Add example Managed Application template. (#50)

* WIP: initial managedapp templates work. NOTE this is not a real Moodle managed app, it's just the documentation using a sample managed app. I'll make it a real Moodle app soon. See #43. * Add a cleanup script. Separate the Environment setup for easy reuse. some bug fixes. * WIP: Start the move to using the real Moodle templates. Still doesn't work though, got a problem with coercing the SSH key in the CLI and the CreateUIDef is not working on the config blade in the portal. Part of #43 * note we create our own SSH key * fix typo in type name * split monolithic doc into parts * Fix invalid parameters-template.json and some typos * Addressing PR feedback * Fix typos in createUIDefinition.json * Add more param values to parameters-template.json for minimum size and faster deployment * make mysql the default db * update expected results to match ne RG naming * WIP: initial managedapp templates work. NOTE this is not a real Moodle managed app, it's just the documentation using a sample managed app. I'll make it a real Moodle app soon. See #43. * Add a cleanup script. Separate the Environment setup for easy reuse. some bug fixes. * WIP: Start the move to using the real Moodle templates. Still doesn't work though, got a problem with coercing the SSH key in the CLI and the CreateUIDef is not working on the config blade in the portal. Part of #43 * note we create our own SSH key * fix typo in type name * split monolithic doc into parts * Fix invalid parameters-template.json and some typos * Addressing PR feedback * Fix typos in createUIDefinition.json * Add more param values to parameters-template.json for minimum size and faster deployment * make mysql the default db * update expected results to match ne RG naming
2018-03-16 13:23:34 -07:00 · 2018-03-16 13:23:34 -07:00 · 08e396dec8
--- a/docs/Deploy.md
+++ b/docs/Deploy.md
@ -52,8 +52,10 @@ defaults create a scalable cluster that is suitable for low volume
 testing. If you are building out a production service you should
 review the section below on sizing considerations. For now we will
 proceed with the defaults, but there is one value, the `sshPublicKey`
-that **must** be provided. To automatically add your default SSH key
-(in Bash) use the following command:
+that **must** be provided. The following command will replace the
+placeholder in the parameters template file with an SSH key used for
+testing puporses (this is created as part of the envrionment setup in
+the prerequisites):

 ``` bash
 ssh_pub_key=`cat $MOODLE_SSH_KEY_FILENAME.pub`
--- a/managedApplication/Cleanup.md
+++ b/managedApplication/Cleanup.md
@ -0,0 +1,50 @@
+# Cleaning up a Test Deployment
+
+If you worked through the documentation in this section you will have
+created a nubmer of resources and at least one entry into your Service
+Catalog. This document will explain how to remove them all.
+
+## Prerequisites
+
+We need to ensure the [variables](Environment.md) are set up correctly.
+
+## Azure Active Directory
+
+``` bash
+MOODLE_MANAGED_APP_AD_ID=$(az ad group list --filter="displayName eq '$MOODLE_MANAGED_APP_OWNER_GROUP_NAME'" --query [*].objectId --output tsv)
+az ad group delete --group $MOODLE_MANAGED_APP_AD_ID
+```
+
+## Remove the Service Catalog Entry
+
+``` bash
+az managedapp definition delete --resource-group $MOODLE_SERVICE_CATALOG_RG_NAME --ids $MOODLE_MANAGED_APP_ID
+```
+
+### Service catalog resource group
+
+If you create a resource group solely for the managed application you
+are now deleting you can safely remove its resource group:
+
+``` bash
+az group delete --name $MOODLE_SERVICE_CATALOG_RG_NAME --yes
+```
+
+## Managed Application
+
+By deleting the managed application Azure will automatically delete
+the managed application infrastructure resource group as well (this
+was created as part of the managed application deployment).
+
+First we need the application ID.
+
+``` bash
+MOODLE_DEPLOYMENT_ID=$(az managedapp show --resource-group $MOODLE_DEPLOYMENT_RG_NAME --name $MOODLE_DEPLOYMENT_NAME)
+```
+
+Now we have the ID we can delete the application.
+
+``` bash
+az managedapp delete --resource-group $MOODLE_DEPLOYMENT_RG_NAME --ids $MOODLE_DEPLOYMENT_ID
+```
+
--- a/managedApplication/DeployMoodleManagedApp.md
+++ b/managedApplication/DeployMoodleManagedApp.md
@ -0,0 +1,108 @@
+# Deploy a Moodle Based Managed Application into a Customer's Subscription
+
+In this tutorial we'll demonstrate how your customers will deploy an
+instance of your Moodle Based Managed Application in their
+subscription.
