digital-asset/daml
1
1
Fork 0
mirror of https://github.com/digital-asset/daml.git synced 2024-11-05 03:56:26 +03:00
Code Issues Projects Releases Wiki Activity

infra: add a Windows node on Azure (#16705)

Browse Source
This commit is contained in:
Gary Verhaegen 2023-04-20 14:32:25 +02:00 committed by GitHub
parent 3a92a7ce88
commit 99821e0b66
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 459 additions and 299 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.dadew
View File

@ -5,6 +5,7 @@
"bazel",
"cacert",
"curl",
"gcloud",
"ojdkbuild11",
"maven-3.6.1",
"msys2",

46
dev-env/windows/manifests/gcloud.json Normal file
View File

@ -0,0 +1,46 @@
{
"_taken-from": "https://github.com/ScoopInstaller/Extras/blob/104f6ffb5d55425477659927274d85f621f4b95d/bucket/gcloud.json",
"_taken_from_license": "http://unlicense.org/",
"version": "427.0.0",
"description": "Command-line interface for Google Cloud Platform products and services.",
"homepage": "https://cloud.google.com/sdk/",
"license": "Proprietary",
"notes": "To initialize Cloud SDK, you will need to run: 'gcloud init'",
"depends": "7zip19.00-helper",
"architecture": {
"64bit": {
"url": "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-427.0.0-windows-x86_64-bundled-python.zip#/dl.zip_",
"hash": "1ac06d4f0f924b245404beca2f7a1603321ae077c0f023c652422db15d0bc9f5"
},
"32bit": {
"url": "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-427.0.0-windows-x86-bundled-python.zip#/dl.zip_",
"hash": "2bda37924f837d86a5665724fe496283000964c110f9a2a6c0ef000dbeab7932"
}
},
"pre_install": [
"Invoke-ExternalCommand 7z1900-helper -ArgumentList @('x', '-bso0', \"$dir\\dl.zip_\", \"-o$dir\") | Out-Null",
"Move-Item \"$dir\\google-cloud-sdk\\*\" \"$dir\\\" | Out-Null",
"Remove-Item \"$dir\\google-cloud-sdk\", \"$dir\\dl.zip_\" -Force -Recurse"
],
"bin": [
"bin\\gcloud.cmd",
"bin\\gsutil.cmd",
"bin\\bq.cmd",
"bin\\docker-credential-gcloud.cmd",
"bin\\git-credential-gcloud.cmd"
],
"checkver": {
"url": "https://cloud.google.com/sdk/docs/downloads-versioned-archives",
"regex": "google-cloud-sdk-([\\d.]+)-windows-x86_64-bundled"
},
"autoupdate": {
"architecture": {
"64bit": {
"url": "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-$version-windows-x86_64-bundled-python.zip#/dl.zip_"
},
"32bit": {
"url": "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-$version-windows-x86-bundled-python.zip#/dl.zip_"
}
}
}
}

