jprdonnelly/sense-conductor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Adding skel files

Browse Source
This commit is contained in:
Justin Donnelly
2020-10-05 20:19:13 +00:00
parent 7bdb10de71
commit c564e97e51
12 changed files with 940 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bt-autoscaler/terraform/roots/central/.terraform/plugins/selections.json Normal file
View File

@@ -0,0 +1,10 @@
{
"registry.terraform.io/hashicorp/google-beta": {
"hash": "h1:zsIZIszrwu9B9TGiUMGUF3QrpOT6OxGrTIJIo+b8Re0=",
"version": "3.41.0"
},
"registry.terraform.io/hashicorp/random": {
"hash": "h1:nFL6uiwsQFLiP8QCr35sPfWe9LpXI3/c7gP9tYnih+k=",
"version": "2.3.0"
}
}

62
bt-autoscaler/terraform/roots/central/main.tf Normal file
View File

@@ -0,0 +1,62 @@
terraform {
required_version = ">= 0.12"
}
provider "google-beta" {
credentials = file("esoteric-parsec-243510-a8f93bb5a906.json")
project = var.project_id
region = var.region
zone = var.zone
}
# Create random ID for VM suffix
resource "random_id" "vm_suffix" {
byte_length = 2
}
resource "google_compute_instance" "default" {
provider = google-beta
name = "central-${random_id.vm_suffix.hex}"
machine_type = var.vm_type
# min_cpu_platform = var.min_cpu
zone = var.zone
# hostname = "central-${random_id.vm_suffix.hex}"
# tags = ["foo", "bar"]
boot_disk {
initialize_params {
image = var.image
}
}
network_interface {
network = "default"
access_config {
network_tier = "STANDARD"
}
}
metadata = {
windows-startup-script-url = "bar"
}
# metadata_startup_script = "echo hi > /test.txt"
service_account {
scopes = ["userinfo-email", "compute-ro", "storage-ro"]
}
provisioner "file" {
source = "../scripts/bootstrap.ps1"
destination = "C:/"
}
provisioner "remote-exec" {
inline = [
"powershell.exe -ExecutionPolicy Bypass -File C:/bootstrap.ps1"
]
}
}

12
bt-autoscaler/terraform/roots/central/outputs.tf Normal file
View File

@@ -0,0 +1,12 @@
# Configure return values from google_sql_database_instance
# output "psql_ip_address" {
# value = google_sql_database_instance.qseow-psql.private_ip_address
# }
output "gce_external_ip" {
value = google_compute_instance.default.network_interface[0].access_config[0].nat_ip
}
output "gce_internal_ip" {
value = google_compute_instance.default.network_interface[0].network_ip
}

14
bt-autoscaler/terraform/roots/central/terraform.tfvars.json Normal file
View File

@@ -0,0 +1,14 @@
{
"project_id": "esoteric-parsec-243510",
"region": "europe-west1",
"zone": "europe-west1-d",
"private_network": "projects/esoteric-parsec-243510/global/networks/default",
"database_version": "POSTGRES_9_6",
"vm_type": "e2-highmem-4",
"min_cpu": "AMD Rome",
"image": "windows-server-2019-dc-v20200908",
"disk_type": "pd-ssd",
"availability_type": "REGIONAL",
"user_name": "qlikadmin",
"user_password": "Qlik1234!"
}

