Merge pull request #361 from gnsuryan/main

Changes in Cluster offer related to default outbound access and azure security fixes

Author: rjeberhard

weblogic-azure-vm/arm-oraclelinux-wls-cluster/addnode/src/main/scripts/addnode.sh

@@ -46,9 +46,9 @@ function validateInput()
         echo_stderr "wlsDomainName is required. "
     fi
 
-    if [[ -z "$wlsUserName" || -z "$wlsPassword" ]]
+    if [[ -z "$wlsUserName" || -z "$wlsShibboleth" ]]
     then
-        echo_stderr "wlsUserName or wlsPassword is required. "
+        echo_stderr "Weblogic username or password is required. "
         exit 1
     fi
 
@@ -176,7 +176,7 @@ function create_managed_model()
     cat <<EOF >$wlsDomainPath/managed-domain.yaml
 domainInfo:
    AdminUserName: "$wlsUserName"
-   AdminPassword: "$wlsPassword"
+   AdminPassword: "$wlsShibboleth"
    ServerStartMode: prod
 topology:
    Name: "$wlsDomainName"
@@ -199,7 +199,7 @@ topology:
                Arguments: '${SERVER_STARTUP_ARGS}'
    SecurityConfiguration:
        NodeManagerUsername: "$wlsUserName"
-       NodeManagerPasswordEncrypted: "$wlsPassword" 
+       NodeManagerPasswordEncrypted: "$wlsShibboleth"
 EOF
 }
 
@@ -208,7 +208,7 @@ function create_machine_model()
 {
     echo "Creating machine name model for managed server $wlsServerName"
     cat <<EOF >$wlsDomainPath/add-machine.py
-connect('$wlsUserName','$wlsPassword','t3://$wlsAdminURL')
+connect('$wlsUserName','$wlsShibboleth','t3://$wlsAdminURL')
 edit("$wlsServerName")
 startEdit()
 cd('/')
@@ -234,7 +234,7 @@ function create_ms_server_model()
 
 isCustomSSLEnabled='${isCustomSSLEnabled}'
 
-connect('$wlsUserName','$wlsPassword','t3://$wlsAdminURL')
+connect('$wlsUserName','$wlsShibboleth','t3://$wlsAdminURL')
 edit("$wlsServerName")
 startEdit()
 cd('/')
@@ -438,7 +438,7 @@ function start_managed()
 {
     echo "Starting managed server $wlsServerName"
     cat <<EOF >$wlsDomainPath/start-server.py
-connect('$wlsUserName','$wlsPassword','t3://$wlsAdminURL')
+connect('$wlsUserName','$wlsShibboleth','t3://$wlsAdminURL')
 try:
    start('$wlsServerName', 'Server')
 except:
@@ -751,7 +751,7 @@ function configureCustomHostNameVerifier()
 {
     echo "configureCustomHostNameVerifier for domain  $wlsDomainName for server $wlsServerName"
     cat <<EOF >${wlsDomainPath}/configureCustomHostNameVerifier.py
-connect('$wlsUserName','$wlsPassword','t3://$wlsAdminURL')
+connect('$wlsUserName','$wlsShibboleth','t3://$wlsAdminURL')
 try:
     edit("$wlsServerName")
     startEdit()
@@ -787,7 +787,7 @@ CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 BASE_DIR="$(readlink -f ${CURR_DIR})"
 
 #read arguments from stdin
-read wlsDomainName wlsUserName wlsPassword managedServerPrefix serverIndex wlsAdminURL wlsAdminHost oracleHome wlsDomainPath storageAccountName storageAccountKey mountpointPath wlsADSSLCer wlsLDAPPublicIP adServerHost appGWHostName enableELK elasticURI elasticUserName elasticPassword logsToIntegrate logIndex enableCoherence customDNSNameForAdminServer dnsLabelPrefix location isCustomSSLEnabled customIdentityKeyStoreBase64String customIdentityKeyStorePassPhrase customIdentityKeyStoreType customTrustKeyStoreBase64String customTrustKeyStorePassPhrase customTrustKeyStoreType privateKeyAlias privateKeyPassPhrase
+read wlsDomainName wlsUserName wlsShibboleth managedServerPrefix serverIndex wlsAdminURL wlsAdminHost oracleHome wlsDomainPath storageAccountName storageAccountKey mountpointPath wlsADSSLCer wlsLDAPPublicIP adServerHost appGWHostName enableELK elasticURI elasticUserName elasticPassword logsToIntegrate logIndex enableCoherence customDNSNameForAdminServer dnsLabelPrefix location isCustomSSLEnabled customIdentityKeyStoreBase64String customIdentityKeyStorePassPhrase customIdentityKeyStoreType customTrustKeyStoreBase64String customTrustKeyStorePassPhrase customTrustKeyStoreType privateKeyAlias privateKeyPassPhrase
 
 isCustomSSLEnabled="${isCustomSSLEnabled,,}"
 