181
infra/azure.tf Normal file
View File

@ -0,0 +1,181 @@
# Copyright (c) 2023 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
locals {
azure-admin-login = "adminuser"
azure-pub-key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCygLXwXmrkMYpxLtyolmOqodZ6w6DZINDLrCnpEpyykWbUdEmbTVYclF92dRLTd84TyQO5lfL7eAUAi6KWYE0DNIXV/Jl93iM+80/i3QqIMjcydzkkkSNJHDPECJoVx+ftm0tCOWZXLudsHgHkMu0Vx2R9XvfUB+MY5sU50NV6wwmAAyZezW8l51/vcPeLb5YX7hV8+VjF9zv5f7SxZGsfALYB2CwddwPoO+/xrnj/Vz9jWsO5y4I7ia1tAs3QOabtz9UPfvVxIoDnEAojgVnsb7GvB4SvxraEQHNLwXcRmzCPPyznOhiAdGKd1kpEMnbD7lKQrKdHX2PdVJZB/PF1ekv62HD6ZuzKmrcB7qUpj6qkDCfaPCw1psTefXFjK53Q2LffZVhanOw+Oq7J1Gdo7phl40ipQyHHr/jp0pMmQ7mZhXnbrQE4H4csMoMbzWH9WcJ+qowBUHMb55Ai0WcVho0/w7+FPAiVDyUobxpaZnqBOV+/n/hC9kkkC1bfokP6oFEi6w4m1/g1LlgWLo+ex9H2ebOt9yiUBsWXwWUyrvbtCANpo510Ss9rCj9NS9vu7iH3GV9JcpaGs1AF7NXNduwI+LCiYK+smBo0T1I8Sq/TpoYtDCAhoGZth4sppetEgMNOFsri7ZZiu0NiJLpEhhVou06CMM/KSwBU2PzeSw== Azure Self Hosted Runners"
}
resource "azurerm_virtual_network" "ubuntu" {
name = "ubuntu"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
address_space = ["10.0.0.0/16"]
subnet {
name = "subnet"
address_prefix = "10.0.1.0/24"
security_group = azurerm_network_security_group.ubuntu.id
}
}
resource "azurerm_nat_gateway" "nat" {
name = "nat"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
}
resource "azurerm_public_ip" "nat" {
name = "nat"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_nat_gateway_public_ip_association" "nat" {
nat_gateway_id = azurerm_nat_gateway.nat.id
public_ip_address_id = azurerm_public_ip.nat.id
}
resource "azurerm_subnet_nat_gateway_association" "nat" {
subnet_id = one(azurerm_virtual_network.ubuntu.subnet).id
nat_gateway_id = azurerm_nat_gateway.nat.id
}
resource "azurerm_network_security_group" "ubuntu" {
name = "ubuntu"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
security_rule {
name = "deny-inbound"
priority = 100
direction = "Inbound"
access = "Deny"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_linux_virtual_machine" "daily-reset" {
name = "daily-reset"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
network_interface_ids = [azurerm_network_interface.daily-reset.id]
size = "Standard_DS1_v2"
os_disk {
caching = "ReadOnly"
storage_account_type = "Standard_LRS"
disk_size_gb = "30"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts-gen2"
version = "latest"
}
custom_data = base64encode(<<STARTUP
#!/usr/bin/env bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update -y
apt-get upgrade -y
apt-get install -y jq
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
echo "$(date -Is -u) boot" > /root/log
az login --identity > /root/log
az configure --defaults group=${azurerm_resource_group.daml-ci.name} > /root/log
cat <<'CRON' > /root/daily-reset.sh
#!/usr/bin/env bash
set -euo pipefail
echo "$(date -Is -u) start"
scale_sets='${jsonencode(local.ubuntu.azure)}'
for set in $(echo $scale_sets | jq -r '.[] | .name'); do
echo "$(date -Is -u) Setting scale set $set size to 0"
az vmss scale -n $set --new-capacity 0
done
echo "$(date -Is -u) Waiting for scale sets to adapt"
sleep 300
for set in $(echo $scale_sets | jq -r '.[] | .name'); do
size=$(echo $scale_sets | jq --arg set $set -r '.[] | select (.name == $set) | .size')
echo "$(date -Is -u) Setting scale set $set size back to $size"
az vmss scale -n $set --new-capacity $size
done
echo "$(date -Is -u) end"
CRON
chmod +x /root/daily-reset.sh
cat <<CRONTAB >> /etc/crontab
0 4 * * * root /root/daily-reset.sh >> /root/log 2>&1
CRONTAB
tail -f /root/log
STARTUP
)
computer_name = "daily-reset"
admin_username = local.azure-admin-login
disable_password_authentication = true
admin_ssh_key {
username = local.azure-admin-login
public_key = local.azure-pub-key
}
identity {
type = "SystemAssigned"
}
# required to get console output in Azure UI
boot_diagnostics {
storage_account_uri = null
}
}
resource "azurerm_network_interface" "daily-reset" {
name = "daily-reset"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
ip_configuration {
name = "internal"
subnet_id = one(azurerm_virtual_network.ubuntu.subnet).id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_role_definition" "daily-reset" {
name = "daily-reset"
scope = azurerm_resource_group.daml-ci.id
permissions {
actions = [
"Microsoft.Compute/virtualMachineScaleSets/read",
"Microsoft.Compute/virtualMachineScaleSets/write",
]
}
}
resource "azurerm_role_assignment" "daily-reset" {
scope = azurerm_resource_group.daml-ci.id
role_definition_id = azurerm_role_definition.daily-reset.role_definition_resource_id
principal_id = azurerm_linux_virtual_machine.daily-reset.identity[0].principal_id
}

4
infra/main.tf
View File

@ -24,6 +24,10 @@ terraform {
source = "hashicorp/azurerm"
version = "3.31.0"
}
random = {
source = "hashicorp/random"
version = "3.4.3"
}
}
}

