UiPath demo image

Purpose

Build an Image using Packer and Ansible, based on the build instructions and playbooks found in this repository.

Architecture

Development environment

Provisioning the VM for dev and test

During development and testing, a VM needs to be provisioned, using the ARM template:

az group deployment create --resource-group <resource-group> --template-file .\azure-deploy-vm.template.json --name demoImage --parameters adminPassword=<password>

The output from the command contains the key output, which indicates the fully qualified domain name of the VM which was provisioned. This is used in the inventory.ini file as an input to Ansible. This can also be obtained later using:

az group deployment show --name demoImage --resource-group <resource-group>

Use these values to update the inventory file:

[default]
100.100.100.100

[default:vars]
ansible_connection=winrm
ansible_port=5986
ansible_winrm_transport=basic
ansible_user=uipath
ansible_password=*****
ansible_winrm_message_encryption=auto
ansible_winrm_server_cert_validation=ignore

Setup the VM

After the VM is provisioned, the following script to configure Ansible script needs to be run using Run as Administrator Powershell:

$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file

Local dev machine setup

On the local dev machine, at least Ansible and Packer should be installed. This can be performed using:

apt-get update && \
    apt-get install -y software-properties-common unzip python-pip wget sudo && \
    apt-add-repository -y ppa:ansible/ansible && \
    apt-get update && \
    apt-get install -y ansible && \
    pip install -U "pywinrm>=0.3.0"

PACKER_VERSION="1.5.1"
wget https://releases.hashicorp.com/packer/$PACKER_VERSION/packer_${PACKER_VERSION}_linux_amd64.zip && \
    unzip packer_${PACKER_VERSION}_linux_amd64.zip && \
    mv packer /usr/local/bin    

Ansible and Packer

Against the dev machine, the Ansible playbook can be run using:

ansible-playbook -i ansible/inventory.ini ansible/playbook.yml -vvvv

The Packer script can be invoked using:

packer build -var-file=packer/parameters.json packer/packer-build.json

Prerequisites

The VMs created using the image need to have access to the KeyVault containing the refresh token to authenticate to Orhcestrator. For this:

az identity create --name access-key-vault --resource-group presales-cloud-poc-rg
az vm identity assign --resource-group presales-cloud-poc-rg --name linux-test --identities access-key-vault
keyId=$(az keyvault show --name test-vault-presales --resource-group presales-cloud-poc-rg --output tsv --query id)
az role assignment create --role owner --assignee access-key-vault --scope $keyId

The list of items needed for development and deployment:

• Azure account

• Development machine with Packer and Ansible installed

• (Optional - when using an Azure Linux VM for development) Create a system assigned identity for the VM and assign the role of owner over the container registry:

  az vm identity assign --resource-group <resource group name> --name <linux machine> 
  spID=$(az vm show --resource-group <resource group name> --name <linux machine> --query identity.principalId --out tsv)
  resourceID=$(az acr show --resource-group <resource group name> --name <container name> --query id --output tsv)
  az role assignment create --assignee $spID --scope $resourceID --role owner
  

  This will allow az acr login --identity using the aforementioned identity

• An Azure Pipeline build triggered by the repository

• The Azure Pipeline needs to have variable group called demo-vm-deploy containing these values:

  Variable	Sample	Meaning
  containerRegistry	mydockerreg	Docker registry containing the packer-ansible image
  dockerBuildRepositoryName	build-packer-ansible	The docker image containing both packer and ansible bins
  dockerConnection	mydockerconn	Docker connection created in Azure DevOps project settings to pull the build image
  githubToken	acde1234	Personal github token used to clone demo repositories
  managedImageName	demo-vm	Name of the managed image being built
  ownerEmail	[email protected]	Owner email, used for tagging purposes
  packerBaseImage	office-365	Base image to be used by Packer
  packerBaseSKU	1903-evd-o365pp	Base SKU to be used by Packer
  packerClientId	1234-abc	Id of the service account to be used by Packer to authenticate with Azure
  packerClientSecret	1234-abc	Packer secret used during authentication
  packerVMSize	Standard_D4_v2	Size of the VM to be used by Packer
  packerUsername	packer	username used by Packer during the build phase
  prodAzureConnection	prod-connection	Azure DevOps connection name to be used to deploy to Production. Is created in the Azure DevOps -> Project Settings
  prodResourceGroupName	prod-rg	Resource Group in the Prod subscription to be used during deployment
  prodSubscriptionId	1234-abc	Azure subscription Id of the prod environment
  prodSharedImageGalleryName	dsf_sig	Shared image gallery name in the prod environment
  projectName	DSF	Used for Azure tagging
  uipathDemoGitRepo	alpaka/uipath-dsf-ai-fabric-email-classification.git	List of comma separated git repositories containing demos
  testAzureConnection	prod-connection	Azure DevOps connection name to be used to deploy to Test. It is created in the Azure DevOps -> Project Settings
  testResourceGroupName	prod-rg	Resource Group in the Test subscription to be used during deployment
  testSubscriptionId	1234-abc	Azure subscription Id of the Test environment
  testSharedImageGalleryName	dsf_sig	Shared image gallery name in the Test environment
  replicationRegions