From 8d642be2049b8624c63a1b6caa060a53e6a0e066 Mon Sep 17 00:00:00 2001 From: Malte Poll Date: Thu, 18 Aug 2022 16:44:44 +0200 Subject: [PATCH] Azure: switch default region to west us and replicate images to multiple regions --- .github/actions/constellation_create/action.yml | 2 +- hack/azure-jump-host/parameters.json | 2 +- hack/importAzure.sh | 4 ++-- image/Makefile | 3 ++- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml index bba583898..e5daf2a31 100644 --- a/.github/actions/constellation_create/action.yml +++ b/.github/actions/constellation_create/action.yml @@ -49,7 +49,7 @@ runs: yq eval -i \ "(.provider | select(. | has(\"azure\")).azure.subscription) = \"0d202bbb-4fa7-4af8-8125-58c269a05435\" | (.provider | select(. | has(\"azure\")).azure.tenant) = \"adb650a8-5da3-4b15-b4b0-3daf65ff7626\" | - (.provider | select(. | has(\"azure\")).azure.location) = \"North Europe\" | + (.provider | select(. | has(\"azure\")).azure.location) = \"West US\" | (.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.ManagedIdentity/userAssignedIdentities/constellation-dev-identity\" | (.provider | select(. | has(\"azure\")).azure.enforcedMeasurements) = [11,12]" \ constellation-conf.yaml diff --git a/hack/azure-jump-host/parameters.json b/hack/azure-jump-host/parameters.json index a4f156081..60ff13b23 100644 --- a/hack/azure-jump-host/parameters.json +++ b/hack/azure-jump-host/parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "location": { - "value": "northeurope" + "value": "westus" }, "networkInterfaceName": { "value": "jump-host814" diff --git a/hack/importAzure.sh b/hack/importAzure.sh index 7b024a882..6fb9a4235 100755 --- a/hack/importAzure.sh +++ b/hack/importAzure.sh @@ -10,7 +10,7 @@ # * AZURE_IMAGE_VERSION: (required) version number used for uploaded image. .. # Optional values. # * AZURE_IMAGE_FILE: (optional, default: ./abcd) Path to image file to be uploaded. -# * AZURE_REGION: (optional, default: northeurope) Region used in Azure. +# * AZURE_REGION: (optional, default: westus) Region used in Azure. # * AZURE_GALLERY_NAME: (optional, default: constellation_import) Name for Azure shared image gallery. Will be created as part of this script. # * AZURE_IMAGE_NAME: (optional, default: upload-target) Temporary image used for upload, must not exist. @@ -37,7 +37,7 @@ then fi AZURE_IMAGE_FILE="${AZURE_IMAGE_FILE:-$(pwd)/abcd}" -AZURE_REGION="${AZURE_REGION:-northeurope}" +AZURE_REGION="${AZURE_REGION:-westus}" AZURE_GALLERY_NAME="${AZURE_GALLERY_NAME:-constellation_import}" AZURE_PUBLISHER="${AZURE_PUBLISHER:-edgelesssys}" AZURE_IMAGE_NAME="${AZURE_IMAGE_NAME:-upload-target}" diff --git a/image/Makefile b/image/Makefile index 57412fec8..ca3e3b842 100644 --- a/image/Makefile +++ b/image/Makefile @@ -40,6 +40,7 @@ AZURE_IMAGE_FILENAME ?= $(AZURE_IMAGE_NAME)_azure.vhd AZURE_IMAGE_PATH ?= $(IMAGES_PATH)/$(AZURE_IMAGE_FILENAME) AZURE_RESOURCE_GROUP_NAME ?= CONSTELLATION-IMAGES AZURE_REGION ?= northeurope +AZURE_REPLICATION_REGIONS ?= northeurope eastus westeurope westus AZURE_GALLERY_NAME ?= Constellation AZURE_IMAGE_DEFINITION ?= $(AZURE_IMAGE_NAME) AZURE_IMAGE_OFFER ?= $(AZURE_IMAGE_DEFINITION) @@ -151,7 +152,7 @@ upload-azure: $(AZURE_IMAGE_PATH) -az sig create -l $(AZURE_REGION) --gallery-name $(AZURE_GALLERY_NAME) --resource-group $(AZURE_RESOURCE_GROUP_NAME) @echo "Create image definition (if it does not exist yet)" -az sig image-definition create --resource-group $(AZURE_RESOURCE_GROUP_NAME) -l $(AZURE_REGION) --gallery-name $(AZURE_GALLERY_NAME) --gallery-image-definition $(AZURE_IMAGE_DEFINITION) --publisher $(AZURE_PUBLISHER) --offer $(AZURE_IMAGE_OFFER) --sku $(AZURE_SKU) --os-type Linux --os-state generalized --hyper-v-generation V2 --features SecurityType=ConfidentialVmSupported - az sig image-version create --resource-group $(AZURE_RESOURCE_GROUP_NAME) -l $(AZURE_REGION) --gallery-name $(AZURE_GALLERY_NAME) --gallery-image-definition $(AZURE_IMAGE_DEFINITION) --gallery-image-version $(AZURE_IMAGE_VERSION) --target-regions $(AZURE_REGION) --replica-count 1 --tags bootstrapper-sha512=$$(sha512sum $(BOOTSTRAPPER_OVERRIDE_PATH) | cut -d " " -f 1) --managed-image "$$(az image list --query "[?name == '$(AZURE_IMAGE_NAME)' && resourceGroup == '$(AZURE_RESOURCE_GROUP_NAME)'] | [0].id" --output json | jq -r)" + az sig image-version create --resource-group $(AZURE_RESOURCE_GROUP_NAME) -l $(AZURE_REGION) --gallery-name $(AZURE_GALLERY_NAME) --gallery-image-definition $(AZURE_IMAGE_DEFINITION) --gallery-image-version $(AZURE_IMAGE_VERSION) --target-regions $(AZURE_REPLICATION_REGIONS) --replica-count 1 --tags bootstrapper-sha512=$$(sha512sum $(BOOTSTRAPPER_OVERRIDE_PATH) | cut -d " " -f 1) --managed-image "$$(az image list --query "[?name == '$(AZURE_IMAGE_NAME)' && resourceGroup == '$(AZURE_RESOURCE_GROUP_NAME)'] | [0].id" --output json | jq -r)" @echo "Cleaning up resources" az image delete --resource-group $(AZURE_RESOURCE_GROUP_NAME) -n $(AZURE_IMAGE_NAME) az disk delete --resource-group $(AZURE_RESOURCE_GROUP_NAME) -n $(AZURE_IMAGE_NAME) --yes