179
infra/ubuntu_azure.tf
View File

@ -1,11 +1,6 @@
# Copyright (c) 2023 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
locals {
azure-admin-login = "adminuser"
azure-pub-key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCygLXwXmrkMYpxLtyolmOqodZ6w6DZINDLrCnpEpyykWbUdEmbTVYclF92dRLTd84TyQO5lfL7eAUAi6KWYE0DNIXV/Jl93iM+80/i3QqIMjcydzkkkSNJHDPECJoVx+ftm0tCOWZXLudsHgHkMu0Vx2R9XvfUB+MY5sU50NV6wwmAAyZezW8l51/vcPeLb5YX7hV8+VjF9zv5f7SxZGsfALYB2CwddwPoO+/xrnj/Vz9jWsO5y4I7ia1tAs3QOabtz9UPfvVxIoDnEAojgVnsb7GvB4SvxraEQHNLwXcRmzCPPyznOhiAdGKd1kpEMnbD7lKQrKdHX2PdVJZB/PF1ekv62HD6ZuzKmrcB7qUpj6qkDCfaPCw1psTefXFjK53Q2LffZVhanOw+Oq7J1Gdo7phl40ipQyHHr/jp0pMmQ7mZhXnbrQE4H4csMoMbzWH9WcJ+qowBUHMb55Ai0WcVho0/w7+FPAiVDyUobxpaZnqBOV+/n/hC9kkkC1bfokP6oFEi6w4m1/g1LlgWLo+ex9H2ebOt9yiUBsWXwWUyrvbtCANpo510Ss9rCj9NS9vu7iH3GV9JcpaGs1AF7NXNduwI+LCiYK+smBo0T1I8Sq/TpoYtDCAhoGZth4sppetEgMNOFsri7ZZiu0NiJLpEhhVou06CMM/KSwBU2PzeSw== Azure Self Hosted Runners"
}
resource "azurerm_linux_virtual_machine_scale_set" "ubuntu" {
count = length(local.ubuntu.azure)
name = local.ubuntu.azure[count.index].name
@ -65,177 +60,3 @@ resource "azurerm_linux_virtual_machine_scale_set" "ubuntu" {
}
}
resource "azurerm_virtual_network" "ubuntu" {
name = "ubuntu"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
address_space = ["10.0.0.0/16"]
subnet {
name = "subnet"
address_prefix = "10.0.1.0/24"
security_group = azurerm_network_security_group.ubuntu.id
}
}
resource "azurerm_nat_gateway" "nat" {
name = "nat"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
}
resource "azurerm_public_ip" "nat" {
name = "nat"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_nat_gateway_public_ip_association" "nat" {
nat_gateway_id = azurerm_nat_gateway.nat.id
public_ip_address_id = azurerm_public_ip.nat.id
}
resource "azurerm_subnet_nat_gateway_association" "nat" {
subnet_id = one(azurerm_virtual_network.ubuntu.subnet).id
nat_gateway_id = azurerm_nat_gateway.nat.id
}
resource "azurerm_network_security_group" "ubuntu" {
name = "ubuntu"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
security_rule {
name = "deny-inbound"
priority = 100
direction = "Inbound"
access = "Deny"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_linux_virtual_machine" "daily-reset" {
name = "daily-reset"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
network_interface_ids = [azurerm_network_interface.daily-reset.id]
size = "Standard_DS1_v2"
os_disk {
caching = "ReadOnly"
storage_account_type = "Standard_LRS"
disk_size_gb = "30"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts-gen2"
version = "latest"
}
custom_data = base64encode(<<STARTUP
#!/usr/bin/env bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update -y
apt-get upgrade -y
apt-get install -y jq
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
echo "$(date -Is -u) boot" > /root/log
az login --identity > /root/log
az configure --defaults group=${azurerm_resource_group.daml-ci.name} > /root/log
cat <<'CRON' > /root/daily-reset.sh
#!/usr/bin/env bash
set -euo pipefail
echo "$(date -Is -u) start"
scale_sets='${jsonencode(local.ubuntu.azure)}'
for set in $(echo $scale_sets | jq -r '.[] | .name'); do
echo "$(date -Is -u) Setting scale set $set size to 0"
az vmss scale -n $set --new-capacity 0
done
echo "$(date -Is -u) Waiting for scale sets to adapt"
sleep 300
for set in $(echo $scale_sets | jq -r '.[] | .name'); do
size=$(echo $scale_sets | jq --arg set $set -r '.[] | select (.name == $set) | .size')
echo "$(date -Is -u) Setting scale set $set size back to $size"
az vmss scale -n $set --new-capacity $size
done
echo "$(date -Is -u) end"
CRON
chmod +x /root/daily-reset.sh
cat <<CRONTAB >> /etc/crontab
0 4 * * * root /root/daily-reset.sh >> /root/log 2>&1
CRONTAB
tail -f /root/log
STARTUP
)
computer_name = "daily-reset"
admin_username = local.azure-admin-login
disable_password_authentication = true
admin_ssh_key {
username = local.azure-admin-login
public_key = local.azure-pub-key
}
identity {
type = "SystemAssigned"
}
# required to get console output in Azure UI
boot_diagnostics {
storage_account_uri = null
}
}
resource "azurerm_network_interface" "daily-reset" {
name = "daily-reset"
location = azurerm_resource_group.daml-ci.location
resource_group_name = azurerm_resource_group.daml-ci.name
ip_configuration {
name = "internal"
subnet_id = one(azurerm_virtual_network.ubuntu.subnet).id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_role_definition" "daily-reset" {
name = "daily-reset"
scope = azurerm_resource_group.daml-ci.id
permissions {
actions = [
"Microsoft.Compute/virtualMachineScaleSets/read",
"Microsoft.Compute/virtualMachineScaleSets/write",
]
}
}
resource "azurerm_role_assignment" "daily-reset" {
scope = azurerm_resource_group.daml-ci.id
role_definition_id = azurerm_role_definition.daily-reset.role_definition_resource_id
principal_id = azurerm_linux_virtual_machine.daily-reset.identity[0].principal_id
}

