Skip to content

Commit

Permalink
Merge pull request #66 from Teradata/sched_tls_update
Browse files Browse the repository at this point in the history 
Sched tls update
  • Loading branch information
@teralauritsen
teralauritsen authored Dec 16, 2024
2 parents 4b87c17 + 741f2c0 commit 687dedc
Show file tree
Hide file tree
Showing 11 changed files with 1,860 additions and 71 deletions.
6 changes: 4 additions & 2 deletions deployments/aws/templates/ai-unlimited/ai-unlimited-with-nlb.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -611,7 +611,8 @@ Resources:
RestartSec=2
ExecStartPre=-/usr/bin/docker stop %n || true
ExecStartPre=-/usr/bin/docker rm %n || true
ExecStartPre=/usr/bin/docker pull teradata/ai-unlimited-scheduler:latest
EnvironmentFile=/etc/td/ai-unlimited/init_api_key.txt
ExecStartPre=/usr/bin/docker pull teradata/ai-unlimited-scheduler:${ AiUnlimitedSchedulerVersion }
ExecStart=/usr/bin/docker run \
--network ai_unlimited \
-p ${ AiUnlimitedSchedulerGrpcPort }:50051 \
Expand All @@ -621,7 +622,8 @@ Resources:
-e TD_WSSCHED_TASK_LOG_PATH=/etc/td/workspaces/scheduler_logs/projects \
-e TD_WSSCHED_POL_INTERVAL=60 \
-e TD_WS_CONTAINER_NAME=ai-unlimited.service \
--rm --name %n teradata/ai-unlimited-scheduler:latest workspace-event-scheduler serve
-e TD_VCD_INIT_API_KEY \
--rm --name %n teradata/ai-unlimited-scheduler:${ AiUnlimitedSchedulerVersion } workspace-event-scheduler serve
[Install]
WantedBy=multi-user.target
group: root
Expand Down
10 changes: 7 additions & 3 deletions deployments/aws/templates/ai-unlimited/ai-unlimited-without-lb.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -559,11 +559,11 @@ Resources:
StartLimitBurst=10
[Service]
EnvironmentFile=/etc/td/ai-unlimited/init_api_key.txt
TimeoutStartSec=0
Restart=always
RestartSec=2
ExecStartPre=-/usr/bin/mkdir -p /etc/td/ai-unlimited
EnvironmentFile=/etc/td/ai-unlimited/init_api_key.txt
ExecStartPre=-/usr/bin/docker stop %n || true
ExecStartPre=-/usr/bin/docker rm %n || true
ExecStartPre=/usr/bin/docker pull teradata/ai-unlimited-workspaces:${ AiUnlimitedVersion }
Expand Down Expand Up @@ -604,9 +604,10 @@ Resources:
TimeoutStartSec=0
Restart=always
RestartSec=2
EnvironmentFile=/etc/td/ai-unlimited/init_api_key.txt
ExecStartPre=-/usr/bin/docker exec %n stop || true
ExecStartPre=-/usr/bin/docker rm %n || true
ExecStartPre=/usr/bin/docker pull teradata/ai-unlimited-scheduler:latest
ExecStartPre=/usr/bin/docker pull teradata/ai-unlimited-scheduler:${ AiUnlimitedSchedulerVersion }
ExecStart=/usr/bin/docker run \
--network ai_unlimited \
-p ${ AiUnlimitedSchedulerGrpcPort }:50051 \
Expand All @@ -615,8 +616,11 @@ Resources:
-e TD_WSSCHED_LOG_PATH=/etc/td/workspaces/scheduler_logs \
-e TD_WSSCHED_TASK_LOG_PATH=/etc/td/workspaces/scheduler_logs/projects \
-e TD_WSSCHED_POL_INTERVAL=60 \
-e TD_WSSCHED_DEV_LOC_OVR=ignore \
-e TD_WS_CONTAINER_NAME=ai-unlimited.service \
--rm --name %n teradata/ai-unlimited-scheduler:latest workspace-event-scheduler serve
-e TD_WS_SERVER_PORT=${ AiUnlimitedGrpcPort } \
-e TD_VCD_INIT_API_KEY \
--rm --name %n teradata/ai-unlimited-scheduler:${ AiUnlimitedSchedulerVersion } workspace-event-scheduler serve
[Install]
WantedBy=multi-user.target
Expand Down
6 changes: 5 additions & 1 deletion deployments/azure/scripts/ai-unlimited-scheduler.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ StartLimitBurst=10
TimeoutStartSec=0
Restart=always
RestartSec=2
EnvironmentFile=/etc/td/ai-unlimited/init_api_key.txt
ExecStartPre=-/usr/bin/docker stop %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=/usr/bin/docker pull {0}/{1}:{2}
Expand All @@ -18,8 +19,11 @@ ExecStart=/usr/bin/docker run \
-v /etc/td/ai-unlimited:/etc/td \
-e TD_WSSCHED_LOG_PATH=/etc/td/workspaces/scheduler_logs \
-e TD_WSSCHED_TASK_LOG_PATH=/etc/td/workspaces/scheduler_logs/projects \
-e TD_WSSCHED_POL_INTERVAL=2 \
-e TD_WSSCHED_POL_INTERVAL=60 \
-e TD_WS_CONTAINER_NAME=ai-unlimited.service \
-e TD_WSSCHED_DEV_LOC_OVR=ignore \
-e TD_WS_SERVER_PORT={4} \
-e TD_VCD_INIT_API_KEY \
--rm --name %n {0}/{1}:{2} workspace-event-scheduler serve
[Install]
WantedBy=multi-user.target
66 changes: 39 additions & 27 deletions deployments/azure/templates/arm/ai-unlimited/ai-unlimited-with-nlb.json
View file

