jprdonnelly/qmi-cloud-tf-modules
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: jprdonnelly:dev
Branches Tags
jprdonnelly:master jprdonnelly:dev jprdonnelly:unity jprdonnelly:qseastus jprdonnelly:dbricks jprdonnelly:qsgen jprdonnelly:synapse jprdonnelly:Prabu.selvam-master-patch-11592 jprdonnelly:dev2 jprdonnelly:qdc jprdonnelly:qdcfromsnap jprdonnelly:QCS-IP-Fix jprdonnelly:RDS-Fix
..
compare: jprdonnelly:QCS-IP-Fix
Branches Tags
jprdonnelly:dev jprdonnelly:master jprdonnelly:unity jprdonnelly:qseastus jprdonnelly:dbricks jprdonnelly:qsgen jprdonnelly:synapse jprdonnelly:Prabu.selvam-master-patch-11592 jprdonnelly:dev2 jprdonnelly:qdc jprdonnelly:qdcfromsnap jprdonnelly:QCS-IP-Fix jprdonnelly:RDS-Fix

1 Commits
dev ... QCS-IP-Fix

Author SHA1 Message Date
ChrisLopez
2873e29c85 Fixed missing /32 2021-10-01 11:24:46 +01:00
347 changed files with 30821 additions and 83668 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

70
adls/main.tf
View File

@@ -1,70 +0,0 @@
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 5
}
resource "azurerm_storage_account" "saccount" {
name = var.storage_account_name != null? var.storage_account_name : "qmiadlsgen2${random_id.randomMachineId.hex}"
resource_group_name = var.resource_group_name
location = var.location
account_kind = "StorageV2"
account_replication_type = var.account_replication_type != null? var.account_replication_type : "RAGRS"
account_tier = "Standard"
access_tier = "Hot"
is_hns_enabled = "true"
tags = var.tags
}
resource "azurerm_storage_container" "scontainer" {
name = var.container_name != null? var.container_name : "qmicontainer"
storage_account_name = azurerm_storage_account.saccount.name
#container_access_type = "container"
}
resource "azurerm_role_assignment" "data-contributor-role" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Contributor"
principal_id = var.tpm_app_registration_principal_id
}
resource "azurerm_role_assignment" "data-contributor-role2" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = var.tpm_app_registration_principal_id
}
resource "azurerm_role_assignment" "data-contributor-dbricksapp1" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Contributor"
principal_id = var.dbricks_app_registration_principal_id
}
resource "azurerm_role_assignment" "data-contributor-dbricksapp2" {
scope = azurerm_storage_account.saccount.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = var.dbricks_app_registration_principal_id
}
###### EXTRA ASSIGN ROLE #######
resource "azurerm_role_assignment" "machine_role_assignment" {
count = var.principal_id_storage_blob_contributor != null? 1 : 0
scope = azurerm_storage_account.saccount.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = var.principal_id_storage_blob_contributor
}

35
adls/outputs.tf
View File

@@ -1,35 +0,0 @@
output "StorageAccount-Scope" {
value = azurerm_storage_account.saccount.id
}
output "StorageAccount-AccessKey" {
value = nonsensitive(azurerm_storage_account.saccount.primary_access_key)
}
output "StorageAccount-ConnectionString" {
value = nonsensitive(azurerm_storage_account.saccount.primary_connection_string)
}
output "StorageAccount-Name" {
value = azurerm_storage_account.saccount.name
}
output "StorageAccount-ContainerName" {
value = azurerm_storage_container.scontainer.name
}
output "StorageAccount-ContainerId" {
value = azurerm_storage_container.scontainer.id
}
output "Azure_Active_Directory_Tenant_ID" {
value = "c21eeb5f-f5a6-44e8-a997-124f2f7a497c"
}
output "Azure_Application_Registration_Client_ID" {
value = var.dbricks_app_registration_application_id
}
output "Azure_Application_Registration_Secret" {
value = "i3F8Q~FxhoyOP1-4r9sstaohnjxXaf~ulhVJFav_"
}

46
adls/variable.tf
View File

@@ -1,46 +0,0 @@
variable "resource_group_name" {
}
variable "location" {
description = "The Azure Region in which the resources in this example should exist"
default = "East US"
}
variable "storage_account_name" {
default = null
}
variable "container_name" {
default = null
}
variable "tags" {
default = null
}
variable "tpm_app_registration_principal_id" {
description = "tpm"
default = "163a72e3-8ce3-4e33-baae-954383f87e3e"
}
variable "dbricks_app_registration_principal_id" {
description = "databricks-qmi"
default = "efeee17c-d2b3-4e7c-a163-9995b7d281e2"
}
variable "dbricks_app_registration_application_id" {
description = "databricks-qmi"
default = "9ccb0d99-3bba-4695-aa47-df77bf512084"
}
variable "principal_id_storage_blob_contributor" {
default = null
}
variable "sa_config_type" {
default = "1"
}
variable "account_replication_type" {
default = null
}

23
appgateways/appgw-443-only/logs.tf
View File

@@ -1,23 +0,0 @@
resource "azurerm_monitor_diagnostic_setting" "example" {
name = "${local.appgw_name}-${var.provision_id}-diagsettings"
target_resource_id = azurerm_application_gateway.qmi-app-gw.id
log_analytics_workspace_id = var.log_analytics_workspace_id
enabled_log {
category = "ApplicationGatewayAccessLog"
retention_policy {
enabled = true
}
}
enabled_log {
category = "ApplicationGatewayFirewallLog"
retention_policy {
enabled = true
}
}
}

22
appgateways/appgw-443-only/main.tf
View File

@@ -13,8 +13,14 @@ locals {
redirect_configuration_80 = "${var.appgw_hostname}-80redirect"
}
data "azurerm_key_vault_certificate" "qmi-cert" {
name = "star-qmi-qlikpoc-com-cert"
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id
}
@@ -30,7 +36,6 @@ resource "azurerm_public_ip" "appgw-ip" {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
Owner = var.user_id
}
}
@@ -40,16 +45,10 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
resource_group_name = var.app_gw_rg
location = var.location
identity {
type = "UserAssigned"
identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
}
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
Owner = var.user_id
}
sku {
@@ -88,7 +87,8 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
ssl_certificate {
name = var.cert_name
key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id
password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
}
ssl_policy {
@@ -153,7 +153,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_https
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_443
priority = 1
}
@@ -170,7 +169,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
rule_type = "Basic"
http_listener_name = local.listener_name_http
redirect_configuration_name = local.redirect_configuration_80
priority = 2
}
}

2
appgateways/appgw-443-only/output.tf
View File

@@ -11,5 +11,5 @@ output "appgw_public_ip" {
}
output "appgw_backend_address_pool_0_id" {
value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).0.id
value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
}

4
appgateways/appgw-443-only/variables.tf
View File

@@ -38,7 +38,3 @@ variable "user_id" {
variable "probe_path" {
default = "/"
}
variable "log_analytics_workspace_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/appgw_rg/providers/Microsoft.OperationalInsights/workspaces/qmi-log-analytics"
}

8
appgateways/appgw-e2e/logs.tf
View File

@@ -5,19 +5,23 @@ resource "azurerm_monitor_diagnostic_setting" "example" {
log_analytics_workspace_id = var.log_analytics_workspace_id
enabled_log {
log {
category = "ApplicationGatewayAccessLog"
enabled = true
retention_policy {
enabled = true
days = 7
}
}
enabled_log {
log {
category = "ApplicationGatewayFirewallLog"
enabled = true
retention_policy {
enabled = true
days = 7
}
}
}

28
appgateways/appgw-e2e/main.tf
View File

@@ -45,8 +45,14 @@ locals {
}
data "azurerm_key_vault_certificate" "qmi-cert" {
name = "star-qmi-qlikpoc-com-cert"
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id
}
@@ -62,7 +68,6 @@ resource "azurerm_public_ip" "appgw-ip" {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
Owner = var.user_id
}
}
@@ -72,16 +77,10 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
resource_group_name = var.app_gw_rg
location = var.location
identity {
type = "UserAssigned"
identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
}
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
Owner = var.user_id
}
sku {
@@ -206,7 +205,8 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
ssl_certificate {
name = var.cert_name
key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id
password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
}
ssl_policy {
@@ -418,7 +418,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_https
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_443
priority = 1
}
@@ -429,7 +428,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_8443
backend_address_pool_name = local.backend_address_pool_qdc
backend_http_settings_name = local.http_setting_name_8443
priority = 2
}
# NPrinting routing rules
@@ -439,7 +437,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4993
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4993
priority = 3
}
request_routing_rule {
name = local.request_routing_rule_4994
@@ -447,7 +444,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4994
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4994
priority = 4
}
@@ -457,7 +453,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4552
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4552
priority = 5
}
@@ -468,7 +463,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4435
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4435
priority = 6
}
@@ -485,7 +479,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
rule_type = "Basic"
http_listener_name = local.listener_name_http
redirect_configuration_name = local.redirect_configuration_80
priority = 7
}
# Redirect QDC 8080 to 8443
@@ -501,7 +494,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
rule_type = "Basic"
http_listener_name = local.listener_name_8080
redirect_configuration_name = local.redirect_configuration_8080
priority = 8
}
}

2
appgateways/appgw-e2e/variables.tf
View File

@@ -24,7 +24,7 @@ variable "app_gw_subnet" {
}
variable "log_analytics_workspace_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/appgw_rg/providers/Microsoft.OperationalInsights/workspaces/qmi-log-analytics"
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourcegroups/appgw_rg/providers/microsoft.operationalinsights/workspaces/qmi-log-analytics"
}
variable "cert_name" {

8
appgateways/appgw-qdc-qs/logs.tf
View File

@@ -5,19 +5,23 @@ resource "azurerm_monitor_diagnostic_setting" "example" {
log_analytics_workspace_id = var.log_analytics_workspace_id
enabled_log {
log {
category = "ApplicationGatewayAccessLog"
enabled = true
retention_policy {
enabled = true
days = 7
}
}
enabled_log {
log {
category = "ApplicationGatewayFirewallLog"
enabled = true
retention_policy {
enabled = true
days = 7
}
}
}

26
appgateways/appgw-qdc-qs/main.tf
View File

@@ -37,8 +37,14 @@ locals {
}
data "azurerm_key_vault_certificate" "qmi-cert" {
name = "star-qmi-qlikpoc-com-cert"
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id
}
@@ -54,7 +60,6 @@ resource "azurerm_public_ip" "appgw-ip" {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
Owner = var.user_id
}
}
@@ -65,16 +70,10 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
resource_group_name = var.app_gw_rg
location = var.location
identity {
type = "UserAssigned"
identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
}
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
Owner = var.user_id
}
sku {
@@ -190,7 +189,8 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
ssl_certificate {
name = var.cert_name
key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id
password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
}
ssl_policy {
@@ -359,7 +359,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_https
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_443
priority = 1
}
@@ -370,7 +369,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_8443
backend_address_pool_name = local.backend_address_pool_qdc
backend_http_settings_name = local.http_setting_name_8443
priority = 2
}
# NPrinting routing rules
@@ -380,7 +378,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4993
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4993
priority = 3
}
request_routing_rule {
name = local.request_routing_rule_4994
@@ -388,7 +385,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4994
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4994
priority = 4
}
# QIB routing rule
@@ -398,7 +394,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4435
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4435
priority = 5
}
@@ -415,7 +410,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
rule_type = "Basic"
http_listener_name = local.listener_name_http
redirect_configuration_name = local.redirect_configuration_80
priority = 6
}
}

444
appgateways/appgw-qdc-qs/main.tfold Normal file
View File

@@ -0,0 +1,444 @@
locals {
appgw_hostname = "${var.appgw_hostname}.${var.domain}"
appgw_name = "qmi-appgw-qdc-qs"
# Qlik Sense
backend_address_pool_qs = "${var.appgw_hostname}-qs-bp"
http_setting_name_443 = "${var.appgw_hostname}-http-setting"
listener_name_http = "${var.appgw_hostname}-http"
listener_name_https = "${var.appgw_hostname}-https"
qs_probe_name = "${var.appgw_hostname}-probe"
request_routing_rule_https = "${var.appgw_hostname}-https-rule"
request_routing_rule_http = "${var.appgw_hostname}-http-rule"
redirect_configuration_80 = "${var.appgw_hostname}-80redirect"
# NPrinting
http_setting_name_4993 = "${var.appgw_hostname}-4993-setting"
http_setting_name_4994 = "${var.appgw_hostname}-4994-setting"
listener_name_4993 = "${var.appgw_hostname}-4993"
listener_name_4994 = "${var.appgw_hostname}-4994"
request_routing_rule_4993 = "${var.appgw_hostname}-4993-rule"
request_routing_rule_4994 = "${var.appgw_hostname}-4994-rule"
# QIB
http_setting_name_4435 = "${var.appgw_hostname}-4435-setting"
qs_probe_name_4435 = "${var.appgw_hostname}-probe-4435"
listener_name_4435 = "${var.appgw_hostname}-4435"
request_routing_rule_4435 = "${var.appgw_hostname}-4435-rule"
# QDC
backend_address_pool_qdc = "${var.appgw_hostname}-qdc-bp"
http_setting_name_8443 = "${var.appgw_hostname}-8443-setting"
qdc_probe_name = "${var.appgw_hostname}-qdcprobe"
listener_name_8080 = "${var.appgw_hostname}-8080"
listener_name_8443 = "${var.appgw_hostname}-8443"
request_routing_rule_8443 = "${var.appgw_hostname}-8443-rule"
request_routing_rule_8080 = "${var.appgw_hostname}-8080-rule"
redirect_configuration_8080 = "${var.appgw_hostname}-8080redirect"
}
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id
}
resource "azurerm_public_ip" "appgw-ip" {
name = "${local.appgw_name}-ip-${var.provision_id}"
resource_group_name = var.app_gw_rg
sku = "Standard"
location = var.location
allocation_method = "Static"
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
}
resource "azurerm_application_gateway" "qmi-app-gw" {
name = "${local.appgw_name}-${var.provision_id}"
resource_group_name = var.app_gw_rg
location = var.location
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
sku {
name = "WAF_v2"
tier = "WAF_v2"
capacity = 1
}
gateway_ip_configuration {
name = "app-gw-subnet"
subnet_id = var.app_gw_subnet
}
waf_configuration {
enabled = true
firewall_mode = "Prevention"
rule_set_type = "OWASP"
rule_set_version = "3.0"
file_upload_limit_mb = "500"
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Equals"
selector = "qvla_invite"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "parsely"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "mixpanel"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "optimizely"
}
exclusion {
match_variable = "RequestArgNames"
selector_match_operator = "Equals"
selector = "reloadUri"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "NPWEBCONSOLE"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "NPNEWSSTAND"
}
exclusion {
match_variable = "RequestCookieNames"
selector_match_operator = "Contains"
selector = "Vizlib"
}
# This is needed for NPrinting
/*disabled_rule_group {
rule_group_name = "REQUEST-920-PROTOCOL-ENFORCEMENT"
rules = ["920270", "920271"]
}*/
}
# Qlik Sense fe ports
frontend_port {
name = "443"
port = 443
}
frontend_port {
name = "80"
port = 80
}
# NPrinting fe ports
frontend_port {
name = "4993"
port = 4993
}
frontend_port {
name = "4994"
port = 4994
}
# QIB fe ports
frontend_port {
name = "4435"
port = 4435
}
# QDC fe ports
frontend_port {
name = "8443"
port = 8443
}
frontend_port {
name = "8080"
port = 8080
}
frontend_ip_configuration {
name = "app-gw-front-end-ip-config"
public_ip_address_id = azurerm_public_ip.appgw-ip.id
}
ssl_certificate {
name = var.cert_name
password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
}
ssl_policy {
policy_type = "Predefined"
policy_name = "AppGwSslPolicy20170401"
}
# Backend pool for QS, QIB and NP
backend_address_pool {
name = local.backend_address_pool_qs
}
# Backend pool for QDC
backend_address_pool {
name = local.backend_address_pool_qdc
}
# Qlik Sense
backend_http_settings {
name = local.http_setting_name_443
cookie_based_affinity = "Disabled"
port = 443
protocol = "Https"
request_timeout = 7600
probe_name = local.qs_probe_name
}
# NPrinting
backend_http_settings {
name = local.http_setting_name_4993
cookie_based_affinity = "Disabled"
port = 4993
protocol = "Https"
request_timeout = 7600
probe_name = local.qs_probe_name
}
backend_http_settings {
name = local.http_setting_name_4994
cookie_based_affinity = "Disabled"
port = 4994
protocol = "Https"
request_timeout = 7600
probe_name = local.qs_probe_name
}
# QIB
backend_http_settings {
name = local.http_setting_name_4435
cookie_based_affinity = "Disabled"
port = 4435
protocol = "Https"
request_timeout = 7600
probe_name = local.qs_probe_name_4435
}
# QDC
backend_http_settings {
name = local.http_setting_name_8443
cookie_based_affinity = "Disabled"
port = 8080
protocol = "Http"
request_timeout = 7600
probe_name = local.qdc_probe_name
}
# QS Prob
probe {
name = local.qs_probe_name
protocol = "Https"
host = local.appgw_hostname
interval = 30
path = "/"
timeout = 30
unhealthy_threshold = 3
}
# QDC Prob
probe {
name = local.qdc_probe_name
protocol = "Http"
host = local.appgw_hostname
interval = 30
path = "/qdc"
timeout = 30
unhealthy_threshold = 3
}
# QIB Probe
probe {
name = local.qs_probe_name_4435
protocol = "Https"
host = local.appgw_hostname
interval = 30
path = "/"
timeout = 30
unhealthy_threshold = 3
match {
status_code = ["200-401"]
}
}
# Qlik Sense listener
http_listener {
name = local.listener_name_https
host_name = local.appgw_hostname
ssl_certificate_name = var.cert_name
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "443"
protocol = "Https"
}
http_listener {
name = local.listener_name_http
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "80"
protocol = "Http"
}
# NPrinting listeners
http_listener {
name = local.listener_name_4993
ssl_certificate_name = var.cert_name
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "4993"
protocol = "Https"
}
http_listener {
name = local.listener_name_4994
ssl_certificate_name = var.cert_name
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "4994"
protocol = "Https"
}
# QIB listener
http_listener {
name = local.listener_name_4435
ssl_certificate_name = var.cert_name
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "4435"
protocol = "Https"
}
# QDC listeners
http_listener {
name = local.listener_name_8443
ssl_certificate_name = var.cert_name
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "8443"
protocol = "Https"
}
http_listener {
name = local.listener_name_8080
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "8080"
protocol = "Http"
}
# Qlik Sense routing rules
request_routing_rule {
name = local.request_routing_rule_https
rule_type = "Basic"
http_listener_name = local.listener_name_https
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_443
}
# QDC routing rules
request_routing_rule {
name = local.request_routing_rule_8443
rule_type = "Basic"
http_listener_name = local.listener_name_8443
backend_address_pool_name = local.backend_address_pool_qdc
backend_http_settings_name = local.http_setting_name_8443
}
# NPrinting routing rules
request_routing_rule {
name = local.request_routing_rule_4993
rule_type = "Basic"
http_listener_name = local.listener_name_4993
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4993
}
request_routing_rule {
name = local.request_routing_rule_4994
rule_type = "Basic"
http_listener_name = local.listener_name_4994
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4994
}
# QIB routing rule
request_routing_rule {
name = local.request_routing_rule_4435
rule_type = "Basic"
http_listener_name = local.listener_name_4435
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4435
}
# Redirect QS 80 to 443
redirect_configuration {
name = local.redirect_configuration_80
target_listener_name = local.listener_name_https
redirect_type = "Permanent"
include_path = true
include_query_string = true
}
request_routing_rule {
name = local.request_routing_rule_http
rule_type = "Basic"
http_listener_name = local.listener_name_http
redirect_configuration_name = local.redirect_configuration_80
}
# Redirect QDC 8080 to 8443
redirect_configuration {
name = local.redirect_configuration_8080
target_listener_name = local.listener_name_8443
redirect_type = "Permanent"
include_path = true
include_query_string = true
}
request_routing_rule {
name = local.request_routing_rule_8080
rule_type = "Basic"
http_listener_name = local.listener_name_8080
redirect_configuration_name = local.redirect_configuration_8080
}
}