38
infra/windows.tf Normal file
View File

@ -0,0 +1,38 @@
# Copyright (c) 2023 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
locals {
vsts_token = secret_resource.vsts-token.value
vsts_account = "digitalasset"
vsts_pool = "windows-pool"
windows = {
gcp = [
{
name = "ci-w1",
size = 0,
assignment = "default",
disk_size = 400,
},
{
name = "ci-w2"
size = 6,
assignment = "default",
disk_size = 400,
},
],
azure = [
{
name = "dw1",
size = 6,
assignment = "default",
disk_size = 400,
},
{
name = "dw2"
size = 0,
assignment = "default",
disk_size = 400,
},
],
}
}

82
infra/windows_azure.tf Normal file
View File

@ -0,0 +1,82 @@
# Copyright (c) 2023 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
resource "random_password" "windows_admin" {
length = 123
special = true
}
resource "azurerm_windows_virtual_machine_scale_set" "deployment" {
count = length(local.windows.azure)
name = local.windows.azure[count.index].name
resource_group_name = azurerm_resource_group.daml-ci.name
location = azurerm_resource_group.daml-ci.location
sku = "Standard_D4_v2"
instances = local.windows.azure[count.index].size
admin_username = local.azure-admin-login
admin_password = random_password.windows_admin.result
computer_name_prefix = "${local.windows.azure[count.index].name}-"
# save a bit of energy for the planet
overprovision = false
custom_data = base64encode(templatefile("${path.module}/windows_startup.ps1", {
vsts_token = secret_resource.vsts-token.value
vsts_account = "digitalasset"
vsts_pool = "windows-pool"
gcp_logging = ""
assignment = local.windows.azure[count.index].assignment
}))
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-datacenter"
version = "latest"
}
os_disk {
caching = "ReadOnly"
storage_account_type = "Standard_LRS"
disk_size_gb = local.windows.azure[count.index].disk_size
}
data_disk {
storage_account_type = "StandardSSD_LRS"
create_option = "Empty"
caching = "ReadWrite"
lun = 0
disk_size_gb = local.windows.azure[count.index].disk_size
}
network_interface {
name = "external"
primary = true
ip_configuration {
name = "default"
primary = true
subnet_id = one(azurerm_virtual_network.ubuntu.subnet).id
}
}
# required to get console output in Azure UI
boot_diagnostics {
storage_account_uri = null
}
extension {
name = "startup"
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.10"
settings = jsonencode(
{
# Nothing's ever easy on Windows :(
commandToExecute = "powershell -ExecutionPolicy Unrestricted -Command Copy-Item -Path C:/AzureData/CustomData.bin C:/AzureData/CustomData.ps1; powershell -ExecutionPolicy Unrestricted -File C:/AzureData/CustomData.ps1"
})
}
}

