diff --git a/.github/actions/createPostgresqlFlexibleServer/action.yml b/.github/actions/createPostgresqlFlexibleServer/action.yml index 20a3432aa..4e88d3da7 100644 --- a/.github/actions/createPostgresqlFlexibleServer/action.yml +++ b/.github/actions/createPostgresqlFlexibleServer/action.yml @@ -57,6 +57,6 @@ runs: az postgres flexible-server firewall-rule create \ -g ${{ inputs.resourceGroupName }} \ -n ${{ inputs.dbName }} \ - -r "AllowAllWindowsAzureIps" \ + -r "AllowAllAzureServices" \ --start-ip-address "0.0.0.0" \ --end-ip-address "0.0.0.0" diff --git a/.github/workflows/testWlsVmAdmin.yml b/.github/workflows/testWlsVmAdmin.yml index c475737ff..005faff87 100644 --- a/.github/workflows/testWlsVmAdmin.yml +++ b/.github/workflows/testWlsVmAdmin.yml @@ -6,18 +6,18 @@ name: Test Admin Server on VM on: workflow_dispatch: inputs: - enableELK: - description: "Specify whether to enable ELK depoyment or not." - required: true - default: "false" ref: description: 'Specify Git Ref if needed.' required: false default: 'refs/heads/main' + location: + description: 'The location for the resources' + required: true + default: eastus # Allows you to run this workflow using GitHub APIs # PERSONAL_ACCESS_TOKEN= # REPO_NAME=mriccell/weblogic-azure - # curl --verbose -XPOST -u "mriccell:${PERSONAL_ACCESS_TOKEN}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/${REPO_NAME}/dispatches --data '{"event_type": "test-vm-admin", "client_payload": {"enableELK": "false", "ref": "refs/heads/main"}}' + # curl --verbose -XPOST -u "mriccell:${PERSONAL_ACCESS_TOKEN}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/${REPO_NAME}/dispatches --data '{"event_type": "test-vm-admin", "client_payload": {"ref": "refs/heads/main"}}' repository_dispatch: types: [test-vm-admin,integration-test-all] @@ -28,12 +28,7 @@ env: dbAdminUser: weblogic dbName: wlsdb${{ github.run_id }}${{ github.run_number }} dbServerName: weblogicdb - elkURI: ${{ secrets.ELK_URI }} - elkUser: ${{ secrets.ELK_USER_NAME }} - elkPassword: ${{ secrets.ELK_PSW }} gitToken: ${{ secrets.GIT_TOKEN }} - location: eastus - nsg: wls-nsg offerName: arm-oraclelinux-wls-admin adminOfferPath: weblogic-azure/weblogic-azure-vm/arm-oraclelinux-wls-admin testbranchName: cicd-${{ github.run_id }}-${{ github.run_number }} @@ -50,33 +45,31 @@ env: jobs: preflight: outputs: - enableELK: ${{ steps.setup-env-variables-based-on-dispatch-event.outputs.enableELK }} - artifactName: ${{steps.artifact_file.outputs.artifactName}} + location: ${{ steps.setup-env-variables-based-on-dispatch-event.outputs.location }} + artifactName: ${{steps.artifact_file.outputs.artifactName}} runs-on: ubuntu-latest steps: - name: Setup environment variables id: setup-env-variables-based-on-dispatch-event run: | + location=eastus # default value + if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then - enableELK=${{ github.event.inputs.enableELK }} ref=${{ github.event.inputs.ref }} + location=${{ github.event.inputs.location }} else - enableELK=${{ github.event.client_payload.enableELK }} ref=${{ github.event.client_payload.ref }} - fi - - if [ -z "$enableELK" ]; then - enableELK='false' + location=${{ github.event.client_payload.location }} fi if [ -z "$ref" ]; then ref='refs/heads/main' fi - echo "##[set-output name=enableELK;]${enableELK}" echo "##[set-output name=ref;]${ref}" - echo "enableELK=${enableELK}" >> $GITHUB_ENV + echo "##[set-output name=location;]${location}" echo "ref=${ref}" >> $GITHUB_ENV + echo "location=${location}" >> $GITHUB_ENV - uses: actions/checkout@v2.3.4 - name: Set up Maven with GitHub token uses: ./.github/actions/setupmaven @@ -173,6 +166,9 @@ jobs: needs: preflight runs-on: ubuntu-latest steps: + - name: Initialize environment variables + run: | + echo "location=${{needs.preflight.outputs.location}}" >> $GITHUB_ENV - uses: azure/login@v1 id: azure-login with: @@ -217,6 +213,10 @@ jobs: ] steps: + - name: Initialize environment variables + run: | + echo "location=${{needs.preflight.outputs.location}}" >> $GITHUB_ENV + echo "artifactName=${{ needs.preflight.outputs.artifactName }}" >> $GITHUB_ENV - name: Checkout ${{env.repoOwner}}/${{env.repoName}} uses: actions/checkout@v2 with: @@ -226,6 +226,7 @@ jobs: uses: actions/download-artifact@v4 with: name: ${{ needs.preflight.outputs.artifactName }} + path: ${{needs.preflight.outputs.artifactName}} - uses: azure/login@v1 id: azure-login @@ -251,19 +252,21 @@ jobs: id: prepare-deployed-parameters-and-test-script run: | repoPath=${GITHUB_REPOSITORY//\//\\/} - sed -i "s/#location#/$location/g; \ - s/#adminPasswordOrKey#/$wlsPassword/g; \ - s/#wlsdomainname#/$wlsDomainName/g; \ - s/#wlsusername#/$wlsUserName/g; \ - s/#wlspassword#/$wlsPassword/g; \ - s/#adminvmname#/$adminVMName/g; \ - s/#skuUrnVersion#/${{ matrix.images }}/g; \ - s/#testbranchName#/$testbranchName/g; \ - s/#repoPath#/$repoPath/g" \ - ${{ env.adminOfferPath }}/test/data/parameters-test.json - - sed -i "s/#adminPasswordOrKey#/$wlsPassword/g" \ - ${{ env.adminOfferPath }}/test/scripts/verify-wls-path.sh + # Generate parameters for db template deployment + bash ${{ env.adminOfferPath }}/test/scripts/gen-parameters-deploy.sh \ + <<< "${{ env.adminOfferPath }}/test/scripts/ \ + $wlsPassword \ + ${{ matrix.images }} \ + $wlsDomainName \ + ${{ env.adminVMName }} \ + ${{ env.wlsPassword}} \ + ${{ env.dbAdminUser }} \ + ${{ env.dbName }} \ + ${{ env.location }} \ + ${{ env.wlsUserName }} \ + ${{ env.wlsPassword }} \ + ${GITHUB_REPOSITORY} \ + ${{ env.testbranchName }}" - name: Accept Image Terms id: accept-terms @@ -277,127 +280,58 @@ jobs: - name: Deploy WebLogic Server Admin only Domain offer id: deploy-wls-admin run: | - artifactName=${{ needs.preflight.outputs.artifactName }} - echo "artifactName=${{ needs.preflight.outputs.artifactName }}" >> $GITHUB_ENV - - az deployment group create \ - --verbose \ - --resource-group $resourceGroup \ - --name wls-admin-node \ - --parameters @${{ env.adminOfferPath }}/test/data/parameters-test.json \ - --template-file ${artifactName}/mainTemplate.json - - - name: Verify Network Security Group - id: verify-nsg - run: | - echo "query nsg name, will exit with error if nsg does not exist." - az network nsg show -g $resourceGroup -n ${nsg} --query "name" - - - name: Get IP of build machine - id: get-ip-address - run: | - myIP=$(dig @ns1.google.com TXT o-o.myaddr.l.google.com +short | tr -d "\"") - echo "myIP=${myIP}" >> $GITHUB_ENV + az deployment group create \ + --verbose \ + --resource-group $resourceGroup \ + --name wls-admin-node \ + --parameters @${{ env.adminOfferPath }}/test/scripts/parameters-deploy.json \ + --template-file ${artifactName}/mainTemplate.json + + # query the admin vm name + export adminVMName=$(az deployment group show \ + --resource-group $resourceGroup \ + --name wls-admin-node \ + --query "properties.outputs.adminVMName.value" -o tsv) + echo "adminVMName=${adminVMName}" >> $GITHUB_ENV - - name: Add ip address to security rule to access the wls machine - id: add-ip-to-security-rule + - name: Verify system services at admin server + id: veriy-admin-service run: | - echo "query existing source address prefixes" - attempt=0 - toCreateRule101=false - while [[ -z `az network nsg show -g $resourceGroup -n ${nsg} | grep "NRMS-Rule-101"` && $attempt -le 5 ]] - do - if [ $attempt -eq 5 ]; then - toCreateRule101=true - fi - echo "network security group rule NRMS-Rule-101 is not ready" - sleep 1m - attempt=$((attempt + 1)) - done - if [ $toCreateRule101 == true ]; then - az network nsg rule create --name NRMS-Rule-101 \ - --nsg-name ${nsg} \ - --priority 101 \ - --resource-group $resourceGroup \ - --access Allow \ - --destination-address-prefixes "*" \ - --destination-port-ranges 22 43 \ - --direction Inbound \ - --protocol Tcp \ - --source-address-prefixes $myIP - else - sourceAddressPrefixes=$(az network nsg rule show \ - --resource-group $resourceGroup \ - --nsg-name ${nsg} \ - --name NRMS-Rule-101 \ - --query "sourceAddressPrefixes") - echo "IP of this machine: " ${myIP} - sourceAddressPrefixes=$(echo ${myIP} ${sourceAddressPrefixes} | \ - sed 's/,/ /g; s/\[//g; s/\]//g; s/"//g') - echo ${sourceAddressPrefixes} - az network nsg rule update \ - --resource-group $resourceGroup \ - --nsg-name ${nsg} \ - --name NRMS-Rule-101 \ - --source-address-prefixes $sourceAddressPrefixes \ - --destination-port-ranges 443 22 - fi - - echo "Allow access to ${adminConsolePort}" - az network nsg rule update \ - --resource-group $resourceGroup \ - --nsg-name ${nsg} \ - --name WebLogicAdminChannelPort \ - --access Allow \ - --source-address-prefixes 10.0.0.0/24 - - - name: Restart wls VM - id: restart-wls-wm + echo "Verifying WebLogic services at admin server" + message=$(az vm run-command invoke \ + --resource-group $resourceGroup \ + --name $adminVMName \ + --command-id RunShellScript \ + --scripts @${{ env.adminOfferPath }}/test/scripts/verify-services.sh \ + --query value[*].message) + + if [[ $message == *"not in active (running) state"* ]]; then + echo "Error: $message" + exit 1 + fi + - name: Configure network security group + id: configure-nsg run: | - echo "restart vm to make sure security rule work." - az vm restart --force --no-wait -g $resourceGroup -n $adminVMName - echo "Wait for few minutes to restart" - sleep 3m - + nsg=$(az network nsg list \ + --resource-group $resourceGroup \ + --query "[0].name" -o tsv) + + echo "Allow access to ${adminConsolePort}" + az network nsg rule update \ + --resource-group $resourceGroup \ + --nsg-name ${nsg} \ + --name WebLogicAdminChannelPort \ + --access Allow \ + --source-address-prefixes 10.0.0.0/24 - name: Query public IP of AdminServer VM id: query-wls-admin-ip run: | - echo "query public ip" - publicIP=$(az vm show \ - --resource-group $resourceGroup \ - --name $adminVMName -d \ - --query publicIps -o tsv) - echo "##[set-output name=publicIP;]${publicIP}" - - name: Create environment variable for AdminServer IP - id: env-admin-ip - run: echo "wlsPublicIP=${{steps.query-wls-admin-ip.outputs.publicIP}}" >> $GITHUB_ENV - - - name: Verify WebLogic Server Installation - id: verify-wls - run: | - echo "pubilc IP of wls machine: ${wlsPublicIP}" - echo "Verifying Weblgic server installation" - timeout 6m sh -c 'until nc -zv $0 $1; do echo "nc rc: $?"; sleep 5; done' ${wlsPublicIP} 22 - echo install sshpass - sudo apt-get install -y sshpass - sshpass -p ${wlsPassword} -v ssh -p 22 -o StrictHostKeyChecking=no -o TCPKeepAlive=yes -o ServerAliveCountMax=20 -o ServerAliveInterval=15 -o ConnectTimeout=100 -v -tt weblogic@${wlsPublicIP} 'bash -s' < ${adminOfferPath}/test/scripts/verify-wls-path.sh - - - name: Restart remote SSH agent - id: restart-remote-ssh - run: | - echo "Restart remote SSH agent" - az vm user reset-ssh \ - --resource-group $resourceGroup \ - --name ${{ env.adminVMName }} - sleep 1m - - - name: Verify system services at admin server - id: veriy-admin-service - run: | - echo "wait for 22 port" - timeout 6m sh -c 'until nc -zv $0 $1; do echo "nc rc: $?"; sleep 5; done' ${wlsPublicIP} 22 - echo "Verifying WebLogic services at admin server" - sshpass -p ${wlsPassword} -v ssh -p 22 -o StrictHostKeyChecking=no -o TCPKeepAlive=yes -o ServerAliveCountMax=20 -o ServerAliveInterval=15 -o ConnectTimeout=100 -v -tt weblogic@${wlsPublicIP} 'bash -s' < ${{ env.adminOfferPath }}/test/scripts/verify-services.sh + echo "query public ip" + publicIP=$(az vm show \ + --resource-group $resourceGroup \ + --name $adminVMName -d \ + --query publicIps -o tsv) + echo "wlsPublicIP=${publicIP}" >> $GITHUB_ENV - name: Verify WebLogic Server Access id: verify-wls-access @@ -406,66 +340,13 @@ jobs: echo ${wlsPublicIP} bash ${{ env.adminOfferPath }}/test/scripts/verify-wls-access.sh <<< "${wlsPublicIP} ${adminConsolePort}" - - name: Deploy DB Template to Connect to Azure Postgresql Database - id: enable-postgresql-db - run: | - # Generate parameters for db template deployment - bash ${{ env.adminOfferPath }}/test/scripts/gen-parameters-deploy-db.sh \ - <<< "${{ env.adminOfferPath }}/test/scripts/ \ - ${{ env.adminVMName }} \ - ${{ env.wlsPassword}} \ - ${{ env.dbAdminUser }} \ - ${{ env.dbName }} \ - ${{ env.location }} \ - ${{ env.wlsUserName }} \ - ${{ env.wlsPassword }} \ - ${GITHUB_REPOSITORY} \ - ${{ env.testbranchName }}" - echo "Deploy DB Template..." - az group deployment create \ - --verbose \ - --resource-group ${resourceGroup} \ - --name db \ - --parameters @${{ env.adminOfferPath }}/test/scripts/parameters-deploy-db.json \ - --template-file ${artifactName}/nestedtemplates/dbTemplate.json - - - name: Set up ELK by deploying sub template - id: enable-elk - if: ${{ needs.preflight.outputs.enableELK == 'true' }} - run: | - # Generate parameters for ELK template deployment - bash ${{ env.adminOfferPath }}/test/scripts/gen-parameters-deploy-elk.sh \ - <<< "${{ env.adminOfferPath }}/test/scripts/parameters-deploy-elk.json \ - ${{ env.adminVMName }} \ - ${{ env.elkPassword }} \ - ${{ env.elkURI }} \ - ${{ env.elkUser }} \ - ${{ env.location }} \ - ${{ env.wlsDomainName }} \ - ${{ env.wlsUserName }} \ - ${{ env.wlsPassword }} \ - ${GITHUB_REPOSITORY} \ - ${{ env.testbranchName }} \ - ${{ github.run_id }}${{ github.run_number }}" - echo "Deploy ELK Template..." - az group deployment create \ - --debug \ - --resource-group ${resourceGroup} \ - --name elk \ - --parameters @${{ env.adminOfferPath }}/test/scripts/parameters-deploy-elk.json \ - --template-file ${artifactName}/nestedtemplates/elkNestedTemplate.json - name: Delete Resource Group id: delete-resource-group if: always() run: | echo "delete... " $resourceGroup az group delete --yes --no-wait --verbose --name $resourceGroup - - name: Delete ELK index - id: delete-elk-index - if: ${{ needs.preflight.outputs.enableELK == 'true' }} - run: | - curl -XDELETE --user ${{ env.elkUser }}:${{ env.elkPassword }} ${{ env.elkURI }}/azure-weblogic-admin-${{ github.run_id }}${{ github.run_number }} - + cleanup-github-resource: needs: deploy-weblogic-admin if: always() diff --git a/pom.xml b/pom.xml index afcb2aaba..fd42003f9 100644 --- a/pom.xml +++ b/pom.xml @@ -43,7 +43,7 @@ 1.0.87 1.0.31 - 1.0.55 + 1.0.56 1.0.710000 1.0.53 diff --git a/weblogic-azure-aks/src/main/resources/azure-identity-extensions.xml b/weblogic-azure-aks/src/main/resources/azure-identity-extensions.xml index 411194ff3..e786947da 100644 --- a/weblogic-azure-aks/src/main/resources/azure-identity-extensions.xml +++ b/weblogic-azure-aks/src/main/resources/azure-identity-extensions.xml @@ -15,7 +15,7 @@ com.azure azure-identity-extensions - 1.0.0 + 1.2.0 \ No newline at end of file diff --git a/weblogic-azure-aks/src/main/resources/mysql-connector-java.xml b/weblogic-azure-aks/src/main/resources/mysql-connector-java.xml index 845b0aeab..4dd31b2af 100644 --- a/weblogic-azure-aks/src/main/resources/mysql-connector-java.xml +++ b/weblogic-azure-aks/src/main/resources/mysql-connector-java.xml @@ -1,7 +1,8 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 com.oracle.weblogic.azure mysql-driver @@ -12,11 +13,12 @@ 11 - + - mysql - mysql-connector-java - 8.0.31 + com.mysql + mysql-connector-j + 9.2.0 + \ No newline at end of file diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/admindeploy.parameters.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/admindeploy.parameters.json index fdfb15761..76353379d 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/admindeploy.parameters.json +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/admindeploy.parameters.json @@ -2,15 +2,6 @@ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { - "aadsPortNumber": { - "value": "GEN-UNIQUE" - }, - "aadsPublicIP": { - "value": "GEN-UNIQUE" - }, - "aadsServerHost": { - "value": "GEN-UNIQUE" - }, "adminPasswordOrKey": { "value": "GEN-SSH-PUB-KEY" }, @@ -38,9 +29,6 @@ "dsUser": { "value": "GEN-UNIQUE" }, - "enableAAD": { - "value": "GEN-UNIQUE" - }, "enableDB": { "value": "GEN-UNIQUE" }, @@ -53,24 +41,6 @@ "wlsDomainName": { "value": "GEN-UNIQUE" }, - "wlsLDAPProviderName": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPPrincipal": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPPrincipalPassword": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPUserBaseDN": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPGroupBaseDN": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPSSLCertificate": { - "value": "GEN-UNIQUE" - }, "wlsPassword": { "value": "GEN-PASSWORD" }, diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/createUiDefinition.