8
appgateways/appgw-qdc-qs/outputs.tf
View File

@@ -10,14 +10,10 @@ output "appgw_public_ip" {
value = azurerm_public_ip.appgw-ip.ip_address
}
locals {
backend_pools = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool)
}
output "appgw_backend_address_pool_0_id" {
value = local.backend_pools[index(local.backend_pools.*.name, "${var.appgw_hostname}-qs-bp")].id
value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
}
output "appgw_backend_address_pool_1_id" {
value = local.backend_pools[index(local.backend_pools.*.name, "${var.appgw_hostname}-qdc-bp")].id
value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[1].id
}

2
appgateways/appgw-qdc-qs/variables.tf
View File

@@ -24,7 +24,7 @@ variable "app_gw_subnet" {
}
variable "log_analytics_workspace_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/appgw_rg/providers/Microsoft.OperationalInsights/workspaces/qmi-log-analytics"
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourcegroups/appgw_rg/providers/microsoft.operationalinsights/workspaces/qmi-log-analytics"
}
variable "cert_name" {

8
appgateways/appgw-qdc/logs.tf
View File

@@ -5,19 +5,23 @@ resource "azurerm_monitor_diagnostic_setting" "example" {
log_analytics_workspace_id = var.log_analytics_workspace_id
enabled_log {
log {
category = "ApplicationGatewayAccessLog"
enabled = true
retention_policy {
enabled = true
days = 7
}
}
enabled_log {
log {
category = "ApplicationGatewayFirewallLog"
enabled = true
retention_policy {
enabled = true
days = 7
}
}
}

21
appgateways/appgw-qdc/main.tf
View File

@@ -11,8 +11,14 @@ locals {
}
data "azurerm_key_vault_certificate" "qmi-cert" {
name = "star-qmi-qlikpoc-com-cert"
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id
}
@@ -28,7 +34,6 @@ resource "azurerm_public_ip" "appgw-ip" {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
Owner = var.user_id
}
}
@@ -38,16 +43,10 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
resource_group_name = var.app_gw_rg
location = var.location
identity {
type = "UserAssigned"
identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
}
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
Owner = var.user_id
}
sku {
@@ -81,7 +80,8 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
ssl_certificate {
name = var.cert_name
key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id
password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
}
ssl_policy {
@@ -129,7 +129,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_8443
backend_address_pool_name = local.backend_address_pool_qdc
backend_http_settings_name = local.http_setting_name_8443
priority = 1
}
}

167
appgateways/appgw-qdc/main.tf_old Normal file
View File

@@ -0,0 +1,167 @@
locals {
appgw_hostname = "${var.appgw_hostname}.${var.domain}"
appgw_name = "qmi-appgw-qdc"
backend_address_pool_qdc = "${var.appgw_hostname}-qdc-bp"
http_setting_name_8443 = "${var.appgw_hostname}-8443-setting"
qdc_probe_name = "${var.appgw_hostname}-qdcprobe"
listener_name_8080 = "${var.appgw_hostname}-8080"
listener_name_8443 = "${var.appgw_hostname}-8443"
request_routing_rule_https = "${var.appgw_hostname}-https-rule"
request_routing_rule_8443 = "${var.appgw_hostname}-8443-rule"
redirect_configuration_8080 = "${var.appgw_hostname}-8080redirect"
request_routing_rule_8080 = "${var.appgw_hostname}-8080-rule"
}
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id
}
resource "azurerm_public_ip" "appgw-ip" {
name = "${local.appgw_name}-ip-${var.provision_id}"
resource_group_name = var.app_gw_rg
sku = "Standard"
location = var.location
allocation_method = "Static"
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
}
resource "azurerm_application_gateway" "qmi-app-gw" {
name = "${local.appgw_name}-${var.provision_id}"
resource_group_name = var.app_gw_rg
location = var.location
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
}
sku {
name = "WAF_v2"
tier = "WAF_v2"
capacity = 1
}
waf_configuration {
enabled = true
firewall_mode = "Prevention"
rule_set_type = "OWASP"
rule_set_version = "3.0"
}
gateway_ip_configuration {
name = "app-gw-subnet"
subnet_id = var.app_gw_subnet
}
frontend_port {
name = "8443"
port = 8443
}
frontend_port {
name = "8080"
port = 8080
}
frontend_ip_configuration {
name = "app-gw-front-end-ip-config"
public_ip_address_id = azurerm_public_ip.appgw-ip.id
}
ssl_certificate {
name = var.cert_name
password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
}
ssl_policy {
policy_type = "Predefined"
policy_name = "AppGwSslPolicy20170401"
}
backend_address_pool {
name = local.backend_address_pool_qdc
}
backend_http_settings {
name = local.http_setting_name_8443
cookie_based_affinity = "Disabled"
port = 8080
protocol = "Http"
request_timeout = 7600
probe_name = local.qdc_probe_name
}
probe {
name = local.qdc_probe_name
protocol = "Http"
host = local.appgw_hostname
interval = 30
path = "/qdc"
timeout = 30
unhealthy_threshold = 3
}
http_listener {
name = local.listener_name_8443
ssl_certificate_name = var.cert_name
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "8443"
protocol = "Https"
}
http_listener {
name = local.listener_name_8080
host_name = local.appgw_hostname
frontend_ip_configuration_name = "app-gw-front-end-ip-config"
frontend_port_name = "8080"
protocol = "Http"
}
request_routing_rule {
name = local.request_routing_rule_8443
rule_type = "Basic"
http_listener_name = local.listener_name_8443
backend_address_pool_name = local.backend_address_pool_qdc
backend_http_settings_name = local.http_setting_name_8443
}
redirect_configuration {
name = local.redirect_configuration_8080
target_listener_name = local.listener_name_8443
redirect_type = "Permanent"
include_path = true
include_query_string = true
}
request_routing_rule {
name = local.request_routing_rule_8080
rule_type = "Basic"
http_listener_name = local.listener_name_8080
redirect_configuration_name = local.redirect_configuration_8080
}
}

2
appgateways/appgw-qdc/outputs.tf
View File

@@ -11,6 +11,6 @@ output "appgw_public_ip" {
}
output "appgw_backend_address_pool_0_id" {
value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).0.id
value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
}

2
appgateways/appgw-qdc/variables.tf
View File

@@ -24,7 +24,7 @@ variable "app_gw_subnet" {
}
variable "log_analytics_workspace_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/appgw_rg/providers/Microsoft.OperationalInsights/workspaces/qmi-log-analytics"
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourcegroups/appgw_rg/providers/microsoft.operationalinsights/workspaces/qmi-log-analytics"
}
variable "cert_name" {

8
appgateways/appgw-qs/logs.tf
View File

@@ -5,19 +5,23 @@ resource "azurerm_monitor_diagnostic_setting" "example" {
log_analytics_workspace_id = var.log_analytics_workspace_id
enabled_log {
log {
category = "ApplicationGatewayAccessLog"
enabled = true
retention_policy {
enabled = true
days = 7
}
}
enabled_log {
log {
category = "ApplicationGatewayFirewallLog"
enabled = true
retention_policy {
enabled = true
days = 7
}
}
}

27
appgateways/appgw-qs/main.tf
View File

@@ -35,8 +35,14 @@ locals {
}
data "azurerm_key_vault_certificate" "qmi-cert" {
name = "star-qmi-qlikpoc-com-cert"
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-data" {
name = "star-qmi-qlikpoc-com-data"
key_vault_id = var.key_vault_id
}
@@ -52,7 +58,6 @@ resource "azurerm_public_ip" "appgw-ip" {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
Owner = var.user_id
}
}
@@ -62,16 +67,10 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
resource_group_name = var.app_gw_rg
location = var.location
identity {
type = "UserAssigned"
identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
}
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
QMI_user = var.user_id
Owner = var.user_id
}
sku {
@@ -187,7 +186,8 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
ssl_certificate {
name = var.cert_name
key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id
password = data.azurerm_key_vault_secret.cert-password.value
data = data.azurerm_key_vault_secret.cert-data.value
}
ssl_policy {
@@ -272,7 +272,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
unhealthy_threshold = 3
match {
body = null
status_code = ["200-401"]
}
}
@@ -340,7 +339,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_https
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_443
priority = 1
}
@@ -351,7 +349,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4993
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4993
priority = 2
}
request_routing_rule {
name = local.request_routing_rule_4994
@@ -359,7 +356,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4994
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4994
priority = 3
}
# QIB routing rule (needs QIB using qmi.qlik-poc.com certs)
@@ -369,7 +365,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4435
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4435
priority = 4
}
# Qlik Alerting routing rule (needs Qlik Alerting using qmi.qlik-poc.com certs)
@@ -379,7 +374,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
http_listener_name = local.listener_name_4552
backend_address_pool_name = local.backend_address_pool_qs
backend_http_settings_name = local.http_setting_name_4552
priority = 5
}
@@ -396,7 +390,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
rule_type = "Basic"
http_listener_name = local.listener_name_http
redirect_configuration_name = local.redirect_configuration_80
priority = 6
}
}

2
appgateways/appgw-qs/outputs.tf
View File

@@ -11,5 +11,5 @@ output "appgw_public_ip" {
}
output "appgw_backend_address_pool_0_id" {
value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).0.id
value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
}

2
appgateways/appgw-qs/variables.tf
View File

@@ -24,7 +24,7 @@ variable "app_gw_subnet" {
}
variable "log_analytics_workspace_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/appgw_rg/providers/Microsoft.OperationalInsights/workspaces/qmi-log-analytics"
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourcegroups/appgw_rg/providers/microsoft.operationalinsights/workspaces/qmi-log-analytics"
}
variable "cert_name" {

169
archived/vm-fromsnapshot-win/main.tf Normal file
View File

@@ -0,0 +1,169 @@
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 2
}
resource "random_password" "password" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_lower = 2
min_upper = 2
min_special = 2
}
locals {
virtual_machine_name = (var.virtual_machine_name != null)? var.virtual_machine_name : "${var.prefix}-${random_id.randomMachineId.hex}"
admin_username = var.admin_username
admin_password = random_password.password.result
notrename = (var.notrename != null)? "-NotApply" : ""
storage_account_id = var.location == "westeurope"? "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Storage/storageAccounts/machinesnapshotsweu" : "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Storage/storageAccounts/machinesnapshots"
}
resource "azurerm_managed_disk" "copy" {
name = "Disk-${var.prefix}-${random_id.randomMachineId.hex}"
location = var.location
resource_group_name = var.resource_group_name
storage_account_type = "Premium_LRS"
create_option = "Import"
storage_account_id = local.storage_account_id
source_uri = var.snapshot_id
disk_size_gb = var.disk_size_gb
tags = {
"Deployment" = "QMI PoC"
"Cost Center" = "3100"
"QMI_user" = var.user_id != null? var.user_id : null
}
}
module "qmi-nic" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
prefix = local.virtual_machine_name
location = var.location
subnet_id = var.subnet_id
resource_group_name = var.resource_group_name
user_id = var.user_id
}
resource "azurerm_virtual_machine" "vm" {
name = local.virtual_machine_name
location = var.location
resource_group_name = var.resource_group_name
network_interface_ids = [ module.qmi-nic.id ]
vm_size = var.vm_type
storage_os_disk {
name = azurerm_managed_disk.copy.name
os_type = "Windows"
managed_disk_id = azurerm_managed_disk.copy.id
managed_disk_type = "Premium_LRS"
create_option = "Attach"
}
os_profile_windows_config {
provision_vm_agent = true
enable_automatic_upgrades = false
winrm {
protocol = "http"
}
}
identity {
type = "SystemAssigned"
}
/*os_profile {
computer_name = local.virtual_machine_name
admin_username = local.admin_username
}*/
tags = {
"Deployment" = "QMI PoC"
"Cost Center" = "3100"
"ProvId" = var.provId != null? var.provId : null
"QMI_user" = var.user_id != null? var.user_id : null
"24x7" = var.is_24x7 == true? "" : null
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
"StartupTime": var.is_24x7 == false? var.startupTime : null
}
}
resource "null_resource" "post-vm-fromsnapshot-win" {
count = var.initial_password != null? 1 : 0
depends_on = [
azurerm_virtual_machine.vm
]
provisioner "file" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = var.initial_password
port = 5985
https = false
timeout = "10m"
}
source = "${path.module}/scripts"
destination = "C:/tmp/provision"
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = var.initial_password
port = 5985
https = false
timeout = "10m"
}
inline = [
"powershell.exe -File C:/tmp/provision/bootstrap.ps1",
"powershell.exe -File C:/tmp/provision/password.ps1 -Username ${local.admin_username} -Pass ${local.admin_password}"
]
}
# Rename Computer
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "10m"
}
inline = [
"powershell.exe -File C:/tmp/provision/RenameComputer.ps1 -NewName ${local.virtual_machine_name} ${local.notrename}"
]
on_failure = continue
}
provisioner "local-exec" {
command = "sleep 30"
}
}

4
vm-rockylinux/outputs.tf → archived/vm-fromsnapshot-win/outputs.tf
View File

@@ -3,7 +3,7 @@ output "virtual_machine_id" {
}
output "virtual_machine_name" {
value = "${var.prefix}-${random_id.randomMachineId.hex}"
value = azurerm_virtual_machine.vm.name
}
output "admin_username" {
@@ -11,7 +11,7 @@ output "admin_username" {
}
output "admin_password" {
value = nonsensitive(random_password.password.result)
value = random_password.password.result
}
output "nic_id" {

14
archived/vm-fromsnapshot-win/scripts/RenameComputer.ps1 Normal file
View File

@@ -0,0 +1,14 @@
Param(
[string] $NewName,
[switch] $NotApply = $False
)
if ($NotApply){
Write-Host "Not renaming machine"
} else {
Write-Host "Machine is going to be renamed as $NewName"
Rename-Computer -NewName $NewName -PassThru -Force -Restart
}

16
vm-win2/scripts/bootstrap.ps1 → archived/vm-fromsnapshot-win/scripts/bootstrap.ps1
View File

@@ -1,3 +1,4 @@
New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI -force | Out-Null
Copy-Item $PSScriptRoot\qmiCLI.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI\qmiCLI.psm1 | Out-Null
Import-Module qmiCLI.psm1 | Out-Null
@@ -7,12 +8,23 @@ New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Mo
Copy-Item $PSScriptRoot\qmiUtils.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiUtils\qmiUtils.psm1 | Out-Null
Import-Module qmiUtils.psm1 | Out-Null
Write-Log "Scripts locations is: $PSScriptRoot"
#Install Chocolatey
Write-Log "Install Chocolatey"
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
#Write-Log "Install Chocolatey"
#Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
### Disable Password policy
secedit /export /cfg c:\secpol.cfg | Out-Null
(Get-Content C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg | Out-Null
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY | Out-Null
rm -force c:\secpol.cfg -confirm:$false | Out-Null
#Write-Log "Resize Partition C to max size"
#$size = Get-PartitionSupportedSize -DriveLetter C
#Resize-Partition -DriveLetter C -Size $size.SizeMax | Out-Null

