Adding secure vms

vm-qdc-secure/main.tf

@@ -0,0 +1,66 @@
+resource "random_id" "randomMachineId" {
+    keepers = {
+        # Generate a new ID only when a new resource group is defined
+        resource_group = var.resource_group_name
+    }
+    
+    byte_length = 2
+}
+
+resource "random_password" "password" {
+  length = 16
+  special = true
+  override_special = "_!@"
+  upper = true
+  lower = true
+  min_lower = 2
+  min_upper = 2
+  min_special = 2
+}
+
+locals {
+  virtual_machine_name = "${var.prefix}-${random_id.randomMachineId.hex}"
+  admin_username = var.admin_username
+  admin_password = random_password.password.result
+}
+
+module "qmi-nic" {
+  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
+  
+  prefix = local.virtual_machine_name
+  location = var.location
+  resource_group_name = var.resource_group_name
+  
+  user_id = var.user_id 
+  subnet_id = var.vm_subnet_id
+}
+
+resource "azurerm_linux_virtual_machine" "vm" {
+  name                = local.virtual_machine_name
+  resource_group_name = var.resource_group_name
+  location            = var.location
+  size                = var.vm_type
+  admin_username      = local.admin_username
+  admin_password      = local.admin_password
+  disable_password_authentication = false
+
+  network_interface_ids = [ module.qmi-nic.id ]
+
+
+  os_disk {
+    name                 = "${local.virtual_machine_name}-osdisk"
+    caching              = "ReadWrite"
+    storage_account_type = var.managed_disk_type
+    disk_size_gb         = var.disk_size_gb
+  }
+
+  source_image_id = var.image_reference
+
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    "QMI_user" = var.user_id != null? var.user_id : null
+    "24x7" = ""
+  }
+
+}

vm-qdc-secure/outputs.tf

@@ -0,0 +1,31 @@
+output "virtual_machine_id" {
+  value = azurerm_linux_virtual_machine.vm.id
+}
+
+output "virtual_machine_name" {
+  value = "${var.prefix}-${random_id.randomMachineId.hex}"
+}
+
+output "admin_username" {
+  value = var.admin_username
+}
+
+output "admin_password" {
+  value = random_password.password.result
+}
+
+output "nic_id" {
+  value = module.qmi-nic.id
+}
+
+output "nic_private_ip_address" {
+  value = module.qmi-nic.private_ip_address
+}
+
+output "nic_ip_configuration_name" {
+  value = module.qmi-nic.ip_configuration_name
+}
+
+
+
+

vm-qdc-secure/scripts/bootstrap-module.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+MODULE=$1
+
+REPO="qmi-cloud-tf-modules-master"
+mkdir -p /tmp
+cd /tmp
+
+URL=https://gitlab.com/qmi/qmi-cloud-tf-modules/-/archive/master/$REPO.tar.gz?path=$MODULE
+
+echo "Getting module files..."
+echo "$URL"
+
+wget $URL -O /tmp/$MODULE.tar.gz
+tar -xvf $MODULE.tar.gz
+
+cp -R /tmp/$REPO-$MODULE/$MODULE/* /home/qmi/.
+
+for i in $(find /home/qmi -name '*.sh' );  do chmod a+x "$i"; done
+
+chown -R qmi:qmi /home/qmi

