Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automate Control Plane RG Setup #480

Merged
merged 23 commits into from
Sep 6, 2023
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions scripts/setup-rg/README.md
eujing marked this conversation as resolved.
Show resolved Hide resolved
eujing marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Resource Group Setup

These scripts are helpers for setting up a new resource group (RG) as the control plane for MLOS.
eujing marked this conversation as resolved.
Show resolved Hide resolved

## Quickstart

1. Starting in this current directory, ensure that we are logged in to Azure CLI.

```sh
az login
```

2. Make a copy of the ARM parameters file.

```sh
cp rg-template.example.parameters.json rg-template.<your name>.parameters.json
eujing marked this conversation as resolved.
Show resolved Hide resolved
```

3. Modify the ARM parameters in the newly created file as needed, especially the `PLACEHOLDER` values.

4. Execute the main script and follow prompts:
eujing marked this conversation as resolved.
Show resolved Hide resolved

```sh
./setup-rg.ps1
Supply values for the following parameters:
armParameters: rg-template.<your name>.parameters.json
servicePrincipalName: <name of service principal for generating tokens with>
resourceGroupName: <target resource group for this control plane setup>
certName: <desired key vault name of certificate for the service principal e.g. mlos-autotune-sp-cert>
```

## Manual

Parameters for script can also passed in manually (without prompt) as follows:

```sh
eujing marked this conversation as resolved.
Show resolved Hide resolved
./setup-rg.ps1 `
-armParameters $armParams `
-servicePrincipalName $servicePrincipalName `
-resourceGroupName $resourceGroupName `
-certName $certName
```

where `$armParams` follows the same usage as `--parameters` in [az deployment group create](https://learn.microsoft.com/en-us/cli/azure/deployment/group?view=azure-cli-latest#az-deployment-group-create-examples).

## Workflow

The high-level flow for what this script automates is as follows:

1. Assign `Contributor` access to the Service Principal (SP) for write access over resources.
eujing marked this conversation as resolved.
Show resolved Hide resolved
For now we assume the experiment's resources are provisioned in the same RG as the control plane, so the access is granted to the same RG.
eujing marked this conversation as resolved.
Show resolved Hide resolved

2. Provision control plane resources into the RG.
This includes:
- Networking (public IP, security group, vnet, subnet, network interface)
eujing marked this conversation as resolved.
Show resolved Hide resolved
- Key Vault
eujing marked this conversation as resolved.
Show resolved Hide resolved
- Storage (storage account, file share, MySQL Flex server)
bpkroth marked this conversation as resolved.
Show resolved Hide resolved
- VM
eujing marked this conversation as resolved.
Show resolved Hide resolved

3. Assign `Key Vault Administrator` access to the current user.
This allows the current user to retrieve secrets / certificates from the VM once it is set up.
Ensure to log in as the same user in the VM.

4. If not existing yet, generate a certificate with `certName` in the key vault.
eujing marked this conversation as resolved.
Show resolved Hide resolved

5. If not associated yet, upload the certificate from before to the SP.
30 changes: 30 additions & 0 deletions scripts/setup-rg/rg-template.example.parameters.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"projectPrefix": {
"value": "mlos-mysql-autotune"
eujing marked this conversation as resolved.
Show resolved Hide resolved
},
"vmSKU": {
"value": "Standard_D2s_v3"
},
"vmAdminUsername": {
"value": "PLACEHOLDER"
},
"sshPublicKey": {
"value": "PLACEHOLDER"
eujing marked this conversation as resolved.
Show resolved Hide resolved
},
"fileShareName": {
"value": "mlos-file-share"
},
"resultsDbName": {
"value": "mlos-mysql-autotune"
eujing marked this conversation as resolved.
Show resolved Hide resolved
},
"resultsDbAdminUsername": {
"value": "mlos"
},
"resultsDbAdminPassword": {
"value": "PLACEHOLDER"
}
}
}
Loading