Skip to content

Instantly share code, notes, and snippets.

@stuartleeks

stuartleeks/ci.md

Last active October 3, 2022 07:30
Show Gist options
  • Save stuartleeks/55dcffd8c91a947df63aa46a0d7e5d79 to your computer and use it in GitHub Desktop.
Save stuartleeks/55dcffd8c91a947df63aa46a0d7e5d79 to your computer and use it in GitHub Desktop.
Download ZIP
TRE notes
Raw
ci.md

CI notes

status

Current status

  • /test runs build for forks
    • gets secret
    • does NOT mark the tests as completing
      • TODO - output PR ref details in label workflow and comment workflow and compare
    • md filter
      • testing in playground repo - may have solved it 🤞
  • /destroy-env not tested yet
  • /force-approve not tested yet

Testing for write access

TODO - put summary of collaborator tests here

Raw
deployment-sample.md

notes on deployment sample repo

Other

  • remove set... from aad scripts designed to be sourced
Raw
notes.md

Health

# Is API up?
curl -X GET https://$TRE_ID.$LOCATION.cloudapp.azure.com/api/status
curl -X GET https://$TRE_ID.$LOCATION.cloudapp.azure.com/api/health

# Is App Gateway healthy
az network application-gateway show-backend-health --resource-group rg-$TRE_ID --name agw-$TRE_ID

testing env vars

# Add this to Makefile
env-echo:
	. ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env,auth \
	&& printenv | sort

Misc

# set up env
export USE_ENV_VARS_NOT_FILES=true
set -a; source devops/.env; source templates/core/.env; set +a

# set env with TF vars
# note that private.env is output from `make setup-local-debugging
set -a; source devops/.env; source templates/core/.env; source ./devops/scripts/load_terraform_env.sh ./devops/.env; source ./devops/scripts/load_terraform_env.sh ./templates/core/.env; source ./templates/core/private.env; set +a


# build-and-register-bundle
TRE_URL=https://${TRE_ID}.${LOCATION}.cloudapp.azure.com AUTH_TENANT_ID=$AAD_TENANT_ID BUNDLE_TYPE=workspace DIR=./templates/workspaces/base make build-and-register-bundle

# e2e tests
cls;make test-e2e




#
# Manually call api
#!/bin/bash
set -e

# get token
TOKEN=$(curl -X POST -H 'Content-Type: application/x-www-form-urlencoded'   https://login.microsoftonline.com/$AAD_TENANT_ID/oauth2/v2.0/token   -d "client_id=$AUTOMATION_ADMIN_ACCOUNT_CLIENT_ID"   -d 'grant_type=client_credentials'   -d "scope=api://$API_CLIENT_ID/.default"   -d "client_secret=$AUTOMATION_ADMIN_ACCOUNT_CLIENT_SECRET" | jq -r .access_token)

# query api
curl -X GET https://$TRE_ID.$LOCATION.cloudapp.azure.com/api/workspace-templates -H 'accept: application/json' -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN"

rm -rf devops/terraform/.terraform

rm -rf templates/core/terraform/.terraform

Setting up

# TODO add aad_app_reg.sh

# Main deployment
make all

# Add cert to endpoints
make letsencrypt

# add firewall, gitea, ...
make deploy-shared-services


export USE_ENV_VARS_NOT_FILES=true

# set env with TF vars
# note that private.env is output from `make setup-local-debugging
set -a; source devops/.env; source templates/core/.env; source ./devops/scripts/load_terraform_env.sh ./devops/.env; source ./devops/scripts/load_terraform_env.sh ./templates/core/.env; source ./templates/core/private.env; set +a; set +e

export TRE_URL=https://${TRE_ID}.${LOCATION}.cloudapp.azure.com && \
export AUTH_TENANT_ID=$AAD_TENANT_ID

set +e && make prepare-for-e2e

# BUNDLE_TYPE=workspace DIR=./templates/workspaces/base make bundle-publish bundle-register
# BUNDLE_TYPE=workspace DIR=./templates/workspaces/innereye make bundle-publish bundle-register

