From b3726c32e3afcc22c64b927d0531818a404ca60f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ram=C3=B3n=20Tom=C3=A1s?= Date: Tue, 10 Oct 2017 11:17:34 +0200 Subject: [PATCH] Created deployment scripts for SF Linux --- .../LinuxContainers/gen-keyvaultcert.ps1 | 53 ++ .../servicefabric/LinuxContainers/readme.md | 88 ++ .../LinuxContainers/servicefabricdeploy.json | 751 ++++++++++++++++ .../servicefabricdeploy.parameters.json | 93 ++ .../servicefabricdeploysecured.json | 821 ++++++++++++++++++ ...servicefabricdeploysecured.parameters.json | 102 +++ .../servicefabric/WindowsContainers/readme.md | 2 +- .../servicefabricdeploy.json | 100 +++ .../servicefabricdeploy.parameters.json | 15 + ...e.json => servicefabricdeploysecured.json} | 100 +++ ...ervicefabricdeploysecured.parameters.json} | 19 +- eShopOnContainers-ServicesAndWebApps.sln | 2 +- 12 files changed, 2142 insertions(+), 4 deletions(-) create mode 100644 deploy/az/servicefabric/LinuxContainers/gen-keyvaultcert.ps1 create mode 100644 deploy/az/servicefabric/LinuxContainers/readme.md create mode 100644 deploy/az/servicefabric/LinuxContainers/servicefabricdeploy.json create mode 100644 deploy/az/servicefabric/LinuxContainers/servicefabricdeploy.parameters.json create mode 100644 deploy/az/servicefabric/LinuxContainers/servicefabricdeploysecured.json create mode 100644 deploy/az/servicefabric/LinuxContainers/servicefabricdeploysecured.parameters.json rename deploy/az/servicefabric/WindowsContainers/{servicefabricdeploysecure.json => servicefabricdeploysecured.json} (89%) rename deploy/az/servicefabric/WindowsContainers/{servicefabricdeploysecure.parameters.json => servicefabricdeploysecured.parameters.json} (84%) diff --git a/deploy/az/servicefabric/LinuxContainers/gen-keyvaultcert.ps1 b/deploy/az/servicefabric/LinuxContainers/gen-keyvaultcert.ps1 new file mode 100644 index 000000000..c6fc34013 --- /dev/null +++ b/deploy/az/servicefabric/LinuxContainers/gen-keyvaultcert.ps1 @@ -0,0 +1,53 @@ +Param( + [parameter(Mandatory=$true)][string]$vaultName, + [parameter(Mandatory=$true)][string]$certName, + [parameter(Mandatory=$true)][string]$certPwd, + [parameter(Mandatory=$true)][string]$subjectName, + [parameter(Mandatory=$false)][string]$ValidityInMonths=12, + [parameter(Mandatory=$true)][string]$saveDir +) + + +#Log in Azure Account +Login-AzureRmAccount + + +# Create Cert in KeyVault +Write-Host "Creating certificate in Azure KeyVault..." -ForegroundColor Yellow +$policy = New-AzureKeyVaultCertificatePolicy -SubjectName $subjectName -IssuerName Self -ValidityInMonths $ValidityInMonths +Add-AzureKeyVaultCertificate -VaultName $vaultName -Name $certName -CertificatePolicy $policy + +# Downloading Certificate +Write-Host "Downloading Certificate from KeyVault..." -ForegroundColor Yellow + +$Stoploop = $false +$Retrycount = 0 + +do { + try { + + $kvSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $certName -ErrorAction SilentlyContinue + $kvSecretBytes = [System.Convert]::FromBase64String($kvSecret.SecretValueText) + $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection + $certCollection.Import($kvSecretBytes,$null,[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable) + $protectedCertificateBytes = $certCollection.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $certPwd) + [System.IO.File]::WriteAllBytes($saveDir + "\" + $certName + ".pfx", $protectedCertificateBytes) + + $Stoploop = $true + Write-Host "Finished!" -ForegroundColor Yellow + } + catch { + if ($Retrycount -gt 5){ + $Stoploop = $true + Write-Host "Not possible to retrieve the certificate!" -ForegroundColor Yellow + } + else { + Start-Sleep -Seconds 20 + $Retrycount = $Retrycount + 1 + } + } +} +While ($Stoploop -eq $false) + +# Show Certificate Values +Get-AzureKeyVaultCertificate -VaultName $vaultName -Name $certName \ No newline at end of file diff --git a/deploy/az/servicefabric/LinuxContainers/readme.md b/deploy/az/servicefabric/LinuxContainers/readme.md new file mode 100644 index 000000000..5bdd86737 --- /dev/null +++ b/deploy/az/servicefabric/LinuxContainers/readme.md @@ -0,0 +1,88 @@ +# Deploying Azure Service Fabric (No Secured) + +The ARM template `servicefabricdeploy.json` and its parameter file (`servicefabricdeploy.parameters.json`) are used to create a service fabric cluster environment for linux containers. + +## Editing servicefabricdeploy.parameters.json file + +Edit the following params in `servicefabricdeploy.parameters.json` file to set your values: + +- clusterName: Name of your SF cluster +- dnsName: Name assigned to your SF dns +- adminUserName: user name for administration +- adminPassword: user password for administration + +Optionally, you can modify which ports are opened in the LoadBalancer for accessing externally to the apps: + +- webMvcHttpPort: port externally exposed for the WebMVC app +- webSpaHttpPort: port externally exposed for the WebSPA app +- webStatusHttpPort: port externally exposed for the WebStatus app +- IdSrvHttpRule: port externally exposed for the Identity app + +## Deploy the template + +Once parameter file is edited you can deploy it using [create-resources script](../readme.md). + +i. e. if you are in windows, to deploy sql databases in a new resourcegroup located in westus, go to `deploy\az` folder and type: + +``` +create-resources.cmd servicefabric\LinuxContainers\servicefabricdeploy newResourceGroup -c westus +``` +## Deploy eShopOnServiceFabric with Visual Studio. + +Alternatively, instead of using ARM templates, you can deploy eShop on service fabric directly by publishing the project eShopOnServiceFabric in eShopOnContainers-ServicesAndWebApps.sln with Visual Studio publish tool. + +# Deploying Azure Service Fabric (Secured) + +The ARM template `servicefabricdeploysecured.json` and its parameter file (`servicefabricdeploysecured.parameters.json`) are used to create a service fabric cluster environment for linux containers secured with a certificate. + +## Create Azure Keyvault service +Go to PortalAzure and create a Keyvault service. Make sure Enable access for deployment checkboxes are selected. + + + +## Generate a certificate in Azure Keyvault +Execute the gen-keyvaultcert.ps1 script to generate and download a certificate from Keyvault. + +``` +.