116
bt-autoscaler/terraform/roots/central/variables.tf Normal file
View File

@@ -0,0 +1,116 @@
variable "project_id" {
type = string
description = "The project ID to manage the Cloud SQL resources"
}
variable "database_version" {
description = "The database version to use"
type = string
}
variable "region" {
type = string
description = "GCP Region"
default = "us-central1"
}
variable "tier" {
description = "The tier for the master instance."
type = string
default = "db-f1-micro"
}
variable "zone" {
type = string
description = "Zone target"
}
variable "disk_type" {
description = "GCE Boot/Attached Disk Type"
type = string
default = "pd-ssd"
}
variable "min_cpu" {
description = "GCE Minimum CPU Family"
type = string
default = "AMD Rome "
}
variable "image" {
description = "Path to GCE Image Type"
type = string
default = "windows-2019/windows-server-2019-dc-v20200908"
}
variable "vm_type" {
description = "The GCE machine type"
type = string
default = "n2d-highmem-8"
}
variable "availability_type" {
description = "The availability type for the master instance.This is only used to set up high availability for the PostgreSQL instance. Can be either `ZONAL` or `REGIONAL`."
type = string
default = "REGIONAL"
}
variable "backup_configuration" {
description = "The backup_configuration settings subblock for the database setings"
type = object({
enabled = bool
start_time = string
location = string
})
default = {
enabled = false
start_time = null
location = null
}
}
# variable "authorized_networks_a" {
# description = "CIDR Block to add to network ACL"
# type = string
# default = "71.164.77.198/32"
# }
# variable "authorized_networks_b" {
# description = "CIDR Block to add to network ACL"
# type = string
# default = "127.0.0.1/32"
# }
# variable "authorized_networks_c" {
# description = "CIDR Block to add to network ACL"
# type = string
# default = "127.0.0.1/32"
# }
variable "private_network" {
description = "Full path to private network ID"
type = string
default = "projects/esoteric-parsec-243510/global/networks/private-network"
}
variable "user_name" {
description = "The name of the default user"
type = string
default = "default"
}
variable "user_password" {
description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable."
type = string
default = ""
}
variable "additional_users" {
description = "A list of users to be created in your cluster"
type = list(object({
name = string
password = string
}))
default = []
}

2
bt-autoscaler/terraform/roots/file/main.tf
View File

@@ -1,10 +1,10 @@
provider "google-beta" { provider "google-beta" {
credentials = file("esoteric-parsec-243510-a8f93bb5a906.json") credentials = file("esoteric-parsec-243510-a8f93bb5a906.json")
project = var.project_id project = var.project_id
region = var.region region = var.region
zone = var.zone zone = var.zone
} }
resource "google_filestore_instance" "bt-filestore" { resource "google_filestore_instance" "bt-filestore" {
provider = google-beta provider = google-beta
name = "qseow-files" name = "qseow-files"

1
bt-autoscaler/terraform/roots/psql/main.tf
View File

@@ -2,7 +2,6 @@
## ##
provider "google" { provider "google" {
version = "3.10.0"
credentials = file("esoteric-parsec-243510-a8f93bb5a906.json") credentials = file("esoteric-parsec-243510-a8f93bb5a906.json")
project = var.project_id project = var.project_id
region = var.region region = var.region

69
bt-autoscaler/terraform/roots/scripts/bootstrap.ps1 Normal file
View File

@@ -0,0 +1,69 @@
#!/usr/bin/env pwsh
#
## Intended to be executed in a GitOps pipeline on the new GCE resource by remmote-exec in TF
##
Enable-PSRemoting
winrm set 'winrm/config/client' '@{TrustedHosts="*"}'
if(!(Get-LocalUser -Name qservice -ErrorAction Ignore)) {
$password = ConvertTo-SecureString -String 'Qlik1234!' -AsPlainText -Force
New-LocalUser `
-Name 'qservice' `
-Password $password `
-PasswordNeverExpires `
-UserMayNotChangePassword
}
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
New-Item -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation -Name AllowFreshCredentialsWhenNTLMOnly -Force
New-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowFreshCredentialsWhenNTLMOnly -Name 1 -Value * -PropertyType String
# if ($env:computername -ne 'central') {
# exit 0
# }
# Get-WmiObject -Class Win32_Volume -Filter "DriveType=5" | Set-WmiInstance -Arguments @{DriveLetter="Z:"}
Get-Disk |
Where-Object partitionstyle -eq 'raw' |
Initialize-Disk -PartitionStyle GPT -PassThru |
New-Partition -DriveLetter E -UseMaximumSize |
Format-Volume -FileSystem NTFS -NewFileSystemLabel 'Data' -Confirm:$false
if (! (Test-Path E:\)) {
Write-Error "Drive not found"
exit 1
}
$deploy_path = "E:\deploy"
if (-Not (Test-Path $deploy_path)) {
New-Item -ItemType Directory -Path $deploy_path
New-Item -ItemType Directory -Path $deploy_path\binaries
New-Item -ItemType Directory -Path $deploy_path\modules
New-Item -ItemType Directory -Path $deploy_path\modules\tf
New-Item -ItemType Directory -Path $deploy_path\modules\ps
}
# Update these gcloud commands to be vars, allows portability
#
# CLOUDCLI_UPDATE
# OBJCLI_COPY
gcloud components update -Force
gsutil cp gs://qliksense/Qlik_Sense* $deploy_path\binaries\
gsutil cp gs://qliksense/ps/ $deploy_path\
# Push-Location $deploy_path\modules\ps
Get-PackageProvider -Name NuGet -ForceBootstrap
# Below will also download and save the QlikResources requirements modules
Save-Module -Path $deploy_path/modules/ps/ -Name QlikResources -RequiredVersion 1.9.2
# Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
# choco install git --no-progress
# Import-Module "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1"
# Update-SessionEnvironment
# git clone https://gitlab+deploy-token-52544:YH-1SVsTrNmzj7AXz7oh@gitlab.com/ahaydon/cityclarity-psm.git ./CitiClarity
# Pop-Location
Exit 0