12
archived/vm-fromsnapshot-win/scripts/password.ps1 Normal file
View File

@@ -0,0 +1,12 @@
Param(
[string] $Username,
[string] $Pass
)
Import-Module "Carbon"
$secpasswd = ConvertTo-SecureString $Pass -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($Username, $secpasswd)
Install-User -Credential $cred
Write-Log "Done! Setting new password to user $Username"

24
vm-win2/scripts/q-user-setup.ps1 → archived/vm-fromsnapshot-win/scripts/q-user-setup.ps1
View File

@@ -1,16 +1,3 @@
<#
Module: q-user-setup
Author: Clint Carr
Modified by: -
Modification History:
- Deleted disable IPv6
- Changed the creation of Qlik User to be based on Carbon
- Added Logging
- Added comments
last updated: 27/07/2018
Intent: Disable Password complexity, create Qlik user and grant remote desktop rights
#>
Write-Log "Starting q-user-setup.ps1"
Trap {
@@ -18,13 +5,6 @@ Trap {
Break
}
# Helper Functions
# ----------------
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
### Install Carbon PowerShell Module
Write-Log -Message "Installing carbon"
choco install carbon -y | Out-Null
@@ -32,8 +12,8 @@ Import-Module "Carbon"
### create Qlik User
Write-Log -Message "Creating Qlik account"
$cred = New-Credential "Qlik" "Qlik1234"
Install-CUser -Credential $cred
$cred = New-MyCredential -user "Qlik" -pass "Qlik1234"
Install-User -Credential $cred
### Grant Remote Admin Rights to Qlik User
Write-Log -Message "Granting Qlik account Remote Interactive Logon Right"

0
vm-qs/scripts-qdc/Categories.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Categories.qvd
View File

0
vm-qs/scripts-qdc/Employees.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Employees.qvd
View File

0
vm-qs/scripts-qdc/Offices.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Offices.qvd
View File

0
vm-qs/scripts-qdc/Products.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Products.qvd
View File

0
vm-qs/scripts-qdc/Restart-ServiceDispatcher.ps1 → archived/vm-fromsnapshot-win/scripts/qdc/Restart-ServiceDispatcher.ps1
View File

0
vm-qs/scripts-qdc/Sales_Data.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Sales_Data.qvd
View File

0
vm-qs/scripts-qdc/Suppliers.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Suppliers.qvd
View File

0
vm-qs/scripts-qdc/Territories.qvd → archived/vm-fromsnapshot-win/scripts/qdc/Territories.qvd
View File

0
vm-qs/scripts-qdc/qdc-scenario-config.ps1 → archived/vm-fromsnapshot-win/scripts/qdc/qdc-scenario-config.ps1
View File

13
vm-qs/scripts-qdc/qdc-setup-sept20.ps1 → archived/vm-fromsnapshot-win/scripts/qdc/qdc-setup-sept20.ps1
View File

@@ -1,6 +1,5 @@
Param(
[string] $QDC_HOST = "QMI-QDC-SN",
[string] $POSTGRES_CONN_PW = "postgres"
[string] $QDC_HOST = "QMI-QDC-SN"
)
function New-Credential($u,$p) {
@@ -54,8 +53,8 @@ New-QlikTag -name "QVD Catalog" | Out-Null
# create podium user
Import-Module "Carbon"
Write-Log -Message "Adding 'podium' user to Windows system"
$cred = New-Credential "podium" $POSTGRES_CONN_PW
Install-CUser -Credential $cred | Out-Null
$cred = New-Credential "podium" "Qlik1234"
Install-User -Credential $cred | Out-Null
Write-Log -Message "Creating Qlik Sense data connection for C:\QVDs"
@@ -75,9 +74,8 @@ New-NetFirewallRule -DisplayName "pub2qlik" -Action allow -LocalPort 4243,4747 -
Write-Log -Message "Creating 'podium_dist' postgres connection"
$cred = New-Credential "postgres" $POSTGRES_CONN_PW
$theString = "CUSTOM CONNECT TO ""provider=QvOdbcConnectorPackage.exe;driver=postgres;host=$QDC_HOST;port=5432;db=podium_dist;SSLMode=prefer;UseSystemTrustStore=false;ByteaAsLongVarBinary=0;TextAsLongVarchar=0;UseUnicode=1;FetchTSWTZasTimestamp=1;MaxVarcharSize=262144;UseDeclareFetch=1;Fetch=200;EnableTableTypes=1;MoneyAsDecimal=1;TimetzAsVarchar=1;allowNonSelectQueries=false;QueryTimeout=30;useBulkReader=false;maxStringLength=4096;"""
$podiumDistDC = New-QlikDataConnection -connectionstring $theString `
$cred = New-Credential "postgres" "postgres"
$podiumDistDC = New-QlikDataConnection -connectionstring "'CUSTOM CONNECT TO `"provider=QvOdbcConnectorPackage.exe;driver=postgres;host=$QDC_HOST;port=5432;db=podium_dist;SSLMode=prefer;UseSystemTrustStore=false;ByteaAsLongVarBinary=0;TextAsLongVarchar=0;UseUnicode=1;FetchTSWTZasTimestamp=1;MaxVarcharSize=262144;UseDeclareFetch=1;Fetch=200;EnableTableTypes=1;MoneyAsDecimal=1;QueryTimeout=30;`"" `
-name podium_dist -type 'QvOdbcConnectorPackage.exe' -Credential $cred
Write-Log -Message "Grant access to all user to this connection"
@@ -86,7 +84,6 @@ New-QlikRule -name "Podium_Dist allow to all" -comment "Allow Podium_Dist Connec
Write-Log "Copy Sample QVDs into C:/QVDs folder"
Copy-Item $PSScriptRoot\*.qvd C:\QVDs
Copy-Item $PSScriptRoot\*.csv C:\QVDs
$x=1
$files = Get-ChildItem C:\QVDs\*.qvd|sort LastWriteTime

2
vm-qs/scripts-qdc/qdc-setup.ps1 → archived/vm-fromsnapshot-win/scripts/qdc/qdc-setup.ps1
View File

@@ -114,7 +114,7 @@ Grant-SmbShareAccess -Name certs -AccountName Everyone -AccessRight Read -Force
Import-Module "Carbon"
Write-Log -Message "Adding 'podium' user to Windows system"
$cred = New-Credential "podium" "Qlik1234"
Install-CUser -Credential $cred | Out-Null
Install-User -Credential $cred | Out-Null
#gci cert:\CurrentUser\My | where {$_.issuer -eq $cert} | Connect-Qlik -Username $env:COMPUTERNAME\podium -Computername $env:COMPUTERNAME
#gci cert:\CurrentUser\My | where {$_.issuer -eq $cert} | Connect-Qlik -Computername $env:COMPUTERNAME

131
archived/vm-fromsnapshot-win/scripts/qliksense/bootstrap-qs.ps1 Normal file
View File

@@ -0,0 +1,131 @@
Param(
[string] $ModuleName = "vm-qs"
)
Write-Log "Resize Partition C to max size"
$size = Get-PartitionSupportedSize -DriveLetter C
Resize-Partition -DriveLetter C -Size $size.SizeMax | Out-Null
# Helper Functions
# ----------------
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
#Write-Log "Deleting old certificates files..."
#Get-ChildItem "$($env:ProgramData)\Qlik\Sense\Repository\Exported Certificates\" | Remove-Item -Recurse
Set-Service -Name "QlikLoggingService" -StartupType Automatic
Set-Service -Name "QlikSenseServiceDispatcher" -StartupType Automatic
Set-Service -Name "QlikSenseProxyService" -StartupType Automatic
Set-Service -Name "QlikSenseEngineService" -StartupType Automatic
Set-Service -Name "QlikSensePrintingService" -StartupType Automatic
Set-Service -Name "QlikSenseSchedulerService" -StartupType Automatic
Set-Service -Name "QlikSenseRepositoryService" -StartupType Automatic
Set-Service -Name "QlikSenseRepositoryDatabase" -StartupType Automatic
Write-Log "Starting QlikSenseRepositoryDatabase and QlikSenseServiceDispatcher..."
Start-Service QlikSenseRepositoryDatabase
Start-Service QlikSenseServiceDispatcher
#Delete certificates
Write-Log "Deleting old certificates from keyStore..."
$Certs = Get-ChildItem cert:"CurrentUser\My"
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
$Certs = Get-ChildItem cert:"LocalMachine\My"
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
$Certs = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'GEN-QS' -or $_.Subject -match 'QMI-QS' -or $_.Subject -match 'QMI-E2E' }
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
Write-Log "Setting new hostname ($($env:computername)) in to Host.cfg file..."
$enchostname = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("$($env:computername)"))
Set-Content -Path C:\ProgramData\Qlik\Sense\Host.cfg -Value $enchostname
Write-Log "Bootstraping Qlik Sense ..."
Write-Log "Executing ... Repository.exe -bootstrap -standalone -restorehostname"
$waiting=20
if ( $env:USERNAME -eq "qservice" ) {
$waiting=50
Write-Log "The user executing this script is already 'qservice'"
Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
} else {
Write-Log "The user executing this script is NOT 'qservice'"
$cred = New-Credential "qservice" "Qlik1234"
Start-Process powershell.exe -Credential $cred -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
}
$waiting=50
Write-Log "Waiting $waiting secs ..."
Start-Sleep -s $waiting
Write-Log "Restarting Service Dispatcher"
Restart-Service QlikSenseServiceDispatcher -Force
Start-Sleep -s 20
Write-Log "New Certs: CurrentUser\My"
Get-ChildItem cert:"CurrentUser\My"
Write-Log "New Certs: LocalMachine\My"
Get-ChildItem cert:"LocalMachine\My"
Write-Log "New Certs: LocalMachine\Root"
Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
$NewCerts = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
if ($NewCerts) {
Write-Log "Restarting all Qlik Sense services"
Restart-Service QlikSenseServiceDispatcher -Force
Restart-Service QlikLoggingService -Force
Restart-Service QlikSenseRepositoryService -Force
Restart-Service QlikSenseProxyService -Force
Restart-Service QlikSenseEngineService -Force
Restart-Service QlikSenseSchedulerService -Force
Restart-Service QlikSensePrintingService -Force
if ( $ModuleName -ne "vm-qs" ) {
Start-Sleep -s 20
Write-Log "Recovering Qlik Sense users"
Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/c $PSScriptRoot\qs-reset-users.bat'"
Restart-Service QlikSenseRepositoryService -Force
}
} else {
Write-Error "Error: Qlik Sense Certs not recreated!"
throw "Error: Qlik Sense Certs not recreated!"
}
#### Recreate QS desktop shortcuts
Write-Log "Recreate QS desktop shortcuts"
$sourcepath="C:\Users\Public\Desktop\Qlik Management Console.lnk"
$destination="C:\Users\Public\Desktop\Qlik Management Console2.lnk"
Copy-Item $sourcepath $destination ## Get the lnk we want to use as a template
Remove-Item -Path $sourcepath -Force
$shell = New-Object -COM WScript.Shell
$shortcut = $shell.CreateShortcut($destination) ## Open the lnk
$shortcut.TargetPath = "https://$env:computername/qmc" ## Make changes
$shortcut.Save() ## Save
Rename-Item -Path $destination -NewName "Qlik Management Console.lnk"
$sourcepath="C:\Users\Public\Desktop\Qlik Sense Hub.lnk"
$destination="C:\Users\Public\Desktop\Qlik Sense Hub2.lnk"
Copy-Item $sourcepath $destination ## Get the lnk we want to use as a template
Remove-Item -Path $sourcepath -Force
$shell = New-Object -COM WScript.Shell
$shortcut = $shell.CreateShortcut($destination) ## Open the lnk
$shortcut.TargetPath = "https://$env:computername/hub" ## Make changes
$shortcut.Save() ## Save
Rename-Item -Path $destination -NewName "Qlik Sense Hub.lnk"
####
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f

185
archived/vm-fromsnapshot-win/scripts/qliksense/qs-post-cfg.ps1 Normal file
View File

@@ -0,0 +1,185 @@
<#
Module: qs-post-cfg
Author: Clint Carr
Modified by: -
Modification History:
- Fixed connect as user logic (qlik-cli change)
- Added logic to accomodate for Professional/Analyzer or User licenses
- Added a loop into the Connect-Qlik statement to remove an abort error
- Added Logging
- Added comments
- Error checking
- Modified service connection for Qlik Sense from endless loop to a set number of attempts.
- Added a service restart at the end of the Central Node (seems to resolve an issue with April 2018)
last updated: 10/18/2019
Intent: Configure the Qlik Sense environment with applications and Security Rules.
#>
Param(
[string] $Hostname,
[string] $CertPwd,
[string] $QlikUserPwd
)
Import-Module Qlik-Cli
Import-Module "Carbon"
# Helper Functions
# ----------------
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
Write-Log -Message "Creating Qlik account"
$cred = New-Credential "Qlik" $QlikUserPwd
Install-User -Credential $cred
Write-Log -Message "Starting qs-post-cfg.ps1"
### Waiting for Qlik Sense installation to complete
#-----------
Function restartQse
{
Write-Log "Checking Engine Service has started..."
$qse = get-service QlikSenseEngineService
write-log -Message "The engine is currently $($qse.Status)"
if ($qse.Status -eq "Stopped") {
Write-Log -Message "Starting Qlik Sense Engine and waiting 120 seconds" -Severity "Warn";
Start-Service QlikSenseEngineService ;
Restart-Service QlikSenseServiceDispatcher;
start-sleep -s 120
}
write-log -Message "The engine is currently $($qse.Status)"
}
Function connQSR
{
$i = 1
$statusCode = 0
while ($statusCode -ne 200 -and $i -le 10)
{
try {$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode }
catch
{
$i++
write-log -Message "QSR on $env:COMPUTERNAME not responding attempt $i of 10..." -Severity "Warn"
start-sleep -s 20
}
}
}
Function restartServices
{
write-log -Message "Restarting Qlik Sense Services on $env:COMPUTERNAME" -Severity "Warn"
Restart-Service QlikSenseRepositoryDatabase -Force
Restart-Service QlikLoggingService -Force
Restart-Service QlikSenseServiceDispatcher -Force
Restart-Service QlikSenseRepositoryService -Force
Restart-Service QlikSenseProxyService -Force
Restart-Service QlikSenseEngineService -Force
Restart-Service QlikSensePrintingService -Force
Restart-Service QlikSenseSchedulerService -Force
}
Function qlikSenseUserAccess
{
$userAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
$licenseId = Invoke-QlikPost "/qrs/License/UserAccessGroup" $userAccessGroup
$systemRuleJson = (@{
name = "Grant Everyone a token";
category = "License";
rule = '((user.name like "*"))';
type = "Custom";
resourceFilter = "License.UserAccessGroup_" + $licenseId.id;
actions = 1;
ruleContext = "QlikSenseOnly";
disabled = $false;
comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
Write-Log -Message "Adding user license rule to grant Everyone Tokens."
try {
Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
}
Function qlikSenseProfessionalAccess
{
$professionalAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
$licenseId = Invoke-QlikPost "/qrs/License/ProfessionalAccessGroup" $professionalAccessGroup
$systemRuleJson = (@{
name = "Grant Everyone Professional Access";
category = "License";
rule = '((user.name like "*"))';
type = "Custom";
resourceFilter = "License.ProfessionalAccessGroup_" + $licenseId.id;
actions = 1;
ruleContext = "QlikSenseOnly";
disabled = $false;
comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
Write-Log -Message "Adding user license rule to grant Everyone access as Professional."
try {
Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
}
#-----------
write-log -Message "Waiting 1 minute for Qlik Sense installation to complete"
start-sleep -s 60
### wait for Qlik Sense Proxy service to respond with an HTTP 200 status before proceeding
connQSR
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200)
{
Write-Log -Message "Waiting 25 seconds before next pass" -Severity "Warn"
restartServices
Write-Log -Message "Waiting 45 seconds for Services to ensure they are ready" -Severity "Warn"
start-sleep -s 45
connQSR
}
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200) {
Write-Log -Message "Provisioning failed" -Severity "Error"
Exit
}
Write-Log -Message "Qlik Sense Proxy responding on $env:COMPUTERNAME, status code: $statusCode"
Write-Log -Message "Connecting to Qlik Sense Repository Service on $env:COMPUTERNAME"
restartQse
### Connect to the Qlik Sense Repository Service with Qlik-Cli
do {write-log -Message "Connecting to Qlik Sense Repository"; start-sleep 15}
While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials -ErrorAction SilentlyContinue).length -eq 0 )
### Enabling HTTP
#Write-Log -Message "Enabling HTTP access on Central Node proxy"
#try {
# Get-QlikProxy -filter "serverNodeConfiguration.Name eq 'Central'" | Update-QlikProxy -AllowHttp 1 | Out-Null
#} catch {
# Write-Log -Message $_.Exception.Message -Severity "Error"
#}
#Start-Sleep -s 10
### Install qlik-poc_com certificate
Write-Log -Message "Install 'qmi.qlik-poc.com' certificate, set thumbsprint and whitelist domain in QS central virtual proxy"
try {
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
$sslCert=Import-PfxCertificate -FilePath C:/provision/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
Update-QlikProxy -SslBrowserCertificateThumbprint $sslCert.Thumbprint -id (Get-QlikProxy).id | Out-Null
Start-Sleep -s 10
Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials | Out-Null
Update-QlikVirtualProxy -id (Get-QlikVirtualProxy -filter "description eq 'Central Proxy (Default)'").id -websocketCrossOriginWhiteList $Hostname | Out-Null
Start-Sleep -s 10
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}