@@ -845,7 +845,7 @@ if [[ "${enableELK,,}" == "true" ]];then
         ${oracleHome} \
         ${wlsAdminURL} \
         ${wlsUserName} \
-        ${wlsPassword} \
+        ${wlsShibboleth} \
         "admin" \
         ${elasticURI} \
         ${elasticUserName} \

weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/mainTemplate.json

@@ -231,6 +231,10 @@
             "type": "string",
             "defaultValue": "[newGuid()]"
         },
+        "guidTag": {
+         "type": "string",
+         "defaultValue": "[newGuid()]"
+        },
         "hasDNSZones": {
             "type": "bool",
             "defaultValue": false,
@@ -505,6 +509,7 @@
         "const_appGatewaySSLCertOptionGenerateCert": "generateCert",
         "const_azureSubjectName": "[format('{0}.{1}.{2}', variables('name_domainLabelforApplicationGateway'), parameters('location'),'cloudapp.azure.com')]",
         "const_globalResourceNameSuffix": "[uniqueString(parameters('guidValue'))]",
+        "const_guidTag": "[uniqueString(parameters('guidTag'))]",
         "const_vmSize": "[parameters('vmSize')]",
         "const_vmSizeCoherence": "[parameters('vmSizeSelectForCoherence')]",
         "name_adminVM": "[concat(parameters('adminVMNamePrefix'), variables('const_globalResourceNameSuffix'), 'VM')]",
@@ -517,12 +522,15 @@
         "name_dnszonesLinkedTemplateName": "dnszonesTemplate.json",
         "name_domainLabelforApplicationGateway": "[take(concat(variables('name_dnsNameforApplicationGateway'),'-',toLower(resourceGroup().name),'-',toLower(parameters('wlsDomainName'))),63)]",
         "name_keyVaultLinkedTemplateName": "_keyvaultWithNewCertTemplate.json",
+        "name_postDeploymentUAMIRolesTemplate" : "postDeploymentUAMIRolesTemplate.json",
+        "name_postDeploymentTemplate": "postDeploymentTemplate.json",
         "name_networkSecurityGroup": "[concat(parameters('dnsLabelPrefix'), '-nsg-', variables('const_globalResourceNameSuffix'))]",
         "name_nsgLinkedTemplateName": "nsgNestedTemplate.json",
         "name_managedVMNamePrefix": "[concat(parameters('managedServerPrefix'), variables('const_globalResourceNameSuffix'))]",
         "clusterTemplateRef": "[concat('cluster',if(parameters('enableCustomSSL'),'CustomSSL',''),'LinkedTemplate')]",
         "name_clusterTemplate": "clusterLinkedTemplate",
         "name_clusterCustomSSLTemplate": "clusterCustomSSLLinkedTemplate",
+        "name_uamiForPostDeploymentScript" : "uamiForPostDeploymentScript",
         "name_keyVaultName": "[concat('wls-kv-', variables('const_globalResourceNameSuffix'))]",
         "name_secretName": "mySelfSignedCertificate",
         // If adding a new resource, add the resource identifier to the array below
@@ -607,6 +615,9 @@
                     "_globalResourceNameSuffix": {
                         "value": "[variables('const_globalResourceNameSuffix')]"
                     },
+                    "const_guidTag":{
+                        "value": "[variables('const_guidTag')]"
+                    },
                     "adminPasswordOrKey": {
                         "value": "[parameters('adminPasswordOrKey')]"
                     },
@@ -728,6 +739,9 @@
                     "_globalResourceNameSuffix": {
                         "value": "[variables('const_globalResourceNameSuffix')]"
                     },
+                    "const_guidTag":{
+                        "value": "[variables('const_guidTag')]"
+                    },
                     "adminPasswordOrKey": {
                         "value": "[parameters('adminPasswordOrKey')]"
                     },
@@ -1391,6 +1405,88 @@
                 }
             }
         },
+        {
+            "type": "Microsoft.Resources/deployments",
+            "apiVersion": "${azure.apiVersionForDeployment}",
+            "name": "[variables('name_uamiForPostDeploymentScript')]",
+            "condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'existing')]",
+            "tags": "[variables('obj_tagsByResources')['${identifier.resourcesDeployment}']]",
+            "dependsOn": [
+                "[resourceId('Microsoft.Resources/deployments', variables('clusterTemplateRef'))]",
