RDC and WUSM Infrastructure Repositories
This document contains notes on the repositories that are used to manage the RDC and WUSM infrastructure.
Repositories
i2rdc-packer
Description: Packer templates for building RDC images. Images are stored in the Azure compute gallery i2rdc3devimagegallery.
Currently builds 2 images:
- AlmaLinux8CISL2
- Used as the base image for RDC VMs
- AlmaLinux8DevOpsAgent
- Built on top of AlmaLinux8CISL2, used as the image for the Azure DevOps agent VMs, i2rdc3-dev-devopsagent.
Deployment:
- Each image folder (
baseanddevops-agent) has a YAML file defining it's Azure DevOps pipeline. The pipelines are set to trigger manually, with the only option passed in isSemVer Major number, which corresponds to the version of vanilla Alma Linux that it is sourced from. It then puts together the full semantic version usingSemVer Major number, the yyyymmdd as the minor version, and the hhmmss as the patch version. This was done whenSemVer Major numberhad a different meaning, and now isn't really necessary to be a passed in value. A TODO would be to hardcode this in and change it at the same time the vars in the pkrvars file are updated.
Provisioned VMs that use these images:
| NAME | PRIVATE IP ADDRESS | PUBLIC IP ADDRESS | STATUS | SIZE | OPERATING SYSTEM | RESOURCE GROUP | SUBSCRIPTION | OFFER | PLAN |
|---|---|---|---|---|---|---|---|---|---|
| i2rdc1-dev-postgres01 | 10.25.44.147 | - | Stopped | Standard_D8as_v5 | Linux | i2rdc1-dev-rg-main | I2 - RDC 2.0 Azure POC - Dev | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-dev-dns | 10.25.44.189 | - | Running | Standard_B2ats_v2 | Linux | i2rdc3-dev-rg-main | I2 - RDC 2.0 Azure POC - Dev | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-dev-jumpbox | 10.25.44.146 | - | Stopped | Standard_D2ads_v5 | Linux | i2rdc3-dev-rg-main | I2 - RDC 2.0 Azure POC - Dev | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-dev-nifi01 | 10.25.44.132 | - | Running | Standard_D4as_v5 | Linux | i2rdc3-dev-rg-main | I2 - RDC 2.0 Azure POC - Dev | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-dev-nifi02 | 10.25.44.133 | - | Running | Standard_B4as_v2 | Linux | I2RDC3-DEV-RG-MAIN | I2 - RDC 2.0 Azure POC - Dev | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-dev-nifi03 | 10.25.44.134 | - | Running | Standard_D4as_v5 | Linux | i2rdc3-dev-rg-main | I2 - RDC 2.0 Azure POC - Dev | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-dev-postgres01 | 10.25.44.135 | - | Running | Standard_E20as_v5 | Linux | I2RDC3-DEV-RG-MAIN | I2 - RDC 2.0 Azure POC - Dev | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-prod-dns | 10.25.46.189 | - | Running | Standard_B1s | Linux | i2rdc3-prod-rg-main | I2 - RDC 2.0 Azure POC - Prod | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-prod-nifi01 | 10.25.46.136 | - | Running | Standard_D4as_v With5 | Linux | i2rdc3-prod-rg-main | I2 - RDC 2.0 Azure POC - Prod | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-prod-nifi02 | 10.25.46.135 | - | Running | Standard_D4as_v5 | Linux | i2rdc3-prod-rg-main | I2 - RDC 2.0 Azure POC - Prod | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-prod-nifi03 | 10.25.46.133 | - | Running | Standard_B4as_v2 | Linux | I2RDC3-PROD-RG-MAIN | I2 - RDC 2.0 Azure POC - Prod | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-prod-postgres01 | 10.25.46.132 | - | Running | Standard_E20as_v5 | Linux | I2RDC3-PROD-RG-MAIN | I2 - RDC 2.0 Azure POC - Prod | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-qa-dns | 10.25.45.189 | - | Running | Standard_B2ats_v2 | Linux | i2rdc3-qa-rg-main | I2 - RDC 2.0 Azure POC - QA | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-qa-nifi01 | 10.25.45.134 | - | Running | Standard_D4as_v5 | Linux | i2rdc3-qa-rg-main | I2 - RDC 2.0 Azure POC - QA | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-qa-nifi02 | 10.25.45.135 | - | Running | Standard_D4as_v5 | Linux | i2rdc3-qa-rg-main | I2 - RDC 2.0 Azure POC - QA | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-qa-nifi03 | 10.25.45.133 | - | Running | Standard_D4s_v5 | Linux | i2rdc3-qa-rg-main | I2 - RDC 2.0 Azure POC - QA | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-qa-postgres01 | 10.25.45.132 | - | Running | Standard_E20as_v5 | Linux | i2rdc3-qa-rg-main | I2 - RDC 2.0 Azure POC - QA | almalinux | 8_5-gen2-cis-l2 |
