Skip to content

Commit

Permalink
Merge branch 'main' into jsaun/blobfuse-test
Browse files Browse the repository at this point in the history
  • Loading branch information
jsaun authored Sep 22, 2023
2 parents d311b86 + e4b0d0a commit 66e7a18
Show file tree
Hide file tree
Showing 3 changed files with 93 additions and 4 deletions.
93 changes: 91 additions & 2 deletions src/deploy-cromwell-on-azure/Deployer.cs
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Resources;
using Azure.Security.KeyVault.Secrets;
using Azure.Storage;
using Azure.Storage.Blobs;
Expand Down Expand Up @@ -106,6 +107,11 @@ public class Deployer
"Microsoft.DBforPostgreSQL"
};

private readonly Dictionary<string, List<string>> requiredResourceProviderFeatures = new Dictionary<string, List<string>>()
{
{ "Microsoft.Compute", new List<string> { "EncryptionAtHost" } }
};

private Configuration configuration { get; set; }
private ITokenProvider tokenProvider;
private TokenCredentials tokenCredentials;
Expand Down Expand Up @@ -374,7 +380,7 @@ await Execute("Connecting to Azure Services...", async () =>
}

await RegisterResourceProvidersAsync();
await ValidateVmAsync();
await RegisterResourceProviderFeaturesAsync();

if (batchAccount is null)
{
Expand Down Expand Up @@ -780,6 +786,7 @@ private async Task<ManagedCluster> ProvisionManagedCluster(IResource resourceGro
VmSize = configuration.VmSize,
OsDiskSizeGB = 128,
OsDiskType = OSDiskType.Managed,
EnableEncryptionAtHost = true,
Type = "VirtualMachineScaleSets",
EnableAutoScaling = false,
EnableNodePublicIP = false,
Expand Down Expand Up @@ -1059,6 +1066,74 @@ private async Task<List<string>> GetRequiredResourceProvidersNotRegisteredAsync(
return notRegisteredResourceProviders;
}

private async Task RegisterResourceProviderFeaturesAsync()
{
var unregisteredFeatures = new List<FeatureResource>();
try
{
await Execute(
$"Registering resource provider features...",
async () =>
{
var subscription = armClient.GetSubscriptionResource(new ResourceIdentifier($"/subscriptions/{configuration.SubscriptionId}"));
foreach (var rpName in requiredResourceProviderFeatures.Keys)
{
var rp = await subscription.GetResourceProviderAsync(rpName);
foreach (var featureName in requiredResourceProviderFeatures[rpName])
{
var feature = await rp.Value.GetFeatureAsync(featureName);
if (!string.Equals(feature.Value.Data.FeatureState, "Registered", StringComparison.OrdinalIgnoreCase))
{
unregisteredFeatures.Add(feature);
_ = await feature.Value.RegisterAsync();
}
}
}
while (!cts.IsCancellationRequested)
{
if (unregisteredFeatures.Count == 0)
{
break;
}
await Task.Delay(System.TimeSpan.FromSeconds(30));
var finished = new List<FeatureResource>();
foreach (var feature in unregisteredFeatures)
{
var update = await feature.GetAsync();
if (string.Equals(update.Value.Data.FeatureState, "Registered", StringComparison.OrdinalIgnoreCase))
{
finished.Add(feature);
}
}
unregisteredFeatures.RemoveAll(x => finished.Contains(x));
}
});
}
catch (Microsoft.Rest.Azure.CloudException ex) when (ex.ToCloudErrorType() == CloudErrorType.AuthorizationFailed)
{
ConsoleEx.WriteLine();
ConsoleEx.WriteLine("Unable to programatically register the required features.", ConsoleColor.Red);
ConsoleEx.WriteLine("This can happen if you don't have the Owner or Contributor role assignment for the subscription.", ConsoleColor.Red);
ConsoleEx.WriteLine();
ConsoleEx.WriteLine("Please contact the Owner or Contributor of your Azure subscription, and have them:", ConsoleColor.Yellow);
ConsoleEx.WriteLine();
ConsoleEx.WriteLine("1. For each of the following, execute 'az feature register --namespace {RESOURCE_PROVIDER_NAME} --name {FEATURE_NAME}'", ConsoleColor.Yellow);
ConsoleEx.WriteLine();
unregisteredFeatures.ForEach(f => ConsoleEx.WriteLine($"- {f.Data.Name}", ConsoleColor.Yellow));
ConsoleEx.WriteLine();
ConsoleEx.WriteLine("After completion, please re-attempt deployment.");

Environment.Exit(1);
}
}

private Task AssignManagedIdOperatorToResourceAsync(IIdentity managedIdentity, IResource resource)
{
// https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#managed-identity-operator
Expand Down Expand Up @@ -1327,21 +1402,27 @@ private Task AssignVmAsContributorToAppInsightsAsync(IIdentity managedIdentity,
$"Creating virtual network and subnets: {configuration.VnetName}...",
async () =>
{
var defaultNsg = await CreateNetworkSecurityGroupAsync(resourceGroup, $"{configuration.VnetName}-default-nsg");
var vnetDefinition = azureSubscriptionClient.Networks
.Define(configuration.VnetName)
.WithRegion(configuration.RegionName)
.WithExistingResourceGroup(resourceGroup)
.WithAddressSpace(configuration.VnetAddressSpace)
.DefineSubnet(configuration.VmSubnetName)
.WithAddressPrefix(configuration.VmSubnetAddressSpace).Attach();
.WithAddressPrefix(configuration.VmSubnetAddressSpace)
.WithExistingNetworkSecurityGroup(defaultNsg)
.Attach();
vnetDefinition = vnetDefinition.DefineSubnet(configuration.PostgreSqlSubnetName)
.WithAddressPrefix(configuration.PostgreSqlSubnetAddressSpace)
.WithExistingNetworkSecurityGroup(defaultNsg)
.WithDelegation("Microsoft.DBforPostgreSQL/flexibleServers")
.Attach();
vnetDefinition = vnetDefinition.DefineSubnet(configuration.BatchSubnetName)
.WithAddressPrefix(configuration.BatchNodesSubnetAddressSpace)
.WithExistingNetworkSecurityGroup(defaultNsg)
.Attach();
var vnet = await vnetDefinition.CreateAsync();
Expand All @@ -1360,6 +1441,14 @@ private Task AssignVmAsContributorToAppInsightsAsync(IIdentity managedIdentity,
batchSubnet);
});