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/createUiDefinition.json index cb5828981..762dd1212 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/createUiDefinition.json +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/createUiDefinition.json @@ -370,59 +370,10 @@ "required": false } }, - { - "name": "sslText00", - "type": "Microsoft.Common.TextBlock", - "visible": "[steps('section_sslConfiguration').enableCustomSSL]", - "options": { - "text": "Choose an option for providing the TLS/SSL KeyStore and enter the values for the required fields:" - } - }, - { - "name": "sslText01", - "type": "Microsoft.Common.TextBlock", - "visible": "[steps('section_sslConfiguration').enableCustomSSL]", - "options": { - "text": "    ⁃ Upload existing KeyStores." - } - }, - { - "name": "sslText02", - "type": "Microsoft.Common.TextBlock", - "visible": "[steps('section_sslConfiguration').enableCustomSSL]", - "options": { - "text": "    ⁃ Use KeyStores stored in Azure Key Vault.", - "link": { - "label": "Learn more", - "uri": "https://aka.ms/wls-vm-tls-ssl-admin" - } - } - }, - { - "name": "sslConfigurationAccessOption", - "type": "Microsoft.Common.OptionsGroup", - "visible": "[steps('section_sslConfiguration').enableCustomSSL]", - "label": "How would you like to provide required configuration", - "defaultValue": "Upload existing KeyStores", - "toolTip": "Select 'Upload existing KeyStores' to use local stored KeyStores.", - "constraints": { - "allowedValues": [ - { - "label": "Upload existing KeyStores", - "value": "uploadConfig" - }, - { - "label": "Use KeyStores stored in Azure Key Vault", - "value": "keyVaultStoredConfig" - } - ], - "required": false - } - }, { "name": "uploadedCustomSSLSettings", "type": "Microsoft.Common.Section", - "visible": "[and(steps('section_sslConfiguration').enableCustomSSL, equals(steps('section_sslConfiguration').sslConfigurationAccessOption, 'uploadConfig'))]", + "visible": "[steps('section_sslConfiguration').enableCustomSSL]", "label": "TLS/SSL Configuration Settings", "elements": [ { @@ -577,183 +528,7 @@ } } ] - }, - { - "name": "keyVaultStoredCustomSSLSettings", - "type": "Microsoft.Common.Section", - "visible": "[and(steps('section_sslConfiguration').enableCustomSSL, equals(steps('section_sslConfiguration').sslConfigurationAccessOption, 'keyVaultStoredConfig'))]", - "label": "TLS/SSL Configuration Settings", - "elements": [ - { - "name": "sslKeystoreInfo1", - "type": "Microsoft.Common.InfoBox", - "visible": "true", - "options": { - "icon": "Info", - "text": "You must provide different files for identity and trust KeyStores. Select here for more details.", - "uri": "https://aka.ms/arm-oraclelinux-wls-ssl-configuration" - } - }, - { - "name": "keyVaultText", - "type": "Microsoft.Common.TextBlock", - "visible": "true", - "options": { - "text": "Enabling a HTTPS (Secure) port for the Administration Console requires you to obtain a valid TLS/SSL certificate. The template will look for the certificate and other configuration items in the Azure Key Vault specified here.", - "link": { - "label": "Learn more", - "uri": "https://aka.ms/arm-oraclelinux-wls-cluster-app-gateway-key-vault" - } - } - }, - { - "name": "keyVaultResourceGroup", - "type": "Microsoft.Common.TextBox", - "visible": "true", - "label": "Resource group name in current subscription containing the Key Vault", - "defaultValue": "", - "toolTip": "Use only letters and numbers", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z.\\-_()]{0,89}([a-z0-9A-Z\\-_()]{1})$", - "validationMessage": "[if(greater(length(steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultResourceGroup), 90),'Resource group names only allow up to 90 characters.', 'Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period.')]" - } - }, - { - "name": "keyVaultName", - "type": "Microsoft.Common.TextBox", - "visible": "true", - "label": "Name of the Azure Key Vault containing secrets for the TLS/SSL certificate", - "defaultValue": "", - "toolTip": "Use only letters and numbers", - "constraints": { - "required": true, - "regex": "^(?=.{3,24}$)[a-zA-Z](([a-z0-9A-Z]*|(?:\\-[^\\-][a-z0-9A-Z]*))*)$", - "validationMessage": "[if(or(greater(length(steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultName), 24), less(length(steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultName), 3)),'Vault name must be between 3-24 alphanumeric characters. The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens.','Vault name must only contain alphanumeric characters and dashes and cannot start with a number')]" - } - }, - { - "name": "keyVaultCustomIdentityKeyStoreDataSecretName", - "type": "Microsoft.Common.TextBox", - "visible": "true", - "label": "The name of the secret in the specified Key Vault whose value is the Identity KeyStore Data", - "defaultValue": "", - "toolTip": "Use only letters and numbers", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z]{1,30}$", - "validationMessage": "The value must be 1-30 characters long and must only contain letters and numbers." - } - }, - { - "name": "keyVaultCustomIdentityKeyStorePassPhraseSecretName", - "type": "Microsoft.Common.TextBox", - "visible": "true", - "label": "The name of the secret in the specified Key Vault whose value is the passphrase for the Identity KeyStore", - "defaultValue": "", - "toolTip": "Use only letters and numbers", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z]{1,30}$", - "validationMessage": "The value must be 1-30 characters long and must only contain letters and numbers." - } - }, - { - "name": "keyVaultCustomIdentityKeyStoreType", - "type": "Microsoft.Common.DropDown", - "visible": "true", - "label": "The Identity KeyStore type (JKS,PKCS12)", - "defaultValue": "JKS", - "toolTip": "One of the supported KeyStore types", - "constraints": { - "allowedValues": [ - { - "label": "JKS", - "value": "JKS" - }, - { - "label": "PKCS12", - "value": "PKCS12" - } - ], - "required": true - } - }, - { - "name": "keyVaultPrivateKeyAliasSecretName", - "type": "Microsoft.Common.TextBox", - "visible": "true", - "label": "The name of the secret in the specified Key Vault whose value is the Private Key Alias", - "defaultValue": "", - "toolTip": "Use only letters and numbers", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z]{1,30}$", - "validationMessage": "The value must be 1-30 characters long and must only contain letters and numbers." - } - }, - { - "name": "keyVaultPrivateKeyPassPhraseSecretName", - "type": "Microsoft.Common.TextBox", - "visible": "true", - "label": "The name of the secret in the specified Key Vault whose value is the passphrase for the Private Key", - "defaultValue": "", - "toolTip": "Use only letters and numbers", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z]{1,30}$", - "validationMessage": "The value must be 1-30 characters long and must only contain letters and numbers." - } - }, - { - "name": "keyVaultCustomTrustKeyStoreDataSecretName", - "type": "Microsoft.Common.TextBox", - "visible": "true", - "label": "The name of the secret in the specified Key Vault whose value is the Trust KeyStore Data", - "defaultValue": "", - "toolTip": "Use only letters and numbers", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z]{1,30}$", - "validationMessage": "The value must be 1-30 characters long and must only contain letters and numbers." - } - }, - { - "name": "keyVaultCustomTrustKeyStorePassPhraseSecretName", - "type": "Microsoft.Common.TextBox", - "visible": "true", - "label": "The name of the secret in the specified Key Vault whose value is the passphrase for the Trust KeyStore", - "defaultValue": "", - "toolTip": "Use only letters and numbers", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z]{1,30}$", - "validationMessage": "The value must be 1-30 characters long and must only contain letters and numbers." - } - }, - { - "name": "keyVaultCustomTrustKeyStoreType", - "type": "Microsoft.Common.DropDown", - "visible": "true", - "label": "The Trust KeyStore type (JKS,PKCS12)", - "defaultValue": "JKS", - "toolTip": "One of the supported KeyStore types", - "constraints": { - "allowedValues": [ - { - "label": "JKS", - "value": "JKS" - }, - { - "label": "PKCS12", - "value": "PKCS12" - } - ], - "required": true - } - } - ] - } + } ] }, { @@ -781,7 +556,7 @@ "subnets": "Subnets for the virtual network" }, "defaultValue": { - "name": "VirtualNetwork", + "name": "[concat('wlsadmin-vnet',take(guid(), 8))]", "addressPrefixSize": "/28" }, "constraints": { @@ -1237,7 +1012,6 @@ "${identifier.publicIPAddresses}", "${identifier.privateEndpoints}", "${identifier.storageAccounts}", - "${identifier.vaults}", "${identifier.virtualNetworks}", "${identifier.virtualMachines}", "${identifier.virtualMachinesExtensions}", @@ -1281,19 +1055,8 @@ "wlsUserName": "[basics('basicsRequired').wlsUserName]", "enableHTTPAdminListenPort": "[basics('basicsOptional').enableAdminHTTPListenPort]", "enableCustomSSL": "[steps('section_sslConfiguration').enableCustomSSL]", - "sslConfigurationAccessOption": "[steps('section_sslConfiguration').sslConfigurationAccessOption]", "subnetName": "[steps('section_networkingConfiguration').virtualNetwork.subnets.subnet1.name]", "subnetPrefix": "[steps('section_networkingConfiguration').virtualNetwork.subnets.subnet1.addressPrefix]", - "adminSSLKeyVaultResourceGroup": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultResourceGroup]", - "adminSSLKeyVaultName": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultName]", - "keyVaultCustomIdentityKeyStoreDataSecretName": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultCustomIdentityKeyStoreDataSecretName]", - "keyVaultCustomIdentityKeyStorePassPhraseSecretName": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultCustomIdentityKeyStorePassPhraseSecretName]", - "keyVaultCustomIdentityKeyStoreType": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultCustomIdentityKeyStoreType]", - "keyVaultCustomTrustKeyStoreDataSecretName": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultCustomTrustKeyStoreDataSecretName]", - "keyVaultCustomTrustKeyStorePassPhraseSecretName": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultCustomTrustKeyStorePassPhraseSecretName]", - "keyVaultCustomTrustKeyStoreType": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultCustomTrustKeyStoreType]", - "keyVaultPrivateKeyAliasSecretName": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultPrivateKeyAliasSecretName]", - "keyVaultPrivateKeyPassPhraseSecretName": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultPrivateKeyPassPhraseSecretName]", "tagsByResource": "[steps('section_tags').tagsByResource]", "uploadedCustomIdentityKeyStoreData": "[steps('section_sslConfiguration').uploadedCustomSSLSettings.uploadedCustomIdentityKeyStoreData]", "uploadedCustomIdentityKeyStorePassphrase": "[steps('section_sslConfiguration').uploadedCustomSSLSettings.uploadedCustomIdentityKeyStorePassphrase]", diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/mainTemplate.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/mainTemplate.json index 0445a8942..c5bee0ed6 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/mainTemplate.json +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/mainTemplate.json @@ -16,44 +16,12 @@ }, "defaultValue": "" }, - "aadsPortNumber": { - "type": "string", - "defaultValue": "636", - "metadata": { - "description": "Accessible port of the LDAP server." - } - }, - "aadsPublicIP": { - "type": "string", - "defaultValue": "The LDAP server public IP address" - }, - "aadsServerHost": { - "type": "string", - "defaultValue": "ldaps.example.com", - "metadata": { - "description": "The LDAP server host." - } - }, "adminPasswordOrKey": { "type": "securestring", "metadata": { "description": "SSH Key or password for the Virtual Machine. SSH key is recommended." } }, - "adminSSLKeyVaultName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Keyvault name containing Weblogic SSL Certificates" - } - }, - "adminSSLKeyVaultResourceGroup": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Resource Group containing Weblogic SSL Certificates" - } - }, "adminUsername": { "defaultValue": "weblogic", "type": "string", @@ -156,34 +124,6 @@ "description": "JDBC Connection String" } }, - "elasticsearchEndpoint": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Endpoint of the Elasticsearch instance." - } - }, - "elasticsearchPassword": { - "type": "securestring", - "defaultValue": "[newGuid()]", - "metadata": { - "description": "The credentials to distibute message with REST API to Elasticsearch instance." - } - }, - "elasticsearchUserName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The credentials to distibute message with REST API to Elasticsearch instance." - } - }, - "enableAAD": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Bool value, if it's set to true, will enable Azure Active Directory after WebLogic Server starts." - } - }, "enableDB": { "defaultValue": false, "type": "bool", @@ -212,24 +152,6 @@ "description": "True to enable passwordless JDBC connection." } }, - "sslConfigurationAccessOption": { - "type": "string", - "metadata": { - "description": "Options to provide required configuration for SSL configuration" - }, - "allowedValues": [ - "uploadConfig", - "keyVaultStoredConfig" - ], - "defaultValue": "keyVaultStoredConfig" - }, - "enableELK": { - "defaultValue": false, - "type": "bool", - "metadata": { - "description": "If true, use the supplied parameters to distribute WebLogic Server logs to the Elasticsearch instance." - } - }, "enableHTTPAdminListenPort": { "defaultValue": true, "type": "bool", @@ -251,6 +173,10 @@ "description": "JNDI Name for JDBC Datasource" } }, + "guidValue": { + "type": "string", + "defaultValue": "[newGuid()]" + }, "location": { "type": "string", "defaultValue": "[resourceGroup().location]", @@ -258,62 +184,6 @@ "description": "Location for all resources." } }, - "keyVaultCustomIdentityKeyStoreDataSecretName": { - "type": "string", - "metadata": { - "description": "Secret name in KeyVault containing Weblogic Custom Identity Keystore Data" - }, - "defaultValue": "CustomIdentityKeyStoreDataSecret" - }, - "keyVaultCustomIdentityKeyStorePassPhraseSecretName": { - "type": "string", - "metadata": { - "description": "Secret name in KeyVault containing Weblogic Custom Identity Keystore Passphrase" - }, - "defaultValue": "CustomIdentityKeyStorePassPhraseSecret" - }, - "keyVaultCustomIdentityKeyStoreType": { - "type": "string", - "metadata": { - "description": "Weblogic Custom Identity Keystore Type" - }, - "defaultValue": "JKS" - }, - "keyVaultCustomTrustKeyStoreDataSecretName": { - "type": "string", - "metadata": { - "description": "Secret name in KeyVault containing Weblogic Custom Trust Store Data" - }, - "defaultValue": "CustomTrustStoreDataSecret" - }, - "keyVaultCustomTrustKeyStorePassPhraseSecretName": { - "type": "string", - "metadata": { - "description": "Secret name in KeyVault containing Weblogic Custom Trust Store Passphrase" - }, - "defaultValue": "CustomTrustStorePassPhraseSecret" - }, - "keyVaultCustomTrustKeyStoreType": { - "type": "string", - "metadata": { - "description": "Weblogic Custom Trust Store Type" - }, - "defaultValue": "JKS" - }, - "keyVaultPrivateKeyAliasSecretName": { - "type": "string", - "metadata": { - "description": "Secret name in KeyVault containing Weblogic Server Private Key Alias" - }, - "defaultValue": "ServerPrivateKeyAlias" - }, - "keyVaultPrivateKeyPassPhraseSecretName": { - "type": "string", - "metadata": { - "description": "Secret name in KeyVault containing Weblogic Server Private KeyPassPhrase" - }, - "defaultValue": "ServerPrivateKeyPassPhraseSecret" - }, "uploadedCustomIdentityKeyStoreData": { "type": "securestring", "metadata": { @@ -370,28 +240,6 @@ }, "defaultValue": "" }, - "enabledForTemplateDeployment": { - "type": "bool", - "metadata": { - "description": "Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault." - }, - "defaultValue": true - }, - "keyVaultSku": { - "defaultValue": "Standard", - "type": "string", - "metadata": { - "description": "Price tier for Key Vault." - } - }, - "logsToIntegrate": { - "type": "array", - "defaultValue": [ "HTTPAccessLog", "ServerLog", "DomainLog", "DataSourceLog", "StandardErrorAndOutput" ], - "allowedValues": [ "HTTPAccessLog", "ServerLog", "DomainLog", "DataSourceLog", "StandardErrorAndOutput" ], - "metadata": { - "description": "Specify the expeted logs to integrate, you must input at least one log." - } - }, "portsToExpose": { "type": "string", "defaultValue": "80,443,7001-9000", @@ -457,7 +305,7 @@ }, "virtualNetworkName": { "type": "string", - "defaultValue": "wls-vnet", + "defaultValue": "[concat('wls-vnet', uniqueString(utcNow()))]", "metadata": { "description": "Name of the existing or new VNET" } @@ -506,48 +354,6 @@ "description": "Provide Weblogic domain name" } }, - "wlsLDAPGroupBaseDN": { - "type": "string", - "defaultValue": "null", - "metadata": { - "description": "The base distinguished name (DN) of the tree in the LDAP directory that contains groups." - } - }, - "wlsLDAPPrincipal": { - "type": "string", - "defaultValue": "null", - "metadata": { - "description": "The Distinguished Name (DN) of the LDAP user that WebLogic Server should use to connect to the LDAP server." - } - }, - "wlsLDAPPrincipalPassword": { - "type": "securestring", - "defaultValue": "[newGuid()]", - "metadata": { - "description": "The credential (usually a password) used to connect to the LDAP server." - } - }, - "wlsLDAPProviderName": { - "type": "string", - "defaultValue": "AzureActiveDirectoryProvider", - "metadata": { - "description": "The value used for creating authentication provider name of WebLogic Server." - } - }, - "wlsLDAPSSLCertificate": { - "type": "string", - "defaultValue": "null", - "metadata": { - "description": "Client certificate that will be imported to trust store of SSL." - } - }, - "wlsLDAPUserBaseDN": { - "type": "string", - "defaultValue": "null", - "metadata": { - "description": "The base distinguished name (DN) of the tree in the LDAP directory that contains users." - } - }, "wlsPassword": { "type": "securestring", "metadata": { @@ -563,18 +369,15 @@ } }, "variables": { - "const_currentSubscription": "[subscription().subscriptionId]", - "const_sslConfigurationAccessOptionUploadConfig": "uploadConfig", - "const_sslConfigurationAccessOptionKeyVaultStoredConfig": "keyVaultStoredConfig", - "name_aadLinkedTemplateName": "aadNestedTemplate.json", + "const_globalResourceNameSuffix": "[uniqueString(parameters('guidValue'))]", "name_adminCustomSSLLinkedTemplateName": "adminTemplateForCustomSSL.json", "name_adminLinkedTemplateDeployment": "[concat('admin',if(parameters('enableCustomSSL'),'CustomSSL',''),'LinkedTemplate')]", "name_adminLinkedTemplateName": "adminTemplate.json", + "name_adminVM": "[concat(parameters('adminVMName'), variables('const_globalResourceNameSuffix'))]", "name_dbLinkedTemplate": "dbTemplate.json", "name_dnszonesLinkedTemplateName": "dnszonesTemplate.json", - "name_elkLinkedTemplateName": "elkNestedTemplate.json", + "name_networkSecurityGroup": "[concat(parameters('dnsLabelPrefix'), '-nsg', variables('const_globalResourceNameSuffix'))]", "name_nsgLinkedTemplateName": "nsgNestedTemplate.json", - "name_keyVaultNestedTemplate": "_keyVaultNestedTemplate.json", // If adding a new resource, add the resource identifier to the array