diff --git a/CONTRIBUTE.md b/CONTRIBUTE.md index 0e6dd460..37cdc538 100644 --- a/CONTRIBUTE.md +++ b/CONTRIBUTE.md @@ -1,12 +1,12 @@ -# Contributing to Moodle on Azure +# Contributing to Moodle on Azure The TL;DR version is: - * We are a community project - * We seek to make decisions through community consensus - * We prefer debate through gradual improvement through pull requests to endless discussion about the "perfect" solution - * We are a meritocracy, not a democracy - * We welcome all your contributions including but not limited to feature requests, bug-reports, documentation and code +* We are a community project +* We seek to make decisions through community consensus +* We prefer debate through gradual improvement through pull requests to endless discussion about the "perfect" solution +* We are a meritocracy, not a democracy +* We welcome all your contributions including but not limited to feature requests, bug-reports, documentation and code ## How the project is managed @@ -20,23 +20,23 @@ The short version of how to contribute to this project is "just do it". Where "it" can be defined as any valuable contribution (and to be clear, asking questions is a valuable contribution): - * ask questions - * provide feedback - * write or update documentation - * help new users - * recommend the project to others - * test the code and report bugs - * fix bugs and issue pull requests - * give us feedback on required features - * write and update the software - * create artwork - * translate to different languages - * anything you can see that needs doing +* ask questions +* provide feedback +* write or update documentation +* help new users +* recommend the project to others +* test the code and report bugs +* fix bugs and issue pull requests +* give us feedback on required features +* write and update the software +* create artwork +* translate to different languages +* anything you can see that needs doing Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit -https://cla.microsoft.com. +[https://cla.microsoft.com]. When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately @@ -79,8 +79,8 @@ This is an open source project. We have a few mantras to ensure efficient collaboration, these mostly boil down to ensuring good visibility into the communities goals. These include: - * If it didn't happen in public, it didn't happen - * Scratch your own itch +* If it didn't happen in public, it didn't happen +* Scratch your own itch ### If it didn't happen in public, it didn't happen (aka full transparency) @@ -100,34 +100,34 @@ This is an open source project. We welcome feature requests and, as a community, we will provide feedback on whether we intend to work on it or not. To this end we categories feature requests in one of 4 ways: - * Priority 0 (will address) - * Priority 1 (may address) - * Priority 2 (maybe one day) - * wontfix (out of scope) +* Priority 0 (will address) +* Priority 1 (may address) +* Priority 2 (maybe one day) +* wontfix (out of scope) Using these priorities it is easy for community members to decide where to spend their time. For example: - * Priority 0 items are actively being worked on by at least one - community member. Others are welcome to contribute as appropriate - (reviews are particularly important) - * Priority 1 items are seen as important and are likely to be worked - on in the short to medium term, but there is no community member - active on the project at this time. Community members are welcome - to take ownership of these issues and propose a solution that they - intend to implement. If the community accepts the proposal then it - will become a Priority 0 issue. - * Priority 2 items are seen as interesting proposals that are not in - conflict with the projects goals but are unlikely to be worked on - by any existing communty members. Community members who have a - need for these items are strongly encouraged to identify - themselves and offer a proposal for a solution. If there is enough - support within the existing community this item can become a - Priority 0 under your leadership. - * Wontfix items are considered out of scope for this project. - Community members should seek to solve the problem in different - ways. Often this will mean contribution to Moodle itself or a - plugin that is external to this community. +* Priority 0 items are actively being worked on by at least one + community member. Others are welcome to contribute as appropriate + (reviews are particularly important) +* Priority 1 items are seen as important and are likely to be worked + on in the short to medium term, but there is no community member + active on the project at this time. Community members are welcome + to take ownership of these issues and propose a solution that they + intend to implement. If the community accepts the proposal then it + will become a Priority 0 issue. +* Priority 2 items are seen as interesting proposals that are not in + conflict with the projects goals but are unlikely to be worked on + by any existing communty members. Community members who have a + need for these items are strongly encouraged to identify + themselves and offer a proposal for a solution. If there is enough + support within the existing community this item can become a + Priority 0 under your leadership. +* Wontfix items are considered out of scope for this project. + Community members should seek to solve the problem in different + ways. Often this will mean contribution to Moodle itself or a + plugin that is external to this community. ## Community roles @@ -139,15 +139,15 @@ Users self-identify by using our software and documentation. Their responsibilities are to benefit from our work, but we welcome contributions from users, such as: - * Ask questions - * Answer questions - * Feature requests - * Bug reports - * Design reviews - * Planning reviews - * Evangelize the project - * and more... - +* Ask questions +* Answer questions +* Feature requests +* Bug reports +* Design reviews +* Planning reviews +* Evangelize the project +* and more... + Some users will become more involved with the project, those users become Contributors. @@ -158,13 +158,13 @@ project. Their responsibilities are to help the project be succesful by ensuring that our work matches the needs of our users. Possible contributions can include: - * Everything a User might contribute - * Remove blocks for users - * Provide design input - * Review pull requests - * Implement features - * Triage questions, feature requests and bug reports - * and more... +* Everything a User might contribute +* Remove blocks for users +* Provide design input +* Review pull requests +* Implement features +* Triage questions, feature requests and bug reports +* and more... Some contributors will become very engaged and therefore become an essential part of the community, these contributors will become @@ -177,11 +177,11 @@ themselves into our process to ensure they run well. The goal is to empower our contributors who in turn focus on delighting our users. Maintainers contributions may include: - * Everyting Users and Contributors do - * Merge pull requests where appropriate - * Seek community consensus where conflict occurs - * Remove blocks for contributors - * and more... +* Everyting Users and Contributors do +* Merge pull requests where appropriate +* Seek community consensus where conflict occurs +* Remove blocks for contributors +* and more... ## Pull requests, Review and Merges @@ -193,8 +193,8 @@ reviews, that is a community wide responsibility. We operate under two models of review process as appropriate to each circumstance: - * Merge then Review (our preferred model) - * Review then Merge +* Merge then Review (our preferred model) +* Review then Merge ### Merge Then Review @@ -233,4 +233,3 @@ Where a change is on the critical path or it is potentiall contriversial maintainers should request reviews using the GitHub tooling. The last reviewer to sign-off on the pull request will merge the pull request. - diff --git a/README.md b/README.md index c3e549ca..df3a3d16 100644 --- a/README.md +++ b/README.md @@ -13,29 +13,31 @@ The following button will allow you to specify various configurations for your M deployment. The number of configuration options might be overwhelming, so some pre-defined/restricted deployment options for typical Moodle scenarios follow this. -[![Deploy to Azure Fully Configurable](http://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy.json) [![Visualize](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/visualizebutton.png)](http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy.json) +[![Deploy to Azure Fully Configurable](https://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy.json) [![Visualize](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/visualizebutton.png)](https://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy.json) ## SSH Key Requirement -All of the deployment options require you to provide a valid SSH protocol 2 (SSH-2) RSA public-private key pairs with a minimum length of 2048 bits. Other key formats such as ED25519 and ECDSA are not supported. +All of the deployment options require you to provide a valid SSH protocol 2 (SSH-2) RSA public-private key pairs with a minimum length of 2048 bits. Other key formats such as ED25519 and ECDSA are not supported. If you are unfamiliar with SSH and SSH keys, read this [article](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys) which will explain how to generate a key pair. You will create a ssh key pair. The public key is copied to the instances via the template. The private key is your identity that you will use to connect to different parts of the service. ## Predefined deployment options + Below are a list of pre-defined/restricted deployment options based on typical deployment scenarios (i.e. dev/test, production etc.) All configurations are fixed and you just need to pass your ssh public key to the template so that you can log in to the deployed VMs. | Deployment Type | Description | Launch | | --- | --- | --- -| Minimal | This deployment will use NFS, Microsoft SQL, and smaller autoscale web frontend VM sku (1 core) that'll give faster deployment time (less than 30 minutes) and requires only 2 VM cores currently that'll fit even in a free trial Azure subscription.|[![Deploy to Azure Minimally](http://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy-minimal.json) -| Small to Mid-Size | Supporting up to 1000 concurrent users. This deployment will use NFS (no high availability) and MySQL (8 vCores), without other options like elastic search or redis cache.|[![Deploy to Azure Minimally](http://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy-small2mid-noha.json) -|Large size deployment (with high availability)| Supporting more than 2000 concurrent users. This deployment will use Gluster (for high availability, requiring 2 VMs), MySQL (16 vCores) and redis cache, without other options like elastic search. |[![Deploy to Azure Minimally](http://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy-large-ha.json) -| Maximum |This maximal deployment will use Gluster (for high availability, adding 2 VMs for a Gluster cluster), MySQL with highest SKU, redis cache, elastic search (3 VMs), and pretty large storage sizes (both data disks and DB).|[![Deploy to Azure Maximally](http://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy-maximal.json) +| Minimal | This deployment will use NFS, Microsoft SQL, and smaller autoscale web frontend VM sku (1 core) that'll give faster deployment time (less than 30 minutes) and requires only 2 VM cores currently that'll fit even in a free trial Azure subscription.|[![Deploy to Azure Minimally](https://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy-minimal.json) +| Small to Mid-Size | Supporting up to 1000 concurrent users. This deployment will use NFS (no high availability) and MySQL (8 vCores), without other options like elastic search or redis cache.