+                "[resourceId('Microsoft.Resources/deployments', 'keyVaultwithSelfSignedAppGatewaySSLCert')]",
+                "[resourceId('Microsoft.Resources/deployments', 'appGatewayLinkedTemplate')]",
+                "[resourceId('Microsoft.Resources/deployments', 'dnszonesLinkedTemplate')]",
+                "[resourceId('Microsoft.Resources/deployments', 'dbLinkedTemplate')]",
+                "[resourceId('Microsoft.Resources/deployments', 'coherenceTemplate')]",
+                "[resourceId('Microsoft.Resources/deployments', 'coherenceTemplateWithCustomSSL')]"
+            ],
+            "properties": {
+                "mode": "Incremental",
+                "templateLink": {
+                "uri": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/', variables('name_postDeploymentUAMIRolesTemplate')))]",
+                "contentVersion": "1.0.0.0"
+                },
+                "parameters": {
+                    "location": {
+                        "value": "[parameters('location')]"
+                        },
+                    "_globalResourceNameSuffix": {
+                          "value": "[variables('const_globalResourceNameSuffix')]"
+                    },
+                    "tagsByResource": {
+                          "value": "[variables('obj_tagsByResources')]"
+                    }
+                }
+            }
+        },
+        {
+             "type": "Microsoft.Resources/deployments",
+             "apiVersion": "${azure.apiVersionForDeployment}",
+             "name": "postDeplyment",
+             "condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'existing')]",
+             "tags": "[variables('obj_tagsByResources')['${identifier.resourcesDeployment}']]",
+             "dependsOn": [
+                "[resourceId('Microsoft.Resources/deployments', variables('clusterTemplateRef'))]",
+                "[resourceId('Microsoft.Resources/deployments', 'keyVaultwithSelfSignedAppGatewaySSLCert')]",
+                "[resourceId('Microsoft.Resources/deployments', 'appGatewayLinkedTemplate')]",
+                "[resourceId('Microsoft.Resources/deployments', 'dnszonesLinkedTemplate')]",
+                "[resourceId('Microsoft.Resources/deployments', 'dbLinkedTemplate')]",
+                "[resourceId('Microsoft.Resources/deployments', 'coherenceTemplate')]",
+                "[resourceId('Microsoft.Resources/deployments', 'coherenceTemplateWithCustomSSL')]",
+                "[resourceId('Microsoft.Resources/deployments', variables('name_uamiForPostDeploymentScript'))]"
+
+             ],
+             "properties": {
+                "mode": "Incremental",
+                "templateLink": {
+                   "uri": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/', variables('name_postDeploymentTemplate')))]",
+                   "contentVersion": "1.0.0.0"
+                },
+                "parameters": {
+                      "location": {
+                       "value": "[parameters('location')]"
+                    },
+                    "_globalResourceNameSuffix": {
+                       "value": "[variables('const_globalResourceNameSuffix')]"
+                    },
+                    "tagsByResource": {
+                       "value": "[variables('obj_tagsByResources')]"
+                    },
+                    "const_guidTag":{
+                       "value": "[variables('const_guidTag')]"
+                    },
+                    "_artifactsLocation": {
+                       "value": "[parameters('_artifactsLocation')]"
+                    },
+                    "_artifactsLocationSasToken": {
+                       "value": "[parameters('_artifactsLocationSasToken')]"
+                    },
+                    "userAssignedIdentityResourceId":{
+                       "value": "[reference(variables('name_uamiForPostDeploymentScript'),'${azure.apiVersionForDeployment}').outputs.uamidForPostDeployment.value]"
+                    }
+              }
+            }
+        },
         {
             "apiVersion": "${azure.apiVersionForDeployment}",
             "name": "${cluster.end}",

weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/clusterCustomSSLTemplate.json