vm-qdc-secure/scripts/provision-with-qs-prereqs.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+BASEDIR=$(dirname "$0")
+QDC_LIC=$1
+FALCON_CID=$2
+QS_HOST=$3
+QS_IP=$4
+QS_USERNAME=$5
+QS_PASSWORD=$6
+APPGW_HOSTNAME=$7
+QLIKUSER_PASSWORD=$8
+QDC_IP=$9
+
+LOG=/home/qmi/provision.log
+touch $LOG
+
+echo '"'$0'" "'$1'" "'$2'" "'$3'" "'$4'" "'$5'" "'$6'" "'$7'" "'$8'" "'$9'"'>> $LOG 
+
+$BASEDIR/bootstrap-module.sh "vm-qdc" >> $LOG
+
+echo "--- Executing: falcon.sh: $FALCON_CID" >> $LOG
+/home/qmi/scripts/falcon.sh $FALCON_CID >> $LOG
+
+echo "--- Executing: resizedisk.sh" >> $LOG
+/home/qmi/scripts/resizedisk.sh >> $LOG
+
+echo "--- Executing: qdc-nextgen-xml.sh '$QDC_IP'" >> $LOG
+/home/qmi/scripts/nov2020/qdc-nextgen-xml.sh "$QDC_IP" >> $LOG
+
+echo "--- Executing: set-license.sh '$QDC_LIC'" >> $LOG
+/home/qmi/scripts/nov2020/set-license.sh "$QDC_LIC" >> $LOG
+
+
+echo "---- Waiting 5 minutes for QS to finish setup in its end" >> $LOG
+sleep 5m
+
+echo "--- QDC SETUP" >> $LOG
+echo '--- Executing: qdc-post-cfg.sh "'$QS_HOST'" "'$QS_IP'" "'$QS_USERNAME'" "'$QS_PASSWORD'" "'$APPGW_HOSTNAME'" "ok" ' >> $LOG
+/home/qmi/scripts/nov2020/qdc-post-cfg.sh $QS_HOST $QS_IP $QS_USERNAME $QS_PASSWORD $APPGW_HOSTNAME "ok"  >> $LOG
+
+echo "--- Qlik Sense connection setup in QDC for QVD Import" >> $LOG
+echo '--- Executing: setup-QS-Connection-QVDImport.sh "'$QS_HOST'" "'$QDC_IP'" ' >> $LOG
+/home/qmi/scripts/nov2020/setup-QS-Connection-QVDImport.sh $QS_HOST $QDC_IP >> $LOG
+
+echo "--- QVD Catalog setup in Qlik Sense DataManager" >> $LOG
+echo '--- Executing: setup-QVDCatalog-DataManager.sh "'$QS_HOST'" "'$QLIKUSER_PASSWORD'" "'$QDC_IP':8080/qdc" ' >> $LOG
+/home/qmi/scripts/nov2020/setup-QVDCatalog-DataManager.sh $QS_HOST $QLIKUSER_PASSWORD "$QDC_IP:8080/qdc" >> $LOG

vm-qdc-secure/scripts/provision.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+BASEDIR=$(dirname "$0")
+QDC_LIC=$1
+FALCON_CID=$2
+QDC_IP=$3
+
+LOG="/home/qmi/provision.log"
+touch $LOG
+
+echo '"'$0'" "'$1'" "'$2'" "'$3'" '>> $LOG 
+
+$BASEDIR/bootstrap-module.sh "vm-qdc" >> $LOG
+
+echo "--- Executing: falcon.sh: $FALCON_CID" >> $LOG
+/home/qmi/scripts/falcon.sh $FALCON_CID >> $LOG
+
+echo "--- Executing: resizedisk.sh" >> $LOG
+/home/qmi/scripts/resizedisk.sh >> $LOG
+
+echo "--- Executing: qdc-nextgen-xml.sh '$QDC_IP' '4.9.0'" >> $LOG
+/home/qmi/scripts/feb2021/qdc-nextgen-xml.sh "$QDC_IP" "4.9.0" >> $LOG
+
+echo "--- Executing: core_env_setup.sh" >> $LOG
+/home/qmi/scripts/feb2021/core_env_setup.sh >> $LOGs
+
+echo "--- Executing: set-license.sh '$QDC_LIC'" >> $LOG
+/home/qmi/scripts/feb2021/set-license.sh "$QDC_LIC" >> $LOG
+

vm-qdc-secure/variables.tf

@@ -0,0 +1,46 @@
+### Variables
+variable "prefix" {
+    default = "QMI-QDC"
+}
+
+variable "location" {
+    default = "East US"
+}
+
+variable "image_reference" {
+  default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Compute/galleries/QMICloud/images/QDC/versions/4.5.0"
+}
+
+variable "vm_type" {
+  default = "Standard_D4s_v3"
+}
+
+variable "managed_disk_type" {
+  default = "Premium_LRS"
+}
+
+variable "disk_size_gb" {
+  default = "128"
+}
+
+variable "resource_group_name" { 
+}
+
+variable "admin_username" {
+  default = "qmi"
+}
+
+variable "user_id" {
+  default = null
+}
+
+variable "key_vault_id" {
+  default = "/subscriptions/73c75d40-8c7d-45cf-b4f9-afdb210da92d/resourceGroups/QMI-infra/providers/Microsoft.KeyVault/vaults/qmicloud-secrets"
+}
+
+variable "vm_subnet_id" {
+  
+}
+
+
+

