Skip to content

Commit

Permalink
add pip unique dns name and update container for artifacts in mgmt vm
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikedzikowski
mikedzikowski committed Apr 4, 2024
1 parent fb5233b commit f572ae7
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 12 deletions.
17 changes: 11 additions & 6 deletions src/bicep/add-ons/esri-enterprise/modules/managementVirtualMachine.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ param certificatePassword string
param certificateFileName string
param externalDnsHostname string
param esriStorageAccountName string
param esriStorageAccountContainer string
param resourcePrefix string

resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' existing = {
Expand Down Expand Up @@ -230,7 +231,7 @@ resource esriArtifacts 'Microsoft.Compute/virtualMachines/runCommands@2023-03-01
parameters: [
{
name: 'ContainerName'
value: artifactsContainerName
value: esriStorageAccountContainer
}
{
name: 'Environment'
Expand Down Expand Up @@ -367,6 +368,10 @@ resource artifacts 'Microsoft.Compute/virtualMachines/runCommands@2023-03-01' =
name: 'EsriStorageAccount'
value: esriStorageAccount.name
}
{
name: 'esriStorageAccountContainer'
value: esriStorageAccountContainer
}
]
source: {
script: '''
Expand Down Expand Up @@ -414,7 +419,7 @@ resource artifacts 'Microsoft.Compute/virtualMachines/runCommands@2023-03-01' =
$BlobNames = @($certificateFileName)
Invoke-WebRequest -Headers @{"x-ms-version"="2017-11-09"; Authorization ="Bearer $AccessToken"} -Uri "$StorageAccountUrl/$ContainerName/$BlobNames" -OutFile $env:windir\temp\$certificateFileName -Verbose
$pfx = "$env:windir\temp\$CertificateFileName"
Set-AzStorageBlobContent -File $pfx -Container $containerName -Blob $CertificateFileName -Context $ctx -Force
Set-AzStorageBlobContent -File $pfx -Container $esriStorageAccountContainer -Blob $CertificateFileName -Context $ctx -Force
$base64 = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes($pfx))
$Password = ConvertTo-SecureString -String $CertificatePassword -AsPlainText -Force
$cert = Import-AzKeyVaultCertificate -VaultName $keyVaultName -Name "pfx$location" -FilePath $pfx -Password $Password
Expand All @@ -425,10 +430,10 @@ resource artifacts 'Microsoft.Compute/virtualMachines/runCommands@2023-03-01' =
Write-Output $cerCertFile
[System.IO.File]::WriteAllBytes($cerCertFile, $azKeyVaultCertBytes)
#$ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount
Set-AzStorageBlobContent -File $cerCertFile -Container $containerName -Blob $publicCertificateName -Context $ctx -Force
#Set-AzStorageBlobContent -File $pfx -Container $containerName -Blob $CertificateFileName -Context $ctx -Force
Set-AzStorageBlobContent -File $plf -Container $containerName -Properties @{"ContentEncoding" = "UTF-8"} -Blob $portalLicenseFileName -Context $ctx -Force
Set-AzStorageBlobContent -File $slf -Container $containerName -Properties @{"ContentEncoding" = "UTF-8"} -Blob $serverLicenseFileName -Context $ctx -Force
Set-AzStorageBlobContent -File $cerCertFile -Container $esriStorageAccountContainer -Blob $publicCertificateName -Context $ctx -Force
#Set-AzStorageBlobContent -File $pfx -Container $esriStorageAccountContainer -Blob $CertificateFileName -Context $ctx -Force
Set-AzStorageBlobContent -File $plf -Container $esriStorageAccountContainer -Properties @{"ContentEncoding" = "UTF-8"} -Blob $portalLicenseFileName -Context $ctx -Force
Set-AzStorageBlobContent -File $slf -Container $esriStorageAccountContainer -Properties @{"ContentEncoding" = "UTF-8"} -Blob $serverLicenseFileName -Context $ctx -Force
'''
}
}
Expand Down
3 changes: 2 additions & 1 deletion src/bicep/add-ons/esri-enterprise/solution.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -521,7 +521,7 @@ module publicIpAddress './modules/publicIpAddress.bicep' = {
name: 'deploy-pip-address-${deploymentNameSuffix}'
scope: resourceGroup(subscriptionId, resourceGroupName)
params: {
hostname: 'esri-${resourcePrefix}${uniqueString(resourceGroupName)}'
hostname: 'esri-${resourcePrefix}${uniqueString(subscriptionId)}'
location: location
publicIpAddressName: publicIpAddressName
publicIpAllocationMethod: 'Static'
