/
Quick LHO Deployment Guide (Azure)

Quick LHO Deployment Guide (Azure)

 

This guide walks you through the process of installing the Lakehouse Optimizer (LHO) on Azure via a deployment script that creates the Azure resources automatically.

It serves as a quick setup guide to enable cost and telemetry monitoring on an Azure Subscription and a Databricks Workspace

Page Contents:

Azure Deployer User Requirements

The Deployer Azure User that will run the LHO installation script must have the sufficient rights already granted in order for the installation process to complete successfully.

Refer to the following guide to review required permissions: Azure LHO Deployment Readiness Checklist | 5. Understand the Required Permissions for Installation & Configuration

Installation Guide

Step 1. In the Azure portal create a resource group for your deployment

It is important to either create a new resource group or choose an empty one when setting up Lakehouse Optimizer. If the deployment scripts encounter a failure, it will clean up resources in the provided resource group.

resource group creation

If you don’t have sufficient rights to create a resource group, you will need to have contributor role assigned for this resource group to be able to run the installation script.

 

Step 2. Open up a PowerShell in the Azure portal.

PowerShell init

Use PowerShell prompt for next steps.

If you are starting PowerShell for the first time, you need to add storage permissions for your account.

Storage Account contributor on the Azure Subscription will grant you sufficient rights to start PowerShell.

attach storage for PowerShell

 

Step 3. Run the below code snippet to download the deployment archive, unzip it, and change directory into the newly expanded archive:

wget https://bplmdemoappstg.blob.core.windows.net/deployment/vm-azure/lho-az.zip unzip lho-az.zip -d lho cd lho



Step 4. Prepare deployment information by gathering some information and creating the parameter object

$params = @{'SubscriptionID'="azure_subscription_id" 'Resourcegroup' = "resource_group_name" 'AdminEmail' = "admin_email" 'BaseApplicationName' = 'descriptive_name' 'ACRUsername' = 'container_registry_username' 'DNSPrefix' = "friendly_name_for_app_url"}

  • subscription id

    • you can find this ID in Azure Portal in the view with the resource group you created

  • resource group name

    • you can find this ID in Azure Portal in the view with the resource group you created

  • base application name

    • used by Azure App Registration service to name

    • represents the name of the App Registration of LHO

    • it can be any name that you will use for LHO deployment

    • note that this will be used to name the Azure KeyVault and Storage Accounts. The KV name must be globally unique (across the entire Azure space) so we recommend using specific names instead of generic ones. E.g: lho-<your company name here> instead of lho

    • Naming restrictions apply for storage accounts. The script will automatically remove any '-' characters

  • DNSPrefix

    • A descriptive short name that is registered with Azure’d internal DNS and will be used in the application URL. Should describe the app’s usage. eg: lho-companyshortname-dev

    • Naming restrictions apply for DNS names: valid characters a-z,0-9,'-'

  • docker container registry username and password

    • contact Blueprint for these credentials

    • input field ACRUsername

 

Step 5. Run the script

./vmdeploy.ps1 @params


This script creates all the resources required by LHO. See more here:

You will be prompted to enter the ‘ACRPassword' that corresponds to the username provided above. There will also be an SSH key generated and a password to input for that key if desired. The private key will exist on the user’s cloudshell ~/.ssh/ directory.

You are expected to see similar information as in the screenshots below during the installation process:

Some steps might take quite a few minutes to create. For example, a complete installation is expected to take around ~10 minutes.

resource creation


Step 6. Installation complete

Once the installation is complete, you will see the following output.

The URL to login to LHO will be printed in the PowerShell output.

Please copy the App URL that you will use to login to LHO.

e.g.: https://bplm-app-vm-ac23.eastus.cloudapp.azure.com

installation complete

 

Step 7. Limit access to LHO VM using firewall rules

It is highly recommended to secure the VMs web access on port 443 to a limited list of IPs using the Azure VMs Firewall. Public access to the web interface should be avoided.

 

Step 8. SSH login (optional)

Once the script is done you can use the ssh key you generated to access the VM in the PowerShell session.

You can ssh to the VM with the following command:

ssh -i <BLPLM-APP-KEY> -l azureadm <BPLM-APP-VM>

For example:

ssh -i ~/.ssh/bplm-app-vm-key -l azureadm bplm-app-vm-hf

 

 

Troubleshooting Errors

Get-AzADApplication fail

The following error message is caused by Insufficient Permissions on the user that is running the installation script.

Failed [ManagedIdentityCredential authentication failed: Service request failed. Status: 400 (Bad Request)

How to check if you have sufficient permissions?

Get-AzADApplication

Run this command to check that you have enough permissions to list applications with Active Directory.

The above command might fail also because of integration issues between Azure services. Even with correct permissions, the above command might fail with a 400 error.

Getting inner details

With the infrastructure deployment failures, the displayed error message in cloudshell is not always helpful. You can get the inner details by finding the tracking id GUID in the error message and running the below cmdlet:

Get-AzLog -CorrelationId “<tracking id guid>“

What’s next?

Once LHO is up and running, you can begin the configuration by following the steps in Initial Setup and Configuration (Azure)