diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 58c2eb6..6a2754f 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -12,7 +12,7 @@ "DOCKER_GROUP_ID": "${localEnv:DOCKER_GROUP_ID}", "INTERACTIVE": "true", "OSS_REPO": "OxBRCInformatics/AzureTRE", - "OSS_VERSION": "v0.18.7" + "OSS_VERSION": "v0.19.1" } }, "runArgs": [ diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml index febab45..9214ef0 100644 --- a/.github/workflows/deploy_tre_reusable.yml +++ b/.github/workflows/deploy_tre_reusable.yml @@ -389,6 +389,10 @@ jobs: BUNDLE_DIR: "\\${AZURETRE_HOME}/templates/workspace_services/databricks"} - {BUNDLE_TYPE: "workspace_service", BUNDLE_DIR: "\\${AZURETRE_HOME}/templates/workspace_services/ohdsi"} + - {BUNDLE_TYPE: "workspace_service", + BUNDLE_DIR: "\\${AZURETRE_HOME}/templates/workspace_services/azuresql"} + - {BUNDLE_TYPE: "workspace_service", + BUNDLE_DIR: "\\${AZURETRE_HOME}/templates/workspace_services/openai"} - {BUNDLE_TYPE: "user_resource", BUNDLE_DIR: "./templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm-ouh2"} - {BUNDLE_TYPE: "user_resource", @@ -549,6 +553,10 @@ jobs: BUNDLE_DIR: "\\${AZURETRE_HOME}/templates/workspace_services/databricks"} - {BUNDLE_TYPE: "workspace_service", BUNDLE_DIR: "\\${AZURETRE_HOME}/templates/workspace_services/ohdsi"} + - {BUNDLE_TYPE: "workspace_service", + BUNDLE_DIR: "\\${AZURETRE_HOME}/templates/workspace_services/azuresql"} + - {BUNDLE_TYPE: "workspace_service", + BUNDLE_DIR: "\\${AZURETRE_HOME}/templates/workspace_services/openai"} # Add your bundles here environment: ${{ inputs.environmentName }} steps: diff --git a/config.sample.yaml b/config.sample.yaml index f5a8b18..77ce40d 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -32,6 +32,7 @@ tre: resource_processor_vmss_sku: Standard_B2s enable_swagger: true enable_airlock_malware_scanning: true + # Set to true if want to ensure users have an email address before airlock request is created # Used if rely on email notifications for governance purposes # enable_airlock_email_check: true @@ -41,11 +42,10 @@ tre: # The TRE Web UI is deployed by default. # Uncomment the following to disable deployment of the Web UI. # deploy_ui: false - # If you want to use TRE_URL to point to your local TRE API instance or be configured to another cloud provider - # uncomment and set this variable - # tre_url: __CHANGE_ME__ firewall_sku: Standard + # Uncomment to deploy to a custom domain + # custom_domain: __CHANGE_ME__ authentication: aad_tenant_id: __CHANGE_ME__ # Setting AUTO_WORKSPACE_APP_REGISTRATION to false will: @@ -71,11 +71,9 @@ resource_processor: developer_settings: # Locks will not be added to stateful resources so they can be easily removed # stateful_resources_locked: false - # TRE Core Key Vault purge protection will be disabled so it can be reused upon deletion # kv_purge_protection_enabled: false - # This setting will enable your local machine to be able to # communicate with Service Bus and Cosmos. It will also allow deploying # the base workspace. @@ -84,3 +82,7 @@ developer_settings: # Used by the API and Resource processor application to change log level # Can be "ERROR", "WARNING", "INFO", "DEBUG" # logging_level: "INFO" + +# If you want to use TRE_URL to point to your local TRE API instance or be configured to another cloud provider +# uncomment and set this variable +# tre_url: __CHANGE_ME__ diff --git a/templates/workspace_services/README.md b/templates/workspace_services/README.md index 4fd2380..6fa1da1 100644 --- a/templates/workspace_services/README.md +++ b/templates/workspace_services/README.md @@ -4,7 +4,7 @@ Workspace Templates are located in this folder. These Templates are for the Comp | VM type | Template name | Description | | --- | --- | --- | -| Linux | tre-service-guacamole-linuxvm-ouh2 | This is a custom Linux image for OUH use | +| Linux | tre-service-guacamole-linuxvm-ouh2 | This is based on Ubuntu 22.04 with certain software pulled in via package manager | | Windows | tre-service-guacamole-windowsvm-ouh2 | This is a custom Windows image for OUH use | ## Available VM sizes @@ -30,5 +30,4 @@ Workspace Templates are located in this folder. These Templates are for the Comp ### Linux -- OUH Image -- Ubuntu 18.04 +- Ubuntu 22.04 diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/porter.yaml index 4a17edc..eec4c85 