Installing workspace service and user resource
Publish and register a workspace service template
We will use the Guacamole workspace service bundle for the purposes of this tutorial. These steps can be repeated for any workspace service template.
-
Run:
make bundle-publish DIR=./templates/workspace_services/guacamole BUNDLE_TYPE=workspace_service make bundle-register DIR=./templates/workspace_services/guacamole BUNDLE_TYPE=workspace_service
Copy the resulting JSON payload.
-
Navigate to the Swagger UI at
https://<azure_tre_fqdn>/api/docs
. -
Log into the Swagger UI by clicking
Authorize
, thenAuthorize
again. You will be redirected to the login page. -
Once logged in, click
Try it out
on thePOST
/api/workspace-service-templates
operation. -
Paste the payload json generated earlier into the
Request body
field, then clickExecute
. Review the server response. -
To verify registration of the template do
GET
operation on/api/workspace-service-templates
. The name of the template should now be listed.
Publish and register a user resource template
The Guacamole workspace service also has user resources, there are the VMs that researchers will deploy. These steps can be repeated for any user resource template.
-
Run:
make bundle-publish DIR=./templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm BUNDLE_TYPE=user_resource make bundle-register DIR=./templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm BUNDLE_TYPE=user_resource WORKSPACE_SERVICE_NAME=tre-service-guacamole
Copy the resulting JSON payload.
-
Navigate to the Swagger UI at
https://<azure_tre_fqdn>/api/docs
. -
Log into the Swagger UI by clicking Authorize, then Authorize again. You will be redirected to the login page.
-
Once logged in, click
Try it out
on thePOST
/api/workspace-service-templates/<service_template_name>/user-resource-templates
operation. -
In the
service_template_name
field, paste the name of the workspace service template that you registered earlier -tre-service-guacamole
. -
Paste the payload json generated earlier into the
Request body
field, then clickExecute
. Review the server response. -
To verify registration of the template do
GET
operation on/api/workspace-service-templates/<service_template_name>/user-resource-templates
. The name of the template should now be listed.
Creating a workspace service
Now that we have published and registered both workspace service and user resource bundles we can use the workspace API to create a workspace service in our workspace.
- Navigate to the Swagger UI at
https://<azure_tre_fqdn>/api/workspaces/<workspace_id>/docs
. Where<workspace_id>
is the workspace ID of the workspace created in the previous step.
Info
All routes are auth protected. Click the green Authorize button to receive a token for Swagger client.
- Log into the Swagger UI by clicking
Authorize
, thenAuthorize
again. You will be redirected to the login page.
Info
You need to log in with a user with assigned the WorkspaceOwner role in the app regsitration used when deploying your workspace.
-
Once logged in, click
Try it out
on thePOST
/api/workspaces/<workspace_id>/workspace-services
operation. -
Enter the workspace_id in the
workspace_id
field. -
Paste the following payload json into the
Request body
field. Then clickExecute
. Review the server response.{ "templateName": "tre-service-guacamole", "properties": { "display_name": "Virtual Desktop", "description": "Create virtual desktops for running research workloads", "is_exposed_externally": true, "guac_disable_copy": true, "guac_disable_paste": true } }
The API will return an operation
object with a Location
header to query the operation status, as well as the resourceId
and resourcePath
properties to query the resource under creation. Record this ID for later use.
You can also follow the progress in Azure portal as various resources come up.
Info
There is currently a bug where the redirect URI isn't automatically set up correctly in the Workspace API app registration.
Until this is fixed, you need to head to the app registration in the Azure portal, click on Add a redirect URI > Add a platform > Web > then paste in the Guacamole URI in the redirect URI box.
You can find this in the Guacamole app service properties and append /oauth2/callback
to the end - it should look like this: https://guacamole-{TRE_ID}-ws-XXXX-svc-XXXX.azurewebsites.net/oauth2/callback/
). Finally, make sure you check the ID tokens checkbox and click Configure.
Creating a user resource
Once the workspace service has been created, we can use the workspace API to create a user resource in our workspace.
Caution
Before deploying Guacamole user resources, you will want to make sure you have a Nexus shared service deployed in the workspace so that your VMs can access package repositories through a proxy (as they can't access public repositories directly). See Configuring shared services.
-
Navigate to the Swagger UI at
https://<azure_tre_fqdn>/api/workspaces/<workspace_id>/docs
. Where<workspace_id>
is the workspace ID of your workspace. -
Click
Try it out
on thePOST
/api/workspaces/<workspace_id>/workspace-services/<service_id>/user_resources
operation. Where<workspace_id>
and<service_id>
are the workspace ID of your workspace and workspace service ID of your workspace service. -
Enter the workspace ID and workspace service id in the
workspace_id
andservice_id
fields. -
Paste the following payload json into the
Request body
field, then clickExecute
. Review the server response.{ "templateName": "tre-service-guacamole-windowsvm", "properties": { "display_name": "My VM", "description": "Will be using this VM for my research", "os_image": "Server 2019 Data Science VM", "nexus_version": "V2" } }
Note: You can also specify "Windows 10" in "os_image" for a standard Windows 10 image.
The API will return an operation
object with a Location
header to query the operation status, as well as the resourceId
and resourcePath
properties to query the resource under creation.
You can also follow the progress in Azure portal as various resources come up. Once deployment has completed you can connect to the user resource using the connection_uri
property returned by the API.