|[![Deploy to Azure Minimally](https://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy-small2mid-noha.json) +|Large size deployment (with high availability)| Supporting more than 2000 concurrent users. This deployment will use Gluster (for high availability, requiring 2 VMs), MySQL (16 vCores) and redis cache, without other options like elastic search. |[![Deploy to Azure Minimally](https://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy-large-ha.json) +| Maximum |This maximal deployment will use Gluster (for high availability, adding 2 VMs for a Gluster cluster), MySQL with highest SKU, redis cache, elastic search (3 VMs), and pretty large storage sizes (both data disks and DB).|[![Deploy to Azure Maximally](https://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FMoodle%2Fmaster%2Fazuredeploy-maximal.json) -NOTE: Depending on the region you choose to deploy the stack in - the deployment might fail due to SKUs being hardcoded in the template where they are not available. For example, today our small-mid-size deployment option hard codes Gen-4 Azure MySQL SKUs into the template, and if a region where that is currently not available in (i.e. westus2) is used, your deployment will fail. If your deployment fails, please revert to the fully configurable template where possible and change the SKU paramater to one that exists in your region (i.e. Gen-5) or alternatively change your deployment region to one in which the SKU is available (i.e. southcentralus). +NOTE: Depending on the region you choose to deploy the stack in - the deployment might fail due to SKUs being hardcoded in the template where they are not available. For example, today our small-mid-size deployment option hard codes Gen-4 Azure MySQL SKUs into the template, and if a region where that is currently not available in (i.e. westus2) is used, your deployment will fail. If your deployment fails, please revert to the fully configurable template where possible and change the SKU paramater to one that exists in your region (i.e. Gen-5) or alternatively change your deployment region to one in which the SKU is available (i.e. southcentralus). ## Stack Architecture This template set deploys the following infrastructure core to your Moodle instance: + - Autoscaling web frontend layer (Nginx for https termination, Varnish for caching, Apache/php or nginx/php-fpm) - Private virtual network for frontend instances - Controller instance running cron and handling syslog for the autoscaled site @@ -44,6 +46,7 @@ This template set deploys the following infrastructure core to your Moodle insta - Dual [GlusterFS](https://www.gluster.org/) nodes or NFS for high availability access to Moodle files This template set *optionally* configures the following additional infrastructure: + - [Azure Backup](https://azure.microsoft.com/en-us/services/backup/) for Moodle site backups - [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/) for ObjectFS (Moodle sitedata) - [Azure Application Gateway](https://azure.microsoft.com/en-us/services/application-gateway/) for SSL offloading and WAF @@ -51,14 +54,16 @@ This template set *optionally* configures the following additional infrastructur - [Azure DDoS Protection](https://azure.microsoft.com/en-us/services/ddos-protection/) plan to secure your Moodle site from DDoS attacks - [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/) for storing your CA Cert for your Moodle site - [Azure Search](https://azure.microsoft.com/en-us/services/search/) instance or three Elasticsearch VMs for HA Global Search in Moodle -- [Apache Tika](http://tika.apache.org/) VMs for search indexing in Moodle +- [Apache Tika](https://tika.apache.org/) VMs for search indexing in Moodle ![network_diagram](images/stack_diagram.png "Diagram of deployed stack") The template also optionally installs plugins that allow Moodle to be integrated with select Azure services (see below for details). ## Useful Moodle plugins for integrating Moodle with Azure Services + There below is a listing of useful plugins allow Moodle to be integrated with select Azure services: + - [Object File System Plugin*](https://github.com/catalyst/moodle-tool_objectfs) for [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/) - [Azure Search Plugin*](https://github.com/catalyst/moodle-search_azure) for [Azure Search](https://azure.microsoft.com/en-us/services/logic-apps/) - [Trigger Plugin](https://github.com/catalyst/moodle-tool_trigger) and [Restful Webservice Plugin](https://github.com/catalyst/moodle-webservice_restful) for [Azure Logic Apps](https://azure.microsoft.com/en-us/services/logic-apps/) (requires use of [Moodle Connector](https://github.com/catalyst/azure-connector_moodle) now in development) @@ -68,40 +73,41 @@ There below is a listing of useful plugins allow Moodle to be integrated with se At the current time this template allows the optional installation of the plugins above with a * next to them. Please note these plugins can be installed at any time post deployment via Moodle's own [plugin directory](https://moodle.org/plugins/). You can find a list of all Azure relevant plugins in the Moodle plugin directory [here](https://moodle.org/plugins/browse.php?list=set&id=91). You might also choose to follow this list via RSS. ## Moodle as a Managed Application + You can learn more about how you can offer Moodle as a Managed Application on the Azure Marketplace or on an IT Service Catalog [here](https://github.com/Azure/Moodle/tree/master/managedApplication). This is a great read if you are offering Moodle hosting services today for your customers. -## Observations about the current template +## Observations about the current template + The template is highly configurable. Full details of the configuration options can be found in our [documentation](https://github.com/Azure/Moodle/tree/master/docs) (more specifically in our [parameters documentation](https://github.com/Azure/Moodle/blob/master/docs/Parameters.md)). The following sections describe observations about the template that you will likely want to review before deploying: -**Scalability** Our system is designed to be highly scalable. To achieve this we provide a Virtual Machine Scaleset for the web tier. This is already configured to scale on high load. However, scaling the VMs is not instantaneous. If you know you will have a high-load situation(e.g. exam, you should manually scale the VMs prior to the event. This can be done through the Azure portal or the CLI. The database is less easily scaled at this point, but it is possible and documented in our [management documentation](https://github.com/Azure/Moodle/blob/master/docs/Manage.md#resizing-your-database). +-*Scalability** Our system is designed to be highly scalable. To achieve this we provide a Virtual Machine Scaleset for the web tier. This is already configured to scale on high load. However, scaling the VMs is not instantaneous. If you know you will have a high-load situation(e.g. exam, you should manually scale the VMs prior to the event. This can be done through the Azure portal or the CLI. The database is less easily scaled at this point, but it is possible and documented in our [management documentation](https://github.com/Azure/Moodle/blob/master/docs/Manage.md#resizing-your-database). -**SSL** The template fully supports SSL but it is not possible for the template to manage this for you. More information in our [managing certs documentation](https://github.com/Azure/Moodle/blob/master/docs/SslCert.md). +-*SSL** The template fully supports SSL but it is not possible for the template to manage this for you. More information in our [managing certs documentation](https://github.com/Azure/Moodle/blob/master/docs/SslCert.md). -**Moodle PHP Code** The Moodle PHP code is stored on the Controller VM and copied to each front end VM upon deployment and upon request (should you update the Moodle code with your own code). For more information see our [management documentation](https://github.com/Azure/Moodle/blob/master/docs/Manage.md#updating-moodle-codesettings). +-*Moodle PHP Code** The Moodle PHP code is stored on the Controller VM and copied to each front end VM upon deployment and upon request (should you update the Moodle code with your own code). For more information see our [management documentation](https://github.com/Azure/Moodle/blob/master/docs/Manage.md#updating-moodle-codesettings). -**Database** Currently the best performance is achieved with [Azure Database for MySQL](https://azure.microsoft.com/en-us/services/mysql/) and [Azure SQL Database](https://azure.microsoft.com/en-us/services/sql-database/). With [Azure Database for PostgreSQL](https://azure.microsoft.com/en-us/services/postgresql/) we have hit database constraints which caused processes to load up on the frontends until they ran out of memory. It is possible some PostgreSQL tuning might help here. At this stage Azure Database for MySQL and PostgreSQL do not support being moved to a vnet. As a workaround, we use a firewall-based IP restriction allow access only to the controller VM and VMSS load-balancer IPs. +-*Database** Currently the best performance is achieved with [Azure Database for MySQL](https://azure.microsoft.com/en-us/services/mysql/) and [Azure SQL Database](https://azure.microsoft.com/en-us/services/sql-database/). With [Azure Database for PostgreSQL](https://azure.microsoft.com/en-us/services/postgresql/) we have hit database constraints which caused processes to load up on the frontends until they ran out of memory. It is possible some PostgreSQL tuning might help here. At this stage Azure Database for MySQL and PostgreSQL do not support being moved to a vnet. As a workaround, we use a firewall-based IP restriction allow access only to the controller VM and VMSS load-balancer IPs. -**File Storage** There are two options for file storage (moodledata) - Gluster FS and NFS. The Gluster FS solution is replicated thus provides highler availability, but incurs additional cost (2 x VMs) and some performance penalties (we are exploring ways to improve this and would welcome contributions from people who know Moodle and/or Gluster). NFS is highly performant and utilizes an existing VM in the cluster (so lower cost), but it is a single point of failure. At the time of writing there is no simple way to switch from one to the other depending on expected workloads and availability requirements, again this is something we would love to see resolved. +-*File Storage** There are two options for file storage (moodledata) - Gluster FS and NFS. The Gluster FS solution is replicated thus provides highler availability, but incurs additional cost (2 x VMs) and some performance penalties (we are exploring ways to improve this and would welcome contributions from people who know Moodle and/or Gluster). NFS is highly performant and utilizes an existing VM in the cluster (so lower cost), but it is a single point of failure. At the time of writing there is no simple way to switch from one to the other depending on expected workloads and availability requirements, again this is something we would love to see resolved. -**Search.** Azure supports running an Elasticsearch cluster, however it does not offer a fully-managed Elasticsearch service, so for those looking for a fully-managed Search service [Azure Search](https://azure.microsoft.com/en-us/services/logic-apps/) is recommended. +-*Search.** Azure supports running an Elasticsearch cluster, however it does not offer a fully-managed Elasticsearch service, so for those looking for a fully-managed Search service [Azure Search](https://azure.microsoft.com/en-us/services/logic-apps/) is recommended. -**Caching.** While enabling Redis cache can improve performance for a large Moodle site we have not seen it be very effective for small-to-medium size sites. We can likely improve upon this, patches welcome ;-) +-*Caching.