# Service Creation
## Load Config

In [2]:
import json
import os

In [84]:
PROJECT_PATH = "/Users/vinay/Projects/my-mlops/"

In [87]:
def load_app_config():
    config_path = os.path.join(PROJECT_PATH, "config", "config.json")
    if not os.path.exists(config_path):
        raise FileNotFoundError(f"Config file not found: {config_path}")
    with open(config_path, "r") as f:
        return json.load(f)

cfg = load_app_config()

## Resource Group

In [5]:
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource import ResourceManagementClient

In [None]:
# loading subscription id
with open(os.path.join(PROJECT_PATH,"tokens","subscription_id"), "r") as f:
    SUBSCRIPTION_ID = f.read()

In [None]:
RG_CONFIG = cfg.get("resource_group", {})
RG_NAME = RG_CONFIG.get("name")
LOCATION = RG_CONFIG.get("location", "eastus")

In [7]:
def get_resource_client(subscription_id):
    """Authenticate and return the ResourceManagementClient"""
    credential = DefaultAzureCredential()
    return ResourceManagementClient(credential, subscription_id)

In [None]:
resource_client = get_resource_client(SUBSCRIPTION_ID)

In [9]:
def validate_resource_group(resource_client, rg_name):
    """Check if a resource group exists"""
    print(f"üîç Validating resource group '{rg_name}'...")
    exists = resource_client.resource_groups.check_existence(rg_name)
    if exists:
        print(f"‚úÖ Resource group '{rg_name}' exists.")
    else:
        print(f"‚ùå Resource group '{rg_name}' does not exist.")
    return exists

### Validating if resource group is available if not create one

In [None]:
if validate_resource_group(resource_client, RG_NAME):
    print(f"‚ÑπÔ∏è Resource group '{RG_NAME}' already exists.")
else:
    print(f"üöÄ Creating resource group '{RG_NAME}' in '{LOCATION}'...")
    rg_result = resource_client.resource_groups.create_or_update(
        RG_NAME, {"location": LOCATION}
    )
    print(f"‚úÖ Resource group '{rg_result.name}' created successfully.")

üîç Validating resource group 'rg-mymlops'...
‚ùå Resource group 'rg-mymlops' does not exist.
üöÄ Creating resource group 'rg-mymlops' in 'eastus'...
‚úÖ Resource group 'rg-mymlops' created successfully.


## Virtual machine

In [11]:
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.compute.models import (
    HardwareProfile, OSProfile, LinuxConfiguration,
    SshConfiguration, SshPublicKey, NetworkInterfaceReference,
    StorageProfile, ImageReference, OSDisk, DiskCreateOptionTypes
)
from azure.mgmt.network.models import (
    NetworkSecurityGroup, SecurityRule, PublicIPAddress,
    NetworkInterface, Subnet, VirtualNetwork, IPConfiguration
)

In [None]:
RESOURCE_GROUP = cfg["resource_group"]["name"]
VM_NAME = cfg["vm"]["name"]
VM_SIZE = cfg["vm"]["size"]
ADMIN_USERNAME = cfg["vm"]["admin_username"]
SSH_KEY_PATH = os.path.expanduser(cfg["vm"]["ssh_public_key_path"])
VIRTUAL_NETWORK = cfg["vm"]["virtual_network"]
SUB_NETWORK = cfg["vm"]["sub_network"]
NETWORK_SECURITY_GRP = cfg["vm"]["network_security_grp"]
PUBLIC_IP = cfg["vm"]["public_ip"]
NETWORK_INTERFACE = cfg["vm"]["network_interface"]

In [None]:
print(f"üöÄ Starting VM creation: {VM_NAME} in {LOCATION}")

credential = DefaultAzureCredential()
resource_client = ResourceManagementClient(credential, SUBSCRIPTION_ID)
network_client = NetworkManagementClient(credential, SUBSCRIPTION_ID)
compute_client = ComputeManagementClient(credential, SUBSCRIPTION_ID)

üöÄ Starting VM creation: vm-mlops in eastus


In [None]:
print(f"üîπ Ensuring resource group '{RESOURCE_GROUP}' exists...")
resource_client.resource_groups.create_or_update(
    RESOURCE_GROUP, {"location": LOCATION})

üîπ Ensuring resource group 'rg-mymlops' exists...


<azure.mgmt.resource.resources.v2025_04_01.models._models_py3.ResourceGroup at 0x114a2c090>

In [None]:
# Virtual Network
print("üîπ Creating Virtual Network...")
vnet = network_client.virtual_networks.begin_create_or_update(
    RESOURCE_GROUP, VIRTUAL_NETWORK,
    {
        "location": LOCATION, 
        "address_space": {"address_prefixes": ["10.0.0.0/16"]}
    },
).result()
print(f"‚úÖ Virtual Network '{vnet.name}' created successfully.")

üîπ Creating Virtual Network...
‚úÖ Virtual Network 'vnet-mlops' created successfully.


