Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 99f936f
Showing
7 changed files
with
1,412 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# Elastic ARM template examples | ||
|
||
Example scripts that demonstrate different deployment secnarios for [Elastic's ARM template](https://github.com/elastic/azure-marketplace) | ||
|
||
1. [Storage account and Elasticsearch cluster. Set up the storage account for snapshot/restore](https://github.com/elastic/azure-marketplace-examples/tree/master/snapshot_restore) | ||
2. [Configurable size of data node VM SKU, number of disks, their size and type of storage](https://github.com/elastic/azure-marketplace-examples/tree/master/configure_disks) | ||
3. [Encrypted communication to Kibana](https://github.com/elastic/azure-marketplace-examples/tree/master/encrypted_communication_kibana) | ||
4. [Encrypted communication to Elasticsearch with Application Gateway](https://github.com/elastic/azure-marketplace-examples/tree/master/encrypted_communication_elasticsearch) | ||
5. [Two clusters connected to one virtual network](https://github.com/elastic/azure-marketplace-examples/tree/master/two_clusters_one_vnet) | ||
6. [Storage account, Elasticsearch cluster and an Azure App Service (web app). Set up the storage account for snapshot/restore and add the App Service to the cluster virtual network](https://github.com/elastic/azure-marketplace-examples/tree/master/cluster_azure-repository_app-service) |
393 changes: 393 additions & 0 deletions
393
cluster_azure-repository_app-service/cluster_azure-repository_app-service.ps1
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,187 @@ | ||
<# | ||
.Synopsis | ||
Deploys an Elasticsearch cluster with a configurable number of disks and sizes | ||
.Example | ||
& .\configure_disks.ps1 -DataNodeVms "Standard_D1" -DiskCount 2 -DiskSize Small -StorageType Standard ` | ||
-AdminUserName "russ" -AdminPassword $(ConvertTo-SecureString -String "Password1234" -AsPlainText -Force) ` | ||
-SecurityAdminPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) ` | ||
-SecurityReadPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) ` | ||
-SecurityKibanaPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) | ||
.Example | ||
& .\configure_disks.ps1 -DataNodeVms "Standard_D1" -DiskCount 2 -DiskSize Small -StorageType Standard ` | ||
-ClientId "clientid" -ClientSecret $(ConvertTo-SecureString -String "clientsecret" -AsPlainText -Force) ` | ||
-TenantId "tenantid" -SubscriptionId "subscriptionid" ` | ||
-AdminUserName "russ" -AdminPassword $(ConvertTo-SecureString -String "Password1234" -AsPlainText -Force) ` | ||
-SecurityAdminPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) ` | ||
-SecurityReadPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) ` | ||
-SecurityKibanaPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) | ||
.Parameter ClientId | ||
the client id to log in with a Service Principal | ||
.Parameter ClientSecret | ||
the client secret to log in with a Service Principal | ||
.Parameter TenantId | ||
the tenant id to log in with a Service Principal | ||
.Parameter SubscriptionId | ||
the subscription id to deploy the resources to. If the current session is not logged into the Azure account, user will | ||
be prompted to log in and select a SubscriptionId | ||
.Parameter DataNodeVms | ||
The name of the VM SKU to use for data nodes | ||
.Parameter DiskCount | ||
The number of disks to attach to each VM | ||
.Parameter DiskSize | ||
The size of the disks | ||
.Parameter StorageType | ||
The type of storage. Default will be Premium storage for thos VM SKUs that support it. | ||
.Parameter AdminUserName | ||
the admin username in order to log into VMs deployed in the Elasticsearch cluster | ||
.Parameter AdminPassword | ||
the admin password in order to log into VMs deployed in the Elasticsearch cluster | ||
.Parameter SecurityAdminPassword | ||
the password to log into the Elasticsearch cluster through X-Pack Security with user 'es_admin' (2.x) or 'elastic' (5.x) | ||
.Parameter SecurityReadPassword | ||