** While enabling Redis cache can improve performance for a large Moodle site we have not seen it be very effective for small-to-medium size sites. We can likely improve upon this, patches welcome ;-) -**Regions.** Note that not all resources types (such as databases) may be available in your region. You should check the list of [Azure Products by Region](https://azure.microsoft.com/en-us/global-infrastructure/services/) to for local availability. +-*Regions.** Note that not all resources types (such as databases) may be available in your region. You should check the list of [Azure Products by Region](https://azure.microsoft.com/en-us/global-infrastructure/services/) to for local availability. ## Common questions about this Template -1. **Is this template Moodle as IaaS or PaaS?** While the current template leverages PaaS services such as Redis, MySQL, Postgres, MS SQL etc. the current template offers Moodle as IaaS. Given limitations to Moodle our focus is IaaS for the time being however we would love to be informed of your experience running Moodle as PaaS on Azure (i.e. using [Azure Container Service](https://azure.microsoft.com/en-us/services/container-service/) or [Azure App Service](https://azure.microsoft.com/en-us/services/container-service/)). -2. **The current template uses Ubuntu. Will other Operating Systems such as CentOS or Windows Server be supported in the future?** Unfortunately we only have plans to support Ubuntu at this time. It is highly unlikely that this will change. +1. **Is this template Moodle as IaaS or PaaS?** While the current template leverages PaaS services such as Redis, MySQL, Postgres, MS SQL etc. the current template offers Moodle as IaaS. Given limitations to Moodle our focus is IaaS for the time being however we would love to be informed of your experience running Moodle as PaaS on Azure (i.e. using [Azure Container Service](https://azure.microsoft.com/en-us/services/container-service/) or [Azure App Service](https://azure.microsoft.com/en-us/services/container-service/)). +2. **The current template uses Ubuntu. Will other Operating Systems such as CentOS or Windows Server be supported in the future?** Unfortunately we only have plans to support Ubuntu at this time. It is highly unlikely that this will change. +3. **What configuration do you recommend for my Moodle site?** The answer is it depends. At this stage we provide some rudimenatary t-shirt sized deployment recommendations and we are still building out our load testing tools and methodologies to provide more granularity. With that being said this is an area we are investing heavily in this area and we would love your contributions (i.e. load testing scripts, tools, methodologies etc.). -3. **What configuration do you recommend for my Moodle site?** The answer is it depends. At this stage we provide some rudimenatary t-shirt sized deployment recommendations and we are still building out our load testing tools and methodologies to provide more granularity. With that being said this is an area we are investing heavily in this area and we would love your contributions (i.e. load testing scripts, tools, methodologies etc.). + If you have an immediate need for guidance for a larger sized deployment, you might want to share some details around your deployment on our [issues page](https://github.com/Azure/Moodle/issues) and we will do our best to respond. Please as much information about your deployment as possible such as: -If you have an immediate need for guidance for a larger sized deployment, you might want to share some details around your deployment on our [issues page](https://github.com/Azure/Moodle/issues) and we will do our best to respond. Please as much information about your deployment as possible such as: - - * average number of concurrent users your site will see - * maximum level of concurrent/simultaenous users your site needs to support - * whether or not HA is needed - * any other attributes specific to your deployment (i.e. load balancing across regions etc.) + - average number of concurrent users your site will see + - maximum level of concurrent/simultaenous users your site needs to support + - whether or not HA is needed + - any other attributes specific to your deployment (i.e. load balancing across regions etc.) 4. **Did Microsoft build this template alone or with the help of the Moodle community?** We did not build this template alone. We relied on the expertise and guidance of many capable Moodle partners around the world. The initial implementation of the template was done by [Catalyst IT](https://github.com/catalyst). @@ -111,64 +117,70 @@ If you have an immediate need for guidance for a larger sized deployment, you mi 7. **I am already running Moodle on Azure. How does this work benefit me?** We are looking for painpoints from you and the broader Moodle on Azure community that we can help solve. We are also looking to understand where our implementation of Moodle on Azure outperforms or underperforms other implementations such as yours that are out in the wild. If you have observations, performance benchmarks or just general feedback about your experience running Moodle on Azure that you'd like to share we're extremely interested! Load testing is a very big area of focus, so if you have scripts you wouldn't mind contributing please let us know. -8. **Has anyone run this template sucessfully in production?** Yes they have. With that being said, we do not make any performance guarantees about this architecture. +8. **Has anyone run this template sucessfully in production?** Yes they have. With that being said, we do not make any performance guarantees about this architecture. -9. **What type of improvements have you succeeded in making** Since we first began this effort we have managed to make great gains, achieving a >2x performance boost from our original configuration by making tweaks to things like where PHP files were stored. Our work is nowhere near over. +9. **What type of improvements have you succeeded in making** Since we first began this effort we have managed to make great gains, achieving a >2x performance boost from our original configuration by making tweaks to things like where PHP files were stored. Our work is nowhere near over. -10. **What other Azure services (i.e. [Azure CDN](https://azure.microsoft.com/en-us/services/cdn/), [Azure Media Services](https://azure.microsoft.com/en-us/services/media-services/), [Azure Bot Service](https://azure.microsoft.com/en-us/services/bot-service/) etc.) will you be integrating with when this effort is complete?** It's not clear yet. We'll need your [feedback](https://github.com/Azure/Moodle/issues) to decide. +10. **What other Azure services (i.e. [Azure CDN](https://azure.microsoft.com/en-us/services/cdn/), [Azure Media Services](https://azure.microsoft.com/en-us/services/media-services/), [Azure Bot Service](https://azure.microsoft.com/en-us/services/bot-service/) etc.) will you be integrating with when this effort is complete?** It's not clear yet. We'll need your [feedback](https://github.com/Azure/Moodle/issues) to decide. -11. **Why is the database on a public subnet?** At this stage Azure Database for MySQL and PostgreSQL do not support being moved to a vnet. As a workaround, we use a firewall-based IP restriction allow access only to the controller VM and VMSS load-balancer IPs. +11. **Why is the database on a public subnet?** At this stage Azure Database for MySQL and PostgreSQL do not support being moved to a vnet. As a workaround, we use a firewall-based IP restriction allow access only to the controller VM and VMSS load-balancer IPs. -12. **How can I help with this effort?** Please see below. +12. **How can I help with this effort?** Please see below. ## Automated Testing (Travis CI) + This repository uses [Travis CI](https://travis-ci.org/) to deliver automated testing. The following tests are carried out for every Pull Request and will also run in a Travis CI enabled forked repository: -* **JSON Linting** - All JSON files are linted to ensure they do not contain any syntax errors. -* **JSON Code Style** - All JSON files are tested to ensure they comply with project code style rules. + +- **JSON Linting** - All JSON files are linted to ensure they do not contain any syntax errors. +- **JSON Code Style** - All JSON files are tested to ensure they comply with project code style rules. The following tests are carried out as part of the Pull Request merging prior to a contribution being accepted into the release branch: -* **Template Validation** - The template is subbmitted to Azure to ensure it is correclty formatted and contains valid logic. -* **Template Build** - The template is submitted to Azure and the stack described in the template is built to ensure a stack is correctly deployed. + +- **Template Validation** - The template is subbmitted to Azure to ensure it is correclty formatted and contains valid logic. +- **Template Build** - The template is submitted to Azure and the stack described in the template is built to ensure a stack is correctly deployed. ### Setting Up Travis CI for Template Build + The following describes the process required if you want to run the template validation and build steps using your own Travis and Azure accounts. To set up the build process, you will need: -* An Azure account or active subscription -* A fork of this repository linked to Travis CI -* Access to an installed instance of the Azure CLI -* A SSH keypair -The Travis CI process uses the *Azure CLI Service Principal* login method to authenticate against Azure. The documentation for logging in via a Service Principal can be found here: https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli?view=azure-cli-latest#logging-in-with-a-service-principal +- An Azure account or active subscription +- A fork of this repository linked to Travis CI +- Access to an installed instance of the Azure CLI +- A SSH keypair + +The Travis CI process uses the *Azure CLI Service Principal* login method to authenticate against Azure. The documentation for logging in via a Service Principal can be found here: [https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli?view=azure-cli-latest#logging-in-with-a-service-principal] -Before you can log in using the Service Principal process you need to create a *Service Principal*. The documentation to create a Service Principal login can be found here: https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest +Before you can log in using the Service Principal process you need to create a *Service Principal*. The documentation to create a Service Principal login can be found here: [https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest] When a Service Principal is created using the Azure CLI a JSON response is returned containing: -* **name** - This is the Service Principal username. -* **password** - This is the Service Principal password. -* **tenantId** - This is the Service Principal tenant unique ID. + +- **name** - This is the Service Principal username. +- **password** - This is the Service Principal password. +- **tenantId** - This is the Service Principal tenant unique ID. You will need these three above values to have Travis and Azure deploy and test your template. The next step is to take the above values returned by the Service Principal creation and use them to define *environment variables* in Travis CI. -The following link shows how to set up per repository environment variables in Travis CI: https://docs.travis-ci.com/user/environment-variables/#Defining-Variables-in-Repository-Settings Using this documention set up the following three *hidden* environment variables in Travis CI for your fork of this repository. +The following link shows how to set up per repository environment variables in Travis CI: [https://docs.travis-ci.com/user/environment-variables/#Defining-Variables-in-Repository-Settings] Using