-
Notifications
You must be signed in to change notification settings - Fork 16k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Take in Azure/Moodle changes to azure-quickstart-templates #4514
Conversation
@rgardler -- FYI |
+1 |
"type": "bool" | ||
}, | ||
"siteURL": { | ||
"defaultValue": "www.example.org", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this valid for all deployments?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. The install scripts take either an empty value or this default value to mean "configure it for me". In this situation the scripts generate a DNS name based on the LB name and create a self-signed certificate. This behavior is documented (not that I expect you to read the docs in a review, just letting you know it is documented).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds good
"type": "string" | ||
}, | ||
"sshUsername": { | ||
"defaultValue": "azureadmin", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove this - increases surface area
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We took the approach of providing as many reasonable default values as possible to minimize the number of unfilled required params, allowing beginning customers to try out the templates without having to figure out all the parameters. Once they get confidence and ready to deploy for their production, they can customize all these parameters (just like the siteURL parameter as above). I think we'd like to keep it this way, as it has always been. @rgardler -- Would you agree?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would agree.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right approach, but not with something that compromises security... having a default username makes it easier to attack the app
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Understood
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this still needs to be removed
"firewallRuleName": { | ||
"defaultValue": "open-to-the-world", | ||
"dbLogin": { | ||
"defaultValue": "dbadmin", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove this increases surface area
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same response as above...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also needs to be removed
@@ -587,6 +678,7 @@ | |||
"dbServerType": "[parameters('dbServerType')]", | |||
"dbUsername": "[concat(parameters('dbLogin'), '@', parameters('dbServerType'), '-', variables('resourceprefix'))]", | |||
"elasticVmSku": "[parameters('elasticVmSku')]", | |||
"dbDNS": "[if(equals(parameters('dbServerType'),'mssql'),concat(parameters('dbServerType'), '-',variables('resourcePrefix'), '.database.windows.net'), concat(parameters('dbServerType'), '-', variables('resourcePrefix'), '.', parameters('dbServerType'), '.database.azure.com'))]", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use reference() to get the FQDNs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to the documentation, we can't use reference()
in the variables section (mentioned in Remarks). Is this changed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can't you need to move this into the properties section that needs it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in the newly added commit
@@ -394,7 +476,7 @@ | |||
} | |||
}, | |||
"templateLink": { | |||
"uri": "[concat(variables('moodleCommon').baseTemplateUrl,'redis.json',parameters('_artifactsLocationSasToken'))]" | |||
"uri": "[concat(variables('moodleCommon').baseTemplateUrl,'redis', if(parameters('redisDeploySwitch'), '', '-none'), '.json',parameters('_artifactsLocationSasToken'))]" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
any reason we can't use the condition property for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's exactly what I tried at the beginning, and it kept failing, leading me to conclude that the ARM's if(,,)
function is eager and causes this issue. Let me explain further in detail.
Basically, I wanted something like the following for the redisKey
value in controller.json
:
if([condition],listKeys([redisResourceId]).primaryKey),'None')
The [condition]
would be true iff the redisDeploySwitch
parameter is true
. However, even when the switch is false, ARM keeps evaluating the listKeys([redisResourceId]).primaryKey)
and complaining that there's no such resource (because no redis will be deployed when the switch is false). This was unexpected to me (as I was expecting a programming-language-like behavior with if(,,)
), but then I realized that the parameter evaluations in if(,,)
might be eager, call-by-value, and all 3 parameters are evaluated even if the condition is false, which is clearly different from the usual programming-language-like behavior of if ... else ...
construct.
I've been wondering if this understanding of mine is correct, and who to ask about this. Could you confirm if this is the currently expected behavior? If not, could you let me know who to ask about this?
Bottom line is that I did/do want to get rid of this hack, but the ARM's if(,,)
semantics I experienced doesn't allow that, so I couldn't avoid this hack. Please advise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
try again - we released a bug fix in this areas not long ago - if it still fails, send me the code that's failing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. It's working now as desired and fixed in the newly added commit.
