Run spot worker on .NET 7 and enable optional LB

Author: joelverhagen

.pipelines/Retail.PullRequest.yml

@@ -93,11 +93,31 @@ jobs:
           pwsh: true
         retryCountOnTaskFailure: 1
 
-      - script: dotnet publish $(Build.SourcesDirectory)/src/Website/Website.csproj --configuration $(BuildConfiguration) --runtime ${{ rid }} --self-contained false
-        displayName: "Publish Website to ZIP"
+      - script: dotnet build $(Build.SourcesDirectory)/src/Website/Website.csproj --configuration $(BuildConfiguration) --runtime ${{ rid }} --self-contained false
+        displayName: "Build Website for ${{ rid }}"
 
-      - script: dotnet publish $(Build.SourcesDirectory)/src/Worker/Worker.csproj --configuration $(BuildConfiguration) --runtime ${{ rid }} --self-contained false
-        displayName: "Publish Worker to ZIP"
+      - script: dotnet publish $(Build.SourcesDirectory)/src/Website/Website.csproj --no-build --configuration $(BuildConfiguration) --runtime ${{ rid }} --self-contained false --output $(OutputDirectory)/deploy/Website
+        displayName: "Publish Website for ${{ rid }}"
+
+      - task: ArchiveFiles@2
+        displayName: "Zip Website"
+        inputs:
+          rootFolderOrFile: $(OutputDirectory)/deploy/Website
+          includeRootFolder: false
+          archiveFile: $(OutputDirectory)/deploy/Website.zip
+
+      - script: dotnet build $(Build.SourcesDirectory)/src/Worker/Worker.csproj --configuration $(BuildConfiguration) --runtime ${{ rid }} --self-contained false
+        displayName: "Build Worker for ${{ rid }}"
+
+      - script: dotnet publish $(Build.SourcesDirectory)/src/Worker/Worker.csproj --no-build --configuration $(BuildConfiguration) --runtime ${{ rid }} --self-contained false --output $(OutputDirectory)/deploy/Worker
+        displayName: "Publish Worker for ${{ rid }}"
+
+      - task: ArchiveFiles@2
+        displayName: "Zip Worker"
+        inputs:
+          rootFolderOrFile: $(OutputDirectory)/deploy/Worker
+          includeRootFolder: false
+          archiveFile: $(OutputDirectory)/deploy/Worker.zip
 
       - task: PowerShell@2
         displayName: "Publish Azure Functions host"

Directory.Build.props

@@ -5,7 +5,6 @@
     <ArtifactsSubdirectory Condition="'$(ArtifactsDirectory)' != ''">NuGet.Insights\</ArtifactsSubdirectory>
     <ArtifactsSubdirectory Condition="'$(ArtifactsDirectory)' == ''"></ArtifactsSubdirectory>
     <ArtifactsDirectory Condition="'$(ArtifactsDirectory)' == ''">$(MSBuildThisFileDirectory)artifacts</ArtifactsDirectory>
-    <DeploymentDir Condition="'$(DeploymentDir)' == ''">$(ArtifactsDirectory)\deploy</DeploymentDir>
     <_ProjectArtifactsDirectory>$(ArtifactsDirectory)\$(ArtifactsSubdirectory)$(MSBuildProjectName)\</_ProjectArtifactsDirectory>
     <BaseIntermediateOutputPath>$(_ProjectArtifactsDirectory)obj\</BaseIntermediateOutputPath>
     <IntermediateOutputPath>$(BaseIntermediateOutputPath)$(Configuration)\</IntermediateOutputPath>

