-
-
Notifications
You must be signed in to change notification settings - Fork 561
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: azure open ai via ockam portal
- Loading branch information
Showing
8 changed files
with
600 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
run_ockam_processed.sh | ||
.env.azure | ||
env |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# Azure OpenAI | ||
|
||
This hands-on example uses Ockam to create an end-to-end encrypted portal to a private Azure OpenAI API. | ||
|
||
We connect a python app in one virtual private network with an Azure OpenAI API configured via private endpoint in another virtual private network. | ||
The example uses the Azure CLI to create these virtual networks. | ||
|
||
You can read a detailed walkthrough of this example at: | ||
https://docs.ockam.io/portals/ai/azure_openai |
242 changes: 242 additions & 0 deletions
242
examples/command/portals/ai/azure_openai/ai_corp/run.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,242 @@ | ||
#!/usr/bin/env bash | ||
set -ex | ||
run() { | ||
enrollment_ticket="$1" | ||
|
||
# Create Resource Group | ||
echo "Creating Azure Resource Group..." | ||
az group create --name $RESOURCE_GROUP --location $LOCATION | ||
|
||
# Create Virtual Network | ||
echo "Creating Azure Virtual Network..." | ||
az network vnet create \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--name $VNET_NAME \ | ||
--address-prefix "10.0.0.0/16" \ | ||
--subnet-name $SUBNET_NAME \ | ||
--subnet-prefix "10.0.0.0/24" \ | ||
--location $LOCATION | ||
|
||
# Create OpenAI Service | ||
echo "Creating Azure OpenAI Service..." | ||
az cognitiveservices account create \ | ||
--name $SERVICE_NAME \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--kind OpenAI \ | ||
--sku S0 \ | ||
--location $LOCATION \ | ||
--custom-domain $SERVICE_NAME \ | ||
--tags "CreatedBy=AzureCLI" | ||
|
||
# Retrieve virtual network and subnet ID | ||
echo "Retrieving virtual network and subnet ID..." | ||
VNET_ID=$(az network vnet show --name $VNET_NAME --resource-group $RESOURCE_GROUP --query "id" -o tsv) | ||
SUBNET_ID=$(az network vnet subnet show --name $SUBNET_NAME --vnet-name $VNET_NAME --resource-group $RESOURCE_GROUP --query "id" -o tsv) | ||
|
||
# Create private endpoint for the OpenAI service | ||
echo "Creating private endpoint for the OpenAI service..." | ||
az network private-endpoint create \ | ||
--name $PRIVATE_ENDPOINT_NAME \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--vnet-name $VNET_NAME \ | ||
--subnet $SUBNET_NAME \ | ||
--private-connection-resource-id $(az cognitiveservices account show --name $SERVICE_NAME --resource-group $RESOURCE_GROUP --query "id" -o tsv) \ | ||
--group-id "account" \ | ||
--connection-name "${SERVICE_NAME}-connection" | ||
|
||
# Create private DNS zone and linking it... | ||
echo "Creating private DNS zone and linking it..." | ||
az network private-dns zone create \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--name $PRIVATE_DNS_ZONE | ||
|
||
# Link private DNS zone to virtual network... | ||
echo "Linking private DNS zone to virtual network..." | ||
az network private-dns link vnet create \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--zone-name $PRIVATE_DNS_ZONE \ | ||
--name "${VNET_NAME}-link" \ | ||
--virtual-network $VNET_ID \ | ||
--registration-enabled false | ||
|
||
# Configure DNS records... | ||
echo "Configuring DNS records..." | ||
PRIVATE_IP=$(az network private-endpoint show --name $PRIVATE_ENDPOINT_NAME --resource-group $RESOURCE_GROUP --query "customDnsConfigs[0].ipAddresses[0]" -o tsv) | ||
|
||
# Create DNS record set... | ||
echo "Creating DNS record set..." | ||
az network private-dns record-set a create \ | ||
--name $SERVICE_NAME \ | ||
--zone-name $PRIVATE_DNS_ZONE \ | ||
--resource-group $RESOURCE_GROUP | ||
|
||
# Add DNS record... | ||
echo "Adding DNS record..." | ||
az network private-dns record-set a add-record \ | ||
--record-set-name $SERVICE_NAME \ | ||