vm-qs-secure/main.tf

@@ -0,0 +1,74 @@
+resource "random_id" "randomMachineId" {
+    keepers = {
+        # Generate a new ID only when a new resource group is defined
+        resource_group = var.resource_group_name
+    }
+    
+    byte_length = 2
+}
+
+resource "random_password" "password" {
+  length = 16
+  special = true
+  override_special = "_!@"
+  upper = true
+  lower = true
+  min_lower = 2
+  min_upper = 2
+  min_special = 2
+}
+
+resource "random_password" "qlikpassword" {
+  length = 16
+  special = true
+  override_special = "_!@"
+  upper = true
+  lower = true
+  min_lower = 2
+  min_upper = 2
+  min_special = 2
+}
+
+locals {
+  virtual_machine_name = "${var.prefix}-${random_id.randomMachineId.hex}"
+  admin_username = var.admin_username
+  admin_password = random_password.password.result
+}
+
+module "qmi-nic" {
+  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
+  
+  prefix = local.virtual_machine_name
+  location = var.location
+  resource_group_name = var.resource_group_name
+  subnet_id = var.vm_subnet_id
+  
+  user_id = var.user_id
+  
+}
+
+resource "azurerm_windows_virtual_machine" "vm" {
+  name                = local.virtual_machine_name
+  resource_group_name = var.resource_group_name
+  location            = var.location
+  size                = var.vm_type
+  admin_username      = local.admin_username
+  admin_password      = local.admin_password
+  network_interface_ids = [ module.qmi-nic.id ]
+
+  os_disk {
+    name                 = "${local.virtual_machine_name}-osdisk"
+    caching              = "ReadWrite"
+    storage_account_type = var.managed_disk_type
+    disk_size_gb         = var.disk_size_gb
+  }
+
+  source_image_id =  var.image_reference
+
+  tags = {
+    "Deployment" = "QMI PoC"
+    "Cost Center" = "3100"
+    "QMI_user" = var.user_id
+    "24x7" = ""
+  }
+}

vm-qs-secure/outputs.tf

@@ -0,0 +1,31 @@
+output "virtual_machine_id" {
+  value = azurerm_windows_virtual_machine.vm.id
+}
+
+output "virtual_machine_name" {
+  value = "${var.prefix}-${random_id.randomMachineId.hex}"
+}
+
+output "admin_username" {
+  value = var.admin_username
+}
+
+output "admin_password" {
+  value = random_password.password.result
+}
+
+output "qlik_password" {
+  value = random_password.qlikpassword.result
+}
+
+output "nic_id" {
+  value = module.qmi-nic.id
+}
+
+output "nic_private_ip_address" {
+  value = module.qmi-nic.private_ip_address
+}
+
+output "nic_ip_configuration_name" {
+  value = module.qmi-nic.ip_configuration_name
+}

