diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml index 6056819ebe..e775bed80b 100644 --- a/.github/workflows/deploy_tre_reusable.yml +++ b/.github/workflows/deploy_tre_reusable.yml @@ -390,8 +390,6 @@ jobs: BUNDLE_DIR: "./templates/workspace_services/azureml"} - {BUNDLE_TYPE: "workspace_service", BUNDLE_DIR: "./templates/workspace_services/gitea"} - - {BUNDLE_TYPE: "workspace_service", - BUNDLE_DIR: "./templates/workspace_services/mlflow"} - {BUNDLE_TYPE: "workspace_service", BUNDLE_DIR: "./templates/workspace_services/mysql"} - {BUNDLE_TYPE: "workspace_service", @@ -553,8 +551,6 @@ jobs: BUNDLE_DIR: "./templates/workspace_services/azureml"} - {BUNDLE_TYPE: "workspace_service", BUNDLE_DIR: "./templates/workspace_services/gitea"} - - {BUNDLE_TYPE: "workspace_service", - BUNDLE_DIR: "./templates/workspace_services/mlflow"} - {BUNDLE_TYPE: "workspace_service", BUNDLE_DIR: "./templates/workspace_services/mysql"} - {BUNDLE_TYPE: "workspace_service", diff --git a/CHANGELOG.md b/CHANGELOG.md index 255e458293..1ffd4a7ae9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,13 +2,14 @@ ## 0.20.0 (Unreleased) **BREAKING CHANGES & MIGRATIONS**: +* InnerEye and MLFlow bundles depreciated and removed from main. If you wish to update and deploy these worksapce services they can be retrieved from release 0.19.1. ([#4127](https://github.com/microsoft/AzureTRE/issues/4127)) FEATURES: ENHANCEMENTS: * Disable storage account cross tenant replication ([#4116](https://github.com/microsoft/AzureTRE/pull/4116)) * Key Vaults should use RBAC instead of access policies for access control ([#4000](https://github.com/microsoft/AzureTRE/issues/4000)) -* Split log entries with [Log chunk X of Y] for better readability. ([[#3992](https://github.com/microsoft/AzureTRE/issues/3992) +* Split log entries with [Log chunk X of Y] for better readability. ([#3992](https://github.com/microsoft/AzureTRE/issues/3992)) * Expose APP_SERVICE_SKU build variable to allow enablement of App Gateway WAF ([#4111](https://github.com/microsoft/AzureTRE/pull/4111)) * Update Terraform to use Azure AD authentication rather than storage account keys ([#4103](https://github.com/microsoft/AzureTRE/issues/4103)) * Update obsolete Terraform properties ([#4136](https://github.com/microsoft/AzureTRE/issues/4136)) diff --git a/docs/tre-templates/workspace-services/inner-eye.md b/docs/tre-templates/workspace-services/inner-eye.md deleted file mode 100644 index 5e18612d11..0000000000 --- a/docs/tre-templates/workspace-services/inner-eye.md +++ /dev/null @@ -1,154 +0,0 @@ -# InnerEye DeepLearning Service Bundle - -- [Azure ML](../../../templates/workspace_services/azureml) - -See: [https://github.com/microsoft/InnerEye-DeepLearning](https://github.com/microsoft/InnerEye-DeepLearning) - -## Firewall Rules - -Please be aware that the following Firewall rules are opened for the workspace when this service is deployed. These are all dependencies needed by InnerEye to be able to develop and train models: - -URLs: - -- *.anaconda.com -- *.anaconda.org -- binstar-cio-packages-prod.s3.amazonaws.com -- *pythonhosted.org -- github-cloud.githubusercontent.com -- azure.archive.ubuntu.com (git lfs package) -- packagecloud.io (git lfs package installation script) - -## Initial setup - -Provision an InnerEye workspace by invoking a POST to ```https://..cloudapp.azure.com/api/workspaces``` with the following payload: - -```json - { - "templateName": "tre-workspace-innereye", - "properties": { - "display_name": "InnerEye", - "description": "InnerEyer workspace", - "client_id": "", - "inference_sp_client_id": "", - "inference_sp_client_secret": "" - } - } -``` - -This will provision Base Workspace, with AML service and InnerEye service, including InnerEye Inference web app. - -## Running the InnerEye HelloWorld - -### Preparation steps performed by the TRE Admin - -1. Ensure that you have completed ["Configuring Shared Services"](../../tre-admins/setup-instructions/configuring-shared-services.md) -1. Log onto a TREAdmin Jumpbox and mirror Github repos needed by InnerEye Helloworld: - - ```cmd - ./templates/workspace_services/gitea/gitea_migrate_repo.sh -t -g https://github.com/microsoft/InnerEye-DeepLearning - ./templates/workspace_services/gitea/gitea_migrate_repo.sh -t -g https://github.com/analysiscenter/radio - ./templates/workspace_services/gitea/gitea_migrate_repo.sh -t -g https://github.com/microsoft/InnerEye-Inference - ``` - -### Setup the InnerEye run from AML Compute Instance - -1. Log onto a VM in the workspace -1. In the VM open your browser and navigate to [ml.azure.com](https://ml.azure.com), login, select the right Subscription and AML workspace. -1. Select the Notebooks tab and then click Terminal. This will open a terminal on a running compute instance -1. Pull the InnerEye-DeepLearning git repo from Gitea mirror and configure: - - ```cmd - git clone https://gitea-.azurewebsites.net/giteaadmin/InnerEye-DeepLearning - cd InnerEye-DeepLearning - curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | sudo bash - sudo apt-get install git-lfs - git lfs install - git lfs pull - export PIP_INDEX_URL=https://nexus-.azurewebsites.net/repository/apt-pypi/simple - conda init - conda env create --file environment.yml - conda activate InnerEye - ``` - -1. Login to AzureCLI and set default subscription if needed - - ```cmd - az login - az account set --subscription - ``` - -1. Create a "datasets" container - - ```az storage container create --name datasets --account-name stgws``` -1. Copy `dataset.csv` file from `Tests/ML/test_data/dataset.csv` to the `hello_world` folder: - - ```az storage blob upload --account-name stgws --container-name datasets --file ./Tests/ML/test_data/dataset.csv --name hello_world/dataset.csv``` -1. Copy the whole `train_and_test_data` folder from `Test/ML/test_data/train_and_test_data` to the `hello_world` folder: - - ```az storage blob directory upload -c datasets --account-name stgws -s "./Tests/ML/test_data/train_and_test_data" -d hello_world --recursive``` - -1. Get storage keys for your storage: - - ```az storage account keys list --account-name stgws``` - -1. Update the following variables in `InnerEye/settings.yml`: subscription_id, resource_group, workspace_name, cluster (see [AML setup](https://github.com/microsoft/InnerEye-DeepLearning/blob/main/docs/setting_up_aml.md) for more details). -1. Navigate to `Data stores` in AML Workspace. Create a New datastore named `innereyedatasets` and link it to your storage account and datasets container. Use the key collected from the step above. -1. Back from the Terminal run - - ```cmd - python InnerEye/ML/runner.py --model=HelloWorld --azureml=True - ``` - -1. The runner will provide you with a link and ask you to open it to login. Copy the link and open it in browser (Edge) on the DSVM and login. The run will continue after login. -1. In your browser navigate to [https://ml.azure.com](https://ml.azure.com) and open the `Experiments` tab to follow the progress of the training - -## Configuring and testing inference service - -The workspace service provisions an App Service Plan and an App Service for hosting the inference webapp. The webapp will be integrated into the workspace network, allowing the webapp to connect to the AML workspace. Following the setup you will need to: - -1. Log onto a VM in the workspace and run: - - ```cmd - git clone https://gitea-.azurewebsites.net/giteaadmin/InnerEye-Inference - cd InnerEye-Inference - ``` - -1. Create a file named "set_environment.sh" with the following variables as content: - - ```bash - #!/bin/bash - export CUSTOMCONNSTR_AZUREML_SERVICE_PRINCIPAL_SECRET= - export CUSTOMCONNSTR_API_AUTH_SECRET= - export CLUSTER= - export WORKSPACE_NAME= - export EXPERIMENT_NAME= - export RESOURCE_GROUP= - export SUBSCRIPTION_ID= - export APPLICATION_ID= - export TENANT_ID= - export DATASTORE_NAME=inferencedatastore - export IMAGE_DATA_FOLDER=imagedata - ``` - -1. Upload the configuration file to the web app: - - ```cmd - az webapp up --name -g - ``` - -1. Create a new container in your storage account for storing inference images called `inferencedatastore`. -1. Create a new folder in that container called `imagedata`. -1. Navigate to the ml.azure.com, `Datastores` and create a new datastore named `inferencedatastore` and connect it to the newly created container. -1. Test the service by sending a GET or POST command using curl or Invoke-WebRequest where API_AUTH_SECRET is the random GUID generated for CUSTOMCONNSTR_API_AUTH_SECRET above: - - Simple ping: - - ```cmd - Invoke-WebRequest https://yourservicename.azurewebsites.net/v1/ping -Headers @{'Accept' = 'application/json'; 'API_AUTH_SECRET' = 'your-secret-1234-1123445'} - ``` - - Test connection with AML: - - ```cmd - Invoke-WebRequest https://yourservicename.azurewebsites.net/v1/model/start/HelloWorld:1 -Method POST -Headers @{'Accept' = 'application/json'; 'API_AUTH_SECRET' = 'your-secret-1234-1123445'} - ``` diff --git a/docs/tre-templates/workspace-services/mlflow.md b/docs/tre-templates/workspace-services/mlflow.md deleted file mode 100644 index f695672872..0000000000 --- a/docs/tre-templates/workspace-services/mlflow.md +++ /dev/null @@ -1,48 +0,0 @@ -# MLflow Workspace Service - -See: - -## Prerequisites - -- [A base workspace deployed](https://microsoft.github.io/AzureTRE/tre-templates/workspaces/base/) - -## MLflow Workspace VM Configuration - -Each MLflow server deployment creates a PowerShell (for Windows) and a shell script (for Linux) with the same name as the MLflow server, in the shared storage mounted on the researcher VMs. -These scripts will configure the researcher VMs (by installing the required packages and setting up the environment variables) to communicate with the MLflow tracking server. - -!!! note - Please ensure that [nexus reposiory](https://microsoft.github.io/AzureTRE/tre-admins/setup-instructions/configuring-shared-services/) is configured before running the above