Large diffs are not rendered by default.

50 changes: 31 additions & 19 deletions deployments/azure/templates/arm/ai-unlimited/ai-unlimited-without-lb.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "7904991390945018605"
"version": "0.32.4.45862",
"templateHash": "14038604803180625097"
}
},
"parameters": {
Expand Down Expand Up @@ -83,6 +83,13 @@
"description": "port to access the AI Unlimited service api."
}
},
"AiUnlimitedSchedulerHttpPort": {
"type": "int",
"defaultValue": 50061,
"metadata": {
"description": "port to access the AI Unlimited scheduler api."
}
},
"SourceAppSecGroups": {
"type": "array",
"defaultValue": [],
Expand Down Expand Up @@ -153,6 +160,13 @@
"description": "Container Version of the AI Unlimited UI service"
}
},
"AiUnlimitedSchedulerVersion": {
"type": "string",
"defaultValue": "latest",
"metadata": {
"description": "Container Version of the AI Unlimited scheduler service"
}
},
"Tags": {
"type": "object",
"defaultValue": {},
Expand All @@ -164,19 +178,17 @@
"variables": {
"$fxv#0": "#cloud-config\nwrite_files:\n- encoding: b64\n content: \"{0}\"\n owner: root:root\n path: /usr/lib/systemd/system/ai-unlimited.service\n permissions: '0640'\n- encoding: b64\n content: \"{1}\"\n owner: root:root\n path: /usr/lib/systemd/system/ai-unlimited-scheduler.service\n permissions: '0640'\n- encoding: b64\n content: \"{2}\"\n owner: root:root\n path: /usr/lib/systemd/system/ai-unlimited-ui.service\n permissions: '0640'\n\nruncmd:\n- mkdir -p /etc/td\n- |\n export PERMDISK=$(lsscsi 1:0:0:0 -b | awk '{{print $2}}');\n if [ -n \"${{PERMDISK}}\" ]; then blkid --match-token TYPE=ext4 ${{PERMDISK}} || (mkfs.ext4 -m0 ${{PERMDISK}} && e2label ${{PERMDISK}} WORKSPACES); fi\n /usr/bin/echo \"LABEL=WORKSPACES /etc/td ext4 defaults 0 2\" >> /etc/fstab\n /usr/bin/mount -a\n- while [ $(systemctl status docker | grep \"active (running)\" | wc -l) -lt 1 ]; do sleep 5; done\n- mkdir -p /etc/td/ai-unlimited\n- echo \"TD_VCD_INIT_API_KEY=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 64)\" > /etc/td/ai-unlimited/init_api_key.txt\n- sleep 60\n- systemctl enable ai-unlimited.service\n- systemctl start ai-unlimited.service\n- systemctl enable ai-unlimited-scheduler.service\n- systemctl start ai-unlimited-scheduler.service\n- systemctl enable ai-unlimited-ui.service\n- systemctl start ai-unlimited-ui.service\n",
"$fxv#1": "[Unit]\nDescription=AI Unlimited\nAfter=docker.service\nRequires=docker.service\nStartLimitInterval=200\nStartLimitBurst=10\n\n[Service]\nTimeoutStartSec=0\nRestart=always\nRestartSec=2\nEnvironmentFile=/etc/td/ai-unlimited/init_api_key.txt\nExecStartPre=-/usr/bin/docker volume create ssl_certs\nExecStartPre=-/usr/bin/docker network create -d bridge ai_unlimited\nExecStartPre=-/usr/bin/mkdir -p /etc/td/ai-unlimited\nExecStartPre=-/usr/bin/docker stop %n\nExecStartPre=-/usr/bin/docker rm %n\nExecStartPre=/usr/bin/docker pull {0}/{1}:{2}\n\nExecStart=/usr/bin/docker run \\\n -e accept_license=Y \\\n -e PLATFORM=azure \\\n -e ARM_USE_MSI=true \\\n -e ARM_SUBSCRIPTION_ID={5} \\\n -e ARM_TENANT_ID={6} \\\n -e TD_VCD_INIT_API_KEY \\\n -p {3}:3000 \\\n -p {4}:3282 \\\n -v /etc/td/ai-unlimited:/etc/td \\\n -v ssl_certs:/etc/td/ssl \\\n --network ai_unlimited {7} \\\n --rm --name %n {0}/{1}:{2} workspaces serve -v\n\n[Install]\nWantedBy=multi-user.target",