--zone-name $PRIVATE_DNS_ZONE \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--ipv4-address $PRIVATE_IP | ||
|
||
# Update network ACLs for the OpenAI service to deny public access... | ||
echo "Updating network ACLs for the OpenAI service to deny public access..." | ||
RESOURCE_ID=$(az cognitiveservices account show \ | ||
--name $SERVICE_NAME \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--query id -o tsv) | ||
|
||
# Update network ACLs for the OpenAI service to deny public access... | ||
az resource update \ | ||
--ids $RESOURCE_ID \ | ||
--set properties.networkAcls="{'defaultAction':'Deny'}" \ | ||
--set properties.publicNetworkAccess="Disabled" | ||
|
||
# Deploy model on OpenAI service | ||
echo "Deploying model ${MODEL_NAME} on ${SERVICE_NAME}..." | ||
az cognitiveservices account deployment create \ | ||
--name "$SERVICE_NAME" \ | ||
--resource-group "$RESOURCE_GROUP" \ | ||
--deployment-name "$DEPLOYMENT_NAME" \ | ||
--model-name "$MODEL_NAME" \ | ||
--model-version "$MODEL_VERSION" \ | ||
--model-format OpenAI \ | ||
--sku-capacity 1 \ | ||
--sku-name Standard | ||
|
||
# Setting up VM. Processing Ockam setup script... | ||
echo "Setting up VM. Processing Ockam setup script..." | ||
|
||
# Replace variables in the script | ||
sed "s|\${SERVICE_NAME}|${SERVICE_NAME}|g" run_ockam.sh | \ | ||
sed "s|\${TICKET}|${enrollment_ticket}|g" > run_ockam_processed.sh | ||
|
||
chmod +x run_ockam_processed.sh | ||
|
||
# Create VM and run Ockam setup script | ||
az vm create \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--name "${SERVICE_NAME}-vm" \ | ||
--image "RedHat:RHEL:8-lvm-gen2:latest" \ | ||
--admin-username "azureuser" \ | ||
--generate-ssh-keys \ | ||
--vnet-name $VNET_NAME \ | ||
--subnet $SUBNET_NAME \ | ||
--location $LOCATION \ | ||
--custom-data run_ockam_processed.sh \ | ||
--tags "CreatedBy=AzureCLI" | ||
|
||
# Get API key for OpenAI service | ||
API_KEY=$(az cognitiveservices account keys list \ | ||
--name $SERVICE_NAME \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--query "key1" \ | ||
-o tsv) | ||
|
||
# Get Ockam project ID | ||
PROJECT_ID=$(ockam project show --jq .id | tr -d '"') | ||
|
||
# Set Azure OpenAI endpoint | ||
AZURE_OPENAI_ENDPOINT="https://az-openai.${PROJECT_ID}.ockam.network:443" | ||
|
||
echo "AZURE_OPENAI_ENDPOINT=$AZURE_OPENAI_ENDPOINT" > .env.azure | ||
echo "AZURE_OPENAI_API_KEY=$API_KEY" >> .env.azure | ||
} | ||
|
||
cleanup() { | ||
echo "Cleaning up..." | ||
|
||
echo "Deleting VM and associated resources..." | ||
az vm delete \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--name "${SERVICE_NAME}-vm" \ | ||
--yes \ | ||
--force "yes" | ||
|
||
echo "Deleting disk..." | ||
DISK_NAME=$(az disk list \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--query "[?contains(name, '${SERVICE_NAME}-vm')].name" \ | ||
-o tsv) | ||
|
||
if [ -n "$DISK_NAME" ]; then | ||
echo "Found disk: $DISK_NAME" | ||
az disk delete \ | ||
-g "$RESOURCE_GROUP" \ | ||
-n "$DISK_NAME" \ | ||
--yes | ||
fi | ||
|
||
echo "Deleting NIC..." | ||
az network nic delete \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--name "${SERVICE_NAME}-vmVMNic" | ||
|
||
echo "Deleting public IP..." | ||
az network public-ip delete \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--name "${SERVICE_NAME}-vmPublicIP" | ||
|
||
echo "Deleting NSG..." | ||
az network nsg delete \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--name "${SERVICE_NAME}-vmNSG" | ||
|
||
echo "Deleting Private Endpoint..." | ||
az network private-endpoint delete \ | ||
--name $PRIVATE_ENDPOINT_NAME \ | ||
--resource-group $RESOURCE_GROUP | ||
|
||
echo "Deleting Azure OpenAI Service..." | ||
az cognitiveservices account delete \ | ||
--name $SERVICE_NAME \ | ||
--resource-group $RESOURCE_GROUP | ||
|
||
echo "Purging Azure OpenAI Service..." | ||
az cognitiveservices account purge \ | ||
--name $SERVICE_NAME \ | ||
--resource-group $RESOURCE_GROUP \ | ||