below // Also modify createUIDefinition.json to include the new resource "obj_tagsByResources":{ @@ -584,7 +387,6 @@ "${identifier.publicIPAddresses}": "[funcTags.tagsFilter(parameters('tagsByResource'), '${identifier.publicIPAddresses}')]", "${identifier.privateEndpoints}": "[funcTags.tagsFilter(parameters('tagsByResource'), '${identifier.privateEndpoints}')]", "${identifier.storageAccounts}": "[funcTags.tagsFilter(parameters('tagsByResource'), '${identifier.storageAccounts}')]", - "${identifier.vaults}": "[funcTags.tagsFilter(parameters('tagsByResource'), '${identifier.vaults}')]", "${identifier.virtualNetworks}": "[funcTags.tagsFilter(parameters('tagsByResource'), '${identifier.virtualNetworks}')]", "${identifier.virtualMachines}": "[funcTags.tagsFilter(parameters('tagsByResource'), '${identifier.virtualMachines}')]", "${identifier.virtualMachinesExtensions}": "[funcTags.tagsFilter(parameters('tagsByResource'), '${identifier.virtualMachinesExtensions}')]", @@ -653,6 +455,9 @@ "_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" }, + "_globalResourceNameSuffix": { + "value": "[variables('const_globalResourceNameSuffix')]" + }, "adminPasswordOrKey": { "value": "[parameters('adminPasswordOrKey')]" }, @@ -660,7 +465,7 @@ "value": "[parameters('adminUsername')]" }, "adminVMName": { - "value": "[parameters('adminVMName')]" + "value": "[variables('name_adminVM')]" }, "authenticationType": { "value": "[parameters('authenticationType')]" @@ -683,6 +488,9 @@ "location": { "value": "[parameters('location')]" }, + "nsgName": { + "value": "[variables('name_networkSecurityGroup')]" + }, "portsToExpose": { "value": "[parameters('portsToExpose')]" }, @@ -727,53 +535,7 @@ } } } - }, - { - "name": "keyVaultNestedTemplate", - "type": "Microsoft.Resources/deployments", - "apiVersion": "${azure.apiVersionForDeployment}", - "tags": "[variables('obj_tagsByResources')['${identifier.resourcesDeployment}']]", - "condition": "[and(parameters('enableCustomSSL'), equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionUploadConfig')))]", - "properties": { - "mode": "Incremental", - "templateLink": { - "uri": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/', variables('name_keyVaultNestedTemplate')))]", - "contentVersion": "1.0.0.0" - }, - "parameters": { - "uploadedCustomIdentityKeyStoreData": { - "value": "[parameters('uploadedCustomIdentityKeyStoreData')]" - }, - "uploadedCustomIdentityKeyStorePassphrase": { - "value": "[parameters('uploadedCustomIdentityKeyStorePassphrase')]" - }, - "uploadedCustomTrustKeyStoreData": { - "value": "[parameters('uploadedCustomTrustKeyStoreData')]" - }, - "uploadedCustomTrustKeyStorePassPhrase": { - "value": "[parameters('uploadedCustomTrustKeyStorePassPhrase')]" - }, - "uploadedPrivateKeyAlias": { - "value": "[parameters('uploadedPrivateKeyAlias')]" - }, - "uploadedPrivateKeyPassPhrase": { - "value": "[parameters('uploadedPrivateKeyPassPhrase')]" - }, - "enabledForTemplateDeployment": { - "value": "[parameters('enabledForTemplateDeployment')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "sku": { - "value": "[parameters('keyVaultSku')]" - }, - "tagsByResource": { - "value": "[variables('obj_tagsByResources')]" - } - } - } - }, + }, { "name": "adminCustomSSLLinkedTemplate", "type": "Microsoft.Resources/deployments", @@ -793,6 +555,9 @@ "_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" }, + "_globalResourceNameSuffix": { + "value": "[variables('const_globalResourceNameSuffix')]" + }, "adminPasswordOrKey": { "value": "[parameters('adminPasswordOrKey')]" }, @@ -800,7 +565,7 @@ "value": "[parameters('adminUsername')]" }, "adminVMName": { - "value": "[parameters('adminVMName')]" + "value": "[variables('name_adminVM')]" }, "authenticationType": { "value": "[parameters('authenticationType')]" @@ -823,62 +588,35 @@ "enableHTTPAdminListenPort": { "value": "[parameters('enableHTTPAdminListenPort')]" }, + "nsgName": { + "value": "[variables('name_networkSecurityGroup')]" + }, "location": { "value": "[parameters('location')]" }, - "keyVaultCustomIdentityKeyStoreData": { - "reference": { - "keyVault": { - "id": "[resourceId(variables('const_currentSubscription'), if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultResourceGroup'),resourceGroup().name), 'Microsoft.KeyVault/vaults', if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultName'),reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.keyVaultName.value))]" - }, - "secretName": "[if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('keyVaultCustomIdentityKeyStoreDataSecretName'),reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.customIdentityKeyStoreDataSecretName.value)]" - } + "sslCustomIdentityKeyStoreData": { + "value": "[parameters('uploadedCustomIdentityKeyStoreData')]" }, - "keyVaultCustomIdentityKeyStorePassPhrase": { - "reference": { - "keyVault": { - "id": "[resourceId(variables('const_currentSubscription'), if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultResourceGroup'),resourceGroup().name), 'Microsoft.KeyVault/vaults', if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultName'),reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.keyVaultName.value))]" - }, - "secretName": "[if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('keyVaultCustomIdentityKeyStorePassPhraseSecretName'), reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.customIdentityKeyStorePassPhraseSecretName.value)]" - } + "sslCustomIdentityKeyStorePassPhrase": { + "value": "[parameters('uploadedCustomIdentityKeyStorePassphrase')]" }, - "keyVaultCustomIdentityKeyStoreType": { - "value": "[if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('keyVaultCustomIdentityKeyStoreType'), parameters('uploadedCustomIdentityKeyStoreType'))]" + "sslCustomIdentityKeyStoreType": { + "value": "[parameters('uploadedCustomIdentityKeyStoreType')]" }, - "keyVaultCustomTrustKeyStoreData": { - "reference": { - "keyVault": { - "id": "[resourceId(variables('const_currentSubscription'), if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultResourceGroup'),resourceGroup().name), 'Microsoft.KeyVault/vaults', if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultName'),reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.keyVaultName.value))]" - }, - "secretName": "[if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('keyVaultCustomTrustKeyStoreDataSecretName'), reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.customTrustKeyStoretDataSecretName.value)]" - } + "sslCustomTrustKeyStoreData": { + "value": "[parameters('uploadedCustomTrustKeyStoreData')]" }, - "keyVaultCustomTrustKeyStorePassPhrase": { - "reference": { - "keyVault": { - "id": "[resourceId(variables('const_currentSubscription'), if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultResourceGroup'),resourceGroup().name), 'Microsoft.KeyVault/vaults', if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultName'),reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.keyVaultName.value))]" - }, - "secretName": "[if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('keyVaultCustomTrustKeyStorePassPhraseSecretName'), reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.customTrustKeyStorePassPhraseSecretName.value)]" - } + "sslCustomTrustKeyStorePassPhrase": { + "value": "[parameters('uploadedCustomTrustKeyStorePassPhrase')]" }, - "keyVaultCustomTrustKeyStoreType": { - "value": "[if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('keyVaultCustomTrustKeyStoreType'), parameters('uploadedCustomTrustKeyStoreType'))]" + "sslCustomTrustKeyStoreType": { + "value": "[parameters('uploadedCustomTrustKeyStoreType')]" }, - "keyVaultPrivateKeyAlias": { - "reference": { - "keyVault": { - "id": "[resourceId(variables('const_currentSubscription'), if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultResourceGroup'),resourceGroup().name), 'Microsoft.KeyVault/vaults', if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultName'),reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.keyVaultName.value))]" - }, - "secretName": "[if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('keyVaultPrivateKeyAliasSecretName'), reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.privateKeyAliasSecretName.value)]" - } + "sslPrivateKeyAlias": { + "value": "[parameters('uploadedPrivateKeyAlias')]" }, - "keyVaultPrivateKeyPassPhrase": { - "reference": { - "keyVault": { - "id": "[resourceId(variables('const_currentSubscription'), if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultResourceGroup'),resourceGroup().name), 'Microsoft.KeyVault/vaults', if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultName'),reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.keyVaultName.value))]" - }, - "secretName": "[if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('keyVaultPrivateKeyPassPhraseSecretName'), reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.privateKeyPassPhraseSecretName.value)]" - } + "sslPrivateKeyPassPhrase": { + "value": "[parameters('uploadedPrivateKeyPassPhrase')]" }, "portsToExpose": { "value": "[parameters('portsToExpose')]" @@ -923,10 +661,7 @@ "value": "[parameters('wlsUserName')]" } } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'keyVaultNestedTemplate')]" - ] + } }, { "type": "Microsoft.Resources/deployments", @@ -945,7 +680,7 @@ "value": "[parameters('denyPublicTrafficForAdminServer')]" }, "networkSecurityGroupName": { - "value": "[concat(parameters('dnsLabelPrefix'), '-nsg')]" + "value": "[variables('name_networkSecurityGroup')]" } } }, @@ -976,6 +711,9 @@ "_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" }, + "_globalResourceNameSuffix": { + "value": "[variables('const_globalResourceNameSuffix')]" + }, "dnszonesARecordSetNames": { "value": [ "[parameters('dnszoneAdminConsoleLabel')]" @@ -1027,7 +765,7 @@ "value": "[parameters('_artifactsLocationSasToken')]" }, "adminVMName": { - "value": "[parameters('adminVMName')]" + "value": "[variables('name_adminVM')]" }, "databaseType": { "value": "[parameters('databaseType')]" @@ -1071,217 +809,7 @@ } } - }, - { - "name": "aadLinkedTemplate", - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'dbLinkedTemplate')]" - ], - "type": "Microsoft.Resources/deployments", - "tags": "[variables('obj_tagsByResources')['${identifier.resourcesDeployment}']]", - "apiVersion": "${azure.apiVersionForDeployment}", - "condition": "[and(parameters('enableAAD'),not(parameters('enableCustomSSL')))]", - "properties": { - "mode": "Incremental", - "templateLink": { - "uri": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/', variables('name_aadLinkedTemplateName')))]", - "contentVersion": "1.0.0.0" - }, - "parameters": { - "_artifactsLocation": { - "value": "[parameters('_artifactsLocation')]" - }, - "_artifactsLocationSasToken": { - "value": "[parameters('_artifactsLocationSasToken')]" - }, - "aadsPortNumber": { - "value": "[parameters('aadsPortNumber')]" - }, - "aadsPublicIP": { - "value": "[parameters('aadsPublicIP')]" - }, - "aadsServerHost": { - "value": "[parameters('aadsServerHost')]" - }, - "adminVMName": { - "value": "[parameters('adminVMName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tagsByResource": { - "value": "[variables('obj_tagsByResources')]" - }, - "wlsDomainName": { - "value": "[parameters('wlsDomainName')]" - }, - "wlsLDAPGroupBaseDN": { - "value": "[parameters('wlsLDAPGroupBaseDN')]" - }, - "wlsLDAPPrincipal": { - "value": "[parameters('wlsLDAPPrincipal')]" - }, - "wlsLDAPPrincipalPassword": { - "value": "[parameters('wlsLDAPPrincipalPassword')]" - }, - "wlsLDAPProviderName": { - "value": "[parameters('wlsLDAPProviderName')]" - }, - "wlsLDAPSSLCertificate": { - "value": "[parameters('wlsLDAPSSLCertificate')]" - }, - "wlsLDAPUserBaseDN": { - "value": "[parameters('wlsLDAPUserBaseDN')]" - }, - "wlsPassword": { - "value": "[parameters('wlsPassword')]" - }, - "wlsUserName": { - "value": "[parameters('wlsUserName')]" - } - } - } - }, - { - "name": "aadLinkedTemplateWithCustomSSL", - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'dbLinkedTemplate')]", - "[resourceId('Microsoft.Resources/deployments', 'keyVaultNestedTemplate')]" - ], - "type": "Microsoft.Resources/deployments", - "tags": "[variables('obj_tagsByResources')['${identifier.resourcesDeployment}']]", - "apiVersion": "${azure.apiVersionForDeployment}", - "condition": "[and(parameters('enableAAD'),parameters('enableCustomSSL'))]", - "properties": { - "mode": "Incremental", - "templateLink": { - "uri": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/', variables('name_aadLinkedTemplateName')))]", - "contentVersion": "1.0.0.0" - }, - "parameters": { - "_artifactsLocation": { - "value": "[parameters('_artifactsLocation')]" - }, - "_artifactsLocationSasToken": { - "value": "[parameters('_artifactsLocationSasToken')]" - }, - "aadsPortNumber": { - "value": "[parameters('aadsPortNumber')]" - }, - "aadsPublicIP": { - "value": "[parameters('aadsPublicIP')]" - }, - "aadsServerHost": { - "value": "[parameters('aadsServerHost')]" - }, - "adminVMName": { - "value": "[parameters('adminVMName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tagsByResource": { - "value": "[variables('obj_tagsByResources')]" - }, - "wlsDomainName": { - "value": "[parameters('wlsDomainName')]" - }, - "wlsLDAPGroupBaseDN": { - "value": "[parameters('wlsLDAPGroupBaseDN')]" - }, - "wlsLDAPPrincipal": { - "value": "[parameters('wlsLDAPPrincipal')]" - }, - "wlsLDAPPrincipalPassword": { - "value": "[parameters('wlsLDAPPrincipalPassword')]" - }, - "wlsLDAPProviderName": { - "value": "[parameters('wlsLDAPProviderName')]" - }, - "wlsLDAPSSLCertificate": { - "value": "[parameters('wlsLDAPSSLCertificate')]" - }, - "wlsLDAPUserBaseDN": { - "value": "[parameters('wlsLDAPUserBaseDN')]" - }, - "wlsPassword": { - "value": "[parameters('wlsPassword')]" - }, - "wlsUserName": { - "value": "[parameters('wlsUserName')]" - }, - "enableCustomSSL": { - "value": "[parameters('enableCustomSSL')]" - }, - "keyVaultCustomTrustKeyStorePassPhrase": { - "reference": { - "keyVault": { - "id": "[resourceId(variables('const_currentSubscription'), if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultResourceGroup'),resourceGroup().name), 'Microsoft.KeyVault/vaults', if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('adminSSLKeyVaultName'),reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.keyVaultName.value))]" - }, - "secretName": "[if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('keyVaultCustomTrustKeyStorePassPhraseSecretName'), reference('keyVaultNestedTemplate', '${azure.apiVersionForDeployment}').outputs.customTrustKeyStorePassPhraseSecretName.value)]" - } - }, - "keyVaultCustomTrustKeyStoreType": { - "value": "[if(equals(parameters('sslConfigurationAccessOption'), variables('const_sslConfigurationAccessOptionKeyVaultStoredConfig')),parameters('keyVaultCustomTrustKeyStoreType'), parameters('uploadedCustomTrustKeyStoreType'))]" - } - } - } - }, - { - "name": "elkLinkedTemplate", - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'aadLinkedTemplate')]" - ], - "type": "Microsoft.Resources/deployments", - "tags": "[variables('obj_tagsByResources')['${identifier.resourcesDeployment}']]", - "apiVersion": "${azure.apiVersionForDeployment}", - "condition": "[parameters('enableELK')]", - "properties": { - "mode": "Incremental", - "templateLink": { - "uri": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/', variables('name_elkLinkedTemplateName')))]", - "contentVersion": "1.0.0.0" - }, - "parameters": { - "_artifactsLocation": { - "value": "[parameters('_artifactsLocation')]" - }, - "_artifactsLocationSasToken": { - "value": "[parameters('_artifactsLocationSasToken')]" - }, - "adminVMName": { - "value": "[parameters('adminVMName')]" - }, - "elasticsearchEndpoint": { - "value": "[parameters('elasticsearchEndpoint')]" - }, - "elasticsearchPassword": { - "value": "[parameters('elasticsearchPassword')]" - }, - "elasticsearchUserName": { - "value": "[parameters('elasticsearchUserName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "logsToIntegrate": { - "value": "[parameters('logsToIntegrate')]" - }, - "tagsByResource": { - "value": "[variables('obj_tagsByResources')]" - }, - "wlsDomainName": { - "value": "[parameters('wlsDomainName')]" - }, - "wlsPassword": { - "value": "[parameters('wlsPassword')]" - }, - "wlsUserName": { - "value": "[parameters('wlsUserName')]" - } - } - } - }, + }, { "type": "Microsoft.Resources/deployments", "apiVersion": "${azure.apiVersionForDeployment}", @@ -1291,9 +819,7 @@ "[resourceId('Microsoft.Resources/deployments', variables('name_adminLinkedTemplateDeployment'))]", "[resourceId('Microsoft.Resources/deployments', 'networkSecurityLinkedTemplate')]", "[resourceId('Microsoft.Resources/deployments', 'dnszonesLinkedTemplate')]", - "[resourceId('Microsoft.Resources/deployments', 'dbLinkedTemplate')]", - "[resourceId('Microsoft.Resources/deployments', 'aadLinkedTemplate')]", - "[resourceId('Microsoft.Resources/deployments', 'elkLinkedTemplate')]" + "[resourceId('Microsoft.Resources/deployments', 'dbLinkedTemplate')]" ], "properties": { "mode": "Incremental", @@ -1307,6 +833,10 @@ } ], "outputs": { + "adminVMName": { + "type": "string", + "value": "[variables('name_adminVM')]" + }, "hostname": { "type": "string", "value": "[reference(variables('name_adminLinkedTemplateDeployment'),'${azure.apiVersionForDeployment}').outputs.hostname.value]" @@ -1327,10 +857,6 @@ "type": "string", "value": "[if(parameters('enableCustomDNS'), uri(format('https://{0}.{1}:7002/console/',parameters('dnszoneAdminConsoleLabel'),parameters('dnszoneName')), ''),reference(variables('name_adminLinkedTemplateDeployment'),'${azure.apiVersionForDeployment}').outputs.adminConsoleSecureURL.value)]" }, - "logIndex": { - "type": "string", - "value": "[if(parameters('enableELK'), reference('elkLinkedTemplate', '${azure.apiVersionForDeployment}').outputs.logIndex.value, '')]" - }, "dnsZoneNameServers": { "type": "array", "condition": "[and(parameters('enableCustomDNS'), not(parameters('hasDNSZones')))]", diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dnszones/_uamiAndRoleAssignment.