this documention set up the following three *hidden* environment variables in Travis CI for your fork of this repository. -* **SPNAME** - The value of the *name* parameter returned by the Service Principal create proccess. -* **SPPASSWORD** - The value of the *password* parameter returned by the Service Principal create proccess. -* **SPTENANT** - The value of the *tenant* parameter returned by the Service Principal create proccess. -* **SPSSHKEY** *(default: generate new)*- A public SSH key that you have the corresponding private key for. This is currently not used but is required for the build to be successful. -* **LOCATION** *(default: southcentralus)*- Location for the test resource group. -* **RESOURCEGROUP** *(default: azmdl-travis-XXX)*- Name to use for the resource group. -* **FULLCI_BRANCHES** *(default: master)*- Name of branches (separated by ':') to always run FULL CI (if credentials are provided). Full CI will run a deployment test which will create and use resources from your Azure account. +- **SPNAME** - The value of the *name* parameter returned by the Service Principal create proccess. +- **SPPASSWORD** - The value of the *password* parameter returned by the Service Principal create proccess. +- **SPTENANT** - The value of the *tenant* parameter returned by the Service Principal create proccess. +- **SPSSHKEY** *(default: generate new)*- A public SSH key that you have the corresponding private key for. This is currently not used but is required for the build to be successful. +- **LOCATION** *(default: southcentralus)*- Location for the test resource group. +- **RESOURCEGROUP** *(default: azmdl-travis-XXX)*- Name to use for the resource group. +- **FULLCI_BRANCHES** *(default: master)*- Name of branches (separated by ':') to always run FULL CI (if credentials are provided). Full CI will run a deployment test which will create and use resources from your Azure account. -**NOTE:** You can trigger a full CI test by adding *[full ci]* or *[fullci]* anywhere in the commit message. +-*NOTE:** You can trigger a full CI test by adding *[full ci]* or *[fullci]* anywhere in the commit message. -**NOTE:** Make sure you set the environment variables to hidden otherwise they will be exposed publically at run time. +-*NOTE:** Make sure you set the environment variables to hidden otherwise they will be exposed publically at run time. -**NOTE:** As per the Travis CI documentation make sure you have correctly escaped the enviroment variable values when they are defined. +-*NOTE:** As per the Travis CI documentation make sure you have correctly escaped the enviroment variable values when they are defined. Once the environment variables are defined, Travis CI will run the template validate and build steps as part of the test process. @@ -176,7 +188,7 @@ Once the environment variables are defined, Travis CI will run the template vali This project welcomes contributions and suggestions. Our goal is to work on Azure specific tooling for deploying and managing the open -source [Moodle](http://moodle.org) learning management system on +source [Moodle](https://moodle.org) learning management system on Azure. We do not work on Moodle itself here, instead we work upstream as appropriate. @@ -184,18 +196,18 @@ The short version of how to contribute to this project is "just do it". Where "it" can be defined as any valuable contribution (and to be clear, asking questions is a valuable contribution): - * ask questions - * provide feedback - * write or update documentation - * help new users - * recommend the project to others - * test the code and report bugs - * fix bugs and issue pull requests - * give us feedback on required features - * write and update the software - * create artwork - * translate to different languages - * anything you can see that needs doing +- ask questions +- provide feedback +- write or update documentation +- help new users +- recommend the project to others +- test the code and report bugs +- fix bugs and issue pull requests +- give us feedback on required features +- write and update the software +- create artwork +- translate to different languages +- anything you can see that needs doing For a more detailed discussion of how to contribute see our [Contribution Guide](CONTRIBUTE.md). @@ -225,9 +237,9 @@ or registered trademarks of Microsoft in the United States and/or other countries. The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. Microsoft's general trademark guidelines can be found at -http://go.microsoft.com/fwlink/?LinkID=254653. +[https://go.microsoft.com/fwlink/?LinkID=254653]. -Privacy information can be found at https://privacy.microsoft.com/en-us/ +Privacy information can be found at [https://privacy.microsoft.com/en-us/] Microsoft and any contributors reserve all others rights, whether under their respective copyrights, patents, or trademarks, whether by @@ -235,6 +247,6 @@ implication, estoppel or otherwise. ## Next Steps - 1. [Deploy a Moodle Cluster](docs/Deploy.md) - 1. [Obtain Deployment Details about a Moodle Cluster](docs/Get-Install-Data.md) - 1. [Delete a Moodle Cluster](docs/Delete.md) +1. [Deploy a Moodle Cluster](docs/Deploy.md) +1. [Obtain Deployment Details about a Moodle Cluster](docs/Get-Install-Data.md) +1. [Delete a Moodle Cluster](docs/Delete.md) diff --git a/docs/Cleanup.md b/docs/Cleanup.md index 967f65ee..1c52ae7b 100644 --- a/docs/Cleanup.md +++ b/docs/Cleanup.md @@ -17,6 +17,6 @@ Note, that this command will not fully delete the resource group if you have Azure Backup enabled since the Recovery Services Vault will not be deleted (it's got the backups of you data!). -``` bash +```Bash for filename in $MOODLE_AZURE_WORKSPACE/*; do az group delete --yes --name $(basename $filename) --no-wait; done ``` diff --git a/docs/Deploy.md b/docs/Deploy.md index 56a6abb4..787bc721 100644 --- a/docs/Deploy.md +++ b/docs/Deploy.md @@ -12,7 +12,6 @@ install. To make things consitent across different sessions managing Moodle we should [configure the environment](./Preparation.md). - ## Create Resource Group When you create the Moodle cluster you will create many resources. On @@ -20,7 +19,7 @@ Azure it is a best practice to collect such resources together in a Resource Group. The first thing we need to do, therefore, is create a resource group: -``` +```Bash az group create --name $MOODLE_RG_NAME --location $MOODLE_RG_LOCATION ``` @@ -57,7 +56,7 @@ placeholder in the parameters template file with an SSH key used for testing puporses (this is created as part of the envrionment setup in the prerequisites): -``` bash +```Bash ssh_pub_key=`cat $MOODLE_SSH_KEY_FILENAME.pub` echo $ssh_pub_key sed "s|GEN-SSH-PUB-KEY|$ssh_pub_key|g" $MOODLE_AZURE_WORKSPACE/arm_template/azuredeploy.parameters.json > $MOODLE_AZURE_WORKSPACE/$MOODLE_RG_NAME/azuredeploy.parameters.json @@ -75,7 +74,7 @@ For more information see the [parameters documentation](Parameters.md). Now that we have a resource group and a configuration file we can create the cluster itself. This is done with a single command: -``` +```Bash az group deployment create --name $MOODLE_DEPLOYMENT_NAME --resource-group $MOODLE_RG_NAME --template-file $MOODLE_AZURE_WORKSPACE/arm_template/azuredeploy.json --parameters $MOODLE_AZURE_WORKSPACE/$MOODLE_RG_NAME/azuredeploy.parameters.json ``` @@ -86,7 +85,7 @@ depending on spec. Once complete you will receive a JSON output containing information needed to manage your Moodle install (see `outputs`). You can also retrieve this infromation from the portal or the CLI. - + Once Moodle has been created, and (where necessary) you have configured your custom `siteURL` DNS to point to the `loadBalancerDNS`, you should be able to load the `siteURL` in a @@ -122,7 +121,7 @@ database tier: - Memory Optimized: 2, 4, 8, 16 This value also limits the maximum number of connections, as defined -here: https://docs.microsoft.com/en-us/azure/mysql/concepts-limits +here: [https://docs.microsoft.com/en-us/azure/mysql/concepts-limits] As the Moodle database will handle cron processes as well as the website, any public facing website with more than 10 users will likely @@ -161,8 +160,7 @@ memory and not require manual configuration. FPM also allows for a very large number of threads which prevents the system from failing during many small jobs. - ## Next Steps - 1. [Retrieve configuration details using CLI](./Get-Install-Data.md) - 1. [Manage the Moodle cluster](./Manage.md) +1. [Retrieve configuration details using CLI](./Get-Install-Data.md) +1. [Manage the Moodle cluster](./Manage.md) diff --git a/docs/Environment-Variables.md b/docs/Environment-Variables.md index b0f071b7..782836d4 100644 --- a/docs/Environment-Variables.md +++ b/docs/Environment-Variables.md @@ -11,16 +11,15 @@ name for your deployment and related resources. We'll use a timestamp. If the environmnt variable `MOODLE_RG_NAME` is not set we will create a new value using a timestamp: - -``` shell -if [ -z "$MOODLE_RG_NAME" ]; then MOODLE_RG_NAME=moodle_$(date +%Y-%m-%d-%H); fi +```Bash +if [ ! -z "$MOODLE_RG_NAME" ]; then MOODLE_RG_NAME=moodle_$(date +%Y-%m-%d-%H); fi ``` Other configurable values for our Azure deployment include the location and depoloyment name. We'll standardize these, but you can use different values if you like. -``` shell +```Bash MOODLE_RG_LOCATION=southcentralus MOODLE_DEPLOYMENT_NAME=MasterDeploy ``` @@ -29,14 +28,14 @@ We also need to provide an SSH key. Later we'll generate this if it doesn't already exist but to enable us to reuse an existing key we'll store it's filename in an Environment Variable. -``` shell +```Bash MOODLE_SSH_KEY_FILENAME=~/.ssh/moodle_id_rsa ``` We need a workspace for storing configuration files and other per-deployment artifacts: -``` shell +```Bash MOODLE_AZURE_WORKSPACE=~/.moodle ``` @@ -44,7 +43,7 @@ MOODLE_AZURE_WORKSPACE=~/.moodle Ensure the workspace for this particular deployment exists: -``` +```Bash mkdir -p $MOODLE_AZURE_WORKSPACE/$MOODLE_RG_NAME ``` @@ -55,78 +54,64 @@ environment variables defined that will be used to provide a common setup for all our Moodle on Azure work. The resource group name defines the name of the group into which all -resources will be, or are, deployed. +resources will be, or are, deployed. -```bash +```Bash echo "Resource Group for deployment: $MOODLE_RG_NAME" ``` Results: -``` -Resource Group for deployment: southcentralus -``` +> Resource Group for deployment: southcentralus The resource group location is: -```bash +```Bash echo "Deployment location: $MOODLE_RG_LOCATION" ``` Results: -``` -Deployment location: southcentralus -``` +> Deployment location: southcentralus When deploying a Moodle cluster the deployment will be given a name so that it can be identified later should it be neceessary to debug. - -```bash +```Bash echo "Deployment name: $MOODLE_DEPLOYMENT_NAME" ``` Results: -``` -Deployment name: MasterDeploy -``` +> Deployment name: MasterDeploy The SSH key to use can be found in a file, if necessary this will be created as part of these scripts. -``` shell +```Bash echo "SSH key filename: $MOODLE_SSH_KEY_FILENAME" ``` Results: -``` -SSH key filename: ~/.ssh/moodle_id_rsa -``` +> SSH key filename: ~/.ssh/moodle_id_rsa Configuration files will be written to / read from a customer directory: -``` shell +```Bash echo "Workspace directory: $MOODLE_AZURE_WORKSPACE" ``` Results: -``` -Workspace directory: ~/.moodle -``` +> Workspace directory: ~/.moodle Ensure the workspace directory exists: - -``` bash -if [ ! -f "$MOODLE_AZURE_WORKSPACE/$MOODLE_RG_NAME" ]; then echo "Worspace exists"; fi +```shell +if [ -d "$MOODLE_AZURE_WORKSPACE/$MOODLE_RG_NAME" ]; then echo "Worspace exists"; fi ``` Results: -``` -Workspace exists -``` +> Workspace exists diff --git a/docs/Get-Install-Data.md b/docs/Get-Install-Data.md index c4ed98b2..0629bb6d 100644 --- a/docs/Get-Install-Data.md +++ b/docs/Get-Install-Data.md @@ -15,37 +15,37 @@ In order to configure our deployment and tools we'll set up some The available output parameters are: - - **siteURL**: If you provided a `siteURL` parameter when deploying this - will be set to the supplied value. Otherwise it will be the same as - the loadBalancerDNS, see below. - - **loadBalancerDNS**: This is the DNS name of your application load - balancer. If you provided a `siteURL` parameter when deploying - you'll need to add a DNS entry to its CNAMEs pointing to this address. - - **moodleAdminPassword**: The generated password for the "admin" user - in your Moodle install. - - **controllerInstanceIP**: This is the IP address of the controller - Virtual Machine. You will need to SSH into this to make changes to - your Moodle code or view logs. - - **databaseDNS**: This is the public DNS of your database instance. If - you wish to set up local backups or access the DB directly, you'll - need to use this. - - **databaseAdminUsername**: The admin username for your database - (this is not the same as your Moodle username). - - **databaseAdminPassword**: The admin password for your - database (this is not the same as your Moodle password). +- **siteURL**: If you provided a `siteURL` parameter when deploying this + will be set to the supplied value. Otherwise it will be the same as + the loadBalancerDNS, see below. +- **loadBalancerDNS**: This is the DNS name of your application load + balancer. If you provided a `siteURL` parameter when deploying + you'll need to add a DNS entry to its CNAMEs pointing to this address. +- **moodleAdminPassword**: The generated password for the "admin" user + in your Moodle install. +- **controllerInstanceIP**: This is the IP address of the controller + Virtual Machine. You will need to SSH into this to make changes to + your Moodle code or view logs. +- **databaseDNS**: This is the public DNS of your database instance. If + you wish to set up local backups or access the DB directly, you'll + need to use this. +- **databaseAdminUsername**: The admin username for your database + (this is not the same as your Moodle username). +- **databaseAdminPassword**: The admin password for your + database (this is not the same as your Moodle password). ## Retrieving Output Parameters Using the CLI To get a complete list of outputs in json format use: -```bash +```Bash az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out json --query *.outputs ``` Individual outputs can be retrieved by filtering, for example, to get just the value of the `siteURL` use: -``` bash +```Bash az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out json --query *.outputs.siteURL.value ``` @@ -53,13 +53,13 @@ However, since we are reqeusting JSON output (the default) the value is enclosed in quotes. In order to remove these we can output as a tab separated list (TSV): -``` bash +```Bash az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out tsv --query *.outputs.siteURL ``` Now we can assign individual values to environment variables, for example: -``` bash +```Bash MOODLE_SITE_URL="$(az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out tsv --query *.outputs.siteURL.value)" ``` @@ -72,7 +72,7 @@ outputs. However, if you do not define this, or if you leave it as the default "www.example.org" you will need to retrieve this value from Azure using the following command: -```bash +```Bash MOODLE_SITE_URL="$(az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out tsv --query *.outputs.siteURL.value)" ``` @@ -83,7 +83,7 @@ Moodle DNS. If this is different from the site URL it is important to ensure that you configure your DNS entry for site URL to point at the load balancer. -```bash +```Bash MOODLE_LOAD_BALANCER_DNS="$(az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out tsv --query *.outputs.loadBalancerDNS.value)" ``` @@ -91,7 +91,7 @@ MOODLE_LOAD_BALANCER_DNS="$(az group deployment show --resource-group $MOODLE_RG Moodle admin password (username is "admin"): -```bash +```Bash MOODLE_ADMIN_PASSWORD="$(az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out tsv --query *.outputs.moodleAdminPassword.value)" ``` @@ -99,7 +99,7 @@ MOODLE_ADMIN_PASSWORD="$(az group deployment show --resource-group $MOODLE_RG_NA The controller VM runs management tasks for the cluster, such as cron jobs and syslog. -```bash +```Bash MOODLE_CONTROLLER_INSTANCE_IP="$(az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out tsv --query *.outputs.controllerInstanceIP.value)" ``` @@ -110,18 +110,19 @@ key are provided as input parameters to the template. #### Database URL -``` bash +```Bash MOODLE_DATABASE_DNS="$(az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out tsv --query *.outputs.databaseDNS.value)" ``` + #### Database admin username -``` bash +```Bash MOODLE_DATABASE_ADMIN_USERNAME="$(az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out tsv --query *.outputs.databaseAdminUsername.value)" ``` #### Database admin password -``` bash +```Bash MOODLE_DATABASE_ADMIN_PASSWORD="$(az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out tsv --query *.outputs.databaseAdminPassword.value)" ``` @@ -129,16 +130,16 @@ MOODLE_DATABASE_ADMIN_PASSWORD="$(az group deployment show --resource-group $MOO First frontend VM IP: -``` bash +```Bash MOODLE_FIRST_FRONTEND_VM_IP="$(az group deployment show --resource-group $MOODLE_RG_NAME --name $MOODLE_DEPLOYMENT_NAME --out tsv --query *.outputs.firstFrontendVmIP.value)" ``` -# Validation +## Validation After having run each of the commands in this document you should have each of the output parameters available in environment variable: -``` bash +```Bash echo $MOODLE_SITE_URL echo $MOODLE_LOAD_BALANCER_DNS echo $MOODLE_ADMIN_PASSWORD diff --git a/docs/Manage.md b/docs/Manage.md index e7f3d48a..0fc54dd0 100644 --- a/docs/Manage.md +++ b/docs/Manage.md @@ -36,22 +36,20 @@ To connect to your Controller VM use SSH with a username of parameter. For example, to retrieve a listing of files and directories in the `/moodle` directory use: -``` +```Bash ssh -o StrictHostKeyChecking=no azureadmin@$MOODLE_CONTROLLER_INSTANCE_IP ls -l /moodle ``` Results: -``` -Warning: Permanently added '52.228.45.38' (ECDSA) to the list of known hosts. -total 12 -drwxr-xr-x 2 www-data www-data 4096 Jan 17 00:59 certs --rw-r--r-- 1 root root 0 Jan 17 02:22 db-backup.sql -drwxr-xr-x 3 www-data www-data 4096 Jan 17 00:54 html -drwxrwx--- 10 www-data www-data 4096 Jan 17 06:55 moodledata -``` +> Warning: Permanently added '52.228.45.38' (ECDSA) to the list of known hosts. +> total 12 +> drwxr-xr-x 2 www-data www-data 4096 Jan 17 00:59 certs +> -rw-r--r-- 1 root root 0 Jan 17 02:22 db-backup.sql +> drwxr-xr-x 3 www-data www-data 4096 Jan 17 00:54 html +> drwxrwx--- 10 www-data www-data 4096 Jan 17 06:55 moodledata -**IMPORTANT NOTE** +### **IMPORTANT NOTE** It is important to realize that the `-o StrictHostKeyChecking=no` option in the above SSH command presents a security risk. It is @@ -63,7 +61,7 @@ validation step. For more information there is an excellent [superuser.com Q&A](https://superuser.com/questions/421074/ssh-the-authenticity-of-host-host-cant-be-established/421084#421084). -### If you set `htmlLocalCopySwitch` to true (this is the default now) +#### If you set `htmlLocalCopySwitch` to true (this is the default now) Originally the `/moodle/html` directory was shared across all autoscaled web VMs through the specified file server (Gluster or NFS), and this is @@ -80,22 +78,24 @@ following steps: * Put your Moodle site to maintenance mode. * This will need to be done on the contoller VM with some shell command. * It should be followed by running the following command to propagate the change to all autoscaled web VMs: - ```bash - $ sudo /usr/local/bin/update_last_modified_time.moodle_on_azure.sh + + ```Bash + sudo /usr/local/bin/update_last_modified_time.moodle_on_azure.sh ``` + * Once this command is executed, each autoscaled web VM will pick up (sync) the changes within 1 minute, so wait for one minute. * Then you can start updating your Moodle code/settings, like installing/updating plugins or upgrading Moodle version or changing Moodle configurations. Again, note that this should be all done on the controller VM using some shell commands. * When you are done updating your Moodle code/settings, run the same command as above to let each autoscaled web VM pick up (sync) the changes (wait for another minute here, for the same reason). Please do let us know on this Github repo's Issues if you encounter any problems with this process. -## Getting an SQL dump +### Getting an SQL dump By default a daily sql dump of your database is taken at 02:22 and saved to `/moodle/db-backup.sql`(.gz). This file can be retrieved using SCP or similar. For example: -``` bash +```Bash scp azureadmin@$MOODLE_CONTROLLER_INSTANCE_IP:/moodle/db-backup.sql /tmp/moodle-db-backup.sql ``` @@ -109,7 +109,7 @@ Postgress provides a `pg_dump` command that can be used to take a snapshot of the database via SSH. For example, use the following command: -``` bash +```Bash ssh azureadmin@$MOODLE_CONTROLLER_INSTANCE_IP 'pg_dump -Fc -h $MOODLE_DATABASE_DNS -U $MOODLE_DATABASE_ADMIN_USERNAME moodle > /moodle/db-snapshot.sql' ``` @@ -121,7 +121,7 @@ MySQL provides a `mysql_dump` command that can be used to take a snapshot of the database via SSH. For example, use the following command: -``` bash +```Bash ssh azureadmin@$MOODLE_CONTROLLER_INSTANCE_IP 'mysqldump -h $mysqlIP -u ${azuremoodledbuser} -p'${moodledbpass}' --databases ${moodledbname} | gzip > /moodle/db-backup.sql.gz' ``` @@ -132,7 +132,7 @@ then Azure will provide VM backups of your Gluster node. This is recommended as it contains both your Moodle code and your sitedata. Restoring a backed up VM is outside the scope of this doc, but Azure's documentation on Recovery Services can be found here: -https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm +[https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm] ## Resizing your Database @@ -170,27 +170,27 @@ basic testing, but a public website will want a real cert. After purchasing a trusted certificate, it can be copied to the following files to be ready immediately: - - /moodle/certs/nginx.key: Your certificate's private key - - /moodle/certs/nginx.crt: Your combined signed certificate and trust chain certificate(s). +* /moodle/certs/nginx.key: Your certificate's private key +* /moodle/certs/nginx.crt: Your combined signed certificate and trust chain certificate(s). ## Managing Azure DDoS protection -By default, every plublic IP is protected by Azure DDoS protection Basic SKU. +By default, every plublic IP is protected by Azure DDoS protection Basic SKU. You can find more information about Azure DDoS protection Basic SKU [here](https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview). -If you want more protection, you can activate Azure DDoS protection Standard SKU by setting -the ddosSwith to true. You can find how to work with Azure DDoS +If you want more protection, you can activate Azure DDoS protection Standard SKU by setting +the ddosSwith to true. You can find how to work with Azure DDoS protection plan [here](https://docs.microsoft.com/en-us/azure/virtual-network/manage-ddos-protection#work-with-ddos-protection-plans). -If you want to disable the Azure DDoS protection, you can follow the instruction -[here](https://docs.microsoft.com/en-us/azure/virtual-network/manage-ddos-protection#disable-ddos-for-a-virtual-network). +If you want to disable the Azure DDoS protection, you can follow the instruction +[here](https://docs.microsoft.com/en-us/azure/virtual-network/manage-ddos-protection#disable-ddos-for-a-virtual-network). Be careful, disabling the Azure DDoS protection on your vnet will not stop the fee. You have to delete the Azure DDoS protection plan if you want to stop the fee. -If you have deployed your cluster without Azure DDoS protection plan, you still can activate the +If you have deployed your cluster without