Merge branch 'dle_ami_packer' into 'master'

DLE AMI (packer) for TF deployment

See merge request postgres-ai/database-lab!294

Author: DmitryFomin1

.gitignore

@@ -9,3 +9,4 @@
 
 /configs/config.yml
 /configs/run_ci.yaml
+/packer/example.com.key

packer/envoy.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Envoy
+[Service]
+ExecStart=/usr/bin/envoy -c /etc/envoy/envoy.yaml
+Restart=always
+RestartSec=5
+KillMode=mixed
+SyslogIdentifier=envoy
+LimitNOFILE=640000
+[Install]
+WantedBy=multi-user.target

packer/envoy.yaml

@@ -0,0 +1,95 @@
+admin:
+  access_log_path: /dev/null
+  address:
+    socket_address:
+      address: 0.0.0.0
+      port_value: 8000
+
+static_resources:
+  clusters:
+  - name: dle_clone_6000
+    connect_timeout: 1s
+    type: STRICT_DNS
+    load_assignment:
+      cluster_name: dle_clone_6000
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: 0.0.0.0
+                port_value: 6000
+  - name: dle_clone_6001
+    connect_timeout: 1s
+    type: STRICT_DNS
+    load_assignment:
+      cluster_name: dle_clone_6001
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: 0.0.0.0
+                port_value: 6001
+
+  listeners:
+  - name: dle_clone_9000_listener
+    address:
+      socket_address:
+        address: 0.0.0.0
+        port_value: 9000
+    filter_chains:
+    - filters:
+      - name: envoy.filters.network.postgres_proxy
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.network.postgres_proxy.v3alpha.PostgresProxy
+          stat_prefix: egress_postgres
+          enable_sql_parsing: false
+          terminate_ssl: true
+      - name: envoy.tcp_proxy
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+          stat_prefix: tcp_postgres
+          cluster: dle_clone_6000
+          idle_timeout: 1000s
+      transport_socket:
+        name: "starttls"
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.transport_sockets.starttls.v3.StartTlsConfig
+          tls_socket_config:
+            common_tls_context:
+              tls_certificates:
+                certificate_chain:
+                  filename: "/etc/envoy/certs/fullchain1.pem"
+                private_key:
+                  filename: "/etc/envoy/certs/privkey1.pem"
+  - name: dle_clone_9001_listener
+    address:
+      socket_address:
+        address: 0.0.0.0
+        port_value: 9001
+    filter_chains:
+    - filters:
+      - name: envoy.filters.network.postgres_proxy
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.network.postgres_proxy.v3alpha.PostgresProxy
+          stat_prefix: egress_postgres
+          enable_sql_parsing: false
+          terminate_ssl: true
+      - name: envoy.tcp_proxy
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+          stat_prefix: tcp_postgres
+          cluster: dle_clone_6001
+          idle_timeout: 1000s
+      transport_socket:
+        name: "starttls"
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.transport_sockets.starttls.v3.StartTlsConfig
+          tls_socket_config:
+            common_tls_context:
+              tls_certificates:
+                certificate_chain:
+                  filename: "/etc/envoy/certs/fullchain1.pem"
+                private_key:
+                  filename: "/etc/envoy/certs/privkey1.pem"

packer/install-dblabcli.sh

@@ -0,0 +1,12 @@
+#/!bin/bash
+
+set -x
+mkdir ~/.dblab
+curl https://gitlab.com/postgres-ai/database-lab/-/raw/$dle_version/scripts/cli_install.sh | bash 
+sudo mv ~/.dblab/dblab /usr/local/bin/dblab
+echo $dle_version > ~/.dblab/dle_version
+sudo curl https://gitlab.com/postgres-ai/database-lab/-/raw/$dle_version/configs/config.example.logical_generic.yml --output ~/.dblab/config.example.logical_generic.yml
+sudo curl https://gitlab.com/postgres-ai/database-lab/-/raw/$dle_version/configs/config.example.logical_rds_iam.yml --output ~/.dblab/config.example.logical_rds_iam.yml
+sudo curl https://gitlab.com/postgres-ai/database-lab/-/raw/$dle_version/configs/config.example.physical_generic.yml --output ~/.dblab/config.example.physical_generic.yml
+sudo curl https://gitlab.com/postgres-ai/database-lab/-/raw/$dle_version/configs/config.example.physical_walg.yml --output  ~/.dblab/config.example.physical_walg.yml
+

