jprdonnelly/qmi-cloud-tf-modules
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Using same bootrstrap-qs as others

Browse Source
This commit is contained in:
Manuel Romero
2020-06-17 13:23:22 +02:00
parent a84b3538d0
commit 9ae78b0bf3
27 changed files with 16 additions and 2573 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
vm-qs/main.tf
View File

@@ -106,15 +106,15 @@ resource "azurerm_windows_virtual_machine" "vm" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
user = "qservice"
password = "Qlik1234"
port = 5985
https = false
timeout = "30m"
}
inline = [
"powershell.exe -File C:/provision/resethostname.ps1",
"powershell.exe -File C:/provision/bootstrap-qs.ps1 -ModuleName vm-qs",
"powershell.exe -File C:/provision/gen-jwt.ps1"
]
}

0
vm-qs2/scripts/bootstrap-qs.ps1 → vm-qs/scripts/bootstrap-qs.ps1
View File

25
vm-qs/scripts/qs-post-cfg.ps1
View File

@@ -133,25 +133,22 @@ Function qlikSenseProfessionalAccess
write-log -Message "Waiting 1 minute for Qlik Sense installation to complete"
start-sleep -s 60
### wait for Qlik Sense Proxy service to respond with an HTTP 200 status before proceeding
connQSR
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200)
{
Write-Log -Message "Waiting 25 seconds before next pass" -Severity "Warn"
restartServices
Write-Log -Message "Waiting 45 seconds for Services to ensure they are ready" -Severity "Warn"
start-sleep -s 45
connQSR
}
if ($statusCode -ne 200) {
Write-Log -Message "Waiting 25 seconds before next pass" -Severity "Warn"
restartServices
Write-Log -Message "Waiting 45 seconds for Services to ensure they are ready" -Severity "Warn"
start-sleep -s 45
connQSR
}
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200)
{
Write-Log -Message "Provisioning failed" -Severity "Error"
Exit
}
if ($statusCode -ne 200) {
Write-Log -Message "Provisioning failed" -Severity "Error"
Exit
}
Write-Log -Message "Qlik Sense Proxy responding on $env:COMPUTERNAME, status code: $statusCode"
Write-Log -Message "Connecting to Qlik Sense Repository Service on $env:COMPUTERNAME"

4
vm-qs/scripts/sharepoint-pnp/install.ps1
View File

@@ -4,6 +4,6 @@ Invoke-WebRequest -Uri $msiDownload -OutFile "C:\Temp\SharePointPnPPowerShellOnl
Start-Process "msiexec.exe" -Wait -ArgumentList '/I C:\Temp\SharePointPnPPowerShellOnline.msi /quiet'
Copy-Item -Path C:\provision\sharepoint-pnp\Import_From_SharePoint.ps1 -Destination C:\Users\Public\Desktop\ -Force
Copy-Item -Path C:\provision\sharepoint-pnp\README-Import_From_SharePoint.txt -Destination C:\Users\Public\Desktop\ -Force
Copy-Item -Path $PSScriptRoot\Import_From_SharePoint.ps1 -Destination C:\Users\Public\Desktop\ -Force
Copy-Item -Path $PSScriptRoot\README-Import_From_SharePoint.txt -Destination C:\Users\Public\Desktop\ -Force

146
vm-qs2/main.tf
View File

@@ -1,146 +0,0 @@
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 2
}
resource "random_password" "password" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_lower = 2
min_upper = 2
min_special = 2
}
resource "random_password" "qlikpassword" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_lower = 2
min_upper = 2
min_special = 2
}
locals {
virtual_machine_name = "${var.prefix}-${random_id.randomMachineId.hex}"
admin_username = var.admin_username
admin_password = random_password.password.result
}
data "azurerm_key_vault_secret" "serial" {
name = "qs-license-pa-serial"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "control" {
name = "qs-license-pa-control"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "sensorsettings" {
name = "carbonblack-sensorsettings"
key_vault_id = var.key_vault_id
}
module "qmi-nic" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
prefix = local.virtual_machine_name
location = var.location
subnet_id = var.subnet_id
resource_group_name = var.resource_group_name
user_id = var.user_id
}
resource "azurerm_windows_virtual_machine" "vm" {
name = local.virtual_machine_name
resource_group_name = var.resource_group_name
location = var.location
size = var.vm_type
admin_username = local.admin_username
admin_password = local.admin_password
network_interface_ids = [
module.qmi-nic.id,
]
os_disk {
name = "${local.virtual_machine_name}-osdisk"
caching = "ReadWrite"
storage_account_type = var.managed_disk_type
disk_size_gb = var.disk_size_gb
}
source_image_id = var.image_reference
provisioner "file" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "30m"
}
source = "${path.module}/scripts"
destination = "C:/provision"
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = "qservice"
password = "Qlik1234"
port = 5985
https = false
timeout = "30m"
}
inline = [
"powershell.exe -File C:/provision/bootstrap-qs.ps1 -ModuleName vm-qs",
"powershell.exe -File C:/provision/gen-jwt.ps1"
]
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "30m"
}
inline = [
"powershell.exe -File C:/provision/qs-post-cfg.ps1 -Hostname ${var.resource_group_name}.qmi.qlik-poc.com -Serial ${data.azurerm_key_vault_secret.serial.value} -Control ${data.azurerm_key_vault_secret.control.value} -Certpassword ${data.azurerm_key_vault_secret.cert-password.value} -QlikUserPassword ${random_password.qlikpassword.result}",
"powershell.exe -File C:/provision/carbonblack.ps1 -SensorSettings '${data.azurerm_key_vault_secret.sensorsettings.value}'",
"powershell.exe -File C:/provision/webconnectors/q-WebConnectors.ps1",
"powershell.exe -File C:/provision/sharepoint-pnp/install.ps1"
]
}
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
}