+
+## Prerequisites
+
+In order for the following steps to work you must first have
+[published a Moodle Based Managed Application](PublishMoodleManagedApplication.md)
+into your service catalog.
+
+## Consume the Managed Application
+
+Once the Moodle on Azure Managed Application is published to your
+service catalog you can now depoloy it from within the portal or using
+the CLI. In the following commands we'll see how to do this in the CLI.
+
+### Setup a Resource Group for the Application
+
+First we need to get the id of the application. This was returned in
+the output of the command to create the service catalog entry.
+However, we'll use the CLI to retrieve it and record it into a
+variable:
+
+``` bash
+MOODLE_MANAGED_APP_ID=$(az managedapp definition show --name $MOODLE_MANAGED_APP_NAME --resource-group $MOODLE_SERVICE_CATALOG_RG_NAME --query id --output tsv)
+```
+
+Create the application resource group, this is the group in which the
+customer will see the managed application.
+
+``` bash
+az group create --name $MOODLE_DEPLOYMENT_RG_NAME --location=$MOODLE_DEPLOYMENT_LOCATION
+```
+
+Results:
+
+``` json
+{
+    "id": "/subscriptions/325e7c34-99fb-4190-aa87-1df746c67705/resourceGroups/MoodleManagedApp",
+    "location": "southcentralus",
+    "managedBy": null,
+    "name": "MoodleManagedApp",
+    "properties": {
+        "provisioningState": "Succeeded"
+    },
+    "tags": null
+}
+```
+
+### Customer Deployment
+
+When a customer wants to deploy an application they can do so using
+either the Portal or the CLI. In this section we'll look at how this
+is done in the CLI.
+
+#### Providing Parameters
+
+If we were using the portal our `CreateUIDefinition.json` file would
+be used to create a user interface to define the parameters needed in
+`mainTemplate.json`. When using the CLI we need to provide parameter
+values for any parameters that don't have a default. To make it easier
+to manage we'll put these parameter values into environment variables.
+
+For convenience our `mainTemplate.json` file has defaults for all
+values. This means that there is no need to provide parameters in the
+commandline, though you can override the defaults if you want to by
+adding the `--parameters` attribute. This attribute can take either
+a JSON string or a filename (preceded with an '@', e.g. '--parameters @parameters.json`) containing a JSON
+definition for the paramters, e.g.
+
+    {
+        "parameterName": {
+            "value": "some value"
+        },
+        "anotherParameterName": {
+            "value": "another value"
+        }
+    }
+
+The Moodle template provides sensible defaults for almost every
+parameter, the one exception to this is the SSH Public Key, used to
+provide secure access to the VMs. For this example we will use the
+defaults for all parameters, but we still need to create a parameters
+file. A template file is provided here (see
+`parameters-template.json`). The following command will replace the
+placeholder in the parameters template file with an SSH key used for
+testing puporses (this is created as part of the envrionment setup in
+the prerequisites):
+
+``` bash
+ssh_pub_key=`cat $MOODLE_SSH_KEY_FILENAME.pub`
+echo $ssh_pub_key
+sed "s|GEN-SSH-PUB-KEY|$ssh_pub_key|g" parameters-template.json > $MOODLE_MANAGED_APP_WORKSPACE/$MOODLE_DEPLOYMENT_NAME/parameters.json
+```
+
+If you want to have more control over the deployment configuration
+simply add parameters to the template file and use that to create
+parameter files for specific deployments.
+
+### Deploying the application
+
+Deploy the managed application and corresponding infrastructure.
+
+``` bash
+az managedapp create --name $MOODLE_DEPLOYMENT_NAME --location $MOODLE_DEPLOYMENT_LOCATION --kind ServiceCatalog --resource-group $MOODLE_DEPLOYMENT_RG_NAME --managedapp-definition-id $MOODLE_MANAGED_APP_ID --managed-rg-id $MOODLE_MANAGED_RG_ID --parameters @$MOODLE_MANAGED_APP_WORKSPACE/$MOODLE_DEPLOYMENT_NAME/parameters.json
+```
--- a/managedApplication/Environment.md
+++ b/managedApplication/Environment.md
@ -0,0 +1,65 @@
+# Setup Environment
+
+For convenience most of the configuration values we need to create and
+manage our Moodle Managed Application we'll create a numer of
+Environment Variables. In order to store any generated files and
+configurations we will also create a workspace.
+
+NOTE: If you are running these scripts through SimDem you can
+customize these values by copying and editing `env.json` into
+`env.local.json`.