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dnszones/_uamiAndRoleAssignment.json index 05df23e93..766dd3089 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dnszones/_uamiAndRoleAssignment.json +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dnszones/_uamiAndRoleAssignment.json @@ -2,6 +2,9 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { + "_globalResourceNameSuffix": { + "type": "string" + }, "location": { "type": "string" }, @@ -19,7 +22,7 @@ "functions": [], "variables": { "const_roleDefinitionIdOfContributor": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "name_deploymentScriptContributorRoleAssignmentName": "[guid(format('{0}{1}Deployment Script', resourceGroup().id, parameters('uamiName')))]" + "name_deploymentScriptContributorRoleAssignmentName": "[guid(format('{0}{1}Deployment Script', parameters('_globalResourceNameSuffix'), parameters('uamiName')))]" }, "resources": [ { @@ -42,6 +45,9 @@ }, "mode": "Incremental", "parameters": { + "_globalResourceNameSuffix": { + "value": "[parameters('_globalResourceNameSuffix')]" + }, "roleDefinition": { "value": "[variables('const_roleDefinitionIdOfContributor')]" }, @@ -53,6 +59,10 @@ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { + "_globalResourceNameSuffix": { + "type": "string", + "defaultValue": "" + }, "roleDefinition": { "type": "string", "defaultValue": "" @@ -64,7 +74,7 @@ }, "functions": [], "variables": { - "name_roleAssignmentName": "[guid(format('{0}{1}Role assignment in subscription scope', subscription().id, parameters('principalId')))]" + "name_roleAssignmentName": "[guid(format('{0}{1}Role assignment in subscription scope', parameters('_globalResourceNameSuffix'), parameters('principalId')))]" }, "resources": [ { diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dnszones/_updateDNSZonesTemplate.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dnszones/_updateDNSZonesTemplate.json index 9df837f02..4794a5891 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dnszones/_updateDNSZonesTemplate.json +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dnszones/_updateDNSZonesTemplate.json @@ -22,6 +22,12 @@ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured." } }, + "_globalResourceNameSuffix": { + "type": "string", + "metadata": { + "description": "The suffix to be added to the globally unique resource name." + } + }, "dnszonesARecordSetNames": { "type": "array", "metadata": { @@ -123,6 +129,9 @@ "contentVersion": "1.0.0.0" }, "parameters": { + "_globalResourceNameSuffix": { + "value": "[parameters('_globalResourceNameSuffix')]" + }, "location": { "value": "[parameters('location')]" }, @@ -142,7 +151,7 @@ "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', 'uamiDeployment')]" ], - "name": "script-createDNSRecords", + "name": "[concat('script-createDNSRecords', parameters('_globalResourceNameSuffix'))]", "location": "[parameters('location')]", "identity": { "type": "UserAssigned", diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_keyVaultNestedTemplate.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_keyVaultNestedTemplate.json deleted file mode 100644 index f1b63cf9a..000000000 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_keyVaultNestedTemplate.json +++ /dev/null @@ -1,211 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "uploadedCustomIdentityKeyStoreData": { - "type": "securestring", - "metadata": { - "description": "Custom Identity KeyStore Data" - } - }, - "uploadedCustomIdentityKeyStorePassphrase": { - "type": "securestring", - "metadata": { - "description": "Custom Identity KeyStore Passphrase" - } - }, - "uploadedCustomTrustKeyStoreData": { - "type": "securestring", - "metadata": { - "description": "Custom Trust KeyStore Data" - } - }, - "uploadedCustomTrustKeyStorePassPhrase": { - "type": "securestring", - "metadata": { - "description": "Custom Trust KeyStore PassPhrase" - } - }, - "uploadedPrivateKeyAlias": { - "type": "string", - "metadata": { - "description": "Alias of the private key" - } - }, - "uploadedPrivateKeyPassPhrase": { - "type": "securestring", - "metadata": { - "description": "Password of the private key" - } - }, - "enabledForTemplateDeployment": { - "type": "bool", - "metadata": { - "description": "Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault." - }, - "defaultValue": true - }, - "location": { - "type": "string", - "metadata": { - "description": "The supported Azure location where the key vault should be created." - } - }, - "sku": { - "type": "string", - "metadata": { - "description": "Price tier for Key Vault." - }, - "defaultValue": "Standard" - }, - "tagsByResource": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "${label.tagsLabel}" - } - }, - "utcValue": { - "type": "string", - "defaultValue": "[utcNow()]", - "metadata": { - "description": "Current deployment time. Used as a tag in deployment script." - } - } - }, - "variables": { - "name_keyVaultName": "[take(concat('wls-kv', parameters('utcValue'), uniqueString(resourceGroup().id, deployment().name)), 24)]", - "name_customIdentityKeyStoreDataSecretName": "customIdentityKeyStoreData", - "name_customIdentityKeyStorePassPhraseSecretName": "customIdentityKeyStorePassPhrase", - "name_customTrustKeyStoreDataSecretName": "customTrustKeyStoreData", - "name_customTrustKeyStorePassPhraseSecretName": "customTrustKeyStorePassPhrase", - "name_privateKeyAliasSecretName": "privateKeyAlias", - "name_privateKeyPassPhraseSecretName": "privateKeyPassPhrase" - }, - "resources": [ - { - "apiVersion": "${azure.apiVersionForKeyVault}", - "name": "[variables('name_keyVaultName')]", - "location": "[parameters('location')]", - "type": "Microsoft.KeyVault/vaults", - "tags": "[parameters('tagsByResource')['${identifier.vaults}']]", - "properties": { - "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]", - "sku": { - "name": "[parameters('sku')]", - "family": "A" - }, - "accessPolicies": [], - "tenantId": "[subscription().tenantId]" - } - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "${azure.apiVersionForKeyVaultSecrets}", - "tags": "[parameters('tagsByResource')['${identifier.vaults}']]", - "name": "[concat(variables('name_keyVaultName'), '/', variables('name_customIdentityKeyStoreDataSecretName'))]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', variables('name_keyVaultName'))]" - ], - "properties": { - "value": "[parameters('uploadedCustomIdentityKeyStoreData')]" - } - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "${azure.apiVersionForKeyVaultSecrets}", - "tags": "[parameters('tagsByResource')['${identifier.vaults}']]", - "name": "[concat(variables('name_keyVaultName'), '/', variables('name_customIdentityKeyStorePassPhraseSecretName'))]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', variables('name_keyVaultName'))]" - ], - "properties": { - "value": "[parameters('uploadedCustomIdentityKeyStorePassphrase')]" - } - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "${azure.apiVersionForKeyVaultSecrets}", - "tags": "[parameters('tagsByResource')['${identifier.vaults}']]", - "name": "[concat(variables('name_keyVaultName'), '/', variables('name_customTrustKeyStoreDataSecretName'))]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', variables('name_keyVaultName'))]" - ], - "properties": { - "value": "[parameters('uploadedCustomTrustKeyStoreData')]" - } - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "${azure.apiVersionForKeyVaultSecrets}", - "tags": "[parameters('tagsByResource')['${identifier.vaults}']]", - "name": "[concat(variables('name_keyVaultName'), '/', variables('name_customTrustKeyStorePassPhraseSecretName'))]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', variables('name_keyVaultName'))]" - ], - "properties": { - "value": "[parameters('uploadedCustomTrustKeyStorePassPhrase')]" - } - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "${azure.apiVersionForKeyVaultSecrets}", - "tags": "[parameters('tagsByResource')['${identifier.vaults}']]", - "name": "[concat(variables('name_keyVaultName'), '/', variables('name_privateKeyAliasSecretName'))]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', variables('name_keyVaultName'))]" - ], - "properties": { - "value": "[parameters('uploadedPrivateKeyAlias')]" - } - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "${azure.apiVersionForKeyVaultSecrets}", - "tags": "[parameters('tagsByResource')['${identifier.vaults}']]", - "name": "[concat(variables('name_keyVaultName'), '/', variables('name_privateKeyPassPhraseSecretName'))]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', variables('name_keyVaultName'))]" - ], - "properties": { - "value": "[parameters('uploadedPrivateKeyPassPhrase')]" - } - } - ], - "outputs": { - "keyVaultName": { - "type": "string", - "value": "[variables('name_keyVaultName')]" - }, - "customIdentityKeyStoreDataSecretName": { - "type": "string", - "value": "[variables('name_customIdentityKeyStoreDataSecretName')]" - }, - "customIdentityKeyStorePassPhraseSecretName": { - "type": "string", - "value": "[variables('name_customIdentityKeyStorePassPhraseSecretName')]" - }, - "customTrustKeyStoretDataSecretName": { - "type": "string", - "value": "[variables('name_customTrustKeyStoreDataSecretName')]" - }, - "customTrustKeyStorePassPhraseSecretName": { - "type": "string", - "value": "[variables('name_customTrustKeyStorePassPhraseSecretName')]" - }, - "privateKeyAliasSecretName": { - "type": "string", - "value": "[variables('name_privateKeyAliasSecretName')]" - }, - "privateKeyPassPhraseSecretName": { - "type": "string", - "value": "[variables('name_privateKeyPassPhraseSecretName')]" - } - } -} diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_pswlessDbTemplate.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_pswlessDbTemplate.json index 16035ad58..84feb48ab 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_pswlessDbTemplate.json +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_pswlessDbTemplate.json @@ -115,6 +115,11 @@ "sqlserver": "authentication=ActiveDirectoryMSI" }, "array_urlJoiner": { + "mysql": "[if(contains(variables('const_connectionString'), '?'), '&', '?')]", + "postgresql": "[if(contains(variables('const_connectionString'), '?'), '&', '?')]", + "sqlserver": ";" + }, + "array_paramJoiner": { "mysql": "&", "postgresql": "&", "sqlserver": ";" @@ -246,7 +251,7 @@ "value": "[parameters('dbGlobalTranPro')]" }, "dsConnectionURL": { - "value": "[uri(format('{0}{4}{1}{4}{2}={3}', variables('const_connectionString'), variables('array_azureJdbcPlugins')[parameters('databaseType')], variables('array_msiClientId')[parameters('databaseType')], reference(items(parameters('dbIdentity').userAssignedIdentities)[0].key,variables('const_identityAPIVersion'), 'full').properties.clientId, variables('array_urlJoiner')[parameters('databaseType')]), '')]" + "value": "[uri(format('{0}{4}{1}{5}{2}={3}', variables('const_connectionString'), variables('array_azureJdbcPlugins')[parameters('databaseType')], variables('array_msiClientId')[parameters('databaseType')], reference(items(parameters('dbIdentity').userAssignedIdentities)[0].key,variables('const_identityAPIVersion'), 'full').properties.clientId, variables('array_urlJoiner')[parameters('databaseType')], variables('array_paramJoiner')[parameters('databaseType')]), '')]" }, "dbUser": { "value": "[if(equals(parameters('databaseType'), 'sqlserver'), variables('const_msiDefaultUser'), parameters('dbUser'))]" diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/aadNestedTemplate.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/aadNestedTemplate.json deleted file mode 100644 index e64c094fb..000000000 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/aadNestedTemplate.json +++ /dev/null @@ -1,215 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "_artifactsLocation": { - "type": "string", - "metadata": { - "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated." - } - }, - "_artifactsLocationAADTemplate": { - "defaultValue": "[if(contains(parameters('_artifactsLocation'), 'githubusercontent'), parameters('_artifactsLocation'), deployment().properties.templateLink.uri)]", - "type": "string", - "metadata": { - "description": "If we are deploying from the command line, use the passed in _artifactsLocation, otherwise use the default." - } - }, - "_artifactsLocationSasToken": { - "defaultValue":"", - "type": "securestring", - "metadata": { - "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured." - } - }, - "aadsPortNumber": { - "type": "string", - "defaultValue": "636", - "metadata": { - "description": "Accessible port of the LDAP server." - } - }, - "aadsPublicIP": { - "type": "string", - "defaultValue": "The LDAP server public IP address" - }, - "aadsServerHost": { - "type": "string", - "defaultValue": "ldaps.example.com", - "metadata": { - "description": "The LDAP server host." - } - }, - "adminVMName": { - "type": "string", - "defaultValue": "adminVM", - "metadata": { - "description": "Admin Server hosting VM name." - } - }, - "location": { - "type": "string", - "metadata": { - "description": "Location for all resources." - } - }, - "tagsByResource": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "${label.tagsLabel}" - } - }, - "wlsDomainName": { - "type": "string", - "metadata": { - "description": "Provide Weblogic domain name" - } - }, - "wlsLDAPGroupBaseDN": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The base distinguished name (DN) of the tree in the LDAP directory that contains groups." - } - }, - "wlsLDAPPrincipal": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "The Distinguished Name (DN) of the LDAP user that WebLogic Server should use to connect to the LDAP server." - } - }, - "wlsLDAPPrincipalPassword": { - "type": "securestring", - "defaultValue": "[newGuid()]", - "metadata": { - "description": "The credential (usually a password) used to connect to the LDAP server." - } - }, - "wlsLDAPProviderName": { - "type": "string", - "defaultValue": "AzureActiveDirectoryProvider", - "metadata": { - "description": "The value used for creating authentication provider name of WebLogic Server." - } - }, - "wlsLDAPSSLCertificate": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Client certificate that will be imported to trust store of SSL." - } - }, - "wlsLDAPUserBaseDN": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "The base distinguished name (DN) of the tree in the LDAP directory that contains users." - } - }, - "wlsPassword": { - "type": "securestring", - "metadata": { - "description": "Password for your Weblogic domain name" - } - }, - "wlsUserName": { - "type": "string", - "metadata": { - "description": "Username for your Weblogic domain name" - } - }, - "enableCustomSSL": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Boolean value indicating, if custom SSL is enabled or not" - } - }, - "keyVaultCustomTrustKeyStorePassPhrase": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Weblogic Custom Trust Store Passphrase" - } - }, - "keyVaultCustomTrustKeyStoreType": { - "type": "string", - "defaultValue": "null", - "metadata": { - "description": "Weblogic Custom Trust Store Type (JKS or PKCS12)" - } - } - }, - "variables": { - "const_aadParameters": "[concat(parameters('wlsUserName'),' ',parameters('wlsPassword'),' ',parameters('wlsDomainName'),' ',parameters('wlsLDAPProviderName'), ' ', parameters('aadsServerHost'), ' ', parameters('aadsPortNumber'), ' ', base64(parameters('wlsLDAPPrincipal')), ' ', parameters('wlsLDAPPrincipalPassword'),' ', base64(parameters('wlsLDAPUserBaseDN')),' ', base64(parameters('wlsLDAPGroupBaseDN')),' ', variables('const_wlsHome'),' ',parameters('adminVMName'),' ',variables('const_wlsAdminPort'),' ',parameters('wlsLDAPSSLCertificate'),' ', parameters('aadsPublicIP'),' ',variables('const_adminServerName'),' ', variables('const_wlsDomainPath'),' ',parameters('enableCustomSSL'),' ',base64(parameters('keyVaultCustomTrustKeyStorePassPhrase')),' ',base64(parameters('keyVaultCustomTrustKeyStoreType')))]", - "const_adminServerName": "admin", - "const_wlsAdminPort": "7005", - "const_wlsDomainPath": "[concat('/u01/domains/', parameters('wlsDomainName'))]", - "const_wlsHome": "/u01/app/wls/install/oracle/middleware/oracle_home", - "name_scriptAADConfiguration": "aadIntegration.sh" - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "${azure.apiVersionForDeployment}", - "tags": "[parameters('tagsByResource')['${identifier.resourcesDeployment}']]", - "name": "${admin.aad.start}", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [ - ] - } - } - }, - { - "apiVersion": "${azure.apiVersionForVirtualMachines}", - "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(parameters('adminVMName'),'/newuserscript')]", - "tags": "[parameters('tagsByResource')['${identifier.virtualMachinesExtensions}']]", - "location": "[parameters('location')]", - "properties": { - "publisher": "Microsoft.Azure.Extensions", - "type": "CustomScript", - "typeHandlerVersion": "2.0", - "autoUpgradeMinorVersion": true, - "settings": { - "fileUris": [ - "[uri(parameters('_artifactsLocationAADTemplate'), concat('../scripts/', variables('name_scriptAADConfiguration'), parameters('_artifactsLocationSasToken')))]" - ] - }, - "protectedSettings": { - "commandToExecute": "[concat('sh',' ',variables('name_scriptAADConfiguration'),' <<< \"', variables('const_aadParameters'),'\"')]" - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "${azure.apiVersionForDeployment}", - "tags": "[parameters('tagsByResource')['${identifier.resourcesDeployment}']]", - "name": "${admin.aad.end}", - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('adminVMName'), 'newuserscript')]" - ], - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [ - ] - } - } - } - ], - "outputs": { - "artifactsLocationPassedIn": { - "type": "string", - "value": "[parameters('_artifactsLocation')]" - } - } -} diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/adminTemplate.