--location $LOCATION \ | ||
|| echo "Purge not needed or already completed" | ||
|
||
echo "Deleting Virtual Network..." | ||
az network vnet delete \ | ||
--name $VNET_NAME \ | ||
--resource-group $RESOURCE_GROUP | ||
|
||
echo "Deleting Resource Group..." | ||
az group delete \ | ||
--name $RESOURCE_GROUP \ | ||
--yes | ||
|
||
echo "Deleting local files" | ||
rm run_ockam_processed.sh | ||
rm .env.azure | ||
} | ||
|
||
|
||
user="" | ||
command -v sha256sum &>/dev/null && user=$(az ad signed-in-user show --query userPrincipalName -o tsv | sha256sum | cut -c 1-20) | ||
command -v shasum &>/dev/null && user=$(az ad signed-in-user show --query userPrincipalName -o tsv | shasum -a 256 | cut -c 1-20) | ||
export name="ockam-ex-az-openai-aicorp-$user" | ||
|
||
export RESOURCE_GROUP="${name}-rg" | ||
export LOCATION="eastus" | ||
|
||
# VNet | ||
export VNET_NAME="${name}-vnet" | ||
export SUBNET_NAME="${name}-subnet" | ||
|
||
# OpenAI Service | ||
export SERVICE_NAME="${name}-openai" | ||
export PRIVATE_DNS_ZONE="privatelink.openai.azure.com" | ||
export PRIVATE_ENDPOINT_NAME="${SERVICE_NAME}-private-endpoint" | ||
|
||
# Model | ||
export DEPLOYMENT_NAME="gpt-4o-mini" | ||
export MODEL_NAME="gpt-4o-mini" | ||
export MODEL_VERSION="2024-07-18" | ||
|
||
|
||
# Check if the first argument is "cleanup" | ||
# If it is, call the cleanup function. If not, call the run function. | ||
if [ "$1" = "cleanup" ]; then cleanup; else run "$1"; fi |
52 changes: 52 additions & 0 deletions
52
examples/command/portals/ai/azure_openai/ai_corp/run_ockam.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
#!/bin/bash | ||
set -ex | ||
|
||
echo "Starting Ockam installation..." | ||
if ! curl --proto '=https' --tlsv1.2 -sSfL https://install.command.ockam.io | bash; then | ||
echo "ERROR: Failed to install Ockam Command" | ||
exit 1 | ||
fi | ||
source "$HOME/.ockam/env" | ||
|
||
# Verify Ockam installation | ||
if ! ockam --version; then | ||
echo "ERROR: Ockam installation verification failed" | ||
exit 1 | ||
else | ||
echo "Ockam installation verification successful" | ||
fi | ||
|
||
echo "Setup ockam node" | ||
export OCKAM_LOG_MAX_FILES=5 | ||
export OCKAM_HOME=/opt/ockam_home | ||
export OCKAM_OPENTELEMETRY_EXPORT=false | ||
|
||
cat << OCKAMCONFIG > /opt/ockam.json | ||
{ | ||
"relay": "openai-relay", | ||
"tcp-outlet": { | ||
"to": "${SERVICE_NAME}.openai.azure.com:443", | ||
"allow": "azure-openai-inlet", | ||
"tls": true | ||
} | ||
} | ||
OCKAMCONFIG | ||
|
||
echo "Config file: $(cat /opt/ockam.json)" | ||
|
||
MARKER_FILE="/opt/ockam_setup_complete.marker" | ||
|
||
ENROLLMENT_TICKET=${TICKET} | ||
|
||
echo "Check if the $MARKER_FILE file exists to decide to restore or setup a new node" | ||
if [ -f "$MARKER_FILE" ]; then | ||
echo "Marker file $MARKER_FILE exists, Restoring state" | ||
ockam node delete --all --yes | ||
ockam node create /opt/ockam.json | ||
else | ||
echo "Enrolling project with ticket" | ||
ockam node create /opt/ockam.json --enrollment-ticket "$ENROLLMENT_TICKET" | ||
touch "$MARKER_FILE" | ||
fi | ||
|
||
echo "Startup script completed successfully" |
25 changes: 25 additions & 0 deletions
25
examples/command/portals/ai/azure_openai/health_corp/client.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
import os | ||
from openai import AzureOpenAI | ||
|
||
# Initialize Azure OpenAI client | ||
client = AzureOpenAI( | ||
azure_endpoint=os.getenv('AZURE_OPENAI_ENDPOINT'), | ||
api_key=os.getenv('AZURE_OPENAI_API_KEY'), | ||
api_version="2024-02-15-preview" | ||
) | ||
|
||
try: | ||
print(f"Connecting to: {client.base_url}") | ||
|
||
response = client.chat.completions.create( | ||
model="gpt-4o-mini", | ||
messages=[ | ||
{"role": "user", "content": "What is Ockham's Razor?"} | ||
] | ||
) | ||
|
||
print("\nResponse:", response.choices[0].message.content) | ||
print("\nThe example run was successful 🥳.") | ||
|
||
except Exception as e: | ||
print(f"An error occurred: {e}") |
Oops, something went wrong.