In [None]:
# Subnet
print("üîπ Creating Subnet...")
subnet = network_client.subnets.begin_create_or_update(
    RESOURCE_GROUP, VIRTUAL_NETWORK, 
    SUB_NETWORK, {"address_prefix": "10.0.0.0/24"},
).result()
print(f"‚úÖ Subnet '{subnet.name}' created successfully.")

üîπ Creating Subnet...
‚úÖ Subnet 'subnet-mlops' created successfully.


In [None]:
# NSG (SSH only)
print("üîπ Creating NSG (allow SSH)...")
nsg = network_client.network_security_groups.begin_create_or_update(
    RESOURCE_GROUP, NETWORK_SECURITY_GRP,
    {
        "location": LOCATION,
        "security_rules": [
            SecurityRule(
                name="AllowSSH", protocol="Tcp", direction="Inbound", 
                access="Allow", priority=1000, source_address_prefix="*", 
                destination_address_prefix="*", source_port_range="*", 
                destination_port_range="22",
            )
        ],
    },
).result()
print(f"‚úÖ NSG '{nsg.name}' created successfully.")

üîπ Creating NSG (allow SSH)...
‚úÖ NSG 'nsg-mlops' created successfully.


In [None]:
# Public IP
print("üîπ Creating Public IP...")
public_ip = network_client.public_ip_addresses.begin_create_or_update(
    RESOURCE_GROUP, PUBLIC_IP, 
    {"location": LOCATION, "public_ip_allocation_method":"Dynamic"},
    ).result()
print(f"‚úÖ NSG '{public_ip.name}' created successfully.")
# print(f"‚úÖ NSG '{public_ip.ip_address}' created successfully.")

üîπ Creating Public IP...
‚úÖ NSG 'pip-mlops' created successfully.


In [None]:
# Network Interface
print("üîπ Creating Network Interface...")
nic = network_client.network_interfaces.begin_create_or_update(
    RESOURCE_GROUP, NETWORK_INTERFACE,
    {
        "location": LOCATION,
        "ip_configurations": [
            IPConfiguration(
                name="ipconfig1",
                subnet=Subnet(id=subnet.id),
                public_ip_address=PublicIPAddress(id=public_ip.id),
                network_security_group=NetworkSecurityGroup(id=nsg.id),
            )
        ],
    },
).result()
print(f"‚úÖ NSG '{nic.name}' created successfully.")

network_security_group is not a known attribute of class <class 'azure.mgmt.network.models._models_py3.IPConfiguration'> and will be ignored


üîπ Creating Network Interface...
‚úÖ NSG 'nic-mlops' created successfully.


In [None]:
# VM Configuration
print("üîπ Defining VM configuration...")
with open(SSH_KEY_PATH, "r") as f:
    ssh_key_data = f.read().strip()

vm_parameters = {
    "location": LOCATION,
    "hardware_profile": HardwareProfile(vm_size=VM_SIZE),
    "storage_profile": StorageProfile(
        image_reference=ImageReference(
            publisher="Canonical",
            offer="UbuntuServer",
            sku="18.04-LTS",
            version="latest",
        ),
        os_disk=OSDisk(
            create_option=DiskCreateOptionTypes.from_image,
            managed_disk={"storage_account_type": "StandardSSD_LRS"},
        ),
    ),
    "os_profile": OSProfile(
        computer_name=VM_NAME,
        admin_username=ADMIN_USERNAME,
        linux_configuration=LinuxConfiguration(
            disable_password_authentication=True,
            ssh=SshConfiguration(
                public_keys=[
                    SshPublicKey(
                        path=f"/home/{ADMIN_USERNAME}/.ssh/authorized_keys",
                        key_data=ssh_key_data,
                    )
                ]
            ),
        ),
    ),
    "network_profile": {
        "network_interfaces": [NetworkInterfaceReference(id=nic.id)]},
}

üîπ Defining VM configuration...


In [None]:
# Create the VM
print(f"üöÄ Creating VM '{VM_NAME}' ... this may take a few minutes.")
creation = compute_client.virtual_machines.begin_create_or_update(
    RESOURCE_GROUP, VM_NAME, vm_parameters
)
vm_result = creation.result()

üöÄ Creating VM 'vm-mlops' ... this may take a few minutes.


In [None]:
# Fetch VM details
vm_details = compute_client.virtual_machines.get(RESOURCE_GROUP, VM_NAME)
# Print summary
print("\nüßæ VM Details:")
print(f"Name: {vm_details.name}")
print(f"Location: {vm_details.location}")
print(f"Size: {vm_details.hardware_profile.vm_size}")
print(f"OS Disk: {vm_details.storage_profile.os_disk.name}")
print(f"Image: {vm_details.storage_profile.image_reference.offer} {vm_details.storage_profile.image_reference.sku}")
print(f"Provisioning State: {vm_details.provisioning_state}")


üßæ VM Details:
Name: vm-mlops
Location: eastus
Size: Standard_B1ms
OS Disk: vm-mlops_OsDisk_1_f826069cf2fb491b816883b5d23e0258
Image: UbuntuServer 18.04-LTS
Provisioning State: Succeeded


In [None]:
# Get NIC attached to the VM
nic_id = vm_details.network_profile.network_interfaces[0].id.split('/')[-1]

# Fetch NIC details
nic = network_client.network_interfaces.get(RESOURCE_GROUP, nic_id)

# Check if NSG is attached directly to NIC
if nic.network_security_group:
    nsg_id = nic.network_security_group.id.split('/')[-1]
    nsg = network_client.network_security_groups.get(RESOURCE_GROUP, nsg_id)
    print(f"üîí NSG attached to NIC '{nic.name}': {nsg.name}")
    print(f"Location: {nsg.location}")
    print(f"Security Rules:")
    for rule in nsg.security_rules:
        print(f"  - {rule.name}: {rule.direction} {rule.access} {rule.protocol} {rule.destination_port_range}")
else:
    print(f"No NSG attached directly to NIC '{nic.name}'.")