31
vm-qs2/outputs.tf
View File

@@ -1,31 +0,0 @@
output "virtual_machine_id" {
value = azurerm_windows_virtual_machine.vm.id
}
output "virtual_machine_name" {
value = "${var.prefix}-${random_id.randomMachineId.hex}"
}
output "admin_username" {
value = var.admin_username
}
output "admin_password" {
value = random_password.password.result
}
output "qlik_password" {
value = random_password.qlikpassword.result
}
output "nic_id" {
value = module.qmi-nic.id
}
output "nic_private_ip_address" {
value = module.qmi-nic.private_ip_address
}
output "nic_ip_configuration_name" {
value = module.qmi-nic.ip_configuration_name
}

BIN
vm-qs2/scripts/CarbonBlackClientSetup.exe
View File

Binary file not shown.

16
vm-qs2/scripts/carbonblack.ps1
View File

@@ -1,16 +0,0 @@
Param(
[string] $SensorSettings
)
Write-Log -Message "Installing and configuring Carbon Black"
New-Item C:\provision\sensorsettings.ini | Out-Null
Set-Content C:\provision\sensorsettings.ini $SensorSettings | Out-Null
(Get-Content C:\provision\sensorsettings.ini) -replace ' ',"`r`n" | Set-Content C:\provision\sensorsettings.ini -Force
C:\provision\CarbonBlackClientSetup.exe /S
Write-Log -Message "Carbon Black is configure!"

10
vm-qs2/scripts/gen-jwt.ps1
View File

@@ -1,10 +0,0 @@
Write-Log -Message "Generating JWT for QDC"
Expand-Archive -LiteralPath "$PSScriptRoot\jwt-generator.zip" -DestinationPath c:\provision\
$ENV:PATH += ";C:\Program Files\Qlik\Sense\ServiceDispatcher\Node"
Copy-Item "C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates\server*.pem" c:\provision\jwt-generator\.
node c:\provision\jwt-generator\index.js
Copy-Item c:\provision\jwt-generator\qdc.jwt "C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates\."

BIN
vm-qs2/scripts/jwt-generator.zip
View File

Binary file not shown.

BIN
vm-qs2/scripts/qdc/Categories.qvd
View File

Binary file not shown.

BIN
vm-qs2/scripts/qdc/Employees.qvd
View File

Binary file not shown.

BIN
vm-qs2/scripts/qdc/Offices.qvd
View File

Binary file not shown.

BIN
vm-qs2/scripts/qdc/Products.qvd
View File

Binary file not shown.

1386
vm-qs2/scripts/qdc/Sales_Data.qvd
View File

File diff suppressed because one or more lines are too long

BIN
vm-qs2/scripts/qdc/Suppliers.qvd
View File

Binary file not shown.

BIN
vm-qs2/scripts/qdc/Territories.qvd
View File

Binary file not shown.

11
vm-qs2/scripts/qdc/qdc-scenario-config.ps1
View File

@@ -1,11 +0,0 @@
# Shared variables here
Write-Log -Message "Setting shared variables for scenario"
# Dec 2019
#$PROXY_ARTIFACTS = "https://d7ipctdjxxii4.cloudfront.net/others/qdc/qdc-dec-2019/qdc_proxy_artifacts.zip"
# April 2020
#$PROXY_ARTIFACTS = "https://da3hntz84uekx.cloudfront.net/QlikDataCatalyst/4.5/0/_MSI/qdc_proxy_artifacts.zip"
# June 2020
$PROXY_ARTIFACTS = "https://da3hntz84uekx.cloudfront.net/QlikDataCatalyst/4.6/0/_MSI/qdc_proxy_artifacts.zip"