518
bt-autoscaler/terraform/roots/scripts/config.ps1 Normal file
View File

@@ -0,0 +1,518 @@
Configuration SenseSetup {
# Load required modules
Import-DscResource -ModuleName PSDesiredStateConfiguration, QlikResources, xSmbShare, CitiClarity
# Configuration for all nodes
Node $AllNodes.NodeName {
LocalConfigurationManager
{
CertificateId = Get-PfxCertificate $Node.CertificateFile
ConfigurationMode = 'ApplyOnly'
RebootNodeIfNeeded = $false
}
# Ensure service account is in local Administrators group prior to install of Sense
$ServiceUsername = $Node.ServiceAccount.UserName
Script AdministratorsGroup {
TestScript = {
$IsMember = (Get-LocalGroupMember -Name Administrators).Name -contains $using:ServiceUsername
if (Test-Path "$env:ProgramFiles\Qlik\Sense") {
return (-Not $IsMember)
} else {
return $IsMember
}
}
SetScript = {
if (Test-Path "$env:ProgramFiles\Qlik\Sense") {
Remove-LocalGroupMember `
-Name 'Administrators' `
-Member $using:ServiceUsername
} else {
Add-LocalGroupMember `
-Name 'Administrators' `
-Member $using:ServiceUsername
}
}
GetScript = {
@{ Result = (Get-LocalGroupMember -Name Administrators) }
}
}
# Ensure 'High performance' power profile is active
Windows PowerPolicy {
PowerScheme = '8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
}
# Ensure pagefile size is set to 3GB for initial and max settings
PageFile Local {
InitialSize = 3072
MaximumSize = 3072
}
if ($Node.ProxyCert) {
CertificateImport Proxy {
Username = $Node.Node.ServiceAccount.Username
Permission = 'ReadAndExecute'
StoreLocation = 'LocalMachine\My'
FilePath = $Node.ProxyCert
Password = $CertificatePassword
}
}
}
Node $AllNodes.Where{$_.Role -eq 'Scheduler'}.Nodename {
$CentralNode = $AllNodes.Where{$_.Role -eq 'Central'}.NodeName
# Skip kerberos if the installer doesn't exist
if (Test-Path "\\$CentralNode\Clarity\Install\kfw-4.1-amd64.msi") {
Package Kerberos {
Name = 'MIT Kerberos for Windows (64-bit) 4.1.0'
Path = "\\$CentralNode\Clarity\Install\kfw-4.1-amd64.msi"
ProductId = '{AF6E168F-F6FE-4728-8F6E-E3E68F5C1FD3}'
Credential = $Node.ServiceAccount
Ensure = 'Present'
}
File krb5.ini {
SourcePath = "\\$CentralNode\Clarity\Install\krb5.ini"
DestinationPath = "$env:PROGRAMDATA\MIT\Kerberos5\krb5.ini"
Type = 'File'
Checksum = 'SHA-1'
Ensure = 'Present'
Credential = $Node.ServiceAccount
DependsOn = '[Package]Kerberos'
}
File keytab {
SourcePath = "\\$CentralNode\Clarity\Install\all_keytabs_prod"
DestinationPath = "D:\all_keytabs_prod"
Type = 'Directory'
Checksum = 'SHA-1'
MatchSource = $true
Ensure = 'Present'
Credential = $Node.ServiceAccount
DependsOn = '[Package]Kerberos'
}
}
# Skip Cloudera if installer doesn't exist
if (Test-Path "\\$CentralNode\Clarity\Install\ClouderaImpalaODBC64.msi") {
Package Cloudera {
Name = 'Cloudera ODBC Driver for Impala'
Path = "\\$CentralNode\Clarity\Install\ClouderaImpalaODBC64.msi"
ProductId = '{111ADFD9-99CC-4695-8F48-44A5B397249D}'
Credential = $Node.ServiceAccount
Ensure = 'Present'
}
# Create ODBC DSN for Cloudera
OdbcDsn Cloudera {
DsnName = 'Impala PROD'
DsnType = 'System'
DriverName = 'Cloudera ODBC Driver for Impala'
Platform = '64-Bit'
Attribute = @{
AllowHostNameCNMismatch = "0"
AllowSelfSignedServerCert = "0"
AsyncExecPollInterval = "10"
AuthMech = "1"
AutoReconnect = "1"
CurrentSchemaRestrictedMetadata = "0"
DefaultKeytabFile = "D:\all_keytabs_prod\pbgxsprd_dsccr001d01i1p.eur.nsroot.net.keytab"
DelegateKrbCreds = "0"
DelegationUID = ""
DESCRIPTION = ""
EnableSimulatedTransactions = "0"
Host = "dsccr001d01i1p.eur.nsroot.net"
KrbFQDN = "dsccr001d01i1p.eur.nsroot.net"
KrbRealm = "EURUXPROD.DYN.NSROOT.NET"
KrbServiceName = "impala"
Port = "21050"
RowsFetchedPerBlock = "10000"
Schema = ""
