Merge branch 'feature/KASM-1914_publish_do_terraform' into 'develop'

.gitignore

@@ -0,0 +1,37 @@
+ Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Ignore lock file
+.terraform.lock.hcl

README.md

@@ -11,3 +11,6 @@ Administators should review the projects and add additional customizations and s
 # Oracle Cloud
 - [Single Server](oci/single_server/README.md)
 - [Multi-Server Single Region](oci/standard/README.md)
+
+# DigitalOcean
+- [Single Server](digitalocean/single_server/README.md)

digitalocean/single_server/README.md

@@ -0,0 +1,40 @@
+# DigitalOcean Single Server
+This project will deploy Kasm Workspaces in a single-server deployment on DigitalOcean.
+
+
+![Diagram][Image_Diagram]
+
+[Image_Diagram]: https://f.hubspotusercontent30.net/hubfs/5856039/terraform/diagrams/digitalocean-single-server.png "Diagram"
+
+# Pre-Configuration
+
+### Domain Configuration
+If digitalocean is not already managing your domain you will need to have your registrar point to the DigitalOcean nameservers: https://www.digitalocean.com/community/tutorials/how-to-point-to-digitalocean-nameservers-from-common-domain-registrars 
+
+### API Tokens
+Create a personal access token with read/write permissions at https://cloud.digitalocean.com/account/api/tokens 
+
+### SSH Authorized Keys
+This project will launch a droplet and allow connections using the ssh keys defined by `ssh_key_fingerprints`. You can copy the fingerprint from the desired ssh keys from https://cloud.digitalocean.com/account/security 
+
+# Terraform Configuration
+
+1. Initialize the project
+
+       terraform init
+
+2. Open `deployment.tf` and update the variables. The variable definitions and descriptions
+can be found in `module/variables.tf`
+   
+
+3. Verify the configuration
+
+       terraform plan
+
+4. Deploy
+
+       terraform deploy
+
+
+5. Login to the Deployment as an Admin via the domain defined e.g `https://kasm.contoso.com`. Single server installs
+download all workspaces images during the install process so it may take ~15 minutes for the server to fully come online.

digitalocean/single_server/deployment.tf

@@ -0,0 +1,19 @@
+module "kasm" {
+  source                      = "./module"
+
+  digital_ocean_token         = ""
+
+  do_domain_name              = "kasm.contoso.com"
+  project_name                = "contoso"
+
+  digital_ocean_region        = "nyc3"
+  digital_ocean_image         = "docker-18-04"
+  digital_ocean_droplet_slug  = "s-2vcpu-4gb-intel"
+  swap_size                   = 2048
+
+  kasm_build_url              = "https://kasm-static-content.s3.amazonaws.com/kasm_release_1.9.0.077388.tar.gz"
+  user_password               = "changeme"
+  admin_password              = "changeme"
+  allow_ssh_cidrs             = ["0.0.0.0/0"]
+  ssh_key_fingerprints        = []
+}

digitalocean/single_server/module/dns.tf

@@ -0,0 +1,43 @@
+resource "digitalocean_domain" "default" {
+  name = "${var.do_domain_name}"
+}
+
+resource "digitalocean_record" "static" {
+  domain = digitalocean_domain.default.name
+  type   = "A"
+  name   = "static"
+  value  = digitalocean_loadbalancer.www-lb.ip
+}
+
+resource "digitalocean_certificate" "cert" {
+  name    = "${var.project_name}-cert"
+  type    = "lets_encrypt"
+  domains = ["${digitalocean_domain.default.id}"]
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "digitalocean_loadbalancer" "www-lb" {
+  name = "${var.project_name}-lb"
+  region = "${var.digital_ocean_region}"
+
+  forwarding_rule {
+    entry_port = 443
+    entry_protocol = "https"
+
+    target_port = 443
+    target_protocol = "https"
+
+    certificate_name = digitalocean_certificate.cert.name
+  }
+
+  healthcheck {
+    port = 443
+    protocol = "https"
+    path = "/"
+  }
+
+  droplet_ids = digitalocean_droplet.kasm-server.*.id
+}

digitalocean/single_server/module/files/kasm_server_init.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+set -ex
+echo "Starting Kasm Workspaces Install"
+
+/bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=${swap_size}
+/sbin/mkswap /var/swap.1
+chmod 600 /var/swap.1
+/sbin/swapon /var/swap.1
+
+cd /tmp
+
+PRIVATE_IP=(`hostname -I | cut -d  ' ' -f1 |  tr -d '\\n'`)
+
+wget  ${kasm_build_url} -O kasm_workspaces.tar.gz
+tar -xf kasm_workspaces.tar.gz
+bash kasm_release/install.sh -e -U ${user_password} -P ${admin_password} -p $PRIVATE_IP -m $PRIVATE_IP
+
+echo "Done

