From a2f27ca306618212d4b71121d70eb82800acd74e Mon Sep 17 00:00:00 2001 From: marknhenry Date: Wed, 19 Feb 2020 06:11:36 +0300 Subject: [PATCH 01/10] Update Variables.yml --- mlops/recipes/common/Variables.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mlops/recipes/common/Variables.yml b/mlops/recipes/common/Variables.yml index 3a77d71..ec5b9e4 100644 --- a/mlops/recipes/common/Variables.yml +++ b/mlops/recipes/common/Variables.yml @@ -1,6 +1,6 @@ variables: #IMPORTANT: Update BASE_NAME with your GLOBALLY unique name. Rules: No underscore, max 10 chars & all lower case - BASE_NAME: 'setu48' #used only during environment creation + BASE_NAME: 'mh-azureml' #used only during environment creation #If you want to use an existing workspace, change all the below values according to current setup WORKSPACE: '${{ variables.BASE_NAME }}-ws' RESOURCE_GROUP: '${{ variables.BASE_NAME }}-rg' From e1c4d6457b3f269f19aadcb5c5a56e786868634d Mon Sep 17 00:00:00 2001 From: marknhenry Date: Wed, 19 Feb 2020 06:14:52 +0300 Subject: [PATCH 02/10] fixed variables.yml --- mlops/recipes/IaC/ProvisionMLWorkspace.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mlops/recipes/IaC/ProvisionMLWorkspace.yml b/mlops/recipes/IaC/ProvisionMLWorkspace.yml index 736a0c1..72882ab 100644 --- a/mlops/recipes/IaC/ProvisionMLWorkspace.yml +++ b/mlops/recipes/IaC/ProvisionMLWorkspace.yml @@ -6,7 +6,7 @@ pool: vmImage: 'ubuntu-latest' variables: - - template: ../recipes/common/Variables.yml + - template: ../common/Variables.yml stages: - stage: CreateEnvironment From f658c687dd63f04ec16fcb4245f244e251bb07b0 Mon Sep 17 00:00:00 2001 From: Mark Henry Date: Wed, 19 Feb 2020 06:17:54 +0300 Subject: [PATCH 03/10] Update ProvisionMLWorkspace.yml for Azure Pipelines Fixing Recipe shortcuts --- mlops/recipes/IaC/ProvisionMLWorkspace.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mlops/recipes/IaC/ProvisionMLWorkspace.yml b/mlops/recipes/IaC/ProvisionMLWorkspace.yml index 72882ab..6396a06 100644 --- a/mlops/recipes/IaC/ProvisionMLWorkspace.yml +++ b/mlops/recipes/IaC/ProvisionMLWorkspace.yml @@ -30,7 +30,7 @@ stages: displayName: "Create Azure ML compute & AKS clusters" jobs: # Provision Azure ML compute cluster - - template: ../recipes/IaC/ProvisionAMLComputeCluster.yml + - template: ../IaC/ProvisionAMLComputeCluster.yml parameters: rm_service_connection: '${{ variables.RM_SERVICE_CONNECTION }}' workspace: '${{ variables.WORKSPACE }}' @@ -39,7 +39,7 @@ stages: aml_compute_cluster: '${{ variables.AML_COMPUTE_CLUSTER }}' # Provision AKS cluster - - template: ../recipes/IaC/ProvisionAKSCluster.yml + - template: ../IaC/ProvisionAKSCluster.yml parameters: rm_service_connection: '${{ variables.RM_SERVICE_CONNECTION }}' workspace: '${{ variables.WORKSPACE }}' From e99e903b2ce060ea032e796f4ec652ac7321518f Mon Sep 17 00:00:00 2001 From: marknhenry Date: Wed, 19 Feb 2020 06:44:33 +0300 Subject: [PATCH 04/10] MoreChanges --- mlops/recipes/common/Variables.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mlops/recipes/common/Variables.yml b/mlops/recipes/common/Variables.yml index ec5b9e4..b691477 100644 --- a/mlops/recipes/common/Variables.yml +++ b/mlops/recipes/common/Variables.yml @@ -1,9 +1,9 @@ variables: #IMPORTANT: Update BASE_NAME with your GLOBALLY unique name. Rules: No underscore, max 10 chars & all lower case - BASE_NAME: 'mh-azureml' #used only during environment creation + BASE_NAME: 'mh-azml' #used only during environment creation #If you want to use an existing workspace, change all the below values according to current setup WORKSPACE: '${{ variables.BASE_NAME }}-ws' - RESOURCE_GROUP: '${{ variables.BASE_NAME }}-rg' + RESOURCE_GROUP: 'mh-azureml2-rg' STORAGE_ACCOUNT: '${{ variables.BASE_NAME }}sa' KEY_VAULT: '${{ variables.BASE_NAME }}kv' APP_INSIGHTS: '${{ variables.BASE_NAME }}appins' From 46b6ef1b5f9612dbeb71c8e7976a3763a79cf431 Mon Sep 17 00:00:00 2001 From: marknhenry Date: Wed, 19 Feb 2020 06:49:47 +0300 Subject: [PATCH 05/10] Update Variables.yml --- mlops/recipes/common/Variables.