scripts. - -## MLflow set tracking URI - -Researchers will be required to set the remote tracking URI in their scripts - -```python -remote_server_uri = "https://xxxxxxx.azurewebsites.net/" - -mlflow.set_tracking_uri(remote_server_uri) -``` - -## Using with Conda-Forge - -If working with Conda-Forge you need to ensure the user resource you are using is configured correctly and using the channels available via the [Nexus repository](../shared-services/nexus/). -If the user resource you have deployed used one of the pre-existing Guacamole user resource templates and has conda installed by default, conda will already be configured to use the correct channels via Nexus. -If not and conda has been manually deployed on the user resource, the following script can be used to configure conda: - -```shell - conda config --add channels ${nexus_proxy_url}/repository/conda/ --system - conda config --add channels ${nexus_proxy_url}/repository/conda-forge/ --system - conda config --remove channels defaults --system - conda config --set channel_alias ${nexus_proxy_url}/repository/conda/ --system -``` - -### conda.yml - -When using a `conda.yml` file to configure your MLFlow environment it is required to specify the channels to use. -As the traditional channels (conda-forge, defaults etc) have been replaced with Nexus channels, you must ensure that the Nexus channels are being specified here instead. -To retireve these channels, run `conda config --show channels` once conda has been configured to use Nexus. - -!!! note - When logging models using sklearn, an optional parameter `conda_env` can be passed as either JSON or YML. If this is not passed a default `conda.yml` will be generate for the model, targeting the channel `conda-forge` causing any subsequent environments created using the model to fail. - See the official documentation [here](https://www.mlflow.org/docs/latest/python_api/mlflow.sklearn.html) for the full details. diff --git a/mkdocs.yml b/mkdocs.yml index 4526800b85..1f6a17f3d0 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -97,8 +97,6 @@ nav: - Azure ML: tre-templates/workspace-services/azure-ml.md - Gitea: tre-templates/workspace-services/gitea.md - Guacamole: tre-templates/workspace-services/guacamole.md - - InnerEye: tre-templates/workspace-services/inner-eye.md - - MLFlow: tre-templates/workspace-services/mlflow.md - Health Services: tre-templates/workspace-services/health_services.md - Azure Databricks: tre-templates/workspace-services/databricks.md - OHDSI: tre-templates/workspace-services/ohdsi.md diff --git a/templates/workspace_services/innereye/.dockerignore b/templates/workspace_services/innereye/.dockerignore deleted file mode 100644 index 6de561f5c3..0000000000 --- a/templates/workspace_services/innereye/.dockerignore +++ /dev/null @@ -1,7 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# TF backend files -**/*_backend.tf - -Dockerfile.tmpl \ No newline at end of file diff --git a/templates/workspace_services/innereye/.env.sample b/templates/workspace_services/innereye/.env.sample deleted file mode 100644 index bdb4b7a0f5..0000000000 --- a/templates/workspace_services/innereye/.env.sample +++ /dev/null @@ -1,9 +0,0 @@ -# GUID to identify the workspace service -ID=__CHANGE_ME__ - -# GUID to identify the workspace bundle -WORKSPACE_ID="__CHANGE_ME__" - -# Service principal client ID & secret used by the inference service to connect to Azure ML -INFERENCE_SP_CLIENT_ID=__CHANGE_ME__ -INFERENCE_SP_CLIENT_SECRET=__CHANGE_ME__ diff --git a/templates/workspace_services/innereye/Dockerfile.tmpl b/templates/workspace_services/innereye/Dockerfile.tmpl deleted file mode 100644 index dc5d0e0757..0000000000 --- a/templates/workspace_services/innereye/Dockerfile.tmpl +++ /dev/null @@ -1,23 +0,0 @@ -FROM --platform=linux/amd64 debian:bullseye-slim - -# PORTER_INIT - -SHELL ["/bin/bash", "-o", "pipefail", "-c"] - -RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache - -# Git is required for terraform_azurerm_environment_configuration -RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ - apt-get update \ - && apt-get install --no-install-recommends -y git jq curl ca-certificates - -RUN export PORTER_HOME=/home/"${USER}"/.porter \ - && curl -L https://cdn.porter.sh/latest/install-linux.sh | bash \ - && "${PORTER_HOME}"/porter mixin install docker - -ENV PATH /home/$USER/.porter/:$PATH - -# PORTER_MIXINS - -# Use the BUNDLE_DIR build argument to copy files into the bundle -COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/innereye/arm_auth_local_debugging.json b/templates/workspace_services/innereye/arm_auth_local_debugging.json deleted file mode 100755 index 1f2298a92e..0000000000 --- a/templates/workspace_services/innereye/arm_auth_local_debugging.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "schemaVersion": "1.0.0-DRAFT+b6c701f", - "name": "azure", - "created": "2021-06-03T11:31:05.7314113Z", - "modified": "2021-06-03T11:31:05.7314113Z", - "credentials": [ - { - "name": "azure_client_id", - "source": { - "env": "ARM_CLIENT_ID" - } - }, - { - "name": "azure_client_secret", - "source": { - "env": "ARM_CLIENT_SECRET" - } - }, - { - "name": "azure_subscription_id", - "source": { - "env": "ARM_SUBSCRIPTION_ID" - } - }, - { - "name": "azure_tenant_id", - "source": { - "env": "ARM_TENANT_ID" - } - } - ] -} \ No newline at end of file diff --git a/templates/workspace_services/innereye/install_service_azureml.sh b/templates/workspace_services/innereye/install_service_azureml.sh deleted file mode 100755 index 206e8cd52e..0000000000 --- a/templates/workspace_services/innereye/install_service_azureml.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -set -e - -acr_domain_suffix=$(az cloud show --query suffixes.acrLoginServerEndpoint --output tsv) - -porter install tre-service-azureml --reference "${MGMT_ACR_NAME}${acr_domain_suffix}/tre-service-azureml:v0.1.9" \ - --cred ./arm_auth_local_debugging.json \ - --parameter-set ./parameters_service_azureml.json diff --git a/templates/workspace_services/innereye/parameters.json b/templates/workspace_services/innereye/parameters.json deleted file mode 100755 index 54d98bba87..0000000000 --- a/templates/workspace_services/innereye/parameters.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "schemaType": "ParameterSet", - "schemaVersion": "1.0.1", - "namespace": "", - "name": "tre-service-innereye", - "parameters": [ - { - "name": "id", - "source": { - "env": "ID" - } - }, - { - "name": "workspace_id", - "source": { - "env": "WORKSPACE_ID" - } - }, - { - "name": "tre_id", - "source": { - "env": "TRE_ID" - } - }, - { - "name": "mgmt_acr_name", - "source": { - "env": "ACR_NAME" - } - }, - { - "name": "inference_sp_client_id", - "source": { - "env": "INFERENCE_SP_CLIENT_ID" - } - }, - { - "name": "inference_sp_client_secret", - "source": { - "env": "INFERENCE_SP_CLIENT_SECRET" - } - }, - { - "name": "tfstate_container_name", - "source": { - "env": "TERRAFORM_STATE_CONTAINER_NAME" - } - }, - { - "name": "tfstate_resource_group_name", - "source": { - "env": "MGMT_RESOURCE_GROUP_NAME" - } - }, - { - "name": "tfstate_storage_account_name", - "source": { - "env": "MGMT_STORAGE_ACCOUNT_NAME" - } - }, - { - "name": "azure_environment", - "source": { - "env": "AZURE_ENVIRONMENT" - } - }, - { - "name": "arm_environment", - "source": { - "env": "ARM_ENVIRONMENT" - } - } - ] -} diff --git a/templates/workspace_services/innereye/parameters_service_azureml.json b/templates/workspace_services/innereye/parameters_service_azureml.json deleted file mode 100755 index 5d83055130..0000000000 --- a/templates/workspace_services/innereye/parameters_service_azureml.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "schemaVersion": "1.0.1", - "name": "service-azureml", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", - "parameters": [ - { - "name": "id", - "source": { - "env": "ID" - } - }, - { - "name": "workspace_id", - "source": { - "env": "WORKSPACE_ID" - } - }, - { - "name": "tre_id", - "source": { - "env": "TRE_ID" - } - }, - { - "name": "tfstate_container_name", - "source": { - "env": "TERRAFORM_STATE_CONTAINER_NAME" - } - }, - { - "name": "tfstate_resource_group_name", - "source": { - "env": "MGMT_RESOURCE_GROUP_NAME" - } - }, - { - "name": "tfstate_storage_account_name", - "source": { - "env": "MGMT_STORAGE_ACCOUNT_NAME" - } - }, - { - "name": "arm_use_msi", - "source": { - "env": "ARM_USE_MSI" - } - } - ] -} diff --git a/templates/workspace_services/innereye/porter.yaml b/templates/workspace_services/innereye/porter.yaml deleted file mode 100644 index d73973e35e..0000000000 --- a/templates/workspace_services/innereye/porter.yaml +++ /dev/null @@ -1,143 +0,0 @@ ---- -schemaVersion: 1.0.0 -name: tre-service-innereye -version: 0.6.8 -description: "An Azure TRE service for InnerEye Deep Learning" -registry: azuretre -dockerfile: Dockerfile.tmpl - -credentials: - - name: azure_tenant_id - env: ARM_TENANT_ID - - name: azure_subscription_id - env: ARM_SUBSCRIPTION_ID - - name: azure_client_id - env: ARM_CLIENT_ID - - name: azure_client_secret - env: ARM_CLIENT_SECRET - -parameters: - - name: workspace_id - type: string - - name: tre_id - type: string - - name: id - type: string - description: "An Id for this installation" - - name: azure_environment - type: string - default: "AzureCloud" - description: "Used by Azure CLI to set the Azure environment" - - name: inference_sp_client_id - type: string - - name: inference_sp_client_secret - type: string - - name: mgmt_acr_name - type: string - - name: tfstate_resource_group_name - type: string - description: "Resource group containing the Terraform state storage account" - env: MGMT_RESOURCE_GROUP_NAME - - name: tfstate_storage_account_name - type: string - description: "The name of the Terraform state storage account" - env: MGMT_STORAGE_ACCOUNT_NAME - - name: tfstate_container_name - type: string - default: "tfstate" - description: "The name of the Terraform state storage container" - env: TERRAFORM_STATE_CONTAINER_NAME - - name: arm_use_msi - env: ARM_USE_MSI - type: boolean - default: false - - name: arm_environment - env: ARM_ENVIRONMENT - type: string - default: "public" - -mixins: - - exec - - az: - clientVersion: 2.37.0 - extensions: - - azure-firewall - - terraform: - clientVersion: 1.3.6 - -install: - - az: - description: "Set Azure Cloud Environment" - arguments: - - cloud - - set - flags: - name: ${ bundle.parameters.azure_environment } - - az: - description: "az login" - arguments: - - login - flags: - identity: - username: ${ bundle.credentials.azure_client_id} - - az: - description: "acr login" - arguments: - - acr - - login - flags: - name: ${ bundle.parameters.mgmt_acr_name } - - exec: - description: "Install Azure ML service" - command: ./install_service_azureml.sh - - terraform: - description: "Deploy service" - vars: - workspace_id: ${ bundle.parameters.workspace_id } - tre_id: ${ bundle.parameters.tre_id } - tre_resource_id: ${ bundle.parameters.id } - inference_sp_client_id: ${ bundle.parameters.inference_sp_client_id } - inference_sp_client_secret: ${ bundle.parameters.inference_sp_client_secret } - arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - arm_use_msi: ${ bundle.parameters.arm_use_msi } - arm_environment: ${ bundle.parameters.arm_environment } - backendConfig: - use_azuread_auth: "true" - use_oidc: "true" - resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } - storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } - container_name: ${ bundle.parameters.tfstate_container_name } - key: tre-service-innereye-${ bundle.parameters.id } - outputs: - - name: azureml_compute_cluster_name - -upgrade: - - exec: - description: "Upgrade service" - command: echo - arguments: - - "This workspace does not implement upgrade action" - -uninstall: - - terraform: - description: "Tear down workspace" - vars: - workspace_id: ${ bundle.parameters.workspace_id } - tre_id: ${ bundle.parameters.tre_id } - tre_resource_id: ${ bundle.parameters.id } - inference_sp_client_id: ${ bundle.parameters.inference_sp_client_id } - inference_sp_client_secret: ${ bundle.parameters.inference_sp_client_secret } - arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - arm_use_msi: ${ bundle.parameters.arm_use_msi } - arm_environment: ${ bundle.parameters.arm_environment } - backendConfig: - use_azuread_auth: "true" - use_oidc: "true" - resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } - storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } - container_name: ${ bundle.parameters.tfstate_container_name } - key: tre-service-innereye-${ bundle.parameters.id } diff --git a/templates/workspace_services/innereye/template_schema.json b/templates/workspace_services/innereye/template_schema.json deleted file mode 100644 index 65d6e0cf3b..0000000000 --- a/templates/workspace_services/innereye/template_schema.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema", - "$id": "https://github.com/microsoft/AzureTRE/templates/workspace_services/innereye/template_schema.json", - "type": "object", - "title": "InnerEye service template", - "description": "Installs Azure ML and InnerEye components. Please be aware this template opens up additional firewall rules to enable Azure ML to function.", - "required": [], - "properties": { - "inference_sp_client_id": { - "type": "string", - "title": "Service Principal Client ID for AML Access", - "description": "The client id of the service principal used to access the Azure ML workspace", - "default": "" - }, - "inference_sp_client_secret": { - "type": "string", - "title": "Service Principal Client Secret for AML Access", - "description": "The client secret of the service principal used to access the Azure ML workspace", - "default": "" - } - } -} diff --git a/templates/workspace_services/innereye/terraform/.terraform.lock.hcl b/templates/workspace_services/innereye/terraform/.terraform.lock.hcl deleted file mode 100644 index c1f5dc3d58..0000000000 --- a/templates/workspace_services/innereye/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,100 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.112.0" - constraints = "3.112.0" - hashes = [ - "h1:5KSVV/O2eG6ty/3/qpOLQFQqJd96KEPzsTHItslJaMw=", - "zh:341c22454d24a75792aa99fbbc0c156f368534b7bb04eef4701b85995c7526a4", - "zh:3708656d75061c92f7208cc731b946c991ad343a443f8ff0ef082f077b7580b9", - "zh:38ca06f9f45705c648f04f272bd9483397693ea8da6db788cd7955f49ab79d6b", - "zh:3f305adb5ee0032e0ea68d198a089ecfd0127092930e99fa51377a250292b592", - "zh:4ae2fc6065164a819f576f705e634ebf5059f983149a41dad909719fea96145a", - "zh:5d376ac7dd71898a94038d6b6b8036dfec4c0216d832ec1135c855bf3e58eb5f", - "zh:63d2ff296d3aee5787e12c759a6a3d5aa15a574456aebbe11b833f01adf3faef", - "zh:8ad8746741f7f0ac10da6f1d105f26ebeb6e4d944f58ba749e86d7c9a67da3db", - "zh:abec182594ee8a21d72a5f23d3aa7fa45247488539fce6ed648c9c255d8bf972", - "zh:bf704b400be4181333b38c0306949f26326a9aa5ae68b4167e2fb8ee7fb13618", - "zh:c072938f8695f725fc5fbe986a54890f00d520cce570006390dc5bbc51b2a4ea", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/external" { - version = "2.3.4" - hashes = [ - "h1:XWkRZOLKMjci9/JAtE8X8fWOt7A4u+9mgXSUjc4Wuyo=", - "zh:037fd82cd86227359bc010672cd174235e2d337601d4686f526d0f53c87447cb", - "zh:0ea1db63d6173d01f2fa8eb8989f0809a55135a0d8d424b08ba5dabad73095fa", - "zh:17a4d0a306566f2e45778fbac48744b6fd9c958aaa359e79f144c6358cb93af0", - "zh:298e5408ab17fd2e90d2cd6d406c6d02344fe610de5b7dae943a58b958e76691", - "zh:38ecfd29ee0785fd93164812dcbe0664ebbe5417473f3b2658087ca5a0286ecb", - "zh:59f6a6f31acf66f4ea3667a555a70eba5d406c6e6d93c2c641b81d63261eeace", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:ad0279dfd09d713db0c18469f585e58d04748ca72d9ada83883492e0dd13bd58", - "zh:c69f66fd21f5e2c8ecf7ca68d9091c40f19ad913aef21e3ce23836e91b8cbb5f", - "zh:d4a56f8c48aa86fc8e0c233d56850f5783f322d6336f3bf1916e293246b6b5d4", - "zh:f2b394ebd4af33f343835517e80fc876f79361f4688220833bc3c77655dd2202", - "zh:f31982f29f12834e5d21e010856eddd19d59cd8f449adf470655bfd19354377e", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.0" - constraints = "2.4.0" - hashes = [ - "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=", - "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9", - "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf", - "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35", - "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04", - "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406", - "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6", - "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7", - "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2", - "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc", - "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.3" - hashes = [ - "h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=", - "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", - "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", - "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", - "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", - "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", - "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", - "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", - "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", - "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", - "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.4.2" - constraints = "3.4.2" - hashes = [ - "h1:PIIfeOjmPoQRHfMM7MDr7qY3mQqD4F+38Dmq8pjvUUs=", - "zh:1e61d226778aefd01c0e139c0ad709b61e9ae4b33d72301b922bd3d000b76eee", - "zh:3c3295c3d2e9c3f9d60d557ee8faf2a30bd15f59f2c38ed13f50a3220dd027d0", - "zh:6661b4953b875857c3ac99fb1006daf314acebf2d1748045d208ebc8cbc647cd", - "zh:6e1823a349ceea5e4e0c684561473f57c46f73d7c197c39904d031ce6654bfb8", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8f8e6fd15e5228f1935c63d79bf3074f645ddba1350756acfc968b2a05bf85ee", - "zh:939a78da13a7932bd5429f0c77debe907bf9d6c6a26af50fd4d9f32ee16ea5a6", - "zh:995a592acbcde12f0d34ff5c3b74ec7054743315684b72b927bdc0d33e0e7c4d", - "zh:a9f8b88fe365ed9996d3386b415cabb445cf9d6e4b0e0b73f58af3aa31f1fa3d", - "zh:dda7c698cf92170665ca3ac1ccdc2177c0bec4807e69075422ae9d5c5308adbd", - "zh:eff42af6313499db0b3177a82851e0f2d2706e81cab11372d7d3673c41b15b9c", - "zh:fcd6826d4398147314620401a5908dd35c6f2ebac7e7d3a7d77078dbc7c5a0e6", - ] -} diff --git a/templates/workspace_services/innereye/terraform/compute.tf b/templates/workspace_services/innereye/terraform/compute.tf deleted file mode 100644 index 6953569913..0000000000 --- a/templates/workspace_services/innereye/terraform/compute.tf +++ /dev/null @@ -1,62 +0,0 @@ -data "local_file" "deploypl_compute_cluster" { - filename = "${path.module}/nopipcompute/deploypl_compute_cluster.json" -} - -# need to add existing VNET -resource "azurerm_resource_group_template_deployment" "deploy_compute_cluster" { - name = "dpl-${local.service_resource_name_suffix}_deploy_compute_cluster" - resource_group_name = data.azurerm_resource_group.ws.name - tags = local.tre_workspace_service_tags - - template_content = data.local_file.deploypl_compute_cluster.content - - - # these key-value pairs are passed into the ARM Template's `parameters` block - parameters_content = jsonencode({ - "vnet_name" = { - value = data.azurerm_virtual_network.ws.name - }, - "location" = { - value = data.azurerm_resource_group.ws.location - }, - "workspace_name" = { - value = local.aml_workspace_name - }, - "cluster_name" = { - value = local.aml_compute_cluster_name - }, - "subnet_name" = { - value = data.azurerm_subnet.services.name - }, - "admin_username" = { - value = "azureuser" - }, - "admin_user_password" = { - "value" = "DONOTMERGE" - }, - "vm_size_sku" = { - "value" = "Standard_D4_v2" - }, - "min_node_count" = { - "value" = 0 - }, - "max_node_count" = { - "value" = 1 - } - }) - - deployment_mode = "Incremental" - - lifecycle { ignore_changes = [tags] } -} - -data "azurerm_container_registry" "aml" { - name = local.azureml_acr_name - resource_group_name = data.azurerm_resource_group.ws.name -} - -resource "azurerm_role_assignment" "compute_cluster_acr_pull" { - scope = data.azurerm_container_registry.aml.id - role_definition_name = "AcrPull" - principal_id = jsondecode(azurerm_resource_group_template_deployment.deploy_compute_cluster.output_content).cluster_principal_id.value -} diff --git a/templates/workspace_services/innereye/terraform/deploy.sh b/templates/workspace_services/innereye/terraform/deploy.sh deleted file mode 100755 index ce89027c80..0000000000 --- a/templates/workspace_services/innereye/terraform/deploy.sh +++ /dev/null @@ -1,8 +0,0 @@ -export TF_LOG="" -terraform init -input=false -backend=true -reconfigure \ - -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \ - -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \ - -backend-config="container_name=$TF_VAR_terraform_state_container_name" \ - -backend-config="key=tre-service-innereye-${TF_VAR_id}" -terraform plan -terraform apply -auto-approve \ No newline at end of file diff --git a/templates/workspace_services/innereye/terraform/firewall.tf b/templates/workspace_services/innereye/terraform/firewall.tf deleted file mode 100644 index b8c51466e1..0000000000 --- a/templates/workspace_services/innereye/terraform/firewall.tf +++ /dev/null @@ -1,74 +0,0 @@ -data "azurerm_firewall" "fw" { - name = "fw-${var.tre_id}" - resource_group_name = "rg-${var.tre_id}" -} - -locals { - allowed_inner_eye_urls = ["*.anaconda.com", "*.anaconda.org", "binstar-cio-packages-prod.s3.amazonaws.com", "*pythonhosted.org", "github-cloud.githubusercontent.com", "azure.archive.ubuntu.com", "packagecloud.io"] -} - -data "azurerm_client_config" "current" {} -resource "null_resource" "az_login_sp" { - - count = var.arm_use_msi == true ? 0 : 1 - provisioner "local-exec" { - command = "az login --service-principal --username ${var.arm_client_id} --password ${var.arm_client_secret} --tenant ${var.arm_tenant_id}" - } - - triggers = { - timestamp = timestamp() - } - -} - -resource "null_resource" "az_login_msi" { - - count = var.arm_use_msi == true ? 1 : 0 - provisioner "local-exec" { - command = "az login --identity -u '${data.azurerm_client_config.current.client_id}'" - } - - triggers = { - timestamp = timestamp() - } -} - -data "external" "rule_priorities" { - program = ["bash", "-c", "./get_firewall_priorities.sh"] - - query = { - firewall_name = data.azurerm_firewall.fw.name - resource_group_name = data.azurerm_firewall.fw.resource_group_name - collection_name_suffix = "${local.service_resource_name_suffix}-aml" - } - depends_on = [ - null_resource.az_login_sp, - null_resource.az_login_msi - ] -} - -resource "azurerm_firewall_application_rule_collection" "innereyeapprulecollection" { - name = "arc-${local.service_resource_name_suffix}-aml" - azure_firewall_name = data.azurerm_firewall.fw.name - resource_group_name = data.azurerm_firewall.fw.resource_group_name - priority = data.external.rule_priorities.result.application_rule_priority - action = "Allow" - - rule { - name = "allowInnerEyerelated" - - source_addresses = data.azurerm_virtual_network.ws.address_space - - target_fqdns = local.allowed_inner_eye_urls - - - protocol { - port = "443" - type = "Https" - } - protocol { - port = "80" - type = "Http" - } - } -} diff --git a/templates/workspace_services/innereye/terraform/get_firewall_priorities.sh b/templates/workspace_services/innereye/terraform/get_firewall_priorities.sh deleted file mode 100755 index d0511c2e9f..0000000000 --- a/templates/workspace_services/innereye/terraform/get_firewall_priorities.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# shellcheck disable=SC2154 - -set -e - -eval "$(jq -r '@sh "firewall_name=\(.firewall_name) resource_group_name=\(.resource_group_name) collection_name_suffix=\(.collection_name_suffix)"')" - -if NETWORK_RULES=$(az network firewall network-rule list -g "$resource_group_name" -f "$firewall_name" --collection-name "nrc-$collection_name_suffix" -o json); then - NETWORK_RULE_PRIORITY=$(echo "$NETWORK_RULES" | jq '.priority') -else - NETWORK_RULE_MAX_PRIORITY=$(az network firewall network-rule collection list -f "$firewall_name" -g "$resource_group_name" -o json --query "not_null(max_by([],&priority).priority) || $(100)") - NETWORK_RULE_PRIORITY=$((NETWORK_RULE_MAX_PRIORITY + 1)) -fi - -if APPLICATION_RULES=$(az network firewall application-rule list -g "$resource_group_name" -f "$firewall_name" --collection-name "arc-$collection_name_suffix" -o json); then - APPLICATION_RULE_PRIORITY=$(echo "$APPLICATION_RULES" | jq '.priority') -else - APPLICATION_RULE_MAX_PRIORITY=$(az network firewall application-rule collection list -f "$firewall_name" -g "$resource_group_name" -o json --query "not_null(max_by([],&priority).priority) || $(100)") - APPLICATION_RULE_PRIORITY=$((APPLICATION_RULE_MAX_PRIORITY + 1)) -fi - -# Safely produce a JSON object containing the result value. -jq -n --arg network_rule_priority "$NETWORK_RULE_PRIORITY" --arg application_rule_priority "$APPLICATION_RULE_PRIORITY" '{ "network_rule_priority":$network_rule_priority, "application_rule_priority":$application_rule_priority }' diff --git a/templates/workspace_services/innereye/terraform/locals.tf b/templates/workspace_services/innereye/terraform/locals.tf deleted file mode 100644 index 76382b64df..0000000000 --- a/templates/workspace_services/innereye/terraform/locals.tf +++ /dev/null @@ -1,18 +0,0 @@ -# Random unique id - -locals { - short_service_id = substr(var.tre_resource_id, -4, -1) - short_workspace_id = substr(var.workspace_id, -4, -1) - core_resource_group_name = "rg-${var.tre_id}" - workspace_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}" - service_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}-svc-${local.short_service_id}" - aml_workspace_name = lower("ml-${substr(local.service_resource_name_suffix, -30, -1)}") - aml_compute_id = substr("${var.tre_id}${var.workspace_id}${local.short_service_id}", -12, -1) - aml_compute_cluster_name = "cp-${local.aml_compute_id}" - azureml_acr_name = lower(replace("acr${substr(local.service_resource_name_suffix, -8, -1)}", "-", "")) - tre_workspace_service_tags = { - tre_id = var.tre_id - tre_workspace_id = var.workspace_id - tre_workspace_service_id = var.tre_resource_id - } -} diff --git a/templates/workspace_services/innereye/terraform/main.tf b/templates/workspace_services/innereye/terraform/main.tf deleted file mode 100644 index 0855d25ec2..0000000000 --- a/templates/workspace_services/innereye/terraform/main.tf +++ /dev/null @@ -1,72 +0,0 @@ -# Azure Provider source and version being used -terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "=3.112.0" - } - random = { - source = "hashicorp/random" - version = "=3.4.2" - } - local = { - source = "hashicorp/local" - version = "=2.4.0" - } - external = { - source = "hashicorp/external" - version = "~> 2.3" - } - null = { - source = "hashicorp/null" - version = "~> 3.2" - } - } - backend "azurerm" { - } -} - - -provider "azurerm" { - features { - key_vault { - # Don't purge on destroy (this would fail due to purge protection being enabled on keyvault) - purge_soft_delete_on_destroy = false - purge_soft_deleted_secrets_on_destroy = false - purge_soft_deleted_certificates_on_destroy = false - purge_soft_deleted_keys_on_destroy = false - # When recreating an environment, recover any previously soft deleted secrets - set to true by default - recover_soft_deleted_key_vaults = true - recover_soft_deleted_secrets = true - recover_soft_deleted_certificates = true - recover_soft_deleted_keys = true - } - } - storage_use_azuread = true -} - -module "terraform_azurerm_environment_configuration" { - source = "git::https://github.com/microsoft/terraform-azurerm-environment-configuration.git?ref=0.2.0" - arm_environment = var.arm_environment -} - -data "azurerm_resource_group" "ws" { - name = "rg-${local.workspace_resource_name_suffix}" -} - -data "azurerm_virtual_network" "ws" { - name = "vnet-${local.workspace_resource_name_suffix}" - resource_group_name = data.azurerm_resource_group.ws.name -} - -data "azurerm_subnet" "web_apps" { - name = "WebAppsSubnet" - virtual_network_name = data.azurerm_virtual_network.ws.name - resource_group_name = data.azurerm_virtual_network.ws.resource_group_name -} - -data "azurerm_subnet" "services" { - name = "ServicesSubnet" - virtual_network_name = data.azurerm_virtual_network.ws.name - resource_group_name = data.azurerm_virtual_network.ws.resource_group_name -} diff --git a/templates/workspace_services/innereye/terraform/nopipcompute/deploypl_compute_cluster.json b/templates/workspace_services/innereye/terraform/nopipcompute/deploypl_compute_cluster.json deleted file mode 100644 index 9f408dfb73..0000000000 --- a/templates/workspace_services/innereye/terraform/nopipcompute/deploypl_compute_cluster.json +++ /dev/null @@ -1,83 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "vnet_name": { - "type": "String" - }, - "location": { - "type": "String", - "metadata": { - "description": "Specifies the location for all resources." - } - }, - "workspace_name": { - "type": "String" - }, - "cluster_name": { - "type": "String" - }, - "subnet_name": { - "type": "String" - }, - "admin_username": { - "type": "String", - "defaultValue": "azureuser" - }, - "admin_user_password": { - "type": "SecureString" - }, - "vm_size_sku": { - "type": "String", - "defaultValue": "Standard_ND24s" - }, - "min_node_count": { - "type": "Int", - "defaultValue": 0 - }, - "max_node_count": { - "type": "Int" - } - }, - "variables": {}, - "resources": [ - { - "type": "Microsoft.MachineLearningServices/workspaces/computes", - "apiVersion": "2021-01-01", - "name": "[concat(parameters('workspace_name'),'/',parameters('cluster_name'))]", - "location": "[parameters('location')]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "computeType": "AmlCompute", - "computeLocation": "[parameters('location')]", - "properties": { - "vmSize": "[parameters('vm_size_sku')]", - "vmPriority": "Dedicated", - "scaleSettings": { - "minNodeCount": "[parameters('min_node_count')]", - "maxNodeCount": "[parameters('max_node_count')]" - }, - "userAccountCredentials": { - "adminUserName": "[parameters('admin_username')]", - "adminUserPassword": "[parameters('admin_user_password')]" - }, - "remoteLoginPortPublicAccess": "Enabled", - "enableNodePublicIp": false, - "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnet_name'), parameters('subnet_name'))]" - } - } - } - } - ], - "outputs": { - - "cluster_principal_id": { - "value": "[reference(resourceId('Microsoft.MachineLearningServices/workspaces/computes', parameters('workspace_name'),parameters('cluster_name')),'2020-05-15-preview', 'Full').identity.principalId]", - "type": "String" - } - - } -} diff --git a/templates/workspace_services/innereye/terraform/upgrade.sh b/templates/workspace_services/innereye/terraform/upgrade.sh deleted file mode 100644 index 9bf7c5612b..0000000000 --- a/templates/workspace_services/innereye/terraform/upgrade.