googlecloudplatform / solutions-cloud-orchestrate Goto Github PK
View Code? Open in Web Editor NEWPlan, deploy, and manage an entire cloud-based infrastructure for creating and managing a virtual production environment.
License: Apache License 2.0
Plan, deploy, and manage an entire cloud-based infrastructure for creating and managing a virtual production environment.
License: Apache License 2.0
Add ability to specify either startup-script-url
or windows-startup-script-url
when creating a template so that it gets propagated to the instance when calling orchestrate instances create
. The user needs to be responsible for doing the initialization required for the systems deployed in the project, e.g. PCoIP registration, joining AD domain, etc.
orchestrate templates create
allow for customizing the network name via --network
. The subnetwork name is expected to match the network name. However, this may not always be the case. Especially in cases when there are corporate policies imposed in the deployment projects that may enforce certain topology and network names. Add a --subnetwork
option to customize the name as needed. Make it default to the same value as --network
if not explicitly provided.
The orchestrate broker machines assign
command fails with a cryptic 400 Bad Request
error if the --zone
option is not explicitly provided. It should automatically pick up the default zone from the active configuration if none is provided, or perhaps even get it from the the GCP API. In any event, make sure that the command can pick up the zone from the active configuration if it's not explicitly provided. And, if no zone can be provided to the backend, it should raise a descriptive error message to the user.
Template metadata is not being propagated down to instances upon creation. For example, creating a template like this:
orchestrate templates create editorial --metadata startup-script-url=gs://one/two.ps1 ...
And, creating an instance like this:
orchestrate instances create editorial
Results in an instance that doesn't have the startup script specified in the template metadata.
The credentials of a GCP service account must be registered in the Teradici CAM UI in order for CAM to be able to start and stop GCP instances automatically. This step can also be done programmatically via the CAM UI. See here https://cam.teradici.com/api/docs#operation/registerCloudServiceAccount
The CAM-level service account only allows for POST deployments/
not GET
. This prevents the code from checking whether the deployment exists before attempting to create it. Instead, need to attempt creating the account and check for 409 Conflict
errors.
The Teradici deployment scripts master branch has been updated to support network name customization in all deployment types. The variable names were renamed to: dc_subnet_name
, cac_subnet_name
, and ws_subnet_name
, whereas we were using controller_network
, connector_network
, and workstations_network
. Update orchestrate.systems.teradici.main
to match the new variable names. See this for further reference: https://github.com/teradici/cloud_deployment_scripts/blob/master/deployments/gcp/multi-region/networking.tf#L168-L194
Properly package orchestrateapi as an installable Python package similar to the orchestrate CLI one. This will enable integration tests to initialize a local server automatically to run tests against it by being able to import both orchestrate
(CLI) and orchestrateapi
(API) side-by-side.
This is required by #50
orchestrate systems deploy teradici
is currently deploying a single connector. Let's make multi-region the default deploying one connector in us-west2-b
and one in us-east4-b
behind a GLB by default.
Add serial port enable
to instance creation. see this for future reference. https://cloud.google.com/compute/docs/instances/interacting-with-serial-console
Use CAM service account credentials for orchestrate broker
commands so user doesn't have to generate an API token so often (currently expire in 2 hours)
The default AD domain currently defaults to just demo
. It used to work with windows-2016
up until a point when a policy is being enforced that requires de domain to be at least two components, e.g. a.b
. The deployment would finish apparently successfully but no computers could join the domain because it was not actually initialized. The AD domain controller would fail without percolating the error up to Terraform and stopping the deployment. Make sure the default is at least two tokens, and, perform validation for override value provided from the command line.
Add ability to specify whether to use standard or SSD drives when creating a template. It is currently hard-coded to pd-standard.
Add integration tests for common workflows:
api/bin/create_cluster.sh
and api/bin/update_cluster.sh
are currently hard-coded to zone us-central1-a
. This needs to be parameterized just like project
.
Many of the Teradici CAM API endpoints that the orchestrate broker
commands use under the hood support pagination with a default limit of 15. Add command-line parameters to support pagination and/or auto-paginate results. Currently, it only shows the first page.
By default, orchestrate systems deploy teradici
would deploy a multi-region setup. However, there are a couple others that might be of interest depending on the use case, e.g. single-connector
, and single-connector2
(experimental for deploying in an existing shared VPC with an existing subnet and without the ability to create networks or subnetworks.)
Add a deployment-type
parameter and add the multi-region connectors information if connectors
is not empty.
The CAM-level service account can be used just for POST deployments/
and POST auth/keys
and literally nothing else in the API. Any other requests raise a 403 status. The deployment-level service account can be used for all other API calls except the two that the CAM-level service account has access to. Unfortunately, to fully automate the deployment of the teradici components, we need a service account that could also call POST auth/tokens/connectors
and others. Right after the deployment, orchestrate broker
commands require a service account credentials to use other endpoints. See #34 for more context.
Ultimately, we want to minimize the manual steps in web UIs and have user generate a single service account credentials file. Have the code detect the type of service account from the credentials content and adapt. If given a CAM-level account, it should create a deployment-level account and cache the credentials automatically in ~/.config/teradici
so that the orchestrate broker
commands work seamlessly and without requiring the user creating new credentials manually.
orchestrate broker machine unassign machine1
has no effect at all even if the machine is indeed assigned.
orchestrate broker machines assign
fails with an error saying that post
endpoint does not exist.
Make sure that the cluster create and update scripts are explicitly specifying --network
and --subnetwork
, otherwise it would assume default
which may not exist in the project.
The PCoIP client is showing a power-management error when attempting to connect to a machine that has been assigned to a user.
In addition to the config files and environment variables currently supported to point the CLI to the API service, add support for storing credentials in a secret in GCP. Access can be granted to users based on permissions. See this for reference: https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets
All instances are intended to be isolated from the external network and only accessible via a connection broker.
When I start: orchestrate projects register --help
I get this error:
ImportError: cannot import name 'orchestrate_pb2_grpc' from 'orchestrate.service'
The service folder has an initi.py without any functions
Currently, all deployable systems are expected to be located in the orchestrate/systems
package. For instance, orchestrate systems deploy teradici filestore virtual-studio
. However, it would need to be able to locate additional systems from the path to allow third-parties to develop automation recipes and integrate additional systems into orchestrate. It would also be useful to allow them to use full packages name, for instance: orchestrate systems deploy vendor1.storage vendor2.cache
Trying to assign a newly created and domain-joined machine fails with a 400 Bad Request error from the CAM API. This means that the machine has never been assigned.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.