jprdonnelly/qmi-cloud-tf-modules
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: jprdonnelly:dbricks
Branches Tags
jprdonnelly:master jprdonnelly:dev jprdonnelly:unity jprdonnelly:qseastus jprdonnelly:dbricks jprdonnelly:qsgen jprdonnelly:synapse jprdonnelly:Prabu.selvam-master-patch-11592 jprdonnelly:dev2 jprdonnelly:qdc jprdonnelly:qdcfromsnap jprdonnelly:QCS-IP-Fix jprdonnelly:RDS-Fix
..
compare: jprdonnelly:QCS-IP-Fix
Branches Tags
jprdonnelly:dev jprdonnelly:master jprdonnelly:unity jprdonnelly:qseastus jprdonnelly:dbricks jprdonnelly:qsgen jprdonnelly:synapse jprdonnelly:Prabu.selvam-master-patch-11592 jprdonnelly:dev2 jprdonnelly:qdc jprdonnelly:qdcfromsnap jprdonnelly:QCS-IP-Fix jprdonnelly:RDS-Fix

1 Commits
dbricks ... QCS-IP-Fix

Author SHA1 Message Date
ChrisLopez
2873e29c85 Fixed missing /32 2021-10-01 11:24:46 +01:00
302 changed files with 30592 additions and 25280 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

67
adls/main.tf
View File

@@ -1,67 +0,0 @@
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 5
}
resource "azurerm_storage_account" "saccount" {
name = var.storage_account_name != null? var.storage_account_name : "qmiadlsgen2${random_id.randomMachineId.hex}"
resource_group_name = var.resource_group_name
location = var.location
account_kind = "StorageV2"
account_tier = "Standard"
access_tier = "Hot"
account_replication_type = "RAGRS"
is_hns_enabled = "true"
tags = var.tags
}
resource "azurerm_storage_container" "scontainer" {
name = var.container_name != null? var.container_name : "qmicontainer"
storage_account_name = azurerm_storage_account.saccount.name
#container_access_type = "container"
}
resource "azurerm_role_assignment" "data-contributor-role" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Contributor"
principal_id = var.tpm_app_registration_principal_id
}
resource "azurerm_role_assignment" "data-contributor-role2" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = var.tpm_app_registration_principal_id
}
resource "azurerm_role_assignment" "data-contributor-dbricksapp1" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Contributor"
principal_id = var.dbricks_app_registration_principal_id
}
resource "azurerm_role_assignment" "data-contributor-dbricksapp2" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = var.dbricks_app_registration_principal_id
}
###### EXTRA ASSIGN ROLE #######
resource "azurerm_role_assignment" "machine_role_assignment" {
count = var.principal_id_storage_blob_contributor != null? 1 : 0
scope = azurerm_storage_account.saccount.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = var.principal_id_storage_blob_contributor
}

35
adls/outputs.tf
View File

@@ -1,35 +0,0 @@
output "StorageAccount-Scope" {
value = azurerm_storage_account.saccount.id
}
output "StorageAccount-AccessKey" {
value = nonsensitive(azurerm_storage_account.saccount.primary_access_key)
}
output "StorageAccount-ConnectionString" {
value = nonsensitive(azurerm_storage_account.saccount.primary_connection_string)
}
output "StorageAccount-Name" {
value = azurerm_storage_account.saccount.name
}
output "StorageAccount-ContainerName" {
value = azurerm_storage_container.scontainer.name
}
output "StorageAccount-ContainerId" {
value = azurerm_storage_container.scontainer.id
}
output "Azure_Active_Directory_Tenant_ID" {
value = "c21eeb5f-f5a6-44e8-a997-124f2f7a497c"
}
output "Azure_Application_Registration_Client_ID" {
value = var.dbricks_app_registration_application_id
}
output "Azure_Application_Registration_Secret" {
value = "~qp8Q~utl~YJ3skNM9kAuq25VY~rKxxOWpaVYcnQ"
}

38
adls/variable.tf
View File

@@ -1,38 +0,0 @@
variable "resource_group_name" {
}
variable "location" {
description = "The Azure Region in which the resources in this example should exist"
default = "East US"
}
variable "storage_account_name" {
default = null
}
variable "container_name" {
default = null
}
variable "tags" {
default = null
}
variable "tpm_app_registration_principal_id" {
description = "tpm"
default = "163a72e3-8ce3-4e33-baae-954383f87e3e"
}
variable "dbricks_app_registration_principal_id" {
description = "databricks-qmi"
default = "efeee17c-d2b3-4e7c-a163-9995b7d281e2"
}
variable "dbricks_app_registration_application_id" {
description = "databricks-qmi"
default = "9ccb0d99-3bba-4695-aa47-df77bf512084"
}
variable "principal_id_storage_blob_contributor" {
default = null
}

20
appgateways/appgw-443-only/main.tf
View File

@@ -13,8 +13,14 @@ locals {
redirect_configuration_80 = "${var.appgw_hostname}-80redirect" redirect_configuration_80 = "${var.appgw_hostname}-80redirect"
} }
data "azurerm_key_vault_certificate" "qmi-cert" { data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-cert" name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id key_vault_id = var.key_vault_id
} }
@@ -39,11 +45,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
resource_group_name = var.app_gw_rg resource_group_name = var.app_gw_rg
location = var.location location = var.location
identity {
type = "UserAssigned"
identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
}
tags = { tags = {
Deployment = "QMI PoC" Deployment = "QMI PoC"
"Cost Center" = "3100" "Cost Center" = "3100"
@@ -86,7 +87,8 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
ssl_certificate { ssl_certificate {
name = var.cert_name name = var.cert_name
key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
} }
ssl_policy { ssl_policy {
@@ -151,7 +153,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_https http_listener_name = local.listener_name_https
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_443 backend_http_settings_name = local.http_setting_name_443
priority = 1
} }
@@ -168,7 +169,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
rule_type = "Basic" rule_type = "Basic"
http_listener_name = local.listener_name_http http_listener_name = local.listener_name_http
redirect_configuration_name = local.redirect_configuration_80 redirect_configuration_name = local.redirect_configuration_80
priority = 2
} }
} }

2
appgateways/appgw-443-only/output.tf
View File

@@ -11,5 +11,5 @@ output "appgw_public_ip" {
} }
output "appgw_backend_address_pool_0_id" { output "appgw_backend_address_pool_0_id" {
value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).0.id value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
} }

26
appgateways/appgw-e2e/main.tf
View File

@@ -45,8 +45,14 @@ locals {
} }
data "azurerm_key_vault_certificate" "qmi-cert" { data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-cert" name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id key_vault_id = var.key_vault_id
} }
@@ -71,11 +77,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
resource_group_name = var.app_gw_rg resource_group_name = var.app_gw_rg
location = var.location location = var.location
identity {
type = "UserAssigned"
identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
}
tags = { tags = {
Deployment = "QMI PoC" Deployment = "QMI PoC"
"Cost Center" = "3100" "Cost Center" = "3100"
@@ -204,7 +205,8 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
ssl_certificate { ssl_certificate {
name = var.cert_name name = var.cert_name
key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
} }
ssl_policy { ssl_policy {
@@ -416,7 +418,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_https http_listener_name = local.listener_name_https
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_443 backend_http_settings_name = local.http_setting_name_443
priority = 1
} }
@@ -427,7 +428,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_8443 http_listener_name = local.listener_name_8443
backend_address_pool_name = local.backend_address_pool_qdc backend_address_pool_name = local.backend_address_pool_qdc
backend_http_settings_name = local.http_setting_name_8443 backend_http_settings_name = local.http_setting_name_8443
priority = 2
} }
# NPrinting routing rules # NPrinting routing rules
@@ -437,7 +437,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4993 http_listener_name = local.listener_name_4993
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4993 backend_http_settings_name = local.http_setting_name_4993
priority = 3
} }
request_routing_rule { request_routing_rule {
name = local.request_routing_rule_4994 name = local.request_routing_rule_4994
@@ -445,7 +444,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4994 http_listener_name = local.listener_name_4994
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4994 backend_http_settings_name = local.http_setting_name_4994
priority = 4
} }
@@ -455,7 +453,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4552 http_listener_name = local.listener_name_4552
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4552 backend_http_settings_name = local.http_setting_name_4552
priority = 5
} }
@@ -466,7 +463,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4435 http_listener_name = local.listener_name_4435
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4435 backend_http_settings_name = local.http_setting_name_4435
priority = 6
} }
@@ -483,7 +479,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
rule_type = "Basic" rule_type = "Basic"
http_listener_name = local.listener_name_http http_listener_name = local.listener_name_http
redirect_configuration_name = local.redirect_configuration_80 redirect_configuration_name = local.redirect_configuration_80
priority = 7
} }
# Redirect QDC 8080 to 8443 # Redirect QDC 8080 to 8443
@@ -499,7 +494,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
rule_type = "Basic" rule_type = "Basic"
http_listener_name = local.listener_name_8080 http_listener_name = local.listener_name_8080
redirect_configuration_name = local.redirect_configuration_8080 redirect_configuration_name = local.redirect_configuration_8080
priority = 8
} }
} }

2
appgateways/appgw-e2e/variables.tf
View File

@@ -24,7 +24,7 @@ variable "app_gw_subnet" {
} }
variable "log_analytics_workspace_id" { variable "log_analytics_workspace_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/appgw_rg/providers/Microsoft.OperationalInsights/workspaces/qmi-log-analytics" default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourcegroups/appgw_rg/providers/microsoft.operationalinsights/workspaces/qmi-log-analytics"
} }
variable "cert_name" { variable "cert_name" {

24
appgateways/appgw-qdc-qs/main.tf
View File

@@ -37,8 +37,14 @@ locals {
} }
data "azurerm_key_vault_certificate" "qmi-cert" { data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-cert" name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id key_vault_id = var.key_vault_id
} }
@@ -64,11 +70,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
resource_group_name = var.app_gw_rg resource_group_name = var.app_gw_rg
location = var.location location = var.location
identity {
type = "UserAssigned"
identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
}
tags = { tags = {
Deployment = "QMI PoC" Deployment = "QMI PoC"
"Cost Center" = "3100" "Cost Center" = "3100"
@@ -188,7 +189,8 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
ssl_certificate { ssl_certificate {
name = var.cert_name name = var.cert_name
key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
} }
ssl_policy { ssl_policy {
@@ -357,7 +359,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_https http_listener_name = local.listener_name_https
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_443 backend_http_settings_name = local.http_setting_name_443
priority = 1
} }
@@ -368,7 +369,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_8443 http_listener_name = local.listener_name_8443
backend_address_pool_name = local.backend_address_pool_qdc backend_address_pool_name = local.backend_address_pool_qdc
backend_http_settings_name = local.http_setting_name_8443 backend_http_settings_name = local.http_setting_name_8443
priority = 2
} }
# NPrinting routing rules # NPrinting routing rules
@@ -378,7 +378,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4993 http_listener_name = local.listener_name_4993
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4993 backend_http_settings_name = local.http_setting_name_4993
priority = 3
} }
request_routing_rule { request_routing_rule {
name = local.request_routing_rule_4994 name = local.request_routing_rule_4994
@@ -386,7 +385,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4994 http_listener_name = local.listener_name_4994
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4994 backend_http_settings_name = local.http_setting_name_4994
priority = 4
} }
# QIB routing rule # QIB routing rule
@@ -396,7 +394,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4435 http_listener_name = local.listener_name_4435
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4435 backend_http_settings_name = local.http_setting_name_4435
priority = 5
} }
@@ -413,7 +410,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
rule_type = "Basic" rule_type = "Basic"
http_listener_name = local.listener_name_http http_listener_name = local.listener_name_http
redirect_configuration_name = local.redirect_configuration_80 redirect_configuration_name = local.redirect_configuration_80
priority = 6
} }
} }

444
appgateways/appgw-qdc-qs/main.tfold Normal file
View File

@@ -0,0 +1,444 @@
locals {
appgw_hostname = "${var.appgw_hostname}.${var.domain}"
appgw_name = "qmi-appgw-qdc-qs"
# Qlik Sense
backend_address_pool_qs = "${var.appgw_hostname}-qs-bp"
http_setting_name_443 = "${var.appgw_hostname}-http-setting"
listener_name_http = "${var.appgw_hostname}-http"
listener_name_https = "${var.appgw_hostname}-https"
qs_probe_name = "${var.appgw_hostname}-probe"
request_routing_rule_https = "${var.appgw_hostname}-https-rule"
request_routing_rule_http = "${var.appgw_hostname}-http-rule"
redirect_configuration_80 = "${var.appgw_hostname}-80redirect"
# NPrinting
http_setting_name_4993 = "${var.appgw_hostname}-4993-setting"
http_setting_name_4994 = "${var.appgw_hostname}-4994-setting"
listener_name_4993 = "${var.appgw_hostname}-4993"
listener_name_4994 = "${var.appgw_hostname}-4994"
request_routing_rule_4993 = "${var.appgw_hostname}-4993-rule"
request_routing_rule_4994 = "${var.appgw_hostname}-4994-rule"
# QIB
http_setting_name_4435 = "${var.appgw_hostname}-4435-setting"
qs_probe_name_4435 = "${var.appgw_hostname}-probe-4435"
listener_name_4435 = "${var.appgw_hostname}-4435"
request_routing_rule_4435 = "${var.appgw_hostname}-4435-rule"
# QDC
backend_address_pool_qdc = "${var.appgw_hostname}-qdc-bp"
http_setting_name_8443 = "${var.appgw_hostname}-8443-setting"
qdc_probe_name = "${var.appgw_hostname}-qdcprobe"
listener_name_8080 = "${var.appgw_hostname}-8080"
listener_name_8443 = "${var.appgw_hostname}-8443"
request_routing_rule_8443 = "${var.appgw_hostname}-8443-rule"
request_routing_rule_8080 = "${var.appgw_hostname}-8080-rule"
redirect_configuration_8080 = "${var.appgw_hostname}-8080redirect"
}
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id
}
resource "azurerm_public_ip" "appgw-ip" {
name = "${local.appgw_name}-ip-${var.provision_id}"
resource_group_name = var.app_gw_rg
sku = "Standard"
location = var.location
allocation_method = "Static"
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
}
resource "azurerm_application_gateway" "qmi-app-gw" {
name = "${local.appgw_name}-${var.provision_id}"
resource_group_name = var.app_gw_rg
location = var.location
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
sku {
name = "WAF_v2"
tier = "WAF_v2"
capacity = 1
}
gateway_ip_configuration {
name = "app-gw-subnet"
subnet_id = var.app_gw_subnet
}
waf_configuration {
enabled = true
firewall_mode = "Prevention"
rule_set_type = "OWASP"
rule_set_version = "3.0"
file_upload_limit_mb = "500"
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Equals"
selector = "qvla_invite"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "parsely"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "mixpanel"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "optimizely"
}
exclusion {
match_variable = "RequestArgNames"
selector_match_operator = "Equals"
selector = "reloadUri"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "NPWEBCONSOLE"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "NPNEWSSTAND"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "Vizlib"
}
# This is needed for NPrinting
/*disabled_rule_group {
rule_group_name = "REQUEST-920-PROTOCOL-ENFORCEMENT"
rules = ["920270", "920271"]
}*/
}
# Qlik Sense fe ports
frontend_port {
name = "443"
port = 443
}
frontend_port {
name = "80"
port = 80
}
# NPrinting fe ports
frontend_port {
name = "4993"
port = 4993
}
frontend_port {
name = "4994"
port = 4994
}
# QIB fe ports
frontend_port {
name = "4435"
port = 4435
}
# QDC fe ports
frontend_port {
name = "8443"
port = 8443
}
frontend_port {
name = "8080"
port = 8080
}
frontend_ip_configuration {
name = "app-gw-front-end-ip-config"
public_ip_address_id = azurerm_public_ip.appgw-ip.id
}
ssl_certificate {
name = var.cert_name
password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
}
ssl_policy {
policy_type = "Predefined"
policy_name = "AppGwSslPolicy20170401"
}
# Backend pool for QS, QIB and NP
backend_address_pool {
name = local.backend_address_pool_qs
}
# Backend pool for QDC
backend_address_pool {
name = local.backend_address_pool_qdc
}
# Qlik Sense
backend_http_settings {
name = local.http_setting_name_443
cookie_based_affinity = "Disabled"
port = 443
protocol = "Https"
request_timeout = 7600
probe_name = local.qs_probe_name
}
# NPrinting
backend_http_settings {
name = local.http_setting_name_4993
cookie_based_affinity = "Disabled"
port = 4993
protocol = "Https"
request_timeout = 7600
probe_name = local.qs_probe_name
}
backend_http_settings {
name = local.http_setting_name_4994
cookie_based_affinity = "Disabled"
port = 4994
protocol = "Https"
request_timeout = 7600
probe_name = local.qs_probe_name
}
# QIB
backend_http_settings {
name = local.http_setting_name_4435
cookie_based_affinity = "Disabled"
port = 4435
protocol = "Https"
request_timeout = 7600
probe_name = local.qs_probe_name_4435
}
# QDC
backend_http_settings {
name = local.http_setting_name_8443
cookie_based_affinity = "Disabled"
port = 8080
protocol = "Http"
request_timeout = 7600
probe_name = local.qdc_probe_name
}
# QS Prob
probe {
name = local.qs_probe_name
protocol = "Https"
host = local.appgw_hostname
interval = 30
path = "/"
timeout = 30
unhealthy_threshold = 3
}
# QDC Prob
probe {
name = local.qdc_probe_name
protocol = "Http"
host = local.appgw_hostname
interval = 30
path = "/qdc"
timeout = 30
unhealthy_threshold = 3
}
# QIB Probe
probe {
name = local.qs_probe_name_4435
protocol = "Https"
host = local.appgw_hostname
interval = 30
path = "/"
timeout = 30
unhealthy_threshold = 3
match {
status_code = ["200-401"]
}
}
# Qlik Sense listener
http_listener {
name = local.listener_name_https
host_name = local.appgw_hostname
ssl_certificate_name = var.cert_name
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "443"
protocol = "Https"
}
http_listener {
name = local.listener_name_http
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "80"
protocol = "Http"
}
# NPrinting listeners
http_listener {
name = local.listener_name_4993
ssl_certificate_name = var.cert_name
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "4993"
protocol = "Https"
}
http_listener {
name = local.listener_name_4994
ssl_certificate_name = var.cert_name
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "4994"
protocol = "Https"
}
# QIB listener
http_listener {
name = local.listener_name_4435
ssl_certificate_name = var.cert_name
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "4435"
protocol = "Https"
}
# QDC listeners
http_listener {
name = local.listener_name_8443
ssl_certificate_name = var.cert_name
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "8443"
protocol = "Https"
}
http_listener {
name = local.listener_name_8080
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "8080"
protocol = "Http"
}
# Qlik Sense routing rules
request_routing_rule {
name = local.request_routing_rule_https
rule_type = "Basic"
http_listener_name = local.listener_name_https
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_443
}
# QDC routing rules
request_routing_rule {
name = local.request_routing_rule_8443
rule_type = "Basic"
http_listener_name = local.listener_name_8443
backend_address_pool_name = local.backend_address_pool_qdc
backend_http_settings_name = local.http_setting_name_8443
}
# NPrinting routing rules
request_routing_rule {
name = local.request_routing_rule_4993
rule_type = "Basic"
http_listener_name = local.listener_name_4993
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4993
}
request_routing_rule {
name = local.request_routing_rule_4994
rule_type = "Basic"
http_listener_name = local.listener_name_4994
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4994
}
# QIB routing rule
request_routing_rule {
name = local.request_routing_rule_4435
rule_type = "Basic"
http_listener_name = local.listener_name_4435
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4435
}
# Redirect QS 80 to 443
redirect_configuration {
name = local.redirect_configuration_80
target_listener_name = local.listener_name_https
redirect_type = "Permanent"
include_path = true
include_query_string = true
}
request_routing_rule {
name = local.request_routing_rule_http
rule_type = "Basic"
http_listener_name = local.listener_name_http
redirect_configuration_name = local.redirect_configuration_80
}
# Redirect QDC 8080 to 8443
redirect_configuration {
name = local.redirect_configuration_8080
target_listener_name = local.listener_name_8443
redirect_type = "Permanent"
include_path = true
include_query_string = true
}
request_routing_rule {
name = local.request_routing_rule_8080
rule_type = "Basic"
http_listener_name = local.listener_name_8080
redirect_configuration_name = local.redirect_configuration_8080
}
}

