Adding NSG rules for nodemanager and admin channel ports #55
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
edburns
approved these changes
Oct 21, 2020
edburns
added a commit
that referenced
this pull request
Apr 12, 2021
* dd 1133494 && dd 1132189 (#35) * dd-1133479: Make any changes necessary in admin offer to enable independently running the dbTemplate.json (#33) Co-authored-by: Galia <haixia.cheng@mircosoft.com> * dd 1133494 Make any changes in admin offer to enable independently running the aadNestedTemplate.json * Fixes wls-eng/arm-oraclelinux-wls#101 pids for database and image selection (#36) * On branch develop dd-1138627-pids-for-database selection modified: src/main/arm/nestedtemplates/dbTemplate.json * On branch develop dd-1138627-pids-for-db Provide default value for adminUsername and wlsUsername modified: src/main/arm/mainTemplate.json * On branch develop dd-1138803-pids-for-image-selection modified: src/main/arm/nestedtemplates/adminTemplate.json * Updated workflow and added verification scenarios (#34) * Fix build failure with image terms acception * Trigger build * Update build.yml * Fix build error Co-authored-by: Galia <haixia.cheng@mircosoft.com> Co-authored-by: Ed Burns <edburns@microsoft.com> Co-authored-by: sanjaymantoor <36834780+sanjaymantoor@users.noreply.github.com> * Remove image version specification as we have introduced urn (#40) Co-authored-by: Galia <haixia.cheng@mircosoft.com> * Fix issue#108 and issue#109 (#41) * Fix wls-eng/arm-oraclelinux-wls#109: exception happens when importing certificate to JDK 11.0.7 * Fix wls-eng/arm-oraclelinux-wls#108 by enabling TLSv1.2 in JDK8 Co-authored-by: Galia <haixia.cheng@mircosoft.com> * Update README.md * CI/CD enhancement (#43) * CI/CD: DB sub template deployment Modified in test/scripts/set-env.sh Remove the file as we don't use it any more. Modified in test/scripts/gen-parameters-deploy-db.sh Generate parameters.json for db template deployment. Modified in .github/workflows/build.yml Add step to deploy db template * CICD: Add step to validate template Co-authored-by: Galia <haixia.cheng@mircosoft.com> * Create aka.ms links for all link elements in createUiDefinition.json (#44) * remove vm size restrictions from templates (#45) move vmSizeSelect to required sections of basics add excluded vm sizes and another recommended vm size * move commandToExecute to protectedSettings (#46) * Validation message for WLS Admin password: no special characters (#48) * Updating wls_admin service (#49) wls_admin service is updated with following - Added network service as prerequisite - Added restart if service is failed * fix base images version (#51) * wls-eng/arm-oraclelinux-wls#162 increment pom (#52) * on Develop branch, changes for ELK integration. (#50) * on Develop branch, changes for ELK integration. * Apply Ed's review suggestion * Create a function to ensure admin server has been shutdown before restart * Add UI info element for memory requirement. Extend memory requirement. * Increase pom version * Fix condition error Co-authored-by: Galia <haixia.cheng@mircosoft.com> * Enhance CI/CD (#54) * use latest arm-ttk * CI/CD for ELK Fix script format. * use pid files in develop branch * On branch edburns-msft-171-01-arm-ttk #171 (#56) modified: src/main/arm/mainTemplate.json modified: src/main/arm/nestedtemplates/aadNestedTemplate.json modified: src/main/arm/nestedtemplates/adminTemplate.json modified: src/main/arm/nestedtemplates/dbTemplate.json modified: src/main/arm/nestedtemplates/elkNestedTemplate.json - use apiVersions property * specify internalDnsNameLabel (#58) * Enhance ELK memory requirement validation message. (#57) * Enhance ELK memory requirement validation message. * update arm-ttk * Adding NSG rules for nodemanager and admin channel ports (#55) * Adding NSG rules for nodemanager and admin channel ports * Added post deloyment NSG rule * Corrected sourceAddressPrefix * Updated custom stopWebLogic script to wls_admin service (#59) * Fix set -env (#61) * Fix fileupload element and remove unnecessary properties. (#60) * Update createUiDefinition.json to have a single field for Elasticsearch endpoint (#62) * Custom SSL, DNS Configuration and WLS File Share changes for Admin Only Domain Offer (#63) * Merging custom SSL and DNS Configuration changes * Update README.md * replace concat with resourceId reference * replace contact with resourceId reference * modified README.md to retrigger github action workflow * modified README.md to retrigger github action workflow * fix wrong deployment reference * modified README.md to retrigger github action workflow * fixed issue