+
+## Setup for Publishing the Moodle Managed Application
+
+``` bash
+MOODLE_MANAGED_APP_OWNER_GROUP_NAME=MoodleOwner
+MOODLE_MANAGED_APP_OWNER_NICKNAME=MoodleOwner
+MOODLE_SERVICE_CATALOG_LOCATION=southcentralus
+MOODLE_SERVICE_CATALOG_RG_NAME=MoodleManagedAppServiceCatalogRG
+MOODLE_MANAGED_APP_NAME=MoodleManagedApp
+MOODLE_MANAGED_APP_LOCK_LEVEL=ReadOnly
+MOODLE_MANAGED_APP_DISPLAY_NAME=Moodle
+MOODLE_MANAGED_APP_DESCRIPTION="Moodle on Azure as a Managed Application"
+```
+
+## Setup for Consuming the Moodle Managed Application
+
+Create an id for the resource group that will be managed by the
+managed application provider. This is the resource group that
+infrastructure will be deployed into. The end user does not,
+generally, manage this group.
+
+``` bash
+SUBSCRIPTION_ID=$(az account show --query id --output tsv)
+MOODLE_MANAGED_RG_ID=/subscriptions/$SUBSCRIPTION_ID/resourceGroups/MoodleInfrastructure
+```
+
+We'll also need a resource group for the application deployment. This is the
+resource group into which the application is deployed. This is the resource group that
+the provider of the managed application will have access to.
+
+``` bash
+MOODLE_DEPLOYMENT_RG_NAME=MoodleManagedAppRG
+MOODLE_DEPLOYMENT_LOCATION=southcentralus
+MOODLE_DEPLOYMENT_NAME=MoodleManagedApp
+```
+
+## Workspace
+
+We need a workspace for storing configuration files and other
+per-deployment artifacts:
+
+``` shell
+MOODLE_MANAGED_APP_WORKSPACE=~/.moodle
+mkdir -p $MOODLE_MANAGED_APP_WORKSPACE/$MOODLE_DEPLOYMENT_NAME
+```
+
+## SSH Key
+
+We use SSH for secure communication with our hosts. The following line
+will check there is a valid SSH key available and, if not, create one.
+
+```
+MOODLE_SSH_KEY_FILENAME=~/.ssh/moodle_managedapp_id_rsa
+if [ ! -f "$MOODLE_SSH_KEY_FILENAME" ]; then ssh-keygen -t rsa -N "" -f $MOODLE_SSH_KEY_FILENAME; fi
+```
--- a/managedApplication/PublishMoodleManagedApplication.md
+++ b/managedApplication/PublishMoodleManagedApplication.md
@ -0,0 +1,166 @@
+# Publish a Moodle Based Managed Appliction to Service Catalog
+
+In this document we will look at how to publish a Moodle based Managed
+Application into your Service Catalog so that you can allow your
+customers to deploy the application into their subscriptions. If you
+are not sure why you would do this you might want to read our [Moodle
+Based Managed Application Introduction](README.md) first.
+
+## Prerequisites
+
+In the following sections we demonstrate how to use the Azure CLI to
+work with a Moodle based Managed Application. For convenience these
+commands use a variety of [environment variables](Environment.md) that
+should be configured first.
+
+## Defining the Resources (mainTemplate.json)
+
+The `mainTemplate.json` file defines the Azure resources that are
+provisioned as part of the managed application. We've already done the
+majority of the work here for you (see `azuredeploy.json` in the root
+of this repository). The `mainTemplate.json` file is where you
+customize the configuration and, optionally, add additional resources.
+
+For the purposes of our demo we will use the ARM template from the
+root of our project as the main tamplate.
+
+This file is a regular [Azure Resource Manager template](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview).
+
+## User Interface Definition (createUIDefinition.json)
+
+The `createUIDefinition.json` file describes the user interface needed
+to configure the managed application. It defines how the user provides
+input for each of the parameters (specified in `mainTemplate.json`).
+
+An initial `createUIDefinition.json` file is provided in
+`managedApplication/creatueUIDefinition.json`. This files is
+sufficient to get you started building your own Moodle based Managed
+Applications.
+
+See [Create UI Definition
+documentation](https://docs.microsoft.com/en-us/azure/managed-applications/create-uidefinition-overview) for more information.
+
+## Create an Azure Active Directory User Group or Application
+
+You will need to create one ore more user group or appliction in Azure
+Active Directory to allow you to manage the applications resources on
+behalf of your customer. These groups or application can be given any
+built-in Role-Based Access Control (RBAC) role, such as 'Owner' or
+'Contributor'. By creating more than one such group or application you
+can configure access to your customers resources based on the specific
+needs of each role in your organization.