packer/install-envoy.sh

@@ -0,0 +1,9 @@
+#/!bin/bash
+
+sudo mkdir -p /etc/envoy/certs
+
+sudo chown root.root /home/ubuntu/envoy.service
+sudo mv /home/ubuntu/envoy.service /etc/systemd/system/envoy.service
+sudo chown root.root /home/ubuntu/envoy.yaml
+sudo mv /home/ubuntu/envoy.yaml /etc/envoy/envoy.yaml
+

packer/install-prereqs.sh

@@ -0,0 +1,34 @@
+#/!bin/bash
+
+set -euxo pipefail
+
+sudo apt update -y
+sudo apt upgrade -y
+sudo apt full-upgrade
+
+sudo apt-get update && sudo apt-get install -y \
+  apt-transport-https \
+  ca-certificates \
+  gnupg-agent \
+  python3-software-properties \
+  software-properties-common \
+  curl \
+  gnupg2 \
+  zfsutils-linux
+
+sudo docker pull  postgresai/dblab-server:$dle_version
+
+#install postgres client
+wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
+echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" |sudo tee /etc/apt/sources.list.d/pgdg.list
+sudo apt-get update && sudo apt-get install -y postgresql-client-13
+
+#install certbot
+sudo snap install certbot --classic
+sudo ln -s /snap/bin/certbot /usr/bin/certbot
+
+#install envoy
+curl -sL 'https://getenvoy.io/gpg' | sudo apt-key add -
+sudo add-apt-repository "deb [arch=amd64] https://dl.bintray.com/tetrate/getenvoy-deb $(lsb_release -cs) stable"
+sudo apt update && sudo apt-get install -y  getenvoy-envoy
+

packer/template.json.pkr.hcl

@@ -0,0 +1,52 @@
+variable "ami_name_prefix" {
+  type    = string
+  default = "${env("AMI_NAME_PREFIX")}"
+}
+
+variable "dle_version" {
+  type    = string
+  default = "${env("DLE_VERSION")}"
+}
+
+data "amazon-ami" "base" {
+  filters = {
+    architecture                       = "x86_64"
+    "block-device-mapping.volume-type" = "gp2"
+    name                               = "*ubuntu-focal-20.04-amd64-server-*"
+    root-device-type                   = "ebs"
+    virtualization-type                = "hvm"
+  }
+  most_recent = true
+  owners      = ["099720109477"]
+}
+
+source "amazon-ebs" "base" {
+  ami_description = "Installed AMI with Ubuntu 20.04, ZFS, Docker, Envoy proxy and Database Lab Engine 2.0 with client CLI."
+  ami_name        = "${var.ami_name_prefix}-${var.dle_version}-${formatdate("YYYY-MM-DD", timestamp())}-${uuidv4()}"
+  instance_type   = "t2.large"
+  source_ami      = "${data.amazon-ami.base.id}"
+  ssh_username    = "ubuntu"
+}
+
+build {
+  sources = ["source.amazon-ebs.base"]
+
+  provisioner "shell" {
+    inline = ["echo 'Sleeping for 45 seconds to give Ubuntu enough time to initialize (otherwise, packages might fail to install).'", "sleep 45", "sudo apt-get update"]
+  }
+
+  provisioner "file"{
+    source = "envoy.service"
+    destination = "/home/ubuntu/envoy.service"
+  }
+  provisioner "file"{
+    source = "envoy.yaml"
+    destination = "/home/ubuntu/envoy.yaml"
+  }
+
+  provisioner "shell" {
+    environment_vars = ["dle_version=${var.dle_version}"]
+    scripts = ["${path.root}/install-prereqs.sh", "${path.root}/install-dblabcli.sh","${path.root}/install-envoy.sh"] 
+  }
+
+}