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/adminTemplate.json index a90d18e33..a219cdc66 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/adminTemplate.json +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/adminTemplate.json @@ -21,6 +21,12 @@ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured." } }, + "_globalResourceNameSuffix": { + "type": "string", + "metadata": { + "description": "A unique suffix that was specified during the deployment of the solution template." + } + }, "adminPasswordOrKey": { "type": "securestring", "metadata": { @@ -88,6 +94,12 @@ "description": "Location for all resources." } }, + "nsgName": { + "type": "string", + "metadata": { + "description": "Network Security Group name" + } + }, "portsToExpose": { "type": "string", "defaultValue": "80,443,7001-9000", @@ -239,18 +251,17 @@ "const_mountPointPath": "[concat('/mnt/', variables('name_share'))]", "name_linuxImageOfferSKU": "[first(split(parameters('skuUrnVersion'), ';'))]", "name_linuxImageVersion": "[last(split(parameters('skuUrnVersion'),';'))]", - "name_networkSecurityGroup": "[concat(parameters('dnsLabelPrefix'), '-nsg')]", - "name_nic": "adminServerVM_NIC", + "name_nic": "[concat('adminServerVM_NIC_', parameters('_globalResourceNameSuffix'))]", "name_nic_with_pub_ip": "[concat(variables('name_nic'), '_with_pub_ip')]", "name_nic_without_pub_ip": "[concat(variables('name_nic'), '_without_pub_ip')]", - "name_publicIPAddress": "adminServerVM_PublicIP", - "name_privateSaEndpoint": "[concat(take(replace(parameters('guidValue'),'-',''),6),'saep')]", + "name_publicIPAddress": "[concat('adminServerVM_PublicIP_', parameters('_globalResourceNameSuffix'))]", + "name_privateSaEndpoint": "[concat('saep', parameters('_globalResourceNameSuffix'))]", "name_scriptFile": "setupAdminDomain.sh", - "name_storageAccount": "[concat(take(replace(parameters('guidValue'),'-',''),6),'olvm')]", - "name_share": "wlsshare", + "name_storageAccount": "[concat('olvmstg', parameters('_globalResourceNameSuffix'))]", + "name_share": "[concat('wlsshare', parameters('_globalResourceNameSuffix'))]", "name_subnet": "[parameters('subnetName')]", "name_virtualNetwork": "[parameters('virtualNetworkName')]", - "ref_networkSecurityGroup": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('name_networkSecurityGroup'))]", + "ref_networkSecurityGroup": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]", "ref_subnet": "[resourceId(parameters('virtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', variables('name_virtualNetwork'), variables('name_subnet'))]", "ref_storage": "[resourceId('Microsoft.Storage/storageAccounts', variables('name_storageAccount'))]", "ref_fileService": "[resourceId('Microsoft.Storage/storageAccounts/fileServices', variables('name_storageAccount'), 'default')]", @@ -281,7 +292,7 @@ "apiVersion": "${azure.apiVersionForNetworkSecurityGroups}", "tags": "[parameters('tagsByResource')['${identifier.networkSecurityGroups}']]", "condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'new')]", - "name": "[variables('name_networkSecurityGroup')]", + "name": "[parameters('nsgName')]", "location": "[parameters('location')]", "properties": { "securityRules": [ @@ -341,7 +352,7 @@ "supportsHttpsTrafficOnly": false }, "dependsOn": [ - "[variables('name_networkSecurityGroup')]" + "[parameters('nsgName')]" ] }, { @@ -569,7 +580,7 @@ ] }, "protectedSettings": { - "commandToExecute": "[concat('sh',' ',variables('name_scriptFile'),' <<< \"',parameters('wlsDomainName'),' ',parameters('wlsUserName'),' ',parameters('wlsPassword'),' ',parameters('adminVMName'),' ', variables('const_wlsHome'),' ',variables('name_storageAccount'),' ',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('name_storageAccount')), '${azure.apiVersionForStorage}').keys[0].value,' ',variables('const_mountPointPath'),' ',string(parameters('enableHTTPAdminListenPort')),' ', if(equals(parameters('virtualNetworkNewOrExisting'), 'new'), if(parameters('enableCustomDNS'), parameters('customDNSName'), reference(variables('name_publicIPAddress')).dnsSettings.fqdn), reference(variables('name_nic_without_pub_ip')).ipConfigurations[0].properties.privateIPAddress),' ',parameters('dnsLabelPrefix'),' ',parameters('location'),' ',parameters('virtualNetworkNewOrExisting'),' ',reference(resourceId('Microsoft.Network/privateEndpoints/', variables('name_privateSaEndpoint')), '${azure.apiVersionForPrivateEndpoint}').customDnsConfigs[0].ipAddresses[0],'\"')]" + "commandToExecute": "[concat('sh',' ',variables('name_scriptFile'),' <<< \"',parameters('wlsDomainName'),' ',parameters('wlsUserName'),' ',parameters('wlsPassword'),' ',parameters('adminVMName'),' ', variables('const_wlsHome'),' ',variables('name_storageAccount'),' ',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('name_storageAccount')), '${azure.apiVersionForStorage}').keys[0].value,' ',variables('const_mountPointPath'),' ',string(parameters('enableHTTPAdminListenPort')),' ', if(equals(parameters('virtualNetworkNewOrExisting'), 'new'), if(parameters('enableCustomDNS'), parameters('customDNSName'), reference(variables('name_publicIPAddress')).dnsSettings.fqdn), reference(variables('name_nic_without_pub_ip')).ipConfigurations[0].properties.privateIPAddress),' ',parameters('dnsLabelPrefix'),' ',parameters('location'),' ',parameters('virtualNetworkNewOrExisting'),' ',reference(resourceId('Microsoft.Network/privateEndpoints/', variables('name_privateSaEndpoint')), '${azure.apiVersionForPrivateEndpoint}').customDnsConfigs[0].ipAddresses[0],' ',variables('name_share'), '\"')]" } } }, diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/adminTemplateForCustomSSL.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/adminTemplateForCustomSSL.json index 8ae74af30..a8800c2b2 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/adminTemplateForCustomSSL.json +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/adminTemplateForCustomSSL.json @@ -21,6 +21,12 @@ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured." } }, + "_globalResourceNameSuffix": { + "type": "string", + "metadata": { + "description": "A unique suffix that was specified during the deployment of the solution template." + } + }, "adminPasswordOrKey": { "type": "securestring", "metadata": { @@ -89,51 +95,57 @@ "type": "string", "defaultValue": "[newGuid()]" }, - "keyVaultCustomIdentityKeyStoreData": { + "nsgName": { + "type": "string", + "metadata": { + "description": "Network Security Group name" + } + }, + "sslCustomIdentityKeyStoreData": { "type": "securestring", "metadata": { "description": "Weblogic Custom Identity Keystore Data" } }, - "keyVaultCustomIdentityKeyStorePassPhrase": { + "sslCustomIdentityKeyStorePassPhrase": { "type": "securestring", "metadata": { "description": "Weblogic Custom Identity Keystore Passphrase" } }, - "keyVaultCustomIdentityKeyStoreType": { + "sslCustomIdentityKeyStoreType": { "type": "string", "metadata": { "description": "Weblogic Custom Identity Keystore Type" }, "defaultValue": "JKS" }, - "keyVaultCustomTrustKeyStoreData": { + "sslCustomTrustKeyStoreData": { "type": "securestring", "metadata": { "description": "Weblogic Custom Trust Store Data" } }, - "keyVaultCustomTrustKeyStorePassPhrase": { + "sslCustomTrustKeyStorePassPhrase": { "type": "securestring", "metadata": { "description": "Weblogic Custom Trust Store Passphrase" } }, - "keyVaultCustomTrustKeyStoreType": { + "sslCustomTrustKeyStoreType": { "type": "string", "metadata": { "description": "Weblogic Custom Trust Store Type" }, "defaultValue": "JKS" }, - "keyVaultPrivateKeyAlias": { + "sslPrivateKeyAlias": { "type": "string", "metadata": { "description": "Weblogic Server Private Key Alias" } }, - "keyVaultPrivateKeyPassPhrase": { + "sslPrivateKeyPassPhrase": { "type": "securestring", "metadata": { "description": "Weblogic Server Private Key Pass Phrase" @@ -296,18 +308,17 @@ "const_wlsHome": "/u01/app/wls/install/oracle/middleware/oracle_home", "name_linuxImageOfferSKU": "[first(split(parameters('skuUrnVersion'), ';'))]", "name_linuxImageVersion": "[last(split(parameters('skuUrnVersion'),';'))]", - "name_networkSecurityGroup": "[concat(parameters('dnsLabelPrefix'), '-nsg')]", - "name_nic": "adminServerVM_NIC", + "name_nic": "[concat('adminServerVM_NIC_', parameters('_globalResourceNameSuffix'))]", "name_nic_with_pub_ip": "[concat(variables('name_nic'), '_with_pub_ip')]", "name_nic_without_pub_ip": "[concat(variables('name_nic'), '_without_pub_ip')]", - "name_publicIPAddress": "adminServerVM_PublicIP", + "name_publicIPAddress": "[concat('adminServerVM_PublicIP_', parameters('_globalResourceNameSuffix'))]", "name_privateSaEndpoint": "[concat(take(replace(parameters('guidValue'),'-',''),6),'saep')]", "name_scriptFile": "setupAdminDomain.sh", - "name_storageAccount": "[concat(take(replace(parameters('guidValue'),'-',''),6),'olvm')]", + "name_storageAccount": "[concat('olvmstg', parameters('_globalResourceNameSuffix'))]", "name_subnet": "[parameters('subnetName')]", - "name_share": "wlsshare", + "name_share": "[concat('wlsshare', parameters('_globalResourceNameSuffix'))]", "name_virtualNetwork": "[parameters('virtualNetworkName')]", - "ref_networkSecurityGroup": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('name_networkSecurityGroup'))]", + "ref_networkSecurityGroup": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]", "ref_subnet": "[resourceId(parameters('virtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', variables('name_virtualNetwork'), variables('name_subnet'))]", "ref_storage": "[resourceId('Microsoft.Storage/storageAccounts', variables('name_storageAccount'))]", "ref_fileService": "[resourceId('Microsoft.Storage/storageAccounts/fileServices', variables('name_storageAccount'), 'default')]", @@ -353,7 +364,7 @@ "type": "Microsoft.Network/networkSecurityGroups", "tags": "[parameters('tagsByResource')['${identifier.networkSecurityGroups}']]", "condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'new')]", - "name": "[variables('name_networkSecurityGroup')]", + "name": "[parameters('nsgName')]", "location": "[parameters('location')]", "properties": { "securityRules": [ @@ -413,7 +424,7 @@ "supportsHttpsTrafficOnly": false }, "dependsOn": [ - "[variables('name_networkSecurityGroup')]" + "[parameters('nsgName')]" ] }, { @@ -640,7 +651,7 @@ ] }, "protectedSettings": { - "commandToExecute": "[concat('sh',' ',variables('name_scriptFile'),' <<< \"',parameters('wlsDomainName'),' ',parameters('wlsUserName'),' ',parameters('wlsPassword'),' ',parameters('adminVMName'),' ', variables('const_wlsHome'),' ',variables('name_storageAccount'),' ',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('name_storageAccount')), '${azure.apiVersionForStorage}').keys[0].value,' ',variables('const_mountPointPath'),' ',string(parameters('enableHTTPAdminListenPort')),' ',if(equals(parameters('virtualNetworkNewOrExisting'), 'new'), if(parameters('enableCustomDNS'), parameters('customDNSName'), reference(variables('name_publicIPAddress')).dnsSettings.fqdn), reference(variables('name_nic_without_pub_ip')).ipConfigurations[0].properties.privateIPAddress),' ',parameters('dnsLabelPrefix'),' ',parameters('location'),' ',parameters('virtualNetworkNewOrExisting'),' ',reference(resourceId('Microsoft.Network/privateEndpoints/', variables('name_privateSaEndpoint')), '${azure.apiVersionForPrivateEndpoint}').customDnsConfigs[0].ipAddresses[0],' ',string(parameters('enableCustomSSL')),' ',if(parameters('enableCustomSSL'),base64(parameters('keyVaultCustomIdentityKeyStoreData')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('keyVaultCustomIdentityKeyStorePassPhrase')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('keyVaultCustomIdentityKeyStoreType')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('keyVaultCustomTrustKeyStoreData')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('keyVaultCustomTrustKeyStorePassPhrase')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('keyVaultCustomTrustKeyStoreType')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('keyVaultPrivateKeyAlias')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('keyVaultPrivateKeyPassPhrase')),''),'\"')]" } + "commandToExecute": "[concat('sh',' ',variables('name_scriptFile'),' <<< \"',parameters('wlsDomainName'),' ',parameters('wlsUserName'),' ',parameters('wlsPassword'),' ',parameters('adminVMName'),' ', variables('const_wlsHome'),' ',variables('name_storageAccount'),' ',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('name_storageAccount')), '${azure.apiVersionForStorage}').keys[0].value,' ',variables('const_mountPointPath'),' ',string(parameters('enableHTTPAdminListenPort')),' ',if(equals(parameters('virtualNetworkNewOrExisting'), 'new'), if(parameters('enableCustomDNS'), parameters('customDNSName'), reference(variables('name_publicIPAddress')).dnsSettings.fqdn), reference(variables('name_nic_without_pub_ip')).ipConfigurations[0].properties.privateIPAddress),' ',parameters('dnsLabelPrefix'),' ',parameters('location'),' ',parameters('virtualNetworkNewOrExisting'),' ',reference(resourceId('Microsoft.Network/privateEndpoints/', variables('name_privateSaEndpoint')), '${azure.apiVersionForPrivateEndpoint}').customDnsConfigs[0].ipAddresses[0],' ',variables('name_share'),' ',string(parameters('enableCustomSSL')),' ',if(parameters('enableCustomSSL'),base64(parameters('sslCustomIdentityKeyStoreData')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('sslCustomIdentityKeyStorePassPhrase')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('sslCustomIdentityKeyStoreType')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('sslCustomTrustKeyStoreData')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('sslCustomTrustKeyStorePassPhrase')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('sslCustomTrustKeyStoreType')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('sslPrivateKeyAlias')),''),' ',if(parameters('enableCustomSSL'),base64(parameters('sslPrivateKeyPassPhrase')),''), '\"')]" } } }, { diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/dnszonesTemplate.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/dnszonesTemplate.json index 0103a7823..a850bc0a0 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/dnszonesTemplate.json +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/dnszonesTemplate.json @@ -15,6 +15,12 @@ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured." } }, + "_globalResourceNameSuffix": { + "type": "string", + "metadata": { + "description": "The suffix to be added to the globally unique resource name." + } + }, "dnszonesARecordSetNames": { "type": "array", "defaultValue": [], @@ -178,6 +184,9 @@ "_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" }, + "_globalResourceNameSuffix": { + "value": "[parameters('_globalResourceNameSuffix')]" + }, "dnszonesARecordSetNames": { "value": "[parameters('dnszonesARecordSetNames')]" }, diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/elkNestedTemplate.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/elkNestedTemplate.json deleted file mode 100644 index 7fbdd9089..000000000 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/elkNestedTemplate.json +++ /dev/null @@ -1,191 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "_artifactsLocation": { - "type": "string", - "metadata": { - "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated." - } - }, - "_artifactsLocationELKTemplate": { - "defaultValue": "[if(contains(parameters('_artifactsLocation'), 'githubusercontent'), parameters('_artifactsLocation'), deployment().properties.templateLink.uri)]", - "type": "string", - "metadata": { - "description": "If we are deploying from the command line, use the passed in _artifactsLocation, otherwise use the default." - } - }, - "_artifactsLocationSasToken": { - "defaultValue": "", - "type": "securestring", - "metadata": { - "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured." - } - }, - "adminVMName": { - "type": "string", - "defaultValue": "adminVM", - "metadata": { - "description": "Admin Server hosting VM name." - } - }, - "elasticsearchEndpoint": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Endpoint of the Elasticsearch instance." - } - }, - "elasticsearchPassword": { - "type": "securestring", - "defaultValue": "[newGuid()]", - "metadata": { - "description": "The credentials to distibute message with REST API to Elasticsearch instance." - } - }, - "elasticsearchUserName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The credentials to distibute message with REST API to Elasticsearch instance." - } - }, - "guidValue": { - "type": "string", - "defaultValue": "[newGuid()]" - }, - "location": { - "type": "string", - "metadata": { - "description": "Location for all resources." - } - }, - "logsToIntegrate": { - "type": "array", - "defaultValue": [ "HTTPAccessLog", "ServerLog", "DomainLog", "DataSourceLog", "StandardErrorAndOutput" ], - "allowedValues": [ "HTTPAccessLog", "ServerLog", "DomainLog", "DataSourceLog", "StandardErrorAndOutput" ], - "metadata": { - "description": "Specify the expeted logs to integrate, you must input at least one log." - } - }, - "tagsByResource": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "${label.tagsLabel}" - } - }, - "wlsDomainName": { - "type": "string", - "defaultValue": "adminDomain", - "metadata": { - "description": "Provide Weblogic domain name" - } - }, - "wlsPassword": { - "type": "securestring", - "metadata": { - "description": "Password for your Weblogic domain name" - } - }, - "wlsUserName": { - "type": "string", - "metadata": { - "description": "Username for your Weblogic domain