mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-04 20:30:59 -05:00
106b738fab
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
105 lines
2.7 KiB
Bash
Executable File
105 lines
2.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
shopt -s inherit_errexit
|
|
|
|
if [[ -z ${CONFIG_FILE-} ]] && [[ -f ${CONFIG_FILE-} ]]; then
|
|
# shellcheck source=/dev/null
|
|
. "${CONFIG_FILE}"
|
|
fi
|
|
POSITIONAL_ARGS=()
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
case $1 in
|
|
-n | --name)
|
|
AZURE_VM_NAME="$2"
|
|
shift # past argument
|
|
shift # past value
|
|
;;
|
|
-g | --gallery)
|
|
CREATE_FROM_GALLERY=YES
|
|
shift # past argument
|
|
;;
|
|
-d | --disk)
|
|
CREATE_FROM_GALLERY=NO
|
|
shift # past argument
|
|
;;
|
|
--secure-boot)
|
|
AZURE_SECURE_BOOT="$2"
|
|
shift # past argument
|
|
shift # past value
|
|
;;
|
|
--disk-name)
|
|
AZURE_DISK_NAME="$2"
|
|
shift # past argument
|
|
shift # past value
|
|
;;
|
|
-*)
|
|
echo "Unknown option $1"
|
|
exit 1
|
|
;;
|
|
*)
|
|
POSITIONAL_ARGS+=("$1") # save positional arg
|
|
shift # past argument
|
|
;;
|
|
esac
|
|
done
|
|
|
|
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
|
|
|
|
if [[ ${AZURE_SECURITY_TYPE} == "ConfidentialVM" ]]; then
|
|
VMSIZE="Standard_DC2as_v5"
|
|
elif [[ ${AZURE_SECURITY_TYPE} == "TrustedLaunch" ]]; then
|
|
VMSIZE="standard_D2as_v5"
|
|
else
|
|
echo "Unknown security type: ${AZURE_SECURITY_TYPE}"
|
|
exit 1
|
|
fi
|
|
|
|
create_vm_from_disk() {
|
|
AZURE_DISK_REFERENCE=$(az disk show --resource-group "${AZURE_RESOURCE_GROUP_NAME}" --name "${AZURE_DISK_NAME}" --query id -o tsv)
|
|
az vm create --name "${AZURE_VM_NAME}" \
|
|
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" \
|
|
-l "${AZURE_REGION}" \
|
|
--size "${VMSIZE}" \
|
|
--public-ip-sku Standard \
|
|
--os-type Linux \
|
|
--attach-os-disk "${AZURE_DISK_REFERENCE}" \
|
|
--security-type "${AZURE_SECURITY_TYPE}" \
|
|
--os-disk-security-encryption-type VMGuestStateOnly \
|
|
--enable-vtpm true \
|
|
--enable-secure-boot "${AZURE_SECURE_BOOT}" \
|
|
--boot-diagnostics-storage "" \
|
|
--no-wait
|
|
}
|
|
|
|
create_vm_from_sig() {
|
|
AZURE_IMAGE_REFERENCE=$(az sig image-version show \
|
|
--gallery-image-definition "${AZURE_IMAGE_DEFINITION}" \
|
|
--gallery-image-version "${AZURE_IMAGE_VERSION}" \
|
|
--gallery-name "${AZURE_GALLERY_NAME}" \
|
|
-g "${AZURE_RESOURCE_GROUP_NAME}" \
|
|
--query id -o tsv)
|
|
az vm create --name "${AZURE_VM_NAME}" \
|
|
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" \
|
|
-l "${AZURE_REGION}" \
|
|
--size "${VMSIZE}" \
|
|
--public-ip-sku Standard \
|
|
--image "${AZURE_IMAGE_REFERENCE}" \
|
|
--security-type "${AZURE_SECURITY_TYPE}" \
|
|
--os-disk-security-encryption-type VMGuestStateOnly \
|
|
--enable-vtpm true \
|
|
--enable-secure-boot "${AZURE_SECURE_BOOT}" \
|
|
--boot-diagnostics-storage "" \
|
|
--no-wait
|
|
}
|
|
|
|
if [[ ${CREATE_FROM_GALLERY} == "YES" ]]; then
|
|
create_vm_from_sig
|
|
else
|
|
create_vm_from_disk
|
|
fi
|
|
|
|
sleep 30
|
|
az vm boot-diagnostics enable --name "${AZURE_VM_NAME}" --resource-group "${AZURE_RESOURCE_GROUP_NAME}"
|