E2E demo - added SSH access from test VM (#5)

* E2E demo - added SSH access from test VM * changed Ubuntu in Dockerfile to the latest * added az auto-upgrade * added detection of running inside the docker image * added private key parameter into test VM example
PureStorage-OpenConnect · Oct 2, 2023 · 1373cdd · 1373cdd
1 parent 7a1164e
commit 1373cdd
Show file tree

Hide file tree

Showing 7 changed files with 90 additions and 14 deletions.
diff --git a/00-setup-machine.sh b/00-setup-machine.sh
@@ -3,6 +3,16 @@
 echoerr() { printf "\033[0;31m%s\n\033[0m" "$*" >&2; }
 echosuccess() { printf "\033[0;32m%s\n\033[0m" "$*" >&2; }
 
+if [ -n "${PURE_RUN_IN_DOCKERIMAGE}" ];
+then
+    echoerr "
+In the docker image with pre-installed tools you don't need to run this setup command and you can proceed to the deployment scripts.
+    "
+    exit 1;
+fi
+
+
+
 # Install the az (with bicep)
 echo "Installing tools:"
 
@@ -50,6 +60,11 @@ else
   exit 1;
 fi
 
+# upgrade az cli
+az upgrade --yes --all
+
+# enable az auto-upgrade
+az config set auto-upgrade.enable=yes
 
 az bicep version
 if [ $? == 0 ]; then

diff --git a/03-test-vm.bicepparam.example b/03-test-vm.bicepparam.example
@@ -25,3 +25,4 @@ param adminPassword='<< VM admin password >>'
 
 // value '$myIpAddress' will be replaced with your current public IP address
 param whitelistedSourceAddress = '$myIpAddress'
+param sshPrivateKeyContentInBase64 = '<---MY SSH PRIVATE KEY CONTENT (starting with -----BEGIN RSA PRIVATE KEY----- and ending with -----END RSA PRIVATE KEY-----) with no newlines-->'
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:22.10
+FROM ubuntu:latest
 
 RUN apt-get update && apt-get install -y \
     jq \
@@ -7,6 +7,12 @@ RUN apt-get update && apt-get install -y \
 
 RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash
 
+# upgrade az cli
+RUN az upgrade --yes --all
+
+# enable az auto-upgrade
+RUN az config set auto-upgrade.enable=yes
+
 RUN az bicep install
 
 # install bicep
@@ -15,6 +21,8 @@ RUN curl -sLo bicep https://github.com/Azure/bicep/releases/latest/download/bice
     && mv ./bicep /usr/local/bin/bicep \
     && bicep --version
 
+ENV PURE_RUN_IN_DOCKERIMAGE=1
+
 VOLUME [ "/data" ]
 WORKDIR /data
 

diff --git a/deploy-e2e-demo.sh b/deploy-e2e-demo.sh
@@ -69,6 +69,25 @@ echo ""
 echosuccess "[STEP COMPLETED] The deployment of prerequisities has been completed."
 echo ""
 
+
+# generate a SSH key and upload it into CBS and test VM
+echo -e "${C_BLUE3}${C_GREY85}
+[Step #2] Generating a SSH key for array management:${NO_FORMAT}"
+
+sshOutput=$( { az sshkey create --name "ssh-cbs-test-$resourceGroupName" --resource-group $resourceGroupName; } 2>&1 )
+sshPrivateKeyFile=`echo $sshOutput | grep -oP 'Private key is saved to "\K[^"]*'`
+sshPublicKeyFile=`echo $sshOutput | grep -oP ' WARNING: Public key is saved to "\K[^"]*'`
+sshDetails=`az sshkey show --name "ssh-cbs-test-$resourceGroupName" --resource-group $resourceGroupName`
+sshPublicKeyInOpenSSHFormat=`echo $sshDetails | jq -r ".publicKey"`
+
+sshPrivateKeyContentInBase64=`base64 $sshPrivateKeyFile -w 0`
+
+echo "
+Generated SSH key: $sshPublicKeyInOpenSSHFormat
+
+"
+
+
 # Read the bicep parameters for CBS
 mainfilename='./templates/cbs-managed-app.bicep'
 tmpfilename='./templates/tmp-e2e-02.bicepparam'
@@ -78,7 +97,7 @@ paramsJson=`echo $bicep_raw | jq -r ".parametersJson"`
 
 
 echo -e "${C_BLUE3}${C_GREY85}
-[Step #2] Enabling CBS deployment for selected subscription $subscriptionId:${NO_FORMAT}
+[Step #3] Enabling CBS deployment for selected subscription $subscriptionId:${NO_FORMAT}
 