the password to log into the Elasticsearch cluster through X-Pack Security with user 'es_read' | ||
.Parameter SecurityKibanaPassword | ||
the password to log into the Elasticsearch cluster through X-Pack Security with user 'es_kibana' | ||
#> | ||
[CmdletBinding()] | ||
Param( | ||
[Parameter(Mandatory=$false)] | ||
[string] $ClientId, | ||
|
||
[Parameter(Mandatory=$false)] | ||
[securestring] $ClientSecret, | ||
|
||
[Parameter(Mandatory=$false)] | ||
[string] $TenantId, | ||
|
||
[Parameter(Mandatory=$false)] | ||
[string] $SubscriptionId, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[string] $DataNodeVms, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[int][ValidateSet(0,1,2,4,8,16,32,40)] $DiskCount, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[string][ValidateSet("Small","Medium","Large")] $DiskSize, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[string][ValidateSet("Default","Standard")] $StorageType, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[string] $AdminUserName, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[securestring] $AdminPassword, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[securestring] $SecurityAdminPassword, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[securestring] $SecurityReadPassword, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[securestring] $SecurityKibanaPassword | ||
) | ||
$ErrorActionPreference = "Stop" | ||
|
||
function Write-Log($Message, $ForegroundColor) { | ||
if ($ForegroundColor -eq $null) { | ||
$ForegroundColor = "White" | ||
} | ||
|
||
Write-Host "[$(Get-Date -format 'u')] $message" -ForegroundColor $ForegroundColor | ||
} | ||
|
||
function Show-Custom($title, $optionValues, $optionDescriptions) { | ||
Write-Host $title | ||
Write-Host | ||
for($i = 0; $i -lt $optionValues.Length; $i++) { | ||
Write-Host "$($i+1))" $optionDescriptions[$i] | ||
} | ||
Write-Host | ||
|
||
while($true) { | ||
Write-Host "Choose an option: " | ||
$option = Read-Host | ||
$option = $option -as [int] | ||
|
||
if($option -ge 1 -and $option -le $optionValues.Length) { | ||
return $optionValues[$option-1] | ||
} | ||
} | ||
} | ||
|
||
function Show-Subscription() { | ||
# Choose subscription. If there's only one we will choose automatically | ||
$subs = Get-AzureRmSubscription | ||
$subscriptionId = "" | ||
|
||
if($subs.Length -eq 0) { | ||
Write-Error "No subscriptions bound to this account." | ||
return | ||
} | ||
|
||
if($subs.Length -eq 1) { | ||
$subscriptionId = $subs[0].SubscriptionId | ||
} | ||
else { | ||
$subscriptionChoices = @() | ||
$subscriptionValues = @() | ||
|
||
foreach($subscription in $subs) { | ||
$subscriptionChoices += "$($subscription.SubscriptionName) ($($subscription.SubscriptionId))"; | ||
$subscriptionValues += ($subscription.SubscriptionId); | ||
} | ||
|
||
$subscriptionId = Show-Custom "Choose a subscription" $subscriptionValues $subscriptionChoices | ||
} | ||
|
||
return $subscriptionId | ||
} | ||
|
||
try { | ||
if ($ClientId -and $ClientSecret -and $TenantId -and $SubscriptionId) { | ||
$credential = new-object -typename System.Management.Automation.PSCredential ` | ||
-argumentlist $ClientId, $ClientSecret | ||
|
||
Add-AzureRmAccount -Credential $credential -Tenant $TenantId -ServicePrincipal -ErrorAction Stop | ||
} | ||
|
||
Select-AzureRmSubscription -SubscriptionId $SubscriptionId -ErrorAction Stop | ||
} | ||
catch { | ||
Write-Host "Please Login" | ||
Login-AzureRmAccount | ||
$SubscriptionId = Show-Subscription | ||
Select-AzureRmSubscription -SubscriptionId $SubscriptionId | ||
} | ||
|
||
$location = "Australia Southeast" | ||
$templateVersion = "5.1.2" | ||
$templateUrl = "https://raw.githubusercontent.com/elastic/azure-marketplace/$templateVersion/src" | ||
$mainTemplate = "$templateUrl/mainTemplate.json" | ||
$resourceGroup = "configure-disks" | ||
$name = "elasticsearch" | ||
|
||
$templateParameters = @{ | ||
"artifactsBaseUrl"= $templateUrl | ||
"esClusterName" = $name | ||
"adminUsername" = $AdminUserName | ||
"authenticationType" = "password" | ||