10
archived/vm-fromsnapshot-win/scripts/qliksense/qs-reset-users.bat Normal file
View File

@@ -0,0 +1,10 @@
@echo off
set host_name=localhost
set owner_name=postgres
set PGPASSWORD=Qlik1234
C: && cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin" && psql -p 4432 -U %owner_name% -d QSR --command "UPDATE public.\"Users\" SET \"UserDirectory\" = '%COMPUTERNAME%', \"RolesString\" = 'RootAdmin' WHERE \"UserDirectory\" != 'INTERNAL';"
psql -p 4432 -U %owner_name% -d QSR --command "SELECT * FROM public.\"Users\" WHERE \"RolesString\" = 'RootAdmin';"
cd "C:\provision"
@echo off

32
vm-win2/scripts/qmiCLI.psm1 → archived/vm-fromsnapshot-win/scripts/qmiCLI.psm1
View File

@@ -83,38 +83,6 @@ Function Backup-QMIApps
Write-Log -Message "Commencing export process for local Qlik Sense Apps repository" -Severity 'Info'
### Get Apps
Write-Log -Message "Identifying eligible local Qlik Sense Apps" -Severity 'Info'
$arrApps = Get-QlikApp | ? {$_.stream.name -ne 'monitoring apps'} #| Sort Name
Write-Log -Message "Qlik Sense Apps identified: $($arrApps.Count)" -Severity 'Info'
Foreach ($objApp in $arrApps){
Write-Log -Message "Qlik App export job: $($objApp.Name)" -Severity 'Info'
If($objApp.Published -eq $True){
If(Test-Path -Path $($Destination + '\' + $objApp.stream.name)){
}
else{
Write-Log -Message "Identified new stream $($objApp.stream.name). Creating central stream repository" -Severity 'Info'
New-Item -ItemType Directory -Path $($Destination + '\' + $objApp.stream.name) -Force
}
$objApp | Export-QlikApp -filename $($Destination + '\' + $($objApp.stream.name) + '\' +$objApp.name + '.qvf')
Write-Log -Message "Qlik Sense Apps exported: $($objApp.Name)" -Severity 'Info'
}
else{
$objApp | Export-QlikApp -filename $($Destination + '\' + $objApp.name + '.qvf')
Write-Log -Message "Qlik Sense Apps exported: $($objApp.Name)" -Severity 'Info'
}
}
Export-App -Source $Source -Destination $Destination
Write-Log -Message "Concluding export process for local Qlik Sense Apps repository" -Severity 'Info'
}
Function Backup-QMIExtensions

15
vm-win2/scripts/qmiUtils.psm1 → archived/vm-fromsnapshot-win/scripts/qmiUtils.psm1
View File

@@ -15,6 +15,19 @@ Dependencies:
-
#>
Function New-MyCredential
{
param (
[string] $user,
[string] $pass
)
PROCESS {
$secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($user, $secpasswd)
}
}
Function CreateOdagLink
{
param (
@@ -48,7 +61,7 @@ Function CreateOdagLink
# Create ODAG Link
Write-Log -Message "Adding ODAG Link"
$rawOutput = $true
#$rawOutput = $true
$detailApp = $(Get-QlikApp -filter "name eq '$detailsAppName'").id
$selectionApp = $(Get-QlikApp -filter "name eq '$selectionAppName'").id
$sheetID = $(Invoke-QlikGet "/qrs/app/object" -filter "name eq '$sheet2OpenName' and objectType eq 'sheet'").engineObjectId

1
vm-win2/winrmconfig/winrm.ps1 → archived/vm-fromsnapshot-win/scripts/winrm.ps1
View File

@@ -27,3 +27,4 @@ net start winrm
#Set-Service -Name WinRM -StartupType Automatic
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
#Start-Service -Name WinRM

28
vm-win2/variables.tf → archived/vm-fromsnapshot-win/variables.tf
View File

@@ -1,19 +1,15 @@
variable "subnet_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-VM-Deployments"
}
variable "prefix" {
description = "The Prefix used for all resources in this example"
default = "QMI-WN-BL"
default = "QMI"
}
variable "subnet_id" {
}
variable "location" {
default = "East US"
}
variable "image_reference" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Compute/images/win-base-24022020"
variable "snapshot_id" {
}
variable "resource_group_name" {
@@ -32,7 +28,15 @@ variable "disk_size_gb" {
}
variable "admin_username" {
default = "qmi"
default = "scdemoadmin"
}
variable "initial_password" {
default = null
}
variable "virtual_machine_name" {
default = null
}
variable "user_id" {
@@ -56,4 +60,8 @@ variable "startupTime"{
default = null
}
variable "notrename" {
default = null
}

148
archived/vm-fromsnapshot/main.tf Normal file
View File

@@ -0,0 +1,148 @@
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 2
}
resource "random_password" "password" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_lower = 2
min_upper = 2
min_special = 2
}
locals {
virtual_machine_name = (var.virtual_machine_name != null)? var.virtual_machine_name : "${var.prefix}-${random_id.randomMachineId.hex}"
admin_username = var.admin_username
admin_password = random_password.password.result
notrename = (var.notrename != null)? "-NotApply" : ""
}
resource "azurerm_managed_disk" "copy" {
name = "Disk-${var.prefix}-${random_id.randomMachineId.hex}"
location = var.location
resource_group_name = var.resource_group_name
storage_account_type = "Premium_LRS"
create_option = "Copy"
source_resource_id = var.snapshot_id
disk_size_gb = var.disk_size_gb
tags = {
"Deployment" = "QMI PoC"
"Cost Center" = "3100"
"QMI_user" = var.user_id != null? var.user_id : null
}
}
module "qmi-nic" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
prefix = local.virtual_machine_name
location = var.location
subnet_id = var.subnet_id
resource_group_name = var.resource_group_name
user_id = var.user_id
}
resource "azurerm_virtual_machine" "vm" {
name = local.virtual_machine_name
location = var.location
resource_group_name = var.resource_group_name
network_interface_ids = [ module.qmi-nic.id ]
vm_size = var.vm_type
storage_os_disk {
name = azurerm_managed_disk.copy.name
os_type = "Windows"
managed_disk_id = azurerm_managed_disk.copy.id
managed_disk_type = "Premium_LRS"
create_option = "Attach"
}
os_profile_windows_config {
provision_vm_agent = true
enable_automatic_upgrades = false
winrm {
protocol = "http"
}
}
/*os_profile {
computer_name = local.virtual_machine_name
admin_username = local.admin_username
}*/
tags = {
"Deployment" = "QMI PoC"
"Cost Center" = "3100"
"ProvId" = var.provId != null? var.provId : null
"QMI_user" = var.user_id != null? var.user_id : null
"24x7" = var.is_24x7 == true? "" : null
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
"StartupTime": var.is_24x7 == false? var.startupTime : null
}
provisioner "file" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = var.initial_password
port = 5985
https = false
timeout = "10m"
}
source = "${path.module}/scripts"
destination = "C:/tmp/provision"
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = var.initial_password
port = 5985
https = false
timeout = "10m"
}
inline = [
"powershell.exe -File C:/tmp/provision/bootstrap.ps1",
"powershell.exe -File C:/tmp/provision/password.ps1 -Username ${local.admin_username} -Pass ${local.admin_password}"
]
}
# Rename Computer
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "10m"
}
inline = [
"powershell.exe -File C:/tmp/provision/RenameComputer.ps1 -NewName ${local.virtual_machine_name} ${local.notrename}"
]
on_failure = continue
}
}

10
vm-qdc-secure/outputs.tf → archived/vm-fromsnapshot/outputs.tf
View File

@@ -1,9 +1,9 @@
output "virtual_machine_id" {
value = azurerm_linux_virtual_machine.vm.id
value = azurerm_virtual_machine.vm.id
}
output "virtual_machine_name" {
value = "${var.prefix}-${random_id.randomMachineId.hex}"
value = azurerm_virtual_machine.vm.name
}
output "admin_username" {
@@ -24,8 +24,4 @@ output "nic_private_ip_address" {
output "nic_ip_configuration_name" {
value = module.qmi-nic.ip_configuration_name
}
}

14
archived/vm-fromsnapshot/scripts/RenameComputer.ps1 Normal file
View File

@@ -0,0 +1,14 @@
Param(
[string] $NewName,
[switch] $NotApply = $False
)
if ($NotApply){
Write-Host "Not renaming machine"
} else {
Write-Host "Machine is going to be renamed as $NewName"
Rename-Computer -NewName $NewName -Force -Restart
}

30
archived/vm-fromsnapshot/scripts/bootstrap.ps1 Normal file
View File

@@ -0,0 +1,30 @@
New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI -force | Out-Null
Copy-Item $PSScriptRoot\qmiCLI.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI\qmiCLI.psm1 | Out-Null
Import-Module qmiCLI.psm1 | Out-Null
#Importing Utils module
New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiUtils -force | Out-Null
Copy-Item $PSScriptRoot\qmiUtils.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiUtils\qmiUtils.psm1 | Out-Null
Import-Module qmiUtils.psm1 | Out-Null
Write-Log "Scripts locations is: $PSScriptRoot"
#Install Chocolatey
#Write-Log "Install Chocolatey"
#Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
### Disable Password policy
secedit /export /cfg c:\secpol.cfg | Out-Null
(Get-Content C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg | Out-Null
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY | Out-Null
rm -force c:\secpol.cfg -confirm:$false | Out-Null
#Write-Log "Resize Partition C to max size"
#$size = Get-PartitionSupportedSize -DriveLetter C
#Resize-Partition -DriveLetter C -Size $size.SizeMax | Out-Null

12
archived/vm-fromsnapshot/scripts/password.ps1 Normal file
View File

@@ -0,0 +1,12 @@
Param(
[string] $Username,
[string] $Pass
)
Import-Module "Carbon"
$secpasswd = ConvertTo-SecureString $Pass -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($Username, $secpasswd)
Install-User -Credential $cred
Write-Log "Done! Setting new password to user $Username"

29
archived/vm-fromsnapshot/scripts/q-user-setup.ps1 Normal file
View File

@@ -0,0 +1,29 @@
Write-Log "Starting q-user-setup.ps1"
Trap {
Write-Log -Message $_.Exception.Message -Severity "Error"
Break
}
### Install Carbon PowerShell Module
Write-Log -Message "Installing carbon"
choco install carbon -y | Out-Null
Import-Module "Carbon"
### create Qlik User
Write-Log -Message "Creating Qlik account"
$cred = New-MyCredential -user "Qlik" -pass "Qlik1234"
Install-User -Credential $cred
### Grant Remote Admin Rights to Qlik User
Write-Log -Message "Granting Qlik account Remote Interactive Logon Right"
Grant-Privilege -Identity $env:COMPUTERNAME\qlik -Privilege SeRemoteInteractiveLogonRight
Write-Log -Message "Adding Qlik user to Remote Desktop Users"
Add-GroupMember -Name 'Remote Desktop Users' -Member $env:COMPUTERNAME\qlik
Write-Log -Message "Adding Qlik user to local Administrators"
Add-GroupMember -Name 'Administrators' -Member $env:COMPUTERNAME\qlik
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control"
Set-ItemProperty $regPath -Name "ServicesPipeTimeout" -Type DWord -Value 180000

189
archived/vm-fromsnapshot/scripts/qmiCLI.psm1 Normal file
View File

@@ -0,0 +1,189 @@
<#
Module: QlikCLI
Author: Clint Carr
Byron Ainsworth
Modified by: -
last updated: 10/10/2017
Modification History:
-
Intent: Provide prepackaged commands to facilitate common QMI activities
Dependencies:
-
#>
function Write-Log
{
param (
[Parameter(Mandatory)]
[string]$Message,
[Parameter()]
[ValidateSet('Info','Warn','Error')]
[string]$Severity = 'Info'
)
$line = [pscustomobject]@{
'DateTime' = (Get-Date)
'Severity' = $Severity
'Message' = $Message
}
Write-Host "$($line.DateTime) [$($line.Severity)]: $($line.Message)"
$line | Export-Csv -Path c:\provision\QMIProvision.log -Append -NoTypeInformation
}
Function Backup-QMIAppsSerial
{
param (
[Parameter()]
[string]$Source = 'c:\QlikShare\apps\',
[Parameter()]
[string]$Destination = '\\VBOXSVR\shared-content\apps'
)
Write-Log -Message "Commencing export process for local Qlik Sense Apps repository" -Severity 'Info'
### Get Apps
Write-Log -Message "Identifying eligible local Qlik Sense Apps" -Severity 'Info'
$arrApps = Get-QlikApp | ? {$_.stream.name -ne 'monitoring apps'}
Write-Log -Message "Qlik Sense Apps identified: $($arrApps.Count)" -Severity 'Info'
Foreach($objApp in $arrApps){
If($objApp.Published -eq $True){
If(Test-Path -Path $($Destination + '\' + $objApp.stream.name)){
}
else{
Write-Log -Message "Identified new stream $($objApp.stream.name). Creating central stream repository" -Severity 'Info'
New-Item -ItemType Directory -Path $($Destination + '\' + $objApp.stream.name) -Force
}
$objApp | Export-QlikApp -filename $($Destination + '\' + $($objApp.stream.name) + '\' +$objApp.name + '.qvf')
Write-Log -Message "Qlik Sense Apps exported: $($objApp.Name)" -Severity 'Info'
}else{
$objApp | Export-QlikApp -filename $($Destination + '\' + $objApp.name + '.qvf')
Write-Log -Message "Qlik Sense Apps exported: $($objApp.Name)" -Severity 'Info'
}
}
Write-Log -Message "Concluding export process for local Qlik Sense Apps repository" -Severity 'Info'
}
Function Backup-QMIApps
{
param (
[Parameter()]
[string]$Source = 'c:\QlikShare\apps\',
[Parameter()]
[string]$Destination = '\\VBOXSVR\shared-content\apps'
)
Write-Log -Message "Commencing export process for local Qlik Sense Apps repository" -Severity 'Info'
}
Function Backup-QMIExtensions
{
param (
[Parameter()]
[string]$Source = 'C:\QlikShare\StaticContent\Extensions\',
[Parameter()]
[string]$Destination = '\\VBOXSVR\shared-content\extensions'
)
Write-Log -Message "Commencing export process for Extensions to from local $env:computername to central shared-content repository" -Severity 'Info'
## Verify source directory exists
If (Test-Path $Source){
Write-Log -Message "Confirmed local Extensions repository exists" -Severity 'Info'
Try
{
$arrExtensions = Get-ChildItem -Path $Source | ? {$_.Name -notlike "idevio*"}
foreach($objExtension in $arrExtensions){
Compress-Archive -Path $objExtension.FullName -DestinationPath $($Destination + '\' + $objExtension.name + '.zip' ) -CompressionLevel 'Optimal' -Force
}
#$arrObjects | Copy-Item -Destination $Destination -Recurse -Force -Verbose
Write-Log -Message "Concluding export process for Extensions repository" -Severity 'Info'
}
Catch
{
$_.Exception.Message
$_.Exception.ItemName
Write-Log -Message "Something went wrong with the file transfer. Confirm shared-content is available at $Destination" -Severity 'Error'
}
}else{
Write-Log -Message "Local Extensions repository does not exist. If you have placed your local repository in a location other than $Source you can leverage the Source argument to override" -Severity 'Error'
Exit
}
}
Function Backup-QMIReferenceData
{
param (
[Parameter()]
[string]$Source = 'c:\QlikShare\ReferenceData\',
[Parameter()]
[string]$Destination = '\\VBOXSVR\shared-content\ReferenceData'
)
Write-Log -Message "Commencing export process for ReferenceData to from local $env:computername to central shared-content repository" -Severity 'Info'
## Verify source directory exists
If (Test-Path $Source){
Write-Log -Message "Confirmed local ReferenceData repository exists" -Severity 'Info'
Try
{
$arrObjects = Get-ChildItem -Path $Source
$arrObjects | Copy-Item -Destination $Destination -Recurse -Force -Verbose
Write-Log -Message "Concluding export process for ReferenceData repository" -Severity 'Info'
}
Catch
{
Write-Log -Message "Something went wrong with the file transfer. Confirm shared-content is available at $Destination" -Severity 'Error'
}
}else{
Write-Log -Message "Local ReferenceData repository does not exist. If you have placed your local repository in a location other than $Source you can leverage the Source argument to override" -Severity 'Error'
Exit
}
}
Function Backup-QMIContentLibraries
{
param (
[Parameter()]
[string]$Source = 'C:\QlikShare\StaticContent\Content\',
[Parameter()]
[string]$Destination = '\\VBOXSVR\shared-content\ContentLibrary'
)
Write-Log -Message "Commencing export process for ContentLibraries to from local $env:computername to central shared-content repository" -Severity 'Info'
## Verify source directory exists
If (Test-Path $Source){
Write-Log -Message "Confirmed local ContentLibraries repository exists" -Severity 'Info'
Try
{
$arrObjects = Get-ChildItem -Path $Source
$arrObjects | Copy-Item -Destination $Destination -Recurse -Force -Verbose
Write-Log -Message "Concluding export process for ContentLibraries repository" -Severity 'Info'
}
Catch
{
Write-Log -Message "Something went wrong with the file transfer. Confirm shared-content is available at $Destination" -Severity 'Error'
}
}else{
Write-Log -Message "Local ContentLibraries repository does not exist. If you have placed your local repository in a location other than $Source you can leverage the Source argument to override" -Severity 'Error'
Exit
}
}