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -set -e - -# This script is used to install the bundle directly without having to interact with Porter - -# This script assumes you have created an .env from the sample and the variables -# will come from there. -# shellcheck disable=SC2154 -terraform init -upgrade -reconfigure -input=false -backend=true \ - -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \ - -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \ - -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \ - -backend-config="key=tre-service-innereye-${TF_VAR_id}" diff --git a/templates/workspace_services/innereye/terraform/variables.tf b/templates/workspace_services/innereye/terraform/variables.tf deleted file mode 100644 index e3e825896d..0000000000 --- a/templates/workspace_services/innereye/terraform/variables.tf +++ /dev/null @@ -1,30 +0,0 @@ -variable "workspace_id" { - type = string -} -variable "tre_id" { - type = string -} -variable "tre_resource_id" { - type = string -} -variable "arm_tenant_id" { - type = string -} -variable "arm_client_id" { - type = string -} -variable "arm_client_secret" { - type = string -} -variable "arm_use_msi" { - type = bool -} -variable "inference_sp_client_id" { - type = string -} -variable "inference_sp_client_secret" { - type = string -} -variable "arm_environment" { - type = string -} diff --git a/templates/workspace_services/innereye/terraform/web_app.tf b/templates/workspace_services/innereye/terraform/web_app.tf deleted file mode 100644 index 137d61a649..0000000000 --- a/templates/workspace_services/innereye/terraform/web_app.tf +++ /dev/null @@ -1,84 +0,0 @@ -data "azurerm_app_service_plan" "workspace" { - name = "plan-${var.workspace_id}" - resource_group_name = data.azurerm_resource_group.ws.name -} - - -resource "random_uuid" "inference_auth_key" { -} - -resource "azurerm_app_service" "inference" { - name = "app-inf-${local.service_resource_name_suffix}" - location = data.azurerm_resource_group.ws.location - resource_group_name = data.azurerm_resource_group.ws.name - app_service_plan_id = data.azurerm_app_service_plan.workspace.id - https_only = true - tags = local.tre_workspace_service_tags - - site_config { - always_on = true - http2_enabled = true - } - - app_settings = { - "WEBSITE_VNET_ROUTE_ALL" = "1" - "WEBSITE_DNS_SERVER" = "168.63.129.16" - "SCM_DO_BUILD_DURING_DEPLOYMENT" = "True" - - "APPLICATION_ID" = var.inference_sp_client_id - "CLUSTER" = local.aml_compute_cluster_name - "WORKSPACE_NAME" = local.aml_workspace_name - "EXPERIMENT_NAME" = "main" - "RESOURCE_GROUP" = data.azurerm_resource_group.ws.name - "SUBSCRIPTION_ID" = data.azurerm_client_config.current.subscription_id - "TENANT_ID" = data.azurerm_client_config.current.tenant_id - "DATASTORE_NAME" = "inferencedatastore" - "IMAGE_DATA_FOLDER" = "imagedata" - } - - connection_string { - name = "AZUREML_SERVICE_PRINCIPAL_SECRET" - type = "Custom" - value = var.inference_sp_client_secret - } - - connection_string { - name = "API_AUTH_SECRET" - type = "Custom" - value = random_uuid.inference_auth_key.result - } - - lifecycle { ignore_changes = [tags] } -} - -resource "azurerm_app_service_virtual_network_swift_connection" "inference" { - app_service_id = azurerm_app_service.inference.id - subnet_id = data.azurerm_subnet.web_apps.id -} - -data "azurerm_private_dns_zone" "azurewebsites" { - name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] - resource_group_name = local.core_resource_group_name -} - -resource "azurerm_private_endpoint" "inference" { - name = "pe-inference-${local.service_resource_name_suffix}" - location = data.azurerm_resource_group.ws.location - resource_group_name = data.azurerm_resource_group.ws.name - subnet_id = data.azurerm_subnet.services.id - tags = local.tre_workspace_service_tags - - private_service_connection { - private_connection_resource_id = azurerm_app_service.inference.id - name = "psc-inference-${local.service_resource_name_suffix}" - subresource_names = ["sites"] - is_manual_connection = false - } - - private_dns_zone_group { - name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] - private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] - } - - lifecycle { ignore_changes = [tags] } -} diff --git a/templates/workspace_services/mlflow/.dockerignore b/templates/workspace_services/mlflow/.dockerignore deleted file mode 100644 index 4bd78efa64..0000000000 --- a/templates/workspace_services/mlflow/.dockerignore +++ /dev/null @@ -1,7 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# TF backend files -**/*_backend.tf - -Dockerfile.tmpl diff --git a/templates/workspace_services/mlflow/Dockerfile.tmpl b/templates/workspace_services/mlflow/Dockerfile.tmpl deleted file mode 100644 index c584174140..0000000000 --- a/templates/workspace_services/mlflow/Dockerfile.tmpl +++ /dev/null @@ -1,15 +0,0 @@ -# syntax=docker/dockerfile-upstream:1.4.0 -FROM --platform=linux/amd64 debian:bullseye-slim - -# PORTER_INIT - -RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache - -# Git is required for terraform_azurerm_environment_configuration -RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ - apt-get update && apt-get install -y git --no-install-recommends - -# PORTER_MIXINS - -# Use the BUNDLE_DIR build argument to copy files into the bundle -COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/mlflow/azure.json b/templates/workspace_services/mlflow/azure.json deleted file mode 100644 index cdc4c1365c..0000000000 --- a/templates/workspace_services/mlflow/azure.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "schemaVersion": "1.0.0-DRAFT+b6c701f", - "name": "azure", - "created": "2021-06-03T11:31:05.7314113Z", - "modified": "2021-06-03T11:31:05.7314113Z", - "credentials": [ - { - "name": "azure_client_id", - "source": { - "env": "ARM_CLIENT_ID" - } - }, - { - "name": "azure_client_secret", - "source": { - "env": "ARM_CLIENT_SECRET" - } - }, - { - "name": "azure_subscription_id", - "source": { - "env": "ARM_SUBSCRIPTION_ID" - } - }, - { - "name": "azure_tenant_id", - "source": { - "env": "ARM_TENANT_ID" - } - } - ] -} diff --git a/templates/workspace_services/mlflow/mlflow-server/docker/Dockerfile b/templates/workspace_services/mlflow/mlflow-server/docker/Dockerfile deleted file mode 100644 index 839b35fe0c..0000000000 --- a/templates/workspace_services/mlflow/mlflow-server/docker/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM python:3.8-bullseye - -# Install MLflow Python Packages -RUN pip install --no-cache-dir psycopg2==2.9.5 mlflow==2.0.1 azure-storage-blob==12.14.1 - -RUN apt-get update \ - && apt-get install openssh-server -y --no-install-recommends \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* - -# define default server env variables -ENV MLFLOW_SERVER_HOST 0.0.0.0 -ENV MLFLOW_SERVER_PORT 5000 -ENV MLFLOW_SERVER_WORKERS 1 - -COPY ./docker/sshd_config /etc/ssh/ -COPY ./docker/startup.sh /usr/local/bin/ - -EXPOSE 5000 2222 -ENTRYPOINT ["sh", "/usr/local/bin/startup.sh"] diff --git a/templates/workspace_services/mlflow/mlflow-server/docker/sshd_config b/templates/workspace_services/mlflow/mlflow-server/docker/sshd_config deleted file mode 100644 index 2fa7f89a2d..0000000000 --- a/templates/workspace_services/mlflow/mlflow-server/docker/sshd_config +++ /dev/null @@ -1,19 +0,0 @@ -# This is ssh server systemwide configuration file -# -# /etc/sshd_config - -Port 2222 -ListenAddress 0.0.0.0 -LoginGraceTime 180 -X11Forwarding yes -Ciphers aes128-cbc,3des-cbc,aes256-cbc -MACs hmac-sha1,hmac-sha1-96 -StrictModes yes -SyslogFacility DAEMON -PrintMotd no -IgnoreRhosts no -RhostsRSAAuthentication yes -RSAAuthentication no -PasswordAuthentication yes -PermitEmptyPasswords no -PermitRootLogin yes diff --git a/templates/workspace_services/mlflow/mlflow-server/docker/startup.sh b/templates/workspace_services/mlflow/mlflow-server/docker/startup.sh deleted file mode 100644 index 04cea200bf..0000000000 --- a/templates/workspace_services/mlflow/mlflow-server/docker/startup.sh +++ /dev/null @@ -1,6 +0,0 @@ -mlflow server \ - --backend-store-uri "$MLFLOW_SERVER_FILE_STORE" \ - --default-artifact-root "$MLFLOW_SERVER_DEFAULT_ARTIFACT_ROOT" \ - --host "$MLFLOW_SERVER_HOST" \ - --port "$MLFLOW_SERVER_PORT" \ - --workers "$MLFLOW_SERVER_WORKERS" diff --git a/templates/workspace_services/mlflow/mlflow-server/version.txt b/templates/workspace_services/mlflow/mlflow-server/version.txt deleted file mode 100644 index 6a9beea82f..0000000000 --- a/templates/workspace_services/mlflow/mlflow-server/version.txt +++ /dev/null @@ -1 +0,0 @@ -__version__ = "0.4.0" diff --git a/templates/workspace_services/mlflow/mlflow-vm-config/linux/config.sh b/templates/workspace_services/mlflow/mlflow-vm-config/linux/config.sh deleted file mode 100644 index b2c7c7f142..0000000000 --- a/templates/workspace_services/mlflow/mlflow-vm-config/linux/config.sh +++ /dev/null @@ -1 +0,0 @@ -# This file will be auto populated by Terraform during deployment diff --git a/templates/workspace_services/mlflow/mlflow-vm-config/linux/template_config.sh b/templates/workspace_services/mlflow/mlflow-vm-config/linux/template_config.sh deleted file mode 100644 index 57cd308321..0000000000 --- a/templates/workspace_services/mlflow/mlflow-vm-config/linux/template_config.sh +++ /dev/null @@ -1,4 +0,0 @@ -export AZURE_STORAGE_CONNECTION_STRING="${MLFlow_Connection_String}" -pip install mlflow==1.24.0 -pip install azure-storage-blob==12.10.0 -pip install azure-identity==1.8.0 diff --git a/templates/workspace_services/mlflow/mlflow-vm-config/windows/config.ps1 b/templates/workspace_services/mlflow/mlflow-vm-config/windows/config.ps1 deleted file mode 100644 index b2c7c7f142..0000000000 --- a/templates/workspace_services/mlflow/mlflow-vm-config/windows/config.ps1 +++ /dev/null @@ -1 +0,0 @@ -# This file will be auto populated by Terraform during deployment diff --git a/templates/workspace_services/mlflow/mlflow-vm-config/windows/template_config.ps1 b/templates/workspace_services/mlflow/mlflow-vm-config/windows/template_config.ps1 deleted file mode 100644 index 12f3df3c28..0000000000 --- a/templates/workspace_services/mlflow/mlflow-vm-config/windows/template_config.ps1 +++ /dev/null @@ -1,4 +0,0 @@ -[Environment]::SetEnvironmentVariable("AZURE_STORAGE_CONNECTION_STRING", "${MLFlow_Connection_String}", "Machine") -pip install mlflow==1.24.0 -pip install azure-storage-blob==12.10.0 -pip install azure-identity==1.8.0 diff --git a/templates/workspace_services/mlflow/parameters.json b/templates/workspace_services/mlflow/parameters.json deleted file mode 100644 index 28fe205798..0000000000 --- a/templates/workspace_services/mlflow/parameters.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "schemaType": "ParameterSet", - "schemaVersion": "1.0.1", - "namespace": "", - "name": "tre-service-mlflow", - "parameters": [ - { - "name": "workspace_id", - "source": { - "env": "WORKSPACE_ID" - } - }, - { - "name": "tre_id", - "source": { - "env": "TRE_ID" - } - }, - { - "name": "id", - "source": { - "env": "ID" - } - }, - { - "name": "mgmt_acr_name", - "source": { - "env": "ACR_NAME" - } - }, - { - "name": "mgmt_resource_group_name", - "source": { - "env": "MGMT_RESOURCE_GROUP_NAME" - } - }, - { - "name": "tfstate_container_name", - "source": { - "env": "TERRAFORM_STATE_CONTAINER_NAME" - } - }, - { - "name": "tfstate_resource_group_name", - "source": { - "env": "MGMT_RESOURCE_GROUP_NAME" - } - }, - { - "name": "tfstate_storage_account_name", - "source": { - "env": "MGMT_STORAGE_ACCOUNT_NAME" - } - }, - { - "name": "arm_environment", - "source": { - "env": "ARM_ENVIRONMENT" - } - } - ] -} diff --git a/templates/workspace_services/mlflow/porter.yaml b/templates/workspace_services/mlflow/porter.yaml deleted file mode 100644 index 5ed3a26e58..0000000000 --- a/templates/workspace_services/mlflow/porter.yaml +++ /dev/null @@ -1,138 +0,0 @@ ---- -schemaVersion: 1.0.0 -name: tre-service-mlflow -version: 0.8.0 -description: "An Azure TRE service for MLflow machine learning lifecycle" -dockerfile: Dockerfile.tmpl -registry: azuretre - -custom: - runtime_image: - name: mlflow-server - build: - version_file: mlflow-server/version.txt - docker_file: mlflow-server/docker/Dockerfile - docker_context: mlflow-server - -credentials: - - name: azure_tenant_id - env: ARM_TENANT_ID - - name: azure_subscription_id - env: ARM_SUBSCRIPTION_ID - - name: azure_client_id - env: ARM_CLIENT_ID - - name: azure_client_secret - env: ARM_CLIENT_SECRET - -parameters: - - name: workspace_id - type: string - - name: tre_id - type: string - - name: id - type: string - description: "Resource ID for this installation" - - name: mgmt_acr_name - type: string - env: mgmt_acr_name - description: "The devops ACR name" - - name: mgmt_resource_group_name - type: string - description: "Resource group containing the devops ACR" - env: MGMT_RESOURCE_GROUP_NAME - - name: tfstate_resource_group_name - type: string - description: "Resource group containing the Terraform state storage account" - - name: tfstate_storage_account_name - type: string - description: "The name of the Terraform state storage account" - - name: tfstate_container_name - env: tfstate_container_name - type: string - default: "tfstate" - description: "The name of the Terraform state storage container" - - name: arm_use_msi - env: ARM_USE_MSI - type: boolean - default: false - - name: arm_environment - env: ARM_ENVIRONMENT - type: string - default: "public" - -outputs: - - name: connection_uri - type: string - applyTo: - - install - - upgrade - - name: is_exposed_externally - type: boolean - applyTo: - - install - - upgrade - -mixins: - - exec - - terraform: - clientVersion: 1.3.6 - -install: - - terraform: - description: "Deploy workspace service" - vars: - workspace_id: ${ bundle.parameters.workspace_id } - tre_id: ${ bundle.parameters.tre_id } - tre_resource_id: ${ bundle.parameters.id } - mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } - mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } - arm_environment: ${ bundle.parameters.arm_environment } - backendConfig: - use_azuread_auth: "true" - use_oidc: "true" - resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } - storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } - container_name: ${ bundle.parameters.tfstate_container_name } - key: tre-service-mlflow-${ bundle.parameters.id } - outputs: - - name: connection_uri - - name: is_exposed_externally - -upgrade: - - terraform: - description: "Deploy workspace service" - vars: - workspace_id: ${ bundle.parameters.workspace_id } - tre_id: ${ bundle.parameters.tre_id } - tre_resource_id: ${ bundle.parameters.id } - mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } - mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } - arm_environment: ${ bundle.parameters.arm_environment } - backendConfig: - use_azuread_auth: "true" - use_oidc: "true" - resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } - storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } - container_name: ${ bundle.parameters.tfstate_container_name } - key: tre-service-mlflow-${ bundle.parameters.id } - outputs: - - name: connection_uri - - name: is_exposed_externally - -uninstall: - - terraform: - description: "Tear down workspace service" - vars: - workspace_id: ${ bundle.parameters.workspace_id } - tre_id: ${ bundle.parameters.tre_id } - tre_resource_id: ${ bundle.parameters.id } - mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } - mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } - arm_environment: ${ bundle.parameters.arm_environment } - backendConfig: - use_azuread_auth: "true" - use_oidc: "true" - resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } - storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } - container_name: ${ bundle.parameters.tfstate_container_name } - key: tre-service-mlflow-${ bundle.parameters.id } diff --git a/templates/workspace_services/mlflow/template_schema.json b/templates/workspace_services/mlflow/template_schema.json deleted file mode 100644 index c2eb426291..0000000000 --- a/templates/workspace_services/mlflow/template_schema.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema", - "$id": "https://github.com/microsoft/AzureTRE/templates/workspace_services/mlflow/template_schema.json", - "type": "object", - "title": "MLflow", - "description": "MLflow server to manage machine learning lifecycle.", - "required": [], - "properties": { - "display_name": { - "type": "string", - "title": "Name for the workspace service", - "description": "The name of the workspace service to be displayed to users", - "default": "MLflow", - "updateable": true - }, - "description": { - "type": "string", - "title": "Description of the workspace service", - "description": "Description of the workspace service", - "default": "MLflow is an open source platform to manage the ML lifecycle, including experimentation, reproducibility, deployment, and a central model registry.", - "updateable": true - }, - "overview": { - "type": "string", - "title": "Workspace Service Overview", - "description": "Long form description of the workspace service, in markdown syntax", - "default": "MLflow is an open source platform to manage the ML lifecycle, including experimentation, reproducibility, deployment, and a central model registry. Documentation can be found here: [https://mlflow.org/docs/latest/index.html](https://mlflow.org/docs/latest/index.html)" - }, - "is_exposed_externally": { - "$id": "#/properties/is_exposed_externally", - "type": "boolean", - "title": "Expose externally", - "description": "Is MLflow accessible from outside of the workspace network.", - "default": false - } - }, - "uiSchema": { - "is_exposed_externally": { - "classNames": "tre-hidden" - } - } -} diff --git a/templates/workspace_services/mlflow/terraform/.terraform.lock.hcl b/templates/workspace_services/mlflow/terraform/.terraform.lock.hcl deleted file mode 100644 index c5a68211eb..0000000000 --- a/templates/workspace_services/mlflow/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,80 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.112.0" - constraints = "3.112.0" - hashes = [ - "h1:5KSVV/O2eG6ty/3/qpOLQFQqJd96KEPzsTHItslJaMw=", - "zh:341c22454d24a75792aa99fbbc0c156f368534b7bb04eef4701b85995c7526a4", - "zh:3708656d75061c92f7208cc731b946c991ad343a443f8ff0ef082f077b7580b9", - "zh:38ca06f9f45705c648f04f272bd9483397693ea8da6db788cd7955f49ab79d6b", - "zh:3f305adb5ee0032e0ea68d198a089ecfd0127092930e99fa51377a250292b592", - "zh:4ae2fc6065164a819f576f705e634ebf5059f983149a41dad909719fea96145a", - "zh:5d376ac7dd71898a94038d6b6b8036dfec4c0216d832ec1135c855bf3e58eb5f", - "zh:63d2ff296d3aee5787e12c759a6a3d5aa15a574456aebbe11b833f01adf3faef", - "zh:8ad8746741f7f0ac10da6f1d105f26ebeb6e4d944f58ba749e86d7c9a67da3db", - "zh:abec182594ee8a21d72a5f23d3aa7fa45247488539fce6ed648c9c255d8bf972", - "zh:bf704b400be4181333b38c0306949f26326a9aa5ae68b4167e2fb8ee7fb13618", - "zh:c072938f8695f725fc5fbe986a54890f00d520cce570006390dc5bbc51b2a4ea", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.2.3" - constraints = "2.2.3" - hashes = [ - "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=", - "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0", - "zh:6484f1b3e9e3771eb7cc8e8bab8b35f939a55d550b3f4fb2ab141a24269ee6aa", - "zh:78a56d59a013cb0f7eb1c92815d6eb5cf07f8b5f0ae20b96d049e73db915b238", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8aa9950f4c4db37239bcb62e19910c49e47043f6c8587e5b0396619923657797", - "zh:996beea85f9084a725ff0e6473a4594deb5266727c5f56e9c1c7c62ded6addbb", - "zh:9a7ef7a21f48fabfd145b2e2a4240ca57517ad155017e86a30860d7c0c109de3", - "zh:a63e70ac052aa25120113bcddd50c1f3cfe61f681a93a50cea5595a4b2cc3e1c", - "zh:a6e8d46f94108e049ad85dbed60354236dc0b9b5ec8eabe01c4580280a43d3b8", - "zh:bb112ce7efbfcfa0e65ed97fa245ef348e0fd5bfa5a7e4ab2091a9bd469f0a9e", - "zh:d7bec0da5c094c6955efed100f3fe22fca8866859f87c025be1760feb174d6d9", - "zh:fb9f271b72094d07cef8154cd3d50e9aa818a0ea39130bc193132ad7b23076fd", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.4.2" - constraints = "3.4.2" - hashes = [ - "h1:PIIfeOjmPoQRHfMM7MDr7qY3mQqD4F+38Dmq8pjvUUs=", - "zh:1e61d226778aefd01c0e139c0ad709b61e9ae4b33d72301b922bd3d000b76eee", - "zh:3c3295c3d2e9c3f9d60d557ee8faf2a30bd15f59f2c38ed13f50a3220dd027d0", - "zh:6661b4953b875857c3ac99fb1006daf314acebf2d1748045d208ebc8cbc647cd", - "zh:6e1823a349ceea5e4e0c684561473f57c46f73d7c197c39904d031ce6654bfb8", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8f8e6fd15e5228f1935c63d79bf3074f645ddba1350756acfc968b2a05bf85ee", - "zh:939a78da13a7932bd5429f0c77debe907bf9d6c6a26af50fd4d9f32ee16ea5a6", - "zh:995a592acbcde12f0d34ff5c3b74ec7054743315684b72b927bdc0d33e0e7c4d", - "zh:a9f8b88fe365ed9996d3386b415cabb445cf9d6e4b0e0b73f58af3aa31f1fa3d", - "zh:dda7c698cf92170665ca3ac1ccdc2177c0bec4807e69075422ae9d5c5308adbd", - "zh:eff42af6313499db0b3177a82851e0f2d2706e81cab11372d7d3673c41b15b9c", - "zh:fcd6826d4398147314620401a5908dd35c6f2ebac7e7d3a7d77078dbc7c5a0e6", - ] -} - -provider "registry.terraform.io/hashicorp/template" { - version = "2.2.0" - constraints = ">= 2.2.0" - hashes = [ - "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", - "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", - "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", - "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", - "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", - "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", - "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", - "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", - "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", - "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", - "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", - ] -} diff --git a/templates/workspace_services/mlflow/terraform/data.tf b/templates/workspace_services/mlflow/terraform/data.tf deleted file mode 100644 index 702e3d13f5..0000000000 --- a/templates/workspace_services/mlflow/terraform/data.tf +++ /dev/null @@ -1,29 +0,0 @@ -data "azurerm_storage_share" "shared_storage" { - name = local.shared_storage_share - storage_account_name = local.storage_name -} - -data "template_file" "mlflow_windows_config" { - template = file("${path.module}/../mlflow-vm-config/windows/template_config.ps1") - vars = { - MLFlow_Connection_String = data.azurerm_storage_account.mlflow.primary_connection_string - } -} - -data "template_file" "mlflow_linux_config" { - template = file("${path.module}/../mlflow-vm-config/linux/template_config.sh") - vars = { - MLFlow_Connection_String = data.azurerm_storage_account.mlflow.primary_connection_string - } -} - -data "local_file" "version" { - filename = "${path.module}/../mlflow-server/version.txt" -} - -data "azurerm_monitor_diagnostic_categories" "mlflow" { - resource_id = azurerm_linux_web_app.mlflow.id - depends_on = [ - azurerm_linux_web_app.mlflow - ] -} diff --git a/templates/workspace_services/mlflow/terraform/deploy.sh b/templates/workspace_services/mlflow/terraform/deploy.sh deleted file mode 100644 index 5a8b9fb8ee..0000000000 --- a/templates/workspace_services/mlflow/terraform/deploy.sh +++ /dev/null @@ -1,10 +0,0 @@ -export TF_LOG="" - -terraform init -input=false -backend=true -reconfigure -upgrade \ - -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \ - -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \ - -backend-config="container_name=$TF_VAR_terraform_state_container_name" \ - -backend-config="key=tre-service-mlflow-$TF_VAR_ID" - -terraform plan -out tfplan -terraform apply tfplan -auto-approve diff --git a/templates/workspace_services/mlflow/terraform/locals.tf b/templates/workspace_services/mlflow/terraform/locals.tf deleted file mode 100644 index 3fd2d2d8c5..0000000000 --- a/templates/workspace_services/mlflow/terraform/locals.tf +++ /dev/null @@ -1,25 +0,0 @@ -locals { - short_service_id = substr(var.tre_resource_id, -4, -1) - short_workspace_id = substr(var.workspace_id, -4, -1) - core_resource_group_name = "rg-${var.tre_id}" - workspace_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}" - service_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}-svc-${local.short_service_id}" - webapp_name = "mlflow-${local.service_resource_name_suffix}" - postgresql_server_name = "mlflow-${local.service_resource_name_suffix}" - keyvault_name = lower("kv-${substr(local.workspace_resource_name_suffix, -20, -1)}") - storage_name = lower(replace("stg${substr(local.workspace_resource_name_suffix, -8, -1)}", "-", "")) - shared_storage_share = "vm-shared-storage" - mlflow_artefacts_container_name = "mlartefacts" - image_name = "mlflow-server" - image_tag = replace(replace(replace(data.local_file.version.content, "__version__ = \"", ""), "\"", ""), "\n", "") - tre_workspace_service_tags = { - tre_id = var.tre_id - tre_workspace_id = var.workspace_id - tre_workspace_service_id = var.tre_resource_id - } - web_app_diagnostic_categories_enabled = [ - "AppServiceHTTPLogs", "AppServiceConsoleLogs", "AppServiceAppLogs", - "AppServiceAuditLogs", "AppServiceIPSecAuditLogs", "AppServicePlatformLogs", "AppServiceAntivirusScanAuditLogs" - ] - identity_name = "id-${local.webapp_name}" -} diff --git a/templates/workspace_services/mlflow/terraform/main.tf b/templates/workspace_services/mlflow/terraform/main.tf deleted file mode 100644 index 993ac2a0a1..0000000000 --- a/templates/workspace_services/mlflow/terraform/main.tf +++ /dev/null @@ -1,102 +0,0 @@ -terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "=3.112.0" - } - random = { - source = "hashicorp/random" - version = "=3.4.2" - } - local = { - source = "hashicorp/local" - version = "=2.2.3" - } - template = { - source = "hashicorp/template" - version = ">= 2.2" - } - } - - backend "azurerm" { - } -} - -provider "azurerm" { - features { - key_vault { - # Don't purge on destroy (this would fail due to purge protection being enabled on keyvault) - purge_soft_delete_on_destroy = false - purge_soft_deleted_secrets_on_destroy = false - purge_soft_deleted_certificates_on_destroy = false - purge_soft_deleted_keys_on_destroy = false - # When recreating an environment, recover any previously soft deleted secrets - set to true by default - recover_soft_deleted_key_vaults = true - recover_soft_deleted_secrets = true - recover_soft_deleted_certificates = true - recover_soft_deleted_keys = true - } - } - storage_use_azuread = true -} - -module "terraform_azurerm_environment_configuration" { - source = "git::https://github.com/microsoft/terraform-azurerm-environment-configuration.git?ref=0.2.0" - arm_environment = var.arm_environment -} - -data "azurerm_resource_group" "ws" { - name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" -} - -data "azurerm_virtual_network" "ws" { - name = "vnet-${var.tre_id}-ws-${local.short_workspace_id}" - resource_group_name = data.azurerm_resource_group.ws.name -} - -data "azurerm_subnet" "web_apps" { - name = "WebAppsSubnet" - virtual_network_name = data.azurerm_virtual_network.ws.name - resource_group_name = data.azurerm_virtual_network.ws.resource_group_name -} - -data "azurerm_subnet" "services" { - name = "ServicesSubnet" - virtual_network_name = data.azurerm_virtual_network.ws.name - resource_group_name = data.azurerm_virtual_network.ws.resource_group_name -} - -data "azurerm_key_vault" "ws" { - name = local.keyvault_name - resource_group_name = data.azurerm_resource_group.ws.name -} - -data "azurerm_service_plan" "workspace" { - name = "plan-${var.workspace_id}" - resource_group_name = data.azurerm_resource_group.ws.name -} - -data "azurerm_log_analytics_workspace" "tre" { - name = "log-${var.tre_id}" - resource_group_name = local.core_resource_group_name -} - -data "azurerm_container_registry" "mgmt_acr" { - name = var.mgmt_acr_name - resource_group_name = var.mgmt_resource_group_name -} - -data "azurerm_storage_account" "mlflow" { - name = local.storage_name - resource_group_name = data.azurerm_resource_group.ws.name -} - -data "azurerm_private_dns_zone" "azurewebsites" { - name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] - resource_group_name = local.core_resource_group_name -} - -data "azurerm_private_dns_zone" "postgres" { - name = module.terraform_azurerm_environment_configuration.private_links["privatelink.postgres.database.azure.com"] - resource_group_name = local.core_resource_group_name -} diff --git a/templates/workspace_services/mlflow/terraform/outputs.tf b/templates/workspace_services/mlflow/terraform/outputs.tf deleted file mode 100644 index b683df702b..0000000000 --- a/templates/workspace_services/mlflow/terraform/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "connection_uri" { - value = "https://${azurerm_linux_web_app.mlflow.default_hostname}" -} - -output "is_exposed_externally" { - value = false -} diff --git