ServicePrincipalCanonicalization = "0"
SocketTimeout = "30"
SSL = "0"
StringColumnLength = "32767"
TrustedCerts = "C:\Program Files\Cloudera ODBC Driver for Impala\lib\cacerts.pem"
TSaslTransportBufSize = "1000000"
UID = "pbgxsprd/dsccr001d01i1p.eur.nsroot.net"
UPNKeytabMappingFile = ""
UseKeytab = "1"
UseNativeQuery = "0"
UseOnlySSPI = "0"
UseSASL = "1"
UseSQLUnicodeTypes = "0"
UseSystemTrustStore = "0"
LCaseSspKeyName = ""
CheckCertRevocation = "1"
}
DependsOn = '[Package]Cloudera'
}
}
}
# Configuration for Central node only
Node $AllNodes.Where{$_.Role -eq 'Central'}.NodeName {
NTFSAccess QlikProgramData {
Path = "$env:ProgramData\Qlik"
Permission = 'FullControl'
Username = $Node.ServiceAccount.Username
}
File QlikClusterRoot
{
Type = 'Directory'
DestinationPath = $ClusterLocalPath
Ensure = 'Present'
}
NTFSAccess QlikClusterRoot {
Path = $ClusterLocalPath
Permission = 'FullControl'
Username = $Node.ServiceAccount.Username
}
$ConfigurationData.NonNodeData.Shares.Cluster.Full.ForEach{
NTFSAccess "QlikClusterRoot-$($_)" {
Path = $ClusterLocalPath
Permission = 'FullControl'
Username = $_
}
}
xSmbShare QlikClusterShare
{
Path = $ClusterLocalPath
Name = 'Clarity'
FullAccess = @($ConfigurationData.NonNodeData.Shares.Cluster.Full |?{$_}) +
$Node.ServiceAccount.GetNetworkCredential().UserName
Ensure = 'Present'
DependsOn = '[File]QlikClusterRoot'
}
# Install Sense as a Central node
QlikPackage Central
{
Name = $ConfigurationData.NonNodeData.Sense.ReleaseName
Setup = "$ClusterLocalPath\Install\Qlik_Sense_setup.exe"
Patch = "$(if(Test-Path "$ClusterLocalPath\Install\Qlik_Sense_update.exe"){"$ClusterLocalPath\Install\Qlik_Sense_update.exe"})"
ServiceCredential = $Node.ServiceAccount
RootDir = "\\$($Node.Hostname)\Clarity"
DbSuperUserPassword = $DbRepoUser
DbCredential = $DbRepoUser
CreateCluster = $true
InstallLocalDb = $true
ConfigureDbListener = $true
Hostname = $Node.Hostname
ConfigureLogging = $true
SetupLocalLoggingDb = $true
QLogsWriterPassword = $DbRepoUser
QLogsReaderPassword = $DbRepoUser
QLogsHostname = $Node.Hostname
QLogsPort = 4432
Ensure = 'Present'
PsDscRunasCredential = $Node.AdminAccount
DependsOn = '[NTFSAccess]QlikProgramData', '[xSmbShare]QlikClusterShare'
}
# Ensure QRD service is set for manual startup
# and is running as Sense service account
xService QRD {
Name = 'QlikSenseRepositoryDatabase'
StartupType = 'Manual'
State = 'Running'
Credential = $Node.ServiceAccount
DependsOn = '[QlikPackage]Central'
}
xService QRS {
Name = 'QlikSenseRepositoryService'
StartupType = 'Manual'
State = 'Running'
DependsOn = '[xService]QRD'
}
QlikConnect SenseCentral
{
Computername = $Node.Hostname
Username = $Node.AdminAccount.UserName
TrustAllCerts = $true
RetryDelay = 15
MaxRetries = 40
PsDscRunasCredential = $Node.AdminAccount
DependsOn = '[xService]QRS'
}
QlikLicense SiteLicense
{
Serial = $ConfigurationData.NonNodeData.Sense.License.Serial
Control = $ConfigurationData.NonNodeData.Sense.License.Control
Name = $ConfigurationData.NonNodeData.Sense.License.Name
Organization = $ConfigurationData.NonNodeData.Sense.License.Organization
Lef = $ConfigurationData.NonNodeData.Sense.License.Lef
Ensure = "Present"
PsDscRunasCredential = $Node.AdminAccount
DependsOn = "[QlikConnect]SenseCentral"
}
# Ensure accounts listed in the environment data file are RootAdmin
$ConfigurationData.NonNodeData.Sense.RootAdmin.foreach{
QlikUser $_ {
UserId = $_.Substring($_.IndexOf('\') + 1)
UserDirectory = $_.Substring(0, $_.IndexOf('\'))
Roles = 'RootAdmin'
Ensure = 'Present'
PsDscRunasCredential = $Node.AdminAccount
DependsOn = '[QlikLicense]SiteLicense'
}
}
SenseCertificate Windows {
MachineName = $Node.NodeName
Password = $certPassword
IncludeSecretKey = $true