name" - } - } - }, - "variables": { - "const_adminServerName": "admin", - "const_logIndex": "[concat('azure-weblogic-admin-', parameters('guidValue'))]", - "const_wlsAdminPort": "7005", - "const_wlsDomainPath": "[concat('/u01/domains/', parameters('wlsDomainName'))]", - "const_wlsHome": "/u01/app/wls/install/oracle/middleware/oracle_home", - "name_scriptELKConfiguration": "elkIntegration.sh" - }, - "functions": [ - { - "namespace": "array", - "members": { - "join": { - "parameters": [ - { - "name": "items", - "type": "array" - } - ], - "output": { - "type": "string", - "value": "[replace(replace(replace(string(parameters('items')), '[\"', ''), '\"]', ''), '\",\"', ',')]" - } - } - } - } - ], - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "${azure.apiVersionForDeployment}", - "tags": "[parameters('tagsByResource')['${identifier.resourcesDeployment}']]", - "name": "${admin.elk.start}", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [ - ] - } - } - }, - { - "apiVersion": "${azure.apiVersionForVirtualMachines}", - "type": "Microsoft.Compute/virtualMachines/extensions", - "tags": "[parameters('tagsByResource')['${identifier.virtualMachinesExtensions}']]", - "name": "[concat(parameters('adminVMName'),'/newuserscript')]", - "location": "[parameters('location')]", - "properties": { - "publisher": "Microsoft.Azure.Extensions", - "type": "CustomScript", - "typeHandlerVersion": "2.0", - "autoUpgradeMinorVersion": true, - "settings": { - "fileUris": [ - "[uri(parameters('_artifactsLocationELKTemplate'), concat('../scripts/', variables('name_scriptELKConfiguration'), parameters('_artifactsLocationSasToken')))]" - ] - }, - "protectedSettings": { - "commandToExecute": "[concat('sh',' ',variables('name_scriptELKConfiguration'),' <<< \"', variables('const_wlsHome'), ' ', parameters('adminVMName'), ' ', variables('const_wlsAdminPort'), ' ', parameters('wlsUserName'), ' ', parameters('wlsPassword'), ' ', variables('const_adminServerName'), ' ',parameters('elasticsearchEndpoint') ,' ', parameters('elasticsearchUserName'),' ', parameters('elasticsearchPassword'), ' ', parameters('wlsDomainName'),' ', variables('const_wlsDomainPath'),' ', array.join(parameters('logsToIntegrate')),' ', variables('const_logIndex'),'\"')]" - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "${azure.apiVersionForDeployment}", - "tags": "[parameters('tagsByResource')['${identifier.resourcesDeployment}']]", - "name": "${admin.elk.end}", - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('adminVMName'), 'newuserscript')]" - ], - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [ - ] - } - } - } - ], - "outputs": { - "artifactsLocationPassedIn": { - "type": "string", - "value": "[parameters('_artifactsLocation')]" - }, - "logIndex": { - "type": "string", - "value": "[variables('const_logIndex')]" - } - } -} diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/aadIntegration.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/aadIntegration.sh deleted file mode 100644 index fc820a898..000000000 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/aadIntegration.sh +++ /dev/null @@ -1,473 +0,0 @@ -#!/bin/bash -# Copyright (c) 2021, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. -# -#Function to output message to StdErr -function echo_stderr () -{ - echo "$@" >&2 -} - -#Function to display usage message -function usage() -{ - echo_stderr "./aadIntegration.sh <<< \"\"" -} - -function validateInput() -{ - if [[ -z "$wlsUserName" || -z "$wlsPassword" ]] - then - echo_stderr "wlsUserName or wlsPassword is required. " - exit 1 - fi - - if [ -z "$wlsDomainName" ]; - then - echo_stderr "wlsDomainName is required. " - fi - - if [ -z "$adProviderName" ]; - then - echo_stderr "adProviderName is required. " - fi - - if [ -z "$adPrincipal" ]; - then - echo_stderr "adPrincipal is required. " - fi - - if [ -z "$adPassword" ]; - then - echo_stderr "adPassword is required. " - fi - - if [ -z "$adServerHost" ]; - then - echo_stderr "adServerHost is required. " - fi - - if [ -z "$adServerPort" ]; - then - echo_stderr "adServerPort is required. " - fi - - if [ -z "$adGroupBaseDN" ]; - then - echo_stderr "adGroupBaseDN is required. " - fi - - if [ -z "$adUserBaseDN" ]; - then - echo_stderr "adUserBaseDN is required. " - fi - - if [ -z "$oracleHome" ]; - then - echo_stderr "oracleHome is required. " - fi - - if [ -z "$wlsAdminHost" ]; - then - echo_stderr "wlsAdminHost is required. " - fi - - if [ -z "$wlsAdminPort" ]; - then - echo_stderr "wlsAdminPort is required. " - fi - - if [ -z "$wlsADSSLCer" ]; - then - echo_stderr "wlsADSSLCer is required. " - fi - - if [ -z "$wlsLDAPPublicIP" ]; - then - echo_stderr "wlsLDAPPublicIP is required. " - fi - - if [ -z "$wlsDomainPath" ]; - then - echo_stderr "wlsDomainPath is required. " - fi - - if [ -z "$wlsAdminServerName" ]; - then - echo_stderr "wlsAdminServerName is required. " - fi - - if [ "${isCustomSSLEnabled,,}" != "true" ]; - then - echo_stderr "Custom SSL value is not provided. Defaulting to false" - isCustomSSLEnabled="false" - else - if [ -z "$customTrustKeyStorePassPhrase" ]; - then - echo "customTrustKeyStorePassPhrase is required " - exit 1 - fi - fi -} - -function createAADProvider_model() -{ - cat <${SCRIPT_PATH}/configure-active-directory.py -connect('$wlsUserName','$wlsPassword','t3://$wlsAdminURL') -try: - edit() - startEdit() - # Configure DefaultAuthenticator. - cd('/SecurityConfiguration/' + '${wlsDomainName}' + '/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator') - cmo.setControlFlag('SUFFICIENT') - - # Configure Active Directory. - cd('/SecurityConfiguration/' + '${wlsDomainName}' + '/Realms/myrealm') - cmo.createAuthenticationProvider('${adProviderName}', 'weblogic.security.providers.authentication.ActiveDirectoryAuthenticator') - - cd('/SecurityConfiguration/' + '${wlsDomainName}' + '/Realms/myrealm/AuthenticationProviders/' + '${adProviderName}') - cmo.setControlFlag('OPTIONAL') - - cd('/SecurityConfiguration/' + '${wlsDomainName}' + '/Realms/myrealm') - set('AuthenticationProviders',jarray.array([ObjectName('Security:Name=myrealm' + '${adProviderName}'), - ObjectName('Security:Name=myrealmDefaultAuthenticator'), - ObjectName('Security:Name=myrealmDefaultIdentityAsserter')], ObjectName)) - - - cd('/SecurityConfiguration/' + '${wlsDomainName}' + '/Realms/myrealm/AuthenticationProviders/' + '${adProviderName}') - cmo.setControlFlag('SUFFICIENT') - cmo.setUserNameAttribute('${LDAP_USER_NAME}') - cmo.setUserFromNameFilter('${LDAP_USER_FROM_NAME_FILTER}') - cmo.setPrincipal('${adPrincipal}') - cmo.setHost('${adServerHost}') - set('Credential', '${adPassword}') - cmo.setGroupBaseDN('${adGroupBaseDN}') - cmo.setUserBaseDN('${adUserBaseDN}') - cmo.setPort(int('${adServerPort}')) - cmo.setSSLEnabled(true) - - # for performance tuning - cmo.setMaxGroupMembershipSearchLevel(1) - cmo.setGroupMembershipSearching('limited') - cmo.setUseTokenGroupsForGroupMembershipLookup(true) - cmo.setResultsTimeLimit(300) - cmo.setConnectionRetryLimit(5) - cmo.setConnectTimeout(120) - cmo.setCacheTTL(300) - cmo.setConnectionPoolSize(60) - cmo.setCacheSize(4000) - cmo.setGroupHierarchyCacheTTL(300) - cmo.setEnableSIDtoGroupLookupCaching(true) - - save() - activate() -except: - stopEdit('y') - sys.exit(1) - -disconnect() -sys.exit(0) -EOF -} - -function createSSL_model() -{ - cat <${SCRIPT_PATH}/configure-ssl.py -# Connect to the AdminServer. -connect('$wlsUserName','$wlsPassword','t3://$wlsAdminURL') -try: - edit() - startEdit() - print "set keystore to ${wlsAdminServerName}" - cd('/Servers/${wlsAdminServerName}/SSL/${wlsAdminServerName}') - cmo.setHostnameVerificationIgnored(true) - save() - activate() -except: - stopEdit('y') - sys.exit(1) - -disconnect() -sys.exit(0) -EOF -} - -function mapLDAPHostWithPublicIP() -{ - echo "map LDAP host with pubilc IP" - sudo sed -i '/${adServerHost}/d' /etc/hosts - sudo echo "${wlsLDAPPublicIP} ${adServerHost}" >> /etc/hosts -} - -# This function verifies whether certificate is valid and not expired -function verifyCertValidity() -{ - - CERT_FILE=$1 - CURRENT_DATE=$2 - MIN_CERT_VALIDITY=$3 - VALIDITY=$(($CURRENT_DATE + ($MIN_CERT_VALIDITY*24*60*60))) - - . $oracleHome/oracle_common/common/bin/setWlstEnv.sh - - echo "Verifying $CERT_FILE is valid at least $MIN_CERT_VALIDITY day from the deployment time" - if [ $VALIDITY -le $CURRENT_DATE ]; - then - echo_stderr "Error : Invalid minimum validity days supplied" - exit 1 - fi - - # Check whether CERT_FILE supplied can be opened for reading - # Redirecting as no need to display the contents - sudo ${JAVA_HOME}/bin/keytool -printcert -file $CERT_FILE > /dev/null 2>&1 - - if [ $? != 0 ]; - then - echo_stderr "Error opening the certificate : $CERT_FILE" - exit 1 - fi - - VALIDITY_PERIOD=`sudo ${JAVA_HOME}/bin/keytool -printcert -file $CERT_FILE | grep Valid` - echo "Certificate $CERT_FILE is \"$VALIDITY_PERIOD\"" - CERT_UNTIL_DATE=`echo $VALIDITY_PERIOD | awk -F'until:|\r' '{print $2}'` - CERT_UNTIL_SECONDS=`date -d "$CERT_UNTIL_DATE" +%s` - VALIDITY_REMIANS_SECONDS=`expr $CERT_UNTIL_SECONDS - $VALIDITY` - if [[ $VALIDITY_REMIANS_SECONDS -le 0 ]]; - then - echo_stderr "$CERT_FILE is \"$VALIDITY_PERIOD\"" - echo_stderr "Error : Supplied certificate $CERT_FILE is either expired or expiring soon within $MIN_CERT_VALIDITY day" - exit 1 - fi - echo "$CERT_FILE validation is successful" -} - -function parseLDAPCertificate() -{ - echo "create key store" - cer_begin=0 - cer_size=${#wlsADSSLCer} - cer_line_len=64 - mkdir ${SCRIPT_PWD}/security - touch ${SCRIPT_PWD}/security/AzureADLDAPCerBase64String.txt - while [ ${cer_begin} -lt ${cer_size} ] - do - cer_sub=${wlsADSSLCer:$cer_begin:$cer_line_len} - echo ${cer_sub} >> ${SCRIPT_PWD}/security/AzureADLDAPCerBase64String.txt - cer_begin=$((cer_begin+64)) - done - - openssl base64 -d -in ${SCRIPT_PWD}/security/AzureADLDAPCerBase64String.txt -out ${SCRIPT_PWD}/security/AzureADTrust.cer - addsCertificate=${SCRIPT_PWD}/security/AzureADTrust.cer - - # Verify certificate validity period more than MIN_CERT_VALIDITY - verifyCertValidity $addsCertificate $CURRENT_DATE $MIN_CERT_VALIDITY -} - -function importAADCertificate() -{ - # import the key to java security - . $oracleHome/oracle_common/common/bin/setWlstEnv.sh - - # For Entra ID failure: exception happens when importing certificate to JDK 11.0.7 - # ISSUE: https://github.com/wls-eng/arm-oraclelinux-wls/issues/109 - # JRE was removed since JDK 11. - java_version=$(java -version 2>&1 | sed -n ';s/.* version "\(.*\)\.\(.*\)\..*"/\1\2/p;') - if [ ${java_version:0:3} -ge 110 ]; - then - java_cacerts_path=${JAVA_HOME}/lib/security/cacerts - else - java_cacerts_path=${JAVA_HOME}/jre/lib/security/cacerts - fi - - # remove existing certificate. - queryAADTrust=$(${JAVA_HOME}/bin/keytool -list -keystore ${java_cacerts_path} -storepass changeit | grep "aadtrust") - if [ -n "$queryAADTrust" ]; - then - sudo ${JAVA_HOME}/bin/keytool -delete -alias aadtrust -keystore ${java_cacerts_path} -storepass changeit - fi - - sudo ${JAVA_HOME}/bin/keytool -noprompt -import -alias aadtrust -file ${addsCertificate} -keystore ${java_cacerts_path} -storepass changeit - -} - -function importAADCertificateIntoWLSCustomTrustKeyStore() -{ - if [ "${isCustomSSLEnabled,,}" == "true" ]; - then - # set java home - . $oracleHome/oracle_common/common/bin/setWlstEnv.sh - - #validate Trust keystore - sudo ${JAVA_HOME}/bin/keytool -list -v -keystore ${DOMAIN_PATH}/${wlsDomainName}/keystores/trust.keystore -storepass ${customTrustKeyStorePassPhrase} -storetype ${customTrustKeyStoreType} | grep 'Entry type:' | grep 'trustedCertEntry' - - if [[ $? != 0 ]]; then - echo "Error : Trust Keystore Validation Failed !!" - exit 1 - fi - - # For SSL enabled causes Entra ID failure #225 - # ISSUE: https://github.com/wls-eng/arm-oraclelinux-wls/issues/225 - - echo "Importing Entra ID Certificate into WLS Custom Trust Key Store: " - - sudo ${JAVA_HOME}/bin/keytool -noprompt -import -trustcacerts -keystore ${DOMAIN_PATH}/${wlsDomainName}/keystores/trust.keystore -storepass ${customTrustKeyStorePassPhrase} -alias aadtrust -file ${addsCertificate} -storetype ${customTrustKeyStoreType} - else - echo "customSSL not enabled. Not required to configure Entra ID for WebLogic Custom SSL" - fi -} - -function configureSSL() -{ - echo "configure ladp ssl" - sudo chown -R ${USER_ORACLE}:${GROUP_ORACLE} ${SCRIPT_PATH} - runuser -l ${USER_ORACLE} -c ". $oracleHome/oracle_common/common/bin/setWlstEnv.sh; java $WLST_ARGS weblogic.WLST ${SCRIPT_PATH}/configure-ssl.py" - - errorCode=$? - if [ $errorCode -eq 1 ] - then - echo "Exception occurs during SSL configuration, please check." - exit 1 - fi -} - -function configureAzureActiveDirectory() -{ - echo "create Azure Active Directory provider" - sudo chown -R ${USER_ORACLE}:${GROUP_ORACLE} ${SCRIPT_PATH} - runuser -l ${USER_ORACLE} -c ". $oracleHome/oracle_common/common/bin/setWlstEnv.sh; java $WLST_ARGS weblogic.WLST ${SCRIPT_PATH}/configure-active-directory.py" - - errorCode=$? - if [ $errorCode -eq 1 ] - then - echo "Exception occurs during Azure Active Directory configuration, please check." - exit 1 - fi -} - -function restartAdminServerService() -{ - echo "Restart weblogic admin server service" - sudo systemctl stop wls_admin - sudo systemctl start wls_admin -} - -#This function to check admin server status -function wait_for_admin() -{ - #check admin server status - count=1 - CHECK_URL="http://$wlsAdminURL/weblogic/ready" - status=`curl --insecure -ILs $CHECK_URL | tac | grep -m1 HTTP/1.1 | awk {'print $2'}` - echo "Check admin server status" - while [[ "$status" != "200" ]] - do - echo "." - count=$((count+1)) - if [ $count -le 30 ]; - then - sleep 1m - else - echo "Error : Maximum attempts exceeded while checking admin server status" - exit 1 - fi - status=`curl --insecure -ILs $CHECK_URL | tac | grep -m1 HTTP/1.1 | awk {'print $2'}` - if [ "$status" == "200" ]; - then - echo "WebLogic Server is running..." - break - fi - done -} - -function cleanup() -{ - echo "Cleaning up temporary files..." - rm -f -r ${SCRIPT_PATH} - rm -rf ${SCRIPT_PWD}/security/* - echo "Cleanup completed." -} - -function enableTLSv12onJDK8() -{ - if ! grep -q "${STRING_ENABLE_TLSV12}" ${wlsDomainPath}/bin/setDomainEnv.sh; then - cat <>${wlsDomainPath}/bin/setDomainEnv.sh -# Append -Djdk.tls.client.protocols to JAVA_OPTIONS in jdk8 -# Enable TLSv1.2 -\${JAVA_HOME}/bin/java -version 2>&1 | grep -e "1[.]8[.][0-9]*_" > /dev/null -javaStatus=$? - -if [[ "\${javaStatus}" = "0" && "\${JAVA_OPTIONS}" != *"${JAVA_OPTIONS_TLS_V12}"* ]]; then - JAVA_OPTIONS="\${JAVA_OPTIONS} ${JAVA_OPTIONS_TLS_V12}" - export JAVA_OPTIONS -fi -EOF -fi -} - -function createTempFolder() -{ - SCRIPT_PATH="/u01/tmp" - sudo rm -f -r ${SCRIPT_PATH} - sudo mkdir ${SCRIPT_PATH} - sudo rm -rf $SCRIPT_PATH/* -} - -#main - -read wlsUserName wlsPassword wlsDomainName adProviderName adServerHost adServerPort adPrincipal adPassword adUserBaseDN adGroupBaseDN oracleHome wlsAdminHost wlsAdminPort wlsADSSLCer wlsLDAPPublicIP wlsAdminServerName wlsDomainPath isCustomSSLEnabled customTrustKeyStorePassPhrase customTrustKeyStoreType - -# Passing these values as base64 as values has space embedded -adPrincipal=$(echo "$adPrincipal" | base64 --decode) -adUserBaseDN=$(echo "$adUserBaseDN" | base64 --decode) -adGroupBaseDN=$(echo "$adGroupBaseDN" | base64 --decode) - -isCustomSSLEnabled="${isCustomSSLEnabled,,}" - -if [ "${isCustomSSLEnabled,,}" == "true" ]; -then - customTrustKeyStorePassPhrase=$(echo "$customTrustKeyStorePassPhrase" | base64 --decode) - customTrustKeyStoreType=$(echo "$customTrustKeyStoreType" | base64 --decode) -fi - -wlsAdminURL=$wlsAdminHost:$wlsAdminPort - -LDAP_USER_NAME='sAMAccountName' -LDAP_USER_FROM_NAME_FILTER='(&(sAMAccountName=%u)(objectclass=user))' -JAVA_OPTIONS_TLS_V12="-Djdk.tls.client.protocols=TLSv1.2" -STRING_ENABLE_TLSV12="Append -Djdk.tls.client.protocols to JAVA_OPTIONS in jdk8" -SCRIPT_PWD=`pwd` -USER_ORACLE="oracle" -GROUP_ORACLE="oracle" -DOMAIN_PATH="/u01/domains" - -# Used for certificate expiry validation -CURRENT_DATE=`date +%s` -# Supplied certificate to have minimum days validity for the deployment -MIN_CERT_VALIDITY="1" - -validateInput - -# Executing parse and validate certificates to ensure there are no certificates issues -# If any certificates issues then it will be cuaght earlier -parseLDAPCertificate - -createTempFolder -echo "check status of admin server" -wait_for_admin - -echo "start to configure Azure Active Directory" -enableTLSv12onJDK8 -createAADProvider_model -createSSL_model -mapLDAPHostWithPublicIP -importAADCertificate -importAADCertificateIntoWLSCustomTrustKeyStore -configureSSL -configureAzureActiveDirectory -restartAdminServerService - -echo "Waiting for admin server to be available" -wait_for_admin -echo "Weblogic admin server is up and running" - -cleanup diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/elkIntegration.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/elkIntegration.sh deleted file mode 100644 index b4027a59e..000000000 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/elkIntegration.sh +++ /dev/null @@ -1,680 +0,0 @@ -#!