Azure DDoS protection plan, you still can activate the Azure DDoS protection plan thanks to the instruction [here](https://docs.microsoft.com/en-us/azure/virtual-network/manage-ddos-protection#enable-ddos-for-an-existing-virtual-network). ## Next Steps - 1. [Retrieve configuration details using CLI](./Get-Install-Data.md) +1. [Retrieve configuration details using CLI](./Get-Install-Data.md) diff --git a/docs/Parameters.md b/docs/Parameters.md index 6636e102..6b398638 100644 --- a/docs/Parameters.md +++ b/docs/Parameters.md @@ -13,11 +13,11 @@ To make it a litte easier to read `azuredeploy.json` you might want to run the following commands which will extract the necessary information and display it in a more readable form. -```bash +```Bash sudo apt install jq ``` -``` bash +```Bash jq -r '.parameters | to_entries[] | "### " + .key + "\n\n" + .value.metadata.description + "\n\nType: " + .value.type + "\n\nPossible Values: " + (.value.allowedValues | @text) + "\n\nDefault: " + (.value.defaultValue | @text) + "\n\n"' azuredeploy.json ``` @@ -31,8 +31,7 @@ Type: string Possible Values: null -Default: https://raw.githubusercontent.com/Azure/Moodle/master/ - +Default: [https://raw.githubusercontent.com/Azure/Moodle/master/] ### _artifactsLocationSasToken @@ -42,8 +41,7 @@ Type: securestring Possible Values: null -Default: - +Default: ### applyScriptsSwitch @@ -55,7 +53,6 @@ Possible Values: null Default: true - ### azureBackupSwitch Switch to configure AzureBackup and enlist VM's @@ -66,7 +63,6 @@ Possible Values: null Default: false - ### redisDeploySwitch Switch to deploy a redis cache or not. Note that certain versions of Moodle (e.g., 3.1) don't work well with Redis, so use this only for known well-working Moodle versions (e.g., 3.4). @@ -77,7 +73,6 @@ Possible Values: null Default: false - ### vnetGwDeploySwitch Switch to deploy a virtual network gateway or not @@ -88,7 +83,6 @@ Possible Values: null Default: false - ### installObjectFsSwitch Switch to install Moodle Object FS plugins (with Azure Blob storage) @@ -99,7 +93,6 @@ Possible Values: null Default: false - ### installO365pluginsSwitch Switch to install Moodle Office 365 plugins. As of May 22, 2018, O365 plugins for Moodle 3.5 haven't been released, so to set this true, you must set the moodleVersion to 3.4 or below. @@ -110,7 +103,6 @@ Possible Values: null Default: false - ### installGdprPluginsSwitch (Should be used only for Moodle 3.4 & 3.3) Switch to install Moodle GDPR plugins. Note these require Moodle versions 3.4.2+ or 3.3.5+ and these are included by default in Moodle 3.5. So if you choose MOODLE_35_STABLE as your moodleVersion, do not set this to true. @@ -121,7 +113,6 @@ Possible Values: null Default: false - ### htmlLocalCopySwitch Switch to create a local copy of /moodle/html or not @@ -132,7 +123,6 @@ Possible Values: null Default: true - ### ddosSwitch Switch to create a DDoS protection plan @@ -143,7 +133,6 @@ Possible Values: null Default: false - ### enableAccelNwForCtlrVmSwitch Switch to enable Azure Accelerated Networking on the controller VM. Default to false because currently the default controller VM SKU (D1) doesn't support AN. Change this to true if you set the controller VM SKU to eligibible ones (e.g., D2) for better performance. @@ -154,7 +143,6 @@ Possible Values: null Default: false - ### enableAccelNwForOtherVmsSwitch Switch to enable Azure Accelerated Networking on all other VMs. Default to true because currently the default controller VM SKU for all other VMS (D2) does support AN. Change this to false if you set the SKU of any other VMs to an ineligibible one (e.g., D1) to avoid deployment failure. @@ -165,7 +153,6 @@ Possible Values: null Default: true - ### httpsTermination Indicates where https termination occurs. 'VMSS' is for https termination at the VMSS instance VMs (using nginx https proxy). 'AppGw' is for https termination with an Azure Application Gateway. When selecting this, you need to specify all appGw* parameters. 'None' is for testing only with no https. 'None' may not be used with a separately configured https termination layer. If you want to use the 'None' option with your separately configured https termination layer, you'll need to update your Moodle config.php manually for $cfg->wwwroot and $cfg->sslproxy. @@ -176,7 +163,6 @@ Possible Values: ["VMSS","AppGw","None"] Default: VMSS - ### siteURL URL for Moodle site @@ -187,7 +173,6 @@ Possible Values: null Default: www.example.org - ### moodleVersion The Moodle version you want to install. @@ -198,7 +183,6 @@ Possible Values: ["MOODLE_35_STABLE","MOODLE_34_STABLE","v3.4.3","v3.4.2","v3.4. Default: MOODLE_35_STABLE - ### sshPublicKey ssh public key @@ -209,7 +193,6 @@ Possible Values: null Default: null - ### sshUsername ssh user name @@ -220,7 +203,6 @@ Possible Values: null Default: azureadmin - ### controllerVmSku VM size for the controller VM @@ -231,7 +213,6 @@ Possible Values: null Default: Standard_DS1_v2 - ### webServerType Web server type @@ -242,7 +223,6 @@ Possible Values: ["apache","nginx"] Default: apache - ### autoscaleVmSku VM size for autoscaled web VMs @@ -253,7 +233,6 @@ Possible Values: null Default: Standard_DS2_v2 - ### autoscaleVmCountMax Maximum number of autoscaled web VMs @@ -264,7 +243,6 @@ Possible Values: null Default: 10 - ### autoscaleVmCountMin Minimum (also initial) number of autoscaled web VMs @@ -275,7 +253,6 @@ Possible Values: null Default: 1 - ### osDiskStorageType Azure storage type for all VMs' OS disks. With htmlLocalCopySwith true, Premium_LRS (SSD) is strongly recommended, as PHP files will be served from OS disks. @@ -286,7 +263,6 @@ Possible Values: ["Premium_LRS","Standard_LRS"] Default: Premium_LRS - ### dbServerType Database type @@ -297,7 +273,6 @@ Possible Values: ["postgres","mysql","mssql"] Default: mysql - ### dbLogin Database admin username @@ -308,7 +283,6 @@ Possible Values: null Default: dbadmin - ### mysqlPgresVcores MySql/Postgresql vCores. For Basic tier, only 1 & 2 are allowed. For GeneralPurpose tier, 2, 4, 8, 16, 32 are allowed. For MemoryOptimized, 2, 4, 8, 16 are allowed. @@ -319,7 +293,6 @@ Possible Values: [1,2,4,8,16,32] Default: 2 - ### mysqlPgresStgSizeGB MySql/Postgresql storage size in GB. Minimum 5GB, increase by 1GB, up to 1TB (1024 GB) @@ -330,7 +303,6 @@ Possible Values: null Default: 125 - ### mysqlPgresSkuTier MySql/Postgresql sku tier @@ -341,7 +313,6 @@ Possible Values: ["Basic","GeneralPurpose","MemoryOptimized"] Default: GeneralPurpose - ### mysqlPgresSkuHwFamily MySql/Postgresql sku hardware family. Central US is Gen4 only, so make sure to change this parameter to Gen4 if your deployment is on Central US. @@ -352,7 +323,6 @@ Possible Values: ["Gen4","Gen5"] Default: Gen5 - ### mysqlVersion Mysql version @@ -363,7 +333,6 @@ Possible Values: ["5.6","5.7"] Default: 5.7 - ### postgresVersion Postgresql version @@ -374,7 +343,6 @@ Possible Values: ["9.5","9.6"] Default: 9.6 - ### sslEnforcement MySql/Postgresql SSL connection @@ -385,7 +353,6 @@ Possible Values: ["Disabled","Enabled"] Default: Disabled - ### mssqlDbServiceObjectiveName MS SQL database service object names @@ -396,7 +363,6 @@ Possible Values: ["S1","S2","S3","S4","S5","S6","S7","S9"] Default: S1 - ### mssqlDbSize MS SQL database size @@ -407,7 +373,6 @@ Possible Values: ["100MB","250MB","500MB","1GB","2GB","5GB","10GB","20GB","30GB" Default: 250GB - ### mssqlDbEdition MS SQL DB edition @@ -418,7 +383,6 @@ Possible Values: ["Basic","Standard"] Default: Standard - ### mssqlVersion Mssql version @@ -429,7 +393,6 @@ Possible Values: ["12.0"] Default: 12.0 - ### fileServerType File server type: GlusterFS, NFS, and NFS-HA (2-VM highly available NFS cluster) @@ -440,7 +403,6 @@ Possible Values: ["gluster","nfs","nfs-ha","nfs-byo"] Default: nfs - ### nfsByoIpExportPath IP address and export path of the BYO-NFS share when fileServerType == nfs-byo. E.g., 172.16.1.8:/msazure @@ -449,8 +411,7 @@ Type: string Possible Values: null -Default: - +Default: ### fileServerDiskSize @@ -462,7 +423,6 @@ Possible Values: null Default: 127 - ### fileServerDiskCount Number of disks in raid0 per gluster node or nfs server @@ -473,7 +433,6 @@ Possible Values: null Default: 4 - ### fileServerVmSku VM size for the gluster or NFS-HA nodes @@ -484,7 +443,6 @@ Possible Values: null Default: Standard_DS2_v2 - ### keyVaultResourceId (VMSS https termination only) Azure Resource Manager resource ID of the Key Vault in case you stored your SSL cert in an Azure Key Vault (Note that this Key Vault must have been pre-created on the same Azure region where this template is being deployed). Leave this blank if you didn't. Resource ID example: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/xxx/providers/Microsoft.KeyVault/vaults/yyy. This value can be obtained from keyvault.sh output if you used the script to store your SSL cert in your Key Vault. @@ -493,8 +451,7 @@ Type: string Possible Values: null -Default: - +Default: ### sslCertKeyVaultURL @@ -504,8 +461,7 @@ Type: string Possible Values: null -Default: - +Default: ### sslCertThumbprint @@ -515,8 +471,7 @@ Type: string Possible Values: null -Default: - +Default: ### caCertKeyVaultURL @@ -526,8 +481,7 @@ Type: string Possible Values: null -Default: - +Default: ### caCertThumbprint @@ -537,8 +491,7 @@ Type: string Possible Values: null -Default: - +Default: ### appGwSslCertKeyVaultResourceId @@ -548,8 +501,7 @@ Type: string Possible Values: null -Default: - +Default: ### appGwSslCertKeyVaultSecretName @@ -559,8 +511,7 @@ Type: string Possible Values: null -Default: - +Default: ### appGwSkuName @@ -572,7 +523,6 @@ Possible Values: ["Standard_Small","Standard_Medium","Standard_Large","WAF_Mediu Default: Standard_Medium - ### appGwSkuTier (App Gateway https termination only) Tier of the Applicate Gateway @@ -583,7 +533,6 @@ Possible Values: ["Standard","WAF"] Default: Standard - ### appGwSkuCapacity (App Gateway https termination only) Capacity instance count) of the Applicate Gateway @@ -594,7 +543,6 @@ Possible Values: null Default: 2 - ### storageAccountType Storage Account type. This storage account is only for the Moodle ObjectFS plugin and/or the (currently disabled) Azure Files file share option @@ -605,7 +553,6 @@ Possible Values: ["Standard_LRS","Standard_GRS","Standard_ZRS"] Default: Standard_LRS - ### searchType options of moodle global search @@ -616,7 +563,6 @@ Possible Values: ["none","azure","elastic"] Default: none - ### tikaService options of enabling tika service for file searching in moodle @@ -627,7 +573,6 @@ Possible Values: ["none","tika"] Default: none - ### azureSearchSku the search service level you want to create. @@ -638,7 +583,6 @@ Possible Values: ["free","basic","standard","standard2","standard3"] Default: basic - ### azureSearchReplicaCount Replicas distribute search workloads across the service. You need 2 or more to support high availability (applies to Basic and Standard only). @@ -649,7 +593,6 @@ Possible Values: null Default: 3 - ### azureSearchPartitionCount Partitions allow for scaling of document count as well as faster indexing by sharding your index over multiple Azure Search units. @@ -660,7 +603,6 @@ Possible Values: [1,2,3,4,6,12] Default: 1 - ### azureSearchHostingMode Applicable only for azureSearchSku set to standard3. You can set this property to enable a single, high density partition that allows up to 1000 indexes, which is much higher than the maximum indexes allowed for any other azureSearchSku. @@ -671,7 +613,6 @@ Possible Values: ["default","highDensity"] Default: default - ### elasticVmSku VM size for the elastic search nodes @@ -682,7 +623,6 @@ Possible Values: null Default: Standard_DS2_v2 - ### tikaVmSku VM size for the tika search nodes @@ -693,7 +633,6 @@ Possible Values: null Default: Standard_DS2_v2 - ### customVnetId Azure Resource ID of the Azure virtual network where you want to deploy your Moodle resources. A vnet resource ID is of the following