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole-linuxvm-ouh2 -version: 1.0.13 +version: 1.0.16 description: "An Azure TRE User Resource Template for Guacamole (Linux)" dockerfile: Dockerfile.tmpl registry: azuretre @@ -27,17 +27,15 @@ custom: apt_sku: 22.04 install_ui: true conda_config: true - - ## Removing custom Linux image as it becomes obsolete with the update to Ubuntu 22.04 and pre-installed software via vm_config.sh - # "OUH Ubuntu 18.04 Data Science VM": + # "OUH Ubuntu 22.04 Data Science VM": # source_image_name: OUHLinuxImage - # source_image_reference: - # publisher: microsoft-dsvm - # offer: ubuntu-1804 - # sku: 1804-gen2 - # version: latest - # install_ui: false - # conda_config: true + # # source_image_reference: + # # publisher: microsoft-dsvm + # # offer: ubuntu-2204 + # # apt_sku: 2204-gen2 + # # version: latest + # install_ui: true + # conda_config: true # For information on using custom images, see README.me in the guacamole/user-resources folder # "Custom Image From Gallery": # source_image_name: your-image diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/terraform/locals.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/terraform/locals.tf index 90aa305..cd280f5 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/terraform/locals.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/terraform/locals.tf @@ -14,7 +14,7 @@ locals { tre_workspace_service_id = var.parent_service_id tre_user_resource_id = var.tre_resource_id } - nexus_proxy_url = "http://nexus-${data.azurerm_public_ip.app_gateway_ip.fqdn}" + nexus_proxy_url = "https://nexus-${data.azurerm_public_ip.app_gateway_ip.fqdn}" # Load VM SKU/image details from porter.yaml porter_yaml = yamldecode(file("${path.module}/../porter.yaml")) vm_sizes = local.porter_yaml["custom"]["vm_sizes"] @@ -25,5 +25,5 @@ locals { # selected_image_source_refs is an array to enable easy use of a dynamic block selected_image_source_refs = lookup(local.selected_image, "source_image_reference", null) == null ? [] : [local.selected_image.source_image_reference] selected_image_source_id = lookup(local.selected_image, "source_image_name", null) == null ? null : "${var.image_gallery_id}/images/${local.selected_image.source_image_name}" - apt_sku = local.selected_image_source_refs[0]["apt_sku"] + apt_sku = length(local.selected_image_source_refs) > 0 ? local.selected_image_source_refs[0]["apt_sku"] : "22.04" } diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/terraform/vm_config.sh b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/terraform/vm_config.sh index 226c72a..392e1b3 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/terraform/vm_config.sh +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm-ouh2/terraform/vm_config.sh @@ -2,12 +2,13 @@ set -o errexit set -o pipefail -set -o nounset +# set -o nounset # Uncomment this line to see each command for debugging (careful: this will show secrets!) -set -o xtrace +# set -o xtrace -# # Remove apt sources not included in sources.list file -# sudo rm -f /etc/apt/sources.list.d/* + +# Remove apt sources not included in sources.list file +sudo rm -f /etc/apt/sources.list.d/* # Update apt packages from configured Nexus sources echo "init_vm.sh: START" @@ -35,12 +36,6 @@ sudo -u "${VM_USER}" -i bash -c 'echo xset -dpms >> ~/.xsession' sudo systemctl enable xrdp sudo service xrdp restart -## Python 3.8 and Jupyter -sudo apt install -y jupyter-notebook microsoft-edge-dev - -# echo "init_vm.sh: azure-cli" -sudo apt install azure-cli -y - # Azure Storage Explorer sudo apt-get remove -y dotnet-host-7.0 sudo apt-get remove -y dotnet-sdk-7.0 @@ -73,18 +68,9 @@ StartupWMClass=Code Categories=Development; END -## R -echo "init_vm.sh: R Setup" -sudo apt install -y r-base -# RStudio Desktop -echo "init_vm.sh: RStudio" -wget "${NEXUS_PROXY_URL}"/repository/r-studio-download/electron/jammy/amd64/rstudio-2023.12.1-402-amd64.deb -P /tmp/2204 -wget "${NEXUS_PROXY_URL}"/repository/r-studio-download/electron/focal/amd64/rstudio-2023.12.1-402-amd64.deb -P /tmp/2004 -sudo gdebi --non-interactive /tmp/"${APT_SKU}"/rstudio-2023.12.1-402-amd64.deb - -# Fix for blank screen on DSVM (/sh -> /bash due to conflict with profile.d scripts) -sudo sed -i 's|!/bin/sh|!