"$fxv#2": "[Unit]\nDescription=AI Unlimited Scheduler\nAfter=ai-unlimited.service\nRequires=ai-unlimited.service\nStartLimitInterval=200\nStartLimitBurst=10\n\n[Service]\nTimeoutStartSec=0\nRestart=always\nRestartSec=2\nExecStartPre=-/usr/bin/docker stop %n\nExecStartPre=-/usr/bin/docker rm %n\nExecStartPre=/usr/bin/docker pull {0}/{1}:{2}\nExecStart=/usr/bin/docker run \\\n --network ai_unlimited \\\n -p {3}:50061 \\\n -v /etc/td/ai-unlimited:/etc/td \\\n -e TD_WSSCHED_LOG_PATH=/etc/td/workspaces/scheduler_logs \\\n -e TD_WSSCHED_TASK_LOG_PATH=/etc/td/workspaces/scheduler_logs/projects \\\n -e TD_WSSCHED_POL_INTERVAL=2 \\\n -e TD_WS_CONTAINER_NAME=ai-unlimited.service \\\n --rm --name %n {0}/{1}:{2} workspace-event-scheduler serve\n[Install]\nWantedBy=multi-user.target",
"$fxv#2": "[Unit]\nDescription=AI Unlimited Scheduler\nAfter=ai-unlimited.service\nRequires=ai-unlimited.service\nStartLimitInterval=200\nStartLimitBurst=10\n\n[Service]\nTimeoutStartSec=0\nRestart=always\nRestartSec=2\nEnvironmentFile=/etc/td/ai-unlimited/init_api_key.txt\nExecStartPre=-/usr/bin/docker stop %n\nExecStartPre=-/usr/bin/docker rm %n\nExecStartPre=/usr/bin/docker pull {0}/{1}:{2}\nExecStart=/usr/bin/docker run \\\n --network ai_unlimited \\\n -p {3}:50061 \\\n -v /etc/td/ai-unlimited:/etc/td \\\n -e TD_WSSCHED_LOG_PATH=/etc/td/workspaces/scheduler_logs \\\n -e TD_WSSCHED_TASK_LOG_PATH=/etc/td/workspaces/scheduler_logs/projects \\\n -e TD_WSSCHED_POL_INTERVAL=60 \\\n -e TD_WS_CONTAINER_NAME=ai-unlimited.service \\\n -e TD_WSSCHED_DEV_LOC_OVR=ignore \\\n -e TD_WS_SERVER_PORT={4} \\\n -e TD_VCD_INIT_API_KEY \\\n --rm --name %n {0}/{1}:{2} workspace-event-scheduler serve\n[Install]\nWantedBy=multi-user.target",
"$fxv#3": "[Unit]\nDescription=AI Unlimited UI\nAfter=ai-unlimited.service\nRequires=ai-unlimited.service\nStartLimitInterval=200\nStartLimitBurst=10\n\n[Service]\nTimeoutStartSec=0\nRestart=always\nRestartSec=2\nEnvironmentFile=/etc/td/ai-unlimited/init_api_key.txt\nExecStartPre=-/usr/bin/docker stop %n\nExecStartPre=-/usr/bin/docker rm %n\nExecStartPre=/usr/bin/docker pull {0}/{1}:{2}\n\nExecStart=/usr/bin/docker run \\\n -e TD_VCD_USE_TLS=false \\\n -e TD_VCD_AUTH_PORT={4}\\\n -e TD_VCD_API_PORT={5}\\\n -e TD_VCD_INIT_API_KEY \\\n -p 80:80 \\\n -p 443:443 \\\n -v ssl_certs:/etc/ssl/td \\\n --network ai_unlimited {6} \\\n --rm --name %n {0}/{1}:{2} \n\n[Install]\nWantedBy=multi-user.target",
"AiUnlimitedSchedulerHttpPort": 50061,
"AiUnlimitedUIHttpPort": 80,
"AiUnlimitedUIHttpsPort": 443,
"AiUnlimitedSchedulerVersion": "latest",
"roleAssignmentName": "[guid(subscription().id, parameters('AiUnlimitedName'), subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('ResourceGroupName')), parameters('RoleDefinitionId'))]",
"dnsLabelPrefix": "[format('td{0}', uniqueString(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('ResourceGroupName')), deployment().name, parameters('AiUnlimitedName')))]",
"registry": "teradata",
"workspaceRepository": "ai-unlimited-workspaces",
"workspaceSchedulerRepository": "ai-unlimited-scheduler",
"workspaceUIRepository": "ai-unlimited-workspaces-ui",
