From 4d7ca74d4abd11d9010d5e3de7b3351eeab74c5f Mon Sep 17 00:00:00 2001 From: Daniel Falkner Date: Wed, 10 Aug 2016 15:29:42 +0200 Subject: [PATCH] Deploy on Azure --- README.md | 6 + azure/azuredeploy.json | 321 ++++++++++++++++++++++++++++++ azure/azuredeploy.parameters.json | 15 ++ azure/install.sh | 13 ++ 4 files changed, 355 insertions(+) create mode 100644 azure/azuredeploy.json create mode 100644 azure/azuredeploy.parameters.json create mode 100644 azure/install.sh diff --git a/README.md b/README.md index 02f6bbb..7eae8a4 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,12 @@ We will use Libreswan as th ## Requirements +Microsoft Azure Subscription + + + + + A newly created Amazon EC2 instance, using these AMIs: (See instructions) - Ubuntu 16.04 (Xenial), 14.04 (Trusty) or 12.04 (Precise) - Debian 8 (Jessie) EC2 Images diff --git a/azure/azuredeploy.json b/azure/azuredeploy.json new file mode 100644 index 0000000..bc2d226 --- /dev/null +++ b/azure/azuredeploy.json @@ -0,0 +1,321 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "username": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "User name for SSH and VPN" + } + }, + "password": { + "type": "securestring", + "metadata": { + "description": "User password for SSH and VPN" + } + }, + "preSharedKey": { + "type": "securestring", + "metadata": { + "description": "Pre-Shared Key for VPN" + } + }, + "image": { + "type": "string", + "allowedValues": [ + "ubuntu", + "debian" + ], + "defaultValue": "debian", + "metadata": { + "description": "OS to use. Debian or Ubuntu" + } + }, + "VMSize": { + "type": "string", + "defaultValue": "Standard_A0", + "allowedValues": [ + "Standard_A0", + "Standard_A1", + "Standard_A2", + "Standard_A3", + "Standard_A4", + "Standard_A5", + "Standard_A6", + "Standard_A7", + "Standard_A8", + "Standard_A9", + "Standard_A10", + "Standard_A11", + "Standard_D1", + "Standard_D2", + "Standard_D3", + "Standard_D4", + "Standard_D11", + "Standard_D12", + "Standard_D13", + "Standard_D14", + "Standard_D1_v2", + "Standard_D2_v2", + "Standard_D3_v2", + "Standard_D4_v2", + "Standard_D5_v2", + "Standard_D11_v2", + "Standard_D12_v2", + "Standard_D13_v2", + "Standard_D14_v2", + "Standard_G1", + "Standard_G2", + "Standard_G3", + "Standard_G4", + "Standard_G5", + "Standard_DS1", + "Standard_DS2", + "Standard_DS3", + "Standard_DS4", + "Standard_DS11", + "Standard_DS12", + "Standard_DS13", + "Standard_DS14", + "Standard_GS1", + "Standard_GS2", + "Standard_GS3", + "Standard_GS4", + "Standard_GS5" + ], + "metadata": { + "description": "The size of the Virtual Machine." + } + } + }, + "variables": { + "location": "[resourceGroup().location]", + "vmName": "vpnserver", + "virtualNetworkName": "vpnVnet", + "addressPrefix": "10.0.0.0/16", + "subnetName": "VPNSubnet", + "subnetPrefix": "10.0.1.0/24", + "apiVersion": "2015-06-15", + "storageName": "[concat(uniqueString(resourceGroup().id), 'vpnsa')]", + "vhdStorageType": "Standard_LRS", + "vnetId": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]", + "SubnetRef": "[concat(variables('vnetId'), '/subnets/', variables('subnetName'))]", + "ubuntu": { + "publisher": "Canonical", + "offer": "UbuntuServer", + "sku": "16.04.0-LTS", + "version": "latest" + }, + "debian": { + "publisher": "credativ", + "offer": "Debian", + "sku": "8", + "version": "latest" + }, + "installScriptURL": "https://raw.githubusercontent.com/derdanu/setup-ipsec-vpn/master/azure/install.sh", + "installCommand": "[concat('sh install.sh ', parameters('preSharedKey'), ' ', parameters('username'), ' ', parameters('password'))]" + }, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "name": "[variables('storageName')]", + "apiVersion": "[variables('apiVersion')]", + "location": "[variables('location')]", + "tags": { + "displayName": "StorageAccount" + }, + "properties": { + "accountType": "[variables('vhdStorageType')]" + } + }, + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "location": "[variables('location')]", + "tags": { + "displayName": "VirtualNetwork" + }, + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetPrefix')]" + } + } + ] + } + }, + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Network/networkInterfaces", + "name": "[concat(variables('vmName'), 