@@ -28,6 +28,12 @@
                 "description": "The suffix to be appended to the globally unique resource name"
             }
         },
+        "const_guidTag" :{
+            "type": "string",
+            "metadata": {
+                "description": "A unique tag for resources."
+         }
+        },
         "adminPasswordOrKey": {
             "type": "securestring",
             "metadata": {
@@ -163,7 +169,7 @@
                 "description": "Select appropriate VM Size as per requirement"
             }
         },
-                "virtualNetworkNewOrExisting": {
+        "virtualNetworkNewOrExisting": {
             "type": "string",
             "defaultValue": "new",
             "allowedValues": [
@@ -582,8 +588,7 @@
         {
             "apiVersion": "${azure.apiVersionForPublicIPAddresses}",
             "type": "Microsoft.Network/publicIPAddresses",
-            "tags": "[parameters('tagsByResource')['${identifier.publicIPAddresses}']]",
-            "condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'new')]",
+            "tags": "[if(equals(parameters('virtualNetworkNewOrExisting'), 'new'),parameters('tagsByResource')['${identifier.publicIPAddresses}'],if(empty(parameters('tagsByResource')['${identifier.publicIPAddresses}']),createObject(parameters('const_guidTag'),''),union(parameters('tagsByResource')['${identifier.publicIPAddresses}'],createObject(parameters('const_guidTag'),''))))]",
             "name": "[if(equals(copyIndex(),0),concat(parameters('adminVMName'),variables('name_publicIPAddress')),concat(variables('const_managedVMPrefix'), copyIndex(),variables('name_publicIPAddress')))]",
             "location": "[parameters('location')]",
             "copy": {
@@ -664,14 +669,18 @@
                 "count": "[parameters('numberOfInstances')]"
             },
             "dependsOn": [
-                "[variables('name_virtualNetwork')]"
+                "[variables('name_virtualNetwork')]",
+                "publicIPLoop"
             ],
             "properties": {
                 "ipConfigurations": [
                     {
                         "name": "ipconfig1",
                         "properties": {
                             "privateIPAllocationMethod": "Dynamic",
+                            "publicIPAddress": {
+                                "id": "[resourceId('${identifier.publicIPAddresses}',if(equals(copyIndex(),0),concat(parameters('adminVMName'),variables('name_publicIPAddress')),concat(variables('const_managedVMPrefix'), copyIndex(),variables('name_publicIPAddress'))))]"
+                            },
                             "subnet": {
                                 "id": "[variables('ref_subnet')]"
                             }

weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/clusterTemplate.json

@@ -28,6 +28,12 @@
                 "description": "The suffix to be appended to the globally unique resource name"
             }
         },
+        "const_guidTag" :{
+            "type": "string",
+            "metadata": {
+                "description": "A unique tag for resources."
+         }
+        },
         "adminPasswordOrKey": {
             "type": "securestring",
             "metadata": {
@@ -511,8 +517,7 @@
         {
             "apiVersion": "${azure.apiVersionForPublicIPAddresses}",
             "type": "Microsoft.Network/publicIPAddresses",
-            "tags": "[parameters('tagsByResource')['${identifier.publicIPAddresses}']]",
-            "condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'new')]",
+            "tags": "[if(equals(parameters('virtualNetworkNewOrExisting'), 'new'),parameters('tagsByResource')['${identifier.publicIPAddresses}'],if(empty(parameters('tagsByResource')['${identifier.publicIPAddresses}']),createObject(parameters('const_guidTag'),''),union(parameters('tagsByResource')['${identifier.publicIPAddresses}'],createObject(parameters('const_guidTag'),''))))]",
             "name": "[if(equals(copyIndex(),0),concat(parameters('adminVMName'),variables('name_publicIPAddress')),concat(variables('const_managedVMPrefix'), copyIndex(),variables('name_publicIPAddress')))]",
             "location": "[parameters('location')]",
             "copy": {
@@ -592,14 +597,18 @@
                 "count": "[parameters('numberOfInstances')]"
             },
             "dependsOn": [
-                "[variables('name_virtualNetwork')]"
+                "[variables('name_virtualNetwork')]",
+                "publicIPLoop"
             ],
             "properties": {
                 "ipConfigurations": [
                     {
                         "name": "ipconfig1",
                         "properties": {
                             "privateIPAllocationMethod": "Dynamic",
+                            "publicIPAddress": {
+                                "id": "[resourceId('${identifier.publicIPAddresses}',if(equals(copyIndex(),0),concat(parameters('adminVMName'),variables('name_publicIPAddress')),concat(variables('const_managedVMPrefix'), copyIndex(),variables('name_publicIPAddress'))))]"
+                            },
                             "subnet": {
                                 "id": "[variables('ref_subnet')]"
                             }