147
vm-qs2/scripts/qdc/qdc-setup.ps1
View File

@@ -1,147 +0,0 @@
Param(
[string] $QDC_HOST = "QMI-QDC-SN",
[string] $QDC_PUBLIC_HOST
)
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
Write-Log -Message "Setting up QDC pre-requisites in Qlik Sense"
Import-Module Qlik-Cli
### Connect to the Qlik Sense Repository Service with Qlik-Cli
do {write-log -Message "Connecting to Qlik Sense Repository..."; start-sleep 15}
While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials -ErrorAction SilentlyContinue).length -eq 0 )
#-----------
# Load variables
. $PSScriptRoot\qdc-scenario-config.ps1
Write-Log -Message "Creating QDC virtual proxy"
$jwtcert = Get-Content -raw 'C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates\server.pem'
New-QlikVirtualProxy -description "Qlik Data Catalyst" -sessionCookieHeaderName "X-Qlik-QDC-Session" -authenticationMethod JWT `
-prefix qdc -loadBalancingServerNodes $(Get-QlikNode -filter "name eq 'Central'").id `
-jwtAttributeUserDirectory "[QLIK-EXTERNAL-SERVICE]" -jwtAttributeUserId "name" -jwtPublicKeyCertificate $jwtcert -websocketCrossOriginWhiteList $QDC_PUBLIC_HOST | Out-Null
Add-QlikProxy -ProxyId $(Get-QlikProxy -filter "serverNodeConfiguration.hostName eq '$($env:COMPUTERNAME)'").id -VirtualProxyId $(Get-QlikVirtualProxy -filter "description eq 'Qlik Data Catalyst'").id | Out-Null
Start-Sleep -s 10
Write-Log -Message "Downloading qdc_proxy_artifacts - This will create 'qlik-data-catalyst' qliksense user"
Write-Log -Message "PROXY_ARTIFACTS = $PROXY_ARTIFACTS"
$ENV:PATH += ";C:\Program Files\Qlik\Sense\ServiceDispatcher\Node"
cd $env:TEMP
(New-Object System.Net.WebClient).DownloadFile($PROXY_ARTIFACTS, "$env:TEMP\qdc_proxy_artifacts.zip")
#Invoke-WebRequest -UseBasicParsing -OutFile qdc_proxy_artifacts.zip -Uri $PROXY_ARTIFACTS
Expand-Archive .\qdc_proxy_artifacts.zip .
cd qs-virtual-proxy
(Get-Content .\check-proxy.js).replace("ducks-sense1.ad.podiumdata.net", "$($env:COMPUTERNAME)") | Set-Content .\check-proxy.js
Copy-Item "C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates\qdc.jwt" .
ls
Get-QlikUser
node .\check-proxy.js
Get-QlikUser -filter "name eq 'qlik-data-catalyst'"
Write-Log -Message "Waiting 20 secs"
Start-Sleep -s 20
Write-Log -Message "Set 'qlik-data-catalyst' as AuditAdmin"
Update-QlikUser -id $(Get-QlikUser -filter "name eq 'qlik-data-catalyst'").id -roles AuditAdmin | Out-Null
Write-Log -Message "Creating security rule for access by QLIK-EXTERNAL-SERVICE"
New-QlikRule -Name "Security rule for access by QLIK-EXTERNAL-SERVICE" -resourceFilter "DataConnection_*,App_*" `
-actions 2 -rule '((user.userDirectory="QLIK-EXTERNAL-SERVICE"))' -rulecontext both -category Security | Out-Null
Write-Log -Message "Adding qvd-mock to service dispatcher"
$dir = pwd
cd "C:\Program Files\Qlik\Sense"
Expand-Archive $dir\qvd-mock.zip .
Copy-Item $dir\qvd-mock.json "C:\Program Files\Qlik\Sense\BrokerService\service-configs\"
$mock=@"
[qvd-mock]
Identity=Qlik.qvd-mock
DisplayName=QVD Mock
ExePath=Node\node.exe
Script=..\qvd-mock\server.js
"@
Add-Content "C:\Program Files\Qlik\Sense\ServiceDispatcher\services.conf" $mock
Restart-Service QlikSenseServiceDispatcher
Write-Log -Message "Creating 'QVD Catalog' tag"
New-QlikTag -name "QVD Catalog" | Out-Null
Write-Log -Message "Creating 'c:\QVDs' folder and set SMB"
New-Item "C:\QVDs" -type directory | Out-Null
New-SMBShare -Name "qvds" -Path "C:\QVDs" | Out-Null
Grant-SmbShareAccess -Name qvds -AccountName Everyone -AccessRight Change -Force | Out-Null
Write-Log -Message "Creating Qlik Sense data connection for C:\QVDs"
# ---- Workaround qlik-cli QS April 2020
# Qlik CLI New-QlikDataConnection fails with only 1 tag, that's why I create and use FakeTag too.
New-QlikTag -name "FakeTag" | Out-Null
New-QlikDataConnection -connectionstring "\\$($env:COMPUTERNAME)\qvds" -name "QVDs" -tags "QVD Catalog","FakeTag" -type "folder" | Out-Null
# ----
Write-Log -Message "Setting firewall rules for QDC"
New-NetFirewallRule -DisplayName "QDC QVD Metadata" -Action allow -LocalPort 7007 -Protocol TCP | Out-Null
New-NetFirewallRule -DisplayName "pub2qlik" -Action allow -LocalPort 4243,4747 -Protocol TCP | Out-Null
# certs needed for qdc
Write-Log -Message "SMB Qlik Sense certificates folder"
New-SMBShare -Name "certs" -Path "C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates" | Out-Null
Grant-SmbShareAccess -Name certs -AccountName Everyone -AccessRight Read -Force | Out-Null
# create podium user
Import-Module "Carbon"
Write-Log -Message "Adding 'podium' user to Windows system"
$cred = New-Credential "podium" "Qlik1234"
Install-User -Credential $cred | Out-Null
#gci cert:\CurrentUser\My | where {$_.issuer -eq $cert} | Connect-Qlik -Username $env:COMPUTERNAME\podium -Computername $env:COMPUTERNAME
#gci cert:\CurrentUser\My | where {$_.issuer -eq $cert} | Connect-Qlik -Computername $env:COMPUTERNAME
#Update-QlikUser -id $(Get-QlikUser -filter "name eq 'podium'").id -roles RootAdmin
#gci cert:\CurrentUser\My | where {$_.issuer -eq $cert} | Connect-Qlik -Username $env:COMPUTERNAME\podium -Computername $env:COMPUTERNAME
Write-Log -Message "Creating 'podium_dist' postgres connection"
$cred = New-Credential "postgres" "postgres"
$podiumDistDC = New-QlikDataConnection -connectionstring "'CUSTOM CONNECT TO `"provider=QvOdbcConnectorPackage.exe;driver=postgres;host=$QDC_HOST;port=5432;db=podium_dist;SSLMode=prefer;UseSystemTrustStore=false;ByteaAsLongVarBinary=0;TextAsLongVarchar=0;UseUnicode=1;FetchTSWTZasTimestamp=1;MaxVarcharSize=262144;UseDeclareFetch=1;Fetch=200;EnableTableTypes=1;MoneyAsDecimal=1;QueryTimeout=30;`"" `
-name podium_dist -type 'QvOdbcConnectorPackage.exe' -Credential $cred
Write-Log -Message "Grant access to all user to this connection"
New-QlikRule -name "Podium_Dist allow to all" -comment "Allow Podium_Dist Connection to all users" -category "Security" -resourceFilter "DataConnection_$($podiumDistDC.id)" -actions 23 -rule '((user.name like "*"))' | Out-Null
Write-Log "Copy Sample QVDs into C:/QVDs folder"
Copy-Item $PSScriptRoot\*.qvd C:\QVDs
$x=1
$files = Get-ChildItem C:\QVDs\*.qvd|sort LastWriteTime
foreach ($file in $files) #{ echo $file }
{
if ($x -lt 3) {
echo "Updating $($file)"
Set-ItemProperty -Path $file -Name LastWriteTime -Value (get-date)
sleep 2
}
$x= $x +1
}
Write-Log "QDC Config Completed."