digitalocean/single_server/module/firewall.tf

@@ -0,0 +1,34 @@
+resource "digitalocean_firewall" "workspaces-fw" {
+  name = "${var.project_name}-fw"
+
+  tags = ["${digitalocean_tag.project.id}"]
+
+  inbound_rule {
+      protocol           = "tcp"
+      port_range         = "22"
+      source_addresses   = "${var.allow_ssh_cidrs}"
+  }
+
+  inbound_rule {
+      protocol           = "tcp"
+      port_range         = "443"
+      source_addresses   = ["0.0.0.0/0", "::/0"]
+  }
+
+  outbound_rule {
+      protocol                = "tcp"
+      port_range              = "1-65535"
+      destination_addresses   = ["0.0.0.0/0", "::/0"]
+  }
+
+  outbound_rule {
+      protocol                = "udp"
+      port_range              = "1-65535"
+      destination_addresses   = ["0.0.0.0/0", "::/0"]
+  }
+
+  outbound_rule {
+      protocol                = "icmp"
+      destination_addresses   = ["0.0.0.0/0", "::/0"]
+  }
+}

digitalocean/single_server/module/project.tf

@@ -0,0 +1,10 @@
+resource "digitalocean_project" "project" {
+  name = "${var.project_name}"
+  description = "Deployment for ${var.project_name}"
+  purpose = "Kasm Workspaces"
+  environment = "Development"
+  resources = [
+    digitalocean_droplet.kasm-server.urn,
+    digitalocean_domain.default.urn
+  ]
+}

digitalocean/single_server/module/server.tf

@@ -0,0 +1,43 @@
+data "template_file" "user_data" {
+  template = "${file("${path.module}/files/kasm_server_init.sh")}"
+  vars = {
+    kasm_build_url  = "${var.kasm_build_url}"
+    user_password   = "${var.user_password}"
+    admin_password  = "${var.admin_password}"
+    swap_size       = "${var.swap_size}"
+  }
+}
+
+resource "digitalocean_droplet" "kasm-server" {
+  ssh_keys           = "${var.ssh_key_fingerprints}"
+  image              = "${var.digital_ocean_image}"
+  region             = "${var.digital_ocean_region}"
+  size               = "${var.digital_ocean_droplet_slug}"
+  private_networking = false
+  backups            = false
+  ipv6               = false
+  name               = "${var.project_name}-workspaces"
+  tags               = ["${digitalocean_tag.project.id}"]
+  user_data          = "${data.template_file.user_data.rendered}"
+}
+
+output "kasm_server_ip" {
+  value = "${digitalocean_droplet.kasm-server.ipv4_address}"
+}
+
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+  }
+}
+
+provider "digitalocean" {
+  token = "${var.digital_ocean_token}"
+}
+
+resource "digitalocean_tag" "project" {
+  name = "${var.project_name}"
+}

digitalocean/single_server/module/variables.tf

@@ -0,0 +1,45 @@
+variable "project_name" {
+  description = "The name of the project/deployment/company eg (acme). Lower case all one word as this will be used in a domain name"
+}
+variable "digital_ocean_token" {
+  description = "Authentication Token For Digital Ocean"
+}
+variable "digital_ocean_region" {
+  description = "The Default Digital Ocean Region Slug: https://docs.digitalocean.com/products/platform/availability-matrix/"
+  default     = "nyc3"
+}
+variable "digital_ocean_droplet_slug" {
+  description = "The Default Digital Ocean Droplet Slug: https://slugs.do-api.dev/"
+  default     = "s-2vcpu-4gb-intel"
+}
+variable "digital_ocean_image" {
+  description = "Default Image for Ubuntu LTS"
+  default     = "docker-18-04"
+}
+variable "kasm_build_url" {
+  description = "The Build file to install"
+  default     = "https://kasm-static-content.s3.amazonaws.com/kasm_release_1.9.0.077388.tar.gz"
+}
+variable "user_password" {
+  default     = "changeme"
+  description = "The default password to be used for the default user@kasm.local account. Only use alphanumeric characters"
+}
+variable "admin_password" {
+  default     = "changeme"
+  description = "The default password to be used for the default admin@kasm.local account. Only use alphanumeric characters"
+}
+variable "allow_ssh_cidrs" {
+  description = "CIDR notation for hosts allowed to SSH"
+}
+variable "do_domain_name" {
+  description = "The domain name that users will use to access kasm"
+}
+variable "ssh_key_fingerprints" {
+  # The ssh key fingerprints from uploaded keys can be obtained at https://cloud.digitalocean.com/account/security
+  description = "Keys used for sshing into kasm hosts"
+}
+
+variable swap_size {
+  description = "The amount of swap (in MB) to configure inside the compute instances"
+  default = 2048
+}