Take in Azure/Moodle changes to azure-quickstart-templates #4514
Conversation
|
@rgardler -- FYI |
|
+1 |
| "type": "bool" | ||
| }, | ||
| "siteURL": { | ||
| "defaultValue": "www.example.org", |
There was a problem hiding this comment.
is this valid for all deployments?
There was a problem hiding this comment.
Yes. The install scripts take either an empty value or this default value to mean "configure it for me". In this situation the scripts generate a DNS name based on the LB name and create a self-signed certificate. This behavior is documented (not that I expect you to read the docs in a review, just letting you know it is documented).
| "type": "string" | ||
| }, | ||
| "sshUsername": { | ||
| "defaultValue": "azureadmin", |
There was a problem hiding this comment.
remove this - increases surface area
There was a problem hiding this comment.
We took the approach of providing as many reasonable default values as possible to minimize the number of unfilled required params, allowing beginning customers to try out the templates without having to figure out all the parameters. Once they get confidence and ready to deploy for their production, they can customize all these parameters (just like the siteURL parameter as above). I think we'd like to keep it this way, as it has always been. @rgardler -- Would you agree?
There was a problem hiding this comment.
Right approach, but not with something that compromises security... having a default username makes it easier to attack the app
There was a problem hiding this comment.
this still needs to be removed
| "firewallRuleName": { | ||
| "defaultValue": "open-to-the-world", | ||
| "dbLogin": { | ||
| "defaultValue": "dbadmin", |
There was a problem hiding this comment.
remove this increases surface area
There was a problem hiding this comment.
also needs to be removed
| @@ -587,6 +678,7 @@ | |||
| "dbServerType": "[parameters('dbServerType')]", | |||
| "dbUsername": "[concat(parameters('dbLogin'), '@', parameters('dbServerType'), '-', variables('resourceprefix'))]", | |||
| "elasticVmSku": "[parameters('elasticVmSku')]", | |||
| "dbDNS": "[if(equals(parameters('dbServerType'),'mssql'),concat(parameters('dbServerType'), '-',variables('resourcePrefix'), '.database.windows.net'), concat(parameters('dbServerType'), '-', variables('resourcePrefix'), '.', parameters('dbServerType'), '.database.azure.com'))]", | |||
There was a problem hiding this comment.
use reference() to get the FQDNs
There was a problem hiding this comment.
According to the documentation, we can't use reference() in the variables section (mentioned in Remarks). Is this changed?
There was a problem hiding this comment.
you can't you need to move this into the properties section that needs it.
There was a problem hiding this comment.
Fixed in the newly added commit
| @@ -394,7 +476,7 @@ | |||
| } | |||
| }, | |||
| "templateLink": { | |||
| "uri": "[concat(variables('moodleCommon').baseTemplateUrl,'redis.json',parameters('_artifactsLocationSasToken'))]" | |||
| "uri": "[concat(variables('moodleCommon').baseTemplateUrl,'redis', if(parameters('redisDeploySwitch'), '', '-none'), '.json',parameters('_artifactsLocationSasToken'))]" | |||
There was a problem hiding this comment.
any reason we can't use the condition property for this?
There was a problem hiding this comment.
That's exactly what I tried at the beginning, and it kept failing, leading me to conclude that the ARM's if(,,) function is eager and causes this issue. Let me explain further in detail.
Basically, I wanted something like the following for the redisKey value in controller.json:
if([condition],listKeys([redisResourceId]).primaryKey),'None')
The [condition] would be true iff the redisDeploySwitch parameter is true. However, even when the switch is false, ARM keeps evaluating the listKeys([redisResourceId]).primaryKey) and complaining that there's no such resource (because no redis will be deployed when the switch is false). This was unexpected to me (as I was expecting a programming-language-like behavior with if(,,)), but then I realized that the parameter evaluations in if(,,) might be eager, call-by-value, and all 3 parameters are evaluated even if the condition is false, which is clearly different from the usual programming-language-like behavior of if ... else ... construct.
I've been wondering if this understanding of mine is correct, and who to ask about this. Could you confirm if this is the currently expected behavior? If not, could you let me know who to ask about this?
Bottom line is that I did/do want to get rid of this hack, but the ARM's if(,,) semantics I experienced doesn't allow that, so I couldn't avoid this hack. Please advise.
There was a problem hiding this comment.
try again - we released a bug fix in this areas not long ago - if it still fails, send me the code that's failing
There was a problem hiding this comment.