format: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx/resourceGroups/gggg/providers/Microsoft.Network/virtualNetworks/vvvv. Note that this virtual network must be on the same Azure location as this template deployment location. If this parameter is blank, a new Azure virtual network will be created and used. In that case, the address space of the newly created virtual network will be */16 of the following vNetAddressSpace parameter value below. @@ -702,8 +641,7 @@ Type: string Possible Values: null -Default: - +Default: ### vNetAddressSpace @@ -715,7 +653,6 @@ Possible Values: null Default: 172.31.0.0 - ### gatewayType Virtual network gateway type @@ -726,7 +663,6 @@ Possible Values: ["Vpn","ER"] Default: Vpn - ### vpnType Virtual network gateway vpn type @@ -737,7 +673,6 @@ Possible Values: ["RouteBased","PolicyBased"] Default: RouteBased - ### loadBalancerSku Loadbalancer SKU @@ -748,7 +683,6 @@ Possible Values: ["Basic","Standard"] Default: Basic - ### location Azure Location for all resources. @@ -758,5 +692,3 @@ Type: string Possible Values: null Default: [resourceGroup().location] - - diff --git a/docs/Preparation.md b/docs/Preparation.md index ce49aa46..170cf83a 100644 --- a/docs/Preparation.md +++ b/docs/Preparation.md @@ -13,7 +13,7 @@ In order to configure our deployment and tools we'll set up some We'll use a number of tools when working with Moodle on Azure. Let's ensure they are all installed: -``` shell +```Bash sudo apt-get update sudo apt-get install wget -y sudo apt-get openssh-client -y @@ -21,7 +21,7 @@ sudo apt-get openssh-client -y The [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest) is also important: -```bash +```Bash AZ_REPO=$(lsb_release -cs) echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | sudo tee /etc/apt/sources.list.d/azure-cli.list sudo apt-key adv --keyserver packages.microsoft.com --recv-keys 52E16F86FEE04B979B07E28DB02C46DF417A0893 @@ -34,40 +34,40 @@ sudo apt-get update && sudo apt-get install azure-cli We use SSH for secure communication with our hosts. The following line will check there is a valid SSH key available and, if not, create one. -``` +```Bash if [ ! -f "$MOODLE_SSH_KEY_FILENAME" ]; then ssh-keygen -t rsa -N "" -f $MOODLE_SSH_KEY_FILENAME; fi ``` + ## Checkout the Moodle ARM Template The Moodle Azure Resource Manager template is hosted on GitHub. We'll checkout the template into our workspace. -``` +```Bash git clone git@github.com:Azure/Moodle.git $MOODLE_AZURE_WORKSPACE/arm_template ``` -# Validation +## Validation After completing these steps we should have, amonst other things, a complete checkout of the Moodle templates from GitHub: -``` bash +```Bash ls $MOODLE_AZURE_WORKSPACE/arm_template ``` Results: -``` expected_similarity=0.4 -azuredeploy.json azuredeploy.parameters.json CONTRIBUTE.md docs env.json etc images LICENSE LICENSE-DOCS metadata.json nested -README.md -``` +> expected_similarity=0.4 +> azuredeploy.json azuredeploy.parameters.json CONTRIBUTE.md docs env.json etc images > LICENSE LICENSE-DOCS metadata.json nested +> README.md We should also have a number of applications installed, such as the Azure CLI: -``` bash +```Bash if hash az 2>/dev/null; then echo "Azure CLI Installed"; else echo "Missing dependency: Azure CLI"; fi ``` -``` -AzureCLI Installed -``` +Results: + +> AzureCLI Installed diff --git a/docs/SslCert.md b/docs/SslCert.md index a0c290a9..03d6ae0e 100644 --- a/docs/SslCert.md +++ b/docs/SslCert.md @@ -36,37 +36,28 @@ Once you updloaded the files to your deployment environment, you can run the fol to create an Azure Key Vault on your subscription and store your SSL certificate, private key, and optionally the intermediate CA certificate: -``` bash -$ bash $MOODLE_AZURE_WORKSPACE/arm_template/etc/keyvault.sh cert.pem key.pem chain.pem +```Bash +bash $MOODLE_AZURE_WORKSPACE/arm_template/etc/keyvault.sh cert.pem key.pem chain.pem ``` Make sure to set `` the same as the Azure region you'll be using to deploy the Moodle template. Assign desired names for ``, `` (you can use an existing resource group) and ``. `` is not very important in our deployment. Then you'll get outputs as follows: -``` -... -Specified SSL cert/key .pem files are now stored in your Azure Key Vault and ready to be used by the template. -Use the following values for the related template parameters: - -- keyVaultResourceId: /subscriptions/206c66fc-a48c-480d-ad06-0d429e82c586/resourceGroups/keyvault/providers/Microsoft.KeyVault/vaults/mdl-kv -- sslCertKeyVaultURL: https://mdl-kv.vault.azure.net/secrets/mymoodlesitecert/4c88452fe72b4d469253af48348f4944 -- sslCertThumbprint: 56478E4F9555662476E2763D909F50B3DD26FF84 -- caCertKeyVaultURL: https://mdl-kv.vault.azure.net/secrets/camymoodlesitecert/684efab1f2124e71a2c809457d10808b -- caCertThumbprint: E6A3B45B062D509B3382282D196EFE97D5956CCB -Done -``` +> ... +> Specified SSL cert/key .pem files are now stored in your Azure Key Vault and ready to > be used by the template. +> Use the following values for the related template parameters: +> +> - keyVaultResourceId: /subscriptions/206c66fc-a48c-480d-ad06-0d429e82c586/> resourceGroups/keyvault/providers/Microsoft.KeyVault/vaults/mdl-kv +> - sslCertKeyVaultURL: https://mdl-kv.vault.azure.net/secrets/mymoodlesitecert/> 4c88452fe72b4d469253af48348f4944 +> - sslCertThumbprint: 56478E4F9555662476E2763D909F50B3DD26FF84 +> - caCertKeyVaultURL: https://mdl-kv.vault.azure.net/secrets/camymoodlesitecert/> 684efab1f2124e71a2c809457d10808b +> - caCertThumbprint: E6A3B45B062D509B3382282D196EFE97D5956CCB +> Done -This example outputs assumes `"keyvault"` is used for ``, `"mdl-kv"` for ``, -and `"mymoodlesitecert"` for ``. Note that `caCertKeyVaultURL` and `caCertThumbprint` will be empty -if you didn't specify `chain.pem`. Then you can copy these outputs to the template's corresponding parameters, -and Azure Resource Manager will install the certificate and the private key on the deployed VMs and the deployed -HTTPS server will use this certificate and private key. +This example outputs assumes `"keyvault"` is used for ``, `"mdl-kv"` for ``, and `"mymoodlesitecert"` for ``. Note that `caCertKeyVaultURL` and `caCertThumbprint` will be empty if you didn't specify `chain.pem`. Then you can copy these outputs to the template's corresponding parameters, and Azure Resource Manager will install the certificate and the private key on the deployed VMs and the deployed HTTPS server will use this certificate and private key. ## Certificate rotation -Another important benefit of using Azure Key Vault is to handle certificate expiration/rotation automatically. -Unfortunately, the current implementation doesn't support the auto-rotation. So when it becomes near your SSL -certificate's expiry, you'll need to manually update the deployed certificate and private key files -(it's in `/moodle/certs/nginx.{crt,key}` on the controller VM) and restart all the web frontend VM instances. -We'll improve our implementation to support auto-rotation in the future. \ No newline at end of file +Another important benefit of using Azure Key Vault is to handle certificate expiration/rotation automatically. Unfortunately, the current implementation doesn't support the auto-rotation. So when it becomes near your SSL certificate's expiry, you'll need to manually update the deployed certificate and private key files +(it's in `/moodle/certs/nginx.{crt,key}` on the controller VM) and restart all the web frontend VM instances. We'll improve our implementation to support auto-rotation in the future. diff --git a/docs/Test.md b/docs/Test.md index 09925873..74fb5d7f 100644 --- a/docs/Test.md +++ b/docs/Test.md @@ -6,4 +6,4 @@ It is obviously necessary to have a [Moodle cluster up and running](./Deploy.md) ## Next Steps - * [Delete all Resources](./Delete.md) +* [Delete all Resources](./Delete.md) diff --git a/loadtest/Azure_Login.md b/loadtest/Azure_Login.md index 37c22d6d..38cb604f 100644 --- a/loadtest/Azure_Login.md +++ b/loadtest/Azure_Login.md @@ -5,26 +5,26 @@ logged in to Azure using the CLI. ## Azure Login -``` bash +```Bash az login --username $AZURE_USERNAME --password $AZURE_PASWORD ``` Note that if your username or password has any special characters in it, such as '$' this may fail. You can login using a browser using `az login`. -``` bash +```Bash az account set --subscription $AZURE_SUBSCRIPTION_ID ``` ## Validation -``` bash +```Bash az account show ``` Results: -``` +```json { "environmentName": "AzureCloud", "id": "325e7c34-99fb-4190-aa87-1df746c67705", @@ -38,4 +38,3 @@ Results: } } ``` - diff --git a/loadtest/Deploy_Load_Test_VM.md b/loadtest/Deploy_Load_Test_VM.md index 92dc7c31..d82c63c9 100644 --- a/loadtest/Deploy_Load_Test_VM.md +++ b/loadtest/Deploy_Load_Test_VM.md @@ -14,13 +14,13 @@ should [configure the moodle environment](../docs/Preparation.md). We will want to use a consistent resource group name in order to avoid wasting resource in these tests: -``` +```Bash MOODLE_RG_NAME=loadtest ``` And we'll need a name for our load test VM: -``` +```Bash MOODLE_LOAD_TEST_VM_NAME=LoadTestVM ``` @@ -28,20 +28,20 @@ MOODLE_LOAD_TEST_VM_NAME=LoadTestVM First you need a resource group within which all your resources will be deployed. -``` bash +```Bash az group create --name $MOODLE_RG_NAME --location $MOODLE_RG_LOCATION ``` Now we can create our VM in this group. The following command will create the VM and, if necessary, generate the SSH keys. -``` bash +```Bash az vm create --resource-group $MOODLE_RG_NAME --name $MOODLE_LOAD_TEST_VM_NAME --image UbuntuLTS --generate-ssh-keys ``` Results: -``` json +```json { "fqdns": "", "id": "/subscriptions/325e7c34-99fb-4190-aa87-1df746c67705/resourceGroups/loadtestvm/providers/Microsoft.Compute/virtualMachines/LoadTestVM", @@ -58,28 +58,28 @@ Results: You will need the IP number from this output. For convenience we'll place it into an environment variable: -``` bash +```Bash ipAddress=$(az network public-ip show --name ${MOODLE_LOAD_TEST_VM_NAME}PublicIP --resource-group $MOODLE_RG_NAME --query "ipAddress" --output tsv) echo $ipAddress ``` We can now connect to the VM using ssh, and run commands. The first thing we want to do is pull down the Moodle on Azure repo. Since this document is used to automatically run tests all our commands need to be non-interactive. We will therefore skip the host key validation step. Note that you should never do this in a production environment (remove `-o StrictHostKeyChecking=no`): -``` bash +```Bash ssh -o StrictHostKeyChecking=no $ipAddress "rm -Rf Moodle; git clone git://github.com/Azure/Moodle.git" ``` Now we can install the load testing scripts, we will have these loaded via the `.profile` so that they are always availble. -``` bash +```Bash ssh $ipAddress 'echo ". ~/Moodle/loadtest/loadtest.sh" >> ~/.profile' ``` This script provides some helper functions for installing dependencies on the VM. -``` bash +```Bash ssh $ipAddress 'install_java_and_jmeter; install_az_cli' ``` @@ -88,7 +88,7 @@ convenient but is not secure since it stores your password in clear text in an environment variable. However, it is convenient for test purposes. -``` bash +```Bash ssh $ipAddress "az login --username $AZURE_LOGIN --password $AZURE_PASSWORD; az account set --subscription $AZURE_SUBSCRIPTION_ID" ``` @@ -96,30 +96,22 @@ ssh $ipAddress "az login --username $AZURE_LOGIN --password $AZURE_PASSWORD; az Finally, we will verify that key dependencies have been installed. First lets check Java is present: -``` bash +```Bash ssh -o StrictHostKeyChecking=no $ipAddress "java -version" ``` Results: -``` -openjdk version "1.8.0_151" -OpenJDK Runtime Environment (build 1.8.0_151-8u151-b12-0ubuntu0.16.04.2-b12) -OpenJDK 64-Bit Server VM (build 25.151-b12, mixed mode) -``` +> openjdk version "1.8.0_151" +> OpenJDK Runtime Environment (build 1.8.0_151-8u151-b12-0ubuntu0.16.04.2-b12) +> OpenJDK 64-Bit Server VM (build 25.151-b12, mixed mode) We will also need to