/bin/bash -# Copyright (c) 2021, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. - -# Description -# This script configures ELK (Elasticsearch, Logstash and Kibana) Stack on WebLogic Server Domain. - -#Function to output message to StdErr -function echo_stderr () -{ - echo "$@" >&2 -} - -#Function to display usage message -function usage() -{ - echo_stderr "./elkIntegration.sh <<< \"\"" -} - -function validate_input() -{ - if [ -z "$oracleHome" ]; - then - echo_stderr "oracleHome is required. " - exit 1 - fi - - if [[ -z "$wlsAdminHost" || -z "$wlsAdminPort" ]] - then - echo_stderr "wlsAdminHost or wlsAdminPort is required. " - exit 1 - fi - - if [[ -z "$wlsUserName" || -z "$wlsPassword" ]] - then - echo_stderr "wlsUserName or wlsPassword is required. " - exit 1 - fi - - if [ -z "$wlsAdminServerName" ]; - then - echo_stderr "wlsAdminServerName is required. " - exit 1 - fi - - if [ -z "$elasticURI" ]; - then - echo_stderr "elasticURI is required. " - exit 1 - fi - - if [[ -z "$elasticUserName" || -z "$elasticPassword" ]] - then - echo_stderr "elasticUserName or elasticPassword is required. " - exit 1 - fi - - if [ -z "$wlsDomainName" ]; - then - echo_stderr "wlsDomainName is required. " - exit 1 - fi - - if [ -z "$wlsDomainPath" ]; - then - echo_stderr "wlsDomainPath is required. " - exit 1 - fi - - if [ -z "$logsToIntegrate" ]; - then - echo_stderr "logsToIntegrate is required. " - exit 1 - fi - - if [ -z "$logIndex" ]; - then - echo_stderr "logIndex is required. " - exit 1 - fi -} - -# Set access log with format: date time time-taken bytes c-ip s-ip c-dns s-dns cs-method cs-uri sc-status sc-comment ctx-ecid -# Redirect stdout logging enabled: true -# Redirect stderr logging enabled: true -# Stack Traces to stdout: true -function create_wls_log_model() -{ - cat <${SCRIPT_PATH}/configure-wls-log.py -connect('$wlsUserName','$wlsPassword','t3://$wlsAdminURL') -try: - edit("$hostName") - startEdit() - cd('/Servers/${wlsAdminServerName}/WebServer/${wlsAdminServerName}/WebServerLog/${wlsAdminServerName}') - cmo.setLogFileFormat('extended') - cmo.setELFFields('date time time-taken bytes c-ip s-ip c-dns s-dns cs-method cs-uri sc-status sc-comment ctx-ecid ctx-rid') - cmo.setLogTimeInGMT(true) - - cd('/Servers/${wlsAdminServerName}/Log/${wlsAdminServerName}') - cmo.setRedirectStderrToServerLogEnabled(true) - cmo.setRedirectStdoutToServerLogEnabled(true) - cmo.setStdoutLogStack(true) - - save() - resolve() - activate() -except: - stopEdit('y') - sys.exit(1) - -destroyEditSession("$hostName",force = true) -disconnect() -EOF -} - -# Remove existing Logstash -function remove_logstash() -{ - sudo systemctl status logstash - if [ $? -ne 0 ]; then - sudo systemctl stop logstash - fi - - sudo yum remove -y -v logstash - if [ $? -ne 0 ]; then - echo_stderr "Fail to remove existing Logstash." - exit 1 - fi -} - -# Install Logstash -function install_logstash() -{ - sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch - - cat < /etc/yum.repos.d/logstash.repo -[logstash-7.x] -name=Elastic repository for 7.x packages -baseurl=https://artifacts.elastic.co/packages/7.x/yum -gpgcheck=1 -gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch -enabled=1 -autorefresh=1 -type=rpm-md -EOF - sudo yum install -y -v logstash - if [ ! -d "/usr/share/logstash" ]; then - echo_stderr "Fail to install Logstash." - exit 1 - fi -} - -# Start Logstash service -function start_logstash() -{ - sudo systemctl enable logstash - sudo systemctl daemon-reload - - #Start logstash - attempt=1 - while [[ $attempt -lt 4 ]] - do - echo "Starting logstash service attempt $attempt" - sudo systemctl start logstash - attempt=`expr $attempt + 1` - sudo systemctl status logstash | grep running - if [[ $? == 0 ]]; - then - echo "logstash service started successfully" - break - fi - sleep 1m - done -} - -# Configure Logstash: -# * grok patterns -> /etc/logstash/patterns/weblogic-logstash-patterns.txt -# * conf files -> /etc/logstash/conf.d/weblogic-logs.conf -# * JAVA_HOME -> /etc/logstash/startup.options -# * create logstash start up -# Examples for patterns: -# * ACCESSDATE -# * parse date of access -# * 2020-09-01 -# * DBDATETIME -# * parse data source datetime -# * Tue Sep 01 05:05:41 UTC 2020 -# * DSIDORTIMESTAMP -# * parse data source dynamic fields: id | timestamp, one of them exists. -# * timestamp: Tue Sep 01 05:05:41 UTC 2020 -# * id: 64 -# * DSPARTITION -# * parse partition info. -# * [partition-name: DOMAIN] [partition-id: 0] -# * [partition-id: 0] [partition-name: DOMAIN] -# * DSWEBLOGICMESSAGE -# * parse data source user id or error messsage. -# * error: Java stack trace -# * user id: -# * WEBLOGICDIAGMESSAGE -# * parse domain log message. -# * e.g. Java stack trace -# * e.g. Self-tuning thread pool contains 0 running threads, 2 idle threads, and 13 standby threads -# * WEBLOGICDOMAINDATE -# * parse domain|server log datetime. -# * from wls 14: Sep 1, 2020, 5:41:51,040 AM Coordinated Universal Time -# * from wls 12: Sep 1, 2020 5:41:51,040 AM Coordinated Universal Time -# * WEBLOGICLOGPARTITION -# * parse partition info in domain log. -# * [severity-value: 64] -# * [severity-value: 64] [rid: 0] -# * [severity-value: 64] [partition-id: 0] [partition-name: DOMAIN ] -# * [severity-value: 64] [rid: 0] [partition-id: 0] [partition-name: DOMAIN ] -# * WEBLOGICSERVERLOGPARTITION -# * parse partition info in server log. -# * [severity-value: 64] -# * [severity-value: 64] [rid: 0] -# * [severity-value: 64] [partition-id: 0] [partition-name: DOMAIN ] -# * [severity-value: 64] [rid: 0] [partition-id: 0] [partition-name: DOMAIN ] -# * WEBLOGICSERVERRID -# * parse dynamic filed rid in server log. -# * [rid: 0] -# * WEBLOGICSERVERMESSAGE -# * parse field message in server log. -# * e.g. Java stack trace -# * e.g. Self-tuning thread pool contains 0 running threads, 2 idle threads, and 13 standby threads -# * WEBLOGICSTDDATE -# * parse field date in std log. -# * Aug 31, 2020 5:37:27,646 AM UTC -# * Aug 31, 2020 5:37:27 AM UTC -function configure_lostash() -{ - echo "create patterns" - rm -f -r /etc/logstash/patterns - if [ -d "/etc/logstash/patterns" ]; then - rm -f /etc/logstash/patterns/weblogic-logstash-patterns.txt - else - mkdir /etc/logstash/patterns - fi - cat </etc/logstash/patterns/weblogic-logstash-patterns.txt -ACCESSDATE ^\d{4}[./-]%{MONTHNUM}[./-]%{MONTHDAY} -DBDATETIME %{DAY} %{MONTH:db_month} %{MONTHDAY:db_day} %{HOUR:db_hour}:%{MINUTE:db_minute}:%{SECOND:db_second} %{TZ:db_tz} %{YEAR:db_year} -DSIDORTIMESTAMP (?(\b(?:[1-9][0-9]*)\b))|%{DBDATETIME:ds_timestamp} -DSPARTITION (?:\[partition-id: %{INT:ds_partitionId}\] \[partition-name: %{DATA:ds_partitionName}\]\s)|(?:\[partition-name: %{DATA:ds_partitionName}\] \[partition-id: %{INT:ds_partitionId}\]\s) -DSWEBLOGICMESSAGE (?(.|\r|\n)*)|%{GREEDYDATA:ds_user} -JAVAPACKAGE ([a-zA-Z_$][a-zA-Z\d_$]*\.)*[a-zA-Z_$][a-zA-Z\d_$]* -WEBLOGICDIAGMESSAGE (?(.|\r|\n)*)|%{GREEDYDATA:diag_message} -WEBLOGICDOMAINDATE %{MONTH:tmp_month} %{MONTHDAY:tmp_day}, %{YEAR:tmp_year},? %{HOUR:tmp_hour}:%{MINUTE:tmp_min}:%{SECOND:tmp_second},(?([0-9]{3})) (?(AM|PM)) -WEBLOGICLOGPARTITION (?:\s\[rid: %{DATA:diag_rid}\] \[partition-id: %{INT:diag_partitionId}\] \[partition-name: %{DATA:diag_partitionName}\]\s)|(?:\s\[partition-id: %{INT:diag_partitionId}\] \[partition-name: %{DATA:diag_partitionName}\]\s)|(?:\s\[rid: %{DATA:diag_rid}\]\s)|(\s) -WEBLOGICSERVERLOGPARTITION (?:\s\[rid: %{DATA:log_rid}\] \[partition-id: %{INT:log_partitionId}\] \[partition-name: %{DATA:log_partitionName}\]\s)|(?:\s\[partition-id: %{INT:log_partitionId}\] \[partition-name: %{DATA:log_partitionName}\]\s)|(?:\s\[rid: %{DATA:log_rid}\]\s)|(\s) -WEBLOGICSERVERRID (?:\s\[rid: %{WORDNOSPACES:log_rid}\]\s)|(\s) -WEBLOGICSERVERMESSAGE (?(.|\r|\n)*)|%{GREEDYDATA:log_message} -WEBLOGICSTDDATE %{MONTH} %{MONTHDAY}, %{YEAR} %{HOUR}:%{MINUTE}:%{SECOND} (AM|PM) -WORDNOSPACES [^ ]* -WORDNOBRACKET [^\]]* -EOF - - wlsLogPath="${wlsDomainPath}/servers/${wlsAdminServerName}/logs" - privateIP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') - - rm -f /etc/logstash/conf.d/weblogic-logs.conf - cat </etc/logstash/conf.d/weblogic-logs.conf -input { -EOF - - if [[ -n `echo ${logsToIntegrate} | grep "HTTPAccessLog"` ]]; then - cat <>/etc/logstash/conf.d/weblogic-logs.conf - file { - path => "${wlsLogPath}/access.log" - start_position => beginning - } -EOF - fi - - if [[ -n `echo ${logsToIntegrate} | grep "ServerLog"` ]]; then - cat <>/etc/logstash/conf.d/weblogic-logs.conf - file { - path => "${wlsLogPath}/${wlsAdminServerName}.log" - codec => multiline { - pattern => "^####" - negate => true - what => "previous" - } - start_position => beginning - } -EOF - fi - - if [[ -n `echo ${logsToIntegrate} | grep "DomainLog"` ]]; then - cat <>/etc/logstash/conf.d/weblogic-logs.conf - file { - path => "${wlsLogPath}/${wlsDomainName}.log" - codec => multiline { - pattern => "^####" - negate => true - what => "previous" - } - start_position => beginning - } -EOF - fi - - if [[ -n `echo ${logsToIntegrate} | grep "DataSourceLog"` ]]; then - cat <>/etc/logstash/conf.d/weblogic-logs.conf - file { - path => "${wlsLogPath}/datasource.log" - codec => multiline { - pattern => "^####" - negate => true - what => "previous" - } - start_position => beginning - } -EOF - fi - - if [[ -n `echo ${logsToIntegrate} | grep "StandardErrorAndOutput"` ]]; then - cat <>/etc/logstash/conf.d/weblogic-logs.conf - file { - path => "${wlsLogPath}/${wlsAdminServerName}.out" - codec => multiline { - pattern => "^<" - negate => true - what => "previous" - } - start_position => beginning - } -EOF - fi - - cat <>/etc/logstash/conf.d/weblogic-logs.conf -} -filter { - grok { - match => {"path" => "%{GREEDYDATA}/%{GREEDYDATA:type}"} - } - mutate { - add_field => { "internal_ip" => "${privateIP}" } - } - - if [type] == "${wlsAdminServerName}.log" { - mutate { replace => { type => "weblogic_server_log" } } - # match rid - grok { - patterns_dir=> ["/etc/logstash/patterns"] - match => [ "message", "####<%{WEBLOGICDOMAINDATE}%{SPACE}%{GREEDYDATA:log_timezone}>%{SPACE}<%{LOGLEVEL:log_severity}>%{SPACE}<%{GREEDYDATA:log_subSystem}>%{SPACE}<%{HOSTNAME:log_machine}>%{SPACE}<%{DATA:log_server}>%{SPACE}<%{DATA:log_thread}>%{SPACE}<%{DATA:log_userId}>%{SPACE}<%{DATA:log_transactionId}>%{SPACE}<%{DATA:log_contextId}>%{SPACE}<%{NUMBER:log_timestamp}>%{SPACE}<\[severity-value: %{INT:log_severityValue}\]%{WEBLOGICSERVERLOGPARTITION}>%{SPACE}<%{DATA:log_massageId}>%{SPACE}<%{WEBLOGICSERVERMESSAGE}>" ] - } - - mutate { - replace => ['log_date', '%{tmp_month} %{tmp_day}, %{tmp_year} %{tmp_hour}:%{tmp_min}:%{tmp_second},%{tmp_sss} %{tmp_aa}'] - } - - translate { - field => 'log_timezone' - destination => 'log_timezone' - fallback => '%{log_timezone}' - override => "true" - dictionary => [ - 'Coordinated Universal Time', 'UTC' - ] - } - - date { - match => [ "log_date", "MMM dd, YYYY KK:mm:ss,SSS aa", "MMM d, YYYY KK:mm:ss,SSS aa"] - timezone => "%{log_timezone}" - target => "log_date" - } - mutate { - remove_field => [ 'log_timezone', 'tmp_month', 'tmp_day', 'tmp_year', 'tmp_hour', 'tmp_min', 'tmp_second', 'tmp_sss', 'tmp_aa'] - } - } - else if [type] == "access.log" { - # drop message starting with # - if [message] =~ /^#/ { - drop {} - } - mutate { replace => { type => "weblogic_access_log" } } - grok { - patterns_dir=> ["/etc/logstash/patterns"] - match => [ "message", "%{ACCESSDATE:acc_date}\s+%{TIME:acc_time}\s+%{NUMBER:time_taken}\s+%{NUMBER:bytes:int}\s+%{IP:c_ip}\s+%{HOSTPORT:s_ip}\s+%{IPORHOST:c_dns}\s+%{IPORHOST:s_dns}\s+%{WORD:cs_method}\s+%{URIPATHPARAM:cs_uri}\s+%{NUMBER:sc_status}\s+%{QUOTEDSTRING:sc-comment}\s+%{WORDNOSPACES:ctx-ecid}\s+%{WORDNOSPACES:ctx-rid}" ] - } - mutate { - replace => ['acc_timestamp', '%{acc_date} %{acc_time}'] - } - date { - match => [ "acc_timestamp" , "yyyy-MM-dd HH:mm:ss" ] - timezone => "UTC" - target => "acc_timestamp" - } - mutate { - remove_field => [ 'acc_date', 'acc_time'] - } - } - else if [type] == "${wlsDomainName}.log" { - mutate { replace => { type => "weblogic_domain_log" } } - grok { - patterns_dir=> ["/etc/logstash/patterns"] - match => [ "message", "####<%{WEBLOGICDOMAINDATE}%{SPACE}%{GREEDYDATA:diag_timezone}>%{SPACE}<%{LOGLEVEL:diag_severity}>%{SPACE}<%{GREEDYDATA:diag_subSystem}>%{SPACE}<%{HOSTNAME:diag_machine}>%{SPACE}<%{HOSTNAME:diag_server}>%{SPACE}<%{DATA:diag_thread}>%{SPACE}<%{WORDNOBRACKET:diag_userId}>%{SPACE}<%{DATA:diag_transactionId}>%{SPACE}<%{WORDNOSPACES:diag_contextId}>%{SPACE}<%{NUMBER:diag_timestamp}>%{SPACE}<\[severity-value: %{INT:diag_severityValue}\]%{WEBLOGICLOGPARTITION}>%{SPACE}<%{DATA:diag_massageId}>%{SPACE}<%{WEBLOGICDIAGMESSAGE}>" ] - } - - mutate { - replace => ['diag_date', '%{tmp_month} %{tmp_day}, %{tmp_year} %{tmp_hour}:%{tmp_min}:%{tmp_second},%{tmp_sss} %{tmp_aa}'] - } - - translate { - field => 'diag_timezone' - destination => 'diag_timezone' - fallback => '%{diag_timezone}' - override => "true" - dictionary => [ - 'Coordinated Universal Time', 'UTC' - ] - } - - date { - match => [ "diag_date", "MMM dd, YYYY KK:mm:ss,SSS aa", "MMM d, YYYY KK:mm:ss,SSS aa"] - timezone => "%{diag_timezone}" - target => "diag_date" - } - mutate { - remove_field => [ 'diag_timezone', 'tmp_month', 'tmp_day', 'tmp_year', 'tmp_hour', 'tmp_min', 'tmp_second', 'tmp_sss', 'tmp_aa'] - } - } - else if [type] == "datasource.log" { - mutate { replace => { type => "weblogic_datasource_log" } } - # with timestamp - grok { - patterns_dir=> ["/etc/logstash/patterns"] - match => [ "message", "####<%{WORDNOSPACES:ds_dataSource}>%{SPACE}<%{WORDNOSPACES:ds_profileType}>%{SPACE}<%{DSIDORTIMESTAMP}>%{SPACE}<%{DSWEBLOGICMESSAGE}>%{SPACE}<%{DATA:ds_info}>%{SPACE}<%{DSPARTITION}>" ] - } - - if ([db_month]) { - # DBDATETIME %{DAY} %{MONTH:db_month} %{MONTHDAY:db_day} %{HOUR:db_hour}:%{MINUTE:db_minute}:%{SECOND:db_second} %{TZ:db_tz} %{YEAR:db_year} - mutate { - replace => ["ds_timestamp", "%{db_month} %{db_day}, %{db_year} %{db_hour}:%{db_minute}:%{db_second}"] - } - - date { - match => [ "ds_timestamp", "MMM dd, YYYY HH:mm:ss", "MMM d, YYYY HH:mm:ss"] - timezone => "%{db_tz}" - target => "ds_timestamp" - } - mutate { - remove_field => [ 'db_month','db_day','db_year','db_hour','db_minute','db_second','db_tz'] - } - } - } - else if [type] == "${wlsAdminServerName}.out" { - mutate { replace => { type => "weblogic_std_log" } } - grok { - patterns_dir=> ["/etc/logstash/patterns"] - match => [ "message", "<%{WEBLOGICSTDDATE:out_timestamp}%{SPACE}%{TZ:out_timezone}>%{SPACE}<%{LOGLEVEL:out_level}>%{SPACE}<%{GREEDYDATA:out_subsystem}>%{SPACE}<%{DATA:out_messageId}>%{SPACE}<(?(.|\r|\n)*)|%{GREEDYDATA:out_message}>"] - } - - # CEST id does not exist in JODA-TIME, changed to CET - translate { - field => 'out_timezone' - destination => 'out_timezone' - fallback => '%{out_timezone}' - override => "true" - dictionary => [ - 'CEST', 'CET' - ] - } - date { - match => [ "out_timestamp", "MMM dd, YYYY KK:mm:ss aa", "MMM d, YYYY KK:mm:ss aa", "MMM dd, YYYY KK:mm:ss,SSS aa", "MMM d, YYYY KK:mm:ss,SSS aa"] - timezone => "%{out_timezone}" - target => "out_timestamp" - } - mutate { - remove_field => [ 'out_timezone'] - } - } -} -output { - elasticsearch { - hosts => "${elasticURI}" - user => "${elasticUserName}" - password => "${elasticPassword}" - index => "${logIndex}" - } -} -EOF - - # Add JAVA_HOME to startup.options - cp /etc/logstash/startup.options /etc/logstash/startup.options.elksave - sed -i -e "/JAVACMD/a\\JAVA_HOME=${JAVA_HOME}" /etc/logstash/startup.options - # Start logstash with oracle user - sed -i -e "s:LS_USER=.*:LS_USER=${userOracle}:g" /etc/logstash/startup.options - sed -i -e "s:LS_GROUP=.*:LS_GROUP=${groupOracle}:g" /etc/logstash/startup.options - - # For Java 11 - # ISSUE: https://github.com/elastic/logstash/issues/10496 - java_version=$(java -version 2>&1 | sed -n ';s/.* version "\(.*\)\.\(.*\)\..*"/\1\2/p;') - if [ ${java_version:0:3} -ge 110 ]; - then - cp /etc/logstash/jvm.options /etc/logstash/jvm.options.elksave - cat <>/etc/logstash/jvm.options ---add-opens java.base/sun.nio.ch=org.jruby.dist ---add-opens java.base/java.io=org.jruby.dist -EOF - fi - - # create start up for logstash - /usr/share/logstash/bin/system-install /etc/logstash/startup.options - if [ $? -ne 0 ]; - then - echo_stderr "Failed to set up logstash service." - exit 1 - fi - - sudo chown -R ${userOracle}:${groupOracle} /var/lib/logstash - sudo chown -R ${userOracle}:${groupOracle} /etc/logstash -} - -function configure_wls_log() -{ - echo "Configure WebLogic Log" - sudo chown -R ${userOracle}:${groupOracle} ${SCRIPT_PATH} - runuser -l oracle -c ". $oracleHome/oracle_common/common/bin/setWlstEnv.sh; java $WLST_ARGS weblogic.WLST ${SCRIPT_PATH}/configure-wls-log.py" - - errorCode=$? - if [ $errorCode -eq 1 ] - then - echo "Exception occurs during ELK configuration, please check." - exit 1 - fi -} - -function setup_javahome() -{ - . $oracleHome/oracle_common/common/bin/setWlstEnv.sh -} - -function restart_admin_service() -{ - echo "Restart weblogic admin server" - echo "Stop admin server" - shutdown_admin - sudo systemctl start wls_admin - echo "Waiting for admin server to be available" - wait_for_admin - echo "Weblogic admin server is up and running" -} - -#This function to check admin server status -function wait_for_admin() -{ - #check admin server status - count=1 - CHECK_URL="http://$wlsAdminURL/weblogic/ready" - status=`curl --insecure -ILs $CHECK_URL | tac | grep -m1 HTTP/1.1 | awk {'print $2'}` - echo "Check admin server status" - while [[ "$status" != "200" ]] - do - echo "." - count=$((count+1)) - if [ $count -le 30 ]; - then - sleep 1m - else - echo "Error : Maximum attempts exceeded while checking admin server status" - exit 1 - fi - status=`curl --insecure -ILs $CHECK_URL | tac | grep -m1 HTTP/1.1 | awk {'print $2'}` - if [ "$status" == "200" ]; - then - echo "WebLogic Server is running..." - break - fi - done -} - -# shutdown admin server -function shutdown_admin() { - #check admin server status - count=1 - CHECK_URL="http://$wlsAdminURL/weblogic/ready" - status=$(curl --insecure -ILs $CHECK_URL | tac | grep -m1 HTTP/1.1 | awk {'print $2'}) - echo "Check admin server status" - while [[ "$status" == "200" ]]; do - echo "." - count=$((count + 1)) - sudo systemctl stop wls_admin - if [ $count -le 30 ]; then - sleep 1m - else - echo "Error : Maximum attempts exceeded while stopping admin server" - exit 1 - fi - status=$(curl --insecure -ILs $CHECK_URL | tac | grep -m1 HTTP/1.1 | awk {'print $2'}) - if [ -z ${status} ]; then - echo "WebLogic Server is stop..." - break - fi - done -} - -function cleanup() -{ - echo "Cleaning up temporary files..." - rm -f -r ${SCRIPT_PATH} - echo "Cleanup completed." -} - -function create_temp_folder() -{ - SCRIPT_PATH="/u01/tmp" - sudo rm -f -r ${SCRIPT_PATH} - sudo mkdir ${SCRIPT_PATH} - sudo rm -rf $SCRIPT_PATH/* -} - -function validate_elastic_server() -{ - timestamp=$(date +%s) - testIndex="${logIndex}-validate-elk-server-from-admin-server-${timestamp}" - output=$(curl -XPUT --user ${elasticUserName}:${elasticPassword} ${elasticURI}/${testIndex}) - if [[ $? -eq 1 || -z `echo $output | grep "\"acknowledged\":true"` ]];then - echo $output - exit 1 - fi - - count=1 - status404="\"status\":404" - while [[ -n ${status404} ]]; do - echo "." - count=$((count + 1)) - # remove the test index - echo "Removing test index..." - curl -XDELETE --user ${elasticUserName}:${elasticPassword} ${elasticURI}/${testIndex} - echo "Checking if test index is removed." - status404=$(curl -XGET --user ${elasticUserName}:${elasticPassword} ${elasticURI}/${testIndex} | grep "\"status\":404") - echo ${status404} - if [[ -n ${status404} ]]; then - echo "Test index is removed..." - break - fi - - if [ $count -le 30 ]; then - sleep 1m - else - echo "Error : Maximum attempts exceeded while removing test index from elastic server" - exit 1 - fi - done -} - - -#main -SCRIPT_PWD=`pwd` - -#read arguments from stdin -read oracleHome wlsAdminHost wlsAdminPort wlsUserName wlsPassword wlsAdminServerName elasticURI elasticUserName elasticPassword wlsDomainName wlsDomainPath logsToIntegrate logIndex - -hostName=`hostname` -wlsAdminURL=$wlsAdminHost:$wlsAdminPort -userOracle="oracle" -groupOracle="oracle" - - -create_temp_folder -validate_input -validate_elastic_server - -echo "start to configure ELK" -setup_javahome -create_wls_log_model -remove_logstash -install_logstash -configure_lostash -start_logstash -configure_wls_log -restart_admin_service - -echo "Waiting for admin server to be available" -wait_for_admin -echo "Weblogic admin server is up and running" - -cleanup \ No newline at end of file diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/installJdbcDrivers.