+
+Azure has full documentation on [creating a group in Azure Active
+Directory](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-create-azure-portal). The commands below will create a single 'owner' role for
+use in the examples below.
+
+If the Group already exists we don't want to create a new one, so we
+will try to get the Group ID first:
+
+``` bash
+MOODLE_MANAGED_APP_AD_ID=$(az ad group list --filter="displayName eq '$MOODLE_MANAGED_APP_OWNER_GROUP_NAME'" --query [0].objectId --output tsv)
+```
+
+At this point MOODLE_MANAGED_APP_AD_ID will either be empty or it will have the ID of an existing group. If it is empty we need to create the group and grab its ID:
+
+``` bash
+if [ -z "$MOODLE_MANAGED_APP_AD_ID" ]; then az ad group create --display-name $MOODLE_MANAGED_APP_OWNER_GROUP_NAME --mail-nickname=$MOODLE_MANAGED_APP_OWNER_NICKNAME; fi
+```
+
+Let's ensure that we have the object ID even if we created a new one.
+
+``` bash
+MOODLE_MANAGED_APP_AD_ID=$(az ad group list --filter="displayName eq '$MOODLE_MANAGED_APP_OWNER_GROUP_NAME'" --query [0].objectId --output tsv)
+```
+
+You will also need the Role ID for your chosen role, here we will use
+the built-in 'Owner' role:
+
+``` bash
+MOODLE_MANAGED_APP_ROLE_ID=$(az role definition list --name Owner --query [].name --output tsv)
+```
+
+The Azure documentation has more information on how to work with [Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/manage-access-to-azure-resources).
+
+## Create a Resource Group for the Managed Application Service Catalog Entry
+
+``` bash
+az group create --name $MOODLE_SERVICE_CATALOG_RG_NAME --location $MOODLE_SERVICE_CATALOG_LOCATION
+```
+
+## Publish to your Service Catalog using Azure CLI
+
+You can publish a Managed Application definition into your Service Catalog using
+the Azure CLI. For convenience we'll set a few environment variables
+to make it easier to work with the application. We'll need to construct
+the authorization configuration from the app and role IDs retrieved
+earlier.
+
+``` bash
+MOODLE_MANAGED_APP_AUTHORIZATIONS=$MOODLE_MANAGED_APP_AD_ID:$MOODLE_MANAGED_APP_ROLE_ID
+```
+
+The following command will add your managed application definition to the Service Catalog.
+
+``` bash
+az managedapp definition create --name $MOODLE_MANAGED_APP_NAME --location $MOODLE_SERVICE_CATALOG_LOCATION --resource-group $MOODLE_SERVICE_CATALOG_RG_NAME --lock-level $MOODLE_MANAGED_APP_LOCK_LEVEL --display-name $MOODLE_MANAGED_APP_DISPLAY_NAME --description "$MOODLE_MANAGED_APP_DESCRIPTION" --authorizations="$MOODLE_MANAGED_APP_AUTHORIZATIONS" --main-template=@../azuredeploy.json --create-ui-definition=@createUIDefinition.json
+```
+
+Results:
+
+``` json
+{
+  "artifacts": [
+    {
+        "name": "ApplicationResourceTemplate",
+        "type": "Template",
+        "uri": "https://prdsapplianceprodsn01.blob.core.windows.net/applicationdefinitions/84205_325E7C3499FB4190AA871DF746C67705_8D748DA35A5166F6BF319C41398E89D9953014D8/applicationResourceTemplate.json?sv=2014-02-14&sr=b&sig=PyYyl6dzf0vVyrde2yJZ73h6h9fqbXHwMJuXf0lGFr8%3D&se=2118-03-15T21:33:33Z&sp=r"
+    },
+    {
+        "name": "CreateUiDefinition",
+        "type": "Custom",
+        "uri": "https://management.azure.com/subscriptions/325e7c34-99fb-4190-aa87-1df746c67705/resourceGroups/MoodleManagedAppServiceCatalogRG/providers/Microsoft.Solutions/applicationDefinitions/MoodleManagedApp/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"
+    }
+  ],
+  "authorizations": [
+    {
+      "principalId": "fdc3f6fb-cc24-4182-9943-b63e0ed67285",
+      "roleDefinitionId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
+    }
+  ],
+  "createUiDefinition": null,
+  "description": "Moodle on Azure as a Managed Application",
+  "displayName": "Moodle",
+  "id": "/subscriptions/325e7c34-99fb-4190-aa87-1df746c67705/resourceGroups/MoodleManagedAppServiceCatalogRG/providers/Microsoft.Solutions/applicationDefinitions/MoodleManagedApp",
+  "identity": null,
+  "isEnabled": "True",
+  "location": "southcentralus",
+  "lockLevel": "ReadOnly",
+  "mainTemplate": null,
+  "managedBy": null,
+  "name": "MoodleManagedApp",
+  "packageFileUri": null,
+  "resourceGroup": "MoodleManagedAppServiceCatalogRG",
+  "sku": null,
+  "tags": null,
+  "type": "Microsoft.Solutions/applicationDefinitions"
+}
+```
+
+### [OPTIONAL] Package the files
+
+The `mainTemplate.json` and `createUIDefinition.json` files can be
+packaged together in a zip file. Both files should be at the root level
+of the zip. Once created the package needs to be uploaded to a location accessible
+to Azure. We've published the samples to GitHub so you can experiment
+with minimal effort.