99
infra/windows_gcp.tf Normal file
View File

@ -0,0 +1,99 @@
# Copyright (c) 2023 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
resource "google_compute_region_instance_group_manager" "vsts-agent-windows" {
count = length(local.windows.gcp)
provider = google-beta
name = local.windows.gcp[count.index].name
# keep the name short. windows hostnames are limited to 12(?) chars.
# -5 for the random postfix:
base_instance_name = local.windows.gcp[count.index].name
region = "us-east1"
target_size = local.windows.gcp[count.index].size
version {
name = local.windows.gcp[count.index].name
instance_template = google_compute_instance_template.vsts-agent-windows[count.index].self_link
}
# uncomment when we get a provider >3.55
#distribution_policy_target_shape = "ANY"
update_policy {
type = "PROACTIVE"
minimal_action = "REPLACE"
# minimum is the number of availability zones (3)
max_surge_fixed = 3
# calculated with: serial console last timestamp after boot - VM start
# 09:54:28 - 09:45:55 = 513 seconds
min_ready_sec = 520
instance_redistribution_type = "NONE"
}
}
resource "google_compute_instance_template" "vsts-agent-windows" {
count = length(local.windows.gcp)
name_prefix = "${local.windows.gcp[count.index].name}-"
machine_type = "c2-standard-8"
labels = local.machine-labels
disk {
disk_size_gb = local.windows.gcp[count.index].disk_size
disk_type = "pd-ssd"
# find the image name with `gcloud compute images list`
source_image = "windows-cloud/windows-2016"
}
# Drive D:\ for the agent work folder
disk {
disk_size_gb = local.windows.gcp[count.index].disk_size
disk_type = "pd-ssd"
}
lifecycle {
create_before_destroy = true
}
metadata = {
// Prepare the machine
windows-startup-script-ps1 = templatefile("${path.module}/windows_startup.ps1", {
vsts_token = nonsensitive(secret_resource.vsts-token.value)
vsts_account = "digitalasset"
vsts_pool = "windows-pool"
gcp_logging = <<EOF
# Redirect logs to SumoLogic
cd $env:UserProfile;
Invoke-WebRequest https://dl.google.com/cloudagents/windows/StackdriverLogging-v1-9.exe -OutFile StackdriverLogging-v1-9.exe;
.\StackdriverLogging-v1-9.exe /S /D="C:\Stackdriver\Logging\"
EOF
assignment = local.windows.gcp[count.index].assignment
})
windows-shutdown-script-ps1 = nonsensitive("c://agent/config remove --unattended --auth PAT --token '${secret_resource.vsts-token.value}'")
}
network_interface {
network = "default"
// Ephemeral IP to get access to the Internet
access_config {}
}
service_account {
scopes = ["cloud-platform"]
email = "log-writer@da-dev-gcp-daml-language.iam.gserviceaccount.com"
}
scheduling {
automatic_restart = false
on_host_maintenance = "TERMINATE"
preemptible = false
}
}