"cloudInitData": "[base64(format(variables('$fxv#0'), base64(format(variables('$fxv#1'), variables('registry'), variables('workspaceRepository'), parameters('AiUnlimitedVersion'), parameters('AiUnlimitedAuthPort'), parameters('AiUnlimitedGrpcPort'), subscription().subscriptionId, subscription().tenantId, '--network-alias ai-unlimited')), base64(format(variables('$fxv#2'), variables('registry'), variables('workspaceSchedulerRepository'), variables('AiUnlimitedSchedulerVersion'), variables('AiUnlimitedSchedulerHttpPort'))), base64(format(variables('$fxv#3'), variables('registry'), variables('workspaceUIRepository'), parameters('AiUnlimitedUIVersion'), variables('AiUnlimitedUIHttpPort'), parameters('AiUnlimitedAuthPort'), parameters('AiUnlimitedGrpcPort'), '--network-alias ai-unlimited'))))]"
"cloudInitData": "[base64(format(variables('$fxv#0'), base64(format(variables('$fxv#1'), variables('registry'), variables('workspaceRepository'), parameters('AiUnlimitedVersion'), parameters('AiUnlimitedAuthPort'), parameters('AiUnlimitedGrpcPort'), subscription().subscriptionId, subscription().tenantId, '--network-alias ai-unlimited')), base64(format(variables('$fxv#2'), variables('registry'), variables('workspaceSchedulerRepository'), parameters('AiUnlimitedSchedulerVersion'), parameters('AiUnlimitedSchedulerHttpPort'), parameters('AiUnlimitedGrpcPort'))), base64(format(variables('$fxv#3'), variables('registry'), variables('workspaceUIRepository'), parameters('AiUnlimitedUIVersion'), variables('AiUnlimitedUIHttpPort'), parameters('AiUnlimitedAuthPort'), parameters('AiUnlimitedGrpcPort'), '--network-alias ai-unlimited'))))]"
},
"resources": [
{
Expand Down Expand Up @@ -222,8 +234,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "29287785012335710"
"version": "0.32.4.45862",
"templateHash": "18082039460890227567"
}
},
"parameters": {
Expand Down Expand Up @@ -341,8 +353,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "16095084913002426133"
"version": "0.32.4.45862",
"templateHash": "4331975894596953088"
}
},
"parameters": {
Expand Down Expand Up @@ -402,7 +414,7 @@
"value": "[parameters('AiUnlimitedGrpcPort')]"
},
"aiUnlimitedSchedulerHttpPort": {
"value": "[variables('AiUnlimitedSchedulerHttpPort')]"
"value": "[parameters('AiUnlimitedSchedulerHttpPort')]"
},
"aiUnlimitedUIHttpPort": {
"value": "[variables('AiUnlimitedUIHttpPort')]"
Expand All @@ -426,8 +438,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "392354314460473239"
"version": "0.32.4.45862",
"templateHash": "16013689345643124539"
}
},
"parameters": {
Expand Down Expand Up @@ -838,8 +850,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "11687747621230861550"
"version": "0.32.4.45862",
"templateHash": "17662981702954878393"
}
},
"parameters": {
Expand Down Expand Up @@ -1119,8 +1131,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "4325662974998231491"
"version": "0.32.4.45862",
"templateHash": "3737753991380666295"
}
},
"parameters": {
Expand Down Expand Up @@ -1224,8 +1236,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.92.45157",
"templateHash": "9690061458974637253"
"version": "0.32.4.45862",
"templateHash": "12388745557700980847"
}
},
"parameters": {
Expand Down
23 changes: 14 additions & 9 deletions deployments/azure/templates/bicep/ai-unlimited/ai-unlimited-with-nlb.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ param AiUnlimitedGrpcPort int = 3282
// @description('port to access the AI Unlimited scheduler service grpc api.')
// var AiUnlimitedSchedulerGrpcPort = 50051

