Use podman to install proxy on test ec2

Author: everesio

scripts/mks/.gitignore renamed to scripts/msk/.gitignore

@@ -26,6 +26,10 @@ tf-apply: tf-init
 tf-destroy:
 	terraform destroy -input=false -auto-approve
 
+.PHONY: tf-output
+tf-output:
+	terraform output
+
 .PHONY: sso-login
 sso-login:
 	aws sso login --profile $(SSO_PROFILE)

scripts/mks/Makefile renamed to scripts/msk/Makefile

@@ -35,12 +35,10 @@ resource "aws_msk_cluster" "mqtt-proxy-cluster" {
     security_groups = [ aws_security_group.mqtt-proxy-cluster-security-group.id]
     ebs_volume_size = var.kafka_broker_ebs_volume_size
   }
-  # https://docs.aws.amazon.com/msk/latest/developerguide/msk-authentication.html
-  client_authentication {
-    tls {
-      certificate_authority_arns = [
 
-      ]
+  encryption_info {
+    encryption_in_transit {
+      client_broker = "TLS_PLAINTEXT"
     }
   }
 }

scripts/mks/all.auto.tfvars renamed to scripts/msk/all.auto.tfvars

@@ -1,3 +1,13 @@
+data "template_file" "mqtt-proxy-init" {
+  template = file("${path.module}/proxy.tpl")
+
+  vars = {
+    mqtt_proxy_version = var.mqtt_proxy_version
+    kafka_proxy_version = var.kafka_proxy_version
+    bootstrap_servers = aws_msk_cluster.mqtt-proxy-cluster.bootstrap_brokers
+  }
+}
+
 resource "aws_instance" "mqtt-proxy" {
   count                  = var.mqtt_proxy_enable ? 1 : 0
   ami                    = data.aws_ami.ubuntu-focal.id
@@ -6,16 +16,7 @@ resource "aws_instance" "mqtt-proxy" {
   iam_instance_profile   = aws_iam_instance_profile.mqtt-proxy-profile.id
   vpc_security_group_ids = [aws_security_group.mqtt-proxy-security-group.id]
   key_name               = aws_key_pair.mqtt-proxy-key-pair.key_name
-  user_data              = <<EOF
-#!/usr/bin/env bash
-curl -Ls https://github.com/grepplabs/mqtt-proxy/releases/download/${var.mqtt_proxy_version}/mqtt-proxy-${var.mqtt_proxy_version}-linux-amd64.tar.gz | tar xz
-mv ./mqtt-proxy /usr/local/bin/mqtt-proxy
-
-# kafka-proxy is not required by mqtt-proxy
-curl -Ls https://github.com/grepplabs/kafka-proxy/releases/download/${var.kafka_proxy_version}/kafka-proxy-${var.kafka_proxy_version}-linux-amd64.tar.gz | tar xz
-mv ./kafka-proxy /usr/local/bin/kafka-proxy
-
-EOF
+  user_data              = data.template_file.mqtt-proxy-init.rendered
 }
 
 data "aws_ami" "ubuntu-focal" {
@@ -26,7 +27,11 @@ data "aws_ami" "ubuntu-focal" {
     values = [
       "*ubuntu-focal-*"]
   }
-
+  filter {
+    name = "architecture"
+    values = [
+      "x86_64"]
+  }
   filter {
     name = "virtualization-type"
     values = [
@@ -114,4 +119,4 @@ resource "aws_security_group" "mqtt-proxy-security-group" {
 
 output "mqtt_proxy_ip" {
   value = var.mqtt_proxy_enable ? aws_instance.mqtt-proxy.0.public_ip : ""
-}
+}

scripts/mks/all.vars.tf renamed to scripts/msk/all.vars.tf

@@ -0,0 +1,70 @@
+#!/usr/bin/env bash
+curl -Ls https://github.com/grepplabs/mqtt-proxy/releases/download/${mqtt_proxy_version}/mqtt-proxy-${mqtt_proxy_version}-linux-amd64.tar.gz | tar xz
+mv ./mqtt-proxy /usr/local/bin/mqtt-proxy
+
+# kafka-proxy is not required by mqtt-proxy
+curl -Ls https://github.com/grepplabs/kafka-proxy/releases/download/${kafka_proxy_version}/kafka-proxy-${kafka_proxy_version}-linux-amd64.tar.gz | tar xz
+mv ./kafka-proxy /usr/local/bin/kafka-proxy
+
+# run mqtt-proxy in podman
+. /etc/os-release
+sh -c "echo 'deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
+curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$${VERSION_ID}/Release.key | apt-key add -
+apt-get update -qq
+apt-get -qq -y install podman
+
+mkdir -p /mqtt-proxy
+
+tee /mqtt-proxy/mqtt-proxy.yml <<POD_FILE
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app: mqtt-proxy
+  name: mqtt-proxy
+spec:
+  containers:
+  - command:
+    - server
+    - --mqtt.publisher.name=kafka
+    - --mqtt.publisher.kafka.bootstrap-servers=${bootstrap_servers}
+    - --mqtt.publisher.kafka.default-topic=mqtt-test
+    env:
+    - name: HOSTNAME
+    - name: container
+      value: podman
+    image: docker.io/grepplabs/mqtt-proxy:latest
+    name: mqtt-proxy
+    ports:
+    - containerPort: 9090
+      hostPort: 9090
+      protocol: TCP
+    - containerPort: 1883
+      hostPort: 1883
+      protocol: TCP
+
+POD_FILE
+
+tee /etc/systemd/system/mqtt-proxy.service <<SYSTEMD_FILE
+[Unit]
+Description=MQTT Proxy
+
+[Service]
+Restart=always
+ExecStartPre=/usr/bin/podman pod rm -i -f mqtt-proxy_pod
+ExecStartPre=/usr/bin/podman rm -i -f mqtt-proxy
+ExecStart=/usr/bin/podman play kube /mqtt-proxy/mqtt-proxy.yml
+ExecStop=/usr/bin/podman stop -t 10 mqtt-proxy
+KillMode=none
+Type=forking
+
+[Install]
+WantedBy=multi-user.target
+
+SYSTEMD_FILE
+
+systemctl daemon-reload
+systemctl start mqtt-proxy
+systemctl status mqtt-proxy
+systemctl enable mqtt-proxy