 "
 
@@ -108,7 +127,7 @@ else
 fi
 
 echo -e "${C_BLUE3}${C_GREY85}
-[Step #3] Deploying CBS managed app (~20mins):${NO_FORMAT}
+[Step #4] Deploying CBS managed app (~20mins):${NO_FORMAT}
 "
 
 # Deploy our infrastructure
@@ -132,7 +151,8 @@ output=$(az deployment group create \
                azureMarketPlacePlanVersion=$AZURE_MARKETPLACE_PLAN_VERSION \
                azureMarketPlacePlanName=$AZURE_MARKETPLACE_PLAN_NAME \
                azureMarketPlacePlanPublisher=$AZURE_MARKETPLACE_PUBLISHER \
-               azureMarketPlacePlanOffer=$AZURE_MARKETPLACE_PLAN_OFFER
+               azureMarketPlacePlanOffer=$AZURE_MARKETPLACE_PLAN_OFFER \
+               sshPublicKey="$sshPublicKeyInOpenSSHFormat"
   )
 
 cbsmanagementLbIp=`echo $output | jq -r '.properties.outputs.cbsmanagementLbIp.value'`
@@ -178,7 +198,7 @@ echo " -----------------------------------------------"
 
 
 echo -e "${C_BLUE3}${C_GREY85}
-[Step #4] Getting your current IP address...${NO_FORMAT}
+[Step #5] Getting your current IP address...${NO_FORMAT}
 
 "
 
@@ -196,7 +216,7 @@ fi
 
 
 echo -e "${C_BLUE3}${C_GREY85}
-[Step #5] Deploying VM into subscription $subscriptionId into RG ${resourceGroupName} (~20mins):${NO_FORMAT}
+[Step #6] Deploying VM into subscription $subscriptionId into RG ${resourceGroupName} (~20mins):${NO_FORMAT}
 
 "
 
@@ -220,6 +240,7 @@ output=$(az deployment group create \
                adminUsername=$adminUsername \
                adminPassword=$adminPassword \
                vNetName=$arrayVnetName \
+               sshPrivateKeyContentInBase64="${sshPrivateKeyContentInBase64}"\
                whitelistedSourceAddress=$myIpAddress
   )
 
@@ -252,7 +273,7 @@ echo ""
 if [ -n "${WSLENV}" ];
 then
     echo -e "${C_BLUE3}${C_GREY85}
-[Step #3][Optional] Opening Remote Desktop Connection session into the test VM:${NO_FORMAT}
+[Step #7][Optional] Opening Remote Desktop Connection session into the test VM:${NO_FORMAT}
 "
     echo " Adding credentials to cmdkey:"
     cmdkey.exe /generic:"$vmIpAddress" /user:"$adminUsername" /pass:"$adminPassword"

diff --git a/script-modules/common.sh b/script-modules/common.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-CLI_VERSION='1.0.2'
+CLI_VERSION='1.0.3'
 
 
 # terminal colors

diff --git a/templates/test-vm-extensions/customize-vm.ps1 b/templates/test-vm-extensions/customize-vm.ps1
@@ -1,4 +1,4 @@
-param ([Parameter(Mandatory)]$PureManagementIP,$PureManagementUser, $PureManagementPassword)
+param ([Parameter(Mandatory)]$PureManagementIP,$PureManagementUser, $PureManagementPassword, $VmUser, $SSHPrivateKeyBase64 = '')
 #Variables
 $arrayendpoint = $PureManagementIP
 $pureuser = $PureManagementUser
@@ -48,14 +48,41 @@ $Shortcut.Save()
 
