From f572ae7ae25f52daec8d4350ac28bf47f7d5b7b1 Mon Sep 17 00:00:00 2001 From: Mike Dzikowski Date: Thu, 4 Apr 2024 12:18:58 -0400 Subject: [PATCH] add pip unique dns name and update container for artifacts in mgmt vm --- .../modules/managementVirtualMachine.bicep | 17 ++++++++++------ .../add-ons/esri-enterprise/solution.bicep | 3 ++- .../add-ons/esri-enterprise/solution.json | 20 ++++++++++++++----- 3 files changed, 28 insertions(+), 12 deletions(-) diff --git a/src/bicep/add-ons/esri-enterprise/modules/managementVirtualMachine.bicep b/src/bicep/add-ons/esri-enterprise/modules/managementVirtualMachine.bicep index 8048552a8..4f1b8cba8 100644 --- a/src/bicep/add-ons/esri-enterprise/modules/managementVirtualMachine.bicep +++ b/src/bicep/add-ons/esri-enterprise/modules/managementVirtualMachine.bicep @@ -23,6 +23,7 @@ param certificatePassword string param certificateFileName string param externalDnsHostname string param esriStorageAccountName string +param esriStorageAccountContainer string param resourcePrefix string resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' existing = { @@ -230,7 +231,7 @@ resource esriArtifacts 'Microsoft.Compute/virtualMachines/runCommands@2023-03-01 parameters: [ { name: 'ContainerName' - value: artifactsContainerName + value: esriStorageAccountContainer } { name: 'Environment' @@ -367,6 +368,10 @@ resource artifacts 'Microsoft.Compute/virtualMachines/runCommands@2023-03-01' = name: 'EsriStorageAccount' value: esriStorageAccount.name } + { + name: 'esriStorageAccountContainer' + value: esriStorageAccountContainer + } ] source: { script: ''' @@ -414,7 +419,7 @@ resource artifacts 'Microsoft.Compute/virtualMachines/runCommands@2023-03-01' = $BlobNames = @($certificateFileName) Invoke-WebRequest -Headers @{"x-ms-version"="2017-11-09"; Authorization ="Bearer $AccessToken"} -Uri "$StorageAccountUrl/$ContainerName/$BlobNames" -OutFile $env:windir\temp\$certificateFileName -Verbose $pfx = "$env:windir\temp\$CertificateFileName" - Set-AzStorageBlobContent -File $pfx -Container $containerName -Blob $CertificateFileName -Context $ctx -Force + Set-AzStorageBlobContent -File $pfx -Container $esriStorageAccountContainer -Blob $CertificateFileName -Context $ctx -Force $base64 = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes($pfx)) $Password = ConvertTo-SecureString -String $CertificatePassword -AsPlainText -Force $cert = Import-AzKeyVaultCertificate -VaultName $keyVaultName -Name "pfx$location" -FilePath $pfx -Password $Password @@ -425,10 +430,10 @@ resource artifacts 'Microsoft.Compute/virtualMachines/runCommands@2023-03-01' = Write-Output $cerCertFile [System.IO.File]::WriteAllBytes($cerCertFile, $azKeyVaultCertBytes) #$ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount - Set-AzStorageBlobContent -File $cerCertFile -Container $containerName -Blob $publicCertificateName -Context $ctx -Force - #Set-AzStorageBlobContent -File $pfx -Container $containerName -Blob $CertificateFileName -Context $ctx -Force - Set-AzStorageBlobContent -File $plf -Container $containerName -Properties @{"ContentEncoding" = "UTF-8"} -Blob $portalLicenseFileName -Context $ctx -Force - Set-AzStorageBlobContent -File $slf -Container $containerName -Properties @{"ContentEncoding" = "UTF-8"} -Blob $serverLicenseFileName -Context $ctx -Force + Set-AzStorageBlobContent -File $cerCertFile -Container $esriStorageAccountContainer -Blob $publicCertificateName -Context $ctx -Force + #Set-AzStorageBlobContent -File $pfx -Container $esriStorageAccountContainer -Blob $CertificateFileName -Context $ctx -Force + Set-AzStorageBlobContent -File $plf -Container $esriStorageAccountContainer -Properties @{"ContentEncoding" = "UTF-8"} -Blob $portalLicenseFileName -Context $ctx -Force + Set-AzStorageBlobContent -File $slf -Container $esriStorageAccountContainer -Properties @{"ContentEncoding" = "UTF-8"} -Blob $serverLicenseFileName -Context $ctx -Force ''' } } diff --git a/src/bicep/add-ons/esri-enterprise/solution.bicep b/src/bicep/add-ons/esri-enterprise/solution.bicep index 52918f0f0..95180d15a 100644 --- a/src/bicep/add-ons/esri-enterprise/solution.bicep +++ b/src/bicep/add-ons/esri-enterprise/solution.bicep @@ -521,7 +521,7 @@ module publicIpAddress './modules/publicIpAddress.bicep' = { name: 'deploy-pip-address-${deploymentNameSuffix}' scope: resourceGroup(subscriptionId, resourceGroupName) params: { - hostname: 'esri-${resourcePrefix}${uniqueString(resourceGroupName)}' + hostname: 'esri-${resourcePrefix}${uniqueString(subscriptionId)}' location: location publicIpAddressName: publicIpAddressName publicIpAllocationMethod: 'Static' @@ -1047,6 +1047,7 @@ module managementVm 'modules/managementVirtualMachine.bicep' = { userAssignedIdentityPrincipalId: userAssignedIdentity.outputs.principalId userAssignedIdentityResourceId: userAssignedIdentity.outputs.resourceId virtualMachineName: take('${resourcePrefix}-vmesrimgmt', 15) + esriStorageAccountContainer: container } dependsOn: [ multiTierFileServerVirtualMachines diff --git a/src/bicep/add-ons/esri-enterprise/solution.json b/src/bicep/add-ons/esri-enterprise/solution.json index 22ed6ac61..56a957619 100644 --- a/src/bicep/add-ons/esri-enterprise/solution.json +++ b/src/bicep/add-ons/esri-enterprise/solution.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.26.54.24096", - "templateHash": "14831212110087961630" + "templateHash": "12024057895193102005" } }, "parameters": { @@ -2335,7 +2335,7 @@ "mode": "Incremental", "parameters": { "hostname": { - "value": "[format('esri-{0}{1}', parameters('resourcePrefix'), uniqueString(variables('resourceGroupName')))]" + "value": "[format('esri-{0}{1}', parameters('resourcePrefix'), uniqueString(variables('subscriptionId')))]" }, "location": { "value": "[parameters('location')]" @@ -7957,6 +7957,9 @@ }, "virtualMachineName": { "value": "[take(format('{0}-vmesrimgmt', parameters('resourcePrefix')), 15)]" + }, + "esriStorageAccountContainer": { + "value": "[variables('container')]" } }, "template": { @@ -7966,7 +7969,7 @@ "_generator": { "name": "bicep", "version": "0.26.54.24096", - "templateHash": "4677294163377019848" + "templateHash": "7720856792939569744" } }, "parameters": { @@ -8036,6 +8039,9 @@ "esriStorageAccountName": { "type": "string" }, + "esriStorageAccountContainer": { + "type": "string" + }, "resourcePrefix": { "type": "string" } @@ -8191,7 +8197,7 @@ "parameters": [ { "name": "ContainerName", - "value": "[parameters('artifactsContainerName')]" + "value": "[parameters('esriStorageAccountContainer')]" }, { "name": "Environment", @@ -8308,10 +8314,14 @@ { "name": "EsriStorageAccount", "value": "[parameters('esriStorageAccountName')]" + }, + { + "name": "esriStorageAccountContainer", + "value": "[parameters('esriStorageAccountContainer')]" } ], "source": { - "script": " param(\r\n [string]$ContainerName,\r\n [string]$CertificateFileName,\r\n [string]$CertificatePassword,\r\n [string]$StorageAccountName,\r\n [string]$StorageEndpoint,\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$PortalLicenseFileName,\r\n [string]$PortalLicenseFile,\r\n [string]$ServerLicensefile,\r\n [string]$ServerLicenseFileName,\r\n [string]$TenantId,\r\n [string]$Location,\r\n [string]$Fqdn,\r\n [string]$Subscription,\r\n [string]$KeyVaultName,\r\n [string]$EsriStorageAccount,\r\n [string]$Environment\r\n )\r\n New-Item -ItemType File \"$env:windir\\temp\\$portalLicenseFileName\"\r\n New-Item -ItemType File \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n $plf = \"$env:windir\\temp\\$portalLicenseFileName\"\r\n $slf = \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n\r\n $Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False\r\n\r\n $portalLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($portalLicensefile))\r\n [System.IO.File]::WriteAllLines($plf, $portalLicense, $Utf8NoBomEncoding)\r\n\r\n $serverLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($serverLicensefile))\r\n [System.IO.File]::WriteAllLines($slf, $serverLicense, $Utf8NoBomEncoding)\r\n\r\n Import-Module az.keyvault\r\n Connect-AzAccount -Environment $Environment -Subscription $Subscription -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n $ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $BlobNames = @($certificateFileName)\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl/$ContainerName/$BlobNames\" -OutFile $env:windir\\temp\\$certificateFileName -Verbose\r\n $pfx = \"$env:windir\\temp\\$CertificateFileName\"\r\n Set-AzStorageBlobContent -File $pfx -Container $containerName -Blob $CertificateFileName -Context $ctx -Force\r\n $base64 = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes($pfx))\r\n $Password = ConvertTo-SecureString -String $CertificatePassword -AsPlainText -Force\r\n $cert = Import-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\" -FilePath $pfx -Password $Password\r\n $azKeyVaultCert = Get-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\"\r\n $azKeyVaultCertBytes = $azKeyVaultCert.Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)\r\n $publicCertificateName = \"wildcard$fqdn-PublicKey.cer\"\r\n $cerCertFile = \"$env:windir\\temp\\$publicCertificateName\"\r\n Write-Output $cerCertFile\r\n [System.IO.File]::WriteAllBytes($cerCertFile, $azKeyVaultCertBytes)\r\n #$ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n Set-AzStorageBlobContent -File $cerCertFile -Container $containerName -Blob $publicCertificateName -Context $ctx -Force\r\n #Set-AzStorageBlobContent -File $pfx -Container $containerName -Blob $CertificateFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $plf -Container $containerName -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $portalLicenseFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $slf -Container $containerName -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $serverLicenseFileName -Context $ctx -Force\r\n " + "script": " param(\r\n [string]$ContainerName,\r\n [string]$CertificateFileName,\r\n [string]$CertificatePassword,\r\n [string]$StorageAccountName,\r\n [string]$StorageEndpoint,\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$PortalLicenseFileName,\r\n [string]$PortalLicenseFile,\r\n [string]$ServerLicensefile,\r\n [string]$ServerLicenseFileName,\r\n [string]$TenantId,\r\n [string]$Location,\r\n [string]$Fqdn,\r\n [string]$Subscription,\r\n [string]$KeyVaultName,\r\n [string]$EsriStorageAccount,\r\n [string]$Environment\r\n )\r\n New-Item -ItemType File \"$env:windir\\temp\\$portalLicenseFileName\"\r\n New-Item -ItemType File \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n $plf = \"$env:windir\\temp\\$portalLicenseFileName\"\r\n $slf = \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n\r\n $Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False\r\n\r\n $portalLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($portalLicensefile))\r\n [System.IO.File]::WriteAllLines($plf, $portalLicense, $Utf8NoBomEncoding)\r\n\r\n $serverLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($serverLicensefile))\r\n [System.IO.File]::WriteAllLines($slf, $serverLicense, $Utf8NoBomEncoding)\r\n\r\n Import-Module az.keyvault\r\n Connect-AzAccount -Environment $Environment -Subscription $Subscription -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n $ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $BlobNames = @($certificateFileName)\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl/$ContainerName/$BlobNames\" -OutFile $env:windir\\temp\\$certificateFileName -Verbose\r\n $pfx = \"$env:windir\\temp\\$CertificateFileName\"\r\n Set-AzStorageBlobContent -File $pfx -Container $esriStorageAccountContainer -Blob $CertificateFileName -Context $ctx -Force\r\n $base64 = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes($pfx))\r\n $Password = ConvertTo-SecureString -String $CertificatePassword -AsPlainText -Force\r\n $cert = Import-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\" -FilePath $pfx -Password $Password\r\n $azKeyVaultCert = Get-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\"\r\n $azKeyVaultCertBytes = $azKeyVaultCert.Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)\r\n $publicCertificateName = \"wildcard$fqdn-PublicKey.cer\"\r\n $cerCertFile = \"$env:windir\\temp\\$publicCertificateName\"\r\n Write-Output $cerCertFile\r\n [System.IO.File]::WriteAllBytes($cerCertFile, $azKeyVaultCertBytes)\r\n #$ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n Set-AzStorageBlobContent -File $cerCertFile -Container $esriStorageAccountContainer -Blob $publicCertificateName -Context $ctx -Force\r\n #Set-AzStorageBlobContent -File $pfx -Container $esriStorageAccountContainer -Blob $CertificateFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $plf -Container $esriStorageAccountContainer -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $portalLicenseFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $slf -Container $esriStorageAccountContainer -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $serverLicenseFileName -Context $ctx -Force\r\n " } }, "dependsOn": [