vm-qs-secure/scripts/bootstrap-module.ps1

@@ -0,0 +1,22 @@
+
+
+$DownloadUrl="https://gitlab.com/qmi/qmi-cloud-tf-modules/-/archive/master/qmi-cloud-tf-modules-master.zip?path=vm-qs"
+$DownloadUrlWinCommon="https://gitlab.com/qmi/qmi-cloud-tf-modules/-/archive/master/qmi-cloud-tf-modules-master.zip?path=win-common"
+
+New-Item -ItemType Directory -Force -Path C:\Temp
+
+$ProgressPreference = 'SilentlyContinue'
+
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+(New-Object System.Net.WebClient).DownloadFile($DownloadUrl, "C:\Temp\vm-qs.zip") 
+(New-Object System.Net.WebClient).DownloadFile($DownloadUrlWinCommon, "C:\Temp\win-common.zip") 
+
+Expand-Archive "C:\Temp\vm-qs.zip" -DestinationPath "C:\Temp" -Force
+Expand-Archive "C:\Temp\win-common.zip" -DestinationPath "C:\Temp" -Force
+
+New-Item -ItemType Directory -Force -Path C:\Provision
+New-Item -ItemType Directory -Force -Path C:\Provision\win-common
+
+Copy-Item -Path "C:\Temp\qmi-cloud-tf-modules-master-vm-qs\vm-qs\scripts\*" -Destination "C:\Provision" -Recurse
+Copy-Item -Path "C:\Temp\qmi-cloud-tf-modules-master-win-common\win-common\scripts\*" -Destination "C:\Provision\win-common" -Recurse
+

vm-qs-secure/scripts/bootstrap-qdcsetup.ps1

@@ -0,0 +1,21 @@
+
+Param(
+    [string] $Hostname,
+    [string] $Serial,
+    [string] $Control,
+    [string] $CertPwd,
+    [string] $QlikUserPwd,
+    [string] $QDC_HOST
+)
+
+& "$PSScriptRoot\bootstrap-module.ps1"
+
+Write-Log "---- Bootstrap Qlik Sense ----"
+
+& "C:\Provision\bootstrap-qs.ps1" -ModuleName vm-qs
+& "C:\Provision\qs-post-cfg.ps1" -Hostname $Hostname -Serial $Serial -Control $Control -CertPwd $CertPwd -QlikUserPwd $QlikUserPwd
+& "C:\Provision\webconnectors\q-WebConnectors.ps1"
+& "C:\Provision\gen-jwt.ps1"
+
+
+& "C:\Provision\qdc\qdc-setup-sept20.ps1" -QDC_HOST $QDC_HOST

vm-qs-secure/scripts/bootstrap.ps1

@@ -0,0 +1,23 @@
+
+Param(
+    [string] $Hostname,
+    [string] $Serial,
+    [string] $Control,
+    [string] $CertPwd,
+    [string] $QlikUserPwd,
+    [string] $CCID
+)
+
+& "$PSScriptRoot\bootstrap-module.ps1"
+
+Write-Log "---- Bootstrap Qlik Sense ----"
+
+& "C:\Provision\bootstrap-qs.ps1" -ModuleName vm-qs
+& "C:\Provision\qs-post-cfg.ps1" -Hostname $Hostname -Serial $Serial -Control $Control -CertPwd $CertPwd -QlikUserPwd $QlikUserPwd
+& "C:\Provision\webconnectors\q-WebConnectors.ps1"
+& "C:\Provision\gen-jwt.ps1"
+
+#Win-Common
+& "C:\Provision\win-common\resize-disk-tomax.ps1"
+& "C:\Provision\win-common\disable-ie-sec.ps1"
+& "C:/provision/win-common/carbonblack-uninstall.ps1" -CCID $CCID

vm-qs-secure/variables.tf

@@ -0,0 +1,47 @@
+
+variable "prefix" {
+  description = "The Prefix used for all resources in this example"
+  default = "QMI-QS"
+}
+
+variable "location" {
+  default = "East US"
+}
+
+variable "image_reference" {
+  default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Compute/galleries/QMICloud/images/QlikSenseEnterprise/versions/13.72.3"
+}
+
+variable "resource_group_name" {
+}
+
+variable "vm_type" {
+  default = "Standard_D4s_v3"
+}
+
+variable "managed_disk_type" {
+  default = "Premium_LRS"
+}
+
+variable "disk_size_gb" {
+  default = "128"
+}
+
+variable "admin_username" {
+  default = "qmi"
+}
+
+variable "user_id" {
+}
+
+variable "key_vault_id" {
+  default = "/subscriptions/73c75d40-8c7d-45cf-b4f9-afdb210da92d/resourceGroups/QMI-infra/providers/Microsoft.KeyVault/vaults/qmicloud-secrets"
+}
+
+variable "vm_subnet_id" {
+  
+}
+
+variable "script1" {
+  default = "./scripts/resethostname.ps1"
+}