# BUNDLE_TYPE=workspace_service DIR=./templates/workspace_services/guacamole make bundle-publish bundle-register
# BUNDLE_TYPE=workspace_service DIR=./templates/workspace_services/azureml make bundle-publish bundle-register
# BUNDLE_TYPE=workspace_service DIR=./templates/workspace_services/devtestlabs make bundle-publish bundle-register
# BUNDLE_TYPE=workspace_service DIR=./templates/workspace_services/innereye make bundle-publish bundle-register
# BUNDLE_TYPE=workspace_service DIR=./templates/workspace_services/gitea make bundle-publish bundle-register

# #BUNDLE_TYPE=user_resource DIR=./templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm

Manual installation

# set up env vars as above

# Run base workspace install (based on https://microsoft.github.io/AzureTRE/tre-workspace-authors/authoring-workspace-templates/#manual-deployment)
cls;make bundle-build DIR=./templates/workspaces/base && make bundle-install DIR=./templates/workspaces/base

# attempting to run TF directly (not via porter)
# From the templates/workspaces/base/terraform folder...
set -a; source ../../../../devops/scripts/load_env.sh ../.env;  source ../../../../devops/scripts/load_terraform_env.sh ../.env; set +a ; set +e

# export TF_VAR_auth_client_id=$AUTH_CLIENT_ID
# export TF_VAR_auth_client_secret=$AUTH_CLIENT_SECRET
# export TF_VAR_auth_tenant_id=$AUTH_TENANT_ID
export TF_VAR_auth_client_id=$APPLICATION_ADMIN_CLIENT_ID
export TF_VAR_auth_client_secret=$APPLICATION_ADMIN_CLIENT_SECRET
export AUTH_CLIENT_ID=$APPLICATION_ADMIN_CLIENT_ID
export AUTH_CLIENT_SECRET=$APPLICATION_ADMIN_CLIENT_SECRET

export ENABLE_AIRLOCK=true

export TF_LOG=trace
export TG_LOG_PATH=./tf.stuartle.log

terraform init \
	-backend-config="container_name=$TERRAFORM_STATE_CONTAINER_NAME" \
	-backend-config="storage_account_name=$MGMT_STORAGE_ACCOUNT_NAME" \
	-backend-config="key=$TRE_ID-ws-$ID" \
	-backend-config="resource_group_name=$MGMT_RESOURCE_GROUP_NAME"


# or...
cls;rm tf.log; TF_LOG=trace TF_LOG_PATH=/workspaces/AzureTRE/tf.log make terraform-deploy DIR=./templates/workspaces/base/

Bastion - WIP

# Needs standard SKU with Native Client Support enabled
tre-vmss-password  | xclip -i # copy password to clipboard ready for pasting
az network bastion ssh --name bas-tresl11 --resource-group rg-tresl11  --target-resource-id /subscriptions/e96f24a6-ceee-43a3-8ad4-5e5dca55656b/resourceGroups/rg-tresl11/providers/Microsoft.Compute/virtualMachineScaleSets/vmss-rp-porter-tresl11/virtualMachines/0 --auth-type password --username adminuser 


## TODO enable tunneling
# get resource:
az network bastion show --resource-group rg-tresl11 --name bas-tresl11  --output json
# if this is the correct format then update properties sku.name and enableTunneling
# if not get the resource ID from this and then issue `az rest` GET and update that response

VNET peering cleanup

# When manually deleting Workspace RGs, the VNET peerings aren't cleaned up

# Get names of "Disconnected" VNETs
az network vnet peering list --resource-group rg-tresl11 --vnet-name vnet-tresl11 --query "[?peeringState=='Disconnected'].name" -o tsv



for disconnected_vnet in $(az network vnet peering list --resource-group rg-tresl11 --vnet-name vnet-tresl11 --query "[?peeringState=='Disconnected'].name" -o tsv); do echo "Deleting $disconnected_vnet..." && az network vnet peering delete --resource-group rg-tresl11 --vnet-name vnet-tresl11 --name $disconnected_vnet && echo "done"; done

TRE CLI create workspace

{
	"templateName": "tre-workspace-base",
	"properties": {
		"display_name": "created via CLI",
		"description": "New workspace created via CLI",
		"client_id": "<TODO - include client ID",
		"client_secret": "<TODO - include client secret>",
		"address_space_size": "small",
		"app_service_plan_sku": "P1v2"
	}
}
#

tre workspaces new --definition-file .stuartle.workspace.json --wait-for-completion
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment