Skip to content

Commit

Permalink
Fix nexus bootstrapping (#2818)
Browse files Browse the repository at this point in the history
* Add firewall exceptions for nexus to firewall bundle

* Update changelog

* Create new rule for nexus
  • Loading branch information
jjgriff93 authored Nov 3, 2022
1 parent 51241c7 commit 7e0c1ea
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 4 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ ENHANCEMENTS:
BUG FIXES:
* Show the correct createdBy value for airlock requests in UI and in API queries ([#2779](https://github.com/microsoft/AzureTRE/pull/2779))
* Fix deployment of Airlock Notifier ([#2745](https://github.com/microsoft/AzureTRE/pull/2745))
* Fix Nexus bootstrapping firewall race condition ([#2811](https://github.com/microsoft/AzureTRE/pull/2811))

COMPONENTS:

Expand Down
2 changes: 1 addition & 1 deletion templates/shared_services/firewall/porter.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: tre-shared-service-firewall
version: 0.6.1
version: 0.6.2
description: "An Azure TRE Firewall shared service"
dockerfile: Dockerfile.tmpl
registry: azuretre
Expand Down
27 changes: 26 additions & 1 deletion templates/shared_services/firewall/terraform/firewall.tf
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,32 @@ resource "azurerm_firewall_application_rule_collection" "shared_subnet" {
"graph.microsoft.com",
"login.microsoftonline.com",
"aadcdn.msftauth.net",
"graph.windows.net"
"graph.windows.net",
"keyserver.ubuntu.com",
"packages.microsoft.com",
"download.docker.com"
]

source_addresses = data.azurerm_subnet.shared.address_prefixes
}

rule {
name = "nexus-bootstrap"

protocol {
port = "443"
type = "Https"
}

protocol {
port = "80"
type = "Http"
}

target_fqdns = [
"keyserver.ubuntu.com",
"packages.microsoft.com",
"download.docker.com"
]

source_addresses = data.azurerm_subnet.shared.address_prefixes
Expand Down
2 changes: 1 addition & 1 deletion templates/shared_services/sonatype-nexus-vm/porter.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: tre-shared-service-sonatype-nexus
version: 2.2.2
version: 2.2.3
description: "A Sonatype Nexus shared service"
dockerfile: Dockerfile.tmpl
registry: azuretre
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@
"ssl_cert_name": {
"type": "string",
"title": "SSL certificate name",
"description": "The name of the certificate to use (located in the core KeyVault) for configuring Nexus SSL"
"description": "The name of the certificate to use (located in the core KeyVault) for configuring Nexus SSL",
"default": "nexus-ssl"
}
},
"pipeline": {
Expand Down

0 comments on commit 7e0c1ea

Please sign in to comment.