üîí NSG attached to NIC 'nic-mlops': nsg-mlops
Location: eastus
Security Rules:
  - AllowSSH: Inbound Allow Tcp 22
No NSG attached to Subnet 'subnet-mlops'.


In [28]:
# Attach NSG to NIC
nic.network_security_group = nsg

In [None]:
# Update NIC with the NSG association
update_nic = network_client.network_interfaces.begin_create_or_update(
    RESOURCE_GROUP,
    nic_id,
    nic
)

In [31]:
result = update_nic.result()
print(f"‚úÖ NSG '{nsg.name}' successfully attached to NIC '{nic_id}'.")

‚úÖ NSG 'nsg-mlops' successfully attached to NIC 'nic-mlops'.


In [None]:
if nic.network_security_group:
    nsg_id = nic.network_security_group.id.split('/')[-1]
    nsg = network_client.network_security_groups.get(RESOURCE_GROUP, nsg_id)
    print(f"üîí NSG attached to NIC '{nic.name}': {nsg.name}")
    print(f"Location: {nsg.location}")
    print(f"Security Rules:")
    for rule in nsg.security_rules:
        print(f"  - {rule.name}: {rule.direction} {rule.access} {rule.protocol} {rule.destination_port_range}")
else:
    print(f"No NSG attached directly to NIC '{nic.name}'.")

üîí NSG attached to NIC 'nic-mlops': nsg-mlops
Location: eastus
Security Rules:
  - AllowSSH: Inbound Allow Tcp 22


## Blob Storage

In [35]:
from azure.mgmt.storage import StorageManagementClient

In [None]:
credential = DefaultAzureCredential()
storage_client = StorageManagementClient(credential, SUBSCRIPTION_ID)

In [None]:
credential = DefaultAzureCredential()
storage_client = StorageManagementClient(credential, SUBSCRIPTION_ID)

In [79]:
storage_account_name = cfg["storage"]["storage_account"]
containers = cfg["storage"]["containers"]

In [None]:
# Create Blob Storage with hierarchical namespace (Data Lake Gen2)
storage_async_op = storage_client.storage_accounts.begin_create(
    RESOURCE_GROUP,
    storage_account_name,
    {
        "location": LOCATION,
        "kind": "StorageV2",
        "sku": {"name": "Standard_LRS"},
        "is_hns_enabled": True  # Hierarchical namespace enabled
    },
)
storage_account = storage_async_op.result()
print(f"‚úÖ Storage account '{storage_account.name}' created.")

‚úÖ Storage account 'storagemymlops' created.


In [None]:
# ==== Get Storage Account Key ====
print("üîë Retrieving access key...")
keys = storage_client.storage_accounts.list_keys(RESOURCE_GROUP, storage_account_name)
storage_key = keys.keys[0].value

üîë Retrieving access key...


In [None]:
# ==== Save Key to File ====
key_file_path = os.path.join(PROJECT_PATH, "tokens", storage_account_name)
print(key_file_path)
with open(key_file_path, "w") as key_file:
    key_file.write(storage_key)
print(f"üóùÔ∏è Storage account key saved to: {key_file_path}")

/Users/vinay/Projects/my-mlops/tokens/storagemymlops
üóùÔ∏è Storage account key saved to: /Users/vinay/Projects/my-mlops/tokens/storagemymlops


In [None]:
# ==== Get Storage Account Key ====
print("üîë Retrieving access key...")
keys = storage_client.storage_accounts.list_keys(RESOURCE_GROUP, storage_account_name)
storage_key = keys.keys[0].value

üîë Retrieving access key...


In [64]:
# ==== Connect to Blob Service ====
from azure.storage.blob import BlobServiceClient
blob_service_client = BlobServiceClient(
    f"https://{storage_account_name}.blob.core.windows.net",
    credential=storage_key)

In [83]:
# ==== Create Containers ====
for container in containers.split(','):
    try:
        blob_service_client.create_container(container)
        print(f"‚úÖ Container '{container}' created successfully.")
    except Exception as e:
        if "ContainerAlreadyExists" in str(e):
            print(f"‚ö†Ô∏è Container '{container}' already exists.")
        else:
            print(f"‚ùå Failed to create container '{container}': {e}")

‚ö†Ô∏è Container 'bronze' already exists.
‚ö†Ô∏è Container 'silver' already exists.
‚ö†Ô∏è Container 'gold' already exists.