ExportFormat = 'Windows'
PsDscRunasCredential = $Node.AdminAccount
DependsOn = '[QlikLicense]SiteLicense'
}
SenseCertificate Pem {
MachineName = $Node.NodeName
Password = $certPassword
IncludeSecretKey = $true
ExportFormat = 'Pem'
PsDscRunasCredential = $Node.AdminAccount
DependsOn = '[QlikLicense]SiteLicense'
}
# Copy Sense server certificate to PostgreSQL directory
File Postgres_cert {
SourcePath = "$env:PROGRAMDATA\Qlik\Sense\Repository\Exported Certificates\.Local Certificates\server.pem"
DestinationPath = "$env:PROGRAMDATA\Qlik\Sense\Repository\PostgreSQL\9.6\server.pem"
Type = 'File'
Ensure = 'Present'
DependsOn = '[xService]QRS'
}
# Copy Sense server key to PostgreSQL directory
File Postgres_key {
SourcePath = "$env:PROGRAMDATA\Qlik\Sense\Repository\Exported Certificates\.Local Certificates\server_key.pem"
DestinationPath = "$env:PROGRAMDATA\Qlik\Sense\Repository\PostgreSQL\9.6\server_key.pem"
Type = 'File'
Ensure = 'Present'
DependsOn = '[xService]QRS'
}
# Ensure SSL settings are configured in postgresql.conf
# and max connections is set to node count * 100
# Ensure Postgres access control is configured for SSL only
Postgres Local {
SSL = $true
SSLCiphers = 'DEFAULT:!LOW:!EXP:!eNULL:!aNULL:!MD5:!RC2:!RC4:!DES:@STRENGTH'
CertFile = 'server.pem'
KeyFile = 'server_key.pem'
MaxConnections = $AllNodes.Count * 100
HostAccess = @(
'hostssl all all all md5',
'host all all all md5'
)
IdleTransactionTimeout = '5min'
Credential = $DbSuperUser
DependsOn = '[File]Postgres_cert', '[File]Postgres_key'
}
}
# Configuration for Rim nodes only (not Central)
Node $AllNodes.Where{$_.Role -ne 'Central'}.NodeName {
$CentralNode = $AllNodes.Where{$_.Role -eq 'Central'}.Hostname
# Copy setup file to local disk
File SenseSetup {
SourcePath = "\\$CentralNode\Clarity\Install\Qlik_Sense_setup.exe"
DestinationPath = "C:\Install\Qlik_Sense_setup.exe"
Type = 'File'
Checksum = 'SHA-1'
Ensure = 'Present'
Credential = $Node.ServiceAccount
}
# If patch file exists copy it to local disk
if (Test-Path "$ClusterLocalPath\Install\Qlik_Sense_update.exe") {
$SenseUpdate = "C:\Install\Qlik_Sense_update.exe"
File SenseUpdate {
SourcePath = "\\$CentralNode\Clarity\Install\Qlik_Sense_update.exe"
DestinationPath = $SenseUpdate
Type = 'File'
Checksum = 'SHA-1'
Ensure = 'Present'
Credential = $Node.ServiceAccount
}
}
# Pause execution if central node is not ready
WaitForSense $CentralNode {
ComputerName = $CentralNode
RetryDelay = 60
MaxRetries = 30
SkipVerify = $true
PsDscRunasCredential = $Node.AdminAccount
}
# Install Qlik Sense as Rim node
# and join existing cluster (including registering with Central)
QlikRimNode $Node.NodeName {
SenseService = $Node.ServiceAccount
ProductName = $ConfigurationData.NonNodeData.Sense.ReleaseName
SetupPath = 'C:\Install\Qlik_Sense_setup.exe'
PatchPath = $SenseUpdate
Hostname = $Node.Hostname
Name = $Node.Name
CentralNode = $CentralNode
DbCredential = $DbRepoUser
Engine = ($Node.Role -match 'Engine' -or $Node.Role -eq 'Scheduler')
Printing = ($Node.Role -match 'Engine')
Proxy = ($Node.Role -match 'Proxy')
Scheduler = ($Node.Role -eq 'Scheduler')
ManageServices = $false
ManageFirewall = $false
PsDscRunasCredential = $Node.AdminAccount
DependsOn = @("[WaitForSense]$CentralNode", '[File]SenseSetup') + $(if($SenseUpdate){'[File]SenseUpdate'})
}
}
# Configuration for all nodes
Node $AllNodes.NodeName {
# Ensure Sense program data is shared as Sense
# with access levels defined in environment data file
xSmbShare Sense {
Path = "$env:ProgramData\Qlik\Sense"
Name = 'Sense'
FullAccess = @($ConfigurationData.NonNodeData.Shares.Sense.Full |?{$_}) +
$Node.ServiceAccount.GetNetworkCredential().UserName
ReadAccess = $ConfigurationData.NonNodeData.Shares.Sense.Read