 # download Pure favicon 
 mkdir -Path $env:temp\purecustomization -erroraction SilentlyContinue | Out-Null
-$Download = join-path $env:temp\purecustomization favicon.ico
-Invoke-WebRequest "https://support.purestorage.com/@api/deki/files/47337/pcbs.ico?origin=mt-web" -OutFile $Download 
+$DownloadFavicon = join-path $env:temp\purecustomization favicon.ico
+Invoke-WebRequest "https://support.purestorage.com/@api/deki/files/47337/pcbs.ico?origin=mt-web" -OutFile $DownloadFavicon 
 
 # create a desktop icon to mgmt. interface
 
 $WshShell = New-Object -comObject WScript.Shell
 $Shortcut = $WshShell.CreateShortcut("C:\Users\Public\Desktop\Open CBS Console.lnk")
 $Shortcut.TargetPath = "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
-$shortcut.IconLocation =  $Download
+$shortcut.IconLocation =  $DownloadFavicon
 $Shortcut.Arguments = "https://$arrayendpoint"
-$Shortcut.Save()
+$Shortcut.Save()
+
+
+
+
+# copy the ssh private key into desktop
+if (-not ([string]::IsNullOrEmpty($SSHPrivateKeyBase64)))
+{
+    $sshKeyFilename = "C:\ssh.key"
+    Write-Host $SSHPrivateKeyBase64
+
+    [System.Convert]::FromBase64String($SSHPrivateKeyBase64) | Set-Content $sshKeyFilename -Encoding Byte
+
+    # remove other permissions
+    Icacls $sshKeyFilename /Inheritance:r
+    Icacls $sshKeyFilename /Grant:r ${vmUser}:"(R)"
+
+
+    # create a desktop icon to ssh the array
+
+    $WshShell = New-Object -comObject WScript.Shell
+    $Shortcut = $WshShell.CreateShortcut("C:\Users\Public\Desktop\SSH Access to CBS.lnk")
+    $Shortcut.TargetPath = "C:\Windows\System32\OpenSSH\ssh.exe"
+    $shortcut.IconLocation =  $DownloadFavicon
+    $Shortcut.Arguments = "$pureuser@$arrayendpoint -i $sshKeyFilename"
+    $Shortcut.Save()
+
+}
diff --git a/templates/test-vm.bicep b/templates/test-vm.bicep
@@ -50,6 +50,10 @@ param extensionFileUrl string
 
 param extensionCustomizeUXFileUrl string
 
+@description('When provided, they key will be saved for SSH connection into the CBS array. Encoded in base64 format.')
+@secure()
+param sshPrivateKeyContentInBase64 string = ''
+
 module variables 'modules/variables.bicep' = {
   name: 'scriptVariables'
   params: {}
@@ -177,7 +181,7 @@ resource customScriptExtension 'Microsoft.Compute/virtualMachines/extensions@202
       ]
     }
     protectedSettings: {
-      commandToExecute: 'powershell.exe -Command "./setup-demo-cbs.ps1 -PureManagementIP ${PureManagementIP} -PureManagementUser ${PureManagementUser} -PureManagementPassword ${PureManagementPassword}; ./customize-vm.ps1 -PureManagementIP ${PureManagementIP} -PureManagementUser ${PureManagementUser} -PureManagementPassword ${PureManagementPassword};exit 0;"'
+      commandToExecute: 'powershell.exe -Command "./setup-demo-cbs.ps1 -PureManagementIP ${PureManagementIP} -PureManagementUser ${PureManagementUser} -PureManagementPassword ${PureManagementPassword}; ./customize-vm.ps1 -VmUser ${adminUsername} -PureManagementIP ${PureManagementIP} -PureManagementUser ${PureManagementUser} -PureManagementPassword ${PureManagementPassword} -SSHPrivateKeyBase64 ${sshPrivateKeyContentInBase64};exit 0;"'
     }
   }
 }