Directory.Build.targets

@@ -76,7 +76,7 @@ resource workerPlanAutoScale 'Microsoft.Insights/autoscalesettings@2015-04-01' =
               direction: 'Increase'
               type: 'ChangeCount'
               cooldown: 'PT1M'
-              value: '5'
+              value: string(min(maxInstances - minInstances, 5))
             }
           }
           {
@@ -95,7 +95,7 @@ resource workerPlanAutoScale 'Microsoft.Insights/autoscalesettings@2015-04-01' =
               direction: 'Decrease'
               type: 'ChangeCount'
               cooldown: 'PT2M'
-              value: '10'
+              value: string(min(maxInstances - minInstances, 10))
             }
           }
         ]

deploy/bicep/function-worker.bicep

@@ -227,6 +227,7 @@ module spotWorkers './spot-workers.bicep' = if (useSpotWorkers) {
   params: {
     location: location
     storageAccountName: storageAccountName
+    keyVaultName: keyVaultName
     userManagedIdentityName: userManagedIdentityName
     uploadScriptUrl: spotWorkerUploadScriptUrl
     deploymentUrls: spotWorkerDeploymentUrls

deploy/bicep/main.bicep

@@ -6,17 +6,95 @@ param customScriptExtensionFiles array
 
 param location string
 param vmssSku string
+@minValue(0)
+param minInstances int
 @minValue(1)
 param maxInstances int
 param nsgName string
 param vnetName string
 param vmssName string
 param nicName string
 param ipConfigName string
+param loadBalancerName string
 param autoscaleName string
 param adminUsername string
 @secure()
 param adminPassword string
+param addLoadBalancer bool
+
+resource ipConfig 'Microsoft.Network/publicIPAddresses@2022-05-01' = if (addLoadBalancer) {
+  name: ipConfigName
+  location: location
+  sku: {
+    name: 'Standard'
+  }
+  properties: {
+    publicIPAllocationMethod: 'Static'
+    publicIPAddressVersion: 'IPv4'
+  }
+}
+
+var frontendIPConfigurationName = '${loadBalancerName}-fipc'
+var backendAddressPoolName = '${loadBalancerName}-bap'
+
+resource loadBalancer 'Microsoft.Network/loadBalancers@2023-05-01' = if (addLoadBalancer) {
+  name: loadBalancerName
+  location: location
+  sku: {
+    name: 'Standard'
+  }
+  properties: {
+    frontendIPConfigurations: [
+      {
+        name: frontendIPConfigurationName
+        properties: {
+          publicIPAddress: {
+            id: ipConfig.id
+          }
+        }
+      }
+    ]
+    backendAddressPools: [
+      {
+        name: backendAddressPoolName
+        properties: {}
+      }
+    ]
+    inboundNatRules: [
+      {
+        name: '${loadBalancerName}-rdp-inr'
+        properties: {
+          frontendIPConfiguration: {
+            id: resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', loadBalancerName, frontendIPConfigurationName)
+          }
+          backendAddressPool: {
+            id: resourceId('Microsoft.Network/loadBalancers/backendAddressPools', loadBalancerName, backendAddressPoolName)
+          }
+          protocol: 'Tcp'
+          backendPort: 3389
+          frontendPortRangeStart: 50000
+          frontendPortRangeEnd: 60000
+        }
+      }
+    ]
+    outboundRules: [
+      {
+        name: '${loadBalancerName}-or'
+        properties: {
+          frontendIPConfigurations: [
+            {
+              id: resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', loadBalancerName, frontendIPConfigurationName)
+            }
+          ]
+          backendAddressPool: {
+            id: resourceId('Microsoft.Network/loadBalancers/backendAddressPools', loadBalancerName, backendAddressPoolName)
+          }
+          protocol: 'All'
+        }
+      }
+    ]
+  }
+}
 