'nic')]", + "location": "[resourceGroup().location]", + "tags": { + "displayName": "NetworkInterface" + }, + "dependsOn": [ + "[concat('Microsoft.Network/virtualNetworks/', concat(variables('virtualNetworkName')))]", + "[concat('Microsoft.Network/publicIPAddresses/', concat(variables('vmName'), 'pip'))]", + "[concat('Microsoft.Network/networkSecurityGroups/', concat(variables('vmName'), 'nsg'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('vmName'), 'pip'))]" + }, + "subnet": { + "id": "[variables('subnetRef')]" + } + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat(variables('vmName'), 'nsg'))]" + } + } + }, + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Compute/virtualMachines", + "name": "[variables('vmName')]", + "location": "[resourceGroup().location]", + "tags": { + "displayName": "VirtualMachine" + }, + "dependsOn": [ + "[concat('Microsoft.Network/networkInterfaces/', concat(variables('vmName'), 'nic'))]" + ], + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[variables('vmName')]", + "adminUsername": "[parameters('username')]", + "adminPassword": "[parameters('password')]" + }, + "storageProfile": { + "imageReference": "[variables(parameters('image'))]", + "osDisk": { + "name": "osdisk", + "vhd": { + "uri": "[concat('http://', variables('storageName'), '.blob.core.windows.net/vmachines/', variables('vmName'), '.vhd')]" + }, + "caching": "ReadWrite", + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vmName'), 'nic'))]" + } + ] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "name": "[concat(variables('vmName'),'/installcustomscript')]", + "apiVersion": "[variables('apiVersion')]", + "location": "[resourceGroup().location]", + "tags": { + "displayName": "VirtualMachineCustomScriptExtension" + }, + "dependsOn": [ + "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]" + ], + "properties": { + "publisher": "Microsoft.OSTCExtensions", + "type": "CustomScriptForLinux", + "typeHandlerVersion": "1.3", + "settings": { + "fileUris": [ "[variables('installScriptURL')]" ], + "commandToExecute": "[variables('installCommand')]" + } + } + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "name": "[concat(variables('vmName'), 'nsg')]", + "tags": { + "displayName": "NetworkSecurityGroup" + }, + "apiVersion": "[variables('apiVersion')]", + "location": "[resourceGroup().location]", + "properties": { + "securityRules": [ + { + "name": "default-ssh", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "22", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 1000, + "direction": "Inbound" + } + }, + { + "name": "default-udp-500", + "properties": { + "protocol": "Udp", + "sourcePortRange": "*", + "destinationPortRange": "500", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 2000, + "direction": "Inbound" + } + }, + { + "name": "default-udp-4500", + "properties": { + "protocol": "Udp", + "sourcePortRange": "*", + "destinationPortRange": "4500", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 2001, + "direction": "Inbound" + } + } + ] + } + }, + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Network/publicIPAddresses", + "name": "[concat(variables('vmName'), 'pip')]", + "location": "[resourceGroup().location]", + "tags": { + "displayName": "PublicIPAddress" + }, + "properties": { + "publicIPAllocationMethod": "Static" + } + } + ], + "outputs": { + "Public IP": { + "type": "string", + "value": "[reference(concat(variables('vmName'), 'pip')).ipAddress]" + } + } +} diff --git a/azure/azuredeploy.parameters.json b/azure/azuredeploy.parameters.json new file mode 100644 index 0000000..1dbe22b --- /dev/null +++ b/azure/azuredeploy.parameters.json @@ -0,0 +1,15 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "username": { + "value": "Vpnuser" + }, + "password": { + "value": "Password123#" + }, + "preSharedKey": { + "value": "mypsksupersecure" + } + } +} \ No newline at end of file diff --git a/azure/install.sh b/azure/install.sh new file mode 100644 index 0000000..6f7ece6 --- /dev/null +++ b/azure/install.sh @@ -0,0 +1,13 @@ +#/bin/bash +export VPN_IPSEC_PSK=$1 +export VPN_USER=$2 +export VPN_PASSWORD=$3 + +# Debian on Azure has no lsb_release installed. +if ! [[ -x "/usr/bin/lsb_release" ]] +then + apt-get update + apt-get install -y lsb-release +fi + +wget https://git.io/vpnsetup -O vpnsetup.sh && sh vpnsetup.sh \ No newline at end of file