with azure api version Co-authored-by: gnsuryan <gnsuryan@users.noreply.github.com> * Create workflow for new tag. (#64) * Fix WLST py scripts. (#65) * Fix WLST py scripts. modified: src/main/scripts/aadIntegration.sh Execute py script with oracle user modified: src/main/scripts/datasourceConfig-oracle.sh Execute py script with oracle user Fix: datasource config fails silently modified: src/main/scripts/datasourceConfig-postgresql.sh Fix: datasource config fails silently Execute py script with oracle user modified: src/main/scripts/datasourceConfig-sqlserver.sh Execute py script with oracle user Fix: datasource config fails silently modified: src/main/scripts/elkIntegration.sh Execute py script with oracle user * Fix DB CI/CD parameters * CI/CD failure on verifying Weblogic Server Access * Validate elastic server connection info (#68) * Issue 1253794: Validate elastic server connection info * Fix http frondend host. * keep resources * YAML error * YAML Error * Bug 1161152: Admin offer: Frontend{Host,HTTPPort,HTTPSPort} not set (#69) * Fix http frontend host. * Revert testing changes on build.yaml * Updated to support latest base images (#66) * 20201202 hotfix CI/CD (#67) * Trigger build workflow and fix set-env commands. * Fix ARM API version. * Remove typos from dbTemplate. * Remove typos from dbTemplate. * On branch develop (#71) modified: src/main/arm/createUiDefinition.json - Enable choice of username/password or SSHKey for admin account. * Remove VM username/passowrd usage in AAD template (#72) * Remove VM username/passowrd usage Changes to be committed: modified: src/main/arm/mainTemplate.json modified: src/main/arm/nestedtemplates/aadNestedTemplate.json modified: src/main/scripts/aadIntegration.sh * Increase POM version * Add public traffic configuration for admin server (#73) -- Add nsgNestedTemplate.json to append NSG rules for admin server -- Update mainTemplate.json to adopt NSG rules configurations -- Add UI for the configurations -- Remove legacy sample code -- Update .gitignore to ignore .classpath file -- Fix code format * Bugfix: update the deployment dependency for NSG (#74) * Support existing DNS Zone in Admin offer (#75) * Create sub tempate for custom dns automation Changes to be committed: modified: pom.xml modified: src/main/arm/createUiDefinition.json modified: src/main/arm/mainTemplate.json new file: src/main/arm/nestedtemplates/_dnszones/_createDNSZonesTemplate.json new file: src/main/arm/nestedtemplates/_dnszones/_updateDNSZonesTemplate.json modified: src/main/arm/nestedtemplates/adminTemplate.json modified: src/main/arm/nestedtemplates/adminTemplateForCustomSSL.json new file: src/main/arm/nestedtemplates/dnszonesTemplate.json new file: src/main/scripts/updateDNSZones.sh Fix iaas version * Fix bugs in SSL configuration and clean up source code. Changes to be committed: modified: src/main/arm/createUiDefinition.json modified: src/main/arm/mainTemplate.json modified: src/main/arm/nestedtemplates/adminTemplate.json modified: src/main/arm/nestedtemplates/adminTemplateForCustomSSL.json Fix image urn in SSL template. Fix API version Remove jdk from offer id Fix shell script * Fix CI/CD * Update newtag.yaml (#76) * Add Key Vault automation (#77) * Add Key Vault automation * Bug fix -- add param default values -- replace function requires 'null' references with if condition * Add clean up ELK index step * Automtation script for custom DNS config. (#79) Changes to be committed: new file: cli-scripts/custom-dns-alias-cli.sh * Parameterize deployment of ELK. (#80) Changes to be committed: modified: .github/workflows/build.yml * Fix for issue#225 SSL enabled causes AAD failure (#82) Co-authored-by: gnsuryan <gnsuryan@users.noreply.github.com> * Add system assigned managed identity to vm (#81) * Add system assigned management identity * remove test branch from workflow * Learn more link under SSL configuration blade now points to Oracle WebLogic Server SSL Overview documentation page (#83) * Fix for issue#225 SSL enabled causes AAD failure * learn more link under SSL configuration blade now points to Oracle WebLogic Server SSL Overview documentation page * I created an aka.ms link that redirects to the right place. https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/secmg/ssl_overview.html#GUID-7ED101C3-2C02-4588-845E-00C7052A1E38 This lets us change where it points without having to update the offer. Co-authored-by: gnsuryan <gnsuryan@users.noreply.github.com> Co-authored-by: Ed Burns <edburns@microsoft.com> * Disable schedule triggers on forks (#84) Changes to be committed: modified: .github/workflows/build.yml * On branch