92
archived/vm-fromsnapshot/scripts/qmiUtils.psm1 Normal file
View File

@@ -0,0 +1,92 @@
<#
Module: UtilsQMI
Author: Manuel Romero
Clint Car
Modified by: -
last updated: 11/10/2017
Modification History:
-
Intent: One place for common functions across modules we don't want in qmiCLI
Dependencies:
-
#>
Function New-MyCredential
{
param (
[string] $user,
[string] $pass
)
PROCESS {
$secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($user, $secpasswd)
}
}
Function CreateOdagLink
{
param (
[string]$odagLinkName,
[string]$selectionAppName,
[string]$detailsAppName,
[string]$sheet2OpenName,
[string]$odagLinkExpression,
[int]$rowsLimit,
[int]$appsLimit,
[string]$retentionTime,
[string]$sheetEmbedName
)
PROCESS {
Trap {
Write-Log -Message "Error in function CreateOdagLink" -Severity "Error"
Write-Log -Message $_.Exception.Message -Severity "Error"
Break
}
Write-Log -Message "Installing NodeJs"
cinst nodejs.install --version 6.4.0 | Out-Null
if ( -Not (Test-Path C:\OdagEnigma) ) {
Write-Log -Message "Unzipping Node EnigmaJS"
Expand-Archive -LiteralPath C:\installation\EnigmaModule.zip -DestinationPath C:\OdagEnigma -Force | Out-Null
}
# Create ODAG Link
Write-Log -Message "Adding ODAG Link"
#$rawOutput = $true
$detailApp = $(Get-QlikApp -filter "name eq '$detailsAppName'").id
$selectionApp = $(Get-QlikApp -filter "name eq '$selectionAppName'").id
$sheetID = $(Invoke-QlikGet "/qrs/app/object" -filter "name eq '$sheet2OpenName' and objectType eq 'sheet'").engineObjectId
$data = (@{"name"=$odagLinkName;
"templateApp"=$detailApp;
"rowEstExpr"=$odagLinkExpression;
"properties"=@{
"rowEstRange"=@(@{"context"="*";"highBound"=$rowsLimit});
"genAppLimit"=@(@{"context"="User_*";"limit"=$appsLimit});
"appRetentionTime"=@(@{"context"="User_*";"retentionTime"=$retentionTime});
"targetSheet"=@(@{"context"="User_*";"sheetId"=$sheetID})};
"selectionApp"=$selectionApp}) | ConvertTo-Json -Compress -Depth 10
$result = $(Invoke-QlikPost "/api/odag/v1/links" $data)
$odagLinkRef = $result.objectDef.id
Write-Log -Message "ODAG link added $odagLinkRef"
$sheetSelectionID = $(invoke-qlikget "/qrs/app/object" -filter "name eq '$sheetEmbedName' and objectType eq 'sheet'").engineObjectId
# EnigmaJS to attach this link to apps and sheet using APIs
C:\OdagEnigma\run.bat $odagLinkRef $odagLinkName $sheetSelectionID $selectionAppName $detailsAppName
return $odagLinkRef
}
}

30
archived/vm-fromsnapshot/scripts/winrm.ps1 Normal file
View File

@@ -0,0 +1,30 @@
Write-Host "Delete any existing WinRM listeners"
winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null
#winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null
Write-Host "Create a new WinRM listener and configure"
winrm create winrm/config/listener?Address=*+Transport=HTTP
#winrm set winrm/config/winrs "@{MaxMemoryPerShellMB=`"0`"}"
winrm set winrm/config "@{MaxTimeoutms=`"1800000`"}"
winrm set winrm/config/service "@{AllowUnencrypted=`"true`"}"
#winrm set winrm/config/service "@{MaxConcurrentOperationsPerUser=`"12000`"}"
winrm set winrm/config/service/auth "@{Basic=`"true`"}"
winrm set winrm/config/client/auth "@{Basic=`"true`"}"
Write-Host "Configure UAC to allow privilege elevation in remote shells"
$Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
$Setting = 'LocalAccountTokenFilterPolicy'
Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force
#Write-Host "turn off PowerShell execution policy restrictions"
#Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Write-Host "Configure and restart the WinRM Service; Enable the required firewall exception"
net stop winrm
net start winrm
#Stop-Service -Name WinRM
#Set-Service -Name WinRM -StartupType Automatic
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
#Start-Service -Name WinRM

66
archived/vm-fromsnapshot/variables.tf Normal file
View File

@@ -0,0 +1,66 @@
variable "prefix" {
default = "QMI"
}
variable "subnet_id" {
}
variable "location" {
}
variable "snapshot_id" {
}
variable "resource_group_name" {
}
variable "vm_type" {
default = "Standard_D4s_v3"
}
variable "managed_disk_type" {
default = "Premium_LRS"
}
variable "disk_size_gb" {
default = "128"
}
variable "admin_username" {
default = "scdemoadmin"
}
variable "initial_password" {
}
variable "virtual_machine_name" {
default = null
}
variable "user_id" {
default = null
}
variable "provId" {
default = null
}
variable "is_24x7"{
type = bool
default = null
}
variable "shutdownTime"{
default = null
}
variable "startupTime"{
default = null
}
variable "notrename" {
default = null
}

154
archived/vm-qs-np/main.tf Normal file
View File

@@ -0,0 +1,154 @@
resource "random_id" "randomMachineId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = var.resource_group_name
}
byte_length = 2
}
resource "random_password" "password" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_lower = 2
min_upper = 2
min_special = 2
}
resource "random_password" "qlikpassword" {
length = 16
special = true
override_special = "_!@"
upper = true
lower = true
min_lower = 2
min_upper = 2
min_special = 2
}
locals {
virtual_machine_name = "${var.prefix}-${random_id.randomMachineId.hex}"
admin_username = var.admin_username
admin_password = random_password.password.result
}
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "sensorsettings" {
name = "carbonblack-sensorsettings"
key_vault_id = var.key_vault_id
}
module "qmi-nic" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
prefix = local.virtual_machine_name
location = var.location
subnet_id = var.subnet_id
resource_group_name = var.resource_group_name
user_id = var.user_id
}
resource "azurerm_virtual_machine" "vm" {
name = local.virtual_machine_name
location = var.location
resource_group_name = var.resource_group_name
network_interface_ids = [module.qmi-nic.id]
vm_size = var.vm_type
delete_os_disk_on_termination = true
delete_data_disks_on_termination = true
storage_image_reference {
id = var.image_reference
}
storage_os_disk {
name = "${local.virtual_machine_name}-osdisk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = var.managed_disk_type
disk_size_gb = var.disk_size_gb
}
os_profile {
computer_name = local.virtual_machine_name
admin_username = local.admin_username
admin_password = local.admin_password
}
os_profile_windows_config {
provision_vm_agent = true
enable_automatic_upgrades = false
winrm {
protocol = "http"
}
}
provisioner "file" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = local.admin_username
password = local.admin_password
port = 5985
https = false
timeout = "3m"
}
source = "${path.module}/scripts"
destination = "C:/provision"
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = "qservice"
password = "Qlik1234"
port = 5985
https = false
timeout = "3m"
}
inline = [
"powershell.exe -File C:/provision/resethostname.ps1"
]
}
provisioner "remote-exec" {
connection {
type = "winrm"
host = module.qmi-nic.private_ip_address
user = "qservice"
password = "Qlik1234"
port = 5985
https = false
timeout = "3m"
}
inline = [
"powershell.exe -File C:/provision/qs-post-cfg.ps1 -Hostname ${var.resource_group_name}.qmi.qlik-poc.com -CertPwd ${data.azurerm_key_vault_secret.cert-password.value} -QlikUserPwd ${random_password.qlikpassword.result}",
"powershell.exe -File C:/provision/np-post.ps1"
]
}
tags = {
Deployment = "QMI PoC"
"Cost Center" = "3100"
"ProvId" = var.provId != null? var.provId : null
"QMI_user" = var.user_id != null? var.user_id : null
"24x7" = var.is_24x7 == true? "" : null
"ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
"StartupTime": var.is_24x7 == false? var.startupTime : null
}
}

2
vm-qs-secure/outputs.tf → archived/vm-qs-np/outputs.tf
View File

@@ -1,5 +1,5 @@
output "virtual_machine_id" {
value = azurerm_windows_virtual_machine.vm.id
value = azurerm_virtual_machine.vm.id
}
output "virtual_machine_name" {

16
archived/vm-qs-np/scripts/carbonblack.ps1 Normal file
View File

@@ -0,0 +1,16 @@
Param(
[string] $SensorSettings
)
Write-Log -Message "Installing and configuring Carbon Black"
New-Item C:\provision\sensorsettings.ini | Out-Null
Set-Content C:\provision\sensorsettings.ini $SensorSettings | Out-Null
(Get-Content C:\provision\sensorsettings.ini) -replace ' ',"`r`n" | Set-Content C:\provision\sensorsettings.ini -Force
C:\provision\CarbonBlackClientSetup.exe /S
Write-Log -Message "Carbon Black is configure!"

27
archived/vm-qs-np/scripts/np-post.ps1 Normal file
View File

@@ -0,0 +1,27 @@
Function restartNPServices
{
write-log -Message "Starting NPrinting Services on $env:COMPUTERNAME"
Set-Service -Name QlikNPrintingEngine -StartupType Automatic
Set-Service -Name QlikNPrintingWebEngine -StartupType Automatic
Set-Service -Name QlikNPrintingScheduler -StartupType Automatic
Set-Service -Name QlikNPrintingMessagingService -StartupType Automatic
Set-Service -Name QlikNPrintingRepoService -StartupType Automatic
Set-Service -Name QlikNPrintingLicenseService -StartupType Automatic
Start-Service -InputObject QlikNPrintingRepoService -ErrorAction SilentlyContinue
Start-Service -InputObject QlikNPrintingMessagingService -ErrorAction SilentlyContinue
Start-Service -InputObject QlikNPrintingWebEngine -ErrorAction SilentlyContinue
Start-Service -InputObject QlikNPrintingEngine -ErrorAction SilentlyContinue
Start-Service -InputObject QlikNPrintingScheduler -ErrorAction SilentlyContinue
Start-Service -InputObject QlikNPrintingLicenseService -ErrorAction SilentlyContinue
}
Write-Log -Message "Exporting new certificates"
Export-QlikCertificate -machineNames "localhost" -includeSecretsKey -exportFormat "Windows"
Export-QlikCertificate -machineNames "localhost" -includeSecretsKey -exportFormat "Pem"
Copy-Item "C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\localhost\client.pfx" -Destination "C:\Program Files\NPrintingServer\Settings\SenseCertificates" -Force
restartNPServices

172
archived/vm-qs-np/scripts/qs-post-cfg.ps1 Normal file
View File

@@ -0,0 +1,172 @@
<#
Module: qs-post-cfg
Author: Clint Carr
Modified by: -
Modification History:
- Fixed connect as user logic (qlik-cli change)
- Added logic to accomodate for Professional/Analyzer or User licenses
- Added a loop into the Connect-Qlik statement to remove an abort error
- Added Logging
- Added comments
- Error checking
- Modified service connection for Qlik Sense from endless loop to a set number of attempts.
- Added a service restart at the end of the Central Node (seems to resolve an issue with April 2018)
last updated: 10/18/2019
Intent: Configure the Qlik Sense environment with applications and Security Rules.
#>
Param(
[string] $Hostname,
[string] $CertPwd,
[string] $QlikUserPwd
)
Import-Module Qlik-Cli
Import-Module "Carbon"
# Helper Functions
# ----------------
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
Write-Log -Message "Creating Qlik account"
$cred = New-Credential "Qlik" $QlikUserPwd
Install-User -Credential $cred
Write-Log -Message "Starting qs-post-cfg.ps1"
### Waiting for Qlik Sense installation to complete
#-----------
Function restartQse
{
Write-Log "Checking Engine Service has started..."
$qse = get-service QlikSenseEngineService
write-log -Message "The engine is currently $($qse.Status)"
if ($qse.Status -eq "Stopped") {
Write-Log -Message "Starting Qlik Sense Engine and waiting 120 seconds" -Severity "Warn";
Start-Service QlikSenseEngineService ;
Restart-Service QlikSenseServiceDispatcher;
start-sleep -s 120
}
write-log -Message "The engine is currently $($qse.Status)"
}
Function connQSR
{
$i = 1
$statusCode = 0
while ($statusCode -ne 200 -and $i -le 10)
{
try {$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode }
catch
{
$i++
write-log -Message "QSR on $env:COMPUTERNAME not responding attempt $i of 10..." -Severity "Warn"
start-sleep -s 20
}
}
}
Function restartServices
{
write-log -Message "Restarting Qlik Sense Services on $env:COMPUTERNAME" -Severity "Warn"
Restart-Service QlikSenseRepositoryDatabase -Force
Restart-Service QlikLoggingService -Force
Restart-Service QlikSenseServiceDispatcher -Force
Restart-Service QlikSenseRepositoryService -Force
Restart-Service QlikSenseProxyService -Force
Restart-Service QlikSenseEngineService -Force
Restart-Service QlikSensePrintingService -Force
Restart-Service QlikSenseSchedulerService -Force
}
Function qlikSenseUserAccess
{
$userAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
$licenseId = Invoke-QlikPost "/qrs/License/UserAccessGroup" $userAccessGroup
$systemRuleJson = (@{
name = "Grant Everyone a token";
category = "License";
rule = '((user.name like "*"))';
type = "Custom";
resourceFilter = "License.UserAccessGroup_" + $licenseId.id;
actions = 1;
ruleContext = "QlikSenseOnly";
disabled = $false;
comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
Write-Log -Message "Adding user license rule to grant Everyone Tokens."
try {
Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
}
Function qlikSenseProfessionalAccess
{
$professionalAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
$licenseId = Invoke-QlikPost "/qrs/License/ProfessionalAccessGroup" $professionalAccessGroup
$systemRuleJson = (@{
name = "Grant Everyone Professional Access";
category = "License";
rule = '((user.name like "*"))';
type = "Custom";
resourceFilter = "License.ProfessionalAccessGroup_" + $licenseId.id;
actions = 1;
ruleContext = "QlikSenseOnly";
disabled = $false;
comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
Write-Log -Message "Adding user license rule to grant Everyone access as Professional."
try {
Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}
}
#-----------
write-log -Message "Waiting 1 minute for Qlik Sense installation to complete"
start-sleep -s 60
### wait for Qlik Sense Proxy service to respond with an HTTP 200 status before proceeding
connQSR
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200)
{
Write-Log -Message "Waiting 25 seconds before next pass" -Severity "Warn"
restartServices
Write-Log -Message "Waiting 45 seconds for Services to ensure they are ready" -Severity "Warn"
start-sleep -s 45
connQSR
}
$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
if ($statusCode -ne 200) {
Write-Log -Message "Provisioning failed" -Severity "Error"
Exit
}
Write-Log -Message "Qlik Sense Proxy responding on $env:COMPUTERNAME, status code: $statusCode"
Write-Log -Message "Connecting to Qlik Sense Repository Service on $env:COMPUTERNAME"
restartQse
### Connect to the Qlik Sense Repository Service with Qlik-Cli
do {write-log -Message "Connecting to Qlik Sense Repository"; start-sleep 15}
While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials -ErrorAction SilentlyContinue).length -eq 0 )
### Install qlik-poc_com certificate
Write-Log -Message "Install qlik-poc_com certificate"
try {
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
$sslCert=Import-PfxCertificate -FilePath C:/provision/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
Update-QlikProxy -SslBrowserCertificateThumbprint $sslCert.Thumbprint -id (Get-QlikProxy).id | Out-Null
Start-Sleep -s 10
Update-QlikVirtualProxy -id (Get-QlikVirtualProxy -filter "description eq 'Central Proxy (Default)'").id -websocketCrossOriginWhiteList $Hostname | Out-Null
} catch {
Write-Log -Message $_.Exception.Message -Severity "Error"
}