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mlops/recipes/common/Variables.yml b/mlops/recipes/common/Variables.yml index b691477..66cc39e 100644 --- a/mlops/recipes/common/Variables.yml +++ b/mlops/recipes/common/Variables.yml @@ -1,6 +1,6 @@ variables: #IMPORTANT: Update BASE_NAME with your GLOBALLY unique name. Rules: No underscore, max 10 chars & all lower case - BASE_NAME: 'mh-azml' #used only during environment creation + BASE_NAME: 'mhazml' #used only during environment creation #If you want to use an existing workspace, change all the below values according to current setup WORKSPACE: '${{ variables.BASE_NAME }}-ws' RESOURCE_GROUP: 'mh-azureml2-rg' From 644beb450f5b2bb64f86b576fc15177cfcccb7b5 Mon Sep 17 00:00:00 2001 From: marknhenry Date: Wed, 19 Feb 2020 07:24:22 +0300 Subject: [PATCH 06/10] Update Variables.yml --- mlops/recipes/common/Variables.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mlops/recipes/common/Variables.yml b/mlops/recipes/common/Variables.yml index 66cc39e..af63893 100644 --- a/mlops/recipes/common/Variables.yml +++ b/mlops/recipes/common/Variables.yml @@ -14,7 +14,7 @@ variables: #Other configuration information AML_COMPUTE_SKU: 'STANDARD_DS4_V2' - LOCATION: 'eastus2' + LOCATION: 'westeurope' RM_SERVICE_CONNECTION: 'AzureResourceManagerConnection' #Details of individual models From 57d2f183a8407dad31600d956c1f996e5ae6ff54 Mon Sep 17 00:00:00 2001 From: marknhenry Date: Wed, 19 Feb 2020 07:42:11 +0300 Subject: [PATCH 07/10] Update Variables.yml --- mlops/recipes/common/Variables.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mlops/recipes/common/Variables.yml b/mlops/recipes/common/Variables.yml index af63893..8cc804b 100644 --- a/mlops/recipes/common/Variables.yml +++ b/mlops/recipes/common/Variables.yml @@ -3,7 +3,7 @@ variables: BASE_NAME: 'mhazml' #used only during environment creation #If you want to use an existing workspace, change all the below values according to current setup WORKSPACE: '${{ variables.BASE_NAME }}-ws' - RESOURCE_GROUP: 'mh-azureml2-rg' + RESOURCE_GROUP: 'mhazureml' STORAGE_ACCOUNT: '${{ variables.BASE_NAME }}sa' KEY_VAULT: '${{ variables.BASE_NAME }}kv' APP_INSIGHTS: '${{ variables.BASE_NAME }}appins' From a1c2871d308cf379a2a0a0f57fbd4f0e9977c81a Mon Sep 17 00:00:00 2001 From: marknhenry Date: Wed, 19 Feb 2020 10:48:32 +0300 Subject: [PATCH 08/10] Create MarksSetup.md --- docs/MarksSetup.md | 63 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 docs/MarksSetup.md diff --git a/docs/MarksSetup.md b/docs/MarksSetup.md new file mode 100644 index 0000000..63e2f7b --- /dev/null +++ b/docs/MarksSetup.md @@ -0,0 +1,63 @@ +# Setup Steps +## Step 1. The main Resource Group +Get `Owner` or `Contributor` access to a Resource Group from your __admin__. This is where you will create the workspace and other required resources. + +or + +Create a Resource Group on Azure (preferably with just letters and numbers) +## Step 2. Get and set the Repo +1. Fork this repo +2. Clone it to your machine +3. Navigate to `mlops\common\Variables.yml` and change the `RESOURCE_GROUP` to the resource group you created in step 1 +## 