240
vm-qs2/scripts/qs-post-cfg.ps1
View File

@@ -1,240 +0,0 @@
<#
Module: qs-post-cfg
Author: Clint Carr
Modified by: -
Modification History:
- Fixed connect as user logic (qlik-cli change)
- Added logic to accomodate for Professional/Analyzer or User licenses
- Added a loop into the Connect-Qlik statement to remove an abort error
- Added Logging
- Added comments
- Error checking
- Modified service connection for Qlik Sense from endless loop to a set number of attempts.
- Added a service restart at the end of the Central Node (seems to resolve an issue with April 2018)
last updated: 10/18/2019
Intent: Configure the Qlik Sense environment with applications and Security Rules.
#>
Param(
[string] $Hostname,
[string] $Serial,
[string] $Control,
[string] $Certpassword,
[string] $QlikUserPassword
)
Import-Module Qlik-Cli
Import-Module "Carbon"
# Helper Functions
# ----------------
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
Write-Log -Message "Creating Qlik account"
$cred = New-Credential "Qlik" $QlikUserPassword
Install-User -Credential $cred
Write-Log -Message "Starting qs-post-cfg.ps1"
### Waiting for Qlik Sense installation to complete
#-----------
Function restartQse
{
Write-Log "Checking Engine Service has started..."
$qse = get-service QlikSenseEngineService
write-log -Message "The engine is currently $($qse.Status)"
if ($qse.Status -eq "Stopped") {
Write-Log -Message "Starting Qlik Sense Engine and waiting 120 seconds" -Severity "Warn";
Start-Service QlikSenseEngineService ;
Restart-Service QlikSenseServiceDispatcher;
start-sleep -s 120
}
write-log -Message "The engine is currently $($qse.Status)"
}
Function connQSR
{
$i = 1
$statusCode = 0
while ($statusCode -ne 200 -and $i -le 10)
{
try {$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode }
catch
{
$i++
write-log -Message "QSR on $env:COMPUTERNAME not responding attempt $i of 10..." -Severity "Warn"
start-sleep -s 20
}
}
}
Function restartServices
{
write-log -Message "Restarting Qlik Sense Services on $env:COMPUTERNAME" -Severity "Warn"
Restart-Service QlikSenseRepositoryDatabase -Force
Restart-Service QlikLoggingService -Force
Restart-Service QlikSenseServiceDispatcher -Force
Restart-Service QlikSenseRepositoryService -Force
Restart-Service QlikSenseProxyService -Force
Restart-Service QlikSenseEngineService -Force
Restart-Service QlikSensePrintingService -Force
Restart-Service QlikSenseSchedulerService -Force
}
Function qlikSenseUserAccess
{
$userAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
$licenseId = Invoke-QlikPost "/qrs/License/UserAccessGroup" $userAccessGroup
$systemRuleJson = (@{
name = "Grant Everyone a token";
category = "License";
rule = '((user.name like "*"))';
type = "Custom";
resourceFilter = "License.UserAccessGroup_" + $licenseId.id;
actions = 1;
ruleContext = "QlikSenseOnly";
disabled = $false;
comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
Write-Log -Message "Adding user license rule to grant Everyone Tokens."
try {
Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
}
Function qlikSenseProfessionalAccess
{
$professionalAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
$licenseId = Invoke-QlikPost "/qrs/License/ProfessionalAccessGroup" $professionalAccessGroup
$systemRuleJson = (@{
name = "Grant Everyone Professional Access";
category = "License";
rule = '((user.name like "*"))';
type = "Custom";
resourceFilter = "License.ProfessionalAccessGroup_" + $licenseId.id;
actions = 1;
ruleContext = "QlikSenseOnly";
disabled = $false;
comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
Write-Log -Message "Adding user license rule to grant Everyone access as Professional."
try {
Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
}
#-----------
#write-log -Message "Waiting 1 minute for Qlik Sense installation to complete"
start-sleep -s 20
### wait for Qlik Sense Proxy service to respond with an HTTP 200 status before proceeding
connQSR
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200) {
Write-Log -Message "Waiting 25 seconds before next pass" -Severity "Warn"
restartServices
Write-Log -Message "Waiting 45 seconds for Services to ensure they are ready" -Severity "Warn"
start-sleep -s 45
connQSR
}
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200) {
Write-Log -Message "Provisioning failed" -Severity "Error"
Exit
}
Write-Log -Message "Qlik Sense Proxy responding on $env:COMPUTERNAME, status code: $statusCode"
Write-Log -Message "Connecting to Qlik Sense Repository Service on $env:COMPUTERNAME"
restartQse
### Connect to the Qlik Sense Repository Service with Qlik-Cli
do {write-log -Message "Connecting to Qlik Sense Repository"; start-sleep 15}
While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials -ErrorAction SilentlyContinue).length -eq 0 )
#$license = (Get-Content c:\provision\qlik-license.json -raw) | ConvertFrom-Json
#if ($server.sense.license -eq "token" ) {
# Write-Log -Message "Setting license: $($license.sense.serial)"
# try {
# Set-QlikLicense -serial $license.sense.serial -control $license.sense.control -name "$($license.sense.name)" -organization "$($license.sense.organization)" -lef "$($license.sense.lef)" | Out-Null
# } catch {
# Write-Log -Message $_.Exception.Message -Severity "Error"
# }
# qlikSenseUserAccess
#} else {
Write-Log -Message "Setting license: $($Serial)"
try {
#Set-QlikLicense -serial $license.sensepa.serial -control $license.sensepa.control -name "$($license.sensepa.name)" -organization "$($license.sensepa.organization)" -lef "$($license.sensepa.lef)" | Out-Null
Set-QlikLicense -serial $Serial -control $Control -name "Qlik Internal Professional Analyser" -organization "Qlik" | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
qlikSenseProfessionalAccess
#}
### Add the Qlik local user to Qlik Sense
$json = (@{userId = "qlik";
userDirectory = $env:COMPUTERNAME;
name = "qlik";
} | ConvertTo-Json -Compress -Depth 10 )
Write-Log -Message "Adding Qlik user."
try {
Invoke-QlikPost "/qrs/user" $json | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
### Grant Qlik user Root Admin
Write-Log "Granting Root Admin role to Qlik user"
try {
Update-QlikUser -id $(Get-QlikUser -full -filter "name eq 'qlik'").id -roles "RootAdmin" | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
restartQse
### Import scenario extensions
### Import shared-content extensions
### Import scenario applications
### Import shared-content applications
### Updating White List
### Enabling HTTP
Write-Log -Message "Enabling HTTP access on Central Node proxy"
try {
Get-QlikProxy -filter "serverNodeConfiguration.Name eq 'Central'" | Update-QlikProxy -AllowHttp 1 | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
Start-Sleep -s 10
### Install qlik-poc_com certificate
Write-Log -Message "Install qlik-poc_com certificate"
try {
$secpasswd = ConvertTo-SecureString $Certpassword -AsPlainText -Force
$sslCert=Import-PfxCertificate -FilePath C:/provision/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
Update-QlikProxy -SslBrowserCertificateThumbprint $sslCert.Thumbprint -id (Get-QlikProxy).id | Out-Null
Start-Sleep -s 10
Update-QlikVirtualProxy -id (Get-QlikVirtualProxy).id -websocketCrossOriginWhiteList $Hostname | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
Start-Sleep -s 10
Write-Log -Message "Exporting new certificates"
Export-QlikCertificate -machineNames "localhost" -includeSecretsKey -exportFormat "Windows"
Export-QlikCertificate -machineNames "localhost" -includeSecretsKey -exportFormat "Pem"
Export-QlikCertificate -machineNames $env:COMPUTERNAME -includeSecretsKey -exportFormat "Windows"
Export-QlikCertificate -machineNames $env:COMPUTERNAME -includeSecretsKey -exportFormat "Pem"