97
archived/vm-qs-np/scripts/resethostname.ps1 Normal file
View File

@@ -0,0 +1,97 @@
Write-Log "Resize Partition C to max size"
$size = Get-PartitionSupportedSize -DriveLetter C
Resize-Partition -DriveLetter C -Size $size.SizeMax
# Helper Functions
# ----------------
function New-Credential($u,$p) {
$secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
}
$cred = New-Credential "qservice" "Qlik1234"
#import-module "Carbon"
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
Set-Service -Name "QlikLoggingService" -StartupType Automatic
Set-Service -Name "QlikSenseServiceDispatcher" -StartupType Automatic
Set-Service -Name "QlikSenseProxyService" -StartupType Automatic
Set-Service -Name "QlikSenseEngineService" -StartupType Automatic
Set-Service -Name "QlikSensePrintingService" -StartupType Automatic
Set-Service -Name "QlikSenseSchedulerService" -StartupType Automatic
Set-Service -Name "QlikSenseRepositoryService" -StartupType Automatic
Set-Service -Name "QlikSenseRepositoryDatabase" -StartupType Automatic
Write-Log "Starting QlikSenseRepositoryDatabase and QlikSenseServiceDispatcher"
Start-Service QlikSenseRepositoryDatabase
Start-Service QlikSenseServiceDispatcher
#Delete certificates
Write-Log "Deleting old certificates"
#Get-ChildItem "$($env:ProgramData)\Qlik\Sense\Repository\Exported Certificates\" | Remove-Item -Recurse
$Certs = Get-ChildItem cert:"CurrentUser\My" | Where-Object { $_.Subject -match 'QlikClient' }
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
$Certs = Get-ChildItem cert:"LocalMachine\My" | Where-Object { $_.Subject -match 'GEN-QS' -or $_.Subject -match 'QMI-QS' }
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
$Certs = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'GEN-QS' -or $_.Subject -match 'QMI-QS' }
$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
Write-Log "Setting new hostname to Host.cfg file"
Write-Log $($env:computername)
$enchostname = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("$($env:computername)"))
Set-Content -Path C:\ProgramData\Qlik\Sense\Host.cfg -Value $enchostname
Write-Log "Recreating Qlik Sense certificates"
# AS if qservice user
Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
#From PS
#Start-Process -FilePath "C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe" -ArgumentList "/bootstrap /standalone /restorehostname" -Verb runAs
#qs
#Start-Process powershell.exe -Credential $cred -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
$waiting=50
Write-Log "Waiting $waiting secs ..."
Start-Sleep -s $waiting
#- Wait 10 seconds
Write-Log "Restarting Service Dispatcher"
#- Restart Service Dispacher
Restart-Service QlikSenseServiceDispatcher -Force
#- Restart rest of the services
Start-Sleep -s 20
Write-Log "New Certs: CurrentUser\My"
Get-ChildItem cert:"CurrentUser\My"
Write-Log "New Certs: LocalMachine\My"
Get-ChildItem cert:"LocalMachine\My"
Write-Log "New Certs: LocalMachine\Root"
Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
$NewCerts = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
if ($NewCerts) {
Write-Log "Restarting all Qlik Sense services"
Restart-Service QlikSenseServiceDispatcher -Force
Restart-Service QlikLoggingService -Force
Restart-Service QlikSenseRepositoryService -Force
Restart-Service QlikSenseProxyService -Force
Restart-Service QlikSenseEngineService -Force
Restart-Service QlikSenseSchedulerService -Force
Restart-Service QlikSensePrintingService -Force
Start-Sleep -s 20
Write-Log "Recovering Qlik Sense users"
Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/c C:\provision\updatedir.bat'"
Restart-Service QlikSenseRepositoryService -Force
} else {
Write-Error "Error: Qlik Sense Certs not recreated!"
throw "Error: Qlik Sense Certs not recreated!"
}
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f

10
archived/vm-qs-np/scripts/updatedir.bat Normal file
View File

@@ -0,0 +1,10 @@
@echo off
set host_name=localhost
set owner_name=postgres
set PGPASSWORD=Qlik1234
C: && cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin" && psql -p 4432 -U %owner_name% -d QSR --command "UPDATE public.\"Users\" SET \"UserDirectory\" = '%COMPUTERNAME%', \"RolesString\" = 'RootAdmin' WHERE \"UserDirectory\" != 'INTERNAL';"
psql -p 4432 -U %owner_name% -d QSR --command "SELECT * FROM public.\"Users\" WHERE \"RolesString\" = 'RootAdmin';"
cd "C:\provision"
@echo off

23
vm-fort-az/variables.tf → archived/vm-qs-np/variables.tf
View File

@@ -1,11 +1,10 @@
variable "subnet_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-VM-Deployments"
}
variable "prefix" {
description = "The Prefix used for all resources in this example"
default = "QMI-FORT"
default = "QMI-QS-NP"
}
variable "location" {
@@ -13,7 +12,7 @@ variable "location" {
}
variable "image_reference" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Compute/images/win-base-24022020"
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Compute/images/qliksense-nprinting-base-feb20sr1"
}
variable "resource_group_name" {
@@ -32,18 +31,22 @@ variable "disk_size_gb" {
}
variable "admin_username" {
default = "qlikfort"
}
variable "user_id" {
default = null
default = "qmi"
}
variable "provId" {
default = null
}
variable "is_24x7"{
variable "user_id" {
default = null
}
variable "key_vault_id" {
default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.KeyVault/vaults/qmisecrets"
}
ariable "is_24x7"{
type = bool
default = null
}
@@ -55,5 +58,3 @@ variable "shutdownTime"{
variable "startupTime"{
default = null
}

9
aws-olh-prereqs/kinesis.tf
View File

@@ -1,9 +0,0 @@
resource "aws_kinesis_stream" "qlik_stream" {
name = "qlik-data-stream-${var.provision_id}" # Change the name as needed
shard_count = 1
stream_mode_details {
stream_mode = "PROVISIONED"
}
retention_period = 24 # Optional: Retain records for 24 hours (default)
}

14
aws-olh-prereqs/kms.tf
View File

@@ -1,14 +0,0 @@
resource "aws_kms_key" "qlik_key" {
description = "QMIOpenLakehouse - Customer managed key for Qlik resources"
deletion_window_in_days = 10
enable_key_rotation = true
tags = {
Alias = "kms-for-qmi-olh-${var.provision_id}"
}
}
resource "aws_kms_alias" "qlik_key_alias" {
name = "alias/kms-for-qmi-olh-${var.provision_id}"
target_key_id = aws_kms_key.qlik_key.key_id
}

8
aws-olh-prereqs/main.tf
View File

@@ -1,8 +0,0 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.0.0"
}
}
}

71
aws-olh-prereqs/output.tf
View File

@@ -1,71 +0,0 @@
output "AWS_ACCOUNT_ID" {
value = var.aws_account_id
}
output "VPC_ID" {
value = aws_vpc.main.id
}
output "VPC_CIDR" {
value = var.vpc_cidr
}
output "PUBLIC_SUBNET_CIDRS" {
value = var.public_subnet_cidrs
}
output "SUBNETS_IDS" {
value = aws_subnet.public[*].id
}
output "PUBLIC_SUBNET_AZS" {
value = [
for subnet in aws_subnet.public : subnet.availability_zone
]
}
output "KMS_KEY_ARN" {
value = aws_kms_key.qlik_key.arn
}
output "KINESIS_STREAM_NAME" {
value = aws_kinesis_stream.qlik_stream.name
}
output "SECURITY_GROUP_ID" {
value = aws_security_group.allow_tls.id
}
output "MANAGEMENT_ROLE_ARN" {
value = aws_iam_role.olh_mgmt_role.arn
}
output "EC2_INTANCE_ROLE_ARN" {
value = aws_iam_role.olh_ec2_role.arn
}
output "EC2_INTANCE_PROFILE_ARN" {
value = aws_iam_instance_profile.ec2_instance_profile.arn
}
output "S3_BUCKET_NAME" {
value = module.qmi-s3-bucket.bucket.s3_bucket_id
}
output "S3_BUCKET_REGION" {
value = module.qmi-s3-bucket.bucket.s3_bucket_region
}
output "S3_BUCKET_ACCESS_KEY" {
value = module.qmi-s3-bucket.iam_access_key
}
output "S3_BUCKET_ACCESS_SECRET" {
value = module.qmi-s3-bucket.iam_access_secret
}
output "TAGS" {
value = "Environment = QMI-${var.provision_id}"
}

156
aws-olh-prereqs/role-ec2.tf
View File

@@ -1,156 +0,0 @@
resource "aws_iam_role" "olh_ec2_role" {
name = "qmi_olh_ec2_${var.provision_id}"
assume_role_policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Principal": {
"Service" : "ec2.amazonaws.com"
}
}
]
})
}
resource "aws_iam_role_policy" "server_policy" {
name = "qmi-olh-${var.provision_id}_s3_policy"
role = aws_iam_role.olh_ec2_role.id
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"ec2:AttachVolume",
"ec2:DetachVolume",
"autoscaling:SetInstanceHealth"
],
"Condition": {
"Null": {
"aws:ResourceTag/qlik_cluster": "false"
}
}
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"cloudwatch:PutMetricData"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:kinesis:*:*:stream/${aws_kinesis_stream.qlik_stream.name}"
],
"Action": [
"kinesis:PutRecord",
"kinesis:DescribeStreamSummary",
"kinesis:ListShards",
"kinesis:PutRecords",
"kinesis:GetShardIterator",
"kinesis:GetRecords",
"kinesis:DescribeStream",
"kinesis:ListStreamConsumers"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::${module.qmi-s3-bucket.bucket.s3_bucket_id}"
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::${module.qmi-s3-bucket.bucket.s3_bucket_id}",
"arn:aws:s3:::${module.qmi-s3-bucket.bucket.s3_bucket_id}/*"
],
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:AbortMultipartUpload",
"s3:DeleteObjectVersion",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetObjectVersion"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:parameter/qlik/*"
],
"Action": [
"ssm:GetParameter",
"ssm:PutParameter"
]
},
{
"Effect": "Allow",
"Resource": [
"${aws_kms_key.qlik_key.arn}"
],
"Action": [
"kms:*"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"sts:AssumeRole"
],
"Condition": {
"StringEquals": {
"sts:ExternalId": "6b69f9c3c8f502f2ddfc8434d443f172ebe4c032f4ef1a3c51215d27a58ca799"
}
}
},
{
"Effect": "Allow",
"Action": [
"glue:CreateTable",
"glue:UpdateTable",
"glue:DeleteTable",
"glue:BatchDeleteTable",
"glue:GetTable",
"glue:GetTables",
"glue:CreateDatabase",
"glue:UpdateDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:GetUserDefinedFunction"
],
"Resource": [
"arn:aws:glue:us-east-1:*:catalog",
"arn:aws:glue:us-east-1:*:database/*",
"arn:aws:glue:us-east-1:*:table/*/*"
]
}
]
}
)
}
resource "aws_iam_instance_profile" "ec2_instance_profile" {
name = "qmi-olh-instance-profile-${var.provision_id}"
role = aws_iam_role.olh_ec2_role.name
}

233
aws-olh-prereqs/role-mgmt.tf
View File

@@ -1,233 +0,0 @@
resource "aws_iam_role" "olh_mgmt_role" {
name = "qmi_olh_mgmt_${var.provision_id}"
assume_role_policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::072398622971:role/upsolver-proxy-assume-role"
},
"Action": [
"sts:AssumeRole"
],
"Condition": {
"StringEquals": {
"sts:ExternalId": "6b69f9c3c8f502f2ddfc8434d443f172ebe4c032f4ef1a3c51215d27a58ca799"
}
}
},
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Principal": {
"Service" : "ec2.amazonaws.com"
}
}
]
})
}
resource "aws_iam_role_policy" "inline_policy" {
name = "qmi-olh-role-policy-${var.provision_id}"
role = aws_iam_role.olh_mgmt_role.id
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"ec2:CancelSpotInstanceRequests",
"ec2:CreateLaunchTemplate",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DescribeAddresses",
"ec2:DescribeImageAttribute",
"ec2:DescribeImages",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstanceTypeOfferings",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeTags",
"ec2:DescribeRegions",
"ec2:DescribeSubnets",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:RequestSpotInstances",
"ec2:DescribeVolumes"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:launch-template/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:volume/*"
],
"Action": [
"ec2:RunInstances"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:DeleteLaunchTemplate",
"ec2:TerminateInstances",
"ec2:StartInstances",
"ec2:ModifyLaunchTemplate",
"ec2:DeleteLaunchTemplateVersions",
"ec2:CreateLaunchTemplateVersion"
],
"Condition": {
"Null": {
"aws:ResourceTag/qlik_cluster": "false"
}
}
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeletePolicy",
"autoscaling:PutScalingPolicy",
"autoscaling:StartInstanceRefresh",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup"
],
"Condition": {
"Null": {
"aws:ResourceTag/qlik_cluster": "false"
}
}
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateOrUpdateTags",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeInstanceRefreshes",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScalingActivities"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"ec2:DescribeRegions",
"ec2:DescribeSubnets",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricData"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms"
],
"Condition": {
"Null": {
"aws:ResourceTag/qlik_cluster": "false"
}
}
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"iam:AddRoleToInstanceProfile",
"iam:CreateServiceLinkedRole",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:ListAccountAliases",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfiles",
"iam:ListInstanceProfilesForRole",
"iam:ListPolicies",
"iam:ListRoles",
"iam:PassRole"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"sts:DecodeAuthorizationMessage"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:${var.aws_account_id}:parameter/qlik/*"
],
"Action": [
"ssm:PutParameter"
]
},
{
"Effect": "Allow",
"Resource": [
"${aws_kms_key.qlik_key.arn}"
],
"Action": [
"kms:GenerateDataKeyPairWithoutPlaintext",
"kms:Encrypt"
]
}
]
})
}

10
aws-olh-prereqs/s3.tf
View File

@@ -1,10 +0,0 @@
module "qmi-s3-bucket" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//s3-bucket"
bucket_name = "qmi-olh-bucket-${var.provision_id}"
provision_id = var.provision_id
user_id = var.user_id
forced_destroy = var.forced_destroy
}

30
aws-olh-prereqs/variables.tf
View File

@@ -1,30 +0,0 @@
variable "aws_account_id" {
description = "AWS account ID"
}
variable "region" {
description = "AWS region"
default = "us-east-1"
}
variable "provision_id" {
}
variable "user_id" {
}
variable "vpc_cidr" {
default = "10.0.0.0/16"
}
variable "public_subnet_cidrs" {
default = ["10.0.1.0/24", "10.0.2.0/24"]
}
variable "forced_destroy" {
default = null
}

74
aws-olh-prereqs/vpc.tf
View File

@@ -1,74 +0,0 @@
resource "aws_vpc" "main" {
cidr_block = var.vpc_cidr
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "qmi-olh-vpc-${var.provision_id}"
}
}
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.main.id
tags = {
Name = "qmi-olh-igw-${var.provision_id}"
}
}
data "aws_availability_zones" "available" {
state = "available"
}
resource "aws_subnet" "public" {
count = length(var.public_subnet_cidrs)
vpc_id = aws_vpc.main.id
cidr_block = var.public_subnet_cidrs[count.index]
availability_zone = data.aws_availability_zones.available.names[count.index]
map_public_ip_on_launch = true
tags = {
Name = "qmi-olh-subnet-${var.provision_id}-${count.index + 1}"
}
}
resource "aws_route_table" "public" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}
}
resource "aws_route_table_association" "public_assoc" {
count = length(var.public_subnet_cidrs)
subnet_id = aws_subnet.public[count.index].id
route_table_id = aws_route_table.public.id
}
resource "aws_security_group" "allow_tls" {
name = "olh-${var.provision_id}-SG"
description = "olh-${var.provision_id}-SG"
vpc_id = aws_vpc.main.id
}
resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {
security_group_id = aws_security_group.allow_tls.id
cidr_ipv4 = var.vpc_cidr
ip_protocol = "tcp"
from_port = 0
to_port = 65535
description = "olh-${var.provision_id}-ingress-rule"
}
resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv4" {
security_group_id = aws_security_group.allow_tls.id
cidr_ipv4 = "0.0.0.0/0"
ip_protocol = "-1"
description = "olh-${var.provision_id}-egress-rule"
}

21
compose-install/main.tf
View File

@@ -1,10 +1,20 @@
data "azurerm_key_vault_secret" "compose-license" {
name = "compose-license"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "c4dw" {
name = "compose-datawarehouse-license"
key_vault_id = var.key_vault_id
}
data "azurerm_key_vault_secret" "cert-password" {
name = "star-qmi-qlikpoc-com-password"
key_vault_id = var.key_vault_id
}
locals {
cert_password = nonsensitive(data.azurerm_key_vault_secret.cert-password.value)
composeLicense = (var.c_version == "c4dw")? data.azurerm_key_vault_secret.c4dw.value : data.azurerm_key_vault_secret.compose-license.value
}
# Install and configure Compose
@@ -20,7 +30,7 @@ resource "null_resource" "install" {
https = false
timeout = "30m"
}
source = "${path.module}/main"
source = "${path.module}/scripts"
destination = "C:/provision/compose-install"
}
@@ -36,11 +46,10 @@ resource "null_resource" "install" {
}
inline = [
"powershell.exe -File C:/provision/compose-install/prep-files.ps1",
"powershell.exe -File C:/provision/compose-install/di-compose-getBinary.ps1 -url ${var.download_url}",
"powershell.exe -File C:/provision/compose-install/di-compose-install.ps1 -url ${var.download_url}",
"powershell.exe -File C:/provision/compose-install/di-compose-setlicense.ps1 -version ${var.c_version}",
"powershell.exe -File C:/provision/compose-install/di-compose-installQMICertificate.ps1 -CertPwd \"${local.cert_password}\" -version ${var.c_version}",
"powershell.exe -File C:/provision/compose-install/di-compose-install.ps1 -url ${var.download_url} -version ${var.c_version}",
"powershell.exe -File C:/provision/compose-install/di-compose-setlicense.ps1 -composeLicense \"${local.composeLicense}\" -version ${var.c_version}",
"powershell.exe -File C:/provision/compose-install/di-compose-installQMICertificate.ps1 -CertPwd ${data.azurerm_key_vault_secret.cert-password.value} -version ${var.c_version}",
]
}

