search

microsoft / mwt-ds

Umbrella repository for projects related to the MWT Decision Service
187 stars 77 forks source link

Deployment fails on azure.de germanycentral #92

Open Rainer-Kempkes opened 7 years ago

Rainer-Kempkes commented 7 years ago

Because of data privacy and legal issues we have to deploy to azure.de in Germany. Therefore I copied the content of the azuredeploy.json into a template deployment container and deployed it. I had to kick out the application_insights ressource and its dependencies because it is not available in germany. That was no prob. But then I ran into an error at the SAS_URI_Generator with Status "BAD_REQUEST": { "error": { "code": "InvalidContentLink", "message": "Unable to download deployment content from 'https://mc-n7okzt7dyzw66cb3dzxesxh2no.azurewebsites.net/Deployment/GenerateSASToken?parameters=key=nF8GESkTgKgwm4T9bLX6J7c1HLNX94jLfuD1MCxfAqTP2scde60hW2Ibq0ZnZ+JHbpBCE36hx/ol5qCfyjHKXQ==;trainer_size=Standard_D1_v2'. The tracking Id is '18ffadeb-bd71-4625-83d0-fbe82abc126b'. Please see https://aka.ms/arm-deploy for usage details." } }

Do you know what might have gone wrong? regards, Rainer

Rainer-Kempkes commented 7 years ago

the related ressource in the azuredeploy.json would be: { "apiVersion": "2015-01-01", "name": "SAS_Uri_Generator", "type": "Microsoft.Resources/deployments", "dependsOn": [ "Microsoft.Resources/deployments/Management_Center" ], "properties": { "mode": "incremental", "templateLink": { "uri": "[concat(reference('Microsoft.Resources/deployments/Management_Center').outputs.url.value, '/Deployment/GenerateSASToken?parameters=key=', reference('Microsoft.Resources/deployments/Storage').outputs.userStorageAccountKey.value, ';trainer_size=', parameters('online Trainer VM Size'))]" } } },

Rainer-Kempkes commented 7 years ago

I think I found the bug. In the file "WebEmptyTemplate.json" in the outputs-section you create a URL ending with ".net":

"value": "[concat('https://', variables('siteName'), '.azurewebsites.net')]"

whereas in German Azure the correct suffix would be ".de".

I will try to avoid this by editing the main JSON template and put the text of the WebEmptyTemplate into the main template. Hope this helps...

regards, Rainer

eisber commented 7 years ago

Maybe I’m missing something here, but shouldn’t you be able to simply select azure.de as region?

eisber commented 7 years ago

I grepped through the codebase to look for more azurewebsites.net references. There are a few other places but only related to testing and email notification when finished.

Can you make the domain suffix a parameter of the main deploy.json and set the default to azurewebsites.net?

Markus

Rainer-Kempkes commented 7 years ago

Hi Markus,

I am still struggling with the deployment on azure.de, but I will change the main deploy.json and make a pull request after I've found the solution.

But prior to that I have some questions about customizing my existing deployment on azure.com. For a proof of concept I need to do some changes in the configuration. 1) Where and how can I customize a) the context features? Or is the only way to change the posted JSON? Is there a consistency check if a context feature changes? b) the action features? MWT has to know the amount of actions to chose randomly and to learn from... c) actions? define action features?

  1. model extraction: I extracted the current model vom blob storage, but it contained many hex values and I couldn't read it. Which format is it?

  2. Moving to a productive environment: which actions would you advise to harden the system? The trainer f.e. is running on http, are there any intrusion detection tools running etc.?

Cheers, Rainer

eisber commented 7 years ago

Hi,

1a) Yes you can customize the JSON features. See some documentation here: https://github.com/JohnLangford/vowpal_wabbit/wiki/JSON - no consistency check. We’re using Vowpal Wabbit as the ML library which is schemaless. 1b) We support variable number of actions with each request. I’d say that’s the primary usecase c) _multi and then features within that. See above link at the very end. 2) It’s VW. You need to use vw -i model.file –readable_model model.txt (make sure to use proper dashes, not the one in the email). Since VW hashes everything you’d have to feed data and use –invert_hash to get the mappings). 3) The trainer is feeding of EventHub for data, the HTTP interface is only for management. The HTTP you see runs on a different set of servers. You can also integrate using the C# client library, which from a security perspective probably helps you a bit.

I’d suggest to have a quick Skype meeting to give you a bit more guidance. Contact me on marcozo@microsoft.commailto:marcozo@microsoft.com and we can coordinate on time.

Mit freundlichen Grüssen, Markus