 resource nsg 'Microsoft.Network/networkSecurityGroups@2021-03-01' = {
   name: nsgName
@@ -26,7 +104,7 @@ resource nsg 'Microsoft.Network/networkSecurityGroups@2021-03-01' = {
       {
         name: 'AllowCorpNetPublicRdp'
         properties: {
-          priority: 100
+          priority: 2000
           protocol: 'Tcp'
           access: 'Allow'
           direction: 'Inbound'
@@ -39,7 +117,7 @@ resource nsg 'Microsoft.Network/networkSecurityGroups@2021-03-01' = {
       {
         name: 'AllowCorpNetSawRdp'
         properties: {
-          priority: 101
+          priority: 2001
           protocol: 'Tcp'
           access: 'Allow'
           direction: 'Inbound'
@@ -128,11 +206,11 @@ resource vmss 'Microsoft.Compute/virtualMachineScaleSets@2021-11-01' = {
                     subnet: {
                       id: vnet.properties.subnets[0].id
                     }
-                    /* Enable a public IP address so you can RDP into an instance for debugging purposes.
-                    publicIPAddressConfiguration: {
-                      name: ipConfigName
-                    }
-                    */
+                    loadBalancerBackendAddressPools: addLoadBalancer ? [
+                      {
+                        id: loadBalancer.properties.backendAddressPools[0].id
+                      }
+                    ] : []
                   }
                 }
               ]
@@ -222,7 +300,7 @@ var eventCounterRules = [for event in eventCounters: {
     direction: 'Increase'
     type: 'ExactCount'
     cooldown: 'PT1M'
-    value: '5'
+    value: string(min(maxInstances, 5))
   }
 }]
 
@@ -237,8 +315,8 @@ resource autoscale 'Microsoft.Insights/autoscalesettings@2015-04-01' = {
       {
         name: 'default'
         capacity: {
-          default: '0'
-          minimum: '0'
+          default: string(minInstances)
+          minimum: string(minInstances)
           maximum: string(maxInstances)
         }
         rules: concat(eventCounterRules, [
@@ -258,7 +336,7 @@ resource autoscale 'Microsoft.Insights/autoscalesettings@2015-04-01' = {
                 direction: 'Increase'
                 type: 'ChangeCount'
                 cooldown: 'PT1M'
-                value: '5'
+                value: string(min(maxInstances - minInstances, 5))
               }
             }
             {
@@ -277,7 +355,7 @@ resource autoscale 'Microsoft.Insights/autoscalesettings@2015-04-01' = {
                 direction: 'Decrease'
                 type: 'ChangeCount'
                 cooldown: 'PT2M'
-                value: '10'
+                value: string(min(maxInstances - minInstances, 10))
               }
             }
           ])

deploy/bicep/spot-worker.bicep

@@ -1,5 +1,6 @@
 param location string
 param storageAccountName string
+param keyVaultName string
 param userManagedIdentityName string
 @secure()
 param uploadScriptUrl string
@@ -12,7 +13,7 @@ param appInsightsName string
 param adminUsername string
 @secure()
 param adminPassword string
-param specs array // An array of objects with these properties: "namePrefix", "location", "sku", "maxInstances"
+param specs array // An array of objects with these properties: "namePrefix", "location", "sku", "minInstances", "maxInstances"
 
 resource userManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' existing = {
   name: userManagedIdentityName
@@ -22,6 +23,18 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' existing
   name: storageAccountName
 }
 
+resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
+  name: keyVaultName
+
+  resource adminPasswordSecret 'secrets' = {
+    name: 'admin-password'
+    properties: {
+      contentType: 'text/plain'
+      value: adminPassword
+    }
+  }
+}
+
 resource leaseContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2019-06-01' = {
   name: '${storageAccountName}/default/${spotWorkerDeploymentContainerName}'
   dependsOn: [
@@ -71,11 +84,14 @@ module workers './spot-worker.bicep' = [for (spec, index) in specs: {
     nsgName: '${spec.namePrefix}nsg'
     vnetName: '${spec.namePrefix}vnet'
     vmssName: '${spec.namePrefix}vmss'
+    minInstances: spec.minInstances
     maxInstances: spec.maxInstances
     nicName: '${spec.namePrefix}nic'
     ipConfigName: '${spec.namePrefix}ip'
+    loadBalancerName: '${spec.namePrefix}lb'
     autoscaleName: '${spec.namePrefix}autoscale'
     adminUsername: adminUsername
     adminPassword: adminPassword
+    addLoadBalancer: spec.addLoadBalancer
   }
 }]