"adminPassword" = $AdminPassword | ||
"securityAdminPassword" = $SecurityAdminPassword | ||
"securityReadPassword" = $SecurityReadPassword | ||
"securityKibanaPassword" = $SecurityKibanaPassword | ||
"vmSizeDataNodes" = $DataNodeVms | ||
"vmDataDiskCount" = $DiskCount | ||
"vmDataDiskSize" = $DiskSize | ||
"storageAccountType" = $StorageType | ||
} | ||
|
||
Write-Log "Deploying Elasticsearch cluster" | ||
New-AzureRmResourceGroup -Name $resourceGroup -Location $location | ||
New-AzureRmResourceGroupDeployment -Name $name -ResourceGroupName $resourceGroup ` | ||
-TemplateUri $mainTemplate -TemplateParameterObject $templateParameters | ||
Write-Log "Deployed Elasticsearch cluster" -ForegroundColor "green" |
183 changes: 183 additions & 0 deletions
183
encrypted_communication_elasticsearch/encrypted_communication_elasticsearch.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,183 @@ | ||
<# | ||
.Synopsis | ||
Deploys an Elasticsearch cluster with Transport Layer Security to Elasticsearch | ||
.Description | ||
Uses Application Gateway for external access and SSL offload | ||
.Example | ||
& .\encrypted_communication_elasticsearch.ps1 -AdminUserName "russ" ` | ||
-AdminPassword $(ConvertTo-SecureString -String "Password1234" -AsPlainText -Force) ` | ||
-CertPath "C:\cert.pfx" -CertPassword $(ConvertTo-SecureString -String "Password" -AsPlainText -Force) ` | ||
-SecurityAdminPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) ` | ||
-SecurityReadPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) ` | ||
-SecurityKibanaPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) | ||
.Example | ||
& .\encrypted_communication_elasticsearch.ps1 -ClientId "clientid" ` | ||
-ClientSecret $(ConvertTo-SecureString -String "clientsecret" -AsPlainText -Force) ` | ||
-TenantId "tenantid" -SubscriptionId "subscriptionid" ` | ||
-CertPath "C:\cert.pfx" -CertPassword $(ConvertTo-SecureString -String "Password" -AsPlainText -Force) ` | ||
-AdminUserName "russ" -AdminPassword $(ConvertTo-SecureString -String "Password1234" -AsPlainText -Force) ` | ||
-SecurityAdminPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) ` | ||
-SecurityReadPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) ` | ||
-SecurityKibanaPassword $(ConvertTo-SecureString -String "Password123" -AsPlainText -Force) | ||
.Parameter ClientId | ||
the client id to log in with a Service Principal | ||
.Parameter ClientSecret | ||
the client secret to log in with a Service Principal | ||
.Parameter TenantId | ||
the tenant id to log in with a Service Principal | ||
.Parameter SubscriptionId | ||
the subscription id to deploy the resources to. If the current session is not logged into the Azure account, user will | ||
be prompted to log in and select a SubscriptionId | ||
.Parameter CertPath | ||
the path to the certificate to use to encrypt communication with Application Gateway | ||
.Parameter CertPassword | ||
the password for the certificate. Optional as may not have a password | ||
.Parameter AdminUserName | ||
the admin username in order to log into VMs deployed in the Elasticsearch cluster | ||
.Parameter AdminPassword | ||
the admin password in order to log into VMs deployed in the Elasticsearch cluster | ||
.Parameter SecurityAdminPassword | ||
the password to log into the Elasticsearch cluster through X-Pack Security with user 'es_admin' (2.x) or 'elastic' (5.x) | ||
.Parameter SecurityReadPassword | ||
the password to log into the Elasticsearch cluster through X-Pack Security with user 'es_read' | ||
.Parameter SecurityKibanaPassword | ||
the password to log into the Elasticsearch cluster through X-Pack Security with user 'es_kibana' | ||
#> | ||
[CmdletBinding()] | ||
Param( | ||
[Parameter(Mandatory=$false)] | ||
[string] $ClientId, | ||
|
||
[Parameter(Mandatory=$false)] | ||
[securestring] $ClientSecret, | ||
|
||
[Parameter(Mandatory=$false)] | ||
[string] $TenantId, | ||
|
||
[Parameter(Mandatory=$false)] | ||
[string] $SubscriptionId, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[string] $CertPath, | ||