127
infra/vsts_agent_windows.tf → infra/windows_startup.ps1
View File

@ -1,28 +1,6 @@
# Copyright (c) 2023 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
locals {
vsts_token = secret_resource.vsts-token.value
vsts_account = "digitalasset"
vsts_pool = "windows-pool"
}
locals {
w = [
{
name = "ci-w1",
size = 6,
assignment = "default",
disk_size = 400,
},
{
name = "ci-w2"
size = 0,
assignment = "default",
disk_size = 400,
},
]
windows-startup-script-ps1 = <<SYSPREP_SPECIALIZE
Set-StrictMode -Version latest
$ErrorActionPreference = 'Stop'
@ -42,19 +20,14 @@ Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem' -Name
# Disable UAC
New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force
# Redirect logs to SumoLogic
cd $env:UserProfile;
Invoke-WebRequest https://dl.google.com/cloudagents/windows/StackdriverLogging-v1-9.exe -OutFile StackdriverLogging-v1-9.exe;
.\StackdriverLogging-v1-9.exe /S /D="C:\Stackdriver\Logging\"
${gcp_logging}
# Install chocolatey
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
iex (New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')
# Install git, bash
& choco install git --no-progress --yes 2>&1 | %%%{ "$_" }
& choco install windows-sdk-10.1 --no-progress --yes 2>&1 | %%%{ "$_" }
& choco install git --no-progress --yes 2>&1 | %%{ "$_" }
& choco install windows-sdk-10.1 --no-progress --yes 2>&1 | %%{ "$_" }
# Add tools to the PATH
$OldPath = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path
@ -72,7 +45,7 @@ format fs=ntfs quick
assign letter="D"
"@
$partition | Set-Content C:\diskpart.txt
& diskpart /s C:\diskpart.txt 2>&1 | %%%{ "$_" }
& diskpart /s C:\diskpart.txt 2>&1 | %%{ "$_" }
# Create a temporary and random password for the VSTS user, forget about it once this script has finished running
$Username = "u"
@ -94,12 +67,12 @@ net stop winrm
sc.exe config winrm start=auto
net start winrm
& choco install dotnetcore-3.1-sdk --no-progress --yes 2>&1 | %%%{ "$_" }
& choco install dotnetcore-3.1-sdk --no-progress --yes 2>&1 | %%{ "$_" }
echo "== Installing the VSTS agent"
New-Item -ItemType Directory -Path 'C:\agent'
Set-Content -Path 'C:\agent\.capabilities' -Value 'assignment=%s'
Set-Content -Path 'C:\agent\.capabilities' -Value 'assignment=${assignment}'
# Set workdir <> job mappings
# This is taken verbatim from a machine that started without any custom content
@ -230,91 +203,5 @@ Set-Content -Path 'D:\a\SourceRootMapping\Mappings.json' -Value '{
# end folder pinning
$MachineName = Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object CSName | ForEach{ $_.CSName }
choco install azure-pipelines-agent --no-progress --yes --params "'/Token:${local.vsts_token} /Pool:${local.vsts_pool} /Url:https://dev.azure.com/${local.vsts_account}/ /LogonAccount:$Account /LogonPassword:$Password /Work:D:\a /AgentName:$MachineName /Replace'"
choco install azure-pipelines-agent --no-progress --yes --params "'/Token:${vsts_token} /Pool:${vsts_pool} /Url:https://dev.azure.com/${vsts_account}/ /LogonAccount:$Account /LogonPassword:$Password /Work:D:\a /AgentName:$MachineName /Replace'"
echo OK
SYSPREP_SPECIALIZE
}
resource "google_compute_region_instance_group_manager" "vsts-agent-windows" {
count = length(local.w)
provider = google-beta
name = local.w[count.index].name
# keep the name short. windows hostnames are limited to 12(?) chars.
# -5 for the random postfix:
base_instance_name = local.w[count.index].name
region = "us-east1"
target_size = local.w[count.index].size
version {
name = local.w[count.index].name
instance_template = google_compute_instance_template.vsts-agent-windows[count.index].self_link
}
# uncomment when we get a provider >3.55
#distribution_policy_target_shape = "ANY"
update_policy {
type = "PROACTIVE"
minimal_action = "REPLACE"
# minimum is the number of availability zones (3)
max_surge_fixed = 3
# calculated with: serial console last timestamp after boot - VM start
# 09:54:28 - 09:45:55 = 513 seconds
min_ready_sec = 520
instance_redistribution_type = "NONE"
}
}
resource "google_compute_instance_template" "vsts-agent-windows" {
count = length(local.w)
name_prefix = "${local.w[count.index].name}-"
machine_type = "c2-standard-8"
labels = local.machine-labels
disk {
disk_size_gb = local.w[count.index].disk_size
disk_type = "pd-ssd"
# find the image name with `gcloud compute images list`
source_image = "windows-cloud/windows-2016"
}
# Drive D:\ for the agent work folder
disk {
disk_size_gb = local.w[count.index].disk_size
disk_type = "pd-ssd"
}
lifecycle {
create_before_destroy = true
}
metadata = {
// Prepare the machine
windows-startup-script-ps1 = nonsensitive(format(local.windows-startup-script-ps1, local.w[count.index].assignment))
windows-shutdown-script-ps1 = nonsensitive("c://agent/config remove --unattended --auth PAT --token '${secret_resource.vsts-token.value}'")
}
network_interface {
network = "default"
// Ephemeral IP to get access to the Internet
access_config {}
}
service_account {
scopes = ["cloud-platform"]
email = "log-writer@da-dev-gcp-daml-language.iam.gserviceaccount.com"
}
scheduling {
automatic_restart = false
on_host_maintenance = "TERMINATE"
preemptible = false
}
}

1
nix/default.nix
View File

@ -208,6 +208,7 @@ in rec {
google
google-beta
secret
random
]);
nix-store-gcs-proxy = pkgs.callPackage ./tools/nix-store-gcs-proxy {};
};