network.IPAllocationMethod. DYNAMIC, public_ip_address=network.PublicIPAddressArgs( id=public_ip.id), ) ], opts=ResourceOptions(parent=self)) # SSH key for accessing the Azure VM that is going to be the KVM host. ssh_key = tls.PrivateKey(f"{basename}-sshkey", algorithm="RSA", rsa_bits=4096, opts=ResourceOptions(parent=self)) # Script to configure the kvm service on the kvm host init_script = f"""#!/bin/bash # Install KVM sudo apt update sudo apt-get -y install qemu-kvm libvirt-bin # hack to account for this bug: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398 # Work around: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398/comments/42 sudo sed -i '$ a security_driver = "none"' /etc/libvirt/qemu.conf sudo systemctl restart libvirt-bin """ vm = compute.VirtualMachine( f"{basename}-vm", resource_group_name=resource_group.name, network_profile=compute.NetworkProfileArgs(network_interfaces=[ compute.NetworkInterfaceReferenceArgs(id=network_iface.id), ], ), hardware_profile=compute.HardwareProfileArgs( vm_size=compute.VirtualMachineSizeTypes.STANDARD_D4S_V3), os_profile=compute.OSProfileArgs( computer_name=computername, admin_username=username, custom_data=base64.b64encode( init_script.encode("ascii")).decode("ascii"), linux_configuration=compute.LinuxConfigurationArgs( ssh=compute.SshConfigurationArgs(public_keys=[ compute.SshPublicKeyArgs( key_data=ssh_key.public_key_openssh, path=f"/home/{username}/.ssh/authorized_keys") ]))), storage_profile=compute.StorageProfileArgs( os_disk=compute.OSDiskArgs( create_option=compute.DiskCreateOptionTypes.FROM_IMAGE, ), image_reference=compute.ImageReferenceArgs( publisher="canonical", offer="UbuntuServer", sku="18.04-LTS", version="latest", ), ), opts=ResourceOptions(parent=self)) # There's some delay between when Azure says the VM is ready and # when the KVM/qemu service can start accepting connections. # So, wait a bit to allow the KVM server to become fully ready. # But only do the wait if the VM has been provisioned (i.e. not during a preview). vm.provisioning_state.apply(lambda state: time.sleep(90)) public_ip_addr = vm.id.apply( lambda _: network.get_public_ip_address_output( public_ip_address_name=public_ip.name, resource_group_name=resource_group.name)) # Create/update the private key file for the SSH remote connection URI. def write_key_file(priv_key, key_file): if (os.path.exists(key_file)): os.chmod(key_file, 0o666) f = open(key_file, "w") f.write(priv_key) f.close() os.chmod(key_file, 0o400) key_file = f"{basename}_server.priv" ssh_key.private_key_pem.apply( lambda priv_key: write_key_file(priv_key, key_file)) # Build the connection URI that is returned for use by the libvirt provider. # See https://libvirt.org/uri.html#URI_remote for details on the remote URI options self.libvirt_remote_uri = Output.concat( "qemu+ssh://", username, "@", public_ip_addr.ip_address, "/system?keyfile=./", key_file, "&socket=/var/run/libvirt/libvirt-sock&no_verify=1") # Return where the VM pool should be created. # In this case, the "vm pool" is simply placed under the KVM host user's home folder self.vm_pool_dir = f"/home/{username}/vms" # Other values for convenience to output useful information self.ip = public_ip_addr.ip_address self.username = username self.ssh_priv_key_file = key_file self.register_outputs({})
import pulumi import pulumi_aws as aws import pulumi_tls as tls import pulumi_random as random from pulumi_vars import * pet = random.RandomPet("key") #pet.id.apply(lambda id: f"{id}")) key = tls.PrivateKey(id + '_pkey', algorithm="RSA", ecdsa_curve="2048") pulumi.export('public_key', key.public_key_openssh) pulumi.export('private_key', key.private_key_pem) pulumi.Output.all([key.private_key_pem]).apply(lambda key: f'key') key.private_key_pem.apply(lambda key: f'key') #private_key_pem_file = open(id + '_pkey.pem', 'w') #private_key_pem_file.write(pulumi.Output.all([key.private_key_pem]).apply(lambda key: f'key')) #private_key_pem_file.close() keypair = aws.ec2.KeyPair(id + '_keypair', public_key=key.public_key_openssh)
"""A Python Pulumi program""" import pulumi_tls as tls key = tls.PrivateKey("my-private-key", algorithm="ECDSA", ecdsa_curve="P384")
ad_app = azuread.Application(f'{name}-aks-app', display_name=f'{name}-aks-app') ad_sp = azuread.ServicePrincipal(f'{name}-aksSp', application_id=ad_app.application_id) # Generate random password password = random.RandomPassword(f'{name}-password', length=20, special=True) # Create the Service Principal Password ad_sp_password = azuread.ServicePrincipalPassword( f'{name}-aksSpPassword', service_principal_id=ad_sp.id, value=password.result, end_date="2099-01-01T00:00:00Z") # Generate an SSH key ssh_key = tls.PrivateKey(f'{name}-ssh-key', algorithm="RSA", rsa_bits=4096) # Create cluster managed_cluster_name = config.get("managedClusterName") if managed_cluster_name is None: managed_cluster_name = f'{name}-azure-native-aks' # Create network mynetwork = network.VirtualNetwork( f'{name}-vnet', resource_group_name=resource_group.name, location=resource_group.location, address_space=network.AddressSpaceArgs(address_prefixes=["10.0.0.0/20"], ), #opts=ResourceOptions(ignore_changes=["subnet1", "subnet2"]) )
import pulumi import pulumi_aws as aws import pulumi_tls as tls example_private_key = tls.PrivateKey("examplePrivateKey", algorithm="RSA") example_self_signed_cert = tls.SelfSignedCert( "exampleSelfSignedCert", allowed_uses=[ "key_encipherment", "digital_signature", "server_auth", ], key_algorithm="RSA", private_key_pem=example_private_key.private_key_pem, subjects=[{ "commonName": "example.com", "organization": "ACME Examples, Inc", }], validity_period_hours=12) cert = aws.acm.Certificate("cert", certificate_body=example_self_signed_cert.cert_pem, private_key=example_private_key.private_key_pem)