confirm the Azure CLI is present: -``` bash +```Bash ssh -o StrictHostKeyChecking=no $ipAddress "if hash az 2>/dev/null; then echo "Azure CLI Installed"; else echo "Missing dependency: Azure CLI"; fi" ``` Results: -``` -Azure CLI Installed -``` - - - - +> Azure CLI Installed diff --git a/managedApplication/Cleanup.md b/managedApplication/Cleanup.md index 9febbffd..c305663e 100644 --- a/managedApplication/Cleanup.md +++ b/managedApplication/Cleanup.md @@ -10,14 +10,14 @@ We need to ensure the [variables](Environment.md) are set up correctly. ## Azure Active Directory -``` bash +```Bash MOODLE_MANAGED_APP_AD_ID=$(az ad group list --filter="displayName eq '$MOODLE_MANAGED_APP_OWNER_GROUP_NAME'" --query [0].objectId --output tsv) az ad group delete --group $MOODLE_MANAGED_APP_AD_ID ``` ## Remove the Service Catalog Entry -``` bash +```Bash az managedapp definition delete --resource-group $MOODLE_SERVICE_CATALOG_RG_NAME --ids $MOODLE_MANAGED_APP_ID ``` @@ -26,7 +26,7 @@ az managedapp definition delete --resource-group $MOODLE_SERVICE_CATALOG_RG_NAME If you create a resource group solely for the managed application you are now deleting you can safely remove its resource group: -``` bash +```Bash az group delete --name $MOODLE_SERVICE_CATALOG_RG_NAME --yes ``` @@ -38,13 +38,12 @@ was created as part of the managed application deployment). First we need the application ID. -``` bash +```Bash MOODLE_DEPLOYMENT_ID=$(az managedapp show --resource-group $MOODLE_DEPLOYMENT_RG_NAME --name $MOODLE_DEPLOYMENT_NAME) ``` Now we have the ID we can delete the application. -``` bash +```Bash az managedapp delete --resource-group $MOODLE_DEPLOYMENT_RG_NAME --ids $MOODLE_DEPLOYMENT_ID ``` - diff --git a/managedApplication/DeployMoodleManagedApp.md b/managedApplication/DeployMoodleManagedApp.md index aa095ac4..191c58c2 100644 --- a/managedApplication/DeployMoodleManagedApp.md +++ b/managedApplication/DeployMoodleManagedApp.md @@ -23,14 +23,14 @@ the output of the command to create the service catalog entry. However, we'll use the CLI to retrieve it and record it into a variable: -``` bash +```Bash MOODLE_MANAGED_APP_ID=$(az managedapp definition show --name $MOODLE_MANAGED_APP_NAME --resource-group $MOODLE_SERVICE_CATALOG_RG_NAME --query id --output tsv) ``` Create the application resource group, this is the group in which the customer will see the managed application. -``` bash +```Bash az group create --name $MOODLE_DEPLOYMENT_RG_NAME --location=$MOODLE_DEPLOYMENT_LOCATION ``` @@ -70,14 +70,16 @@ adding the `--parameters` attribute. This attribute can take either a JSON string or a filename (preceded with an '@', e.g. '--parameters @parameters.json`) containing a JSON definition for the paramters, e.g. - { - "parameterName": { - "value": "some value" - }, - "anotherParameterName": { - "value": "another value" - } +```json +{ + "parameterName": { + "value": "some value" + }, + "anotherParameterName": { + "value": "another value" } +} +``` The Moodle template provides sensible defaults for almost every parameter, the one exception to this is the SSH Public Key, used to @@ -89,7 +91,7 @@ placeholder in the parameters template file with an SSH key used for testing puporses (this is created as part of the envrionment setup in the prerequisites): -``` bash +```Bash ssh_pub_key=`cat $MOODLE_SSH_KEY_FILENAME.pub` echo $ssh_pub_key sed "s|GEN-SSH-PUB-KEY|$ssh_pub_key|g" parameters-template.json > $MOODLE_MANAGED_APP_WORKSPACE/$MOODLE_DEPLOYMENT_NAME/parameters.json @@ -103,6 +105,6 @@ parameter files for specific deployments. Deploy the managed application and corresponding infrastructure. -``` bash +```Bash az managedapp create --name $MOODLE_DEPLOYMENT_NAME --location $MOODLE_DEPLOYMENT_LOCATION --kind ServiceCatalog --resource-group $MOODLE_DEPLOYMENT_RG_NAME --managedapp-definition-id $MOODLE_MANAGED_APP_ID --managed-rg-id $MOODLE_MANAGED_RG_ID --parameters @$MOODLE_MANAGED_APP_WORKSPACE/$MOODLE_DEPLOYMENT_NAME/parameters.json ``` diff --git a/managedApplication/Environment.md b/managedApplication/Environment.md index 096255d8..853e7beb 100644 --- a/managedApplication/Environment.md +++ b/managedApplication/Environment.md @@ -11,7 +11,7 @@ customize these values by copying and editing `env.json` into ## Setup for Publishing the Moodle Managed Application -``` bash +```Bash MOODLE_MANAGED_APP_OWNER_GROUP_NAME=MoodleOwner MOODLE_MANAGED_APP_OWNER_NICKNAME=MoodleOwner MOODLE_SERVICE_CATALOG_LOCATION=southcentralus @@ -29,7 +29,7 @@ managed application provider. This is the resource group that infrastructure will be deployed into. The end user does not, generally, manage this group. -``` bash +```Bash SUBSCRIPTION_ID=$(az account show --query id --output tsv) MOODLE_MANAGED_RG_ID=/subscriptions/$SUBSCRIPTION_ID/resourceGroups/MoodleInfrastructure ``` @@ -38,7 +38,7 @@ We'll also need a resource group for the application deployment. This is the resource group into which the application is deployed. This is the resource group that the provider of the managed application will have access to. -``` bash +```Bash MOODLE_DEPLOYMENT_RG_NAME=MoodleManagedAppRG MOODLE_DEPLOYMENT_LOCATION=southcentralus MOODLE_DEPLOYMENT_NAME=MoodleManagedApp @@ -49,7 +49,7 @@ MOODLE_DEPLOYMENT_NAME=MoodleManagedApp We need a workspace for storing configuration files and other per-deployment artifacts: -``` shell +```Bash MOODLE_MANAGED_APP_WORKSPACE=~/.moodle mkdir -p $MOODLE_MANAGED_APP_WORKSPACE/$MOODLE_DEPLOYMENT_NAME ``` @@ -59,7 +59,7 @@ mkdir -p $MOODLE_MANAGED_APP_WORKSPACE/$MOODLE_DEPLOYMENT_NAME We use SSH for secure communication with our hosts. The following line will check there is a valid SSH key available and, if not, create one. -``` +```Bash MOODLE_SSH_KEY_FILENAME=~/.ssh/moodle_managedapp_id_rsa if [ ! -f "$MOODLE_SSH_KEY_FILENAME" ]; then ssh-keygen -t rsa -N "" -f $MOODLE_SSH_KEY_FILENAME; fi ``` diff --git a/managedApplication/PublishMoodleManagedApplication.md b/managedApplication/PublishMoodleManagedApplication.md index 0585da31..394b9d02 100644 --- a/managedApplication/PublishMoodleManagedApplication.md +++ b/managedApplication/PublishMoodleManagedApplication.md @@ -57,26 +57,26 @@ use in the examples below. If the Group already exists we don't want to create a new one, so we will try to get the Group ID first: -``` bash +```Bash MOODLE_MANAGED_APP_AD_ID=$(az ad group list --filter="displayName eq '$MOODLE_MANAGED_APP_OWNER_GROUP_NAME'" --query [0].objectId --output tsv) ``` At this point MOODLE_MANAGED_APP_AD_ID will either be empty or it will have the ID of an existing group. If it is empty we need to create the group and grab its ID: -``` bash +```Bash if [ -z "$MOODLE_MANAGED_APP_AD_ID" ]; then az ad group create --display-name $MOODLE_MANAGED_APP_OWNER_GROUP_NAME --mail-nickname=$MOODLE_MANAGED_APP_OWNER_NICKNAME; fi ``` Let's ensure that we have the object ID even if we created a new one. -``` bash +```Bash MOODLE_MANAGED_APP_AD_ID=$(az ad group list --filter="displayName eq '$MOODLE_MANAGED_APP_OWNER_GROUP_NAME'" --query [0].objectId --output tsv) ``` You will also need the Role ID for your chosen role, here we will use the built-in 'Owner' role: -``` bash +```Bash MOODLE_MANAGED_APP_ROLE_ID=$(az role definition list --name Owner --query [].name --output tsv) ``` @@ -84,7 +84,7 @@ The Azure documentation has more information on how to work with [Azure Active D ## Create a Resource Group for the Managed Application Service Catalog Entry -``` bash +```Bash az group create --name $MOODLE_SERVICE_CATALOG_RG_NAME --location $MOODLE_SERVICE_CATALOG_LOCATION ``` @@ -96,13 +96,13 @@ to make it easier to work with the application. We'll need to construct the authorization configuration from the app and role IDs retrieved earlier. -``` bash +```Bash MOODLE_MANAGED_APP_AUTHORIZATIONS=$MOODLE_MANAGED_APP_AD_ID:$MOODLE_MANAGED_APP_ROLE_ID ``` The following command will add your managed application definition to the Service Catalog. -``` bash +```Bash az managedapp definition create --name $MOODLE_MANAGED_APP_NAME --location $MOODLE_SERVICE_CATALOG_LOCATION --resource-group $MOODLE_SERVICE_CATALOG_RG_NAME --lock-level $MOODLE_MANAGED_APP_LOCK_LEVEL --display-name $MOODLE_MANAGED_APP_DISPLAY_NAME --description "$MOODLE_MANAGED_APP_DESCRIPTION" --authorizations="$MOODLE_MANAGED_APP_AUTHORIZATIONS" --main-template=@../azuredeploy.json --create-ui-definition=@createUIDefinition.json ``` diff --git a/managedApplication/README.md b/managedApplication/README.md index 18a2161d..1033e27d 100644 --- a/managedApplication/README.md +++ b/managedApplication/README.md @@ -9,15 +9,17 @@ management of the solution. The billing for your solution is handled through Azure billing. ## Why the Azure Marketplace and Azure Managed Applications for Moodle Hosting Providers -The Azure Marketplace allows you the capability of offering an Azure-certified Moodle solution via a modern marketplace. When a customer runs Moodle from the Azure Marketplace they have the confidence that the Moodle solution certified and optimized to run on Azure, and that they can get support should they need it. + +The Azure Marketplace allows you the capability of offering an Azure-certified Moodle solution via a modern marketplace. When a customer runs Moodle from the Azure Marketplace they have the confidence that the Moodle solution certified and optimized to run on Azure, and that they can get support should they need it. Until recently it was difficult for many Moodle hosting providers to offer Moodle via the Azure Marketplace, in particular because after a marketplace solution was deployed, customers would still be responsible for maintaining, updating, or servicing their environment. As customers are not always experts on cloud infrastructure this made offering a Marketplace offering with a Moodle-hoster backed SLA difficult. Moreover, a customer had full-access to the resources (i.e. VMs, databases, etc.) in the solution once deployed, meaning they could easily make a change to the underlying infrastructure (such as accidentally deleting a critical VM) that might have rendered the solution unusable. With the advent of Azure Managed Application for the Azure Marketplace, the Moodle Hosting provider can now specify exactly which underlying infrastructure resources for a Moodle solution a customer does (and does not) have access to. This means that a Moodle hoster can now prevent a customer from make a change which could take down your Moodle solution and render your SLA void. Moreover, although customers continue to deploy your Moodle solution offering in their subscriptions just like all Azure Marketplace offerings, the customer does not have to maintain, update, or service them and troubleshooting and diagnosing of issues can be done by the Moodle hoster on-behalf of the customer. ## Why Moodle Managed Applications for IT Teams? + For IT teams, managed applications enable you to offer pre-approved configuration of Moodle -to users in the organization. For example, if to be compliant with organizational standards you require users deploy Moodle with certain version number, database SKUs or networking/security configurations, you can enforce compliance. +to users in the organization. For example, if to be compliant with organizational standards you require users deploy Moodle with certain version number, database SKUs or networking/security configurations, you can enforce compliance. Read more about [Managed Applications](https://docs.microsoft.com/en-us/azure/managed-applications/overview), @@ -30,4 +32,4 @@ own Moodle based services as Managed Applications. 2. [Deploy a Moodle Based Managed Application](DeployMoodleManagedApp.md) 3. [Learn about submitting your application to the Azure Marketplace](https://docs.microsoft.com/en-us/azure/marketplace/marketplace-publishers-guide) 4. [Submit your application to the Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/sell/nominate) - + \ No newline at end of file