\gen-keyvaultcert.ps1 -vaultName -certName -certPwd -subjectName CN=.westeurope.cloudapp.azure.com -saveDir C:\Users\\Downloads + +``` +## Install the certificate +Install the certificate under 'Current User' store location and check it as exportable. + + + +## Editing servicefabricdeploysecured.parameters.json file + +Edit the following params in `servicefabricdeploysecured.parameters.json` file to set your values: + +- clusterName: Name of your SF cluster +- dnsName: Name assigned to your SF dns +- adminUserName: user name for administration +- adminPassword: user password for administration +- sourceVaultValue: keyvault resource id (check azure keyvault properties) +- certificateUrlValue: certificate url (check azure Keyvault certificate properties) +- certificateThumbprint: certificate thumbprint (check azure Keyvault certificate properties) + +Optionally, you can modify which ports are opened in the LoadBalancer for accessing externally to the apps: + +- webMvcHttpPort: port externally exposed for the WebMVC app +- webSpaHttpPort: port externally exposed for the WebSPA app +- webStatusHttpPort: port externally exposed for the WebStatus app +- IdSrvHttpRule: port externally exposed for the Identity app + +## Deploy the template + +Once parameter file is edited you can deploy it using [create-resources script](../readme.md). + +``` +create-resources.cmd servicefabric\LinuxContainers\servicefabricdeploysecured newResourceGroup -c westus +``` +## Deploy eShopOnServiceFabric with Visual Studio. + +Modify the cloud.xml file of each Service Fabric application in PublishProfile directory and set your certificate settings to be able to deploy eshopOnContainers in the secured cluster: + + + + + diff --git a/deploy/az/servicefabric/LinuxContainers/servicefabricdeploy.json b/deploy/az/servicefabric/LinuxContainers/servicefabricdeploy.json new file mode 100644 index 000000000..fb28174db --- /dev/null +++ b/deploy/az/servicefabric/LinuxContainers/servicefabricdeploy.json @@ -0,0 +1,751 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", + "contentVersion": "1.0.0.0", + "parameters": { + "clusterLocation": { + "type": "string", + "metadata": { + "description": "Location of the Cluster" + } + }, + "clusterName": { + "type": "string", + "defaultValue": "Cluster", + "metadata": { + "description": "Name of your cluster - Between 3 and 23 characters. Letters and numbers only" + } + }, + "nt0applicationStartPort": { + "type": "int", + "defaultValue": 20000 + }, + "nt0applicationEndPort": { + "type": "int", + "defaultValue": 30000 + }, + "nt0ephemeralStartPort": { + "type": "int", + "defaultValue": 49152 + }, + "nt0ephemeralEndPort": { + "type": "int", + "defaultValue": 65534 + }, + "nt0fabricTcpGatewayPort": { + "type": "int", + "defaultValue": 19000 + }, + "nt0fabricHttpGatewayPort": { + "type": "int", + "defaultValue": 19080 + }, + "webMvcHttpPort": { + "type": "int", + "defaultValue": 5100 + }, + "webSpaHttpPort": { + "type": "int", + "defaultValue": 5104 + }, + "webStatusHttpPort": { + "type": "int", + "defaultValue": 5107 + }, + "IdSrvHttpRule": { + "type": "int", + "defaultValue": 5105 + }, + "BasketApiHttpRule": { + "type": "int", + "defaultValue": 5103 + }, + "CatalogApiHttpRule": { + "type": "int", + "defaultValue": 5101 + }, + "OrderingApiHttpRule": { + "type": "int", + "defaultValue": 5102 + }, + "MarketingApiHttpRule": { + "type": "int", + "defaultValue": 5110 + }, + "LocationsApiHttpRule": { + "type": "int", + "defaultValue": 5109 + }, + "subnet0Name": { + "type": "string", + "defaultValue": "Subnet-0" + }, + "subnet0Prefix": { + "type": "string", + "defaultValue": "10.0.0.0/24" + }, + "computeLocation": { + "type": "string" + }, + "publicIPAddressName": { + "type": "string", + "defaultValue": "PublicIP-VM" + }, + "publicIPAddressType": { + "type": "string", + "allowedValues": [ + "Dynamic" + ], + "defaultValue": "Dynamic" + }, + "vmStorageAccountContainerName": { + "type": "string", + "defaultValue": "vhds" + }, + "adminUserName": { + "type": "string", + "defaultValue": "testadm", + "metadata": { + "description": "Remote desktop user Id" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Remote desktop user password. Must be a strong password" + } + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "VNet" + }, + "addressPrefix": { + "type": "string", + "defaultValue": "10.0.0.0/16" + }, + "dnsName": { + "type": "string" + }, + "nicName": { + "type": "string", + "defaultValue": "NIC" + }, + "lbName": { + "type": "string", + "defaultValue": "LoadBalancer" + }, + "lbIPName": { + "type": "string", + "defaultValue": "PublicIP-LB-FE" + }, + "overProvision": { + "type": "string", + "defaultValue": "false" + }, + "vmImagePublisher": { + "type": "string", + "defaultValue": "Microsoft.Azure.ServiceFabric" + }, + "vmImageOffer": { + "type": "string", + "defaultValue": "UbuntuServer" + }, + "vmImageSku": { + "type": "string", + "defaultValue": "16.04" + }, + "vmImageVersion": { + "type": "string", + "defaultValue": "6.0.12" + }, + "storageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS" + ], + "defaultValue": "Standard_LRS", + "metadata": { + "description": "Replication option for the VM image storage account" + } + }, + "supportLogStorageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS" + ], + "defaultValue": "Standard_LRS", + "metadata": { + "description": "Replication option for the support log storage account" + } + }, + "supportLogStorageAccountName": { + "type": "string", + "defaultValue": "[toLower( concat('sflogs', uniqueString(resourceGroup().id),'2'))]", + "metadata": { + "description": "Name for the storage account that contains support logs from the cluster" + } + }, + "applicationDiagnosticsStorageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS" + ], + "defaultValue": "Standard_LRS", + "metadata": { + "description": "Replication option for the application diagnostics storage account" + } + }, + "applicationDiagnosticsStorageAccountName": { + "type": "string", + "defaultValue": "[toLower(concat(uniqueString(resourceGroup().id), '3' ))]", + "metadata": { + "description": "Name for the storage account that contains application diagnostics data from the cluster" + } + }, + "nt0InstanceCount": { + "type": "int", + "defaultValue": 1, + "metadata": { + "description": "Instance count for node type" + } + }, + "vmNodeType0Name": { + "type": "string", + "defaultValue": "primary", + "maxLength": 9 + }, + "vmNodeType0Size": { + "type": "string", + "defaultValue": "Standard_D1_v2" + } + }, + "variables": { + "vmssApiVersion": "2017-03-30", + "lbApiVersion": "2015-06-15", + "vNetApiVersion": "2015-06-15", + "storageApiVersion": "2016-01-01", + "publicIPApiVersion": "2015-06-15", + "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]", + "subnet0Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet0Name'))]", + "wadlogs": "", + "wadperfcounters1": "", + "wadperfcounters2": "", + "wadcfgxstart": "[concat(variables('wadlogs'),variables('wadperfcounters1'),variables('wadperfcounters2'),'')]", + "lbID0": "[resourceId('Microsoft.Network/loadBalancers', concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name')))]", + "lbIPConfig0": "[concat(variables('lbID0'),'/frontendIPConfigurations/LoadBalancerIPConfig')]", + "lbPoolID0": "[concat(variables('lbID0'),'/backendAddressPools/LoadBalancerBEAddressPool')]", + "lbProbeID0": "[concat(variables('lbID0'),'/probes/FabricGatewayProbe')]", + "lbHttpProbeID0": "[concat(variables('lbID0'),'/probes/FabricHttpGatewayProbe')]", + "lbNatPoolID0": "[concat(variables('lbID0'),'/inboundNatPools/LoadBalancerBEAddressNatPool')]", + "vmStorageAccountName0": "[toLower(concat(uniqueString(resourceGroup().id), '1', '0' ))]", + "wadmetricsresourceid0": "[concat('/subscriptions/',subscription().subscriptionId,'/resourceGroups/',resourceGroup().name ,'/providers/','Microsoft.Compute/virtualMachineScaleSets/', parameters('vmNodeType0Name'))]" + }, + "resources": [ + { + "apiVersion": "[variables('storageApiVersion')]", + "type": "Microsoft.Storage/storageAccounts", + "name": "[parameters('supportLogStorageAccountName')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [], + "properties": {}, + "kind": "Storage", + "sku": { + "name": "[parameters('supportLogStorageAccountType')]" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('storageApiVersion')]", + "type": "Microsoft.Storage/storageAccounts", + "name": "[parameters('applicationDiagnosticsStorageAccountName')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [], + "properties": {}, + "kind": "Storage", + "sku": { + "name": "[parameters('applicationDiagnosticsStorageAccountType')]" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('vNetApiVersion')]", + "type": "Microsoft.Network/virtualNetworks", + "name": "[parameters('virtualNetworkName')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [], + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[parameters('subnet0Name')]", + "properties": { + "addressPrefix": "[parameters('subnet0Prefix')]" + } + } + ] + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('publicIPApiVersion')]", + "type": "Microsoft.Network/publicIPAddresses", + "name": "[concat(parameters('lbIPName'),'-','0')]", + "location": "[parameters('computeLocation')]", + "properties": { + "dnsSettings": { + "domainNameLabel": "[parameters('dnsName')]" + }, + "publicIPAllocationMethod": "Dynamic" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('lbApiVersion')]", + "type": "Microsoft.Network/loadBalancers", + "name": "[concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name'))]", + "location": "[parameters('computeLocation')]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/',concat(parameters('lbIPName'),'-','0'))]" + ], + "properties": { + "frontendIPConfigurations": [ + { + "name": "LoadBalancerIPConfig", + "properties": { + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses',concat(parameters('lbIPName'),'-','0'))]" + } + } + } + ], + "backendAddressPools": [ + { + "name": "LoadBalancerBEAddressPool", + "properties": {} + } + ], + "loadBalancingRules": [ + { + "name": "LBRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('nt0fabricTcpGatewayPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('nt0fabricTcpGatewayPort')]", + "idleTimeoutInMinutes": "5", + "probe": { + "id": "[variables('lbProbeID0')]" + }, + "protocol": "tcp" + } + }, + { + "name": "LBHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('nt0fabricHttpGatewayPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('nt0fabricHttpGatewayPort')]", + "idleTimeoutInMinutes": "5", + "probe": { + "id": "[variables('lbHttpProbeID0')]" + }, + "protocol": "tcp" + } + }, + { + "name": "WebMVCHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('webMvcHttpPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('webMvcHttpPort')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "WebSPAHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('webSpaHttpPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('webSpaHttpPort')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "WebStatusHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('webStatusHttpPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('webStatusHttpPort')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "IdSrvHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('IdSrvHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('IdSrvHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "BasketApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('BasketApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('BasketApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "CatalogApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('CatalogApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('CatalogApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "OrderingApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('OrderingApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('OrderingApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "MarketingApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('MarketingApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('MarketingApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "LocationsApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('LocationsApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('LocationsApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + } + ], + "probes": [ + { + "name": "FabricGatewayProbe", + "properties": { + "intervalInSeconds": 5, + "numberOfProbes": 2, + "port": "[parameters('nt0fabricTcpGatewayPort')]", + "protocol": "tcp" + } + }, + { + "name": "FabricHttpGatewayProbe", + "properties": { + "intervalInSeconds": 5, + "numberOfProbes": 2, + "port": "[parameters('nt0fabricHttpGatewayPort')]", + "protocol": "tcp" + } + } + ], + "inboundNatPools": [ + { + "name": "LoadBalancerBEAddressNatPool", + "properties": { + "backendPort": "22", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPortRangeEnd": "4500", + "frontendPortRangeStart": "3389", + "protocol": "tcp" + } + } + ] + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('vmssApiVersion')]", + "type": "Microsoft.Compute/virtualMachineScaleSets", + "name": "[parameters('vmNodeType0Name')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [ + "[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]", + "[concat('Microsoft.Network/loadBalancers/', concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name')))]", + "[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]", + "[concat('Microsoft.Storage/storageAccounts/', parameters('applicationDiagnosticsStorageAccountName'))]" + ], + "properties": { + "overprovision": "[parameters('overProvision')]", + "upgradePolicy": { + "mode": "Automatic" + }, + "virtualMachineProfile": { + "extensionProfile": { + "extensions": [ + { + "name": "[concat(parameters('vmNodeType0Name'),'_ServiceFabricLinuxNode')]", + "properties": { + "type": "ServiceFabricLinuxNode", + "autoUpgradeMinorVersion": true, + "protectedSettings": { + "StorageAccountKey1": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('supportLogStorageAccountName')),'2015-05-01-preview').key1]", + "StorageAccountKey2": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('supportLogStorageAccountName')),'2015-05-01-preview').key2]" + }, + "publisher": "Microsoft.Azure.ServiceFabric", + "settings": { + "clusterEndpoint": "[reference(parameters('clusterName')).clusterEndpoint]", + "nodeTypeRef": "[parameters('vmNodeType0Name')]", + "durabilityLevel": "Bronze", + "enableParallelJobs": true, + "nicPrefixOverride": "[parameters('subnet0Prefix')]" + }, + "typeHandlerVersion": "1.0" + } + }, + { + "name": "[concat('VMDiagnosticsVmExt','_vmNodeType0Name')]", + "properties": { + "type": "LinuxDiagnostic", + "autoUpgradeMinorVersion": true, + "protectedSettings": { + "storageAccountName": "[parameters('applicationDiagnosticsStorageAccountName')]", + "storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('applicationDiagnosticsStorageAccountName')),'2015-05-01-preview').key1]", + "storageAccountEndPoint": "https://core.windows.net/" + }, + "publisher": "Microsoft.OSTCExtensions", + "settings": { + "xmlCfg": "[base64(concat(variables('wadcfgxstart'),variables('wadmetricsresourceid0'),variables('wadcfgxend')))]", + "StorageAccount": "[parameters('applicationDiagnosticsStorageAccountName')]" + }, + "typeHandlerVersion": "2.3" + } + } + ] + }, + "networkProfile": { + "networkInterfaceConfigurations": [ + { + "name": "[concat(parameters('nicName'), '-0')]", + "properties": { + "ipConfigurations": [ + { + "name": "[concat(parameters('nicName'),'-',0)]", + "properties": { + "loadBalancerBackendAddressPools": [ + { + "id": "[variables('lbPoolID0')]" + } + ], + "loadBalancerInboundNatPools": [ + { + "id": "[variables('lbNatPoolID0')]" + } + ], + "subnet": { + "id": "[variables('subnet0Ref')]" + } + } + } + ], + "primary": true + } + } + ] + }, + "osProfile": { + "adminPassword": "[parameters('adminPassword')]", + "adminUsername": "[parameters('adminUsername')]", + "computernamePrefix": "[parameters('vmNodeType0Name')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('vmImagePublisher')]", + "offer": "[parameters('vmImageOffer')]", + "sku": "[parameters('vmImageSku')]", + "version": "[parameters('vmImageVersion')]" + }, + "osDisk": { + "caching": "ReadOnly", + "createOption": "FromImage", + "managedDisk": { + "storageAccountType": "[parameters('storageAccountType')]" + } + } + } + } + }, + "sku": { + "name": "[parameters('vmNodeType0Size')]", + "capacity": "[parameters('nt0InstanceCount')]", + "tier": "Standard" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "2017-07-01-preview", + "type": "Microsoft.ServiceFabric/clusters", + "name": "[parameters('clusterName')]", + "location": "[parameters('clusterLocation')]", + "dependsOn": [ + "[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]" + ], + "properties": { + "addonFeatures": [ + "DnsService" + ], + "clientCertificateCommonNames": [], + "clientCertificateThumbprints": [], + "clusterCodeVersion": "6.0.120.1", + "clusterState": "Default", + "diagnosticsStorageAccountConfig": { + "blobEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]", + "protectedAccountKeyName": "StorageAccountKey1", + "queueEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.queue]", + "storageAccountName": "[parameters('supportLogStorageAccountName')]", + "tableEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.table]" + }, + "fabricSettings": [], + "managementEndpoint": "[concat('http://',reference(concat(parameters('lbIPName'),'-','0')).dnsSettings.fqdn,':',parameters('nt0fabricHttpGatewayPort'))]", + "nodeTypes": [ + { + "name": "[parameters('vmNodeType0Name')]", + "applicationPorts": { + "endPort": "[parameters('nt0applicationEndPort')]", + "startPort": "[parameters('nt0applicationStartPort')]" + }, + "clientConnectionEndpointPort": "[parameters('nt0fabricTcpGatewayPort')]", + "durabilityLevel": "Bronze", + "ephemeralPorts": { + "endPort": "[parameters('nt0ephemeralEndPort')]", + "startPort": "[parameters('nt0ephemeralStartPort')]" + }, + "httpGatewayEndpointPort": "[parameters('nt0fabricHttpGatewayPort')]", + "isPrimary": true, + "vmInstanceCount": "[parameters('nt0InstanceCount')]" + } + ], + "provisioningState": "Default", + "reliabilityLevel": "None", + "upgradeMode": "Manual", + "vmImage": "Linux" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + } + ], + "outputs": { + "clusterProperties": { + "value": "[reference(parameters('clusterName'))]", + "type": "object" + } + } +} \ No newline at end of file diff --git a/deploy/az/servicefabric/LinuxContainers/servicefabricdeploy.parameters.json b/deploy/az/servicefabric/LinuxContainers/servicefabricdeploy.parameters.json new file mode 100644 index 000000000..d905f2d00 --- /dev/null +++ b/deploy/az/servicefabric/LinuxContainers/servicefabricdeploy.parameters.json @@ -0,0 +1,93 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "clusterName": { + "value": "your_sf_name" + }, + "clusterLocation": { + "value": "westeurope" + }, + "computeLocation": { + "value": "westeurope" + }, + "adminUserName": { + "value": "eshop" + }, + "adminPassword": { + "value": "your_admin_password" + }, + "nicName": { + "value": "NIC-eshoponsflin" + }, + "publicIPAddressName": { + "value": "eshoponsflin-PubIP" + }, + "dnsName": { + "value": "your_sf_dns" + }, + "virtualNetworkName": { + "value": "VNet-eshoponsflin" + }, + "lbName": { + "value": "LB-eshoponsflin" + }, + "lbIPName": { + "value": "LBIP-eshoponsflin" + }, + "vmImageSku": { + "value": "16.04-LTS" + }, + "vmImageVersion": { + "value": "latest" + }, + "vmImagePublisher": { + "value": "Canonical" + }, + "nt0ephemeralStartPort": { + "value": 49152 + }, + "nt0ephemeralEndPort": { + "value": 65534 + }, + "nt0applicationStartPort": { + "value": 20000 + }, + "nt0applicationEndPort": { + "value": 30000 + }, + "nt0fabricTcpGatewayPort": { + "value": 19000 + }, + "nt0fabricHttpGatewayPort": { + "value": 19080 + }, + "webMvcHttpPort": { + "value": 5100 + }, + "webSpaHttpPort": { + "value": 5104 + }, + "webStatusHttpPort": { + "value": 5107 + }, + "IdSrvHttpRule": { + "value": 5105 + }, + "BasketApiHttpRule": { + "value": 5103 + }, + "CatalogApiHttpRule": { + "value": 5101 + }, + "OrderingApiHttpRule": { + "value": 5102 + }, + "MarketingApiHttpRule": { + "value": 5110 + }, + "LocationsApiHttpRule": { + "value": 5109 + } + } +} \ No newline at end of file diff --git a/deploy/az/servicefabric/LinuxContainers/servicefabricdeploysecured.json b/deploy/az/servicefabric/LinuxContainers/servicefabricdeploysecured.json new file mode 100644 index 000000000..0d6620f32 --- /dev/null +++ b/deploy/az/servicefabric/LinuxContainers/servicefabricdeploysecured.json @@ -0,0 +1,821 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", + "contentVersion": "1.0.0.0", + "parameters": { + "clusterLocation": { + "type": "string", + "metadata": { + "description": "Location of the