Expand Down Expand Up @@ -1047,6 +1047,7 @@ module managementVm 'modules/managementVirtualMachine.bicep' = {
userAssignedIdentityPrincipalId: userAssignedIdentity.outputs.principalId
userAssignedIdentityResourceId: userAssignedIdentity.outputs.resourceId
virtualMachineName: take('${resourcePrefix}-vmesrimgmt', 15)
esriStorageAccountContainer: container
}
dependsOn: [
multiTierFileServerVirtualMachines
Expand Down
20 changes: 15 additions & 5 deletions src/bicep/add-ons/esri-enterprise/solution.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.26.54.24096",
"templateHash": "14831212110087961630"
"templateHash": "12024057895193102005"
}
},
"parameters": {
Expand Down Expand Up @@ -2335,7 +2335,7 @@
"mode": "Incremental",
"parameters": {
"hostname": {
"value": "[format('esri-{0}{1}', parameters('resourcePrefix'), uniqueString(variables('resourceGroupName')))]"
"value": "[format('esri-{0}{1}', parameters('resourcePrefix'), uniqueString(variables('subscriptionId')))]"
},
"location": {
"value": "[parameters('location')]"
Expand Down Expand Up @@ -7957,6 +7957,9 @@
},
"virtualMachineName": {
"value": "[take(format('{0}-vmesrimgmt', parameters('resourcePrefix')), 15)]"
},
"esriStorageAccountContainer": {
"value": "[variables('container')]"
}
},
"template": {
Expand All @@ -7966,7 +7969,7 @@
"_generator": {
"name": "bicep",
"version": "0.26.54.24096",
"templateHash": "4677294163377019848"
"templateHash": "7720856792939569744"
}
},
"parameters": {
Expand Down Expand Up @@ -8036,6 +8039,9 @@
"esriStorageAccountName": {
"type": "string"
},
"esriStorageAccountContainer": {
"type": "string"
},
"resourcePrefix": {
"type": "string"
}
Expand Down Expand Up @@ -8191,7 +8197,7 @@
"parameters": [
{
"name": "ContainerName",
"value": "[parameters('artifactsContainerName')]"
"value": "[parameters('esriStorageAccountContainer')]"
},
{
"name": "Environment",
Expand Down Expand Up @@ -8308,10 +8314,14 @@
{
"name": "EsriStorageAccount",
"value": "[parameters('esriStorageAccountName')]"
},
{
"name": "esriStorageAccountContainer",
"value": "[parameters('esriStorageAccountContainer')]"
}
],
"source": {
"script": " param(\r\n [string]$ContainerName,\r\n [string]$CertificateFileName,\r\n [string]$CertificatePassword,\r\n [string]$StorageAccountName,\r\n [string]$StorageEndpoint,\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$PortalLicenseFileName,\r\n [string]$PortalLicenseFile,\r\n [string]$ServerLicensefile,\r\n [string]$ServerLicenseFileName,\r\n [string]$TenantId,\r\n [string]$Location,\r\n [string]$Fqdn,\r\n [string]$Subscription,\r\n [string]$KeyVaultName,\r\n [string]$EsriStorageAccount,\r\n [string]$Environment\r\n )\r\n New-Item -ItemType File \"$env:windir\\temp\\$portalLicenseFileName\"\r\n New-Item -ItemType File \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n $plf = \"$env:windir\\temp\\$portalLicenseFileName\"\r\n $slf = \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n\r\n $Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False\r\n\r\n $portalLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($portalLicensefile))\r\n [System.IO.File]::WriteAllLines($plf, $portalLicense, $Utf8NoBomEncoding)\r\n\r\n $serverLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($serverLicensefile))\r\n [System.IO.File]::WriteAllLines($slf, $serverLicense, $Utf8NoBomEncoding)\r\n\r\n Import-Module az.keyvault\r\n Connect-AzAccount -Environment $Environment -Subscription $Subscription -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n $ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $BlobNames = @($certificateFileName)\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl/$ContainerName/$BlobNames\" -OutFile $env:windir\\temp\\$certificateFileName -Verbose\r\n $pfx = \"$env:windir\\temp\\$CertificateFileName\"\r\n Set-AzStorageBlobContent -File $pfx -Container $containerName -Blob $CertificateFileName -Context $ctx -Force\r\n $base64 = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes($pfx))\r\n $Password = ConvertTo-SecureString -String $CertificatePassword -AsPlainText -Force\r\n $cert = Import-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\" -FilePath $pfx -Password $Password\r\n $azKeyVaultCert = Get-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\"\r\n $azKeyVaultCertBytes = $azKeyVaultCert.Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)\r\n $publicCertificateName = \"wildcard$fqdn-PublicKey.cer\"\r\n $cerCertFile = \"$env:windir\\temp\\$publicCertificateName\"\r\n Write-Output $cerCertFile\r\n [System.IO.File]::WriteAllBytes($cerCertFile, $azKeyVaultCertBytes)\r\n #$ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n Set-AzStorageBlobContent -File $cerCertFile -Container $containerName -Blob $publicCertificateName -Context $ctx -Force\r\n #Set-AzStorageBlobContent -File $pfx -Container $containerName -Blob $CertificateFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $plf -Container $containerName -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $portalLicenseFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $slf -Container $containerName -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $serverLicenseFileName -Context $ctx -Force\r\n "
"script": " param(\r\n [string]$ContainerName,\r\n [string]$CertificateFileName,\r\n [string]$CertificatePassword,\r\n [string]$StorageAccountName,\r\n [string]$StorageEndpoint,\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$PortalLicenseFileName,\r\n [string]$PortalLicenseFile,\r\n [string]$ServerLicensefile,\r\n [string]$ServerLicenseFileName,\r\n [string]$TenantId,\r\n [string]$Location,\r\n [string]$Fqdn,\r\n [string]$Subscription,\r\n [string]$KeyVaultName,\r\n [string]$EsriStorageAccount,\r\n [string]$Environment\r\n )\r\n New-Item -ItemType File \"$env:windir\\temp\\$portalLicenseFileName\"\r\n New-Item -ItemType File \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n $plf = \"$env:windir\\temp\\$portalLicenseFileName\"\r\n $slf = \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n\r\n $Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False\r\n\r\n $portalLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($portalLicensefile))\r\n [System.IO.File]::WriteAllLines($plf, $portalLicense, $Utf8NoBomEncoding)\r\n\r\n $serverLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($serverLicensefile))\r\n [System.IO.File]::WriteAllLines($slf, $serverLicense, $Utf8NoBomEncoding)\r\n\r\n Import-Module az.keyvault\r\n Connect-AzAccount -Environment $Environment -Subscription $Subscription -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n $ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $BlobNames = @($certificateFileName)\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl/$ContainerName/$BlobNames\" -OutFile $env:windir\\temp\\$certificateFileName -Verbose\r\n $pfx = \"$env:windir\\temp\\$CertificateFileName\"\r\n Set-AzStorageBlobContent -File $pfx -Container $esriStorageAccountContainer -Blob $CertificateFileName -Context $ctx -Force\r\n $base64 = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes($pfx))\r\n $Password = ConvertTo-SecureString -String $CertificatePassword -AsPlainText -Force\r\n $cert = Import-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\" -FilePath $pfx -Password $Password\r\n $azKeyVaultCert = Get-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\"\r\n $azKeyVaultCertBytes = $azKeyVaultCert.Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)\r\n $publicCertificateName = \"wildcard$fqdn-PublicKey.cer\"\r\n $cerCertFile = \"$env:windir\\temp\\$publicCertificateName\"\r\n Write-Output $cerCertFile\r\n [System.IO.File]::WriteAllBytes($cerCertFile, $azKeyVaultCertBytes)\r\n #$ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n Set-AzStorageBlobContent -File $cerCertFile -Container $esriStorageAccountContainer -Blob $publicCertificateName -Context $ctx -Force\r\n #Set-AzStorageBlobContent -File $pfx -Container $esriStorageAccountContainer -Blob $CertificateFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $plf -Container $esriStorageAccountContainer -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $portalLicenseFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $slf -Container $esriStorageAccountContainer -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $serverLicenseFileName -Context $ctx -Force\r\n "
}
},
"dependsOn": [
Expand Down

0 comments on commit f572ae7

Please sign in to comment.