in deploy/deployment-manager/compute_engine.py [0:0]
def generate_config(context):
"""Generates configuration."""
project = context.env["project"]
deployment_name = context.env["deployment"]
zone = context.properties["zone"]
enrollment_token = context.properties["enrollmentToken"]
fleet_url = context.properties["fleetUrl"]
agent_version = context.properties["elasticAgentVersion"]
artifact_server = context.properties["elasticArtifactServer"]
scope = context.properties["scope"]
parent_id = context.properties["parentId"]
roles = ["roles/cloudasset.viewer", "roles/browser"]
network_name = f"{deployment_name}-network"
sa_name = context.properties["serviceAccountName"] or f"{deployment_name}-sa"
ssh_fw_rule = {
"name": "elastic-agent-firewall-rule",
"type": "compute.v1.firewall",
"properties": {
"network": f"$(ref.{network_name}.selfLink)",
"sourceRanges": ["0.0.0.0/0"],
"allowed": [
{
"IPProtocol": "TCP",
"ports": [22],
},
],
},
}
cmnd = "sudo ./elastic-agent install --non-interactive"
if agent_version.startswith("9."):
cmnd = f"{cmnd} --install-servers"
instance = {
"name": deployment_name,
"type": "compute.v1.instance",
"properties": {
"zone": zone,
"machineType": "".join(
[
COMPUTE_URL_BASE,
"projects/",
project,
"/zones/",
zone,
"/",
"machineTypes/n2-standard-4",
],
),
"serviceAccounts": [
{
"email": get_service_account_email(sa_name, project),
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloudplatformorganizations",
],
},
],
"disks": [
{
"deviceName": "boot",
"type": "PERSISTENT",
"boot": True,
"sizeGb": 32,
"autoDelete": True,
"initializeParams": {
"sourceImage": "".join(
[
COMPUTE_URL_BASE,
"projects/",
"ubuntu-os-cloud/global",
"/images/family/ubuntu-minimal-2204-lts",
],
),
},
},
],
"metadata": {
"items": [
{
"key": "startup-script",
"value": "".join(
[
"#!/bin/bash\n",
"set -x\n",
f"ElasticAgentArtifact=elastic-agent-{agent_version}-linux-x86_64\n",
f"curl -L -O {artifact_server}/$ElasticAgentArtifact.tar.gz\n",
"tar xzvf $ElasticAgentArtifact.tar.gz\n",
"cd $ElasticAgentArtifact\n",
f"{cmnd} --url={fleet_url} --enrollment-token={enrollment_token}",
],
),
},
],
},
"networkInterfaces": [
{
"network": f"$(ref.{network_name}.selfLink)",
"accessConfigs": [
{
"name": "External NAT",
"type": "ONE_TO_ONE_NAT",
},
],
},
],
"labels": {
"name": "elastic-agent",
},
},
}
network = {
"name": network_name,
"type": "compute.v1.network",
"properties": {
"routingConfig": {
"routingMode": "REGIONAL",
},
"autoCreateSubnetworks": True,
},
}
resources = [instance, network]
# Create service account if not provided
if not context.properties["serviceAccountName"]:
instance["properties"]["metadata"]["dependsOn"] = [sa_name]
service_account, bindings = get_service_account(
sa_name,
deployment_name,
roles,
scope,
parent_id,
project,
)
resources.append(service_account)
resources.extend(bindings)
if context.properties["allowSSH"]:
resources.append(ssh_fw_rule)
return {"resources": resources}