Thanks. It's working now as desired and fixed in the newly added commit.
| "storageAccountType": { "value": "Standard_LRS"}, | ||
| "controllerVmSku": { "value": "Standard_DS1_v2" }, | ||
| "dbServerType": { "value": "mysql" }, | ||
| "redisDeploySwitch": { "value": false }, |
There was a problem hiding this comment.
remove the non GEN values here and just use defaultValues in the template
There was a problem hiding this comment.
Actually, the default value change to redisDeploySwitch (or any other params) requires some internal discussion (@rgardler -- please chime in). We chose the default values in azuredeploy.json with some direction in mind, but here in the parameters file, we need to change it to minimize the test deployment time, so that's why it's changed here.
@rgardler , I'm in favor of changing this default to false in azuredeploy.json, but I wouldn't do that without your agreement first.
There was a problem hiding this comment.
I'm happy to follow your guidance on this one. My reading of the load testing results is that Reddis is not needed in anything but the most active scenarios. In which case I would support false by default.
There was a problem hiding this comment.
Thanks @rgardler . Updated the default, parameters.json, and pushed the commit.
| @@ -0,0 +1,22 @@ | |||
| # Cleanup All Resource | |||
|
@hosungsmsft - can you address the merge conflicts? |
|
@bmoore-msft -- Your commit 0552ef8 introduced a whole lot of merge conflicts (mostly for tab width, but also for introducing the |
|
@bmoore-msft -- Merge conflicts are now resolved. I modified your |
|
@bmoore-msft -- Brian, can we get this PR finally merged? I know there were repeated merge conflicts due to this PR being opened too long (your ongoing changes on this long running PR kept causing merge conflicts, even after I resolved them manually by merging using 'theirs' strategy). I just reset my master to the current upstream master and overwrote the moodle-scalable-cluster-ubuntu directory with the changed content that were all reviewed in this PR. So it'd be greatly appreciated if this PR gets merged once the Travis CI passes. Thanks. |
| "azureBackupSwitch": "[parameters('azureBackupSwitch')]", | ||
| "azureSearchHostingMode": "[parameters('azureSearchHostingMode')]", | ||
| "azureSearchName": "[concat('azure-search-',variables('resourceprefix'))]", | ||
| "azureSearchNameHost": "[concat('azure-search-',variables('resourceprefix'),'.search.windows.net')]", |
There was a problem hiding this comment.
use reference() to get the uri
| "ctlrPipName": "[concat('controller-pubip-',variables('resourceprefix'))]", | ||
| "ctlrVmName": "[concat('controller-vm-',variables('resourceprefix'))]", | ||
| "ctlrVmSecrets": "[take(variables('ctlrVmSecretsArray'), if(empty(parameters('keyVaultResourceId')), 0, 1))]", | ||
| "lbDns": "[concat('lb-',variables('resourceprefix'),'.',parameters('location'),'.cloudapp.azure.com')]", |
There was a problem hiding this comment.
use reference to get the uri
| "postgresVersion": "[parameters('postgresVersion')]", | ||
| "redisCacheName": "[concat('redis-',variables('resourceprefix'))]", | ||
| "redisDeploySwitch": "[parameters('redisDeploySwitch')]", | ||
| "redisDns": "[concat('redis-',variables('resourceprefix'),'.redis.cache.windows.net')]", |
There was a problem hiding this comment.
use reference to get the uri
| "resourcesPrefix": "[variables('resourceprefix')]", | ||
| "searchType": "[parameters('searchType')]", | ||
| "serverName": "[concat(parameters('dbServerType'), '-',variables('resourceprefix'))]", | ||
| "siteURL": "[if(or(empty(parameters('siteURL')), equals(parameters('siteURL'), 'www.example.org')), concat(if(equals(parameters('httpsTermination'), 'AppGw'),'appgw-','lb-'),variables('resourceprefix'),'.',parameters('location'),'.cloudapp.azure.com'), parameters('siteURL'))]", |
There was a problem hiding this comment.
use reference to get the uri
| "vNetAddressSpace": { "value": "172.31.0.0" }, | ||
| "sshPublicKey": { "value": "GEN-SSH-PUB-KEY" } | ||
| "sshPublicKey": { "value": "GEN-SSH-PUB-KEY" }, | ||
| "dbServerType": { "value": "mssql" }, |
There was a problem hiding this comment.
remove non-GEN values and use defaultValues in the template
Best Practice Checklist
Check these items before submitting a PR... See the Contribution Guide for the full detail: https://github.com/Azure/azure-quickstart-templates/blob/master/1-CONTRIBUTION-GUIDE/README.md
For details: https://github.com/Azure/azure-quickstart-templates/blob/master/1-CONTRIBUTION-GUIDE/bp-checklist.md
Changelog