private Task<INetworkSecurityGroup> CreateNetworkSecurityGroupAsync(IResourceGroup resourceGroup, string networkSecurityGroupName)
{
return azureSubscriptionClient.NetworkSecurityGroups.Define(networkSecurityGroupName)
.WithRegion(configuration.RegionName)
.WithExistingResourceGroup(resourceGroup)
.CreateAsync(cts.Token);
}

private string GetFormattedPostgresqlUser(bool isCromwellPostgresUser)
{
var user = isCromwellPostgresUser ?
Expand Down
2 changes: 1 addition & 1 deletion src/deploy-cromwell-on-azure/KubernetesManager.cs
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ internal class KubernetesManager

// "master" is used despite not being a best practice: https://github.com/kubernetes-sigs/blob-csi-driver/issues/783
private const string BlobCsiDriverGithubReleaseBranch = "master";
private const string BlobCsiDriverGithubReleaseVersion = "v1.18.0";
private const string BlobCsiDriverGithubReleaseVersion = "v1.21.4";
private const string BlobCsiRepo = $"https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/{BlobCsiDriverGithubReleaseBranch}/charts";
private const string AadPluginGithubReleaseVersion = "v1.8.13";
private const string AadPluginRepo = $"https://raw.githubusercontent.com/Azure/aad-pod-identity/{AadPluginGithubReleaseVersion}/charts";
Expand Down
2 changes: 1 addition & 1 deletion src/ga4gh-tes
Submodule ga4gh-tes updated 38 files
+5 −3 src/CommonUtilities/Models/NodeTask.cs
+3 −3 src/Tes.ApiClients.Tests/PriceApiClientTests.cs
+53 −0 src/Tes.Runner.Test/Commands/ProcessLauncherTests.cs
+6 −6 src/Tes.Runner.Test/ResolutionPolicyHandlerTests.cs
+10 −10 src/Tes.Runner.Test/Storage/ArmUrlTransformationStrategyTests.cs
+2 −2 src/Tes.Runner.Test/Storage/CloudProviderSchemeConverterTests.cs
+52 −0 src/Tes.Runner.Test/Storage/CombinedTransformationStrategyTests.cs
+13 −12 src/Tes.Runner.Test/Storage/FileOperationResolverTests.cs
+12 −18 src/Tes.Runner.Test/Storage/TerraUrlTransformationStrategyTests.cs
+26 −0 src/Tes.Runner.Test/Transfer/DefaultFileInfoProviderTests.cs
+4 −4 src/Tes.Runner/Storage/ArmUrlTransformationStrategy.cs
+2 −2 src/Tes.Runner/Storage/CloudProviderSchemeConverter.cs
+37 −0 src/Tes.Runner/Storage/CombinedTransformationStrategy.cs
+25 −3 src/Tes.Runner/Storage/FileOperationResolver.cs
+0 −12 src/Tes.Runner/Storage/ISasResolutionStrategy.cs
+12 −0 src/Tes.Runner/Storage/IUrlTransformationStrategy.cs
+2 −2 src/Tes.Runner/Storage/PassThroughUrlTransformationStrategy.cs
+4 −4 src/Tes.Runner/Storage/ResolutionPolicyHandler.cs
+0 −29 src/Tes.Runner/Storage/SasResolutionStrategyFactory.cs
+5 −5 src/Tes.Runner/Storage/TerraUrlTransformationStrategy.cs
+41 −0 src/Tes.Runner/Storage/UrlTransformationStrategyFactory.cs
+7 −5 src/Tes.Runner/Transfer/DefaultFileInfoProvider.cs
+12 −8 src/Tes.RunnerCLI/Commands/CommandHandlers.cs
+44 −12 src/Tes.RunnerCLI/Commands/ProcessLauncher.cs
+16 −5 src/Tes.RunnerCLI/README.md
+21 −0 src/Tes/Models/TesTask.cs
+47 −58 src/Tes/Repository/PostgreSqlCachingRepository.cs
+132 −11 src/TesApi.Tests/BatchPoolTests.cs
+0 −21 src/TesApi.Tests/BatchSchedulerTests.cs
+1 −0 src/TesApi.Tests/Repository/TesTaskPostgreSqlRepositoryIntegrationTests.cs
+67 −12 src/TesApi.Tests/TaskServiceApiControllerTests.cs
+65 −0 src/TesApi.Tests/TesTaskTests.cs
+41 −26 src/TesApi.Web/BatchPool.cs
+69 −38 src/TesApi.Web/BatchScheduler.cs
+13 −3 src/TesApi.Web/Controllers/TaskServiceApi.cs
+1 −1 src/TesApi.Web/Scheduler.cs
+1 −1 src/TesApi.Web/scripts/task-run.sh
+14 −29 src/deploy-tes-on-azure/Deployer.cs

0 comments on commit 66e7a18

Please sign in to comment.