#!/usr/bin/env python from azure import * from azure.servicemanagement import * import argparse import urllib2 import time import base64 import os import subprocess parser = argparse.ArgumentParser(description='Create a CoreOS cluster on Microsoft Azure.') parser.add_argument('--version', action='version', version='azure-coreos-cluster 0.1') parser.add_argument('cloud_service_name', help='cloud service name') parser.add_argument('--ssh-cert', help='certificate file with public key for ssh, in .cer format') parser.add_argument('--ssh-thumb', help='thumbprint of ssh cert') parser.add_argument('--subscription', required=True, help='required Azure subscription id') parser.add_argument('--azure-cert', required=True, help='required path to Azure cert pem file') parser.add_argument('--blob-container-url', required=True, help='required url to blob container where vm disk images will be created, including /, ex: https://patcoreos.blob.core.windows.net/vhds/') parser.add_argument('--vm-size', default='Small', help='optional, VM size [Small]') parser.add_argument('--vm-name-prefix', default='coreos', help='optional, VM name prefix [coreos]') parser.add_argument('--availability-set', default='coreos-as', help='optional, name of availability set for cluster [coreos-as]') parser.add_argument('--location', default='West US', help='optional - overriden by affinity-group, [West US]') parser.add_argument('--affinity-group', default='', help='optional, overrides location if specified') parser.add_argument('--ssh', default=22001, type=int, help='optional, starts with 22001 and +1 for each machine in cluster') parser.add_argument('--coreos-image', default='2b171e93f07c4903bcad35bda10acf22__CoreOS-Stable-681.2.0', help='optional, [2b171e93f07c4903bcad35bda10acf22__CoreOS-Stable-681.2.0]') parser.add_argument('--num-nodes', default=3, type=int, help='optional, number of nodes to create (or add), defaults to 3') parser.add_argument('--virtual-network-name', help='optional, name of an existing virtual network to which we will add the VMs') parser.add_argument('--subnet-names', help='optional, subnet name to which the VMs will belong') parser.add_argument('--custom-data', help='optional, path to your own cloud-init file') parser.add_argument('--discovery-service-url', help='optional, url for an existing cluster discovery service. Else we will generate one.') parser.add_argument('--pip', action='store_true', help='optional, assigns public instance ip addresses to each VM') parser.add_argument('--deis', action='store_true', help='optional, automatically opens http and controller endpoints') parser.add_argument('--data-disk', action='store_true', help='optional, attaches a data disk to each VM') parser.add_argument('--nohttps', action='store_true', help='optional, disables the creation of the https load balanced endpoint') parser.add_argument('--no-discovery-url', action='store_true', help='optional, disables the creation of a new coreos discovery url') cloud_init_template = """#cloud-config coreos: etcd: # generate a new token for each unique cluster from https://discovery.etcd.io/new discovery: {0} # deployments across multiple cloud services will need to use $public_ipv4 addr: $private_ipv4:4001 peer-addr: $private_ipv4:7001 units: - name: etcd.service command: start - name: fleet.service command: start """ args = parser.parse_args() # Create SSH cert if it's not given if not args.ssh_cert and not args.ssh_thumb: print 'SSH arguments not given, generating certificate' with open(os.devnull, 'w') as shutup: subprocess.call('openssl req -x509 -nodes -days 365 -newkey rsa:2048 -config cert.conf -keyout ssh-cert.key -out ssh-cert.pem', shell=True, stdout=shutup, stderr=shutup) subprocess.call('chmod 600 ssh-cert.key', shell=True, stdout=shutup, stderr=shutup) subprocess.call('openssl x509 -outform der -in ssh-cert.pem -out ssh-cert.cer', shell=True, stdout=shutup, stderr=shutup) thumbprint = subprocess.check_output('openssl x509 -in ssh-cert.pem -sha1 -noout -fingerprint | sed s/://g', shell=True) args.ssh_thumb = thumbprint.split('=')[1].replace('\n', '') args.ssh_cert = './ssh-cert.cer' print 'Generated SSH certificate with thumbprint ' + args.ssh_thumb # generate coreos discovery url if not args.no_discovery_url: print 'Generating new CoreOS discovery URL for the cluster' subprocess.call(['bash', '-c', 'python ./create-azure-user-data $(curl -s https://discovery.etcd.io/new)']) # Setup custom data if args.custom_data: with open(args.custom_data, 'r') as f: if not os.path.exists(args.custom_data): print "Couldn't find the user-data file. Did you remember to run `create-azure-user-data`?" sys.exit(1) cloud_init = f.read() f.closed else: if args.discovery_service_url: cloud_init = cloud_init_template.format(args.discovery_service_url) else: response = urllib2.urlopen('https://discovery.etcd.io/new') discovery_url = response.read() cloud_init = cloud_init_template.format(discovery_url) SERVICE_CERT_FORMAT = 'pfx' with open(args.ssh_cert) as f: service_cert_file_data = base64.b64encode(f.read()) f.closed def wait_for_async(request_id, timeout): count = 0 result = sms.get_operation_status(request_id) while result.status == 'InProgress': count = count + 1 if count > timeout: print('Timed out waiting for async operation to complete.') return time.sleep(5) print('.'), sys.stdout.flush() result = sms.get_operation_status(request_id) if result.error: print(result.error.code) print(vars(result.error)) print result.status + ' in ' + str(count*5) + 's' def linux_config(hostname, args): pk = PublicKey(args.ssh_thumb, u'/home/core/.ssh/authorized_keys') system = LinuxConfigurationSet(hostname, 'core', None, True, custom_data=cloud_init) system.ssh.public_keys.public_keys.append(pk) system.disable_ssh_password_authentication = True return system def lb_endpoint_config(name, port, probe=False, idle_timeout_minutes=4): endpoint = ConfigurationSetInputEndpoint(name, 'tcp', port, port, name, False, idle_timeout_minutes) if probe: endpoint.load_balancer_probe = probe return endpoint def load_balancer_probe(path, port, protocol): load_balancer_probe = LoadBalancerProbe() load_balancer_probe.path = path load_balancer_probe.port = port load_balancer_probe.protocol = protocol return load_balancer_probe def network_config(subnet_name=None, port='59913', public_ip_name=None): network = ConfigurationSet() network.configuration_set_type = 'NetworkConfiguration' network.input_endpoints.input_endpoints.append( ConfigurationSetInputEndpoint('ssh', 'tcp', port, '22')) if subnet_name: network.subnet_names.append(subnet_name) if public_ip_name: ip = PublicIP(name=public_ip_name) ip.idle_timeout_in_minutes = 20 network.public_ips.public_ips.append(ip) if args.deis: # create web endpoint with probe checking /health-check network.input_endpoints.input_endpoints.append(lb_endpoint_config('web', '80', load_balancer_probe('/health-check', '80', 'http'))) if not args.nohttps: network.input_endpoints.input_endpoints.append(lb_endpoint_config('https', '443', load_balancer_probe(None, '443', 'tcp'))) # create builder endpoint TCP probe check and extended timeout network.input_endpoints.input_endpoints.append(lb_endpoint_config('builder', '2222', load_balancer_probe(None, '2222', 'tcp',), 20)) return network def data_hd(target_container_url, target_blob_name, target_lun, target_disk_size_in_gb): media_link = target_container_url + target_blob_name data_hd = DataVirtualHardDisk() data_hd.disk_label = target_blob_name data_hd.logical_disk_size_in_gb = target_disk_size_in_gb data_hd.lun = target_lun data_hd.media_link = media_link return data_hd sms = ServiceManagementService(args.subscription, args.azure_cert) #Create the cloud service try: print 'Creating the hosted service...', sys.stdout.flush() if args.affinity_group: sms.create_hosted_service( args.cloud_service_name, label=args.cloud_service_name, affinity_group=args.affinity_group) else: sms.create_hosted_service( args.cloud_service_name, label=args.cloud_service_name, location=args.location) print('Successfully created hosted service ' + args.cloud_service_name) sys.stdout.flush() time.sleep(2) except WindowsAzureConflictError: print "Hosted service {} already exists. Delete it or try again with a