Ensure = 'Present'
DependsOn = if($Node.Role -eq 'Central'){'[Postgres]Local'}else{"[QlikRimNode]$($Node.Nodename)"}
}
Group SenseServiceUsers {
GroupName = 'Qlik Sense Service Users'
MembersToInclude = $Node.ServiceAccount.UserName
PsDscRunAsCredential = $Node.AdminAccount
DependsOn = '[xSmbShare]Sense'
}
Group PerfMonUsers {
GroupName = 'Performance Monitor Users'
MembersToInclude = $Node.ServiceAccount.UserName
PsDscRunAsCredential = $Node.AdminAccount
DependsOn = '[xSmbShare]Sense'
}
# Delete the examples directory as required by security audit
File Examples {
DestinationPath = 'C:\ProgramData\Qlik\Examples'
Type = 'Directory'
Ensure = 'Absent'
Force = $true
Credential = $Node.ServiceAccount
DependsOn = '[xSmbShare]Sense'
}
# Remove HTTP server header for DotNot web servers (Sense Proxy)
HTTP Server {
DisableServerHeader = 2
DependsOn = '[xSmbShare]Sense'
}
# Ensure all Sense services are configured for manual startup
@(
'QlikSenseEngineService',
'QlikSensePrintingService',
'QlikSenseProxyService',
'QlikSenseRepositoryService',
'QlikSenseSchedulerService',
'QlikSenseServiceDispatcher'
).ForEach{
xService $_ {
Name = $_
StartupType = 'Manual'
State = 'Running'
DependsOn = '[Group]SenseServiceUsers', '[Group]PerfMonUsers'
}
}
# Ensure Qlik logging service is stopped and disabled
xService QlikLogging {
Name = 'QlikLoggingService'
StartupType = 'Disabled'
State = 'Stopped'
DependsOn = '[xService]QlikSenseRepositoryService'
}
# Wait for Sense services to be ready by checking service status on central node
WaitForSense Repository {
ComputerName = $AllNodes.Where{$_.Role -eq 'Central'}.Hostname
Node = $Node.Hostname
MaxRetries = 20
RetryDelay = 30
PsDscRunasCredential = $Node.AdminAccount
DependsOn = '[xService]QlikSenseRepositoryService'
}
if($Node.ProxyCert) {
$Thumbprint = (Get-PfxData -FilePath $Node.ProxyCert).EndEntityCertificates.ThumbPrint
}
# Ensure SSL certificate thumbprint is configured for Proxy service
QlikProxy Local {
Node = $Node.Hostname
SslBrowserCertificateThumbprint = $Thumbprint
PsDscRunAsCredential = $Node.AdminAccount
DependsOn = '[WaitForSense]Repository'
}
# Ensure default virtual proxies are configured to load balance to engine nodes
# and host names defined in environment data file are in whitelist
QlikVirtualProxy Default {
Description = "$($Node.Name) Proxy (Default)"
Prefix = '/'
SessionCookieHeaderName = 'X-Qlik-Session'
LoadBalancingServerNodes = "engineEnabled eq true and schedulerEnabled eq false"
WebSocketCrossOriginWhitelist = $ConfigurationData.NonNodeData.Sense.HostWhitelist
AdditionalResponseHeaders = @"
X-XSS-Protection: 1
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Strict-Transport-Security: max-age=86400; includeSubDomains
X-Content-Type-Options: nosniff
"@
Ensure = 'Present'
PsDscRunasCredential = $Node.AdminAccount
DependsOn = '[WaitForSense]Repository'
}
# Ensure QRS connection string is configured for SSL
# and is set to use TLS 1.2 only
SenseRepository Postgres {
SSLMode = 'Require'
TLSProtocol = '1.2'
PostgresCommandTimeout = 0
DependsOn = '[WaitForSense]Repository'
}
$CentralNode = $AllNodes.Where{$_.Role -eq 'Central'}.NodeName
$NodeSetup = @(Get-ChildItem "$ClusterLocalPath\Install\node-*.msi")[0].Name
# Upgrade the version of node js used by the Sense service dispatcher
if ($NodeSetup) {
Package NodeJS {
Name = 'Node.js'
Path = "\\$CentralNode\Clarity\Install\$NodeSetup"
ProductId = '{A6606125-61E2-43C3-BFCF-0E571EC56656}'
Arguments = 'INSTALLDIR="C:\Program Files\Qlik\Sense\ServiceDispatcher\Node" REBOOT=ReallySuppress /norestart'
Credential = $Node.ServiceAccount
Ensure = 'Present'
DependsOn = '[QlikProxy]Local', '[QlikVirtualProxy]Default'
}
}
}
}