30
compose-install/main/prep-files.ps1
View File

@@ -1,30 +0,0 @@
Param(
[string] $repo="qmi-cloud-tf-modules",
[string] $branch="master",
[string] $scenario="compose-install",
[string] $path="scripts"
)
$pathIs="$scenario/$path"
$DownloadUrl="https://gitlab.com/qmi/$repo/-/archive/$branch/$repo-$branch.zip?path=$pathIs"
Write-Host "--- Boostrap# Downloading repository files ($DownloadUrl) from branch ($branch)..."
New-Item -ItemType Directory -Force -Path C:\Temp | Out-Null
$ProgressPreference = 'SilentlyContinue'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
(New-Object System.Net.WebClient).DownloadFile($DownloadUrl, "C:\Temp\$scenario.zip")
Expand-Archive "C:\Temp\$scenario.zip" -DestinationPath "C:\Temp" -Force
New-Item -ItemType Directory -Force -Path C:\Provision | Out-Null
New-Item -ItemType Directory -Force -Path C:\Provision\compose-install | Out-Null
Copy-Item -Path "C:\Temp\$repo-$branch-$scenario-scripts\$scenario\$path\*" -Destination "C:\Provision\compose-install" -Recurse -Force
Remove-Item "C:\Temp\$repo-$branch-$scenario-scripts" -Recurse
Remove-Item "C:\Temp\$scenario.zip" -Recurse

7
compose-install/output.tf
View File

@@ -1,7 +0,0 @@
output "finished" {
value = true
depends_on = [
null_resource.install
]
}

17
compose-install/scripts/Compose_install.iss
View File

@@ -1,20 +1,25 @@
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder]
Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0
Count=5
Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0
Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0
Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0
Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0
Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcomeMaint-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-MessageBox-0]
Result=6
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0]
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0]
szDir=C:\Program Files\Qlik\Compose\
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0

25
compose-install/scripts/Compose_install_2021.2.0.iss
View File

@@ -1,25 +0,0 @@
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder]
Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0
Count=5
Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0
Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0
Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0
Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcomeMaint-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-MessageBox-0]
Result=6
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0]
szDir=C:\Program Files\Qlik\Compose\
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0]
Result=1

24
compose-install/scripts/Compose_install_c4dw.iss
View File

@@ -1,20 +1,20 @@
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder]
Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0
[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-DlgOrder]
Dlg0={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdWelcome-0
Count=5
Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0
Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0
Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0
Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0]
Dlg1={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdLicense2Rtf-0
Dlg2={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdAskDestPath-0
Dlg3={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdStartCopy-0
Dlg4={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdFinish-0
[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdWelcome-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0]
[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdLicense2Rtf-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0]
szDir=C:\Program Files\Qlik\Compose\
[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdAskDestPath-0]
szDir=C:\Program Files\Attunity\Compose for Data Warehouses\
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0]
[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdStartCopy-0]
Result=1
[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0

21
compose-install/scripts/compose-license.txt
View File

@@ -1,21 +0,0 @@
{
"$type": "ComposeLicense",
"product": "QlikCompose",
"issued_to": "Qlik Internal",
"issued_by": "Attunity US",
"license_type": "EVALUATION",
"serial_no": "85011700",
"expiration_date": "2025-12-31",
"hosts": "",
"product_version": "2024.12",
"notes": "",
"host_role": "",
"source_db_types": "",
"dwh_type": "*",
"dl_type": "*",
"number_of_dms": "0",
"number_of_developers": "0",
"managed_dwh_size": "0",
"issue_time": "12/18/2024 8:31:25 PM",
"signature": "bMVg+X1Saxvcux5I96eU+oHndPWHv4E1QzxYwgo/cGpfVltneqGgBrVPmjotMGxp705aj29jGQLHNSx/0bBlwJd9DcfLAKaS/mH9mfph50KWRV1+ZLgPVQmmDHv/vFYLoIQLoyV2RqhMGN2rbVEXrQLzXRa+FWQEbulVa05Uvog="
}

37
compose-install/scripts/di-compose-install.ps1
View File

@@ -9,36 +9,25 @@ Intent: Install the selected version of Attunity Replicate
#>
Param(
[string] $url
[string] $url,
[string] $version = "gen2"
)
Import-Module $PSScriptRoot\q-helper.psm1 | Out-Null
$fileName = $url.Substring($url.LastIndexOf("/") + 1)
Write-Host "--- Starting di-compose-install.ps1"
$bin = "$PSScriptRoot\binaries\Attunity"
Write-Host "Binary Path $($bin)"
Write-Host "Starting di-c4dw-install.ps1"
$issFile = "Compose_install.iss"
if ( $url -Match "2021.2" ) {
$issFile="Compose_install_2021.2.0.iss"
if ( $version -eq "c4dw" ) {
$issFile = "Compose_install_c4dw.iss"
}
if ( $url -Match "Attunity_Compose_for_Data_Warehouses" ) {
$issFile="Compose_install_c4dw.iss"
}
Write-Host "Using ISS file: $issFile"
Write-Host $bin\$fileName
if (Test-Path "$($bin)\Compose_silent_x64_install.log") {
Remove-Item -Path "$($bin)\Compose_silent_x64_install.log" -Force
}
If ((Test-Path $bin\$fileName))
{
Write-Host "Installing Attunity Compose from $($bin)\$($fileName)"
@@ -46,22 +35,20 @@ If ((Test-Path $bin\$fileName))
$fileNoExtension = [IO.Path]::GetFileNameWithoutExtension("$bin\$fileName")
Expand-Archive $bin\$fileName -DestinationPath $bin\$fileNoExtension -Force
Write-Host "Binary decompressed in folder $($bin)\$($fileNoExtension)"
#Write-Host "Binary decompressed in folder $($bin)\$($fileNoExtension)"
$exec = Get-ChildItem $bin\$fileNoExtension\*.exe | Select-Object -ExpandProperty Name
#Write-Host "Exec: $($exec)"
$silentInstall = "$($bin)\$($fileNoExtension)\$($exec) /s /f1$($PSScriptRoot)\$($issFile) /f2$($bin)\Compose_silent_x64_install.log"
$C4DWInstall = "$($bin)\$($fileNoExtension)\$($exec) /s /f1$($PSScriptRoot)\$($issFile) /f2$($bin)\Compose_silent_x64_install.log"
Start-Sleep 5
Write-Host "Run Compose silent installation : $($silentInstall)"
Invoke-Expression $silentInstall
Write-Host "Run Compose silent installation : $($C4DWInstall)"
Invoke-Expression $C4DWInstall
while (!(Test-Path "$($bin)\Compose_silent_x64_install.log")) {
Write-Host "[Waiting Compose to be installed] ..."
Start-Sleep 4
Start-Sleep 2
}
$resultLogs = Get-IniFile "$($bin)\Compose_silent_x64_install.log"
$testResult = $resultLogs.ResponseResult.ResultCode
$C4DWResults = Get-IniFile "$($bin)\Compose_silent_x64_install.log"
$testResult = $C4DWResults.ResponseResult.ResultCode
Write-Host "Installation return code : $($testResult)"
}

19
compose-install/scripts/di-compose-installQMICertificate.ps1
View File

@@ -6,28 +6,23 @@ Param(
try {
Write-Host "Install qmi_qlik-poc_com certificate on Windows"
$ProgressPreference = 'SilentlyContinue'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
(New-Object System.Net.WebClient).DownloadFile("https://gitlab.com/qmi/qmi-cloud-tf-modules/-/raw/master/qmicerts/wildcard_qmi_qlik-poc_com.pfx", "$PSScriptRoot\wildcard_qmi_qlik-poc_com.pfx")
$secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
$sslCert = Import-PfxCertificate -FilePath $PSScriptRoot/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
$thumb=$($sslCert.Thumbprint)
Write-Host "Set SSL qmi_qlik-poc_com for Compose"
if ( $version -eq "c4dw" ) {
Stop-Service AttunityComposeForDataWarehouses
Start-Process -FilePath "C:\Program Files\Attunity\Compose for Data Warehouses\bin\ComposeCtl.exe" -ArgumentList "certificate clean" -Wait -NoNewWindow
netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'
Start-Service AttunityComposeForDataWarehouses
} else {
if ( $version -eq "gen2" ) {
Stop-Service QlikCompose
Start-Process -FilePath "C:\Program Files\Qlik\Compose\bin\ComposeCtl.exe" -ArgumentList "certificate clean" -Wait -NoNewWindow
netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'
Start-Service QlikCompose
} else {
Stop-Service AttunityComposeForDataWarehouses
Start-Process -FilePath "C:\Program Files\Attunity\Compose for Data Warehouses\bin\ComposeCtl.exe" -ArgumentList "certificate clean" -Wait -NoNewWindow
netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'
Start-Service AttunityComposeForDataWarehouses
}

23
compose-install/scripts/di-compose-setlicense.ps1
View File

@@ -9,10 +9,14 @@ Intent: Setting the DBs
#>
Param(
[string] $composeLicense,
[string] $version = 'gen2'
)
Write-Host "--- Setting Compose License"
Write-Host "ComposeLicenseJSON"
Write-Host $composeLicense
Set-Content $PSScriptRoot\compose-license.txt $composeLicense
# TODO set license
$bin = "C:\Program Files\Qlik\Compose\bin\"
@@ -21,22 +25,11 @@ if ( $version -eq "c4dw" ) {
}
$bin = $bin -replace ' ','` '
$cmd = "$($bin)ComposeCli.exe connect"
Write-Host "--- Connect to Compose: $($cmd)"
Write-Host "Connect to Compose"
$cmd = "$($bin)ComposeCli.exe connect"
Invoke-Expression $cmd
Start-Sleep 5
if ( $version -eq "2022.2.0" -or $version -eq "c4dw") {
# Old way
$cmd = "$($bin)ComposeCli.exe register_license --req @$PSScriptRoot\compose-license.txt"
} else {
# New way
$cmd = "$($bin)ComposeCli.exe register_license --infile $PSScriptRoot\compose-license.txt"
}
Write-Host "Apply Compose License: $($cmd)"
Write-Host "Apply Compose License"
$cmd = "$($bin)ComposeCli.exe register_license --req @$PSScriptRoot\compose-license.txt"
Invoke-Expression $cmd
Start-Sleep 5

BIN
compose-install/scripts/wildcard_qmi_qlik-poc_com.pfx Normal file
View File

Binary file not shown.

7
compose-install/variables.tf
View File

@@ -11,8 +11,7 @@ variable "vm_admin_password" {
}
variable "download_url" {
//default = "https://da3hntz84uekx.cloudfront.net/QlikCompose/2021.8.0/139/_MSI/Qlik_Compose_2021.8.0.139.zip"
default = "https://github.com/qlik-download/compose/releases/download/v2021.8.0.465/Qlik_Compose_2021.8.0.465.zip"
default = "https://da3hntz84uekx.cloudfront.net/QlikReplicate/7.0.0/5/_MSI/AttunityReplicate_7.0.0.514_X64.zip"
}
variable "key_vault_id" {
@@ -22,8 +21,4 @@ variable "key_vault_id" {
variable "c_version" {
default = "gen2"
description = "'c4dw' or 'gen2'"
}
variable "trigger_done" {
default = null
}

BIN
databases/.DS_Store vendored
View File

Binary file not shown.

148
databases/aws-emr/main.tf
View File

@@ -1,148 +0,0 @@
terraform {
required_version = ">= 1.1"
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
version = "~> 3.0"
bucket_prefix = "qmi-bucket-${var.provision_id}"
# Allow deletion of non-empty bucket
# Example usage only - not recommended for production
force_destroy = true
attach_deny_insecure_transport_policy = true
attach_require_latest_tls_policy = true
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
server_side_encryption_configuration = {
rule = {
apply_server_side_encryption_by_default = {
sse_algorithm = "AES256"
}
}
}
tags = {
QMI_user = var.user_id
ProvID = var.provision_id
Name = "qmi-emr-${var.provision_id}"
Owner = var.user_id
}
}
module "emr" {
source = "terraform-aws-modules/emr/aws"
name = var.provision_id
release_label = "emr-6.11.0"
applications = ["spark", "hadoop", "hive", "hue"]
auto_termination_policy = {
idle_timeout = 3600
}
bootstrap_action = {
example = {
name = "Just an example",
path = "file:/bin/echo",
args = ["Hello World!"]
}
}
configurations_json = jsonencode([
{
"classification" : "spark-env",
"configurations" : [
{
"classification" : "export",
"properties" : {
"JAVA_HOME" : "/usr/lib/jvm/java-1.8.0"
}
}
],
"properties" : {}
},
{
"classification": "hive-site",
"properties": {
"hive.support.concurrency": "true",
"hive.exec.dynamic.partition.mode": "nonstrict",
"hive.txn.manager": "org.apache.hadoop.hive.ql.lockmgr.DbTxnManager"
}
}
])
master_instance_group = {
name = "master-group"
instance_count = 1
instance_type = "m5.xlarge"
}
core_instance_group = {
name = "core-group"
instance_count = 1
instance_type = "c4.large"
}
task_instance_group = {
name = "task-group"
instance_count = 1
instance_type = "c5.xlarge"
bid_price = "0.1"
ebs_config = {
size = 64
type = "gp3"
volumes_per_instance = 1
}
ebs_optimized = true
}
ebs_root_volume_size = 64
ec2_attributes = {
# Instance groups only support one Subnet/AZ
# Subnets should be private subnets and tagged with
# { "for-use-with-amazon-emr-managed-policies" = true }
subnet_id = var.subnet_ids_us[0]
}
vpc_id = var.vpc_id_us
list_steps_states = ["PENDING", "RUNNING", "CANCEL_PENDING", "CANCELLED", "FAILED", "INTERRUPTED", "COMPLETED"]
log_uri = "s3://${module.s3_bucket.s3_bucket_id}/"
scale_down_behavior = "TERMINATE_AT_TASK_COMPLETION"
step_concurrency_level = 3
termination_protection = false
visible_to_all_users = true
is_private_cluster = false
#create_service_iam_role = false
#service_iam_role_arn = "arn:aws:iam::192018133564:role/service-role/AmazonEMR-ServiceRole-20230622T122656"
#create_iam_instance_profile = false
#iam_instance_profile_name = "AmazonEMR-InstanceProfile-20230622T122640"
tags = {
Environment = "QMI-${var.provision_id}"
Deployment = "QMI-${var.provision_id}"
Terraform = "true"
Environment = "dev"
QMI_user = var.user_id
Owner = var.user_id
ProvID = var.provision_id
Name = "qmi-emr-${var.provision_id}"
}
}

15
databases/aws-emr/outputs.tf
View File

@@ -1,15 +0,0 @@
output "s3_bucket" {
value = module.qmi-s3-bucket.bucket.s3_bucket_id
}
output "s3_iam_name" {
value = module.qmi-s3-bucket.iam_name
}
output "s3_iam_access_key" {
value = module.qmi-s3-bucket.iam_access_key
}
output "s3_iam_access_secret" {
value = module.qmi-s3-bucket.iam_access_secret
}

34
databases/aws-emr/variables.tf
View File

@@ -1,34 +0,0 @@
variable "region" {
default = "us-east-1"
}
variable "provision_id" {
}
variable "user_id" {
}
variable "vpc_id_ap" {
default = "vpc-22ee2844"
}
variable "vpc_id_eu" {
default = "vpc-73f0500a"
}
variable "vpc_id_us" {
default = "vpc-c079f5bd"
}
variable "subnet_ids_ap" {
default = ["subnet-658aec3c", "subnet-e030eba8", "subnet-94309bf2"]
}
variable "subnet_ids_eu" {
default = ["subnet-4d441b17", "subnet-95c22fde", "subnet-70938116"]
}
variable "subnet_ids_us" {
default = ["subnet-4d26552b", "subnet-0414685b", "subnet-c97f7c84", "subnet-7f695c71", "subnet-96acd2b7", "subnet-88ab2cb9"]
}

120
databases/aws-kinesis/main.tf
View File

@@ -1,120 +0,0 @@
terraform {
required_version = ">= 0.13"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.69.0"
}
}
}
locals {
myRegex = "/[^[:alpha:]]/"
splitLower = split(" ", lower(var.user_id))
np0 = replace(element(local.splitLower,0), local.myRegex, "")
np1 = replace(element(local.splitLower,1), local.myRegex, "")
container_n1 = substr(local.np0, 0, 3)
container_n2 = substr(local.np1, 0, 1)
container_n3 = substr(strrev(local.np1), 0, 1)
scnamelower = "${local.container_n1}${local.container_n2}${local.container_n3}"
tags = {
Deployment = "QMI-${var.provision_id}"
Environment = "QMI-${var.provision_id}"
"Cost Center" = "3100"
QMI_user = var.user_id
Owner = var.user_id
ProvID = var.provision_id
Name = "qmi-${var.provision_id}"
}
}
resource "aws_kinesis_stream" "attrep_apply_exceptions" {
name = "${local.scnamelower}.attrep_apply_exceptions"
shard_count = 1
/*stream_mode_details {
stream_mode = "PROVISIONED"
}*/
tags = local.tags
}
resource "aws_kinesis_stream" "semployees" {
name = "${local.scnamelower}.EMPLOYEES"
shard_count = 3
/*stream_mode_details {
stream_mode = "PROVISIONED"
}*/
tags = local.tags
}
resource "aws_kinesis_stream" "sjobs" {
name = "${local.scnamelower}.JOBS"
shard_count = 3
/*stream_mode_details {
stream_mode = "PROVISIONED"
}*/
tags = local.tags
}
resource "aws_kinesis_stream" "metadata" {
name = "${local.scnamelower}.metadata"
shard_count = 1
/*stream_mode_details {
stream_mode = "PROVISIONED"
}*/
tags = local.tags
}
module "iam_user" {
source = "terraform-aws-modules/iam/aws//modules/iam-user"
version = "~> 3.0"
name = "qmi-user-${var.provision_id}"
force_destroy = true
create_iam_user_login_profile = false
#pgp_key = "keybase:test"
password_reset_required = false
tags = local.tags
}
resource "aws_iam_user_policy" "kinesis_pol" {
name = "kinesis_policy_${module.iam_user.this_iam_user_name}"
user = module.iam_user.this_iam_user_name
# Terraform's "jsonencode" function converts a
# Terraform expression result to valid JSON syntax.
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "kinesis:*",
"Resource": "*"
}
]
})
}