4
vm-qs2/scripts/readme.txt
View File

@@ -1,4 +0,0 @@
CarbonBlackClientSetup.exe Standalone Installer archive for group 'Default Group'
Sensor will connect to: https://sensors.loving-crow.my.carbonblack.io:443
Extract the contents of this archive before running the installer!

154
vm-qs2/scripts/sharepoint-pnp/Import_From_SharePoint.ps1
View File

@@ -1,154 +0,0 @@
Function DownloadFilesFromOneDrive() {
Process{
Add-Type -AssemblyName System.Web
try {
# --- Ask for URL and parse it
$uri = Read-Host -Prompt 'SharePoint Url'
$decodedURL = [System.Web.HttpUtility]::UrlDecode($uri)
$decoded = [uri] $decodedURL
$url = "$($decoded.Scheme)://$($decoded.Host)$($decoded.AbsolutePath)"
# ---- Get 'id' param from URL
$ParsedQueryString = [System.Web.HttpUtility]::ParseQueryString($decoded.Query)
$i = 0
$folderSiteRelativeUrl = ""
foreach($QueryStringObject in $ParsedQueryString){
if ( $QueryStringObject -eq "id" ) {
$folderSiteRelativeUrl = $ParsedQueryString[$i]
break
}
$i++
}
$ParamId = $folderSiteRelativeUrl
$decoded.Segments | ForEach-Object {
[regex]$pattern = $_
$ParamId = $pattern.replace($ParamId, "", 1)
}
Write-Host "FolderSiteRelativeUrl: $ParamId"
# ----
# --- Get OneDrive credentials and Connect
$credentials = Get-Credential -Message "SharePoint login:" -UserName "<trigram>@qlik.com"
Connect-PnPOnline -Url $url -Credentials $credentials
# ---
# Create folders and download files from OneDrive
New-Item -Path "C:\Temp" -Name "qs-import" -ItemType "directory" -Force | Out-Null
$files = Get-PnPFolderItem -FolderSiteRelativeUrl $ParamId -ItemType File -Recursive | select ServerRelativeUrl,Name,TypedObject
$files | ForEach-Object {
# Create folder
$replacedPath = $($_.ServerRelativeUrl).Replace($folderSiteRelativeUrl,"")
$folderName = Split-Path -Path $replacedPath
New-Item -Path "C:\Temp\qs-import" -Name $folderName -ItemType "directory" -Force | Out-Null
# Download file into folder
Write-Host "Downloading file: '$($_.ServerRelativeUrl)'"
Get-PnPFile -Url $($_.ServerRelativeUrl) -Path "C:\Temp\qs-import$folderName" -AsFile -Force
}
} catch {
Write-Host $_.Exception.Message -ForegroundColor Red
}
}
}
Function restartQse {
Write-Host "Checking Engine Service has started..."
$qse = Get-Service QlikSenseEngineService
Write-Host "The engine is currently $($qse.Status)"
if ($qse.Status -eq "Stopped") {
Write-Host "Starting Qlik Sense Engine and waiting 60 seconds";
Start-Service QlikSenseEngineService;
Restart-Service QlikSenseServiceDispatcher;
start-sleep -s 60
}
Write-Host "The engine is currently $($qse.Status)"
}
# START HERE
DownloadFilesFromOneDrive
Import-Module Qlik-Cli
### Connect to the Qlik Sense Repository Service with Qlik-Cli
do {
Write-Host "--- Connecting to Qlik Sense Repository"; start-sleep 5
}
While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials -ErrorAction SilentlyContinue).length -eq 0 )
### Import scenario extensions
Write-Host "Importing extensions from C:\Temp\qs-import\Extensions"
if ( Test-Path "C:\Temp\qs-import\Extensions" ) {
gci C:\\Temp\\qs-import\\Extensions\\*.zip | foreach {
try {
Write-Host "Importing $_";
Import-QlikExtension -ExtensionPath $_.FullName | Out-Null
} catch {
Write-Host $_.Exception.Message -ForegroundColor Red
}
}
}
### Import scenario applications
Write-Host "Connecting as user Qlik to QRS"
try {
$cert = "CN=$env:COMPUTERNAME-ca"
gci cert:\CurrentUser\My | where {$_.issuer -eq $cert} | Connect-Qlik -username "$env:COMPUTERNAME\qlik" | Out-Null
} catch {
Write-Host $_.Exception.Message -ForegroundColor Red
}
Write-Host "Importing applications from C:\Temp\qs-import\Apps"
If (Test-Path "C:\Temp\qs-import\Apps\") {
gci C:\\Temp\\qs-import\\Apps\\*.qvf | foreach {
try {
Write-Host "Importing $_";
Import-QlikApp -name $_.BaseName -file $_.FullName -upload | Out-Null
} catch {
Write-Host $_.Exception.Message -ForegroundColor Red
}
}
}
restartQse
$apps = gci C:\Temp\qs-import\Apps\ -Directory
foreach ($subDirectory in $apps) {
# $encodeDirectory = [System.Web.HttpUtility]::UrlEncode($subDirectory);
$streams = $(Get-QlikStream -filter "name eq '$($subDirectory)'").name
if ( $streams -ne $subDirectory ) {
Write-Host "Creating $subDirectory stream"
New-QlikStream $subDirectory | Out-Null;
$streamId = $(Get-QlikStream -filter "name eq '$($subDirectory)'").id
$systemRuleJson = (@{
name = "Grant everyone access to $subDirectory";
category = "Security";
rule = '((user.name like "*"))';
type = "Custom";
resourceFilter = "Stream_$streamId";
actions = 34;
ruleContext = "QlikSenseOnly";
disabled = $false;
comment = "Stream access";} | ConvertTo-Json -Compress -Depth 10)
Write-Host "Creating $subDirectory System Rule"
Invoke-QlikPost "/qrs/systemrule" $systemRuleJson | Out-Null
}
$files = gci C:\Temp\qs-import\Apps\$subDirectory\*.qvf -File
foreach ($file in $files) {
$streamId = $(Get-QlikStream -filter "name eq '$($subDirectory)'").id
# $encode = [System.Web.HttpUtility]::UrlEncode($file.BaseName)
Write-Host "Importing $($file)";
Import-QlikApp -name $file.BaseName -file $file.FullName -upload | Out-Null;
Write-Host "Publishing $($file.BaseName) to $($subDirectory)";
Publish-QlikApp -id $(Get-QlikApp -filter "name eq '$($file.BaseName)'").id -stream $streamId -name $file.BaseName | Out-Null
}
}

80
vm-qs2/scripts/sharepoint-pnp/README-Import_From_SharePoint.txt
View File

@@ -1,80 +0,0 @@
Hi there!
Do you have a set of extensions and apps that you always use for your Qlik Sense demos?
You can import these Apps and Extensions right away into Qlik Sense using the script 'Import_From_SharePoint.ps1' you'll find on the Desktop.
HOW TO
======
1. Navigate to Qlik SharePoint online: https://qliktechnologies365-my.sharepoint.com
Here you need a folder with this structure:
Your_Folder
- Extensions
- extension1.zip
- extension2.zip
...
- Apps
- app1.qvf
- app2.qvf
- SubFolder1
- app3.qvf
- SubFolder2
- app4.qvf
...
2. Navigate into that folder in your browser.Then copy the entire Url from the browser. It should look something similar to this:
https://qliktechnologies365-my.sharepoint.com/personal/<YOUR_TRIGRAM>_qlik_com1/_layouts/15/onedrive.aspx?id=<SOME STUFF HERE>
Copy the whole URL!!
3. RDP with user 'qmi' into the VM that runs Qlik Sense (important! with user 'qmi').
4. On the Desktop, right click on 'Import_From_SharePoint.ps1' and select 'Run with powershell'.
5. You'll be asked to enter the 'SharePoint Url'. Paste the url from 2.)
6. You'll be asked 'SharePoint login'. Enter your username as trigram@qlik.com and password.
7. That's it!
It will download the content and import the Extensions and Apps (and create streams out of 'SubFolderX') in Qlik Sense.
Enjoy!!!

9
vm-qs2/scripts/sharepoint-pnp/install.ps1
View File

@@ -1,9 +0,0 @@
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$msiDownload = "https://github.com/pnp/PnP-PowerShell/releases/download/3.22.2006.0/SharePointPnPPowerShellOnline.msi"
Invoke-WebRequest -Uri $msiDownload -OutFile "C:\Temp\SharePointPnPPowerShellOnline.msi"
Start-Process "msiexec.exe" -Wait -ArgumentList '/I C:\Temp\SharePointPnPPowerShellOnline.msi /quiet'
Copy-Item -Path $PSScriptRoot\Import_From_SharePoint.ps1 -Destination C:\Users\Public\Desktop\ -Force
Copy-Item -Path $PSScriptRoot\README-Import_From_SharePoint.txt -Destination C:\Users\Public\Desktop\ -Force

227
vm-qs2/scripts/webconnectors/deploy.config
View File

@@ -1,227 +0,0 @@
<Deploy>
<!--
You will need to restart Qlik Web Connectors if you make changes to this file.
-->
<!--
*************************************************************************
Settings between these lines are supported in current version.
-->
<Port>5555</Port>
<Authentication>
<!--
Set to
None
This will run Qlik Web Connectors without any concept of users or access tokens, which have been
introduced in the new web version to support users accessing the application from separate machines.
This is the quickest and easiest way to get up and running and if used in conjunction with
AllowRemoteAccess set to false is a straight swap in replacement for the WinForms edition.
or
FormsAuthentication
Use this value if you would like users to sign in to Qlik Web Connectors from other machines and be able to
generate load scripts which are secured with an access token and whitelisted IP addresses.
-->
<Type>None</Type>
<FormsAuthentication>
<CryptographyConfiguration>
<!--
These values are used when encrypting the authentication cookies used for maintaining
a users logged in status with Forms authentication.
-->
<RijndaelEncryptionProvider_Passphrase>SuperSecretPass123</RijndaelEncryptionProvider_Passphrase>
<DefaultHmacProvider_Passphrase>UberSuperSecure123</DefaultHmacProvider_Passphrase>
</CryptographyConfiguration>
<!--
The PasswordChecker element should contain one of the following. SaltedPBKDF2SHA1PasswordChecker
is recommended as it is the most secure. Setting the EnableUserManagement element to true and
using the inbuilt UI to manage users is also recommended.
PlainTextPasswordChecker - User XML element should contain a Password element containing plain text password.
SHA512PasswordChecker - User XML element should contain a PasswordHash element containing UTF8 SHA512 base 64 encoded password hash.
SaltedPBKDF2SHA1PasswordChecker - Uses a salted hash (RECOMMENDED).
-->
<PasswordChecker>PlainTextPasswordChecker</PasswordChecker>
</FormsAuthentication>
</Authentication>
<Proxy>
<UseProxy>false</UseProxy>
<ProxyAddress></ProxyAddress>
<ProxyUsername></ProxyUsername>
<ProxyDomain></ProxyDomain>
<ProxyPassword></ProxyPassword>
</Proxy>
<!--
Whether to allow access from remote machines (i.e. non localhost).
-->
<AllowRemoteAccess>true</AllowRemoteAccess>
<!--
******************************************************************************************************
********** This replaces the <AllowConnectorsFileSystemAccess> element in previous versions **********
******************************************************************************************************
Some connectors can read/write to disk, this element lets you whitelist which paths the connectors are permitted to access.
Notes:
* Multiple paths should be delimited with a semicolon (;).
* If you want to white list ALL paths use a *
* This setting applies across all connectors.
* The account running the connector exe must also have permission to access any file in question.
* Leaving it empty is equivalent to denying the connectors file system access.
Some Examples:
<FileSystemAccessAllowedPaths>c:\QWC\TempFiles;c:\SomeOtherDirectory</FileSystemAccessAllowedPaths>
<FileSystemAccessAllowedPaths>c:\</FileSystemAccessAllowedPaths>
<FileSystemAccessAllowedPaths>*</FileSystemAccessAllowedPaths>
-->
<FileSystemAccessAllowedPaths></FileSystemAccessAllowedPaths>
<ConnectorConfig>
<!-- Some connectors have connector specific configuration options which are managed here -->
<Connector>
<WebConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</WebConnector>
<SugarCRMConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</SugarCRMConnector>
<TextAnalyser_RepustateConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</TextAnalyser_RepustateConnector>
<MSCRMConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</MSCRMConnector>
<MSCRMConnectorV2>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</MSCRMConnectorV2>
<ODataConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</ODataConnector>
<JIRAConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</JIRAConnector>
<SMTPConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</SMTPConnector>
<MailboxIMAPConnector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</MailboxIMAPConnector>
<MailboxPOP3Connector>
<AllowLocalHostAccess>true</AllowLocalHostAccess>
</MailboxPOP3Connector>
</Connector>
</ConnectorConfig>
<!-- Valid values: Off, Error, Warn, Info, Trace - We would recommend you have at least Error set. -->
<LoggingLevel>Info</LoggingLevel>
<!-- This shows the user management API and enables the API which supports it. -->
<EnableUserManagement>true</EnableUserManagement>
<!--
This is the name used in the generated load script.
This is set automatically to localhost or machine name depending on your
other settings but you can also override it here (if AllowRemoteAccess is set
to true).
-->
<HostnameOverride></HostnameOverride>
<!--
Default allowed IP addresses for new users.
From most to least secure:
<empty>
<comma separated list of ip addresses>
{current_ip_address}
any
-->
<DefaultAllowedIpAddresses></DefaultAllowedIpAddresses>
<RequireSSL>false</RequireSSL>
<!--
Settings between these lines are supported in current version.
*************************************************************************
-->
<!--
*************************************************************************
We would not recommend editing the following settings at present.
-->
<Theme>default</Theme>
<CompressHTTP>true</CompressHTTP>
<!--
Comma separated List of Connector IDs to be excluded from this deployment.
They will be shown in the connector list but if you try to use them an error will occur.
-->
<DisabledConnectors></DisabledConnectors>
<!--
Set this to limit the maximum number of rows which will be generated for a request in
the UI. This can help improve performance. Note at present you may still get more rows
than this but this system will attempt to cancel any more API requests after this
threshold is reached.
Set to 0 to ignore this.
-->
<MaxRowsInUI>5000</MaxRowsInUI>
<Providers>
<!--
Only used for forms auth.
-->
<FormsUsers provider="FileBasedFormsUsersProvider" config="{app_root}/logins.xml"></FormsUsers>
<!--
User specific data, for both connector configuration and global
Implementation of APIConnectorInterfaces.Interfaces.Connector_Services.ISettingsStorer
Which takes a config string in the constructor.
-->
<UserSettings provider="FileBasedSettingsProvider" config="{app_root}/App_Data/{user_id}/UserSettings.xml"></UserSettings>
<!--
Connector settings for a specific user.
-->
<ConnectorSettings provider="FileBasedSettingsProvider" config="{app_root}/App_Data/{user_id}/ConnectorSettings.xml"></ConnectorSettings>
<!--
User specific log implementation. Note that the logging level is currently set using
the LoggingLevel element in deploy.config and if this is set to Off it will also
override this setting.
-->
<UserLogs enabled="true" provider="FileBasedLogger" config="{app_root}/App_Data/{user_id}/Logs"></UserLogs>
<!--
System wide log implementation. Note that the logging level is currently set using
the LoggingLevel element in deploy.config and if this is set to Off it will also
override this setting.
-->
<GlobalLogs enabled="true" provider="FileBasedLogger" config="{app_root}/App_Data/Logs"></GlobalLogs>
<!--
User specific API call logger.
-->
<UserAPICallLogs enabled="true" provider="FileBasedLogger" config="{app_root}/App_Data/{user_id}/Logs/APICalls"></UserAPICallLogs>
<!--
User specific cached data Implementation of APIConnectorInterfaces.Interfaces.Connector_Services.ICache
Which takes a config string in the constructor.
-->
<Cache provider="FileBasedCacheProvider" config="{app_root}/App_Data/{user_id}/{connector_id}_Cache/"></Cache>
</Providers>
</Deploy>