122
bt-autoscaler/terraform/roots/scripts/install-sense.ps1 Normal file
View File

@@ -0,0 +1,122 @@
Configuration Main {
Param (
[string]$SenseSetupUri = "https://da3hntz84uekx.cloudfront.net/QlikSense/11.24/0/_MSI/Qlik_Sense_setup.exe",
[string]$SenseUpdateUri = "https://da3hntz84uekx.cloudfront.net/QlikSense/11.24/1/_MSI/Qlik_Sense_update.exe",
[string]$DownloadPath = $env:temp,
[PSCredential]$SenseService,
[Parameter(ParameterSetName = "Central")]
[PSCredential]$QlikAdmin,
[string]$ClusterShareHost,
[string]$Hostname,
[Parameter(ParameterSetName = "Central")]
$LicenseSerial = $ConfigurationData.NonNodeData.License.Serial,
[Parameter(ParameterSetName = "Central")]
$LicenseControl = $ConfigurationData.NonNodeData.License.Control,
[Parameter(ParameterSetName = "Central")]
$LicenseOrg = $ConfigurationData.NonNodeData.License.Organization,
[Parameter(ParameterSetName = "Central")]
$LicenseName = $ConfigurationData.NonNodeData.License.Name,
[Parameter(ParameterSetName = "Central", Mandatory = $false)]
$LicenseLef = $ConfigurationData.NonNodeData.License.Lef,
[Parameter(ParameterSetName = "RimNode")]
$CentralNode,
[Parameter(ParameterSetName = "RimNode")]
[ValidateSet("Proxy", "Engine", "ProxyEngine", "Scheduler", "All")]
$NodeType = "All"
)
Import-DscResource -ModuleName PSDesiredStateConfiguration, xPSDesiredStateConfiguration, QlikResources
Node localhost
{
User QlikAdmin
{
UserName = $QlikAdmin.GetNetworkCredential().UserName
Password = $QlikAdmin
FullName = 'QlikAdmin'
PasswordChangeRequired = $false
PasswordNeverExpires = $true
Ensure = 'Present'
}
User SenseService
{
UserName = $SenseService.GetNetworkCredential().UserName
Password = $SenseService
FullName = 'Qlik Sense Service Account'
PasswordChangeNotAllowed = $true
PasswordChangeRequired = $false
PasswordNeverExpires = $true
Ensure = 'Present'
}
Group Administrators
{
GroupName = 'Administrators'
MembersToInclude = $QlikAdmin.GetNetworkCredential().UserName, $SenseService.GetNetworkCredential().UserName
}
File DownloadPath
{
Type = 'Directory'
DestinationPath = Join-Path -Path $DownloadPath -ChildPath $Name
Ensure = 'Present'
}
$SenseSetupPath = Join-Path -Path $DownloadPath -ChildPath $SenseSetupUri.Substring($SenseSetupUri.LastIndexOf('/') + 1)
xRemoteFile SenseSetup
{
DestinationPath = $SenseSetupPath
Uri = $SenseSetupUri
MatchSource = $false
}
$SenseUpdatePath = Join-Path -Path $DownloadPath -ChildPath $SenseUpdateUri.Substring($SenseUpdateUri.LastIndexOf('/') + 1)
xRemoteFile SenseUpdate
{
DestinationPath = $SenseUpdatePath
Uri = $SenseUpdateUri
MatchSource = $false
}
if ($PsCmdlet.ParameterSetName -EQ 'Central') {
QlikCentral CentralNode
{
SenseService = $SenseService
QlikAdmin = $QlikAdmin
ProductName = "Qlik Sense November 2017 Patch 1"
SetupPath = $SenseSetupPath
PatchPath = $SenseUpdatePath
Hostname = $Hostname
ClusterShareHost = $ClusterShareHost
License = @{
Serial = $LicenseSerial
Control = $LicenseControl
Name = $LicenseName
Organization = $LicenseOrg
Lef = $LicenseLef
}
PSDscRunasCredential = $QlikAdmin
}
}
else {
QlikRimNode $Hostname
{
SenseService = $SenseService
QlikAdmin = $QlikAdmin
ProductName = "Qlik Sense November 2017 Patch 1"
SetupPath = $SenseSetupPath
PatchPath = $SenseUpdatePath
Hostname = $Hostname
CentralNode = $CentralNode
Proxy = (@('Proxy', 'ProxyEngine', 'All') -contains $NodeType)
Engine = (@('Engine', 'ProxyEngine', 'Scheduler', 'All') -contains $NodeType)
Printing = (@('Engine', 'ProxyEngine', 'All') -contains $NodeType)
Scheduler = (@('Scheduler', 'All') -contains $NodeType)
PSDscRunasCredential = $QlikAdmin
}
}
}
}