3. Check services on the subscription +Check if ACI(Azure Container Instance) service is registered in your subscription: Try executing the command from the Cloud Shell in the portal. Instructions [here](https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart). + If you dont have access, ask your __admin__. + + `az provider show -n Microsoft.ContainerInstance -o table` + + if not registered, run the below command (you need to be the subscription owner in order to execute this command successfully) + + `az provider register -n Microsoft.ContainerInstance` + + If you dont have access, ask your __admin__. + +## 4. Create an AD Service Account for an Application (Will be DevOps in a later Stage) +* On this link: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal, follow the steps in the following sections: +* Create an Azure Active Directory application +* Assign the application to a role + * Note: MAKE SURE ITS AN OWNER, NOT A CONTRIBUTOR +* Get values for signing in + * Note, grab the Application (client) ID, and the Directory (tenant) ID +* Create a new application secret + * Note it down with the Application ID and Tenant ID in previous step. You will need all 3 in + + + +## Step 5. DevOps Account +1. If you don't have Azure DevOps account, [create](https://dev.azure.com) one + +2. Login to Azure Devops -> Enable preview feature called `Multi Stage Pipeline`. Instructions [here](https://docs.microsoft.com/en-us/azure/devops/project/navigation/preview-features?view=azure-devops). +3. Create a project from the devops portal (top right of the portal). If you have trouble then refer to [docs](https://docs.microsoft.com/en-us/azure/devops/organizations/projects/create-project?view=azure-devops) +4. Create Azure Resource Manager Service connection. This is needed for azure devops to connect to your subscription and create/manage resources. + + Go to `project settings` in bottom left of devops portal & select `Service Connections` and setup a Resource Manager connection. You have few options: + * If you have `Contributor` or `Owner` access to the `Subscription` or a `Resource Group` + * Select `Service Principal (Automatic)` + * Select the scope of your choice (ideally select `Subscription` as scope and specific `Resource group`) + * Name of this Connection should be `AzureResourceManagerConnection`. Leave this checked `Allow all pipelines to use this connection`. + +5. The following step is needed for additional security for the prediction service that we will deploy. Inorder to treat the service endpoint URI and API key as `secret` in the devops pipeline, create a variable group: + 1. In Azure Devops leftnav, navigate to `Pipeline` -> `Library`. Create a new `Variable group` by clicking `+ Variable`. Name it `MLOPSVG` + 2. Open the group and select `Allow access to all pipelines` + 3. Add two new variables `TMP_API_KEY` and `TMP_SCORING_URI`. For the values enter any value e.g. `dummy`. Click the `Lock` icon in the value to mark it `Secret`. + 4. Add the following variables: + * RESOURCE_GROUP -> Resource + * SP_APP_ID -> Application (Client) ID + * SP_APP_SECRET -> Secret + * SUBSCRIPTION_ID -> Your subscription ID + * TENANT_ID -> Directory (Tenant) ID + +`Save` the changes to the Variable group + + +And you're done! \ No newline at end of file From 5cd5cee65fe56f599da20147b0dab2cfc96659b4 Mon Sep 17 00:00:00 2001 From: marknhenry Date: Wed, 19 Feb 2020 10:56:13 +0300 Subject: [PATCH 09/10] Updates to docs --- docs/MarksSetup.md | 63 ----------------------------- docs/Setup.md | 64 +++++++++++++++++++++++++++--- mlops/recipes/common/Variables.yml | 6 +-- 3 files changed, 62 insertions(+), 71 deletions(-) delete mode 100644 docs/MarksSetup.md diff --git a/docs/MarksSetup.md b/docs/MarksSetup.md deleted file mode 100644 index 63e2f7b..0000000 --- a/docs/MarksSetup.md +++ /dev/null @@ -1,63 +0,0 @@ -# Setup Steps -## Step 1. The main Resource Group -Get `Owner` or `Contributor` access to a Resource Group from your __admin__. This is where you will create the workspace and other required resources. - -or - -Create a Resource Group on Azure (preferably with just letters and numbers) -## Step 2. Get and set the Repo -1. Fork this repo -2. Clone it to your machine -3. Navigate to `mlops\common\Variables.yml` and change the `RESOURCE_GROUP` to the resource group you created in step 1 -## 3. Check services on the subscription -Check if ACI(Azure Container Instance) service is registered in your subscription: Try executing the command from the Cloud Shell in the portal. Instructions [here](https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart). - If you dont have access, ask your __admin__. - - `az provider show -n Microsoft.ContainerInstance -o table` - - if not registered, run the below command (you need to be the subscription owner in order to execute this command successfully) - - `az provider register -n Microsoft.ContainerInstance` - - If you dont have access, ask your __admin__. - -## 4. Create an AD Service Account for an Application (Will be DevOps in a later Stage) -* On this link: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal, follow the steps in the following sections: -* Create an Azure Active Directory application -* Assign the application to a role - * Note: MAKE SURE ITS AN OWNER, NOT A CONTRIBUTOR -* Get values for signing in - * Note, grab the Application (client) ID, and the Directory (tenant) ID -* Create a new application secret - * Note it down with the Application ID and Tenant ID in previous step. You will need all 3 in - - - -## Step 5. DevOps Account -1. If you don't have Azure DevOps account, [create](https://dev.azure.com) one - -2. Login to Azure Devops -> Enable preview feature called `Multi Stage Pipeline`. Instructions [here](https://docs.microsoft.com/en-us/azure/devops/project/navigation/preview-features?view=azure-devops). -3. Create a project from the devops portal (top right of the portal). If you have trouble then refer to [docs](https://docs.microsoft.com/en-us/azure/devops/organizations/projects/create-project?view=azure-devops) -4. Create Azure Resource Manager Service connection. This is needed for azure devops to connect to your subscription and create/manage resources. - - Go to `project settings` in bottom left of devops portal & select `Service Connections` and setup a Resource Manager connection. You have few options: - * If you have `Contributor` or `Owner` access to the `Subscription` or a `Resource Group` - * Select `Service Principal (Automatic)` - * Select the scope of your choice (ideally select `Subscription` as scope and specific `Resource group`) - * Name of this Connection should be `AzureResourceManagerConnection`. Leave this checked `Allow all pipelines to use this connection`. - -5. The following step is needed for additional security for the prediction service that we will deploy. Inorder to treat the service endpoint URI and API key as `secret` in the devops pipeline, create a variable group: - 1. In Azure Devops leftnav, navigate to `Pipeline` -> `Library`. Create a new `Variable group` by clicking `+ Variable`. Name it `MLOPSVG` - 2. Open the group and select `Allow access to all pipelines` - 3. Add two new variables `TMP_API_KEY` and `TMP_SCORING_URI`. For the values enter any value e.g. `dummy`. Click the `Lock` icon in the value to mark it `Secret`. - 4. Add the following variables: - * RESOURCE_GROUP -> Resource - * SP_APP_ID -> Application (Client) ID - * SP_APP_SECRET -> Secret - * SUBSCRIPTION_ID -> Your subscription ID - * TENANT_ID -> Directory (Tenant) ID - -`Save` the changes to the Variable group - - -And you're done! \ No newline at end of file diff --git a/docs/Setup.md b/docs/Setup.md index d94aa6d..63e2f7b 100644 --- a/docs/Setup.md +++ b/docs/Setup.md @@ -1,9 +1,63 @@ -# Setup +# Setup Steps +## Step 1. The main Resource Group +Get `Owner` or `Contributor` access to a Resource Group from your __admin__. This is where you will create the workspace and other required resources. -Complete the following steps +or -##### 1. [Setup Prerequsites](Prerequisites.md) +Create a Resource Group on Azure (preferably with just letters and numbers) +## Step 2. Get and set the Repo +1. Fork this repo +2. Clone it to your machine +3. Navigate to `mlops\common\Variables.yml` and change the `RESOURCE_GROUP` to the resource group you created in step 1 +## 3. Check services on the subscription +Check if ACI(Azure Container Instance) service is registered in your subscription: Try executing the command from the Cloud Shell in the portal. Instructions [here](https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart). + If you dont have access, ask your __admin__. -##### 2. [Setup Azure Devops Project](SetupAzureDevops.md) + `az provider show -n Microsoft.ContainerInstance -o table` -[Optional step] [Setup Local Development Environment](SetupLocalDevEnvironment.md): Not needed for this workshop. However do it if you would like to change the code and test it locally. + if not registered, run the below command (you need to be the subscription owner in order to execute this command successfully) + + `az provider register -n Microsoft.ContainerInstance` + + If you dont have access, ask your __admin__. + +## 4. Create an AD Service Account for an Application (Will be DevOps in a later Stage) +* On this link: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal, follow the steps in the following sections: +* Create an Azure Active Directory application +* Assign the application to a role + * Note: MAKE SURE ITS AN OWNER, NOT A CONTRIBUTOR +* Get values for signing in + * Note, grab the Application (client) ID, and the Directory (tenant) ID +* Create a new application secret + * Note it down with the Application ID and Tenant ID in previous step. You will need all 3 in + + + +## Step 5. DevOps Account +1. If you don't have Azure DevOps account, [create](https://dev.azure.com) one + +2. Login to Azure Devops -> Enable preview feature called `Multi Stage Pipeline`. Instructions [here](https://docs.microsoft.com/en-us/azure/devops/project/navigation/preview-features?view=azure-devops). +3. Create a project from the devops portal (top right of the portal). If you have trouble then refer to [docs](https://docs.microsoft.com/en-us/azure/devops/organizations/projects/create-project?view=azure-devops) +4. Create Azure Resource Manager Service connection. This is needed for azure devops to connect to your subscription and create/manage resources. + + Go to `project settings` in bottom left of devops portal & select `Service Connections` and setup a Resource Manager connection. You have few options: + * If you have `Contributor` or `Owner` access to the `Subscription` or a `Resource Group` + * Select `Service Principal (Automatic)` + * Select the scope of your choice (ideally select `Subscription` as scope and specific `Resource group`) + * Name of this Connection should be `AzureResourceManagerConnection`. Leave this checked `Allow all pipelines to use this connection`. + +5. The following step is needed for additional security for the prediction service that we will deploy. Inorder to treat the service endpoint URI and API key as `secret` in the devops pipeline, create a variable group: + 1. In Azure Devops leftnav, navigate to `Pipeline` -> `Library`. Create a new `Variable group` by clicking `+ Variable`. Name it `MLOPSVG` + 2. Open the group and select `Allow access to all pipelines` + 3. Add two new variables `TMP_API_KEY` and `TMP_SCORING_URI`. For the values enter any value e.g. `dummy`. Click the `Lock` icon in the value to mark it `Secret`. + 4. Add the following variables: + * RESOURCE_GROUP -> Resource + * SP_APP_ID -> Application (Client) ID + * SP_APP_SECRET -> Secret + * SUBSCRIPTION_ID -> Your subscription ID + * TENANT_ID -> Directory (Tenant) ID + +`Save` the changes to the Variable group + + +And you're done! \ No newline at end of file diff --git a/mlops/recipes/common/Variables.yml b/mlops/recipes/common/Variables.yml index 8cc804b..3a77d71 100644 --- a/mlops/recipes/common/Variables.yml +++ b/mlops/recipes/common/Variables.yml @@ -1,9 +1,9 @@ variables: #IMPORTANT: Update BASE_NAME with your GLOBALLY unique name. Rules: No underscore, max 10 chars & all lower case - BASE_NAME: 'mhazml' #used only during environment creation + BASE_NAME: 'setu48' #used only during environment creation #If you want to use an existing workspace, change all the below values according to current setup WORKSPACE: '${{ variables.BASE_NAME }}-ws' - RESOURCE_GROUP: 'mhazureml' + RESOURCE_GROUP: '${{ variables.BASE_NAME }}-rg' STORAGE_ACCOUNT: '${{ variables.BASE_NAME }}sa' KEY_VAULT: '${{ variables.BASE_NAME }}kv' APP_INSIGHTS: '${{ variables.BASE_NAME }}appins' @@ -14,7 +14,7 @@ variables: #Other configuration information AML_COMPUTE_SKU: 'STANDARD_DS4_V2' - LOCATION: 'westeurope' + LOCATION: 'eastus2' RM_SERVICE_CONNECTION: 'AzureResourceManagerConnection' #Details of individual models From e80243e67de3cae3216ae3e7b42913f469595d75 Mon Sep 17 00:00:00 2001 From: marknhenry Date: Wed, 19 Feb 2020 10:58:11 +0300 Subject: [PATCH 10/10] Update ProvisionMLWorkspace.yml --- mlops/recipes/IaC/ProvisionMLWorkspace.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mlops/recipes/IaC/ProvisionMLWorkspace.yml b/mlops/recipes/IaC/ProvisionMLWorkspace.yml index 6396a06..3855ebe 100644 --- a/mlops/recipes/IaC/ProvisionMLWorkspace.yml +++ b/mlops/recipes/IaC/ProvisionMLWorkspace.yml @@ -6,7 +6,7 @@ pool: vmImage: 'ubuntu-latest' variables: - - template: ../common/Variables.yml + - template: ../../recipes/common/Variables.yml stages: - stage: CreateEnvironment @@ -30,7 +30,7 @@ stages: displayName: "Create Azure ML compute & AKS clusters" jobs: # Provision Azure ML compute cluster - - template: ../IaC/ProvisionAMLComputeCluster.yml + - template: ../../recipes/IaC/ProvisionAMLComputeCluster.yml parameters: rm_service_connection: '${{ variables.RM_SERVICE_CONNECTION }}' workspace: '${{ variables.WORKSPACE }}' @@ -39,7 +39,7 @@ stages: aml_compute_cluster: '${{ variables.AML_COMPUTE_CLUSTER }}' # Provision AKS cluster - - template: ../IaC/ProvisionAKSCluster.yml + - template: ../../recipes/IaC/ProvisionAKSCluster.yml parameters: rm_service_connection: '${{ variables.RM_SERVICE_CONNECTION }}' workspace: '${{ variables.WORKSPACE }}'