// @description('port to access the AI Unlimited scheduler service grpc api.')
var AiUnlimitedSchedulerHttpPort = 50061
@description('port to access the AI Unlimited scheduler api.')
param AiUnlimitedSchedulerHttpPort int = 50061

// @description('port to access the AI Unlimited service UI http.')
var AiUnlimitedUIHttpPort = 80
Expand Down Expand Up @@ -76,8 +76,8 @@ param AiUnlimitedVersion string = 'v0.3.0'
@description('Container Version of the AI Unlimited UI service')
param AiUnlimitedUIVersion string = 'v0.1.0'

// @description('Container Version of the AI Unlimited scheduler service')
var AiUnlimitedSchedulerVersion = 'latest'
@description('Container Version of the AI Unlimited scheduler service')
param AiUnlimitedSchedulerVersion string = 'latest'

@description('Tags to apply to all newly created resources, in the form of {"key_one":"value_one","key_two":"value_two"}')
param Tags object = {}
Expand All @@ -93,7 +93,6 @@ var workspaceRepository = 'ai-unlimited-workspaces'
var workspaceSchedulerRepository = 'ai-unlimited-scheduler'
var workspaceUIRepository = 'ai-unlimited-workspaces-ui'


var cloudInitData = base64(format(
loadTextContent('../../../scripts/ai-unlimited.cloudinit.yaml'),
base64(format(
Expand All @@ -112,8 +111,8 @@ var cloudInitData = base64(format(
registry,
workspaceSchedulerRepository,
AiUnlimitedSchedulerVersion,
// AiUnlimitedSchedulerGrpcPort,
AiUnlimitedSchedulerHttpPort
AiUnlimitedSchedulerHttpPort,
AiUnlimitedGrpcPort
)),
base64(format(
loadTextContent('../../../scripts/ai-unlimited-ui.service'),
Expand Down Expand Up @@ -268,8 +267,14 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {

output PublicIP string = nlb.outputs.PublicIp
output PrivateIP string = aiUnlimited.outputs.PrivateIP
output AiUnlimitedPublicHttpAccess string = concat('http://${nlb.outputs.PublicDns}', (AiUnlimitedUIHttpPort != 80 ? concat(':', string(AiUnlimitedUIHttpPort)) : ''))
output AiUnlimitedPrivateHttpAccess string = concat('http://${aiUnlimited.outputs.PrivateIP}', (AiUnlimitedUIHttpPort != 80 ? concat(':', string(AiUnlimitedUIHttpPort)) : ''))
output AiUnlimitedPublicHttpAccess string = concat(
'http://${nlb.outputs.PublicDns}',
(AiUnlimitedUIHttpPort != 80 ? concat(':', string(AiUnlimitedUIHttpPort)) : '')
)
output AiUnlimitedPrivateHttpAccess string = concat(
'http://${aiUnlimited.outputs.PrivateIP}',
(AiUnlimitedUIHttpPort != 80 ? concat(':', string(AiUnlimitedUIHttpPort)) : '')
)
output AiUnlimitedPublicGrpcAccess string = 'http://${nlb.outputs.PublicDns}:${AiUnlimitedGrpcPort}'
output AiUnlimitedPrivateGrpcAccess string = 'http://${aiUnlimited.outputs.PrivateIP}:${AiUnlimitedGrpcPort}'
output KeyVaultName string = (UseKeyVault == 'New') ? vault.outputs.name : ''
Expand Down
Loading

0 comments on commit 687dedc

Please sign in to comment.