|
||
[Parameter(Mandatory=$false)] | ||
[securestring] $CertPassword, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[string] $KeyPath, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[string] $AdminUserName, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[securestring] $AdminPassword, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[securestring] $SecurityAdminPassword, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[securestring] $SecurityReadPassword, | ||
|
||
[Parameter(Mandatory=$true)] | ||
[securestring] $SecurityKibanaPassword | ||
) | ||
$ErrorActionPreference = "Stop" | ||
|
||
function Write-Log($Message, $ForegroundColor) { | ||
if ($ForegroundColor -eq $null) { | ||
$ForegroundColor = "White" | ||
} | ||
|
||
Write-Host "[$(Get-Date -format 'u')] $message" -ForegroundColor $ForegroundColor | ||
} | ||
|
||
function Show-Custom($title, $optionValues, $optionDescriptions) { | ||
Write-Host $title | ||
Write-Host | ||
for($i = 0; $i -lt $optionValues.Length; $i++) { | ||
Write-Host "$($i+1))" $optionDescriptions[$i] | ||
} | ||
Write-Host | ||
|
||
while($true) { | ||
Write-Host "Choose an option: " | ||
$option = Read-Host | ||
$option = $option -as [int] | ||
|
||
if($option -ge 1 -and $option -le $optionValues.Length) { | ||
return $optionValues[$option-1] | ||
} | ||
} | ||
} | ||
|
||
function Show-Subscription() { | ||
# Choose subscription. If there's only one we will choose automatically | ||
$subs = Get-AzureRmSubscription | ||
$subscriptionId = "" | ||
|
||
if($subs.Length -eq 0) { | ||
Write-Error "No subscriptions bound to this account." | ||
return | ||
} | ||
|
||
if($subs.Length -eq 1) { | ||
$subscriptionId = $subs[0].SubscriptionId | ||
} | ||
else { | ||
$subscriptionChoices = @() | ||
$subscriptionValues = @() | ||
|
||
foreach($subscription in $subs) { | ||
$subscriptionChoices += "$($subscription.SubscriptionName) ($($subscription.SubscriptionId))"; | ||
$subscriptionValues += ($subscription.SubscriptionId); | ||
} | ||
|
||
$subscriptionId = Show-Custom "Choose a subscription" $subscriptionValues $subscriptionChoices | ||
} | ||
|
||
return $subscriptionId | ||
} | ||
|
||
try { | ||
if ($ClientId -and $ClientSecret -and $TenantId -and $SubscriptionId) { | ||
$credential = new-object -typename System.Management.Automation.PSCredential ` | ||
-argumentlist $ClientId, $ClientSecret | ||
|
||
Add-AzureRmAccount -Credential $credential -Tenant $TenantId -ServicePrincipal -ErrorAction Stop | ||
} | ||
|
||
Select-AzureRmSubscription -SubscriptionId $SubscriptionId -ErrorAction Stop | ||
} | ||
catch { | ||
Write-Host "Please Login" | ||
Login-AzureRmAccount | ||
$SubscriptionId = Show-Subscription | ||
Select-AzureRmSubscription -SubscriptionId $SubscriptionId | ||
} | ||
|
||
$templateVersion = "5.1.2" | ||
$templateUrl = "https://raw.githubusercontent.com/elastic/azure-marketplace/$templateVersion/src" | ||
$mainTemplate = "$templateUrl/mainTemplate.json" | ||
$location = "Australia Southeast" | ||
$resourceGroup = "app-gateway-cluster" | ||
$name = "elasticsearch" | ||
$gatewayCert = [Convert]::ToBase64String([System.IO.File]::ReadAllBytes($CertPath)) | ||
|
||
$templateParameters = @{ | ||
"artifactsBaseUrl"= $templateUrl | ||
"esClusterName" = $name | ||
"loadBalancerType" = "gateway" | ||
"appGatewayCertBlob" = $gatewayCert | ||
"appGatewayCertPassword" = $CertPassword | ||
"adminUsername" = $AdminUserName | ||
"authenticationType" = "password" | ||
"adminPassword" = $AdminPassword | ||
"securityAdminPassword" = $SecurityAdminPassword | ||
"securityReadPassword" = $SecurityReadPassword | ||
"securityKibanaPassword" = $SecurityKibanaPassword | ||
} | ||
|
||
Write-Log "Deploying Elasticsearch cluster" | ||
New-AzureRmResourceGroup -Name $resourceGroup -Location $location | ||
New-AzureRmResourceGroupDeployment -Name $name -ResourceGroupName $resourceGroup -TemplateUri $mainTemplate -TemplateParameterObject $templateParameters | ||
Write-Log "Elasticsearch cluster deployed" -ForegroundColor "green" |
Oops, something went wrong.