From d22be1de91cff789f5c25b47d8c045fbdcbbbf59 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Tue, 14 Nov 2023 16:44:30 +0800 Subject: [PATCH 01/10] Fix 301-machine-learning-hub-spoke-secure --- quickstart/301-machine-learning-hub-spoke-secure/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quickstart/301-machine-learning-hub-spoke-secure/main.tf b/quickstart/301-machine-learning-hub-spoke-secure/main.tf index 074cec954..162f55f9b 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/main.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/main.tf @@ -8,7 +8,7 @@ terraform { } azureml = { - source = "registry.terraform.io/Telemaco019/azureml" + source = "registry.terraform.io/orobix/azureml" } } } @@ -29,4 +29,4 @@ resource "azurerm_resource_group" "hub_rg" { name = "rg-hub-${var.name}-${var.environment}" location = var.location -} \ No newline at end of file +} From 1c87d07e50929b71416963963d6726370d069765 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 11:25:29 +0800 Subject: [PATCH 02/10] update code --- quickstart/301-machine-learning-hub-spoke-secure/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickstart/301-machine-learning-hub-spoke-secure/main.tf b/quickstart/301-machine-learning-hub-spoke-secure/main.tf index 162f55f9b..cdafd5ea3 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/main.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=2.78.0" + version = ">=2.78.0" } azureml = { From 8e043824c62784be4e2cc63ed6d7803fb40a9750 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 11:31:52 +0800 Subject: [PATCH 03/10] update code --- .../301-machine-learning-hub-spoke-secure/azure-firewall.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf b/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf index 6293ab1cb..20d61d9f6 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf @@ -48,6 +48,8 @@ resource "azurerm_firewall" "azure_firewall_instance" { location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.hub_rg.name firewall_policy_id = azurerm_firewall_policy.base_policy.id + sku_name = "AZFW_Hub" + sku_tier = "Standard" ip_configuration { name = "configuration" @@ -487,4 +489,4 @@ resource "azurerm_firewall_policy_rule_collection_group" "azure_firewall_rules_c azurerm_ip_group.ip_group_hub, azurerm_ip_group.ip_group_spoke ] -} \ No newline at end of file +} From 5df4e97fe48e7f0a665ded695e3f9e13f649a490 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Wed, 15 Nov 2023 11:32:56 +0800 Subject: [PATCH 04/10] update code --- .../301-machine-learning-hub-spoke-secure/azure-firewall.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf b/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf index 20d61d9f6..dd19174d5 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf @@ -48,7 +48,7 @@ resource "azurerm_firewall" "azure_firewall_instance" { location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.hub_rg.name firewall_policy_id = azurerm_firewall_policy.base_policy.id - sku_name = "AZFW_Hub" + sku_name = "AZFW_VNet" sku_tier = "Standard" ip_configuration { From a7dac1f1cee44647a8068d3df4a7beee0f24ce2f Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Thu, 16 Nov 2023 11:15:14 +0800 Subject: [PATCH 05/10] update code --- quickstart/301-machine-learning-hub-spoke-secure/variables.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/quickstart/301-machine-learning-hub-spoke-secure/variables.tf b/quickstart/301-machine-learning-hub-spoke-secure/variables.tf index 9618d98c6..d2969abaa 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/variables.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/variables.tf @@ -1,6 +1,7 @@ variable "name" { type = string description = "Name of the deployment" + default = "exampleml" } variable "environment" { @@ -89,5 +90,6 @@ variable "dsvm_admin_username" { variable "dsvm_host_password" { type = string description = "Password for the admin username of the Data Science VM" + default = "ChangeMe123!" sensitive = true -} \ No newline at end of file +} From 81b87ca4bed7a21fb9a37f29b0eecf4bbedabd4e Mon Sep 17 00:00:00 2001 From: hezijie Date: Fri, 5 Jan 2024 16:21:32 +0800 Subject: [PATCH 06/10] try to fix --- .../azure-firewall.tf | 14 +++++++++----- .../compute.tf | 2 +- .../301-machine-learning-hub-spoke-secure/dsvm.tf | 2 +- .../301-machine-learning-hub-spoke-secure/main.tf | 4 +++- .../workspace.tf | 2 +- 5 files changed, 15 insertions(+), 9 deletions(-) diff --git