| i2rdc3-throwme-away01 | 10.25.44.197 | 20.118.250.32 | Stopped (deallocated) | Standard_D16ads_v5 | Linux | i2rdc3-dev-rg-images | I2 - RDC 2.0 Azure POC - Dev | almalinux | 8_5-gen2-cis-l2 |
| wusm-prod-gic01 | 10.25.47.138 | - | Running | Standard_E4as_v5 | Linux | wusm-prod-rg-gic | I2 - RDC 2.0 Azure POC - Prod | almalinux | 8_5-gen2-cis-l2 |
| wusm-prod-gic02 | 10.25.47.136 | - | Running | Standard_E4as_v5 | Linux | WUSM-PROD-RG-GIC | I2 - RDC 2.0 Azure POC - Prod | almalinux | 8_5-gen2-cis-l2 |
i2rdc-terraform
Description: Terraform project to manage RDC infrastructure. Refer to the repository README for usage details. Terraform creates and manages everything in the following resource groups:
- i2rdc3-dev-rg-backup
- i2rdc3-dev-rg-images
- i2rdc3-dev-rg-k8s
- i2rdc3-dev-rg-main
- i2rdc3-prod-rg-backup
- i2rdc3-prod-rg-k8s
- i2rdc3-prod-rg-main
- i2rdc3-qa-rg-backup
- i2rdc3-qa-rg-k8s
- i2rdc3-qa-rg-main
Of main concern in these resource groups are:
- Nifi VMs
- AKS cluster that supports the Nifi VMs
- RDC Postgres VMs
- DNS VMs
- Azure compute gallery for the previously mentioned Packer images
- All of the Key Vaults, Networking, and Storage Accounts to support the above
Deployment:
- There is an Azure DevOps pipeline that is triggered on a push to the
mainbranch. It then runs theterraform initandterraform plancommands, waits for user approval, and then runs theterraform applycommand.
i2rdc-ansible
Description: Ansible playbooks that are used to configure the RDC VMs created by Terraform. The top level directory has 4 playbooks that define the tasks and roles for each use case:
playbook_dns.yml- Configures the DNS VMsplaybook_nifi.yml- Configures the Nifi VMsplaybook_postgres.yml- Configures the RDC Postgres VMsplaybook_patching.yml- Runs ayum updateand reboots the VM if necessary
The inventories directory has a directory for each environment (dev, prod, qa) wherein there is a group_vars directory that contains a variables file for each playbook, and an all.yml with variables that are common to all playbooks. Also in each environment directory is a hosts file that defines which hosts the playbooks will be run on.
Deployment:
- There is an Azure DevOps pipeline that can be manually triggered. It is configured to allow the user to select which playbook to run. It has never been used, as all deployments were initially done manually.
i2rdc-kubernetes
Description: Contains the kubernetes manifest files for the RDC AKS cluster. It defines the configuration for the following services across dev, qa, and prod:
- Zookeeper - Used to manage coordination between Nifi VM nodes
- Nifi - Does not contain any deployments, only used to create self-signed certificates for the Nifi nodes to use
- Nifi Registry - Deployed in Production only, used to support Nifi
- Selenium - Deployed in Dev only, used in Databricks for some processing that requires a browser
- Philter - Deployed in Dev only
- Proxy - Deployed in Dev only, creates a HTTP and SOCKS5 proxy to allow access to on-prem network
- ExternalDNS - Used to allow the above services to register their DNS records in Azure DNS
Deployment:
- All manifests are deployed manually, using
kubectl. Each service has aREADME.mdthat describes how to configure and deploy it.
wusm-terraform
Description: Terraform project to manage WUSM infrastructure. Refer to the repository README for usage details. Terraform creates and manages everything in the following resource groups:
- wusm-dev-rg-adb
- wusm-dev-rg-main
- wusm-prod-rg-adb
- wusm-prod-rg-gic
- wusm-prod-rg-main
Of main concern in these resource groups are:
- Databricks
- Databasin (Only the networking, not the actual install)
- GIC
- All of the Key Vaults, Networking, and Storage Accounts to support the above
Deployment:
- There is an Azure DevOps pipeline yaml that is configured in same way as the i2rdc-terraform pipeline, however it has not been setup in Azure DevOps, and all deployments have been done manually.