Switches to using frontdoor version of azure terraform stack.

Author: Robert Chu

.github/workflows/publish.yml

@@ -239,7 +239,7 @@ jobs:
         env:
           DNS_SUBDOMAIN: ${{secrets.DNS_SUBDOMAIN}}
           DNS_ZONE_ID: ${{secrets.DNS_ZONE_ID}}
-          IMAGE_TAG: ${{steps.plan.outputs.hashtag}}
+          IMAGE_TAG: ${{steps.plan.outputs.version}}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v1
@@ -340,7 +340,8 @@ jobs:
         env:
           DNS_SUBDOMAIN: ${{secrets.DNS_SUBDOMAIN}}
           DNS_ZONE_NAME: ${{secrets.DNS_ZONE_NAME}}
-          IMAGE_TAG: ${{steps.plan.outputs.hashtag}}
+          DNS_ZONE_RESOURCE_GROUP_NAME: ${{secrets.DNS_ZONE_RESOURCE_GROUP_NAME}}
+          IMAGE_TAG: ${{steps.plan.outputs.version}}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v1

.gitignore

@@ -120,5 +120,10 @@ swabseq-analysis.Rproj
 # VSCode
 .vscode/
 
+# Terraform
+terraform.tfvars
+.terraform/
+.terraform.lock.hcl
+
 # This is autogenerated during CD
 VERSION

docker-compose.yaml

@@ -7,7 +7,10 @@ services:
       context: ./
       args:
         SERVER_VERSION: local+devcontainer
-    command: "python3 -m flask run --host=0.0.0.0 --port=5000"
+    command:
+      - "sh"
+      - "-c"
+      - "python3 -m flask run --host=0.0.0.0 --port=5000"
     environment:
       - FLASK_ENV=development
       - PORT=5000
@@ -27,7 +30,10 @@ services:
       context: ./
       args:
         SERVER_VERSION: local+devcontainer
-    command: "python3 -m celery -A script_runner.analysis worker"
+    command:
+      - "sh"
+      - "-c"
+      - "python3 -m celery -A script_runner.analysis worker"
     environment:
       - "CELERY_BROKER_URL=redis://:${REDIS_PASSWORD}@redis:6379"
       - "CELERY_RESULT_BACKEND=redis://:${REDIS_PASSWORD}@redis:6379"

docker/Dockerfile

@@ -10,4 +10,4 @@ RUN rm -rf /script-runner
 
 ENV FLASK_APP=script_runner.main:app
 
-CMD "python3 -m gunicorn.app.wsgiapp --timeout 240 --bind 0.0.0.0:${PORT} --access-logfile - --error-logfile - --workers 4 ${FLASK_APP}"
+CMD ["sh", "-c", "python3 -m gunicorn.app.wsgiapp --timeout 240 --bind 0.0.0.0:${PORT} --access-logfile - --error-logfile - --workers 4 ${FLASK_APP}"]

docker/Dockerfile.example

@@ -74,8 +74,9 @@ RUN mkdir /base-rundir
 RUN wget -qO- https://swabseq-analysis-examples.s3-us-west-1.amazonaws.com/bcls/H3FY3K.tar.gz \
     | tar xvz -C /base-rundir
 
+ENV COMMAND_RUNDIR_BASE=/base-rundir
 ENV PYTHONPATH="${RBASE}:${PYTHONPATH}"
 ENV FLASK_APP=script_runner.main:app
 ENV SERVER_VERSION=$SERVER_VERSION
 
-CMD "python3 -m gunicorn.app.wsgiapp --timeout 240 --bind 0.0.0.0:${PORT} --access-logfile - --error-logfile - --workers 4 ${FLASK_APP}"
+CMD ["sh", "-c", "python3 -m gunicorn.app.wsgiapp --timeout 240 --bind 0.0.0.0:${PORT} --access-logfile - --error-logfile - --workers 4 ${FLASK_APP}"]

terraform/azure/example.tfvars

@@ -1,4 +1,5 @@
-dns_subdomain = "${DNS_SUBDOMAIN}"
-dns_zone_name = "${DNS_ZONE_NAME}"
+dns_subdomain                = "${DNS_SUBDOMAIN}"
+dns_zone_name                = "${DNS_ZONE_NAME}"
+dns_zone_resource_group_name = "${DNS_ZONE_RESOURCE_GROUP_NAME}"
 
 image_tag = "${IMAGE_TAG}"

terraform/azure/main.tf

@@ -1,7 +1,19 @@
+terraform {
+  required_providers {
+    acme = {
+      source = "vancluever/acme"
+    }
+  }
+}
+
 provider "azurerm" {
   features {}
 }
 