a/templates/workspace_services/mlflow/terraform/postgresql.tf b/templates/workspace_services/mlflow/terraform/postgresql.tf deleted file mode 100644 index a71d4acb7a..0000000000 --- a/templates/workspace_services/mlflow/terraform/postgresql.tf +++ /dev/null @@ -1,93 +0,0 @@ -resource "random_string" "username" { - length = 10 - upper = true - lower = true - numeric = false - min_lower = 1 - special = false -} - -resource "random_password" "password" { - length = 16 - lower = true - min_lower = 1 - upper = true - min_upper = 1 - numeric = true - min_numeric = 1 - special = true - min_special = 1 - override_special = "_%$" -} - -resource "azurerm_key_vault_secret" "postgresql_admin_username" { - name = "${local.postgresql_server_name}-admin-username" - value = random_string.username.result - key_vault_id = data.azurerm_key_vault.ws.id - tags = local.tre_workspace_service_tags - - lifecycle { ignore_changes = [tags] } -} - -resource "azurerm_key_vault_secret" "postgresql_admin_password" { - name = "${local.postgresql_server_name}-admin-password" - value = random_password.password.result - key_vault_id = data.azurerm_key_vault.ws.id - tags = local.tre_workspace_service_tags - - lifecycle { ignore_changes = [tags] } -} - -resource "azurerm_postgresql_server" "mlflow" { - name = local.postgresql_server_name - location = data.azurerm_resource_group.ws.location - resource_group_name = data.azurerm_resource_group.ws.name - tags = local.tre_workspace_service_tags - - administrator_login = random_string.username.result - administrator_login_password = random_password.password.result - - sku_name = "GP_Gen5_2" - version = "11" - storage_mb = 5120 - - backup_retention_days = 7 - geo_redundant_backup_enabled = false - auto_grow_enabled = true - - public_network_access_enabled = false - ssl_enforcement_enabled = true - ssl_minimal_tls_version_enforced = "TLS1_2" - - lifecycle { ignore_changes = [tags] } -} - -resource "azurerm_postgresql_database" "mlflow" { - name = "mlflowdb" - resource_group_name = data.azurerm_resource_group.ws.name - server_name = azurerm_postgresql_server.mlflow.name - charset = "UTF8" - collation = "English_United States.1252" -} - -resource "azurerm_private_endpoint" "private_endpoint" { - name = "pe-${azurerm_postgresql_server.mlflow.name}-postgres" - location = data.azurerm_resource_group.ws.location - resource_group_name = data.azurerm_resource_group.ws.name - subnet_id = data.azurerm_subnet.services.id - tags = local.tre_workspace_service_tags - - private_service_connection { - private_connection_resource_id = azurerm_postgresql_server.mlflow.id - name = "psc-${azurerm_postgresql_server.mlflow.name}" - subresource_names = ["postgresqlServer"] - is_manual_connection = false - } - - private_dns_zone_group { - name = module.terraform_azurerm_environment_configuration.private_links["privatelink.postgres.database.azure.com"] - private_dns_zone_ids = [data.azurerm_private_dns_zone.postgres.id] - } - - lifecycle { ignore_changes = [tags] } -} diff --git a/templates/workspace_services/mlflow/terraform/upgrade.sh b/templates/workspace_services/mlflow/terraform/upgrade.sh deleted file mode 100644 index 1bbb26cfa8..0000000000 --- a/templates/workspace_services/mlflow/terraform/upgrade.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -set -e - -# This script is used to install the bundle directly without having to interact with Porter - -# This script assumes you have created an .env from the sample and the variables -# will come from there. -# shellcheck disable=SC2154 -terraform init -upgrade -reconfigure -input=false -backend=true \ - -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \ - -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \ - -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \ - -backend-config="key=tre-service-mlflow-$TF_VAR_ID" diff --git a/templates/workspace_services/mlflow/terraform/variables.tf b/templates/workspace_services/mlflow/terraform/variables.tf deleted file mode 100644 index a57e8d750d..0000000000 --- a/templates/workspace_services/mlflow/terraform/variables.tf +++ /dev/null @@ -1,25 +0,0 @@ -variable "workspace_id" { - type = string -} -variable "tre_id" { - type = string -} -variable "tre_resource_id" { - type = string -} - -variable "mgmt_acr_name" { - type = string -} -variable "mgmt_resource_group_name" { - type = string -} - -variable "is_exposed_externally" { - type = bool - description = "Is the webapp available on the public internet" - default = false -} -variable "arm_environment" { - type = string -} diff --git a/templates/workspace_services/mlflow/terraform/web_app.tf b/templates/workspace_services/mlflow/terraform/web_app.tf deleted file mode 100644 index b2a88acbc5..0000000000 --- a/templates/workspace_services/mlflow/terraform/web_app.tf +++ /dev/null @@ -1,147 +0,0 @@ -resource "local_file" "mlflow_windows_config" { - content = data.template_file.mlflow_windows_config.rendered - filename = "${path.module}/../mlflow-vm-config/windows/config.ps1" -} - -resource "local_file" "mlflow_linux_config" { - content = data.template_file.mlflow_linux_config.rendered - filename = "${path.module}/../mlflow-vm-config/linux/config.sh" -} - -resource "azurerm_storage_share_file" "mlflow_config_windows" { - name = "mlflow-windows-config-${local.webapp_name}.ps1" - storage_share_id = data.azurerm_storage_share.shared_storage.id - source = "${path.module}/../mlflow-vm-config/windows/config.ps1" -} - -resource "azurerm_storage_share_file" "mlflow_config_linux" { - name = "mlflow-linux-config-${local.webapp_name}.sh" - storage_share_id = data.azurerm_storage_share.shared_storage.id - source = "${path.module}/../mlflow-vm-config/linux/config.sh" -} - -resource "azurerm_storage_container" "mlflow_artefacts" { - name = local.mlflow_artefacts_container_name - storage_account_name = local.storage_name - container_access_type = "private" -} - -resource "azurerm_linux_web_app" "mlflow" { - name = local.webapp_name - location = data.azurerm_resource_group.ws.location - resource_group_name = data.azurerm_resource_group.ws.name - service_plan_id = data.azurerm_service_plan.workspace.id - https_only = true - key_vault_reference_identity_id = azurerm_user_assigned_identity.mlflow.id - virtual_network_subnet_id = data.azurerm_subnet.web_apps.id - tags = local.tre_workspace_service_tags - - site_config { - http2_enabled = true - container_registry_use_managed_identity = true - container_registry_managed_identity_client_id = azurerm_user_assigned_identity.mlflow.client_id - ftps_state = "Disabled" - vnet_route_all_enabled = true - minimum_tls_version = "1.2" - - application_stack { - docker_image = "${data.azurerm_container_registry.mgmt_acr.login_server}/microsoft/azuretre/${local.image_name}" - docker_image_tag = local.image_tag - } - } - - app_settings = { - MLFLOW_SERVER_WORKERS = "1" - MLFLOW_SERVER_PORT = "5000" - MLFLOW_SERVER_HOST = "0.0.0.0" - - MLFLOW_SERVER_FILE_STORE = format("%s%s%s%s%s%s%s%s%s%s", "postgresql://", random_string.username.result, "@", azurerm_postgresql_server.mlflow.name, ":", random_password.password.result, "@", azurerm_postgresql_server.mlflow.name, ".postgres.database.azure.com:5432/", azurerm_postgresql_database.mlflow.name) - MLFLOW_SERVER_DEFAULT_ARTIFACT_ROOT = format("%s%s%s%s%s%s", "wasbs://", azurerm_storage_container.mlflow_artefacts.name, "@", data.azurerm_storage_account.mlflow.name, ".blob.core.windows.net/", azurerm_storage_container.mlflow_artefacts.name) - AZURE_STORAGE_CONNECTION_STRING = data.azurerm_storage_account.mlflow.primary_connection_string - } - - logs { - application_logs { - file_system_level = "Information" - } - - http_logs { - file_system { - retention_in_days = 7 - retention_in_mb = 100 - } - } - } - - identity { - type = "UserAssigned" - identity_ids = [azurerm_user_assigned_identity.mlflow.id] - } - - lifecycle { ignore_changes = [tags] } - - depends_on = [ - azurerm_role_assignment.mlflow_acr_pull, - azurerm_role_assignment.keyvault_mlflow_ws_role, - ] -} - -resource "azurerm_monitor_diagnostic_setting" "mlflow" { - name = "diag-${var.tre_id}" - target_resource_id = azurerm_linux_web_app.mlflow.id - log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id - - dynamic "log" { - for_each = data.azurerm_monitor_diagnostic_categories.mlflow.log_category_types - content { - category = log.value - enabled = contains(local.web_app_diagnostic_categories_enabled, log.value) ? true : false - } - } -} - -resource "azurerm_role_assignment" "mlflow_acr_pull" { - scope = data.azurerm_container_registry.mgmt_acr.id - role_definition_name = "AcrPull" - principal_id = azurerm_user_assigned_identity.mlflow.principal_id -} - -resource "azurerm_private_endpoint" "mlflow" { - # disabling this makes the webapp available on the public internet - count = var.is_exposed_externally == false ? 1 : 0 - - name = "pe-${local.webapp_name}" - location = data.azurerm_resource_group.ws.location - resource_group_name = data.azurerm_resource_group.ws.name - subnet_id = data.azurerm_subnet.services.id - tags = local.tre_workspace_service_tags - - private_service_connection { - private_connection_resource_id = azurerm_linux_web_app.mlflow.id - name = "psc-${local.webapp_name}" - subresource_names = ["sites"] - is_manual_connection = false - } - - private_dns_zone_group { - name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] - private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] - } - - lifecycle { ignore_changes = [tags] } -} - -resource "azurerm_role_assignment" "keyvault_mlflow_ws_role" { - scope = data.azurerm_key_vault.ws.id - role_definition_name = "Key Vault Secrets User" - principal_id = azurerm_user_assigned_identity.mlflow.principal_id -} - -resource "azurerm_user_assigned_identity" "mlflow" { - resource_group_name = data.azurerm_resource_group.ws.name - location = data.azurerm_resource_group.ws.location - name = local.identity_name - tags = local.tre_workspace_service_tags - - lifecycle { ignore_changes = [tags] } -}