a/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf b/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf index dd19174d5..a45c5930d 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf @@ -3,7 +3,7 @@ resource "random_string" "fw_diag_prefix" { length = 8 upper = false special = false - number = false + numeric = false } resource "azurerm_ip_group" "ip_group_hub" { name = "hub-ipgroup" @@ -160,10 +160,12 @@ resource "azurerm_firewall_policy_rule_collection_group" "azure_firewall_rules_c port = 80 } source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] - destination_fqdns = ["crl.microsoft.com", + destination_fqdns = [ + "crl.microsoft.com", "mscrl.microsoft.com", "crl3.digicert.com", - "ocsp.digicert.com"] + "ocsp.digicert.com" + ] } rule { @@ -207,10 +209,12 @@ resource "azurerm_firewall_policy_rule_collection_group" "azure_firewall_rules_c port = 443 } source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] - destination_fqdns = ["acs-mirror.azureedge.net", + destination_fqdns = [ + "acs-mirror.azureedge.net", "*.docker.io", "production.cloudflare.docker.com", - "*.azurecr.io"] + "*.azurecr.io" + ] } rule { diff --git a/quickstart/301-machine-learning-hub-spoke-secure/compute.tf b/quickstart/301-machine-learning-hub-spoke-secure/compute.tf index 520031a73..6932d79ea 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/compute.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/compute.tf @@ -11,7 +11,7 @@ resource "azurerm_machine_learning_compute_instance" "compute_instance" { name = "${random_string.ci_prefix.result}instance" location = azurerm_resource_group.default.location machine_learning_workspace_id = azurerm_machine_learning_workspace.default.id - virtual_machine_size = "STANDARD_DS2_V2" + virtual_machine_size = "STANDARD_DS_V2" subnet_resource_id = azurerm_subnet.snet-training.id depends_on = [ diff --git a/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf b/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf index 204e9b6ee..4cf150673 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf @@ -17,7 +17,7 @@ resource "azurerm_windows_virtual_machine" "dsvm" { network_interface_ids = [ azurerm_network_interface.dsvm.id ] - size = "Standard_DS3_v2" + size = "Standard_D1_v2" source_image_reference { publisher = "microsoft-dsvm" diff --git a/quickstart/301-machine-learning-hub-spoke-secure/main.tf b/quickstart/301-machine-learning-hub-spoke-secure/main.tf index cdafd5ea3..2145330fe 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/main.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/main.tf @@ -19,8 +19,10 @@ provider "azurerm" { data "azurerm_client_config" "current" {} +resource "random_pet" "pet" {} + resource "azurerm_resource_group" "default" { - name = "rg-${var.name}-${var.environment}" + name = "rg-${var.name}-${var.environment}-${random_pet.pet.id}" location = var.location } diff --git a/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf b/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf index 1b205537e..a92832f8a 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf @@ -8,7 +8,7 @@ resource "azurerm_application_insights" "default" { } resource "azurerm_key_vault" "default" { - name = "kv-${var.name}-${var.environment}" + name = substr("kv-${var.name}-${var.environment}-${random_pet.pet.id}", 0, 24) location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name tenant_id = data.azurerm_client_config.current.tenant_id From 41b6e0dcd113076a16bece17542ff4456f59d01d Mon Sep 17 00:00:00 2001 From: hezijie Date: Fri, 5 Jan 2024 16:31:42 +0800 Subject: [PATCH 07/10] add random suffix, change rg name --- .../301-machine-learning-hub-spoke-secure/main.tf | 2 +- .../workspace.tf | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/quickstart/301-machine-learning-hub-spoke-secure/main.tf b/quickstart/301-machine-learning-hub-spoke-secure/main.tf index 2145330fe..ffaa2e7c9 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/main.