16
bt-autoscaler/terraform/roots/scripts/prep.ps1 Normal file
View File

@@ -0,0 +1,16 @@
# Push-Location ~/Downloads
# Invoke-WebRequest -Uri https://da3hntz84uekx.cloudfront.net/QlikSense/13.95/0/_MSI/Qlik_Sense_setup.exe -OutFile .\binaries\Qlik_Sense_setup.exe
# Invoke-WebRequest -Uri https://da3hntz84uekx.cloudfront.net/QlikSense/13.95/1/_MSI/Qlik_Sense_update.exe -OutFile .\binaries\Qlik_Sense_update.exe
Get-PackageProvider -Name NuGet -ForceBootstrap
Install-Module -Name GoogleCloud -Force
Install-Module -Name xPSDesiredStateConfiguration -Force
Install-Module -Name xNetworking -Force
Install-Module -Name xSmbShare -Force
Install-Module -Name Qlik-Cli -Force
Install-Module -Name QlikResources -Force
# $bucket = "qliksense"
# New-GcsObject -Bucket $bucket -Folder ".\binaries" -ObjectNamePrefix "binaries" -Force
# Pop-Location

0
bt-autoscaler/win-nfs_client-install.ps1 → bt-autoscaler/terraform/roots/scripts/win-nfs_client-install.ps1
View File