edburns-msft-dd-1275695-createUiDefinition-review (#86) modified: src/main/arm/createUiDefinition.json - Listen Port is not capitalized. - Added howToReportIssues. - Change SSL to TLS/SSL. - Remove "Certifying Authority" because we do support unsigned certificates. - Do not capitalize the c in certificate. - Grammar fixes. - Database is not a proper noun. - Move ELK memoryRequiredText to be in the ELK section. * use precise name to locate deployments we care about (#85) * Skip summary step for forked repo (#87) * Update AAD certificate input label/help (#88) * Bu fixed and enhancement (#89) * Reset admin console dns lable with 'admin'. * Make sure ELK test index is unique. * Add UI notification for "can not share the same keystore for Identity and Trust" in TSL/SSL blade * add automated key vault to aad (#90) * Move job-level condition down to step level for Cleanup and Summary jobs (#91) * Update texts and default values (#92) * Add workflow to package arm using oralce/microsoft pids. (#93) Changes to be committed: new file: .github/workflows/package.yaml * On branch dd-1287308-key-store-trust-store-text You must provide different files for identity and trust KeyStores. Select here for more details. (#94) modified: arm-oraclelinux-wls-cluster/src/main/arm/createUiDefinition.json * Fix package ARM pipeline (#95) * Fix for issue# 289 - Included SSL Keystore validation logic (#96) * Fix for issue#225 SSL enabled causes AAD failure * learn more link under SSL configuration blade now points to Oracle WebLogic Server SSL Overview documentation page * I created an aka.ms link that redirects to the right place. https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/secmg/ssl_overview.html#GUID-7ED101C3-2C02-4588-845E-00C7052A1E38 This lets us change where it points without having to update the offer. * included SSL Keystores validation in setupAdminDomain script * included TrustKeystore validation logic for aadIntegration * post deployment custom ssl configuration for admin server * small corrections * ssl configuration changes for post deployment scenario * Fix minor issue with AAD configuration for custom SSL setup Co-authored-by: gnsuryan <gnsuryan@users.noreply.github.com> Co-authored-by: Ed Burns <edburns@microsoft.com> * improve ui (#97) * improve ui * Follow up changes * Missed one occurrence of "Custom". Co-authored-by: Ed Burns <edburns@microsoft.com> * Fix for issue#293 and issue# 294 (#98) * Fix issue#293 keytool validation command failure * Update createUiDefinition.json Co-authored-by: gnsuryan <gnsuryan@users.noreply.github.com> * On branch gh-300-keystore-type-fix-tooltip (#101) wls-eng/arm-oraclelinux-wls#300 modified: src/main/arm/createUiDefinition.json - Replace "Use only letters and numbers" with "One of the supported KeyStore types" in the context of the KeyStore type dropdown. Signed-off-by: Ed Burns <edburns@microsoft.com> * On branch gh-299-database-password-validation-relaxation (#100) modified: pom.xml - Reduce `PasswordMinLength` to 5. modified: src/main/arm/createUiDefinition.json The validation requirements for the database password field must only be as strict as the least strict of the three supported databases. According to Oracle, that means the validation requirements should be 5 chars min, at least one number. This issue asks the assignee to update the createUiDefinition.json so that - The validation regEx represents that requirement. - The validation message states that requirement. Signed-off-by: Ed Burns <edburns@microsoft.com> * On branch edburns-msft-gh-298-jndi-name-validation-message-slash wls-eng/arm-oraclelinux-wls#298 (#99) modified: src/main/arm/createUiDefinition.json - Slashes are permitted in JNDI Name. Signed-off-by: Ed Burns <edburns@microsoft.com> * update arm-ttk and azure-javaee-iaas reference (#102) Co-authored-by: Galia Cheng <haixia.cheng@microsoft.com> Co-authored-by: Galia <haixia.cheng@mircosoft.com> Co-authored-by: sanjaymantoor <36834780+sanjaymantoor@users.noreply.github.com> Co-authored-by: wls-eng <53461051+wls-eng@users.noreply.github.com> Co-authored-by: Jianguo Ma <jiangma@microsoft.com> Co-authored-by: Gurudutt Suryanarayana <29789603+gnsuryan@users.noreply.github.com> Co-authored-by: gnsuryan <gnsuryan@users.noreply.github.com> Co-authored-by: zhengchang907 <zhengchang@microsoft.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is first part of NSG rules implementation for the Issue #58 Cluster Offers: Worker Nodes: make public/private IP configurable
As part of this implementation WebLogic NodeManager and WebLogic Admin server channel ports , by default public access is denied.