"storageAccountType": { "value": "Standard_LRS"}, | ||
"controllerVmSku": { "value": "Standard_DS1_v2" }, | ||
"dbServerType": { "value": "mysql" }, | ||
"redisDeploySwitch": { "value": false }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove the non GEN values here and just use defaultValues in the template
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, the default value change to redisDeploySwitch
(or any other params) requires some internal discussion (@rgardler -- please chime in). We chose the default values in azuredeploy.json
with some direction in mind, but here in the parameters file, we need to change it to minimize the test deployment time, so that's why it's changed here.
@rgardler , I'm in favor of changing this default to false in azuredeploy.json
, but I wouldn't do that without your agreement first.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm happy to follow your guidance on this one. My reading of the load testing results is that Reddis is not needed in anything but the most active scenarios. In which case I would support false by default.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @rgardler . Updated the default, parameters.json, and pushed the commit.
@@ -0,0 +1,22 @@ | |||
# Cleanup All Resource |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Resources
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
@hosungsmsft - can you address the merge conflicts? |
@bmoore-msft -- Your commit 0552ef8 introduced a whole lot of merge conflicts (mostly for tab width, but also for introducing the |
@bmoore-msft -- Merge conflicts are now resolved. I modified your |
@bmoore-msft -- Brian, can we get this PR finally merged? I know there were repeated merge conflicts due to this PR being opened too long (your ongoing changes on this long running PR kept causing merge conflicts, even after I resolved them manually by merging using 'theirs' strategy). I just reset my master to the current upstream master and overwrote the moodle-scalable-cluster-ubuntu directory with the changed content that were all reviewed in this PR. So it'd be greatly appreciated if this PR gets merged once the Travis CI passes. Thanks. |
"azureBackupSwitch": "[parameters('azureBackupSwitch')]", | ||
"azureSearchHostingMode": "[parameters('azureSearchHostingMode')]", | ||
"azureSearchName": "[concat('azure-search-',variables('resourceprefix'))]", | ||
"azureSearchNameHost": "[concat('azure-search-',variables('resourceprefix'),'.search.windows.net')]", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use reference() to get the uri
"ctlrPipName": "[concat('controller-pubip-',variables('resourceprefix'))]", | ||
"ctlrVmName": "[concat('controller-vm-',variables('resourceprefix'))]", | ||
"ctlrVmSecrets": "[take(variables('ctlrVmSecretsArray'), if(empty(parameters('keyVaultResourceId')), 0, 1))]", | ||
"lbDns": "[concat('lb-',variables('resourceprefix'),'.',parameters('location'),'.cloudapp.azure.com')]", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use reference to get the uri
"postgresVersion": "[parameters('postgresVersion')]", | ||
"redisCacheName": "[concat('redis-',variables('resourceprefix'))]", | ||
"redisDeploySwitch": "[parameters('redisDeploySwitch')]", | ||
"redisDns": "[concat('redis-',variables('resourceprefix'),'.redis.cache.windows.net')]", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use reference to get the uri
"resourcesPrefix": "[variables('resourceprefix')]", | ||
"searchType": "[parameters('searchType')]", | ||
"serverName": "[concat(parameters('dbServerType'), '-',variables('resourceprefix'))]", | ||
"siteURL": "[if(or(empty(parameters('siteURL')), equals(parameters('siteURL'), 'www.example.org')), concat(if(equals(parameters('httpsTermination'), 'AppGw'),'appgw-','lb-'),variables('resourceprefix'),'.',parameters('location'),'.cloudapp.azure.com'), parameters('siteURL'))]", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use reference to get the uri
"vNetAddressSpace": { "value": "172.31.0.0" }, | ||
"sshPublicKey": { "value": "GEN-SSH-PUB-KEY" } | ||
"sshPublicKey": { "value": "GEN-SSH-PUB-KEY" }, | ||
"dbServerType": { "value": "mssql" }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove non-GEN values and use defaultValues in the template
Best Practice Checklist
Check these items before submitting a PR... See the Contribution Guide for the full detail: https://github.com/Azure/azure-quickstart-templates/blob/master/1-CONTRIBUTION-GUIDE/README.md
For details: https://github.com/Azure/azure-quickstart-templates/blob/master/1-CONTRIBUTION-GUIDE/bp-checklist.md
Changelog