/bin/bash|g' /etc/xrdp/startwm.sh +# Make sure xrdp service starts up with the system +# sudo systemctl enable xrdp if [ "${SHARED_STORAGE_ACCESS}" -eq 1 ]; then # Install required packages @@ -129,16 +115,27 @@ if [ "${SHARED_STORAGE_ACCESS}" -eq 1 ]; then # Autofs mounts when accessed for 60 seconds. Folder created for constant visible mount sudo ln -s "$mntPath" "/$fileShareName" - - sudo chmod 777 "$mntPath" fi +## R +echo "init_vm.sh: R Setup" +sudo apt install -y r-base + +# RStudio Desktop +echo "init_vm.sh: RStudio" +wget "${NEXUS_PROXY_URL}"/repository/r-studio-download/electron/jammy/amd64/rstudio-2023.12.1-402-amd64.deb -P /tmp/2204 +wget "${NEXUS_PROXY_URL}"/repository/r-studio-download/electron/focal/amd64/rstudio-2023.12.1-402-amd64.deb -P /tmp/2004 +sudo gdebi --non-interactive /tmp/"${APT_SKU}"/rstudio-2023.12.1-402-amd64.deb + +# Fix for blank screen on DSVM (/sh -> /bash due to conflict with profile.d scripts) +sudo sed -i 's|!/bin/sh|!/bin/bash|g' /etc/xrdp/startwm.sh + ### Anaconda Config if [ "${CONDA_CONFIG}" -eq 1 ]; then - echo "init_vm.sh: Anaconda" - export PATH="/anaconda/condabin":$PATH - export PATH="/anaconda/bin":$PATH - export PATH="/anaconda/envs/py38_default/bin":$PATH + export PATH="/opt/anaconda/condabin":$PATH + export PATH="/opt/anaconda/bin":$PATH + export PATH="/opt/anaconda/envs/py38_default/bin":$PATH + conda config conda config --add channels "${NEXUS_PROXY_URL}"/repository/conda-mirror/main/ --system conda config --add channels "${NEXUS_PROXY_URL}"/repository/conda-repo/main/ --system conda config --remove channels defaults --system @@ -155,35 +152,16 @@ jq -n --arg proxy "${NEXUS_PROXY_URL}:8083" '{"registry-mirrors": [$proxy]}' > / sudo systemctl daemon-reload sudo systemctl restart docker -# R config -sudo echo -e "local({\n r <- getOption(\"repos\")\n r[\"Nexus\"] <- \"""${NEXUS_PROXY_URL}\"/repository/r-proxy/\"\n options(repos = r)\n})" | sudo tee /etc/R/Rprofile.site - # Jupiter Notebook Config sudo sed -i -e 's/Terminal=true/Terminal=false/g' /usr/share/applications/jupyter-notebook.desktop -# Default Browser -sudo update-alternatives --config x-www-browser +# R config +sudo echo -e "local({\n r <- getOption(\"repos\")\n r[\"Nexus\"] <- \"""${NEXUS_PROXY_URL}/repository/r-proxy/\"\n options(repos = r)\n})" | sudo tee /etc/R/Rprofile.site # Prevent screen timeout echo "init_vm.sh: Preventing Timeout" sudo apt-get remove xfce4-screensaver -y -## VS Code -echo "init_vm.sh: VS Code" -sudo DEBIAN_FRONTEND=noninteractive apt install -y code -sudo apt install -y gvfs-bin || true - -echo "init_vm.sh: Folders" -sudo mkdir -p /opt/vscode/user-data -sudo mkdir -p /opt/vscode/extensions - -# TODO: need to look at proxy extentions -## VSCode Extensions -# echo "init_vm.sh: VSCode extensions" -# code --extensions-dir="/opt/vscode/extensions" --user-data-dir="/opt/vscode/user-data" --install-extension ms-python.python -# code --extensions-dir="/opt/vscode/extensions" --user-data-dir="/opt/vscode/user-data" --install-extension REditorSupport.r -# code --extensions-dir="/opt/vscode/extensions" --user-data-dir="/opt/vscode/user-data" --install-extension RDebugger.r-debugger - ## Cleanup echo "init_vm.sh: Cleanup" sudo shutdown -r now diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm-ouh2/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm-ouh2/porter.yaml index dd4b252..e674527 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm-ouh2/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm-ouh2/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole-windowsvm-ouh2 -version: 1.0.2 +version: 1.0.3 description: "An Azure TRE User Resource Template for Guacamole (Windows 10)" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm-ouh2/terraform/locals.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm-ouh2/terraform/locals.tf index 32ca41e..e5137d1 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm-ouh2/terraform/locals.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm-ouh2/terraform/locals.tf @@ -14,7 +14,7 @@ locals { tre_workspace_service_id = var.parent_service_id tre_user_resource_id = var.tre_resource_id } - nexus_proxy_url = "http://nexus-${data.azurerm_public_ip.app_gateway_ip.fqdn}" + nexus_proxy_url = "https://nexus-${data.azurerm_public_ip.app_gateway_ip.fqdn}" # Load VM SKU/image details from porter.yaml porter_yaml = yamldecode(file("${path.module}/../porter.yaml"))