Cluster" + } + }, + "clusterName": { + "type": "string", + "defaultValue": "Cluster", + "metadata": { + "description": "Name of your cluster - Between 3 and 23 characters. Letters and numbers only" + } + }, + "nt0applicationStartPort": { + "type": "int", + "defaultValue": 20000 + }, + "nt0applicationEndPort": { + "type": "int", + "defaultValue": 30000 + }, + "nt0ephemeralStartPort": { + "type": "int", + "defaultValue": 49152 + }, + "nt0ephemeralEndPort": { + "type": "int", + "defaultValue": 65534 + }, + "nt0fabricTcpGatewayPort": { + "type": "int", + "defaultValue": 19000 + }, + "nt0fabricHttpGatewayPort": { + "type": "int", + "defaultValue": 19080 + }, + "webMvcHttpPort": { + "type": "int", + "defaultValue": 5100 + }, + "webSpaHttpPort": { + "type": "int", + "defaultValue": 5104 + }, + "webStatusHttpPort": { + "type": "int", + "defaultValue": 5107 + }, + "IdSrvHttpRule": { + "type": "int", + "defaultValue": 5105 + }, + "BasketApiHttpRule": { + "type": "int", + "defaultValue": 5103 + }, + "CatalogApiHttpRule": { + "type": "int", + "defaultValue": 5101 + }, + "OrderingApiHttpRule": { + "type": "int", + "defaultValue": 5102 + }, + "MarketingApiHttpRule": { + "type": "int", + "defaultValue": 5110 + }, + "LocationsApiHttpRule": { + "type": "int", + "defaultValue": 5109 + }, + "subnet0Name": { + "type": "string", + "defaultValue": "Subnet-0" + }, + "subnet0Prefix": { + "type": "string", + "defaultValue": "10.0.0.0/24" + }, + "computeLocation": { + "type": "string" + }, + "publicIPAddressName": { + "type": "string", + "defaultValue": "PublicIP-VM" + }, + "publicIPAddressType": { + "type": "string", + "allowedValues": [ + "Dynamic" + ], + "defaultValue": "Dynamic" + }, + "vmStorageAccountContainerName": { + "type": "string", + "defaultValue": "vhds" + }, + "adminUserName": { + "type": "string", + "defaultValue": "testadm", + "metadata": { + "description": "Remote desktop user Id" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Remote desktop user password. Must be a strong password" + } + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "VNet" + }, + "addressPrefix": { + "type": "string", + "defaultValue": "10.0.0.0/16" + }, + "dnsName": { + "type": "string" + }, + "nicName": { + "type": "string", + "defaultValue": "NIC" + }, + "lbName": { + "type": "string", + "defaultValue": "LoadBalancer" + }, + "lbIPName": { + "type": "string", + "defaultValue": "PublicIP-LB-FE" + }, + "overProvision": { + "type": "string", + "defaultValue": "false" + }, + "vmImagePublisher": { + "type": "string", + "defaultValue": "Microsoft.Azure.ServiceFabric" + }, + "vmImageOffer": { + "type": "string", + "defaultValue": "UbuntuServer" + }, + "vmImageSku": { + "type": "string", + "defaultValue": "16.04" + }, + "vmImageVersion": { + "type": "string", + "defaultValue": "6.0.12" + }, + "clusterProtectionLevel": { + "type": "string", + "allowedValues": [ + "None", + "Sign", + "EncryptAndSign" + ], + "defaultValue": "EncryptAndSign", + "metadata": { + "description": "Protection level.Three values are allowed - EncryptAndSign, Sign, None. It is best to keep the default of EncryptAndSign, unless you have a need not to" + } + }, + "certificateStoreValue": { + "type": "string", + "allowedValues": [ + "My" + ], + "defaultValue": "My", + "metadata": { + "description": "The store name where the cert will be deployed in the virtual machine" + } + }, + "certificateThumbprint": { + "type": "string", + "metadata": { + "description": "Certificate Thumbprint" + } + }, + "sourceVaultValue": { + "type": "string", + "metadata": { + "description": "Resource Id of the key vault, is should be in the format of /subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/" + } + }, + "certificateUrlValue": { + "type": "string", + "metadata": { + "description": "Refers to the location URL in your key vault where the certificate was uploaded, it is should be in the format of https://.vault.azure.net:443/secrets/" + } + }, + "storageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS" + ], + "defaultValue": "Standard_LRS", + "metadata": { + "description": "Replication option for the VM image storage account" + } + }, + "supportLogStorageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS" + ], + "defaultValue": "Standard_LRS", + "metadata": { + "description": "Replication option for the support log storage account" + } + }, + "supportLogStorageAccountName": { + "type": "string", + "defaultValue": "[toLower( concat('sflogs', uniqueString(resourceGroup().id),'2'))]", + "metadata": { + "description": "Name for the storage account that contains support logs from the cluster" + } + }, + "applicationDiagnosticsStorageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS" + ], + "defaultValue": "Standard_LRS", + "metadata": { + "description": "Replication option for the application diagnostics storage account" + } + }, + "applicationDiagnosticsStorageAccountName": { + "type": "string", + "defaultValue": "[toLower(concat(uniqueString(resourceGroup().id), '3' ))]", + "metadata": { + "description": "Name for the storage account that contains application diagnostics data from the cluster" + } + }, + "nt0InstanceCount": { + "type": "int", + "defaultValue": 5, + "metadata": { + "description": "Instance count for node type" + } + }, + "vmNodeType0Name": { + "type": "string", + "defaultValue": "primary", + "maxLength": 9 + }, + "vmNodeType0Size": { + "type": "string", + "defaultValue": "Standard_D1_v2" + } + }, + "variables": { + "vmssApiVersion": "2017-03-30", + "lbApiVersion": "2015-06-15", + "vNetApiVersion": "2015-06-15", + "storageApiVersion": "2016-01-01", + "publicIPApiVersion": "2015-06-15", + "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]", + "subnet0Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet0Name'))]", + "wadlogs": "", + "wadperfcounters1": "", + "wadperfcounters2": "", + "wadcfgxstart": "[concat(variables('wadlogs'),variables('wadperfcounters1'),variables('wadperfcounters2'),'')]", + "lbID0": "[resourceId('Microsoft.Network/loadBalancers', concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name')))]", + "lbIPConfig0": "[concat(variables('lbID0'),'/frontendIPConfigurations/LoadBalancerIPConfig')]", + "lbPoolID0": "[concat(variables('lbID0'),'/backendAddressPools/LoadBalancerBEAddressPool')]", + "lbProbeID0": "[concat(variables('lbID0'),'/probes/FabricGatewayProbe')]", + "lbHttpProbeID0": "[concat(variables('lbID0'),'/probes/FabricHttpGatewayProbe')]", + "lbNatPoolID0": "[concat(variables('lbID0'),'/inboundNatPools/LoadBalancerBEAddressNatPool')]", + "vmStorageAccountName0": "[toLower(concat(uniqueString(resourceGroup().id), '1', '0' ))]", + "wadmetricsresourceid0": "[concat('/subscriptions/',subscription().subscriptionId,'/resourceGroups/',resourceGroup().name ,'/providers/','Microsoft.Compute/virtualMachineScaleSets/', parameters('vmNodeType0Name'))]" + }, + "resources": [ + { + "apiVersion": "[variables('storageApiVersion')]", + "type": "Microsoft.Storage/storageAccounts", + "name": "[parameters('supportLogStorageAccountName')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [], + "properties": {}, + "kind": "Storage", + "sku": { + "name": "[parameters('supportLogStorageAccountType')]" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('storageApiVersion')]", + "type": "Microsoft.Storage/storageAccounts", + "name": "[parameters('applicationDiagnosticsStorageAccountName')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [], + "properties": {}, + "kind": "Storage", + "sku": { + "name": "[parameters('applicationDiagnosticsStorageAccountType')]" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('vNetApiVersion')]", + "type": "Microsoft.Network/virtualNetworks", + "name": "[parameters('virtualNetworkName')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [], + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[parameters('subnet0Name')]", + "properties": { + "addressPrefix": "[parameters('subnet0Prefix')]" + } + } + ] + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('publicIPApiVersion')]", + "type": "Microsoft.Network/publicIPAddresses", + "name": "[concat(parameters('lbIPName'),'-','0')]", + "location": "[parameters('computeLocation')]", + "properties": { + "dnsSettings": { + "domainNameLabel": "[parameters('dnsName')]" + }, + "publicIPAllocationMethod": "Dynamic" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('lbApiVersion')]", + "type": "Microsoft.Network/loadBalancers", + "name": "[concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name'))]", + "location": "[parameters('computeLocation')]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/',concat(parameters('lbIPName'),'-','0'))]" + ], + "properties": { + "frontendIPConfigurations": [ + { + "name": "LoadBalancerIPConfig", + "properties": { + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses',concat(parameters('lbIPName'),'-','0'))]" + } + } + } + ], + "backendAddressPools": [ + { + "name": "LoadBalancerBEAddressPool", + "properties": {} + } + ], + "loadBalancingRules": [ + { + "name": "LBRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('nt0fabricTcpGatewayPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('nt0fabricTcpGatewayPort')]", + "idleTimeoutInMinutes": "5", + "probe": { + "id": "[variables('lbProbeID0')]" + }, + "protocol": "tcp" + } + }, + { + "name": "LBHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('nt0fabricHttpGatewayPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('nt0fabricHttpGatewayPort')]", + "idleTimeoutInMinutes": "5", + "probe": { + "id": "[variables('lbHttpProbeID0')]" + }, + "protocol": "tcp" + } + }, + { + "name": "WebMVCHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('webMvcHttpPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('webMvcHttpPort')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "WebSPAHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('webSpaHttpPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('webSpaHttpPort')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "WebStatusHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('webStatusHttpPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('webStatusHttpPort')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "IdSrvHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('IdSrvHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('IdSrvHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "BasketApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('BasketApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('BasketApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "CatalogApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('CatalogApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('CatalogApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "OrderingApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('OrderingApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('OrderingApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "MarketingApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('MarketingApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('MarketingApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "LocationsApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('LocationsApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('LocationsApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + } + ], + "probes": [ + { + "name": "FabricGatewayProbe", + "properties": { + "intervalInSeconds": 5, + "numberOfProbes": 2, + "port": "[parameters('nt0fabricTcpGatewayPort')]", + "protocol": "tcp" + } + }, + { + "name": "FabricHttpGatewayProbe", + "properties": { + "intervalInSeconds": 5, + "numberOfProbes": 2, + "port": "[parameters('nt0fabricHttpGatewayPort')]", + "protocol": "tcp" + } + } + ], + "inboundNatPools": [ + { + "name": "LoadBalancerBEAddressNatPool", + "properties": { + "backendPort": "22", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPortRangeEnd": "4500", + "frontendPortRangeStart": "3389", + "protocol": "tcp" + } + } + ] + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('vmssApiVersion')]", + "type": "Microsoft.Compute/virtualMachineScaleSets", + "name": "[parameters('vmNodeType0Name')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [ + "[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]", + "[concat('Microsoft.Network/loadBalancers/', concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name')))]", + "[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]", + "[concat('Microsoft.Storage/storageAccounts/', parameters('applicationDiagnosticsStorageAccountName'))]" + ], + "properties": { + "overprovision": "[parameters('overProvision')]", + "upgradePolicy": { + "mode": "Automatic" + }, + "virtualMachineProfile": { + "extensionProfile": { + "extensions": [ + { + "name": "[concat(parameters('vmNodeType0Name'),'_ServiceFabricLinuxNode')]", + "properties": { + "type": "ServiceFabricLinuxNode", + "autoUpgradeMinorVersion": true, + "protectedSettings": { + "StorageAccountKey1": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('supportLogStorageAccountName')),'2015-05-01-preview').key1]", + "StorageAccountKey2": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('supportLogStorageAccountName')),'2015-05-01-preview').key2]" + }, + "publisher": "Microsoft.Azure.ServiceFabric", + "settings": { + "clusterEndpoint": "[reference(parameters('clusterName')).clusterEndpoint]", + "nodeTypeRef": "[parameters('vmNodeType0Name')]", + "durabilityLevel": "Bronze", + "enableParallelJobs": true, + "nicPrefixOverride": "[parameters('subnet0Prefix')]", + "certificate": { + "thumbprint": "[parameters('certificateThumbprint')]", + "x509StoreName": "[parameters('certificateStoreValue')]" + } + }, + "typeHandlerVersion": "1.0" + } + }, + { + "name": "[concat('VMDiagnosticsVmExt','_vmNodeType0Name')]", + "properties": { + "type": "LinuxDiagnostic", + "autoUpgradeMinorVersion": true, + "protectedSettings": { + "storageAccountName": "[parameters('applicationDiagnosticsStorageAccountName')]", + "storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('applicationDiagnosticsStorageAccountName')),'2015-05-01-preview').key1]", + "storageAccountEndPoint": "https://core.windows.net/" + }, + "publisher": "Microsoft.OSTCExtensions", + "settings": { + "xmlCfg": "[base64(concat(variables('wadcfgxstart'),variables('wadmetricsresourceid0'),variables('wadcfgxend')))]", + "StorageAccount": "[parameters('applicationDiagnosticsStorageAccountName')]" + }, + "typeHandlerVersion": "2.3" + } + } + ] + }, + "networkProfile": { + "networkInterfaceConfigurations": [ + { + "name": "[concat(parameters('nicName'), '-0')]", + "properties": { + "ipConfigurations": [ + { + "name": "[concat(parameters('nicName'),'-',0)]", + "properties": { + "loadBalancerBackendAddressPools": [ + { + "id": "[variables('lbPoolID0')]" + } + ], + "loadBalancerInboundNatPools": [ + { + "id": "[variables('lbNatPoolID0')]" + } + ], + "subnet": { + "id": "[variables('subnet0Ref')]" + } + } + } + ], + "primary": true + } + } + ] + }, + "osProfile": { + "adminPassword": "[parameters('adminPassword')]", + "adminUsername": "[parameters('adminUsername')]", + "computernamePrefix": "[parameters('vmNodeType0Name')]", + "secrets": [ + { + "sourceVault": { + "id": "[parameters('sourceVaultValue')]" + }, + "vaultCertificates": [ + { + "certificateUrl": "[parameters('certificateUrlValue')]" + } + ] + } + ] + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('vmImagePublisher')]", + "offer": "[parameters('vmImageOffer')]", + "sku": "[parameters('vmImageSku')]", + "version": "[parameters('vmImageVersion')]" + }, + "osDisk": { + "caching": "ReadOnly", + "createOption": "FromImage", + "managedDisk": { + "storageAccountType": "[parameters('storageAccountType')]" + } + } + } + } + }, + "sku": { + "name": "[parameters('vmNodeType0Size')]", + "capacity": "[parameters('nt0InstanceCount')]", + "tier": "Standard" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "2017-07-01-preview", + "type": "Microsoft.ServiceFabric/clusters", + "name": "[parameters('clusterName')]", + "location": "[parameters('clusterLocation')]", + "dependsOn": [ + "[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]" + ], + "properties": { + "addonFeatures": [ + "DnsService" + ], + "certificate": { + "thumbprint": "[parameters('certificateThumbprint')]", + "x509StoreName": "[parameters('certificateStoreValue')]" + }, + "clientCertificateCommonNames": [], + "clientCertificateThumbprints": [], + "clusterCodeVersion": "6.0.120.1", + "clusterState": "Default", + "diagnosticsStorageAccountConfig": { + "blobEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]", + "protectedAccountKeyName": "StorageAccountKey1", + "queueEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.queue]", + "storageAccountName": "[parameters('supportLogStorageAccountName')]", + "tableEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.table]" + }, + "fabricSettings": [ + { + "parameters": [ + { + "name": "ClusterProtectionLevel", + "value": "[parameters('clusterProtectionLevel')]" + } + ], + "name": "Security" + } + ], + "managementEndpoint": "[concat('https://',reference(concat(parameters('lbIPName'),'-','0')).dnsSettings.fqdn,':',parameters('nt0fabricHttpGatewayPort'))]", + "nodeTypes": [ + { + "name": "[parameters('vmNodeType0Name')]", + "applicationPorts": { + "endPort": "[parameters('nt0applicationEndPort')]", + "startPort": "[parameters('nt0applicationStartPort')]" + }, + "clientConnectionEndpointPort": "[parameters('nt0fabricTcpGatewayPort')]", + "durabilityLevel": "Bronze", + "ephemeralPorts": { + "endPort": "[parameters('nt0ephemeralEndPort')]", + "startPort": "[parameters('nt0ephemeralStartPort')]" + }, + "httpGatewayEndpointPort": "[parameters('nt0fabricHttpGatewayPort')]", + "isPrimary": true, + "vmInstanceCount": "[parameters('nt0InstanceCount')]" + } + ], + "provisioningState": "Default", + "reliabilityLevel": "Silver", + "upgradeMode": "Manual", + "vmImage": "Linux" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + } + ], + "outputs": { + "clusterProperties": { + "value": "[reference(parameters('clusterName'))]", + "type": "object" + } + } +} \ No newline at end of file diff --git a/deploy/az/servicefabric/LinuxContainers/servicefabricdeploysecured.parameters.json b/deploy/az/servicefabric/LinuxContainers/servicefabricdeploysecured.parameters.json new file mode 100644 index 000000000..4a783768e --- /dev/null +++ b/deploy/az/servicefabric/LinuxContainers/servicefabricdeploysecured.parameters.json @@ -0,0 +1,102 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "clusterName": { + "value": "your_sf_name" + }, + "clusterLocation": { + "value": "westeurope" + }, + "computeLocation": { + "value": "westeurope" + }, + "adminUserName": { + "value": "eshop" + }, + "adminPassword": { + "value": "your_admin_password" + }, + "nicName": { + "value": "NIC-eshopsflinsec" + }, + "publicIPAddressName": { + "value": "eshopsflinsec-PubIP" + }, + "dnsName": { + "value": "your_sf_dns" + }, + "virtualNetworkName": { + "value": "VNet-eshopsflinsec" + }, + "lbName": { + "value": "LB-eshopsflinsec" + }, + "lbIPName": { + "value": "LBIP-eshopsflinsec" + }, + "sourceVaultValue": { + "value": "" + }, + "certificateUrlValue": { + "value": "" + }, + "certificateThumbprint": { + "value": "" + }, + "vmImageSku": { + "value": "16.04-LTS" + }, + "vmImageVersion": { + "value": "latest" + }, + "vmImagePublisher": { + "value": "Canonical" + }, + "nt0ephemeralStartPort": { + "value": 49152 + }, + "nt0ephemeralEndPort": { + "value": 65534 + }, + "nt0applicationStartPort": { + "value": 20000 + }, + "nt0applicationEndPort": { + "value": 30000 + }, + "nt0fabricTcpGatewayPort": { + "value": 19000 + }, + "nt0fabricHttpGatewayPort": { + "value": 19080 + }, + "webMvcHttpPort": { + "value": 5100 + }, + "webSpaHttpPort": { + "value": 5104 + }, + "webStatusHttpPort": { + "value": 5107 + }, + "IdSrvHttpRule": { + "value": 5105 + }, + "BasketApiHttpRule": { + "value": 5103 + }, + "CatalogApiHttpRule": { + "value": 5101 + }, + "OrderingApiHttpRule": { + "value": 5102 + }, + "MarketingApiHttpRule": { + "value": 5110 + }, + "LocationsApiHttpRule": { + "value": 5109 + } + } +} \ No newline at end of file diff --git a/deploy/az/servicefabric/WindowsContainers/readme.md b/deploy/az/servicefabric/WindowsContainers/readme.md index 9d8e7c486..bf680acbc 100644 --- a/deploy/az/servicefabric/WindowsContainers/readme.md +++ b/deploy/az/servicefabric/WindowsContainers/readme.md @@ -44,7 +44,7 @@ Go to PortalAzure and create a Keyvault service. Make sure Enable access for dep Execute the gen-keyvaultcert.ps1 script to generate and download a certificate from Keyvault. ``` -.