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/installJdbcDrivers.sh index 186876fe1..0ee0155a8 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/installJdbcDrivers.sh +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/installJdbcDrivers.sh @@ -118,7 +118,7 @@ function install_azure_identity_extension() { sudo mv target/dependency/jackson-annotations-*.jar ${domainBase}/azure-libraries/jackson sudo mv target/dependency/jackson-core-*.jar ${domainBase}/azure-libraries/jackson sudo mv target/dependency/jackson-databind-*.jar ${domainBase}/azure-libraries/jackson - sudo mv target/dependency/jackson-dataformat-xml-*.jar ${domainBase}/azure-libraries/jackson + sudo mv target/dependency/jackson-datatype-*.jar ${domainBase}/azure-libraries/jackson # Those jars will be appended to CLASSPATH sudo mv target/dependency/*.jar ${domainBase}/azure-libraries/identity sudo chown -R oracle:oracle ${domainBase}/azure-libraries diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/setupAdminDomain.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/setupAdminDomain.sh index c207601ae..70d2a7c37 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/setupAdminDomain.sh +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/setupAdminDomain.sh @@ -2,9 +2,6 @@ # Copyright (c) 2021, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. -# Description -# This script configures ELK (Elasticsearch, Logstash and Kibana) Stack on WebLogic Server Domain. - #Function to output message to StdErr function echo_stderr () { @@ -390,6 +387,12 @@ function validateInput() echo_stderr "storageAccountPrivateIp is required. " exit 1 fi + + if [ -z "${fileShareName}" ]; + then + echo_stderr "fileShareName is required. " + exit 1 + fi } function enableAndStartAdminServerService() @@ -514,13 +517,13 @@ function mountFileShare() fi echo "chmod 600 /etc/smbcredentials/${storageAccountName}.cred" sudo chmod 600 /etc/smbcredentials/${storageAccountName}.cred - echo "//${storageAccountPrivateIp}/wlsshare $mountpointPath cifs nofail,vers=2.1,credentials=/etc/smbcredentials/${storageAccountName}.cred,dir_mode=0777,file_mode=0777,serverino" - sudo bash -c "echo \"//${storageAccountPrivateIp}/wlsshare $mountpointPath cifs nofail,vers=2.1,credentials=/etc/smbcredentials/${storageAccountName}.cred,dir_mode=0777,file_mode=0777,serverino\" >> /etc/fstab" - echo "mount -t cifs //${storageAccountPrivateIp}/wlsshare $mountpointPath -o vers=2.1,credentials=/etc/smbcredentials/${storageAccountName}.cred,dir_mode=0777,file_mode=0777,serverino" - sudo mount -t cifs //${storageAccountPrivateIp}/wlsshare $mountpointPath -o vers=2.1,credentials=/etc/smbcredentials/${storageAccountName}.cred,dir_mode=0777,file_mode=0777,serverino + echo "//${storageAccountPrivateIp}/${fileShareName} $mountpointPath cifs nofail,vers=2.1,credentials=/etc/smbcredentials/${storageAccountName}.cred,dir_mode=0777,file_mode=0777,serverino" + sudo bash -c "echo \"//${storageAccountPrivateIp}/${fileShareName} $mountpointPath cifs nofail,vers=2.1,credentials=/etc/smbcredentials/${storageAccountName}.cred,dir_mode=0777,file_mode=0777,serverino\" >> /etc/fstab" + echo "mount -t cifs //${storageAccountPrivateIp}/${fileShareName} $mountpointPath -o vers=2.1,credentials=/etc/smbcredentials/${storageAccountName}.cred,dir_mode=0777,file_mode=0777,serverino" + sudo mount -t cifs //${storageAccountPrivateIp}/${fileShareName} $mountpointPath -o vers=2.1,credentials=/etc/smbcredentials/${storageAccountName}.cred,dir_mode=0777,file_mode=0777,serverino if [[ $? != 0 ]]; then - echo "Failed to mount //${storageAccountPrivateIp}/wlsshare $mountpointPath" + echo "Failed to mount //${storageAccountPrivateIp}/${fileShareName} $mountpointPath" exit 1 fi } @@ -632,7 +635,7 @@ MIN_CERT_VALIDITY="1" #read arguments from stdin -read wlsDomainName wlsUserName wlsPassword wlsAdminHost oracleHome storageAccountName storageAccountKey mountpointPath isHTTPAdminListenPortEnabled adminPublicHostName dnsLabelPrefix location virtualNetworkNewOrExisting storageAccountPrivateIp isCustomSSLEnabled customIdentityKeyStoreData customIdentityKeyStorePassPhrase customIdentityKeyStoreType customTrustKeyStoreData customTrustKeyStorePassPhrase customTrustKeyStoreType serverPrivateKeyAlias serverPrivateKeyPassPhrase +read wlsDomainName wlsUserName wlsPassword wlsAdminHost oracleHome storageAccountName storageAccountKey mountpointPath isHTTPAdminListenPortEnabled adminPublicHostName dnsLabelPrefix location virtualNetworkNewOrExisting storageAccountPrivateIp fileShareName isCustomSSLEnabled customIdentityKeyStoreData customIdentityKeyStorePassPhrase customIdentityKeyStoreType customTrustKeyStoreData customTrustKeyStorePassPhrase customTrustKeyStoreType serverPrivateKeyAlias serverPrivateKeyPassPhrase wlsServerName="admin" DOMAIN_PATH="/u01/domains" diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/data/parameters-test.json b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/data/parameters-test.json deleted file mode 100644 index dd7690ff7..000000000 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/data/parameters-test.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "adminUsername": { - "value": "weblogic" - }, - "adminPasswordOrKey": { - "value": "#adminPasswordOrKey#" - }, - "dnsLabelPrefix": { - "value": "wls" - }, - "wlsDomainName": { - "value": "#wlsdomainname#" - }, - "wlsUserName": { - "value": "#wlsusername#" - }, - "wlsPassword": { - "value": "#wlspassword#" - }, - "adminVMName": { - "value": "#adminvmname#" - }, - "vmSize": { - "value": "Standard_B2ms" - }, - "location": { - "value": "#location#" - }, - "skuUrnVersion": { - "value": "#skuUrnVersion#" - }, - "_artifactsLocation": { - "value": "https://raw.githubusercontent.com/#repoPath#/#testbranchName#/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/" - } - } -} diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-aad.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-aad.sh deleted file mode 100644 index 22d5477c5..000000000 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-aad.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -# Copyright (c) 2021, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. - -#read arguments from stdin -read parametersPath repoPath testbranchName - -cat < ${parametersPath} -{ - "\$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "_artifactsLocation": { - "value": "https://raw.githubusercontent.com/${repoPath}/${testbranchName}/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/" - }, - "_artifactsLocationSasToken": { - "value": "" - }, - "aadsPortNumber": { - "value": "636" - }, - "aadsPublicIP": { - "value": "GEN-UNIQUE" - }, - "aadsServerHost": { - "value": "GEN-UNIQUE" - }, - "adminPasswordOrKey": { - "value": "GEN-UNIQUE" - }, - "adminUsername": { - "value": "GEN-UNIQUE" - }, - "enableAAD": { - "value": true - }, - "enableDB": { - "value": false - }, - "vmSize": { - "value": "Standard_B2ms" - }, - "wlsLDAPGroupBaseDN": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPPrincipal": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPPrincipalPassword": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPProviderName": { - "value": "AzureActiveDirectoryProvider" - }, - "wlsLDAPSSLCertificate": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPUserBaseDN": { - "value": "GEN-UNIQUE" - }, - "wlsPassword": { - "value": "GEN-UNIQUE" - }, - "wlsUserName": { - "value": "GEN-UNIQUE" - }, - "enableCustomSSL": { - "value": false - } - } -} -EOF diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-db-aad.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-db-aad.sh deleted file mode 100644 index 00af4373a..000000000 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-db-aad.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash -# Copyright (c) 2021, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. - -#read arguments from stdin -read parametersPath repoPath testbranchName - -cat < ${parametersPath} -{ - "\$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "_artifactsLocation": { - "value": "https://raw.githubusercontent.com/${repoPath}/${testbranchName}/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/" - }, - "_artifactsLocationSasToken": { - "value": "" - }, - "aadsPortNumber": { - "value": "636" - }, - "aadsPublicIP": { - "value": "GEN-UNIQUE" - }, - "aadsServerHost": { - "value": "GEN-UNIQUE" - }, - "adminPasswordOrKey": { - "value": "GEN-UNIQUE" - }, - "adminUsername": { - "value": "GEN-UNIQUE" - }, - "databaseType": { - "value": "postgresql" - }, - "dbPassword": { - "value": "GEN-UNIQUE" - }, - "dbUser": { - "value": "GEN-UNIQUE" - }, - "dsConnectionURL": { - "value": "GEN-UNIQUE" - }, - "enableAAD": { - "value": true - }, - "enableDB": { - "value": true - }, - "jdbcDataSourceName": { - "value": "jdbc/postgresql" - }, - "vmSize": { - "value": "Standard_B2ms" - }, - "wlsLDAPGroupBaseDN": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPPrincipal": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPPrincipalPassword": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPProviderName": { - "value": "AzureActiveDirectoryProvider" - }, - "wlsLDAPSSLCertificate": { - "value": "GEN-UNIQUE" - }, - "wlsLDAPUserBaseDN": { - "value": "GEN-UNIQUE" - }, - "wlsPassword": { - "value": "GEN-UNIQUE" - }, - "wlsUserName": { - "value": "GEN-UNIQUE" - }, - "enableCustomSSL": { - "value": false - } - } -} -EOF diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-db.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-db.sh index a86e98e70..c5b38edc1 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-db.sh +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-db.sh @@ -34,9 +34,6 @@ cat < ${parametersPath} "dsConnectionURL": { "value": "GEN-UNIQUE" }, - "enableAAD": { - "value": false - }, "enableDB": { "value": true }, diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-deploy-elk.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-deploy-elk.sh deleted file mode 100644 index fc1201ba2..000000000 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-deploy-elk.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -# Copyright (c) 2021, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. - -#Generate parameters with value for deploying elk template independently - -#read arguments from stdin -read parametersPath adminVMName elasticsearchPassword elasticsearchURI elasticsearchUserName location wlsDomainName wlsusername wlspassword repoPath testbranchName guidValue - -cat < ${parametersPath} -{ - "adminVMName":{ - "value": "${adminVMName}" - }, - "elasticsearchEndpoint": { - "value": "${elasticsearchURI}" - }, - "elasticsearchPassword": { - "value": "${elasticsearchPassword}" - }, - "elasticsearchUserName": { - "value": "${elasticsearchUserName}" - }, - "guidValue": { - "value": "${guidValue}" - }, - "location": { - "value": "${location}" - }, - "wlsDomainName": { - "value": "${wlsDomainName}" - }, - "wlsPassword": { - "value": "${wlsPassword}" - }, - "wlsUserName": { - "value": "${wlsUserName}" - }, - "_artifactsLocation":{ - "value": "https://raw.githubusercontent.com/${repoPath}/${testbranchName}/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/" - } - } -EOF diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-deploy-db.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-deploy.sh similarity index 66% rename from weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-deploy-db.sh rename to weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-deploy.sh index 766651013..ba0fc0ea7 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-deploy-db.sh +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-deploy.sh @@ -5,10 +5,16 @@ #Generate parameters with value for deploying db template independently #read arguments from stdin -read parametersPath adminVMName dbPassword dbAdminUser dbName location wlsusername wlspassword repoPath testbranchName +read parametersPath adminPasswordOrKey skuUrnVersion wlsdomainname adminVMName dbPassword dbAdminUser dbName location wlsusername wlspassword repoPath testbranchName -cat < ${parametersPath}/parameters-deploy-db.json +cat < ${parametersPath}/parameters-deploy.json { + "adminPasswordOrKey": { + "value": "${adminPasswordOrKey}" + }, + "adminUsername": { + "value": "weblogic" + }, "adminVMName":{ "value": "${adminVMName}" }, @@ -30,6 +36,15 @@ cat < ${parametersPath}/parameters-deploy-db.json "location": { "value": "${location}" }, + "skuUrnVersion": { + "value": "${skuUrnVersion}" + }, + "vmSize": { + "value": "Standard_B2ms" + }, + "wlsDomainName": { + "value": "${wlsdomainname}" + }, "wlsPassword": { "value": "${wlsPassword}" }, diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-elk.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-elk.sh deleted file mode 100644 index f13f23ba6..000000000 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-elk.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright (c) 2021, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. - -#read arguments from stdin -read parametersPath repoPath testbranchName - -cat <${parametersPath} -{ - "\$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "_artifactsLocation": { - "value": "https://raw.githubusercontent.com/${repoPath}/${testbranchName}/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/" - }, - "_artifactsLocationSasToken": { - "value": "" - }, - "adminPasswordOrKey": { - "value": "GEN-UNIQUE" - }, - "adminUsername": { - "value": "GEN-UNIQUE" - }, - "elasticsearchEndpoint": { - "value": "GEN-UNIQUE" - }, - "elasticsearchPassword": { - "value": "GEN-UNIQUE" - }, - "elasticsearchUserName": { - "value": "GEN-UNIQUE" - }, - "enableAAD": { - "value": false - }, - "enableDB": { - "value": false - }, - "enableELK": { - "value": true - }, - "vmSize": { - "value": "Standard_B2ms" - }, - "wlsPassword": { - "value": "GEN-UNIQUE" - }, - "wlsUserName": { - "value": "GEN-UNIQUE" - } - } -} -EOF diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters.sh index b8382c137..c712c8931 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters.sh +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters.sh @@ -22,9 +22,6 @@ cat < ${parametersPath} "adminUsername": { "value": "GEN-UNIQUE" }, - "enableAAD": { - "value": false - }, "enableDB": { "value": false }, diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/verify-deployments.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/verify-deployments.sh index d57bb1b89..2ec36ff30 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/verify-deployments.sh +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/verify-deployments.sh @@ -20,18 +20,6 @@ parametersList+=(${scriptsDir}/parameters.json) bash ${scriptsDir}/gen-parameters-db.sh <<< "${scriptsDir}/parameters-db.json $repoPath $testbranchName" parametersList+=(${scriptsDir}/parameters-db.json) -# parameters for cluster+aad -bash ${scriptsDir}/gen-parameters-aad.sh <<< "${scriptsDir}/parameters-aad.json $repoPath $testbranchName" -parametersList+=(${scriptsDir}/parameters-aad.json) - -# parameters for admin+elk -bash ${scriptsDir}/gen-parameters-elk.sh <<< "${scriptsDir}/parameters-elk.json $repoPath $testbranchName" -parametersList+=(${scriptsDir}/parameters-elk.json) - -# parameters for cluster+db+aad -bash ${scriptsDir}/gen-parameters-db-aad.sh <<< "${scriptsDir}/parameters-db-aad.json $repoPath $testbranchName" -parametersList+=(${scriptsDir}/parameters-db-aad.json) - # run preflight tests success=true for parameters in "${parametersList[@]}"; diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/verify-wls-path.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/verify-wls-path.sh deleted file mode 100644 index a680bba94..000000000 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/verify-wls-path.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -# Copyright (c) 2024, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. - -echo "#adminPasswordOrKey#" | sudo -S [ -d "/u01/app/wls/install/oracle/middleware/oracle_home/wlserver/modules" ] && exit 0 -exit 1