8
appgateways/appgw-qdc-qs/outputs.tf
View File

@@ -10,14 +10,10 @@ output "appgw_public_ip" {
value = azurerm_public_ip.appgw-ip.ip_address value = azurerm_public_ip.appgw-ip.ip_address
} }
locals {
backend_pools = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool)
}
output "appgw_backend_address_pool_0_id" { output "appgw_backend_address_pool_0_id" {
value = local.backend_pools[index(local.backend_pools.*.name, "${var.appgw_hostname}-qs-bp")].id value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
} }
output "appgw_backend_address_pool_1_id" { output "appgw_backend_address_pool_1_id" {
value = local.backend_pools[index(local.backend_pools.*.name, "${var.appgw_hostname}-qdc-bp")].id value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[1].id
} }

2
appgateways/appgw-qdc-qs/variables.tf
View File

@@ -24,7 +24,7 @@ variable "app_gw_subnet" {
} }
variable "log_analytics_workspace_id" { variable "log_analytics_workspace_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/appgw_rg/providers/Microsoft.OperationalInsights/workspaces/qmi-log-analytics" default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourcegroups/appgw_rg/providers/microsoft.operationalinsights/workspaces/qmi-log-analytics"
} }
variable "cert_name" { variable "cert_name" {

19
appgateways/appgw-qdc/main.tf
View File

@@ -11,8 +11,14 @@ locals {
} }
data "azurerm_key_vault_certificate" "qmi-cert" { data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-cert" name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id key_vault_id = var.key_vault_id
} }
@@ -37,11 +43,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
resource_group_name = var.app_gw_rg resource_group_name = var.app_gw_rg
location = var.location location = var.location
identity {
type = "UserAssigned"
identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
}
tags = { tags = {
Deployment = "QMI PoC" Deployment = "QMI PoC"
"Cost Center" = "3100" "Cost Center" = "3100"
@@ -79,7 +80,8 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
ssl_certificate { ssl_certificate {
name = var.cert_name name = var.cert_name
key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
} }
ssl_policy { ssl_policy {
@@ -127,7 +129,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_8443 http_listener_name = local.listener_name_8443
backend_address_pool_name = local.backend_address_pool_qdc backend_address_pool_name = local.backend_address_pool_qdc
backend_http_settings_name = local.http_setting_name_8443 backend_http_settings_name = local.http_setting_name_8443
priority = 1
} }
} }

167
appgateways/appgw-qdc/main.tf_old Normal file
View File

@@ -0,0 +1,167 @@
locals {
appgw_hostname = "${var.appgw_hostname}.${var.domain}"
appgw_name = "qmi-appgw-qdc"
backend_address_pool_qdc = "${var.appgw_hostname}-qdc-bp"
http_setting_name_8443 = "${var.appgw_hostname}-8443-setting"
qdc_probe_name = "${var.appgw_hostname}-qdcprobe"
listener_name_8080 = "${var.appgw_hostname}-8080"
listener_name_8443 = "${var.appgw_hostname}-8443"
request_routing_rule_https = "${var.appgw_hostname}-https-rule"
request_routing_rule_8443 = "${var.appgw_hostname}-8443-rule"
redirect_configuration_8080 = "${var.appgw_hostname}-8080redirect"
request_routing_rule_8080 = "${var.appgw_hostname}-8080-rule"
}
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id
}
resource "azurerm_public_ip" "appgw-ip" {
name = "${local.appgw_name}-ip-${var.provision_id}"
resource_group_name = var.app_gw_rg
sku = "Standard"
location = var.location
allocation_method = "Static"
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
}
resource "azurerm_application_gateway" "qmi-app-gw" {
name = "${local.appgw_name}-${var.provision_id}"
resource_group_name = var.app_gw_rg
location = var.location
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
sku {
name = "WAF_v2"
tier = "WAF_v2"
capacity = 1
}
waf_configuration {
enabled = true
firewall_mode = "Prevention"
rule_set_type = "OWASP"
rule_set_version = "3.0"
}
gateway_ip_configuration {
name = "app-gw-subnet"
subnet_id = var.app_gw_subnet
}
frontend_port {
name = "8443"
port = 8443
}
frontend_port {
name = "8080"
port = 8080
}
frontend_ip_configuration {
name = "app-gw-front-end-ip-config"
public_ip_address_id = azurerm_public_ip.appgw-ip.id
}
ssl_certificate {
name = var.cert_name
password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
}
ssl_policy {
policy_type = "Predefined"
policy_name = "AppGwSslPolicy20170401"
}
backend_address_pool {
name = local.backend_address_pool_qdc
}
backend_http_settings {
name = local.http_setting_name_8443
cookie_based_affinity = "Disabled"
port = 8080
protocol = "Http"
request_timeout = 7600
probe_name = local.qdc_probe_name
}
probe {
name = local.qdc_probe_name
protocol = "Http"
host = local.appgw_hostname
interval = 30
path = "/qdc"
timeout = 30
unhealthy_threshold = 3
}
http_listener {
name = local.listener_name_8443
ssl_certificate_name = var.cert_name
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "8443"
protocol = "Https"
}
http_listener {
name = local.listener_name_8080
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "8080"
protocol = "Http"
}
request_routing_rule {
name = local.request_routing_rule_8443
rule_type = "Basic"
http_listener_name = local.listener_name_8443
backend_address_pool_name = local.backend_address_pool_qdc
backend_http_settings_name = local.http_setting_name_8443
}
redirect_configuration {
name = local.redirect_configuration_8080
target_listener_name = local.listener_name_8443
redirect_type = "Permanent"
include_path = true
include_query_string = true
}
request_routing_rule {
name = local.request_routing_rule_8080
rule_type = "Basic"
http_listener_name = local.listener_name_8080
redirect_configuration_name = local.redirect_configuration_8080
}
}

2
appgateways/appgw-qdc/outputs.tf
View File

@@ -11,6 +11,6 @@ output "appgw_public_ip" {
} }
output "appgw_backend_address_pool_0_id" { output "appgw_backend_address_pool_0_id" {
value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).0.id value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
} }

2
appgateways/appgw-qdc/variables.tf
View File

@@ -24,7 +24,7 @@ variable "app_gw_subnet" {
} }
variable "log_analytics_workspace_id" { variable "log_analytics_workspace_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/appgw_rg/providers/Microsoft.OperationalInsights/workspaces/qmi-log-analytics" default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourcegroups/appgw_rg/providers/microsoft.operationalinsights/workspaces/qmi-log-analytics"
} }
variable "cert_name" { variable "cert_name" {

25
appgateways/appgw-qs/main.tf
View File

@@ -35,8 +35,14 @@ locals {
} }
data "azurerm_key_vault_certificate" "qmi-cert" { data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-cert" name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id key_vault_id = var.key_vault_id
} }
@@ -61,11 +67,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
resource_group_name = var.app_gw_rg resource_group_name = var.app_gw_rg
location = var.location location = var.location
identity {
type = "UserAssigned"
identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
}
tags = { tags = {
Deployment = "QMI PoC" Deployment = "QMI PoC"
"Cost Center" = "3100" "Cost Center" = "3100"
@@ -185,7 +186,8 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
ssl_certificate { ssl_certificate {
name = var.cert_name name = var.cert_name
key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
} }
ssl_policy { ssl_policy {
@@ -270,7 +272,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
unhealthy_threshold = 3 unhealthy_threshold = 3
match { match {
body = null
status_code = ["200-401"] status_code = ["200-401"]
} }
} }
@@ -338,7 +339,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_https http_listener_name = local.listener_name_https
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_443 backend_http_settings_name = local.http_setting_name_443
priority = 1
} }
@@ -349,7 +349,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4993 http_listener_name = local.listener_name_4993
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4993 backend_http_settings_name = local.http_setting_name_4993
priority = 2
} }
request_routing_rule { request_routing_rule {
name = local.request_routing_rule_4994 name = local.request_routing_rule_4994
@@ -357,7 +356,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4994 http_listener_name = local.listener_name_4994
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4994 backend_http_settings_name = local.http_setting_name_4994
priority = 3
} }
# QIB routing rule (needs QIB using qmi.qlik-poc.com certs) # QIB routing rule (needs QIB using qmi.qlik-poc.com certs)
@@ -367,7 +365,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4435 http_listener_name = local.listener_name_4435
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4435 backend_http_settings_name = local.http_setting_name_4435
priority = 4
} }
# Qlik Alerting routing rule (needs Qlik Alerting using qmi.qlik-poc.com certs) # Qlik Alerting routing rule (needs Qlik Alerting using qmi.qlik-poc.com certs)
@@ -377,7 +374,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4552 http_listener_name = local.listener_name_4552
backend_address_pool_name = local.backend_address_pool_qs backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4552 backend_http_settings_name = local.http_setting_name_4552
priority = 5
} }
@@ -394,7 +390,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
rule_type = "Basic" rule_type = "Basic"
http_listener_name = local.listener_name_http http_listener_name = local.listener_name_http
redirect_configuration_name = local.redirect_configuration_80 redirect_configuration_name = local.redirect_configuration_80
priority = 6
} }
} }

2
appgateways/appgw-qs/outputs.tf
View File

@@ -11,5 +11,5 @@ output "appgw_public_ip" {
} }
output "appgw_backend_address_pool_0_id" { output "appgw_backend_address_pool_0_id" {
value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).0.id value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
} }

2
appgateways/appgw-qs/variables.tf
View File

@@ -24,7 +24,7 @@ variable "app_gw_subnet" {
} }
variable "log_analytics_workspace_id" { variable "log_analytics_workspace_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/appgw_rg/providers/Microsoft.OperationalInsights/workspaces/qmi-log-analytics" default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourcegroups/appgw_rg/providers/microsoft.operationalinsights/workspaces/qmi-log-analytics"
} }
variable "cert_name" { variable "cert_name" {

169
archived/vm-fromsnapshot-win/main.tf Normal file
View File

@@ -0,0 +1,169 @@
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 2
}
resource "random_password" "password" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_lower = 2
min_upper = 2
min_special = 2
}
locals {
virtual_machine_name = (var.virtual_machine_name != null)? var.virtual_machine_name : "${var.prefix}-${random_id.randomMachineId.hex}"
admin_username = var.admin_username
admin_password = random_password.password.result
notrename = (var.notrename != null)? "-NotApply" : ""
storage_account_id = var.location == "westeurope"? "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Storage/storageAccounts/machinesnapshotsweu" : "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Storage/storageAccounts/machinesnapshots"
}
resource "azurerm_managed_disk" "copy" {
name = "Disk-${var.prefix}-${random_id.randomMachineId.hex}"
location = var.location
resource_group_name = var.resource_group_name
storage_account_type = "Premium_LRS"
create_option = "Import"
storage_account_id = local.storage_account_id
source_uri = var.snapshot_id
disk_size_gb = var.disk_size_gb
tags = {
"Deployment" = "QMI PoC"
"Cost Center" = "3100"
"QMI_user" = var.user_id != null? var.user_id : null
}
}
module "qmi-nic" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
prefix = local.virtual_machine_name
location = var.location
subnet_id = var.subnet_id
resource_group_name = var.resource_group_name
user_id = var.user_id
}
resource "azurerm_virtual_machine" "vm" {
name = local.virtual_machine_name
location = var.location
resource_group_name = var.resource_group_name
network_interface_ids = [ module.qmi-nic.id ]
vm_size = var.vm_type
storage_os_disk {
name = azurerm_managed_disk.copy.name
os_type = "Windows"
managed_disk_id = azurerm_managed_disk.copy.id
managed_disk_type = "Premium_LRS"
create_option = "Attach"
}
os_profile_windows_config {
provision_vm_agent = true
enable_automatic_upgrades = false
winrm {
protocol = "http"
}
}
identity {
type = "SystemAssigned"
}
/*os_profile {
computer_name = local.virtual_machine_name
admin_username = local.admin_username
}*/
tags = {
"Deployment" = "QMI PoC"
"Cost Center" = "3100"
"ProvId" = var.provId != null? var.provId : null
"QMI_user" = var.user_id != null? var.user_id : null
"24x7" = var.is_24x7 == true? "" : null
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
"StartupTime": var.is_24x7 == false? var.startupTime : null
}
}
resource "null_resource" "post-vm-fromsnapshot-win" {
count = var.initial_password != null? 1 : 0
depends_on = [
azurerm_virtual_machine.vm
]
provisioner "file" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = var.initial_password
port = 5985
https = false
timeout = "10m"
}
source = "${path.module}/scripts"
destination = "C:/tmp/provision"
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = var.initial_password
port = 5985
https = false
timeout = "10m"
}
inline = [
"powershell.exe -File C:/tmp/provision/bootstrap.ps1",
"powershell.exe -File C:/tmp/provision/password.ps1 -Username ${local.admin_username} -Pass ${local.admin_password}"
]
}
# Rename Computer
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "10m"
}
inline = [
"powershell.exe -File C:/tmp/provision/RenameComputer.ps1 -NewName ${local.virtual_machine_name} ${local.notrename}"
]
on_failure = continue
}
provisioner "local-exec" {
command = "sleep 30"
}
}

4
vm-oraclelinux81/outputs.tf → archived/vm-fromsnapshot-win/outputs.tf
View File

@@ -3,7 +3,7 @@ output "virtual_machine_id" {
} }
output "virtual_machine_name" { output "virtual_machine_name" {
value = "${var.prefix}-${random_id.randomMachineId.hex}" value = azurerm_virtual_machine.vm.name
} }
output "admin_username" { output "admin_username" {
@@ -11,7 +11,7 @@ output "admin_username" {
} }
output "admin_password" { output "admin_password" {
value = nonsensitive(random_password.password.result) value = random_password.password.result
} }
output "nic_id" { output "nic_id" {

14
archived/vm-fromsnapshot-win/scripts/RenameComputer.ps1 Normal file
View File

@@ -0,0 +1,14 @@
Param(
[string] $NewName,
[switch] $NotApply = $False
)
if ($NotApply){
Write-Host "Not renaming machine"
} else {
Write-Host "Machine is going to be renamed as $NewName"
Rename-Computer -NewName $NewName -PassThru -Force -Restart
}

16
vm-win2/scripts/bootstrap.ps1 → archived/vm-fromsnapshot-win/scripts/bootstrap.ps1
View File

@@ -1,3 +1,4 @@
New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI -force | Out-Null New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI -force | Out-Null
Copy-Item $PSScriptRoot\qmiCLI.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI\qmiCLI.psm1 | Out-Null Copy-Item $PSScriptRoot\qmiCLI.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI\qmiCLI.psm1 | Out-Null
Import-Module qmiCLI.psm1 | Out-Null Import-Module qmiCLI.psm1 | Out-Null
@@ -7,12 +8,23 @@ New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Mo
Copy-Item $PSScriptRoot\qmiUtils.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiUtils\qmiUtils.psm1 | Out-Null Copy-Item $PSScriptRoot\qmiUtils.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiUtils\qmiUtils.psm1 | Out-Null
Import-Module qmiUtils.psm1 | Out-Null Import-Module qmiUtils.psm1 | Out-Null
Write-Log "Scripts locations is: $PSScriptRoot"
#Install Chocolatey #Install Chocolatey
Write-Log "Install Chocolatey" #Write-Log "Install Chocolatey"
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) #Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
### Disable Password policy ### Disable Password policy
secedit /export /cfg c:\secpol.cfg | Out-Null secedit /export /cfg c:\secpol.cfg | Out-Null
(Get-Content C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg | Out-Null (Get-Content C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg | Out-Null
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY | Out-Null secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY | Out-Null
rm -force c:\secpol.cfg -confirm:$false | Out-Null rm -force c:\secpol.cfg -confirm:$false | Out-Null
#Write-Log "Resize Partition C to max size"
#$size = Get-PartitionSupportedSize -DriveLetter C
#Resize-Partition -DriveLetter C -Size $size.SizeMax | Out-Null

12
archived/vm-fromsnapshot-win/scripts/password.ps1 Normal file
View File

@@ -0,0 +1,12 @@
Param(
[string] $Username,
[string] $Pass
)
Import-Module "Carbon"
$secpasswd = ConvertTo-SecureString $Pass -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($Username, $secpasswd)
Install-User -Credential $cred
Write-Log "Done! Setting new password to user $Username"

24
vm-win2/scripts/q-user-setup.ps1 → archived/vm-fromsnapshot-win/scripts/q-user-setup.ps1
View File

@@ -1,16 +1,3 @@
<#
Module: q-user-setup
Author: Clint Carr
Modified by: -
Modification History:
- Deleted disable IPv6
- Changed the creation of Qlik User to be based on Carbon
- Added Logging
- Added comments
last updated: 27/07/2018
Intent: Disable Password complexity, create Qlik user and grant remote desktop rights
#>
Write-Log "Starting q-user-setup.ps1" Write-Log "Starting q-user-setup.ps1"
Trap { Trap {
@@ -18,13 +5,6 @@ Trap {
Break Break
} }
# Helper Functions
# ----------------
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
### Install Carbon PowerShell Module ### Install Carbon PowerShell Module
Write-Log -Message "Installing carbon" Write-Log -Message "Installing carbon"
choco install carbon -y | Out-Null choco install carbon -y | Out-Null
@@ -32,8 +12,8 @@ Import-Module "Carbon"
### create Qlik User ### create Qlik User
Write-Log -Message "Creating Qlik account" Write-Log -Message "Creating Qlik account"
$cred = New-Credential "Qlik" "Qlik1234" $cred = New-MyCredential -user "Qlik" -pass "Qlik1234"
Install-CUser -Credential $cred Install-User -Credential $cred
### Grant Remote Admin Rights to Qlik User ### Grant Remote Admin Rights to Qlik User
Write-Log -Message "Granting Qlik account Remote Interactive Logon Right" Write-Log -Message "Granting Qlik account Remote Interactive Logon Right"

0
vm-qs/scripts-qdc/Categories.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Categories.qvd
View File

0
vm-qs/scripts-qdc/Employees.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Employees.qvd
View File

0
vm-qs/scripts-qdc/Offices.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Offices.qvd
View File

0
vm-qs/scripts-qdc/Products.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Products.qvd
View File

0
vm-qs/scripts-qdc/Restart-ServiceDispatcher.ps1 → archived/vm-fromsnapshot-win/scripts/qdc/Restart-ServiceDispatcher.ps1
View File

0
vm-qs/scripts-qdc/Sales_Data.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Sales_Data.qvd
View File

0
vm-qs/scripts-qdc/Suppliers.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Suppliers.qvd
View File

0
vm-qs/scripts-qdc/Territories.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Territories.qvd
View File

0
vm-qs/scripts-qdc/qdc-scenario-config.ps1 → archived/vm-fromsnapshot-win/scripts/qdc/qdc-scenario-config.ps1
View File

13
vm-qs/scripts-qdc/qdc-setup-sept20.ps1 → archived/vm-fromsnapshot-win/scripts/qdc/qdc-setup-sept20.ps1
View File

@@ -1,6 +1,5 @@
Param( Param(
[string] $QDC_HOST = "QMI-QDC-SN", [string] $QDC_HOST = "QMI-QDC-SN"
[string] $POSTGRES_CONN_PW = "postgres"
) )
function New-Credential($u,$p) { function New-Credential($u,$p) {
@@ -54,8 +53,8 @@ New-QlikTag -name "QVD Catalog" | Out-Null
# create podium user # create podium user
Import-Module "Carbon" Import-Module "Carbon"
Write-Log -Message "Adding 'podium' user to Windows system" Write-Log -Message "Adding 'podium' user to Windows system"
$cred = New-Credential "podium" $POSTGRES_CONN_PW $cred = New-Credential "podium" "Qlik1234"
Install-CUser -Credential $cred | Out-Null Install-User -Credential $cred | Out-Null
Write-Log -Message "Creating Qlik Sense data connection for C:\QVDs" Write-Log -Message "Creating Qlik Sense data connection for C:\QVDs"
@@ -75,9 +74,8 @@ New-NetFirewallRule -DisplayName "pub2qlik" -Action allow -LocalPort 4243,4747 -
Write-Log -Message "Creating 'podium_dist' postgres connection" Write-Log -Message "Creating 'podium_dist' postgres connection"
$cred = New-Credential "postgres" $POSTGRES_CONN_PW $cred = New-Credential "postgres" "postgres"
$theString = "CUSTOM CONNECT TO ""provider=QvOdbcConnectorPackage.exe;driver=postgres;host=$QDC_HOST;port=5432;db=podium_dist;SSLMode=prefer;UseSystemTrustStore=false;ByteaAsLongVarBinary=0;TextAsLongVarchar=0;UseUnicode=1;FetchTSWTZasTimestamp=1;MaxVarcharSize=262144;UseDeclareFetch=1;Fetch=200;EnableTableTypes=1;MoneyAsDecimal=1;TimetzAsVarchar=1;allowNonSelectQueries=false;QueryTimeout=30;useBulkReader=false;maxStringLength=4096;""" $podiumDistDC = New-QlikDataConnection -connectionstring "'CUSTOM CONNECT TO `"provider=QvOdbcConnectorPackage.exe;driver=postgres;host=$QDC_HOST;port=5432;db=podium_dist;SSLMode=prefer;UseSystemTrustStore=false;ByteaAsLongVarBinary=0;TextAsLongVarchar=0;UseUnicode=1;FetchTSWTZasTimestamp=1;MaxVarcharSize=262144;UseDeclareFetch=1;Fetch=200;EnableTableTypes=1;MoneyAsDecimal=1;QueryTimeout=30;`"" `
$podiumDistDC = New-QlikDataConnection -connectionstring $theString `
-name podium_dist -type 'QvOdbcConnectorPackage.exe' -Credential $cred -name podium_dist -type 'QvOdbcConnectorPackage.exe' -Credential $cred
Write-Log -Message "Grant access to all user to this connection" Write-Log -Message "Grant access to all user to this connection"
@@ -86,7 +84,6 @@ New-QlikRule -name "Podium_Dist allow to all" -comment "Allow Podium_Dist Connec
Write-Log "Copy Sample QVDs into C:/QVDs folder" Write-Log "Copy Sample QVDs into C:/QVDs folder"
Copy-Item $PSScriptRoot\*.qvd C:\QVDs Copy-Item $PSScriptRoot\*.qvd C:\QVDs
Copy-Item $PSScriptRoot\*.csv C:\QVDs
$x=1 $x=1
$files = Get-ChildItem C:\QVDs\*.qvd|sort LastWriteTime $files = Get-ChildItem C:\QVDs\*.qvd|sort LastWriteTime

2
vm-qs/scripts-qdc/qdc-setup.ps1 → archived/vm-fromsnapshot-win/scripts/qdc/qdc-setup.ps1
View File

@@ -114,7 +114,7 @@ Grant-SmbShareAccess -Name certs -AccountName Everyone -AccessRight Read -Force
Import-Module "Carbon" Import-Module "Carbon"
Write-Log -Message "Adding 'podium' user to Windows system" Write-Log -Message "Adding 'podium' user to Windows system"
$cred = New-Credential "podium" "Qlik1234" $cred = New-Credential "podium" "Qlik1234"
Install-CUser -Credential $cred | Out-Null Install-User -Credential $cred | Out-Null
#gci cert:\CurrentUser\My | where {$_.issuer -eq $cert} | Connect-Qlik -Username $env:COMPUTERNAME\podium -Computername $env:COMPUTERNAME #gci cert:\CurrentUser\My | where {$_.issuer -eq $cert} | Connect-Qlik -Username $env:COMPUTERNAME\podium -Computername $env:COMPUTERNAME
#gci cert:\CurrentUser\My | where {$_.issuer -eq $cert} | Connect-Qlik -Computername $env:COMPUTERNAME #gci cert:\CurrentUser\My | where {$_.issuer -eq $cert} | Connect-Qlik -Computername $env:COMPUTERNAME

131
archived/vm-fromsnapshot-win/scripts/qliksense/bootstrap-qs.ps1 Normal file
View File

@@ -0,0 +1,131 @@
Param(
[string] $ModuleName = "vm-qs"
)
Write-Log "Resize Partition C to max size"
$size = Get-PartitionSupportedSize -DriveLetter C
Resize-Partition -DriveLetter C -Size $size.SizeMax | Out-Null
# Helper Functions
# ----------------
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
#Write-Log "Deleting old certificates files..."
#Get-ChildItem "$($env:ProgramData)\Qlik\Sense\Repository\Exported Certificates\" | Remove-Item -Recurse
Set-Service -Name "QlikLoggingService" -StartupType Automatic
Set-Service -Name "QlikSenseServiceDispatcher" -StartupType Automatic
Set-Service -Name "QlikSenseProxyService" -StartupType Automatic
Set-Service -Name "QlikSenseEngineService" -StartupType Automatic
Set-Service -Name "QlikSensePrintingService" -StartupType Automatic
Set-Service -Name "QlikSenseSchedulerService" -StartupType Automatic
Set-Service -Name "QlikSenseRepositoryService" -StartupType Automatic
Set-Service -Name "QlikSenseRepositoryDatabase" -StartupType Automatic
Write-Log "Starting QlikSenseRepositoryDatabase and QlikSenseServiceDispatcher..."
Start-Service QlikSenseRepositoryDatabase
Start-Service QlikSenseServiceDispatcher
#Delete certificates
Write-Log "Deleting old certificates from keyStore..."
$Certs = Get-ChildItem cert:"CurrentUser\My"
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
$Certs = Get-ChildItem cert:"LocalMachine\My"
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
$Certs = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'GEN-QS' -or $_.Subject -match 'QMI-QS' -or $_.Subject -match 'QMI-E2E' }
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
Write-Log "Setting new hostname ($($env:computername)) in to Host.cfg file..."
$enchostname = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("$($env:computername)"))
Set-Content -Path C:\ProgramData\Qlik\Sense\Host.cfg -Value $enchostname
Write-Log "Bootstraping Qlik Sense ..."
Write-Log "Executing ... Repository.exe -bootstrap -standalone -restorehostname"
$waiting=20
if ( $env:USERNAME -eq "qservice" ) {
$waiting=50
Write-Log "The user executing this script is already 'qservice'"
Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
} else {
Write-Log "The user executing this script is NOT 'qservice'"
$cred = New-Credential "qservice" "Qlik1234"
Start-Process powershell.exe -Credential $cred -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
}
$waiting=50
Write-Log "Waiting $waiting secs ..."
Start-Sleep -s $waiting
Write-Log "Restarting Service Dispatcher"
Restart-Service QlikSenseServiceDispatcher -Force
Start-Sleep -s 20
Write-Log "New Certs: CurrentUser\My"
Get-ChildItem cert:"CurrentUser\My"
Write-Log "New Certs: LocalMachine\My"
Get-ChildItem cert:"LocalMachine\My"
Write-Log "New Certs: LocalMachine\Root"
Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
$NewCerts = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
if ($NewCerts) {
Write-Log "Restarting all Qlik Sense services"
Restart-Service QlikSenseServiceDispatcher -Force
Restart-Service QlikLoggingService -Force
Restart-Service QlikSenseRepositoryService -Force
Restart-Service QlikSenseProxyService -Force
Restart-Service QlikSenseEngineService -Force
Restart-Service QlikSenseSchedulerService -Force
Restart-Service QlikSensePrintingService -Force
if ( $ModuleName -ne "vm-qs" ) {
Start-Sleep -s 20
Write-Log "Recovering Qlik Sense users"
Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/c $PSScriptRoot\qs-reset-users.bat'"
Restart-Service QlikSenseRepositoryService -Force
}
} else {
Write-Error "Error: Qlik Sense Certs not recreated!"
throw "Error: Qlik Sense Certs not recreated!"
}
#### Recreate QS desktop shortcuts
Write-Log "Recreate QS desktop shortcuts"
$sourcepath="C:\Users\Public\Desktop\Qlik Management Console.lnk"
$destination="C:\Users\Public\Desktop\Qlik Management Console2.lnk"
Copy-Item $sourcepath $destination ## Get the lnk we want to use as a template
Remove-Item -Path $sourcepath -Force
$shell = New-Object -COM WScript.Shell
$shortcut = $shell.CreateShortcut($destination) ## Open the lnk
$shortcut.TargetPath = "https://$env:computername/qmc" ## Make changes
$shortcut.Save() ## Save
Rename-Item -Path $destination -NewName "Qlik Management Console.lnk"
$sourcepath="C:\Users\Public\Desktop\Qlik Sense Hub.lnk"
$destination="C:\Users\Public\Desktop\Qlik Sense Hub2.lnk"
Copy-Item $sourcepath $destination ## Get the lnk we want to use as a template
Remove-Item -Path $sourcepath -Force
$shell = New-Object -COM WScript.Shell
$shortcut = $shell.CreateShortcut($destination) ## Open the lnk
$shortcut.TargetPath = "https://$env:computername/hub" ## Make changes
$shortcut.Save() ## Save
Rename-Item -Path $destination -NewName "Qlik Sense Hub.lnk"
####
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f

185
archived/vm-fromsnapshot-win/scripts/qliksense/qs-post-cfg.ps1 Normal file
View File

@@ -0,0 +1,185 @@
<#
Module: qs-post-cfg
Author: Clint Carr
Modified by: -
Modification History:
- Fixed connect as user logic (qlik-cli change)
- Added logic to accomodate for Professional/Analyzer or User licenses
- Added a loop into the Connect-Qlik statement to remove an abort error
- Added Logging
- Added comments
- Error checking
- Modified service connection for Qlik Sense from endless loop to a set number of attempts.
- Added a service restart at the end of the Central Node (seems to resolve an issue with April 2018)
last updated: 10/18/2019
Intent: Configure the Qlik Sense environment with applications and Security Rules.
#>
Param(
[string] $Hostname,
[string] $CertPwd,
[string] $QlikUserPwd
)
Import-Module Qlik-Cli
Import-Module "Carbon"
# Helper Functions
# ----------------
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
Write-Log -Message "Creating Qlik account"
$cred = New-Credential "Qlik" $QlikUserPwd
Install-User -Credential $cred
Write-Log -Message "Starting qs-post-cfg.ps1"
### Waiting for Qlik Sense installation to complete
#-----------
Function restartQse
{
Write-Log "Checking Engine Service has started..."
$qse = get-service QlikSenseEngineService
write-log -Message "The engine is currently $($qse.Status)"
if ($qse.Status -eq "Stopped") {
Write-Log -Message "Starting Qlik Sense Engine and waiting 120 seconds" -Severity "Warn";
Start-Service QlikSenseEngineService ;
Restart-Service QlikSenseServiceDispatcher;
start-sleep -s 120
}
write-log -Message "The engine is currently $($qse.Status)"
}
Function connQSR
{
$i = 1
$statusCode = 0
while ($statusCode -ne 200 -and $i -le 10)
{
try {$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode }
catch
{
$i++
write-log -Message "QSR on $env:COMPUTERNAME not responding attempt $i of 10..." -Severity "Warn"
start-sleep -s 20
}
}
}
Function restartServices
{
write-log -Message "Restarting Qlik Sense Services on $env:COMPUTERNAME" -Severity "Warn"
Restart-Service QlikSenseRepositoryDatabase -Force
Restart-Service QlikLoggingService -Force
Restart-Service QlikSenseServiceDispatcher -Force
Restart-Service QlikSenseRepositoryService -Force
Restart-Service QlikSenseProxyService -Force
Restart-Service QlikSenseEngineService -Force
Restart-Service QlikSensePrintingService -Force
Restart-Service QlikSenseSchedulerService -Force
}
Function qlikSenseUserAccess
{
$userAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
$licenseId = Invoke-QlikPost "/qrs/License/UserAccessGroup" $userAccessGroup
$systemRuleJson = (@{
name = "Grant Everyone a token";
category = "License";
rule = '((user.name like "*"))';
type = "Custom";
resourceFilter = "License.UserAccessGroup_" + $licenseId.id;
actions = 1;
ruleContext = "QlikSenseOnly";
disabled = $false;
comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
Write-Log -Message "Adding user license rule to grant Everyone Tokens."
try {
Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
}
Function qlikSenseProfessionalAccess
{
$professionalAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
$licenseId = Invoke-QlikPost "/qrs/License/ProfessionalAccessGroup" $professionalAccessGroup
$systemRuleJson = (@{
name = "Grant Everyone Professional Access";
category = "License";
rule = '((user.name like "*"))';
type = "Custom";
resourceFilter = "License.ProfessionalAccessGroup_" + $licenseId.id;
actions = 1;
ruleContext = "QlikSenseOnly";
disabled = $false;
comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
Write-Log -Message "Adding user license rule to grant Everyone access as Professional."
try {
Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
}
#-----------
write-log -Message "Waiting 1 minute for Qlik Sense installation to complete"
start-sleep -s 60
### wait for Qlik Sense Proxy service to respond with an HTTP 200 status before proceeding
connQSR
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200)
{
Write-Log -Message "Waiting 25 seconds before next pass" -Severity "Warn"
restartServices
Write-Log -Message "Waiting 45 seconds for Services to ensure they are ready" -Severity "Warn"
start-sleep -s 45
connQSR
}
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200) {
Write-Log -Message "Provisioning failed" -Severity "Error"
Exit
}
Write-Log -Message "Qlik Sense Proxy responding on $env:COMPUTERNAME, status code: $statusCode"
Write-Log -Message "Connecting to Qlik Sense Repository Service on $env:COMPUTERNAME"
restartQse
### Connect to the Qlik Sense Repository Service with Qlik-Cli
do {write-log -Message "Connecting to Qlik Sense Repository"; start-sleep 15}
While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials -ErrorAction SilentlyContinue).length -eq 0 )
### Enabling HTTP
#Write-Log -Message "Enabling HTTP access on Central Node proxy"
#try {
# Get-QlikProxy -filter "serverNodeConfiguration.Name eq 'Central'" | Update-QlikProxy -AllowHttp 1 | Out-Null
#} catch {
# Write-Log -Message $_.Exception.Message -Severity "Error"
#}
#Start-Sleep -s 10
### Install qlik-poc_com certificate
Write-Log -Message "Install 'qmi.qlik-poc.com' certificate, set thumbsprint and whitelist domain in QS central virtual proxy"
try {
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
$sslCert=Import-PfxCertificate -FilePath C:/provision/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
Update-QlikProxy -SslBrowserCertificateThumbprint $sslCert.Thumbprint -id (Get-QlikProxy).id | Out-Null
Start-Sleep -s 10
Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials | Out-Null
Update-QlikVirtualProxy -id (Get-QlikVirtualProxy -filter "description eq 'Central Proxy (Default)'").id -websocketCrossOriginWhiteList $Hostname | Out-Null
Start-Sleep -s 10
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}

10
archived/vm-fromsnapshot-win/scripts/qliksense/qs-reset-users.bat Normal file
View File

@@ -0,0 +1,10 @@
@echo off
set host_name=localhost
set owner_name=postgres
set PGPASSWORD=Qlik1234
C: && cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin" && psql -p 4432 -U %owner_name% -d QSR --command "UPDATE public.\"Users\" SET \"UserDirectory\" = '%COMPUTERNAME%', \"RolesString\" = 'RootAdmin' WHERE \"UserDirectory\" != 'INTERNAL';"
psql -p 4432 -U %owner_name% -d QSR --command "SELECT * FROM public.\"Users\" WHERE \"RolesString\" = 'RootAdmin';"
cd "C:\provision"
@echo off

32
vm-win2/scripts/qmiCLI.psm1 → archived/vm-fromsnapshot-win/scripts/qmiCLI.psm1
View File

@@ -83,38 +83,6 @@ Function Backup-QMIApps
Write-Log -Message "Commencing export process for local Qlik Sense Apps repository" -Severity 'Info' Write-Log -Message "Commencing export process for local Qlik Sense Apps repository" -Severity 'Info'
### Get Apps
Write-Log -Message "Identifying eligible local Qlik Sense Apps" -Severity 'Info'
$arrApps = Get-QlikApp | ? {$_.stream.name -ne 'monitoring apps'} #| Sort Name
Write-Log -Message "Qlik Sense Apps identified: $($arrApps.Count)" -Severity 'Info'
Foreach ($objApp in $arrApps){
Write-Log -Message "Qlik App export job: $($objApp.Name)" -Severity 'Info'
If($objApp.Published -eq $True){
If(Test-Path -Path $($Destination + '\' + $objApp.stream.name)){
}
else{
Write-Log -Message "Identified new stream $($objApp.stream.name). Creating central stream repository" -Severity 'Info'
New-Item -ItemType Directory -Path $($Destination + '\' + $objApp.stream.name) -Force
}
$objApp | Export-QlikApp -filename $($Destination + '\' + $($objApp.stream.name) + '\' +$objApp.name + '.qvf')
Write-Log -Message "Qlik Sense Apps exported: $($objApp.Name)" -Severity 'Info'
}
else{
$objApp | Export-QlikApp -filename $($Destination + '\' + $objApp.name + '.qvf')
Write-Log -Message "Qlik Sense Apps exported: $($objApp.Name)" -Severity 'Info'
}
}
Export-App -Source $Source -Destination $Destination
Write-Log -Message "Concluding export process for local Qlik Sense Apps repository" -Severity 'Info'
} }
Function Backup-QMIExtensions Function Backup-QMIExtensions

15
vm-win2/scripts/qmiUtils.psm1 → archived/vm-fromsnapshot-win/scripts/qmiUtils.psm1
View File

@@ -15,6 +15,19 @@ Dependencies:
- -
#> #>
Function New-MyCredential
{
param (
[string] $user,
[string] $pass
)
PROCESS {
$secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($user, $secpasswd)
}
}
Function CreateOdagLink Function CreateOdagLink
{ {
param ( param (
@@ -48,7 +61,7 @@ Function CreateOdagLink
# Create ODAG Link # Create ODAG Link
Write-Log -Message "Adding ODAG Link" Write-Log -Message "Adding ODAG Link"
$rawOutput = $true #$rawOutput = $true
$detailApp = $(Get-QlikApp -filter "name eq '$detailsAppName'").id $detailApp = $(Get-QlikApp -filter "name eq '$detailsAppName'").id
$selectionApp = $(Get-QlikApp -filter "name eq '$selectionAppName'").id $selectionApp = $(Get-QlikApp -filter "name eq '$selectionAppName'").id
$sheetID = $(Invoke-QlikGet "/qrs/app/object" -filter "name eq '$sheet2OpenName' and objectType eq 'sheet'").engineObjectId $sheetID = $(Invoke-QlikGet "/qrs/app/object" -filter "name eq '$sheet2OpenName' and objectType eq 'sheet'").engineObjectId

1
vm-win2/winrmconfig/winrm.ps1 → archived/vm-fromsnapshot-win/scripts/winrm.ps1
View File

@@ -27,3 +27,4 @@ net start winrm
#Set-Service -Name WinRM -StartupType Automatic #Set-Service -Name WinRM -StartupType Automatic
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
#Start-Service -Name WinRM #Start-Service -Name WinRM

28
vm-win2/variables.tf → archived/vm-fromsnapshot-win/variables.tf
View File

@@ -1,19 +1,15 @@
variable "subnet_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-VM-Deployments"
}
variable "prefix" { variable "prefix" {
description = "The Prefix used for all resources in this example" default = "QMI"
default = "QMI-WN-BL" }
variable "subnet_id" {
} }
variable "location" { variable "location" {
default = "East US"
} }
variable "image_reference" { variable "snapshot_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Compute/images/win-base-24022020"
} }
variable "resource_group_name" { variable "resource_group_name" {
@@ -32,7 +28,15 @@ variable "disk_size_gb" {
} }
variable "admin_username" { variable "admin_username" {
default = "qmi" default = "scdemoadmin"
}
variable "initial_password" {
default = null
}
variable "virtual_machine_name" {
default = null
} }
variable "user_id" { variable "user_id" {
@@ -56,4 +60,8 @@ variable "startupTime"{
default = null default = null
} }
variable "notrename" {
default = null
}

148
archived/vm-fromsnapshot/main.tf Normal file
View File

@@ -0,0 +1,148 @@
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 2
}
resource "random_password" "password" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_lower = 2
min_upper = 2
min_special = 2
}
locals {
virtual_machine_name = (var.virtual_machine_name != null)? var.virtual_machine_name : "${var.prefix}-${random_id.randomMachineId.hex}"
admin_username = var.admin_username
admin_password = random_password.password.result
notrename = (var.notrename != null)? "-NotApply" : ""
}
resource "azurerm_managed_disk" "copy" {
name = "Disk-${var.prefix}-${random_id.randomMachineId.hex}"
location = var.location
resource_group_name = var.resource_group_name
storage_account_type = "Premium_LRS"
create_option = "Copy"
source_resource_id = var.snapshot_id
disk_size_gb = var.disk_size_gb
tags = {
"Deployment" = "QMI PoC"
"Cost Center" = "3100"
"QMI_user" = var.user_id != null? var.user_id : null
}
}
module "qmi-nic" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
prefix = local.virtual_machine_name
location = var.location
subnet_id = var.subnet_id
resource_group_name = var.resource_group_name
user_id = var.user_id
}
resource "azurerm_virtual_machine" "vm" {
name = local.virtual_machine_name
location = var.location
resource_group_name = var.resource_group_name
network_interface_ids = [ module.qmi-nic.id ]
vm_size = var.vm_type
storage_os_disk {
name = azurerm_managed_disk.copy.name
os_type = "Windows"
managed_disk_id = azurerm_managed_disk.copy.id
managed_disk_type = "Premium_LRS"
create_option = "Attach"
}
os_profile_windows_config {
provision_vm_agent = true
enable_automatic_upgrades = false
winrm {
protocol = "http"
}
}
/*os_profile {
computer_name = local.virtual_machine_name
admin_username = local.admin_username
}*/
tags = {
"Deployment" = "QMI PoC"
"Cost Center" = "3100"
"ProvId" = var.provId != null? var.provId : null
"QMI_user" = var.user_id != null? var.user_id : null
"24x7" = var.is_24x7 == true? "" : null
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
"StartupTime": var.is_24x7 == false? var.startupTime : null
}
provisioner "file" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = var.initial_password
port = 5985
https = false
timeout = "10m"
}
source = "${path.module}/scripts"
destination = "C:/tmp/provision"
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = var.initial_password
port = 5985
https = false
timeout = "10m"
}
inline = [
"powershell.exe -File C:/tmp/provision/bootstrap.ps1",
"powershell.exe -File C:/tmp/provision/password.ps1 -Username ${local.admin_username} -Pass ${local.admin_password}"
]
}
# Rename Computer
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "10m"
}
inline = [
"powershell.exe -File C:/tmp/provision/RenameComputer.ps1 -NewName ${local.virtual_machine_name} ${local.notrename}"
]
on_failure = continue
}
}

10
vm-qdc-secure/outputs.tf → archived/vm-fromsnapshot/outputs.tf
View File

@@ -1,9 +1,9 @@
output "virtual_machine_id" { output "virtual_machine_id" {
value = azurerm_linux_virtual_machine.vm.id value = azurerm_virtual_machine.vm.id
} }
output "virtual_machine_name" { output "virtual_machine_name" {
value = "${var.prefix}-${random_id.randomMachineId.hex}" value = azurerm_virtual_machine.vm.name
} }
output "admin_username" { output "admin_username" {
@@ -24,8 +24,4 @@ output "nic_private_ip_address" {
output "nic_ip_configuration_name" { output "nic_ip_configuration_name" {
value = module.qmi-nic.ip_configuration_name value = module.qmi-nic.ip_configuration_name
} }

14
archived/vm-fromsnapshot/scripts/RenameComputer.ps1 Normal file
View File

@@ -0,0 +1,14 @@
Param(
[string] $NewName,
[switch] $NotApply = $False
)
if ($NotApply){
Write-Host "Not renaming machine"
} else {
Write-Host "Machine is going to be renamed as $NewName"
Rename-Computer -NewName $NewName -Force -Restart
}

30
archived/vm-fromsnapshot/scripts/bootstrap.ps1 Normal file
View File

@@ -0,0 +1,30 @@
New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI -force | Out-Null
Copy-Item $PSScriptRoot\qmiCLI.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI\qmiCLI.psm1 | Out-Null
Import-Module qmiCLI.psm1 | Out-Null
#Importing Utils module
New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiUtils -force | Out-Null
Copy-Item $PSScriptRoot\qmiUtils.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiUtils\qmiUtils.psm1 | Out-Null
Import-Module qmiUtils.psm1 | Out-Null
Write-Log "Scripts locations is: $PSScriptRoot"
#Install Chocolatey
#Write-Log "Install Chocolatey"
#Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
### Disable Password policy
secedit /export /cfg c:\secpol.cfg | Out-Null
(Get-Content C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg | Out-Null
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY | Out-Null
rm -force c:\secpol.cfg -confirm:$false | Out-Null
#Write-Log "Resize Partition C to max size"
#$size = Get-PartitionSupportedSize -DriveLetter C
#Resize-Partition -DriveLetter C -Size $size.SizeMax | Out-Null

12
archived/vm-fromsnapshot/scripts/password.ps1 Normal file
View File

@@ -0,0 +1,12 @@
Param(
[string] $Username,
[string] $Pass
)
Import-Module "Carbon"
$secpasswd = ConvertTo-SecureString $Pass -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($Username, $secpasswd)
Install-User -Credential $cred
Write-Log "Done! Setting new password to user $Username"

29
archived/vm-fromsnapshot/scripts/q-user-setup.ps1 Normal file
View File

@@ -0,0 +1,29 @@
Write-Log "Starting q-user-setup.ps1"
Trap {
Write-Log -Message $_.Exception.Message -Severity "Error"
Break
}
### Install Carbon PowerShell Module
Write-Log -Message "Installing carbon"
choco install carbon -y | Out-Null
Import-Module "Carbon"
### create Qlik User
Write-Log -Message "Creating Qlik account"
$cred = New-MyCredential -user "Qlik" -pass "Qlik1234"
Install-User -Credential $cred
### Grant Remote Admin Rights to Qlik User
Write-Log -Message "Granting Qlik account Remote Interactive Logon Right"
Grant-Privilege -Identity $env:COMPUTERNAME\qlik -Privilege SeRemoteInteractiveLogonRight
Write-Log -Message "Adding Qlik user to Remote Desktop Users"
Add-GroupMember -Name 'Remote Desktop Users' -Member $env:COMPUTERNAME\qlik
Write-Log -Message "Adding Qlik user to local Administrators"
Add-GroupMember -Name 'Administrators' -Member $env:COMPUTERNAME\qlik
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control"
Set-ItemProperty $regPath -Name "ServicesPipeTimeout" -Type DWord -Value 180000

189
archived/vm-fromsnapshot/scripts/qmiCLI.psm1 Normal file
View File

@@ -0,0 +1,189 @@
<#
Module: QlikCLI
Author: Clint Carr
Byron Ainsworth
Modified by: -
last updated: 10/10/2017
Modification History:
-
Intent: Provide prepackaged commands to facilitate common QMI activities
Dependencies:
-
#>
function Write-Log
{
param (
[Parameter(Mandatory)]
[string]$Message,
[Parameter()]
[ValidateSet('Info','Warn','Error')]
[string]$Severity = 'Info'
)
$line = [pscustomobject]@{
'DateTime' = (Get-Date)
'Severity' = $Severity
'Message' = $Message
}
Write-Host "$($line.DateTime) [$($line.Severity)]: $($line.Message)"
$line | Export-Csv -Path c:\provision\QMIProvision.log -Append -NoTypeInformation
}
Function Backup-QMIAppsSerial
{
param (
[Parameter()]
[string]$Source = 'c:\QlikShare\apps\',
[Parameter()]
[string]$Destination = '\\VBOXSVR\shared-content\apps'
)
Write-Log -Message "Commencing export process for local Qlik Sense Apps repository" -Severity 'Info'
### Get Apps
Write-Log -Message "Identifying eligible local Qlik Sense Apps" -Severity 'Info'
$arrApps = Get-QlikApp | ? {$_.stream.name -ne 'monitoring apps'}
Write-Log -Message "Qlik Sense Apps identified: $($arrApps.Count)" -Severity 'Info'
Foreach($objApp in $arrApps){
If($objApp.Published -eq $True){
If(Test-Path -Path $($Destination + '\' + $objApp.stream.name)){
}
else{
Write-Log -Message "Identified new stream $($objApp.stream.name). Creating central stream repository" -Severity 'Info'
New-Item -ItemType Directory -Path $($Destination + '\' + $objApp.stream.name) -Force
}
$objApp | Export-QlikApp -filename $($Destination + '\' + $($objApp.stream.name) + '\' +$objApp.name + '.qvf')
Write-Log -Message "Qlik Sense Apps exported: $($objApp.Name)" -Severity 'Info'
}else{
$objApp | Export-QlikApp -filename $($Destination + '\' + $objApp.name + '.qvf')
Write-Log -Message "Qlik Sense Apps exported: $($objApp.Name)" -Severity 'Info'
}
}
Write-Log -Message "Concluding export process for local Qlik Sense Apps repository" -Severity 'Info'
}
Function Backup-QMIApps
{
param (
[Parameter()]
[string]$Source = 'c:\QlikShare\apps\',
[Parameter()]
[string]$Destination = '\\VBOXSVR\shared-content\apps'
)
Write-Log -Message "Commencing export process for local Qlik Sense Apps repository" -Severity 'Info'
}
Function Backup-QMIExtensions
{
param (
[Parameter()]
[string]$Source = 'C:\QlikShare\StaticContent\Extensions\',
[Parameter()]
[string]$Destination = '\\VBOXSVR\shared-content\extensions'
)
Write-Log -Message "Commencing export process for Extensions to from local $env:computername to central shared-content repository" -Severity 'Info'
## Verify source directory exists
If (Test-Path $Source){
Write-Log -Message "Confirmed local Extensions repository exists" -Severity 'Info'
Try
{
$arrExtensions = Get-ChildItem -Path $Source | ? {$_.Name -notlike "idevio*"}
foreach($objExtension in $arrExtensions){
Compress-Archive -Path $objExtension.FullName -DestinationPath $($Destination + '\' + $objExtension.name + '.zip' ) -CompressionLevel 'Optimal' -Force
}
#$arrObjects | Copy-Item -Destination $Destination -Recurse -Force -Verbose
Write-Log -Message "Concluding export process for Extensions repository" -Severity 'Info'
}
Catch
{
$_.Exception.Message
$_.Exception.ItemName
Write-Log -Message "Something went wrong with the file transfer. Confirm shared-content is available at $Destination" -Severity 'Error'
}
}else{
Write-Log -Message "Local Extensions repository does not exist. If you have placed your local repository in a location other than $Source you can leverage the Source argument to override" -Severity 'Error'
Exit
}
}
Function Backup-QMIReferenceData
{
param (
[Parameter()]
[string]$Source = 'c:\QlikShare\ReferenceData\',
[Parameter()]
[string]$Destination = '\\VBOXSVR\shared-content\ReferenceData'
)
Write-Log -Message "Commencing export process for ReferenceData to from local $env:computername to central shared-content repository" -Severity 'Info'
## Verify source directory exists
If (Test-Path $Source){
Write-Log -Message "Confirmed local ReferenceData repository exists" -Severity 'Info'
Try
{
$arrObjects = Get-ChildItem -Path $Source
$arrObjects | Copy-Item -Destination $Destination -Recurse -Force -Verbose
Write-Log -Message "Concluding export process for ReferenceData repository" -Severity 'Info'
}
Catch
{
Write-Log -Message "Something went wrong with the file transfer. Confirm shared-content is available at $Destination" -Severity 'Error'
}
}else{
Write-Log -Message "Local ReferenceData repository does not exist. If you have placed your local repository in a location other than $Source you can leverage the Source argument to override" -Severity 'Error'
Exit
}
}
Function Backup-QMIContentLibraries
{
param (
[Parameter()]
[string]$Source = 'C:\QlikShare\StaticContent\Content\',
[Parameter()]
[string]$Destination = '\\VBOXSVR\shared-content\ContentLibrary'
)
Write-Log -Message "Commencing export process for ContentLibraries to from local $env:computername to central shared-content repository" -Severity 'Info'
## Verify source directory exists
If (Test-Path $Source){
Write-Log -Message "Confirmed local ContentLibraries repository exists" -Severity 'Info'
Try
{
$arrObjects = Get-ChildItem -Path $Source
$arrObjects | Copy-Item -Destination $Destination -Recurse -Force -Verbose
Write-Log -Message "Concluding export process for ContentLibraries repository" -Severity 'Info'
}
Catch
{
Write-Log -Message "Something went wrong with the file transfer. Confirm shared-content is available at $Destination" -Severity 'Error'
}
}else{
Write-Log -Message "Local ContentLibraries repository does not exist. If you have placed your local repository in a location other than $Source you can leverage the Source argument to override" -Severity 'Error'
Exit
}
}

92
archived/vm-fromsnapshot/scripts/qmiUtils.psm1 Normal file
View File

@@ -0,0 +1,92 @@
<#
Module: UtilsQMI
Author: Manuel Romero
Clint Car
Modified by: -
last updated: 11/10/2017
Modification History:
-
Intent: One place for common functions across modules we don't want in qmiCLI
Dependencies:
-
#>
Function New-MyCredential
{
param (
[string] $user,
[string] $pass
)
PROCESS {
$secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($user, $secpasswd)
}
}
Function CreateOdagLink
{
param (
[string]$odagLinkName,
[string]$selectionAppName,
[string]$detailsAppName,
[string]$sheet2OpenName,
[string]$odagLinkExpression,
[int]$rowsLimit,
[int]$appsLimit,
[string]$retentionTime,
[string]$sheetEmbedName
)
PROCESS {
Trap {
Write-Log -Message "Error in function CreateOdagLink" -Severity "Error"
Write-Log -Message $_.Exception.Message -Severity "Error"
Break
}
Write-Log -Message "Installing NodeJs"
cinst nodejs.install --version 6.4.0 | Out-Null
if ( -Not (Test-Path C:\OdagEnigma) ) {
Write-Log -Message "Unzipping Node EnigmaJS"
Expand-Archive -LiteralPath C:\installation\EnigmaModule.zip -DestinationPath C:\OdagEnigma -Force | Out-Null
}
# Create ODAG Link
Write-Log -Message "Adding ODAG Link"
#$rawOutput = $true
$detailApp = $(Get-QlikApp -filter "name eq '$detailsAppName'").id
$selectionApp = $(Get-QlikApp -filter "name eq '$selectionAppName'").id
$sheetID = $(Invoke-QlikGet "/qrs/app/object" -filter "name eq '$sheet2OpenName' and objectType eq 'sheet'").engineObjectId
$data = (@{"name"=$odagLinkName;
"templateApp"=$detailApp;
"rowEstExpr"=$odagLinkExpression;
"properties"=@{
"rowEstRange"=@(@{"context"="*";"highBound"=$rowsLimit});
"genAppLimit"=@(@{"context"="User_*";"limit"=$appsLimit});
"appRetentionTime"=@(@{"context"="User_*";"retentionTime"=$retentionTime});
"targetSheet"=@(@{"context"="User_*";"sheetId"=$sheetID})};
"selectionApp"=$selectionApp}) | ConvertTo-Json -Compress -Depth 10
$result = $(Invoke-QlikPost "/api/odag/v1/links" $data)
$odagLinkRef = $result.objectDef.id
Write-Log -Message "ODAG link added $odagLinkRef"
$sheetSelectionID = $(invoke-qlikget "/qrs/app/object" -filter "name eq '$sheetEmbedName' and objectType eq 'sheet'").engineObjectId
# EnigmaJS to attach this link to apps and sheet using APIs
C:\OdagEnigma\run.bat $odagLinkRef $odagLinkName $sheetSelectionID $selectionAppName $detailsAppName
return $odagLinkRef
}
}

30
archived/vm-fromsnapshot/scripts/winrm.ps1 Normal file
View File

@@ -0,0 +1,30 @@
Write-Host "Delete any existing WinRM listeners"
winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null
#winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null
Write-Host "Create a new WinRM listener and configure"
winrm create winrm/config/listener?Address=*+Transport=HTTP
#winrm set winrm/config/winrs "@{MaxMemoryPerShellMB=`"0`"}"
winrm set winrm/config "@{MaxTimeoutms=`"1800000`"}"
winrm set winrm/config/service "@{AllowUnencrypted=`"true`"}"
#winrm set winrm/config/service "@{MaxConcurrentOperationsPerUser=`"12000`"}"
winrm set winrm/config/service/auth "@{Basic=`"true`"}"
winrm set winrm/config/client/auth "@{Basic=`"true`"}"
Write-Host "Configure UAC to allow privilege elevation in remote shells"
$Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
$Setting = 'LocalAccountTokenFilterPolicy'
Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force
#Write-Host "turn off PowerShell execution policy restrictions"
#Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Write-Host "Configure and restart the WinRM Service; Enable the required firewall exception"
net stop winrm
net start winrm
#Stop-Service -Name WinRM
#Set-Service -Name WinRM -StartupType Automatic
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
#Start-Service -Name WinRM

66
archived/vm-fromsnapshot/variables.tf Normal file
View File

@@ -0,0 +1,66 @@
variable "prefix" {
default = "QMI"
}
variable "subnet_id" {
}
variable "location" {
}
variable "snapshot_id" {
}
variable "resource_group_name" {
}
variable "vm_type" {
default = "Standard_D4s_v3"
}
variable "managed_disk_type" {
default = "Premium_LRS"
}
variable "disk_size_gb" {
default = "128"
}
variable "admin_username" {
default = "scdemoadmin"
}
variable "initial_password" {
}
variable "virtual_machine_name" {
default = null
}
variable "user_id" {
default = null
}
variable "provId" {
default = null
}
variable "is_24x7"{
type = bool
default = null
}
variable "shutdownTime"{
default = null
}
variable "startupTime"{
default = null
}
variable "notrename" {
default = null
}

154
archived/vm-qs-np/main.tf Normal file
View File

@@ -0,0 +1,154 @@
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 2
}
resource "random_password" "password" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_lower = 2
min_upper = 2
min_special = 2
}
resource "random_password" "qlikpassword" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_lower = 2
min_upper = 2
min_special = 2
}
locals {
virtual_machine_name = "${var.prefix}-${random_id.randomMachineId.hex}"
admin_username = var.admin_username
admin_password = random_password.password.result
}
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "sensorsettings" {
name = "carbonblack-sensorsettings"
key_vault_id = var.key_vault_id
}
module "qmi-nic" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
prefix = local.virtual_machine_name
location = var.location
subnet_id = var.subnet_id
resource_group_name = var.resource_group_name
user_id = var.user_id
}
resource "azurerm_virtual_machine" "vm" {
name = local.virtual_machine_name
location = var.location
resource_group_name = var.resource_group_name
network_interface_ids = [module.qmi-nic.id]
vm_size = var.vm_type
delete_os_disk_on_termination = true
delete_data_disks_on_termination = true
storage_image_reference {
id = var.image_reference
}
storage_os_disk {
name = "${local.virtual_machine_name}-osdisk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = var.managed_disk_type
disk_size_gb = var.disk_size_gb
}
os_profile {
computer_name = local.virtual_machine_name
admin_username = local.admin_username
admin_password = local.admin_password
}
os_profile_windows_config {
provision_vm_agent = true
enable_automatic_upgrades = false
winrm {
protocol = "http"
}
}
provisioner "file" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "3m"
}
source = "${path.module}/scripts"
destination = "C:/provision"
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = "qservice"
password = "Qlik1234"
port = 5985
https = false
timeout = "3m"
}
inline = [
"powershell.exe -File C:/provision/resethostname.ps1"
]
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = "qservice"
password = "Qlik1234"
port = 5985
https = false
timeout = "3m"
}
inline = [
"powershell.exe -File C:/provision/qs-post-cfg.ps1 -Hostname ${var.resource_group_name}.qmi.qlik-poc.com -CertPwd ${data.azurerm_key_vault_secret.cert-password.value} -QlikUserPwd ${random_password.qlikpassword.result}",
"powershell.exe -File C:/provision/np-post.ps1"
]
}
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
"ProvId" = var.provId != null? var.provId : null
"QMI_user" = var.user_id != null? var.user_id : null
"24x7" = var.is_24x7 == true? "" : null
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
"StartupTime": var.is_24x7 == false? var.startupTime : null
}
}

2
vm-qs-secure/outputs.tf → archived/vm-qs-np/outputs.tf
View File

@@ -1,5 +1,5 @@
output "virtual_machine_id" { output "virtual_machine_id" {
value = azurerm_windows_virtual_machine.vm.id value = azurerm_virtual_machine.vm.id
} }
output "virtual_machine_name" { output "virtual_machine_name" {

16
archived/vm-qs-np/scripts/carbonblack.ps1 Normal file
View File

@@ -0,0 +1,16 @@
Param(
[string] $SensorSettings
)
Write-Log -Message "Installing and configuring Carbon Black"
New-Item C:\provision\sensorsettings.ini | Out-Null
Set-Content C:\provision\sensorsettings.ini $SensorSettings | Out-Null
(Get-Content C:\provision\sensorsettings.ini) -replace ' ',"`r`n" | Set-Content C:\provision\sensorsettings.ini -Force
C:\provision\CarbonBlackClientSetup.exe /S
Write-Log -Message "Carbon Black is configure!"

27
archived/vm-qs-np/scripts/np-post.ps1 Normal file
View File

@@ -0,0 +1,27 @@
Function restartNPServices
{
write-log -Message "Starting NPrinting Services on $env:COMPUTERNAME"
Set-Service -Name QlikNPrintingEngine -StartupType Automatic
Set-Service -Name QlikNPrintingWebEngine -StartupType Automatic
Set-Service -Name QlikNPrintingScheduler -StartupType Automatic
Set-Service -Name QlikNPrintingMessagingService -StartupType Automatic
Set-Service -Name QlikNPrintingRepoService -StartupType Automatic
Set-Service -Name QlikNPrintingLicenseService -StartupType Automatic
Start-Service -InputObject QlikNPrintingRepoService -ErrorAction SilentlyContinue
Start-Service -InputObject QlikNPrintingMessagingService -ErrorAction SilentlyContinue
Start-Service -InputObject QlikNPrintingWebEngine -ErrorAction SilentlyContinue
Start-Service -InputObject QlikNPrintingEngine -ErrorAction SilentlyContinue
Start-Service -InputObject QlikNPrintingScheduler -ErrorAction SilentlyContinue
Start-Service -InputObject QlikNPrintingLicenseService -ErrorAction SilentlyContinue
}
Write-Log -Message "Exporting new certificates"
Export-QlikCertificate -machineNames "localhost" -includeSecretsKey -exportFormat "Windows"
Export-QlikCertificate -machineNames "localhost" -includeSecretsKey -exportFormat "Pem"
Copy-Item "C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\localhost\client.pfx" -Destination "C:\Program Files\NPrintingServer\Settings\SenseCertificates" -Force
restartNPServices

172
archived/vm-qs-np/scripts/qs-post-cfg.ps1 Normal file
View File

@@ -0,0 +1,172 @@
<#
Module: qs-post-cfg
Author: Clint Carr
Modified by: -
Modification History:
- Fixed connect as user logic (qlik-cli change)
- Added logic to accomodate for Professional/Analyzer or User licenses
- Added a loop into the Connect-Qlik statement to remove an abort error
- Added Logging
- Added comments
- Error checking
- Modified service connection for Qlik Sense from endless loop to a set number of attempts.
- Added a service restart at the end of the Central Node (seems to resolve an issue with April 2018)
last updated: 10/18/2019
Intent: Configure the Qlik Sense environment with applications and Security Rules.
#>
Param(
[string] $Hostname,
[string] $CertPwd,
[string] $QlikUserPwd
)
Import-Module Qlik-Cli
Import-Module "Carbon"
# Helper Functions
# ----------------
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
Write-Log -Message "Creating Qlik account"
$cred = New-Credential "Qlik" $QlikUserPwd
Install-User -Credential $cred
Write-Log -Message "Starting qs-post-cfg.ps1"
### Waiting for Qlik Sense installation to complete
#-----------
Function restartQse
{
Write-Log "Checking Engine Service has started..."
$qse = get-service QlikSenseEngineService
write-log -Message "The engine is currently $($qse.Status)"
if ($qse.Status -eq "Stopped") {
Write-Log -Message "Starting Qlik Sense Engine and waiting 120 seconds" -Severity "Warn";
Start-Service QlikSenseEngineService ;
Restart-Service QlikSenseServiceDispatcher;
start-sleep -s 120
}
write-log -Message "The engine is currently $($qse.Status)"
}
Function connQSR
{
$i = 1
$statusCode = 0
while ($statusCode -ne 200 -and $i -le 10)
{
try {$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode }
catch
{
$i++
write-log -Message "QSR on $env:COMPUTERNAME not responding attempt $i of 10..." -Severity "Warn"
start-sleep -s 20
}
}
}
Function restartServices
{
write-log -Message "Restarting Qlik Sense Services on $env:COMPUTERNAME" -Severity "Warn"
Restart-Service QlikSenseRepositoryDatabase -Force
Restart-Service QlikLoggingService -Force
Restart-Service QlikSenseServiceDispatcher -Force
Restart-Service QlikSenseRepositoryService -Force
Restart-Service QlikSenseProxyService -Force
Restart-Service QlikSenseEngineService -Force
Restart-Service QlikSensePrintingService -Force
Restart-Service QlikSenseSchedulerService -Force
}
Function qlikSenseUserAccess
{
$userAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
$licenseId = Invoke-QlikPost "/qrs/License/UserAccessGroup" $userAccessGroup
$systemRuleJson = (@{
name = "Grant Everyone a token";
category = "License";
rule = '((user.name like "*"))';
type = "Custom";
resourceFilter = "License.UserAccessGroup_" + $licenseId.id;
actions = 1;
ruleContext = "QlikSenseOnly";
disabled = $false;
comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
Write-Log -Message "Adding user license rule to grant Everyone Tokens."
try {
Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
}
Function qlikSenseProfessionalAccess
{
$professionalAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
$licenseId = Invoke-QlikPost "/qrs/License/ProfessionalAccessGroup" $professionalAccessGroup
$systemRuleJson = (@{
name = "Grant Everyone Professional Access";
category = "License";
rule = '((user.name like "*"))';
type = "Custom";
resourceFilter = "License.ProfessionalAccessGroup_" + $licenseId.id;
actions = 1;
ruleContext = "QlikSenseOnly";
disabled = $false;
comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
Write-Log -Message "Adding user license rule to grant Everyone access as Professional."
try {
Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
}
#-----------
write-log -Message "Waiting 1 minute for Qlik Sense installation to complete"
start-sleep -s 60
### wait for Qlik Sense Proxy service to respond with an HTTP 200 status before proceeding
connQSR
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200)
{
Write-Log -Message "Waiting 25 seconds before next pass" -Severity "Warn"
restartServices
Write-Log -Message "Waiting 45 seconds for Services to ensure they are ready" -Severity "Warn"
start-sleep -s 45
connQSR
}
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200) {
Write-Log -Message "Provisioning failed" -Severity "Error"
Exit
}
Write-Log -Message "Qlik Sense Proxy responding on $env:COMPUTERNAME, status code: $statusCode"
Write-Log -Message "Connecting to Qlik Sense Repository Service on $env:COMPUTERNAME"
restartQse
### Connect to the Qlik Sense Repository Service with Qlik-Cli
do {write-log -Message "Connecting to Qlik Sense Repository"; start-sleep 15}
While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials -ErrorAction SilentlyContinue).length -eq 0 )
### Install qlik-poc_com certificate
Write-Log -Message "Install qlik-poc_com certificate"
try {
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
$sslCert=Import-PfxCertificate -FilePath C:/provision/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
Update-QlikProxy -SslBrowserCertificateThumbprint $sslCert.Thumbprint -id (Get-QlikProxy).id | Out-Null
Start-Sleep -s 10
Update-QlikVirtualProxy -id (Get-QlikVirtualProxy -filter "description eq 'Central Proxy (Default)'").id -websocketCrossOriginWhiteList $Hostname | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}

97
archived/vm-qs-np/scripts/resethostname.ps1 Normal file
View File

@@ -0,0 +1,97 @@
Write-Log "Resize Partition C to max size"
$size = Get-PartitionSupportedSize -DriveLetter C
Resize-Partition -DriveLetter C -Size $size.SizeMax
# Helper Functions
# ----------------
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
$cred = New-Credential "qservice" "Qlik1234"
#import-module "Carbon"
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
Set-Service -Name "QlikLoggingService" -StartupType Automatic
Set-Service -Name "QlikSenseServiceDispatcher" -StartupType Automatic
Set-Service -Name "QlikSenseProxyService" -StartupType Automatic
Set-Service -Name "QlikSenseEngineService" -StartupType Automatic
Set-Service -Name "QlikSensePrintingService" -StartupType Automatic
Set-Service -Name "QlikSenseSchedulerService" -StartupType Automatic
Set-Service -Name "QlikSenseRepositoryService" -StartupType Automatic
Set-Service -Name "QlikSenseRepositoryDatabase" -StartupType Automatic
Write-Log "Starting QlikSenseRepositoryDatabase and QlikSenseServiceDispatcher"
Start-Service QlikSenseRepositoryDatabase
Start-Service QlikSenseServiceDispatcher
#Delete certificates
Write-Log "Deleting old certificates"
#Get-ChildItem "$($env:ProgramData)\Qlik\Sense\Repository\Exported Certificates\" | Remove-Item -Recurse
$Certs = Get-ChildItem cert:"CurrentUser\My" | Where-Object { $_.Subject -match 'QlikClient' }
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
$Certs = Get-ChildItem cert:"LocalMachine\My" | Where-Object { $_.Subject -match 'GEN-QS' -or $_.Subject -match 'QMI-QS' }
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
$Certs = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'GEN-QS' -or $_.Subject -match 'QMI-QS' }
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
Write-Log "Setting new hostname to Host.cfg file"
Write-Log $($env:computername)
$enchostname = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("$($env:computername)"))
Set-Content -Path C:\ProgramData\Qlik\Sense\Host.cfg -Value $enchostname
Write-Log "Recreating Qlik Sense certificates"
# AS if qservice user
Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
#From PS
#Start-Process -FilePath "C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe" -ArgumentList "/bootstrap /standalone /restorehostname" -Verb runAs
#qs
#Start-Process powershell.exe -Credential $cred -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
$waiting=50
Write-Log "Waiting $waiting secs ..."
Start-Sleep -s $waiting
#- Wait 10 seconds
Write-Log "Restarting Service Dispatcher"
#- Restart Service Dispacher
Restart-Service QlikSenseServiceDispatcher -Force
#- Restart rest of the services
Start-Sleep -s 20
Write-Log "New Certs: CurrentUser\My"
Get-ChildItem cert:"CurrentUser\My"
Write-Log "New Certs: LocalMachine\My"
Get-ChildItem cert:"LocalMachine\My"
Write-Log "New Certs: LocalMachine\Root"
Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
$NewCerts = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
if ($NewCerts) {
Write-Log "Restarting all Qlik Sense services"
Restart-Service QlikSenseServiceDispatcher -Force
Restart-Service QlikLoggingService -Force
Restart-Service QlikSenseRepositoryService -Force
Restart-Service QlikSenseProxyService -Force
Restart-Service QlikSenseEngineService -Force
Restart-Service QlikSenseSchedulerService -Force
Restart-Service QlikSensePrintingService -Force
Start-Sleep -s 20
Write-Log "Recovering Qlik Sense users"
Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/c C:\provision\updatedir.bat'"
Restart-Service QlikSenseRepositoryService -Force
} else {
Write-Error "Error: Qlik Sense Certs not recreated!"
throw "Error: Qlik Sense Certs not recreated!"
}
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f

10
archived/vm-qs-np/scripts/updatedir.bat Normal file
View File

@@ -0,0 +1,10 @@
@echo off
set host_name=localhost
set owner_name=postgres
set PGPASSWORD=Qlik1234
C: && cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin" && psql -p 4432 -U %owner_name% -d QSR --command "UPDATE public.\"Users\" SET \"UserDirectory\" = '%COMPUTERNAME%', \"RolesString\" = 'RootAdmin' WHERE \"UserDirectory\" != 'INTERNAL';"
psql -p 4432 -U %owner_name% -d QSR --command "SELECT * FROM public.\"Users\" WHERE \"RolesString\" = 'RootAdmin';"
cd "C:\provision"
@echo off

23
vm-fort-az/variables.tf → archived/vm-qs-np/variables.tf
View File

@@ -1,11 +1,10 @@
variable "subnet_id" { variable "subnet_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-VM-Deployments" default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-VM-Deployments"
} }
variable "prefix" { variable "prefix" {
description = "The Prefix used for all resources in this example" description = "The Prefix used for all resources in this example"
default = "QMI-FORT" default = "QMI-QS-NP"
} }
variable "location" { variable "location" {
@@ -13,7 +12,7 @@ variable "location" {
} }
variable "image_reference" { variable "image_reference" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Compute/images/win-base-24022020" default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Compute/images/qliksense-nprinting-base-feb20sr1"
} }
variable "resource_group_name" { variable "resource_group_name" {
@@ -32,18 +31,22 @@ variable "disk_size_gb" {
} }
variable "admin_username" { variable "admin_username" {
default = "qlikfort" default = "qmi"
}
variable "user_id" {
default = null
} }
variable "provId" { variable "provId" {
default = null default = null
} }
variable "is_24x7"{ variable "user_id" {
default = null
}
variable "key_vault_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.KeyVault/vaults/qmisecrets"
}
ariable "is_24x7"{
type = bool type = bool
default = null default = null
} }
@@ -55,5 +58,3 @@ variable "shutdownTime"{
variable "startupTime"{ variable "startupTime"{
default = null default = null
} }

21
compose-install/main.tf
View File

@@ -1,10 +1,20 @@
data "azurerm_key_vault_secret" "compose-license" {
name = "compose-license"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "c4dw" {
name = "compose-datawarehouse-license"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-password" { data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password" name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id key_vault_id = var.key_vault_id
} }
locals { locals {
cert_password = nonsensitive(data.azurerm_key_vault_secret.cert-password.value) composeLicense = (var.c_version == "c4dw")? data.azurerm_key_vault_secret.c4dw.value : data.azurerm_key_vault_secret.compose-license.value
} }
# Install and configure Compose # Install and configure Compose
@@ -20,7 +30,7 @@ resource "null_resource" "install" {
https = false https = false
timeout = "30m" timeout = "30m"
} }
source = "${path.module}/main" source = "${path.module}/scripts"
destination = "C:/provision/compose-install" destination = "C:/provision/compose-install"
} }
@@ -36,11 +46,10 @@ resource "null_resource" "install" {
} }
inline = [ inline = [
"powershell.exe -File C:/provision/compose-install/prep-files.ps1",
"powershell.exe -File C:/provision/compose-install/di-compose-getBinary.ps1 -url ${var.download_url}", "powershell.exe -File C:/provision/compose-install/di-compose-getBinary.ps1 -url ${var.download_url}",
"powershell.exe -File C:/provision/compose-install/di-compose-install.ps1 -url ${var.download_url}", "powershell.exe -File C:/provision/compose-install/di-compose-install.ps1 -url ${var.download_url} -version ${var.c_version}",
"powershell.exe -File C:/provision/compose-install/di-compose-setlicense.ps1 -version ${var.c_version}", "powershell.exe -File C:/provision/compose-install/di-compose-setlicense.ps1 -composeLicense \"${local.composeLicense}\" -version ${var.c_version}",
"powershell.exe -File C:/provision/compose-install/di-compose-installQMICertificate.ps1 -CertPwd \"${local.cert_password}\" -version ${var.c_version}", "powershell.exe -File C:/provision/compose-install/di-compose-installQMICertificate.ps1 -CertPwd ${data.azurerm_key_vault_secret.cert-password.value} -version ${var.c_version}",
] ]
} }

30
compose-install/main/prep-files.ps1
View File

@@ -1,30 +0,0 @@
Param(
[string] $repo="qmi-cloud-tf-modules",
[string] $branch="master",
[string] $scenario="compose-install",
[string] $path="scripts"
)
$pathIs="$scenario/$path"
$DownloadUrl="https://gitlab.com/qmi/$repo/-/archive/$branch/$repo-$branch.zip?path=$pathIs"
Write-Host "--- Boostrap# Downloading repository files ($DownloadUrl) from branch ($branch)..."
New-Item -ItemType Directory -Force -Path C:\Temp | Out-Null
$ProgressPreference = 'SilentlyContinue'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
(New-Object System.Net.WebClient).DownloadFile($DownloadUrl, "C:\Temp\$scenario.zip")
Expand-Archive "C:\Temp\$scenario.zip" -DestinationPath "C:\Temp" -Force
New-Item -ItemType Directory -Force -Path C:\Provision | Out-Null
New-Item -ItemType Directory -Force -Path C:\Provision\compose-install | Out-Null
Copy-Item -Path "C:\Temp\$repo-$branch-$scenario-scripts\$scenario\$path\*" -Destination "C:\Provision\compose-install" -Recurse -Force
Remove-Item "C:\Temp\$repo-$branch-$scenario-scripts" -Recurse
Remove-Item "C:\Temp\$scenario.zip" -Recurse

7
compose-install/output.tf
View File

@@ -1,7 +0,0 @@
output "finished" {
value = true
depends_on = [
null_resource.install
]
}

17
compose-install/scripts/Compose_install.iss
View File

@@ -1,20 +1,25 @@
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder] [{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder]
Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0 Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0
Count=5 Count=5
Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0 Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0
Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0 Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0
Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0 Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0
Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0 Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcomeMaint-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-MessageBox-0]
Result=6
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0] [{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0]
Result=1 Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0] [{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0]
Result=1 Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0] [{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0]
szDir=C:\Program Files\Qlik\Compose\ szDir=C:\Program Files\Qlik\Compose\
Result=1 Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0] [{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0]
Result=1 Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0

25
compose-install/scripts/Compose_install_2021.2.0.iss
View File

@@ -1,25 +0,0 @@
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder]
Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0
Count=5
Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0
Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0
Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0
Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcomeMaint-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-MessageBox-0]
Result=6
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0]
szDir=C:\Program Files\Qlik\Compose\
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0]
Result=1

24
compose-install/scripts/Compose_install_c4dw.iss
View File

@@ -1,20 +1,20 @@
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder] [{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-DlgOrder]
Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0 Dlg0={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdWelcome-0
Count=5 Count=5
Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0 Dlg1={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdLicense2Rtf-0
Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0 Dlg2={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdAskDestPath-0
Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0 Dlg3={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdStartCopy-0
Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0 Dlg4={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdFinish-0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0] [{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdWelcome-0]
Result=1 Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0] [{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdLicense2Rtf-0]
Result=1 Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0] [{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdAskDestPath-0]
szDir=C:\Program Files\Qlik\Compose\ szDir=C:\Program Files\Attunity\Compose for Data Warehouses\
Result=1 Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0] [{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdStartCopy-0]
Result=1 Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0] [{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdFinish-0]
Result=1 Result=1
bOpt1=0 bOpt1=0
bOpt2=0 bOpt2=0

21
compose-install/scripts/compose-license.txt
View File

@@ -1,21 +0,0 @@
{
"$type": "ComposeLicense",
"product": "QlikCompose",
"issued_to": "Attunity Americas",
"issued_by": "Attunity US",
"license_type": "EVALUATION",
"serial_no": "85008595",
"expiration_date": "2023-12-31",
"hosts": "",
"product_version": "2022.5",
"notes": "Qlik internal use only ",
"host_role": "",
"source_db_types": "",
"dwh_type": "*",
"dl_type": "*",
"number_of_dms": "0",
"number_of_developers": "0",
"managed_dwh_size": "0",
"issue_time": "12/15/2022 7:06:16 PM",
"signature": "iDk5NujmAcxcI80BSt4JaOEaSj35u0vzoRXvRcYXy4NpWJLFVvCRJ67LfVcA1WuLwHmarnYWYA+RWT0CyqpH1e4n3nZPaJAwBgnU5Z074rIUrHZi+Z5Hmgux2ptNqXJIr7S1JNc6+fBMHuG//hxYppf9Knmk+5cx5rafxNpCYUU="
}

31
compose-install/scripts/di-compose-install.ps1
View File

@@ -9,36 +9,25 @@ Intent: Install the selected version of Attunity Replicate
#> #>
Param( Param(
[string] $url [string] $url,
[string] $version = "gen2"
) )
Import-Module $PSScriptRoot\q-helper.psm1 | Out-Null Import-Module $PSScriptRoot\q-helper.psm1 | Out-Null
$fileName = $url.Substring($url.LastIndexOf("/") + 1) $fileName = $url.Substring($url.LastIndexOf("/") + 1)
Write-Host "--- Starting di-compose-install.ps1"
$bin = "$PSScriptRoot\binaries\Attunity" $bin = "$PSScriptRoot\binaries\Attunity"
Write-Host "Binary Path $($bin)" Write-Host "Binary Path $($bin)"
Write-Host "Starting di-c4dw-install.ps1"
$issFile = "Compose_install.iss" $issFile = "Compose_install.iss"
if ( $url -Match "2021.2" ) { if ( $version -eq "c4dw" ) {
$issFile="Compose_install_2021.2.0.iss" $issFile = "Compose_install_c4dw.iss"
} }
if ( $url -Match "Attunity_Compose_for_Data_Warehouses" ) {
$issFile="Compose_install_c4dw.iss"
}
Write-Host "Using ISS file: $issFile"
Write-Host $bin\$fileName Write-Host $bin\$fileName
if (Test-Path "$($bin)\Compose_silent_x64_install.log") {
Remove-Item -Path "$($bin)\Compose_silent_x64_install.log" -Force
}
If ((Test-Path $bin\$fileName)) If ((Test-Path $bin\$fileName))
{ {
Write-Host "Installing Attunity Compose from $($bin)\$($fileName)" Write-Host "Installing Attunity Compose from $($bin)\$($fileName)"
@@ -50,16 +39,16 @@ If ((Test-Path $bin\$fileName))
$exec = Get-ChildItem $bin\$fileNoExtension\*.exe | Select-Object -ExpandProperty Name $exec = Get-ChildItem $bin\$fileNoExtension\*.exe | Select-Object -ExpandProperty Name
#Write-Host "Exec: $($exec)" #Write-Host "Exec: $($exec)"
$silentInstall = "$($bin)\$($fileNoExtension)\$($exec) /s /f1$($PSScriptRoot)\$($issFile) /f2$($bin)\Compose_silent_x64_install.log" $C4DWInstall = "$($bin)\$($fileNoExtension)\$($exec) /s /f1$($PSScriptRoot)\$($issFile) /f2$($bin)\Compose_silent_x64_install.log"
Write-Host "Run Compose silent installation : $($silentInstall)" Write-Host "Run Compose silent installation : $($C4DWInstall)"
Invoke-Expression $silentInstall Invoke-Expression $C4DWInstall
while (!(Test-Path "$($bin)\Compose_silent_x64_install.log")) { while (!(Test-Path "$($bin)\Compose_silent_x64_install.log")) {
Write-Host "[Waiting Compose to be installed] ..." Write-Host "[Waiting Compose to be installed] ..."
Start-Sleep 2 Start-Sleep 2
} }
$resultLogs = Get-IniFile "$($bin)\Compose_silent_x64_install.log" $C4DWResults = Get-IniFile "$($bin)\Compose_silent_x64_install.log"
$testResult = $resultLogs.ResponseResult.ResultCode $testResult = $C4DWResults.ResponseResult.ResultCode
Write-Host "Installation return code : $($testResult)" Write-Host "Installation return code : $($testResult)"
} }

19
compose-install/scripts/di-compose-installQMICertificate.ps1
View File

@@ -6,28 +6,23 @@ Param(
try { try {
Write-Host "Install qmi_qlik-poc_com certificate on Windows" Write-Host "Install qmi_qlik-poc_com certificate on Windows"
$ProgressPreference = 'SilentlyContinue'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
(New-Object System.Net.WebClient).DownloadFile("https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx", "$PSScriptRoot\wildcard_qmi_qlik-poc_com.pfx")
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force $secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
$sslCert = Import-PfxCertificate -FilePath $PSScriptRoot/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd $sslCert = Import-PfxCertificate -FilePath $PSScriptRoot/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
$thumb=$($sslCert.Thumbprint) $thumb=$($sslCert.Thumbprint)
Write-Host "Set SSL qmi_qlik-poc_com for Compose" Write-Host "Set SSL qmi_qlik-poc_com for Compose"
if ( $version -eq "c4dw" ) { if ( $version -eq "gen2" ) {
Stop-Service AttunityComposeForDataWarehouses
Start-Process -FilePath "C:\Program Files\Attunity\Compose for Data Warehouses\bin\ComposeCtl.exe" -ArgumentList "certificate clean" -Wait -NoNewWindow
netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'
Start-Service AttunityComposeForDataWarehouses
} else {
Stop-Service QlikCompose Stop-Service QlikCompose
Start-Process -FilePath "C:\Program Files\Qlik\Compose\bin\ComposeCtl.exe" -ArgumentList "certificate clean" -Wait -NoNewWindow Start-Process -FilePath "C:\Program Files\Qlik\Compose\bin\ComposeCtl.exe" -ArgumentList "certificate clean" -Wait -NoNewWindow
netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}' netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'
Start-Service QlikCompose Start-Service QlikCompose
} else {
Stop-Service AttunityComposeForDataWarehouses
Start-Process -FilePath "C:\Program Files\Attunity\Compose for Data Warehouses\bin\ComposeCtl.exe" -ArgumentList "certificate clean" -Wait -NoNewWindow
netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'
Start-Service AttunityComposeForDataWarehouses
} }

23
compose-install/scripts/di-compose-setlicense.ps1
View File

@@ -9,10 +9,14 @@ Intent: Setting the DBs
#> #>
Param( Param(
[string] $composeLicense,
[string] $version = 'gen2' [string] $version = 'gen2'
) )
Write-Host "--- Setting Compose License" Write-Host "ComposeLicenseJSON"
Write-Host $composeLicense
Set-Content $PSScriptRoot\compose-license.txt $composeLicense
# TODO set license # TODO set license
$bin = "C:\Program Files\Qlik\Compose\bin\" $bin = "C:\Program Files\Qlik\Compose\bin\"
@@ -21,22 +25,11 @@ if ( $version -eq "c4dw" ) {
} }
$bin = $bin -replace ' ','` ' $bin = $bin -replace ' ','` '
$cmd = "$($bin)ComposeCli.exe connect" Write-Host "Connect to Compose"
Write-Host "--- Connect to Compose: $($cmd)"
$cmd = "$($bin)ComposeCli.exe connect" $cmd = "$($bin)ComposeCli.exe connect"
Invoke-Expression $cmd Invoke-Expression $cmd
Start-Sleep 5 Write-Host "Apply Compose License"
$cmd = "$($bin)ComposeCli.exe register_license --req @$PSScriptRoot\compose-license.txt"
if ( $version -eq "2022.2.0" -or $version -eq "c4dw") {
# Old way
$cmd = "$($bin)ComposeCli.exe register_license --req @$PSScriptRoot\compose-license.txt"
} else {
# New way
$cmd = "$($bin)ComposeCli.exe register_license --infile $PSScriptRoot\compose-license.txt"
}
Write-Host "Apply Compose License: $($cmd)"
Invoke-Expression $cmd Invoke-Expression $cmd
Start-Sleep 5

BIN
compose-install/scripts/wildcard_qmi_qlik-poc_com.pfx Normal file
View File

Binary file not shown.

7
compose-install/variables.tf
View File

@@ -11,8 +11,7 @@ variable "vm_admin_password" {
} }
variable "download_url" { variable "download_url" {
//default = "https://da3hntz84uekx.cloudfront.net/QlikCompose/2021.8.0/139/_MSI/Qlik_Compose_2021.8.0.139.zip" default = "https://da3hntz84uekx.cloudfront.net/QlikReplicate/7.0.0/5/_MSI/AttunityReplicate_7.0.0.514_X64.zip"
default = "https://github.com/qlik-download/compose/releases/download/v2021.8.0.465/Qlik_Compose_2021.8.0.465.zip"
} }
variable "key_vault_id" { variable "key_vault_id" {
@@ -22,8 +21,4 @@ variable "key_vault_id" {
variable "c_version" { variable "c_version" {
default = "gen2" default = "gen2"
description = "'c4dw' or 'gen2'" description = "'c4dw' or 'gen2'"
}
variable "trigger_done" {
default = null
} }

118
databases/aws-kinesis/main.tf
View File

@@ -1,118 +0,0 @@
terraform {
required_version = ">= 0.13"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.69.0"
}
}
}
locals {
myRegex = "/[^[:alpha:]]/"
splitLower = split(" ", lower(var.user_id))
np0 = replace(element(local.splitLower,0), local.myRegex, "")
np1 = replace(element(local.splitLower,1), local.myRegex, "")
container_n1 = substr(local.np0, 0, 3)
container_n2 = substr(local.np1, 0, 1)
container_n3 = substr(strrev(local.np1), 0, 1)
scnamelower = "${local.container_n1}${local.container_n2}${local.container_n3}"
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
ProvID = var.provision_id
Name = "qmi-${var.provision_id}"
}
}
resource "aws_kinesis_stream" "attrep_apply_exceptions" {
name = "${local.scnamelower}.attrep_apply_exceptions"
shard_count = 1
/*stream_mode_details {
stream_mode = "PROVISIONED"
}*/
tags = local.tags
}
resource "aws_kinesis_stream" "semployees" {
name = "${local.scnamelower}.EMPLOYEES"
shard_count = 3
/*stream_mode_details {
stream_mode = "PROVISIONED"
}*/
tags = local.tags
}
resource "aws_kinesis_stream" "sjobs" {
name = "${local.scnamelower}.JOBS"
shard_count = 3
/*stream_mode_details {
stream_mode = "PROVISIONED"
}*/
tags = local.tags
}
resource "aws_kinesis_stream" "metadata" {
name = "${local.scnamelower}.metadata"
shard_count = 1
/*stream_mode_details {
stream_mode = "PROVISIONED"
}*/
tags = local.tags
}
module "iam_user" {
source = "terraform-aws-modules/iam/aws//modules/iam-user"
version = "~> 3.0"
name = "qmi-user-${var.provision_id}"
force_destroy = true
create_iam_user_login_profile = false
#pgp_key = "keybase:test"
password_reset_required = false
tags = local.tags
}
resource "aws_iam_user_policy" "kinesis_pol" {
name = "kinesis_policy_${module.iam_user.this_iam_user_name}"
user = module.iam_user.this_iam_user_name
# Terraform's "jsonencode" function converts a
# Terraform expression result to valid JSON syntax.
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "kinesis:*",
"Resource": "*"
}
]
})
}

27
databases/aws-kinesis/output.tf
View File

@@ -1,27 +0,0 @@
output "arn_metadata" {
value = aws_kinesis_stream.metadata.arn
}
output "arn_employees" {
value = aws_kinesis_stream.semployees.arn
}
output "arn_jobs" {
value = aws_kinesis_stream.sjobs.arn
}
output "arn_attrep_apply_exceptions" {
value = aws_kinesis_stream.attrep_apply_exceptions.arn
}
output "iam_name" {
value = module.iam_user.this_iam_user_name
}
output "iam_access_key" {
value = module.iam_user.this_iam_access_key_id
}
output "iam_access_secret" {
value = nonsensitive(module.iam_user.this_iam_access_key_secret)
}

10
databases/aws-kinesis/variables.tf
View File

@@ -1,10 +0,0 @@
variable "region" {
default = "us-east-1"
}
variable "provision_id" {
}
variable "user_id" {
}

52
databases/aws-rds/main.tf
View File

@@ -1,15 +1,26 @@
terraform { terraform {
required_version = ">= 0.14" required_version = ">= 0.13"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = "3.74.0" version = ">= 3.49.0"
} }
} }
} }
provider "aws" {
region = var.region
access_key = var.aws_provider_access_key
secret_key = var.aws_provider_access_secret
alias = "myaws"
}
locals { locals {
provid5 = substr(var.provision_id, 0, 5) provid5 = substr(var.provision_id, 0, 5)
aurora = (var.engine == "aurora-mysql") ? true : (var.engine == "aurora-postgresql") ? true : false aurora = (var.engine == "aurora-mysql") ? true : (var.engine == "aurora-postgresql") ? true : false
@@ -17,30 +28,26 @@ locals {
subnet_ids = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap subnet_ids = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
port = (var.engine == "oracle-se2") ? "1521" : (var.engine == "postgres") ? "5432" : (var.engine == "aurora-postgresql") ? "5432" : (var.engine == "sqlserver-ex") ? "1433" : "3306" port = (var.engine == "oracle-se2") ? "1521" : (var.engine == "postgres") ? "5432" : (var.engine == "aurora-postgresql") ? "5432" : (var.engine == "sqlserver-ex") ? "1433" : "3306"
name = (var.engine == "sqlserver-ex") ? null : (var.engine == "oracle-se2") ? "ora${local.provid5}" : "qmi${var.provision_id}" name = (var.engine == "sqlserver-ex") ? null : (var.engine == "oracle-se2") ? "ora${local.provid5}" : "qmi${var.provision_id}"
license = (local.aurora == true) ? "general-public-license" : (var.engine == "mariadb") ? "general-public-license" : (var.engine == "postgres") ? "postgresql-license" : (var.engine == "mysql") ? "general-public-license" : "license-included" license = (local.aurora == true) ? "general-public-license" : (var.engine == "mariadb") ? "general-public-license" : "license-included"
engine_version = (var.engine == "oracle-se2") ? "19.0.0.0.ru-2021-04.rur-2021-04.r1" : (var.engine == "postgres") ? "13.3" : (var.engine == "mysql") ? "8.0.25" : (var.engine == "aurora-postgresql") ? "14.5" : (var.engine == "aurora-mysql") ? "5.7.mysql_aurora.2.10.0" : (var.engine == "sqlserver-ex") ? "15.00.4073.23.v1" : "10.5" #mariaDB engine_version = (var.engine == "oracle-se2") ? "engine_version=19.0.0.0.ru-2021-04.rur-2021-04.r1" : (var.engine == "postgres") ? "13.3" : (var.engine == "mysql") ? "8.0.25" : (var.engine == "aurora-postgresql") ? "12.6" : (var.engine == "aurora-mysql") ? "5.7.mysql_aurora.2.10.0" : (var.engine == "sqlserver-ex") ? "15.00.4073.23.v1" : "10.5" #mariaDB
major_engine_version = (var.engine == "oracle-se2") ? "19" : (var.engine == "postgres") ? "13" : (var.engine == "mysql") ? "8.0" : (var.engine == "aurora-postgresql") ? "12" : (var.engine == "aurora-mysql") ? "5.7" : (var.engine == "sqlserver-ex") ? "15.00" : "10.5" #mariaDB major_engine_version = (var.engine == "oracle-se2") ? "19.0" : (var.engine == "postgres") ? "13" : (var.engine == "mysql") ? "8.0" : (var.engine == "aurora-postgresql") ? "12" : (var.engine == "aurora-mysql") ? "5.7" : (var.engine == "sqlserver-ex") ? "15.00" : "10.5" #mariaDB
family = (var.engine == "oracle-se2") ? "oracle-se2-19" : (var.engine == "postgres") ? "postgres13" : (var.engine == "mysql") ? "mysql8.0" : (var.engine == "aurora-postgresql") ? "aurora-postgresql12" : (var.engine == "aurora-mysql") ? "aurora-mysql5.7" : (var.engine == "sqlserver-ex") ? "sqlserver-ex-15.0" : "mariadb10.5" #mariaDB family = (var.engine == "oracle-se2") ? "oracle-se2-19" : (var.engine == "postgres") ? "postgres13" : (var.engine == "mysql") ? "mysql8.0" : (var.engine == "aurora-postgresql") ? "aurora-postgresql12" : (var.engine == "aurora-mysql") ? "aurora-mysql5.7" : (var.engine == "sqlserver-ex") ? "sqlserver-ex-15.0" : "mariadb10.5" #mariaDB
tags = { tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id QMI_user = var.user_id
ProvID = var.provision_id ProvID = var.provision_id
Name = "qmi-${var.provision_id}"
} }
} }
module "fw-ips" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
}
module "security_group" { module "security_group" {
# SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now. # SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now.
source = "terraform-aws-modules/security-group/aws" source = "terraform-aws-modules/security-group/aws"
version = "~> 4.3" version = "~> 4.3"
providers = {
aws = aws.myaws
}
name = "${var.provision_id}-SG" name = "${var.provision_id}-SG"
description = "${var.provision_id}-SG" description = "${var.provision_id}-SG"
vpc_id = local.vpc_id vpc_id = local.vpc_id
@@ -48,8 +55,7 @@ module "security_group" {
# ingress # ingress
ingress_cidr_blocks = module.fw-ips.cidr_blocks ingress_cidr_blocks = ["52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32"]
ingress_with_cidr_blocks = [ ingress_with_cidr_blocks = [
{ {
@@ -63,7 +69,7 @@ module "security_group" {
# egress # egress
egress_cidr_blocks = module.fw-ips.cidr_blocks egress_cidr_blocks = ["52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32"]
egress_with_cidr_blocks = [ egress_with_cidr_blocks = [
{ {
@@ -82,7 +88,11 @@ module "common_rds_instance" {
source = "terraform-aws-modules/rds/aws" source = "terraform-aws-modules/rds/aws"
version = "~> 3.3" version = "~> 3.3"
count = local.aurora? 0 : 1 count = local.aurora ? 0 : 1
providers = {
aws = aws.myaws
}
identifier = "${var.engine}${var.provision_id}" identifier = "${var.engine}${var.provision_id}"
@@ -121,7 +131,11 @@ module "aurora_rds_instance" {
source = "terraform-aws-modules/rds-aurora/aws" source = "terraform-aws-modules/rds-aurora/aws"
version = "~> 5.2" version = "~> 5.2"
count = local.aurora? 1 : 0 count = local.aurora ? 1 : 0
providers = {
aws = aws.myaws
}
name = local.name name = local.name
engine = var.engine engine = var.engine

14
databases/aws-rds/output.tf
View File

@@ -1,23 +1,21 @@
output "db_username" { output "db_username" {
description = "The master username for the database" description = "The master username for the database"
value = (local.aurora)? nonsensitive(module.aurora_rds_instance[0].rds_cluster_master_username) : nonsensitive(module.common_rds_instance[0].db_instance_username) value = local.aurora ? module.aurora_rds_instance[0].rds_cluster_master_username : module.common_rds_instance[0].db_instance_username
sensitive = true
} }
output "db_instance_password" { output "db_instance_password" {
description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)" description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)"
value = (local.aurora)? nonsensitive(module.aurora_rds_instance[0].rds_cluster_master_password) : nonsensitive(module.common_rds_instance[0].db_instance_password) value = local.aurora ? module.aurora_rds_instance[0].rds_cluster_master_password : module.common_rds_instance[0].db_instance_password
sensitive = true
} }
output "db_instance_port" { output "db_instance_port" {
description = "The database port" description = "The database port"
value = (local.aurora)? module.aurora_rds_instance[0].rds_cluster_port : module.common_rds_instance[0].db_instance_port value = local.aurora ? module.aurora_rds_instance[0].rds_cluster_port : module.common_rds_instance[0].db_instance_port
} }
output "db_instance_endpoint" { output "db_instance_endpoint" {
description = "The connection endpoint" description = "The connection endpoint"
value = (local.aurora)? module.aurora_rds_instance[0].rds_cluster_endpoint : module.common_rds_instance[0].db_instance_endpoint value = local.aurora ? module.aurora_rds_instance[0].rds_cluster_instance_endpoint : module.common_rds_instance[0].db_instance_endpoint
}
output "db_instance_name" {
value = local.name
} }

6
databases/aws-rds/variables.tf
View File

@@ -1,3 +1,9 @@
variable "aws_provider_access_key" {
}
variable "aws_provider_access_secret" {
}
variable "region" { variable "region" {
default = "us-east-1" default = "us-east-1"
} }

121
databases/aws-redshift/main.tf
View File

@@ -1,121 +0,0 @@
terraform {
required_version = ">= 0.14"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.49.0"
}
}
}
resource "random_password" "password" {
length = 16
special = true
override_special = "_!"
min_numeric = 1
upper = true
lower = true
number = true
min_lower = 2
min_upper = 2
min_special = 2
}
locals {
provid5 = substr(var.provision_id, 0, 5)
vpc_id = (var.region == "eu-west-1") ? var.vpc_id_eu : (var.region == "us-east-1") ? var.vpc_id_us : var.vpc_id_ap
subnet_ids = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
port = "5439"
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
ProvID = var.provision_id
Name = "qmi-${var.provision_id}"
}
}
module "fw-ips" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
}
module "security_group" {
# SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now.
source = "terraform-aws-modules/security-group/aws"
version = "~> 4.3"
name = "${var.provision_id}-SG"
description = "${var.provision_id}-SG"
vpc_id = local.vpc_id
# ingress
ingress_cidr_blocks = module.fw-ips.cidr_blocks
ingress_with_cidr_blocks = [
{
from_port = local.port
to_port = local.port
protocol = "tcp"
description = "Redshift"
},
]
# egress
egress_cidr_blocks = module.fw-ips.cidr_blocks
egress_with_cidr_blocks = [
{
from_port = local.port
to_port = local.port
protocol = "tcp"
description = "Redshift"
},
]
tags = local.tags
}
module "redshift" {
source = "terraform-aws-modules/redshift/aws"
version = "~> 3.0"
cluster_identifier = "qmi-${var.provision_id}"
cluster_node_type = "dc2.large" #"dc1.large"
cluster_number_of_nodes = 1
cluster_database_name = var.cluster_database_name
cluster_master_username = var.cluster_master_username
cluster_master_password = random_password.password.result
# Group parameters
#wlm_json_configuration = "[{\"query_concurrency\": 5}]"
# DB Subnet Group Inputs
subnets = local.subnet_ids
vpc_security_group_ids = [module.security_group.security_group_id]
publicly_accessible = true
# IAM Roles
#cluster_iam_roles = ["arn:aws:iam::225367859851:role/developer"]
tags = local.tags
}
module "qmi-s3-bucket" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//s3-bucket"
provision_id = var.provision_id
region = var.region
user_id = var.user_id
}

47
databases/aws-redshift/outputs.tf
View File

@@ -1,47 +0,0 @@
output "redshift_cluster_id" {
description = "The availability zone of the RDS instance"
value = module.redshift.redshift_cluster_id
}
output "redshift_cluster_endpoint" {
description = "Redshift endpoint"
value = module.redshift.redshift_cluster_endpoint
}
output "redshift_cluster_hostname" {
description = "Redshift hostname"
value = module.redshift.redshift_cluster_hostname
}
output "redshift_cluster_port" {
description = "Redshift port"
value = module.redshift.redshift_cluster_port
}
output "redshift_cluster_database_name" {
value = module.redshift.redshift_cluster_database_name
}
output "redshift_cluster_master_username" {
value = var.cluster_master_username
}
output "redshift_cluster_master_password" {
value = nonsensitive(random_password.password.result)
}
output "s3_bucket_name" {
value = module.qmi-s3-bucket.bucket.s3_bucket_id
}
output "s3_bucket_region" {
value = module.qmi-s3-bucket.bucket.s3_bucket_region
}
output "s3_iam_user_access_key" {
value = module.qmi-s3-bucket.iam_access_key
}
output "s3_iam_user_access_secret" {
value = module.qmi-s3-bucket.iam_access_secret
}

42
databases/aws-redshift/variables.tf
View File

@@ -1,42 +0,0 @@
variable "region" {
default = "us-east-1"
}
variable "provision_id" {
}
variable "user_id" {
}
variable "vpc_id_ap" {
default = "vpc-22ee2844"
}
variable "vpc_id_eu" {
default = "vpc-73f0500a"
}
variable "vpc_id_us" {
default = "vpc-c079f5bd"
}
variable "subnet_ids_ap" {
default = ["subnet-658aec3c", "subnet-e030eba8", "subnet-94309bf2"]
}
variable "subnet_ids_eu" {
default = ["subnet-4d441b17", "subnet-95c22fde", "subnet-70938116"]
}
variable "subnet_ids_us" {
default = ["subnet-4d26552b", "subnet-0414685b", "subnet-c97f7c84", "subnet-7f695c71", "subnet-96acd2b7", "subnet-88ab2cb9"]
}
variable "cluster_database_name" {
default = "qmi_rs_db"
}
variable "cluster_master_username" {
default = "qmi"
}

71
databases/azure-eventhub/main.tf
View File

@@ -1,71 +0,0 @@
locals {
myRegex = "/[^[:alpha:]]/"
splitLower = split(" ", lower(var.user_id))
np0 = replace(element(local.splitLower,0), local.myRegex, "")
np1 = replace(element(local.splitLower,1), local.myRegex, "")
container_n1 = substr(local.np0, 0, 3)
container_n2 = substr(local.np1, 0, 1)
container_n3 = substr(strrev(local.np1), 0, 1)
scnamelower = "${local.container_n1}${local.container_n2}${local.container_n3}"
}
resource "azurerm_eventhub_namespace" "ehbnamespace" {
name = "qlik${local.scnamelower}ns"
location = var.location
resource_group_name = var.resource_group_name
sku = "Standard"
capacity = 1
auto_inflate_enabled = true
maximum_throughput_units = 2
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
network_rulesets {
default_action = "Deny"
trusted_service_access_enabled = true
virtual_network_rule {
subnet_id = var.subnet_id
}
}
}
resource "azurerm_eventhub" "attrep_apply_exceptions" {
name = "attrep_apply_exceptions"
namespace_name = azurerm_eventhub_namespace.ehbnamespace.name
resource_group_name = var.resource_group_name
partition_count = 1
message_retention = 1
}
resource "azurerm_eventhub" "hr_employees" {
name = "hr.employees"
namespace_name = azurerm_eventhub_namespace.ehbnamespace.name
resource_group_name = var.resource_group_name
partition_count = 1
message_retention = 1
}
resource "azurerm_eventhub" "hr_jobs" {
name = "hr.jobs"
namespace_name = azurerm_eventhub_namespace.ehbnamespace.name
resource_group_name = var.resource_group_name
partition_count = 1
message_retention = 1
}
resource "azurerm_eventhub" "metadatahub" {
name = "metadatahub"
namespace_name = azurerm_eventhub_namespace.ehbnamespace.name
resource_group_name = var.resource_group_name
partition_count = 1
message_retention = 1
}

12
databases/azure-eventhub/outputs.tf
View File

@@ -1,12 +0,0 @@
output "default_primary_connection_string" {
value = nonsensitive(azurerm_eventhub_namespace.ehbnamespace.default_primary_connection_string)
}
output "default_primary_key" {
value = nonsensitive(azurerm_eventhub_namespace.ehbnamespace.default_primary_key)
}
output "namespace_name" {
value = "qlik${local.scnamelower}ns"
}

107
databases/azure-hdinsight-hadoop/main.tf
View File

@@ -1,107 +0,0 @@
resource "random_password" "password1" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_numeric = 2
min_lower = 2
min_upper = 2
min_special = 2
}
resource "random_password" "password2" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_numeric = 2
min_lower = 2
min_upper = 2
min_special = 2
}
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 5
}
resource "azurerm_storage_account" "example" {
name = "hdinsightstor${random_id.randomMachineId.hex}"
resource_group_name = var.resource_group_name
location = var.location
account_tier = "Standard"
account_replication_type = "LRS"
tags = var.tags
}
resource "azurerm_storage_container" "example" {
name = "hdinsight"
storage_account_name = azurerm_storage_account.example.name
container_access_type = "private"
}
resource "azurerm_role_assignment" "data-contributor-dbricksapp1" {
scope = azurerm_storage_account.example.id
role_definition_name = "Contributor"
principal_id = var.dbricks_app_registration_principal_id
}
resource "azurerm_role_assignment" "data-contributor-dbricksapp2" {
scope = azurerm_storage_account.example.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = var.dbricks_app_registration_principal_id
}
resource "azurerm_hdinsight_hadoop_cluster" "example" {
name = "hdicluster-${var.provision_id}"
resource_group_name = var.resource_group_name
location = var.location
cluster_version = "4.0"
tier = "Standard"
tags = var.tags
component_version {
hadoop = "3.1"
}
gateway {
username = "acctestusrgw"
password = random_password.password1.result
}
storage_account {
storage_container_id = azurerm_storage_container.example.id
storage_account_key = azurerm_storage_account.example.primary_access_key
is_default = true
}
roles {
head_node {
vm_size = "Standard_D3_V2"
username = "acctestusrvm"
password = random_password.password2.result
}
worker_node {
vm_size = "Standard_D3_V2"
username = "acctestusrvm"
password = random_password.password2.result
target_instance_count = 2
}
zookeeper_node {
vm_size = "Standard_D3_V2"
username = "acctestusrvm"
password = random_password.password2.result
}
}
}

59
databases/azure-hdinsight-hadoop/outputs.tf
View File

@@ -1,59 +0,0 @@
output "gateway-creds" {
value = {
username = "acctestusrgw"
password = nonsensitive(random_password.password1.result)
}
}
output "cluster-creds" {
value = {
username = "acctestusrvm"
password = nonsensitive(random_password.password2.result)
}
}
output "https_endpoint" {
value = azurerm_hdinsight_hadoop_cluster.example.https_endpoint
}
output "ssh_endpoint" {
value = azurerm_hdinsight_hadoop_cluster.example.ssh_endpoint
}
output "Azure_Active_Directory_Tenant_ID" {
value = "c21eeb5f-f5a6-44e8-a997-124f2f7a497c"
}
output "Azure_Application_Registration_Client_ID" {
value = var.dbricks_app_registration_application_id
}
output "Azure_Application_Registration_Secret" {
value = "~qp8Q~utl~YJ3skNM9kAuq25VY~rKxxOWpaVYcnQ"
}
output "adls_StorageAccount-Name" {
value = azurerm_storage_account.example.name
}
output "adls_StorageAccount-ContainerName" {
value = azurerm_storage_container.example.name
}
output "adls_StorageAccount-AccessKey" {
value = nonsensitive(azurerm_storage_account.example.primary_access_key)
}
output "adls_Azure_Active_Directory_Tenant_ID" {
value = "c21eeb5f-f5a6-44e8-a997-124f2f7a497c"
}
output "adls_Azure_Application_Registration_Client_ID" {
value = var.dbricks_app_registration_application_id
}
output "adls_Azure_Application_Registration_Secret" {
value = "~qp8Q~utl~YJ3skNM9kAuq25VY~rKxxOWpaVYcnQ"
}

26
databases/azure-hdinsight-hadoop/variables.tf
View File

@@ -1,26 +0,0 @@
variable "resource_group_name" {
type = string
}
variable "provision_id" {
type = string
}
variable "location" {
type = string
default = "EAST US"
}
variable "tags" {
default = null
}
variable "dbricks_app_registration_principal_id" {
description = "databricks-qmi"
default = "efeee17c-d2b3-4e7c-a163-9995b7d281e2"
}
variable "dbricks_app_registration_application_id" {
description = "databricks-qmi"
default = "9ccb0d99-3bba-4695-aa47-df77bf512084"
}

31
databases/azure-rds-flexmysql/firewall.tf
View File

@@ -1,31 +0,0 @@
/*resource "azurerm_mysql_flexible_server_firewall_rule" "all-azure-services" {
name = "AllAzureServices"
resource_group_name = var.resource_group_name
server_name = azurerm_mysql_flexible_server.mysql-server.name
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}*/
resource "azurerm_mysql_flexible_server_firewall_rule" "fw-a-rule1" {
name = "a1"
resource_group_name = var.resource_group_name
server_name = azurerm_mysql_flexible_server.mysql-server.name
start_ip_address = "52.249.189.38"
end_ip_address = "52.249.189.38"
}
resource "azurerm_mysql_flexible_server_firewall_rule" "fw-a-rule2" {
name = "a2"
resource_group_name = var.resource_group_name
server_name = azurerm_mysql_flexible_server.mysql-server.name
start_ip_address = "13.67.39.86"
end_ip_address = "13.67.39.86"
}
resource "azurerm_mysql_flexible_server_firewall_rule" "fw-a-rule3" {
name = "a3"
resource_group_name = var.resource_group_name
server_name = azurerm_mysql_flexible_server.mysql-server.name
start_ip_address = "20.67.110.207"
end_ip_address = "20.67.110.207"
}

52
databases/azure-rds-flexmysql/main.tf
View File

@@ -1,52 +0,0 @@
resource "random_password" "password" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_numeric = 2
min_lower = 2
min_upper = 2
min_special = 2
}
resource "azurerm_mysql_flexible_server" "mysql-server" {
name = "qmi-mysql-${var.provision_id}"
location = var.location
resource_group_name = var.resource_group_name
administrator_login = var.admin_login
administrator_password = random_password.password.result
storage {
size_gb = var.mysql-storage
}
backup_retention_days = 7
sku_name = var.mysql-sku-name
version = var.mysql-version
geo_redundant_backup_enabled = false
//public_network_access_enabled = true
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
}
resource "azurerm_mysql_flexible_database" "example" {
name = "QlikDB"
resource_group_name = var.resource_group_name
server_name = azurerm_mysql_flexible_server.mysql-server.name
charset = "utf8"
collation = "utf8_unicode_ci"
}
resource "azurerm_mysql_flexible_server_configuration" "example" {
name = "binlog_row_image"
resource_group_name = var.resource_group_name
server_name = azurerm_mysql_flexible_server.mysql-server.name
value = "full"
}

11
databases/azure-rds-flexmysql/output.tf
View File

@@ -1,11 +0,0 @@
output "db_server_fqdn" {
value = azurerm_mysql_flexible_server.mysql-server.fqdn
}
output "root_username" {
value = var.admin_login
}
output "root_username_password" {
value = nonsensitive(random_password.password.result)
}

39
databases/azure-rds-flexmysql/variables.tf
View File

@@ -1,39 +0,0 @@
variable "resource_group_name" {
}
variable "provision_id" {
type = string
description = "(optional) describe your variable"
}
variable "location" {
type = string
description = "(optional) describe your variable"
default = "EAST US"
}
variable "user_id" {
}
variable "admin_login" {
type = string
description = "Login to authenticate to MySQL Server"
default = "qmi"
}
variable "mysql-version" {
type = string
description = "MySQL Server version to deploy"
default = "5.7"
}
variable "mysql-sku-name" {
type = string
description = "MySQL SKU Name"
default = "GP_Standard_D2ds_v4"
}
variable "mysql-storage" {
type = string
description = "MySQL Storage in MB"
default = "20"
}

28
databases/azure-rds-flexpostgres/firewall.tf
View File

@@ -1,28 +0,0 @@
/*resource "azurerm_postgresql_flexible_server_firewall_rule" "all-azure-services" {
name = "AllAzureServices"
server_id = azurerm_postgresql_flexible_server.postgresql-server.id
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}*/
resource "azurerm_postgresql_flexible_server_firewall_rule" "fw-a-rule1" {
name = "a1"
server_id = azurerm_postgresql_flexible_server.postgresql-server.id
start_ip_address = "52.249.189.38"
end_ip_address = "52.249.189.38"
}
resource "azurerm_postgresql_flexible_server_firewall_rule" "fw-a-rule2" {
name = "a2"
server_id = azurerm_postgresql_flexible_server.postgresql-server.id
start_ip_address = "13.67.39.86"
end_ip_address = "13.67.39.86"
}
resource "azurerm_postgresql_flexible_server_firewall_rule" "fw-a-rule3" {
name = "a3"
server_id = azurerm_postgresql_flexible_server.postgresql-server.id
start_ip_address = "20.67.110.207"
end_ip_address = "20.67.110.207"
}

53
databases/azure-rds-flexpostgres/main.tf
View File

@@ -1,53 +0,0 @@
resource "random_password" "password" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_numeric = 2
min_lower = 2
min_upper = 2
min_special = 2
}
resource "azurerm_postgresql_flexible_server" "postgresql-server" {
name = "qmi-postgresql-${var.provision_id}"
location = var.location
resource_group_name = var.resource_group_name
version = var.postgresql-version
administrator_login = var.admin_login
administrator_password = random_password.password.result
storage_mb = var.postgresql-storage
sku_name = var.postgresql-sku-name
geo_redundant_backup_enabled = false
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
}
resource "azurerm_postgresql_flexible_server_configuration" "conf1" {
name = "wal_level"
server_id = azurerm_postgresql_flexible_server.postgresql-server.id
value = "logical"
}
resource "azurerm_postgresql_flexible_server_configuration" "conf2" {
name = "log_statement"
server_id = azurerm_postgresql_flexible_server.postgresql-server.id
value = "all"
}
resource "azurerm_postgresql_flexible_server_database" "postgresql-db" {
name = "QlikPostgresqlDB"
server_id = azurerm_postgresql_flexible_server.postgresql-server.id
collation = "en_US.utf8"
charset = "utf8"
}

11
databases/azure-rds-flexpostgres/output.tf
View File

@@ -1,11 +0,0 @@
output "db_server_fqdn" {
value = azurerm_postgresql_flexible_server.postgresql-server.fqdn
}
output "root_username" {
value = var.admin_login
}
output "root_username_password" {
value = nonsensitive(random_password.password.result)
}

41
databases/azure-rds-flexpostgres/variables.tf
View File

@@ -1,41 +0,0 @@
variable "resource_group_name" {
}
variable "provision_id" {
type = string
description = "(optional) describe your variable"
}
variable "location" {
type = string
description = "(optional) describe your variable"
default = "EAST US"
}
variable "admin_login" {
type = string
description = "Login to authenticate to PostgreSQL Server"
default = "qmi"
}
variable "postgresql-version" {
type = string
description = "PostgreSQL Server version to deploy"
default = "12"
}
variable "postgresql-sku-name" {
type = string
description = "PostgreSQL SKU Name"
default = "GP_Standard_D2s_v3"
}
variable "postgresql-storage" {
type = string
description = "PostgreSQL Storage in MB"
default = "32768"
}
variable "user_id" {
}

26
databases/azure-rds-mariadb/firewall.tf
View File

@@ -1,26 +0,0 @@
resource "azurerm_mariadb_virtual_network_rule" "vnetrule" {
count = var.subnet_id != null? 1 : 0
name = "vnet-rule-${var.provision_id}"
resource_group_name = var.resource_group_name
server_name = azurerm_mariadb_server.mariadb-server.name
subnet_id = var.subnet_id
}
module "fw-ips" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
}
resource "azurerm_mariadb_firewall_rule" "fw_rule" {
for_each = module.fw-ips.ips
name = each.key
resource_group_name = var.resource_group_name
server_name = azurerm_mariadb_server.mariadb-server.name
start_ip_address = each.value.0
end_ip_address = each.value.1
}

47
databases/azure-rds-mariadb/main.tf
View File

@@ -1,47 +0,0 @@
resource "random_password" "password" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_numeric = 2
min_lower = 2
min_upper = 2
min_special = 2
}
resource "azurerm_mariadb_server" "mariadb-server" {
name = "qmi-mariadb-${var.provision_id}"
location = var.location
resource_group_name = var.resource_group_name
administrator_login = var.admin_login
administrator_login_password = random_password.password.result
sku_name = var.sku-name
version = var.db-version
storage_mb = var.storage
auto_grow_enabled = true
backup_retention_days = 7
geo_redundant_backup_enabled = false
public_network_access_enabled = true
ssl_enforcement_enabled = false
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
}
resource "azurerm_mariadb_database" "mariadb-db" {
name = "QlikDB"
resource_group_name = var.resource_group_name
server_name = azurerm_mariadb_server.mariadb-server.name
charset = "utf8"
collation = "utf8_unicode_ci"
}

11
databases/azure-rds-mariadb/output.tf
View File

@@ -1,11 +0,0 @@
output "db_server_fqdn" {
value = azurerm_mariadb_server.mariadb-server.fqdn
}
output "root_username" {
value = "${var.admin_login}@qmi-mariadb-${var.provision_id}"
}
output "root_username_password" {
value = nonsensitive(random_password.password.result)
}

43
databases/azure-rds-mariadb/variables.tf
View File

@@ -1,43 +0,0 @@
variable "resource_group_name" {
}
variable "provision_id" {
type = string
description = "(optional) describe your variable"
}
variable "location" {
type = string
description = "(optional) describe your variable"
default = "EAST US"
}
variable "subnet_id" {
default = null
}
variable "user_id" {
}
variable "admin_login" {
type = string
description = "Login to authenticate to MySQL Server"
default = "qmi"
}
variable "db-version" {
type = string
description = "MariaDB Server version to deploy"
default = "10.2"
}
variable "sku-name" {
type = string
description = "MariaDB SKU Name"
default = "GP_Gen5_2"
}
variable "storage" {
type = string
description = "MariaDB Storage in MB"
default = "5120"
}

24
databases/azure-rds-mssql/firewall.tf
View File

@@ -1,24 +0,0 @@
resource "azurerm_mssql_virtual_network_rule" "sqlvnetrule" {
count = var.subnet_id != null? 1 : 0
name = "vnet-rule-${local.provision_id}"
server_id = azurerm_mssql_server.sqlserver.id
subnet_id = var.subnet_id
}
module "fw-ips" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
}
resource "azurerm_mssql_firewall_rule" "fw_rule" {
for_each = module.fw-ips.ips
name = each.key
server_id = azurerm_mssql_server.sqlserver.id
start_ip_address = each.value.0
end_ip_address = each.value.1
}

Some files were not shown because too many files have changed in this diff Show More