Technical Documentation

Azure Resources

Last Updated: October 16, 20244 min read

Virtual Machines

  • sceneriBackendVM : VM for backend running with the internal_dev environment. Log in to it with SSH or Azure Bastion with sceneriBackendKey.pem and user “azureuser”. Backend is running with docker-compose in the /home/azureuser/lootlocker directory and is deployed with go-backend CI with environment available in go-backend/azure/dev/.
  • sceneriFrontendVM : VM for admin frontend running with the internal_dev environment. Log in to it with SSH or Azure Bastion with sceneriFrontendKey.pem and user “azureuser”. CI in ll-frontend is just to push the images, to update the frontend, simply log in to the VM, update and restart the docker-compose file with last version.
  • sceneriBackendVMScaleSetProd : Set of VMs for backend running with the live environment. Log in to it with Azure Bastion with sceneriBackendVMScaleSetProdKey.pem and user “azureuser”. Backend is running on all VMs with docker-compose in the /home/azureuser/lootlocker directory and is deployed with go-backend CI with environment available in go-backend/azure/prod/.
  • sceneriFrontendVMProd : VM for admin frontend running with the internal_dev environment. Log in to it with SSH or Azure Bastion with sceneriFrontendVMProdKey.pem and user “azureuser”. CI in ll-frontend is just to push the images, to update the frontend, simply log in to the VM, update and restart the docker-compose file with last version.

Virtual machines are the azure components you will likely use the most. During outages, you would connect to them with ssh and debug the backend from here. Logs are accessible from the docker logs except php logs where you have to connect to the container using docker exec -it bash and check the log file with cat app/storage/logs/laravel.log.

Azure Gateways

Azure Gateways are used to unify requests made to the backend under a single URL. In our current environment, they are used for multiple reasons:

  • Have TLS termination managed by the azure gateway. The azure gateway will have an https URL and will request the VMs with http in our private network.
  • Load balance multiple VMs. This is used in live environment. The azure gateway will send requests to the backend vm scale set according to the load.
  • Request on certain ports in special cases. For example the asset endpoint on port 8282 in order to directly get asset streaming from php.
  • Use redirections for example for let’s encrypt certificates.
  • sceneriGateway : The azure gateway used for internal_dev environment connected to sceneriBackendVM.
  • sceneriGatewayProd : The azure gateway used for live environment connected to sceneriBackendVMScaleSet.

Databases

  • sceneridb : db used for internal_dev environment
  • sceneridbro : read only db replica used for internal_dev environment
  • sceneridbprod : db used for live environment
  • sceneridbprodro : read only db replica used for live environment

To connect to a db and make modifications, connect to one of the VM and use this command:

Copy to Clipboard

Credentials are available in the azure environment file used by the backend.

Caches

  • scenericache : redis cache used for internal_dev environment
  • scenericacheprod : redis cache used for live environment
To connect to a redis cache and make modifications, for example to clean it using flushall, connect to one of the VM and use this command :
Copy to Clipboard
Creds are available in the azure environment file used by the backend

Azure Blob Storages and CDN

  • scenerifilestorage : blob storage where non backend related files are stored like certificates or sceneri releases like for the windows store.
  • sceneriassetstorage : main blob storage where asset files are stored in the lootlocker and lootlockerprod containers. You can explore the files through it, however if you want to download a file you must attach to the url an SAS token that can be generated through the Shared Access Token tab of the blob storage page.
  • cdn-profile-sceneri : cdn connected to sceneriassetstorage. A rule is attached to it so that it stores assets with different etags in separate caches. It uses the cache busting technique and will cache query results differently depending if they have the query parameter &cb=%your_etag%

Docker containers

  • sceneribackend : Docker container where is stored all the versions of each backend component pushed by the CI of the different repositories (go-backend, ll-php-backend, ll-web-proxy, ll-leaderboard-service, ll-frontend).

Automation jobs

  • sceneriAutomationJobs/letsEncryptUpdate : Job updating let’s encrypting certificates of both live and dev environment every few months. Works with a powershell script that updates the certificate and re-uploads it for the application gateways.

Email service

  • sceneriEmail : This service redirects to a sendGrid client. Emails like verification or reset password are sent from here and go-backend uses sendgrid api to send mails with specific templates. Those templates are accessible through sendgrid and easily updatable. If you encounter any issues with emails that are marked as delivered on sendGrid but not received by your email client, it might be because you have to re-do the process of authentificating the sceneri.com domain in sendGrid in Domain Authentification
Table of Contents