27
databases/aws-kinesis/output.tf
View File

@@ -1,27 +0,0 @@
output "arn_metadata" {
value = aws_kinesis_stream.metadata.arn
}
output "arn_employees" {
value = aws_kinesis_stream.semployees.arn
}
output "arn_jobs" {
value = aws_kinesis_stream.sjobs.arn
}
output "arn_attrep_apply_exceptions" {
value = aws_kinesis_stream.attrep_apply_exceptions.arn
}
output "iam_name" {
value = module.iam_user.this_iam_user_name
}
output "iam_access_key" {
value = module.iam_user.this_iam_access_key_id
}
output "iam_access_secret" {
value = nonsensitive(module.iam_user.this_iam_access_key_secret)
}

10
databases/aws-kinesis/variables.tf
View File

@@ -1,10 +0,0 @@
variable "region" {
default = "us-east-1"
}
variable "provision_id" {
}
variable "user_id" {
}

240
databases/aws-rds/main.tf
View File

@@ -1,60 +1,98 @@
terraform {
required_version = ">= 0.14"
required_version = ">= 0.13"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.49.0"
}
}
}
resource "random_password" "password" {
length = 16
special = true
override_special = "_!"
upper = true
lower = true
min_numeric = 2
min_lower = 2
min_upper = 2
min_special = 2
provider "aws" {
region = var.region
access_key = var.aws_provider_access_key
secret_key = var.aws_provider_access_secret
alias = "myaws"
}
locals {
provid5 = substr(var.provision_id, 0, 5)
aurora = (var.engine == "aurora-mysql") ? true : (var.engine == "aurora-postgresql") ? true : false
vpc_id = (var.region == "eu-west-1") ? var.vpc_id_eu : (var.region == "us-east-1") ? var.vpc_id_us : var.vpc_id_ap
subnet_ids = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
port = (var.engine == "oracle-se2") ? "1521" : (var.engine == "postgres") ? "5432" : (var.engine == "aurora-postgresql") ? "5432" : (var.engine == "sqlserver-ex") ? "1433" : "3306"
name = (var.engine == "sqlserver-ex") ? null : (var.engine == "oracle-se2") ? "ora${local.provid5}" : "qmi${var.provision_id}"
license = (local.aurora == true) ? "general-public-license" : (var.engine == "mariadb") ? "general-public-license" : (var.engine == "postgres") ? "postgresql-license" : (var.engine == "mysql") ? "general-public-license" : "license-included"
port = var.port[var.engine]
engine_version = var.engine_version[var.engine]
major_engine_version = var.major_engine_version[var.engine]
family = var.family[var.engine]
license = (local.aurora == true) ? "general-public-license" : (var.engine == "mariadb") ? "general-public-license" : "license-included"
engine_version = (var.engine == "oracle-se2") ? "engine_version=19.0.0.0.ru-2021-04.rur-2021-04.r1" : (var.engine == "postgres") ? "13.3" : (var.engine == "mysql") ? "8.0.25" : (var.engine == "aurora-postgresql") ? "12.6" : (var.engine == "aurora-mysql") ? "5.7.mysql_aurora.2.10.0" : (var.engine == "sqlserver-ex") ? "15.00.4073.23.v1" : "10.5" #mariaDB
major_engine_version = (var.engine == "oracle-se2") ? "19.0" : (var.engine == "postgres") ? "13" : (var.engine == "mysql") ? "8.0" : (var.engine == "aurora-postgresql") ? "12" : (var.engine == "aurora-mysql") ? "5.7" : (var.engine == "sqlserver-ex") ? "15.00" : "10.5" #mariaDB
family = (var.engine == "oracle-se2") ? "oracle-se2-19" : (var.engine == "postgres") ? "postgres13" : (var.engine == "mysql") ? "mysql8.0" : (var.engine == "aurora-postgresql") ? "aurora-postgresql12" : (var.engine == "aurora-mysql") ? "aurora-mysql5.7" : (var.engine == "sqlserver-ex") ? "sqlserver-ex-15.0" : "mariadb10.5" #mariaDB
tags = {
Deployment = "QMI-${var.provision_id}"
Environment = "QMI-${var.provision_id}"
"Cost Center" = "3100"
QMI_user = var.user_id
ProvID = var.provision_id
Name = "qmi-${var.provision_id}"
Owner = var.user_id
}
is_postgres = length(regexall("postgres", local.family)) > 0 ? true : false
is_mysql = length(regexall("mysql", local.family)) > 0 ? true : false
}
module "security_group" {
# SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now.
source = "terraform-aws-modules/security-group/aws"
version = "~> 4.3"
providers = {
aws = aws.myaws
}
name = "${var.provision_id}-SG"
description = "${var.provision_id}-SG"
vpc_id = local.vpc_id
# ingress
ingress_cidr_blocks = ["52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32"]
ingress_with_cidr_blocks = [
{
from_port = local.port
to_port = local.port
protocol = "tcp"
description = "RDS"
},
]
# egress
egress_cidr_blocks = ["52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32"]
egress_with_cidr_blocks = [
{
from_port = local.port
to_port = local.port
protocol = "tcp"
description = "RDS"
},
]
tags = local.tags
}
module "common_rds_instance" {
source = "terraform-aws-modules/rds/aws"
version = "= 6.1.1"
version = "~> 3.3"
count = local.aurora? 0 : 1
count = local.aurora ? 0 : 1
providers = {
aws = aws.myaws
}
identifier = "${var.engine}${var.provision_id}"
@@ -64,172 +102,62 @@ module "common_rds_instance" {
major_engine_version = local.major_engine_version # DB option group
instance_class = var.instance_size
allocated_storage = var.storage
storage_encrypted = (var.engine == "sqlserver-ex")? false : true
license_model = local.license
db_name = local.name
name = local.name
username = "qmirdsuser"
password = random_password.password.result
manage_master_user_password = false
create_random_password = true
random_password_length = 12
port = local.port
multi_az = false
subnet_ids = local.subnet_ids
vpc_security_group_ids = [
aws_security_group.allow_tls.id,
aws_security_group.allow_tls_2.id
]
vpc_security_group_ids = [module.security_group.security_group_id]
publicly_accessible = true
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
backup_retention_period = 1
backup_retention_period = 0
skip_final_snapshot = true
deletion_protection = false
parameters = local.is_postgres? [
{
apply_method = "pending-reboot"
name = "rds.logical_replication"
value = 1
},
{
apply_method = "pending-reboot"
name = "max_wal_senders"
value = 10
},
{
apply_method = "pending-reboot"
name = "max_replication_slots"
value = 10
}
] : local.is_mysql? [{
name = "binlog_format"
value = "row"
}]: []
tags = local.tags
}
resource "aws_rds_cluster_parameter_group" "pg-postgres" {
count = var.engine == "aurora-postgresql"? 1 : 0
name = "rds-cluster-pg-${var.provision_id}"
family = "aurora-postgresql14"
description = "RDS aurora-postgresql14 cluster parameter group"
parameter {
apply_method = "pending-reboot"
name = "rds.logical_replication"
value = 1
}
parameter {
apply_method = "pending-reboot"
name = "max_wal_senders"
value = 10
}
parameter {
apply_method = "pending-reboot"
name = "max_replication_slots"
value = 10
}
}
resource "aws_rds_cluster_parameter_group" "pg-mysql" {
count = var.engine == "aurora-mysql"? 1 : 0
name = "rds-cluster-pg-${var.provision_id}"
family = "aurora-mysql8.0"
description = "RDS aurora-mysql8.0 cluster parameter group"
parameter {
apply_method = "pending-reboot"
name = "binlog_format"
value = "row"
}
}
module "aurora_rds_instance" {
depends_on = [
aws_rds_cluster_parameter_group.pg-postgres,
aws_rds_cluster_parameter_group.pg-mysql
]
source = "terraform-aws-modules/rds-aurora/aws"
version = "~> 8.3.1"
version = "~> 5.2"
count = local.aurora? 1 : 0
count = local.aurora ? 1 : 0
providers = {
aws = aws.myaws
}
name = local.name
engine = var.engine
engine_version = local.engine_version
instance_class = var.instance_size
database_name = local.name
instances = { 1 = {} }
autoscaling_enabled = true
autoscaling_min_capacity = 1
autoscaling_max_capacity = 3
instance_type = var.instance_size
vpc_id = local.vpc_id
subnets = local.subnet_ids
create_security_group = false
vpc_security_group_ids = [
aws_security_group.allow_tls.id,
aws_security_group.allow_tls_2.id
]
vpc_security_group_ids = [module.security_group.security_group_id]
port = local.port
publicly_accessible = true
master_username = "qmirdsuser"
manage_master_user_password = false
master_password = random_password.password.result
create_db_subnet_group = true
username = "qmirdsuser"
create_random_password = true
backup_retention_period = 1
backup_retention_period = 0
skip_final_snapshot = true
deletion_protection = false
tags = local.tags
db_cluster_parameter_group_name = "rds-cluster-pg-${var.provision_id}"
}
locals {
type = (var.engine == "mysql" || var.engine == "mariadb")? "mysql" : (var.engine == "postgres" || var.engine == "aurora-postgres")? "postgres" : (var.engine == "sqlserver-ex")? "mssql" : null
port4dummy = (local.aurora)? module.aurora_rds_instance[0].cluster_port : module.common_rds_instance[0].db_instance_port
host = (local.aurora)? "${module.aurora_rds_instance[0].cluster_endpoint}:${local.port4dummy}" : module.common_rds_instance[0].db_instance_endpoint
username = (local.aurora)? nonsensitive(module.aurora_rds_instance[0].cluster_master_username) : nonsensitive(module.common_rds_instance[0].db_instance_username)
password = nonsensitive(random_password.password.result)
database = (var.engine == "postgres" || var.engine == "aurora-postgres")? "postgres" : local.name
}
module "dummy-data" {
count = var.dummydata != null && local.type != null? 1 : 0
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/dummy"
type = local.type
host = local.host
username = local.username
password = local.password
database = local.database
}

24
databases/aws-rds/output.tf
View File

@@ -1,31 +1,21 @@
output "db_username" {
output "db_username" {
description = "The master username for the database"
value = (local.aurora)? nonsensitive(module.aurora_rds_instance[0].cluster_master_username) : nonsensitive(module.common_rds_instance[0].db_instance_username)
value = local.aurora ? module.aurora_rds_instance[0].rds_cluster_master_username : module.common_rds_instance[0].db_instance_username
sensitive = true
}
output "db_instance_password" {
description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)"
value = nonsensitive(random_password.password.result)
value = local.aurora ? module.aurora_rds_instance[0].rds_cluster_master_password : module.common_rds_instance[0].db_instance_password
sensitive = true
}
output "db_instance_port" {
description = "The database port"
value = (local.aurora)? module.aurora_rds_instance[0].cluster_port : module.common_rds_instance[0].db_instance_port
value = local.aurora ? module.aurora_rds_instance[0].rds_cluster_port : module.common_rds_instance[0].db_instance_port
}
output "db_instance_endpoint" {
description = "The connection endpoint"
value = (local.aurora)? module.aurora_rds_instance[0].cluster_endpoint : module.common_rds_instance[0].db_instance_endpoint
}
output "db_instance_id" {
value = (local.aurora)? null : "${var.engine}${var.provision_id}"
}
output "db_instance_name" {
value = local.name
}
output "dummy_data_databases_available" {
value = var.dummydata != null && local.type != null? module.dummy-data[0].dbs : null
value = local.aurora ? module.aurora_rds_instance[0].rds_cluster_instance_endpoint : module.common_rds_instance[0].db_instance_endpoint
}

69
databases/aws-rds/sec_groups.tf
View File

@@ -1,69 +0,0 @@
module "fw-ips" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
}
resource "aws_security_group" "allow_tls" {
name = "${var.provision_id}-SG"
description = "${var.provision_id}-SG"
vpc_id = local.vpc_id
tags = local.tags
}
resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {
for_each = toset(module.fw-ips.cidr_blocks)
security_group_id = aws_security_group.allow_tls.id
cidr_ipv4 = each.key
from_port = local.port
ip_protocol = "tcp"
to_port = local.port
description = "dbport"
}
resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv4" {
for_each = toset(module.fw-ips.cidr_blocks)
security_group_id = aws_security_group.allow_tls.id
cidr_ipv4 = each.key
from_port = local.port
ip_protocol = "tcp"
to_port = local.port
description = "dbport"
}
resource "aws_security_group" "allow_tls_2" {
name = "${var.provision_id}-SG2"
description = "${var.provision_id}-SG2"
vpc_id = local.vpc_id
tags = local.tags
}
resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4_2" {
for_each = toset(module.fw-ips.cidr_blocks_others)
security_group_id = aws_security_group.allow_tls_2.id
cidr_ipv4 = each.key
from_port = local.port
ip_protocol = "tcp"
to_port = local.port
description = "Others - dbport"
}
resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv_2" {
for_each = toset(module.fw-ips.cidr_blocks_others)
security_group_id = aws_security_group.allow_tls_2.id
cidr_ipv4 = each.key
from_port = local.port
ip_protocol = "tcp"
to_port = local.port
description = "Others - dbport"
}

92
databases/aws-rds/variables.tf
View File

@@ -1,3 +1,9 @@
variable "aws_provider_access_key" {
}
variable "aws_provider_access_secret" {
}
variable "region" {
default = "us-east-1"
}
@@ -38,79 +44,25 @@ variable "engine" {
description = "Accepted values are mysql, sqlserver-ex, postgres, oracle-se2, aurora-mysql, aurora-postgresql, mariadb"
}
variable "engine_version" {
default = "8.0.25"
description = "Not currently used"
}
variable "major_eng" {
default = "8.0"
description = "Not currently used"
}
variable "family" {
default = "mysql8.0"
description = "Not currently used"
}
variable "instance_size" {
default = "db.t3.large"
}
variable "storage" {
default = "100"
}
variable "engine_version" {
type = map
default = {
<<<<<<< HEAD
"mysql" = "8.0.32"
=======
"mysql" = "8.0.36"
>>>>>>> master
"postgres" = "14.12"
"oracle-se2" = "19.0.0.0.ru-2023-04.rur-2023-04.r1"
"sqlserver-ex" = "15.00.4236.7.v1"
"mariadb" = "10.5"
"aurora-mysql" = "8.0.mysql_aurora.3.02.3" #"5.7.mysql_aurora.2.11.2"
"aurora-postgresql" = "14.5"
}
}
variable "major_engine_version" {
type = map
default = {
"mysql" = "8.0"
"postgres" = "14"
"oracle-se2" = "19"
"sqlserver-ex" = "15.00"
"mariadb" = "10.5"
# for script compatibility only
"aurora-mysql" = "not_used"
"aurora-postgresql" = "not_used"
}
}
variable "family" {
type = map
default = {
"mysql" = "mysql8.0"
"postgres" = "postgres14"
"oracle-se2" = "oracle-se2-19"
"sqlserver-ex" = "sqlserver-ex-15.0"
"mariadb" = "mariadb10.5"
# for script compatibility only
"aurora-mysql" = "not_used"
"aurora-postgresql" = "not_used"
}
}
variable "port" {
type = map
default = {
"mysql" = "3306"
"postgres" = "5432"
"oracle-se2" = "1521"
"sqlserver-ex" = "1433"
"mariadb" = "3306"
"aurora-mysql" = "3306"
"aurora-postgresql" = "5432"
}
}
variable "dummydata" {
default = null
default = "20"
}

69
databases/aws-redshift/main.tf
View File

@@ -1,69 +0,0 @@
terraform {
required_version = ">= 0.14"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.0.0"
}
}
}
resource "random_password" "password" {
length = 16
special = true
override_special = "_!"
min_numeric = 1
upper = true
lower = true
numeric = true
min_lower = 2
min_upper = 2
min_special = 2
}
locals {
s3_prefix = "redshift/qmi-${var.provision_id}"
provid5 = substr(var.provision_id, 0, 5)
vpc_id = (var.region == "eu-west-1") ? var.vpc_id_eu : (var.region == "us-east-1") ? var.vpc_id_us : var.vpc_id_ap
subnet_ids = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
port = "5439"
tags = {
Deployment = "QMI-${var.provision_id}"
Environment = "QMI-${var.provision_id}"
"Cost Center" = "3100"
QMI_user = var.user_id
ProvID = var.provision_id
Name = "qmi-${var.provision_id}"
Owner = var.user_id
}
}
module "qmi-s3-bucket" {
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//s3-bucket"
provision_id = var.provision_id
user_id = var.user_id
}
resource "aws_redshift_cluster" "qmi" {
cluster_identifier = "qmi-${var.provision_id}"
database_name = var.cluster_database_name
master_username = var.cluster_master_username
master_password = random_password.password.result
node_type = "ra3.large"
cluster_type = "single-node"
skip_final_snapshot = true
vpc_security_group_ids = [aws_security_group.allow_tls.id, aws_security_group.allow_tls_2.id]
publicly_accessible = true
tags = local.tags
}

Some files were not shown because too many files have changed in this diff Show More