+provider "acme" {
+  server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
+}
+
 terraform {
   backend "azurerm" {
     resource_group_name  = "labgrid"
@@ -22,21 +34,43 @@ resource "azurerm_resource_group" "swabseq_analysis_example" {
 
 # VPC/ECS ---------------------------------------------------------------------
 
-module "vnet" {
-  source              = "Azure/vnet/azurerm"
+resource "azurerm_virtual_network" "vnet" {
+  name                = "${var.stack_name}-vnet"
   resource_group_name = azurerm_resource_group.swabseq_analysis_example.name
+  location            = var.location
   address_space       = ["10.0.0.0/16"]
-  subnet_prefixes     = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
-  subnet_names        = [var.redis_subnet_name, var.server_subnet_name, var.worker_subnet_name]
+  tags                = var.tags
+}
+
+resource "azurerm_subnet" "redis_subnet" {
+  name                 = var.redis_subnet_name
+  resource_group_name  = azurerm_resource_group.swabseq_analysis_example.name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefixes     = ["10.0.1.0/24"]
+}
 
-  # subnet_service_endpoints = {
-  #   subnet2 = ["Microsoft.Storage", "Microsoft.Sql"],
-  #   subnet3 = ["Microsoft.AzureActiveDirectory"]
-  # }
+resource "azurerm_subnet" "worker_subnet" {
+  name                 = var.worker_subnet_name
+  resource_group_name  = azurerm_resource_group.swabseq_analysis_example.name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefixes     = ["10.0.3.0/24"]
+
+  delegation {
+    name = "${var.stack_name}-script-runner-worker-delegation"
+    service_delegation {
+      name    = "Microsoft.ContainerInstance/containerGroups"
+      actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+    }
+  }
+}
 
-  tags = var.tags
+resource "azurerm_subnet" "gateway_subnet" {
+  name                 = var.gateway_subnet_name
+  resource_group_name  = azurerm_resource_group.swabseq_analysis_example.name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefixes     = ["10.0.4.0/24"]
 
-  depends_on = [azurerm_resource_group.example]
+  service_endpoints = ["Microsoft.KeyVault"]
 }
 
 
@@ -48,17 +82,18 @@ module "swabseq_analysis" {
   location            = var.location
   resource_group_name = azurerm_resource_group.swabseq_analysis_example.name
 
-  redis_subnet_id  = module.vnet.vnet_subnets[0]
-  server_subnet_id = module.vnet.vnet_subnets[1]
-  worker_subnet_id = module.vnet.vnet_subnets[2]
+  redis_subnet_id  = azurerm_subnet.redis_subnet.id
+  worker_subnet_id = azurerm_subnet.worker_subnet.id
+  gateway_subnet_id = azurerm_subnet.gateway_subnet.id
 
   stack_name = var.stack_name
 
   auth_provider = "none"
 
-  image     = "labflow/swabseq-analysis-server-example"
+  image     = "labflow/script-runner-example"
   image_tag = var.image_tag
 
-  dns_subdomain = var.dns_subdomain
-  dns_zone_name = var.dns_zone_name
+  dns_subdomain                = var.dns_subdomain
+  dns_zone_name                = var.dns_zone_name
+  dns_zone_resource_group_name = var.dns_zone_resource_group_name
 }

terraform/azure/variables.tf

@@ -5,7 +5,7 @@ variable "location" {
 
 variable "stack_name" {
   type    = string
-  default = "swabseq-analysis-example"
+  default = "script-runner-example"
 }
 
 variable "image_tag" {
@@ -23,16 +23,15 @@ variable "dns_zone_name" {
   description = "Identifier of the Route53 Hosted Zone for this instance of script-runner."
 }
 
-variable "redis_subnet_name" {
+variable "dns_zone_resource_group_name" {
   type        = string
-  default     = "redis-subnet"
-  description = "Name of the redis subnet that will be created."
+  description = "Name of the resource group dns_zone_name is in."
 }
 
-variable "server_subnet_name" {
+variable "redis_subnet_name" {
   type        = string
-  default     = "server-subnet"
-  description = "Name of the server subnet that will be created."
+  default     = "redis-subnet"
+  description = "Name of the redis subnet that will be created."
 }
 
 variable "worker_subnet_name" {
@@ -41,6 +40,12 @@ variable "worker_subnet_name" {
   description = "Name of the worker subnet that will be created."
 }
 
+variable "gateway_subnet_name" {
+  type        = string
+  default     = "gateway-subnet"
+  description = "Name of the subnet to create application gateway instances in."
+}
+
 variable "tags" {
   type = map(string)