deploy/bicep/spot-workers.bicep

@@ -249,12 +249,12 @@ process {
     # Copy the runtime assets
     Copy-Item $WebsiteZipPath -Destination (Join-Path $ev2 $websiteBinPath) -Verbose
     Copy-Item $WorkerZipPath -Destination (Join-Path $ev2 $workerBinPath) -Verbose
-    if ($anyUseSpotWorkers) {
-        if (!$AzureFunctionsHostZipPath) {
-            throw "No AzureFunctionsHostZipPath parameter was provided but at least one of the configurations has UseSpotWorkers set to true."
-        }
+    if ($AzureFunctionsHostZipPath) {
         Copy-Item $AzureFunctionsHostZipPath -Destination (Join-Path $ev2 $azureFunctionsHostBinPath) -Verbose
     }
+    elseif ($anyUseSpotWorkers) {
+        throw "No AzureFunctionsHostZipPath parameter was provided but at least one of the configurations has UseSpotWorkers set to true."
+    }
     Copy-Item $installWorkerStandaloneSourcePath -Destination (Join-Path $ev2 $installWorkerStandalonePath) -Verbose
     Write-Host "Wrote Ev2 files to: $ev2"
 

deploy/build-ev2.ps1

@@ -14,8 +14,7 @@ $RuntimeIdentifier = Get-DefaultRuntimeIdentifier $RuntimeIdentifier
 $hostVersion = "4.27.1"
 
 $artifactsDir = [System.IO.Path]::GetFullPath((Join-Path $PSScriptRoot "../artifacts/azure-functions"))
-$hostSrcUrl = "https://github.com/Azure/azure-functions-host/archive/v$hostVersion.zip"
-$hostSrcZip = Join-Path $artifactsDir "azure-functions-host-$hostVersion.zip"
+$hostRepo = "https://github.com/Azure/azure-functions-host.git"
 $hostSrcDir = Join-Path $artifactsDir "azure-functions-host-$hostVersion"
 $hostBinDir = Join-Path $artifactsDir "host"
 $hostBinZip = if ($OutputPath) { $OutputPath } else { Join-Path $artifactsDir "AzureFunctionsHost.zip" }
@@ -37,18 +36,8 @@ function Remove-DirSafe ($dir) {
 Remove-DirSafe $artifactsDir
 New-Item $artifactsDir -ItemType Directory | Out-Null
 
-# Download the Azure Functions host source code from GitHub
-Write-Host "Downloading Azure Functions host source code"
-$beforeSecurityProtocol = [Net.ServicePointManager]::SecurityProtocol;
-[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
-$beforeProgressPreference = $ProgressPreference
-$ProgressPreference = "SilentlyContinue"
-Invoke-WebRequest $hostSrcUrl -OutFile $hostSrcZip
-[Net.ServicePointManager]::SecurityProtocol = $beforeSecurityProtocol
-$ProgressPreference = $beforeProgressPreference
-
-# Unzip the source code
-Expand-Archive $hostSrcZip -DestinationPath $artifactsDir
+Write-Host "Cloning Azure Functions host source code"
+git clone --depth 1 --branch "v$hostVersion" $hostRepo $hostSrcDir
 
 # Build and publish the host
 $hostProjectPath = Join-Path $hostSrcDir "src/WebJobs.Script.WebHost/WebJobs.Script.WebHost.csproj"
@@ -83,8 +72,14 @@ dotnet restore $hostProjectPath --verbosity Normal
 # See: https://github.com/Azure/azure-functions-host/pull/9564
 dotnet publish $hostProjectPath -c Release --output $hostBinDir --runtime $RuntimeIdentifier --self-contained false /p:NoWarn=SA1518
 
+if ($LASTEXITCODE -ne 0) {
+  throw "Failed to publish the Azure Functions Host."
+}
+
 # Delete all out-of-process (non-.NET) workers to make the package smaller.
-Remove-DirSafe (Join-Path $hostBinDir "workers/*")
+$workersDir = Join-Path $hostBinDir "workers"
+Remove-DirSafe $workersDir
+New-Item $workersDir -ItemType Directory | Out-Null
 
 # Zip the host and app for a stand-alone Azure Functions deployment.
 Write-Host "Zipping host to `"$hostBinZip`""