\gen-cert.ps1 -vaultName -certName -certPwd -subjectName CN=.westeurope.cloudapp.azure.com -saveDir C:\Users\\Downloads +.\gen-keyvaultcert.ps1 -vaultName -certName -certPwd -subjectName CN=.westeurope.cloudapp.azure.com -saveDir C:\Users\\Downloads ``` ## Install the certificate diff --git a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploy.json b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploy.json index b3fe4b59d..073dc9653 100644 --- a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploy.json +++ b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploy.json @@ -59,6 +59,26 @@ "type": "int", "defaultValue": 5105 }, + "BasketApiHttpRule": { + "type": "int", + "defaultValue": 5103 + }, + "CatalogApiHttpRule": { + "type": "int", + "defaultValue": 5101 + }, + "OrderingApiHttpRule": { + "type": "int", + "defaultValue": 5102 + }, + "MarketingApiHttpRule": { + "type": "int", + "defaultValue": 5110 + }, + "LocationsApiHttpRule": { + "type": "int", + "defaultValue": 5109 + }, "subnet0Name": { "type": "string", "defaultValue": "Subnet-0" @@ -461,6 +481,86 @@ }, "protocol": "tcp" } + }, + { + "name": "BasketApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('BasketApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('BasketApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "CatalogApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('CatalogApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('CatalogApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "OrderingApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('OrderingApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('OrderingApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "MarketingApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('MarketingApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('MarketingApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "LocationsApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('LocationsApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('LocationsApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } } ], "probes": [ diff --git a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploy.parameters.json b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploy.parameters.json index 8d7cf57ac..bf1b89642 100644 --- a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploy.parameters.json +++ b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploy.parameters.json @@ -76,6 +76,21 @@ }, "IdSrvHttpRule": { "value": 5105 + }, + "BasketApiHttpRule": { + "value": 5103 + }, + "CatalogApiHttpRule": { + "value": 5101 + }, + "OrderingApiHttpRule": { + "value": 5102 + }, + "MarketingApiHttpRule": { + "value": 5110 + }, + "LocationsApiHttpRule": { + "value": 5109 } } } diff --git a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.json b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecured.json similarity index 89% rename from deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.json rename to deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecured.json index b5bbfa55c..843f5c0d1 100644 --- a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.json +++ b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecured.json @@ -59,6 +59,26 @@ "type": "int", "defaultValue": 5105 }, + "BasketApiHttpRule": { + "type": "int", + "defaultValue": 5103 + }, + "CatalogApiHttpRule": { + "type": "int", + "defaultValue": 5101 + }, + "OrderingApiHttpRule": { + "type": "int", + "defaultValue": 5102 + }, + "MarketingApiHttpRule": { + "type": "int", + "defaultValue": 5110 + }, + "LocationsApiHttpRule": { + "type": "int", + "defaultValue": 5109 + }, "subnet0Name": { "type": "string", "defaultValue": "Subnet-0" @@ -501,6 +521,86 @@ }, "protocol": "tcp" } + }, + { + "name": "BasketApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('BasketApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('BasketApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "CatalogApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('CatalogApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('CatalogApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "OrderingApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('OrderingApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('OrderingApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "MarketingApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('MarketingApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('MarketingApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } + }, + { + "name": "LocationsApiHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('LocationsApiHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('LocationsApiHttpRule')]", + "idleTimeoutInMinutes": "5", + "protocol": "tcp" + } } ], "probes": [ diff --git a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.parameters.json b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecured.parameters.json similarity index 84% rename from deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.parameters.json rename to deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecured.parameters.json index 22dd82265..2092ebd9a 100644 --- a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.parameters.json +++ b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecured.parameters.json @@ -42,10 +42,10 @@ "value": "sflogseshopsfwin3480" }, "sourceVaultValue": { - "value": "/subscriptions/6c22bb55-0221-4ce4-9bf1-3c4a10a7294c/resourceGroups/eshop-sf-win/providers/Microsoft.KeyVault/vaults/eshoponsfkeyvault" + "value": "" }, "certificateUrlValue": { - "value": "https://eshoponsfkeyvault.vault.azure.net:443/secrets/eshopsfwincert/b4ae55e3a549448c96088cd8dd96c369" + "value": "" }, "certificateThumbprint": { "value": "" @@ -85,6 +85,21 @@ }, "IdSrvHttpRule": { "value": 5105 + }, + "BasketApiHttpRule": { + "value": 5103 + }, + "CatalogApiHttpRule": { + "value": 5101 + }, + "OrderingApiHttpRule": { + "value": 5102 + }, + "MarketingApiHttpRule": { + "value": 5110 + }, + "LocationsApiHttpRule": { + "value": 5109 } } } diff --git a/eShopOnContainers-ServicesAndWebApps.sln b/eShopOnContainers-ServicesAndWebApps.sln index 86ba102dd..c83c564cf 100644 --- a/eShopOnContainers-ServicesAndWebApps.sln +++ b/eShopOnContainers-ServicesAndWebApps.sln @@ -1,7 +1,7 @@  Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio 15 -VisualStudioVersion = 15.0.26730.8 +VisualStudioVersion = 15.0.26730.15 MinimumVisualStudioVersion = 10.0.40219.1 Project("{E53339B2-1760-4266-BCC7-CA923CBCF16C}") = "docker-compose", "docker-compose.dcproj", "{FEA0C318-FFED-4D39-8781-265718CA43DD}" EndProject