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/main.tf @@ -22,7 +22,7 @@ data "azurerm_client_config" "current" {} resource "random_pet" "pet" {} resource "azurerm_resource_group" "default" { - name = "rg-${var.name}-${var.environment}-${random_pet.pet.id}" + name = "301mlhss-${var.name}-${var.environment}-${random_pet.pet.id}" location = var.location } diff --git a/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf b/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf index a92832f8a..6bf3db19e 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf @@ -21,8 +21,14 @@ resource "azurerm_key_vault" "default" { } } +resource "random_string" "suffix" { + length = 6 + upper = false + special = false +} + resource "azurerm_storage_account" "default" { - name = "st${var.name}${var.environment}" + name = "st${var.name}${var.environment}${random_string.suffix.result}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name account_tier = "Standard" @@ -36,7 +42,7 @@ resource "azurerm_storage_account" "default" { } resource "azurerm_container_registry" "default" { - name = "cr${var.name}${var.environment}" + name = "cr${var.name}${var.environment}${random_string.suffix.result}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name sku = "Premium" @@ -50,7 +56,7 @@ resource "azurerm_container_registry" "default" { # Machine Learning workspace resource "azurerm_machine_learning_workspace" "default" { - name = "mlw-${var.name}-${var.environment}" + name = "mlw-${var.name}-${var.environment}${random_string.suffix.result}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name application_insights_id = azurerm_application_insights.default.id @@ -65,7 +71,7 @@ resource "azurerm_machine_learning_workspace" "default" { # Args of use when using an Azure Private Link configuration public_network_access_enabled = false image_build_compute_name = var.image_build_compute_name - depends_on = [ + depends_on = [ azurerm_firewall.azure_firewall_instance, azurerm_private_endpoint.kv_ple, azurerm_private_endpoint.st_ple_blob, From e99a105b15cf76ab340e16dc6af19326fea3ae9e Mon Sep 17 00:00:00 2001 From: hezijie Date: Fri, 5 Jan 2024 16:41:54 +0800 Subject: [PATCH 08/10] add random suffix, change rg name --- quickstart/301-machine-learning-hub-spoke-secure/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickstart/301-machine-learning-hub-spoke-secure/main.tf b/quickstart/301-machine-learning-hub-spoke-secure/main.tf index ffaa2e7c9..9ea9fba58 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/main.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/main.tf @@ -28,7 +28,7 @@ resource "azurerm_resource_group" "default" { #Hub Resource Group resource "azurerm_resource_group" "hub_rg" { - name = "rg-hub-${var.name}-${var.environment}" + name = "301mlhss-hub-${var.name}-${var.environment}-${random_pet.pet.id}" location = var.location } From 419557bc861f8829e13c353fff714284078bf3f0 Mon Sep 17 00:00:00 2001 From: hezijie Date: Fri, 5 Jan 2024 16:59:53 +0800 Subject: [PATCH 09/10] downgrade vm disk type --- quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf b/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf index 4cf150673..8ac8cc3c2 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf @@ -29,7 +29,7 @@ resource "azurerm_windows_virtual_machine" "dsvm" { os_disk { name = "osdisk-${var.dsvm_name}" caching = "ReadWrite" - storage_account_type = "Premium_LRS" + storage_account_type = "Standard_LRS" } identity { From 1aa4dfd49e5fd3ff9f23ffef27be1b0fd29cec93 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 5 Jan 2024 13:27:27 +0000 Subject: [PATCH 10/10] try to fix --- quickstart/301-machine-learning-hub-spoke-secure/compute.tf | 2 +- quickstart/301-machine-learning-hub-spoke-secure/main.tf | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/quickstart/301-machine-learning-hub-spoke-secure/compute.tf b/quickstart/301-machine-learning-hub-spoke-secure/compute.tf index 6932d79ea..0d352c33e 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/compute.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/compute.tf @@ -11,7 +11,7 @@ resource "azurerm_machine_learning_compute_instance" "compute_instance" { name = "${random_string.ci_prefix.result}instance" location = azurerm_resource_group.default.location machine_learning_workspace_id = azurerm_machine_learning_workspace.default.id - virtual_machine_size = "STANDARD_DS_V2" + virtual_machine_size = "STANDARD_D2_V2" subnet_resource_id = azurerm_subnet.snet-training.id depends_on = [ diff --git a/quickstart/301-machine-learning-hub-spoke-secure/main.tf b/quickstart/301-machine-learning-hub-spoke-secure/main.tf index 9ea9fba58..08d80758a 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/main.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/main.tf @@ -14,7 +14,11 @@ terraform { } provider "azurerm" { - features {} + features { + resource_group { + prevent_deletion_if_contains_resources = false + } + } } data "azurerm_client_config" "current" {}