different name.".format(args.cloud_service_name) sys.exit(1) #upload ssh cert to cloud-service print 'Uploading SSH certificate...', sys.stdout.flush() result = sms.add_service_certificate(args.cloud_service_name, service_cert_file_data, SERVICE_CERT_FORMAT, '') wait_for_async(result.request_id, 15) def get_vm_name(args, i): return args.cloud_service_name + '-' + args.vm_name_prefix + '-' + str(i) vms =[] #Create the VMs for i in range(args.num_nodes): ssh_port = args.ssh +i vm_name = get_vm_name(args, i) if args.pip: pip_name = vm_name else: pip_name = None media_link = args.blob_container_url + vm_name os_hd = OSVirtualHardDisk(media_link=media_link, source_image_name=args.coreos_image) system = linux_config(vm_name, args) network = network_config(subnet_name=args.subnet_names, port=ssh_port, public_ip_name=pip_name) #specifiy the data disk, important to start at lun = 0 if args.data_disk: data_disk = data_hd(args.blob_container_url, vm_name + '-data.vhd', 0, 100) data_disks = DataVirtualHardDisks() data_disks.data_virtual_hard_disks.append(data_disk) else: data_disks = None try: if i == 0: result = sms.create_virtual_machine_deployment( args.cloud_service_name, deployment_name=args.cloud_service_name, deployment_slot='production', label=vm_name, role_name=vm_name, system_config=system, os_virtual_hard_disk=os_hd, virtual_network_name=args.virtual_network_name, role_size=args.vm_size, network_config=network, data_virtual_hard_disks=data_disks) else: result = sms.add_role( args.cloud_service_name, deployment_name=args.cloud_service_name, role_name=vm_name, system_config=system, os_virtual_hard_disk=os_hd, role_size=args.vm_size, network_config=network, data_virtual_hard_disks=data_disks) except WindowsAzureError as e: if "Forbidden" in str(e): print "Unable to use this CoreOS image. This usually means a newer image has been published." print "See https://coreos.com/docs/running-coreos/cloud-providers/azure/ for the latest stable image," print "and supply it to this script with --coreos-image. If it works, please open a pull request to update this script." sys.exit(1) else: pass print 'Creating VM ' + vm_name + '...', sys.stdout.flush() wait_for_async(result.request_id, 30) vms.append({'name':vm_name, 'host':args.cloud_service_name + '.cloudapp.net', 'port':ssh_port, 'user':'core', 'identity':args.ssh_cert.replace('.cer','.key')}) #get the ip addresses def get_ips(service_name, deployment_name): try: result = sms.get_deployment_by_name(service_name, deployment_name) for instance in result.role_instance_list: ips.append(instance.public_ips[0].address) return ips except WindowsAzureMissingResourceError: # some helpful user error info print 'Could not find cloud service ip address. This is likely due to the fact that the' print 'cloud service failed to start. Check that the storage account for the' print '--blob-container-url argument exists, ends with a \'/\' and that there is a container named \'vhds\' ' print 'within it. You may need to delete the cloud service \'' + service_name + '\' if you try' print 'this script again' sys.exit(1) #print dns config if args.pip: ips = [] ips = get_ips(args.cloud_service_name, args.cloud_service_name) print '' print '-------' print "You'll need to configure DNS records for a domain you wish to use with your Deis cluster." print 'For convenience, the public IP addresses are printed below, along with sane DNS timeouts.' print '' for ip in ips: print '@ 10800 IN A ' + ip print '* 10800 IN CNAME @' print '-------' print 'For more information, see: http://docs.deis.io/en/latest/managing_deis/configure-dns/' print '' #print ~/.ssh/config print '' print '-------' print "Instances on Azure don't use typical SSH ports. It is recommended to configure ~/.ssh/config" print 'so the instances can easily be referenced when logging in via SSH. For convenience, the config' print 'directives for your instances are below:' print '' for vm in vms: print 'Host ' + vm['name'] print ' HostName ' + vm['host'] print ' Port ' + str(vm['port']) print ' User ' + vm['user'] print ' IdentityFile ' + vm['identity'] print '-------' print ''