50
vm-qs2/scripts/webconnectors/q-WebConnectors.ps1
View File

@@ -1,50 +0,0 @@
<#
Module: q-WebConnectors
Author: Clint Carr
Modified by: Byron Ainsworth
Clint Carr
last updated: 05/30/2019
Modification History:
- Updated to May 2019
- Added code to accept EULA
- Added code to license premium web connectors
- Added code to enable beta connectors and sensitive content
- Added comments
Intent: Acquire, install and configure Qlik Web Connectors
Dependencies:
- Addition of LicenseSetttings.xml and UserSettings.xml to c:\shared-content\files\QlikWebConnectors\
#>
Param(
[string] $DownloadURL = "https://da3hntz84uekx.cloudfront.net/WebConnectors/2.77.1/0/_MSI/QlikWebConnectorsMarch2020.zip"
)
if(!(Test-Path c:\qmi\QMIError)){
Write-Log -Message "Starting q-WebConnectors"
### Download Connectors
Write-Log -Message "Downloading Web Connectors"
(New-Object System.Net.WebClient).DownloadFile($DownloadURL, "$env:USERPROFILE\Downloads\QlikWebConnectors.zip")
Expand-Archive $env:USERPROFILE\Downloads\QlikWebConnectors.zip "c:\qlikWebConnectors\" -force
### Allowing non local access to connectors
Write-Log -Message "Allowing local host connection to connectors and non-localhost access to Connector URL."
copy-item "$PSScriptRoot\deploy.config" "c:\qlikWebConnectors\" -Force
### Creating QlikWebConnectors Service
Write-Log -Message "Creating Windows Service QlikWebConnectors"
sc.exe create QlikWebConnectors binpath="c:\qlikWebConnectors\QlikWebConnectorsSVC.exe" start= auto | Out-Null
### Starting QlikWebConnectors Service
write-Log -Message "Starting QlikWebConnectors Service"
start-service QlikWebConnectors | Out-Null
### License Web Connectors
#Write-Log -Message "Licensing Premium Connectors"
#copy-item "$PSScriptRoot\LicenceSettings.xml" "c:\qlikWebConnectors\App_Data\LicenceSettings.xml" -Force
#copy-item "$PSScriptRoot\UserSettings.xml" "c:\qlikWebConnectors\App_Data\DEFAULT0-0000-0000-0000-000000000000\UserSettings.xml" -Force
### Start service
#write-Log -Message "Restarting QlikWebConnectors Service"
#restart-service QlikWebConnectors | Out-Null
}

43
vm-qs2/variables.tf
View File

@@ -1,43 +0,0 @@
variable "prefix" {
description = "The Prefix used for all resources in this example"
default = "QMI-QS"
}
variable "subnet_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-VM-Deployments"
}
variable "location" {
default = "East US"
}
variable "image_reference" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Compute/images/qliksense-base-feb20-2"
}
variable "resource_group_name" {
}
variable "vm_type" {
default = "Standard_D4s_v3"
}
variable "managed_disk_type" {
default = "Premium_LRS"
}
variable "disk_size_gb" {
default = "128"
}
variable "admin_username" {
default = "qmi"
}
variable "user_id" {
}
variable "key_vault_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.KeyVault/vaults/qmisecrets"
}