+
+To use a package file remove the `--create-ui-definition` and
+`--main-tamplate` arguments from the above CLI command instead provide
+a URI for the package using `--package-file-uri` argument.
+
+## Next Steps
+
+Now that you have published a Moodle based Managed Application on Azure you can:
+
+  1. [Deploy Moodle into Customer Subscription](DeployMoodleManagedApp.md)
--- a/managedApplication/README.md
+++ b/managedApplication/README.md
@ -0,0 +1,43 @@
+# Azure Managed Application
+
+Azure Managed Applications enable you to offer your Moodle based
+solutions to internal and external customers. You define the
+infrastructure for the solution, using the ARM templates in this
+repository as a starting point, along with the terms for ongoing
+management of the solution. The billing for your solution is handled
+through Azure billing.
+
+## Why Managed Applications?
+
+Managed applications reduce barriers to consumers using your
+solutions. They do not need expertise in cloud infrastructure to use
+your solution. Consumers have limited access to the critical
+resources. They do not need to worry about making a mistake when
+managing it.
+
+Managed applications enable you to establish an ongoing relationship
+with your consumers. You define terms for managing the application,
+and all charges are handled through Azure billing.
+
+Although customers deploy these managed applications in their
+subscriptions, they don't have to maintain, update, or service them.
+That is something you provide as a service to the customer. You can
+ensure that all customers are using approved versions. Customers don't
+have to develop application-specific domain knowledge to manage these
+applications. Customers automatically acquire application updates
+without the need to worry about troubleshooting and diagnosing issues
+with the applications.
+
+For IT teams, managed applications enable you to offer pre-approved
+solutions to users in the organization. You ensure these solutions are
+compliant with organizational standards.
+
+Read more about [Managed
+Applications](https://docs.microsoft.com/en-us/azure/managed-applications/overview),
+or keep reading here to see how to quickly get started providing your
+own Moodle based services as Managed Applications.
+
+## Next Steps
+
+  1. [Publish a Managed Application Definition](PublishMoodleManagedApplication.md)
+  2. [Deploy a Moodle Based Managed Application](DeployMoodleManagedApp.md)
--- a/managedApplication/createUIDefinition.json
+++ b/managedApplication/createUIDefinition.json
@ -0,0 +1,39 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+    "handler": "Microsoft.Compute.MultiVm",
+    "version": "0.1.2-preview",
+    "parameters": {
+        "basics": [
+            {}
+        ],
+        "steps": [
+            {
+                "name": "credentialsConfig",
+                "label": "VM Credentials",
+                "subLabel": {
+                    "preValidation": "Provide credentials for accessing the VMs in your application.",
+                    "postValidation": "Credentials configured."
+                },
+                "bladeTitle": "Credentials",
+                "elements": [
+                    {
+                        "name": "sshPublicKey",
+                        "type": "Microsoft.Common.TextBox",
+                        "label": "SSH Public Key",
+                        "toolTip": "Public SSH Key to use for access",
+                        "constraints": {
+                            "required": true
+                        }
+                    }
+                ]
+            }
+        ],
+        "outputs": {
+            "sshPublicKey": "[steps('credentialsConfig').sshPublicKey]"
+        }
+    }
+}
+
+        
+
+                
--- a/managedApplication/parameters-template.json
+++ b/managedApplication/parameters-template.json
@ -0,0 +1,8 @@
+{
+    "sshPublicKey":         { "value": "GEN-SSH-PUB-KEY" },
+    "redisDeploySwitch":    { "value": false },
+    "dbServerType":         { "value": "mysql" },
+    "fileServerType":       { "value": "nfs" },
+    "autoscaleVmSku":       { "value": "Standard_DS1_v2" },
+    "fileServerDiskCount":  { "value": 2 }
+}