From 1373cdd5c53f3092e566cbc463d02e397944a93a Mon Sep 17 00:00:00 2001 From: Vaclav Jirovsky <141634028+vjirovsky-pure@users.noreply.github.com> Date: Mon, 2 Oct 2023 12:36:00 +0200 Subject: [PATCH] E2E demo - added SSH access from test VM (#5) * E2E demo - added SSH access from test VM * changed Ubuntu in Dockerfile to the latest * added az auto-upgrade * added detection of running inside the docker image * added private key parameter into test VM example --- 00-setup-machine.sh | 15 ++++++++ 03-test-vm.bicepparam.example | 1 + Dockerfile | 10 ++++- deploy-e2e-demo.sh | 33 ++++++++++++++--- script-modules/common.sh | 2 +- templates/test-vm-extensions/customize-vm.ps1 | 37 ++++++++++++++++--- templates/test-vm.bicep | 6 ++- 7 files changed, 90 insertions(+), 14 deletions(-) diff --git a/00-setup-machine.sh b/00-setup-machine.sh index 7a74633..b29d0b1 100644 --- a/00-setup-machine.sh +++ b/00-setup-machine.sh @@ -3,6 +3,16 @@ echoerr() { printf "\033[0;31m%s\n\033[0m" "$*" >&2; } echosuccess() { printf "\033[0;32m%s\n\033[0m" "$*" >&2; } +if [ -n "${PURE_RUN_IN_DOCKERIMAGE}" ]; +then + echoerr " +In the docker image with pre-installed tools you don't need to run this setup command and you can proceed to the deployment scripts. + " + exit 1; +fi + + + # Install the az (with bicep) echo "Installing tools:" @@ -50,6 +60,11 @@ else exit 1; fi +# upgrade az cli +az upgrade --yes --all + +# enable az auto-upgrade +az config set auto-upgrade.enable=yes az bicep version if [ $? == 0 ]; then diff --git a/03-test-vm.bicepparam.example b/03-test-vm.bicepparam.example index b27a4a9..356c08c 100644 --- a/03-test-vm.bicepparam.example +++ b/03-test-vm.bicepparam.example @@ -25,3 +25,4 @@ param adminPassword='<< VM admin password >>' // value '$myIpAddress' will be replaced with your current public IP address param whitelistedSourceAddress = '$myIpAddress' +param sshPrivateKeyContentInBase64 = '<---MY SSH PRIVATE KEY CONTENT (starting with -----BEGIN RSA PRIVATE KEY----- and ending with -----END RSA PRIVATE KEY-----) with no newlines-->' \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index c9a9b45..972b635 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.10 +FROM ubuntu:latest RUN apt-get update && apt-get install -y \ jq \ @@ -7,6 +7,12 @@ RUN apt-get update && apt-get install -y \ RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash +# upgrade az cli +RUN az upgrade --yes --all + +# enable az auto-upgrade +RUN az config set auto-upgrade.enable=yes + RUN az bicep install # install bicep @@ -15,6 +21,8 @@ RUN curl -sLo bicep https://github.com/Azure/bicep/releases/latest/download/bice && mv ./bicep /usr/local/bin/bicep \ && bicep --version +ENV PURE_RUN_IN_DOCKERIMAGE=1 + VOLUME [ "/data" ] WORKDIR /data diff --git a/deploy-e2e-demo.sh b/deploy-e2e-demo.sh index 343e9ee..7961497 100644 --- a/deploy-e2e-demo.sh +++ b/deploy-e2e-demo.sh @@ -69,6 +69,25 @@ echo "" echosuccess "[STEP COMPLETED] The deployment of prerequisities has been completed." echo "" + +# generate a SSH key and upload it into CBS and test VM +echo -e "${C_BLUE3}${C_GREY85} +[Step #2] Generating a SSH key for array management:${NO_FORMAT}" + +sshOutput=$( { az sshkey create --name "ssh-cbs-test-$resourceGroupName" --resource-group $resourceGroupName; } 2>&1 ) +sshPrivateKeyFile=`echo $sshOutput | grep -oP 'Private key is saved to "\K[^"]*'` +sshPublicKeyFile=`echo $sshOutput | grep -oP ' WARNING: Public key is saved to "\K[^"]*'` +sshDetails=`az sshkey show --name "ssh-cbs-test-$resourceGroupName" --resource-group $resourceGroupName` +sshPublicKeyInOpenSSHFormat=`echo $sshDetails | jq -r ".publicKey"` + +sshPrivateKeyContentInBase64=`base64 $sshPrivateKeyFile -w 0` + +echo " +Generated SSH key: $sshPublicKeyInOpenSSHFormat + +" + + # Read the bicep parameters for CBS mainfilename='./templates/cbs-managed-app.bicep' tmpfilename='./templates/tmp-e2e-02.bicepparam' @@ -78,7 +97,7 @@ paramsJson=`echo $bicep_raw | jq -r ".parametersJson"` echo -e "${C_BLUE3}${C_GREY85} -[Step #2] Enabling CBS deployment for selected subscription $subscriptionId:${NO_FORMAT} +[Step #3] Enabling CBS deployment for selected subscription $subscriptionId:${NO_FORMAT} " @@ -108,7 +127,7 @@ else fi echo -e "${C_BLUE3}${C_GREY85} -[Step #3] Deploying CBS managed app (~20mins):${NO_FORMAT} +[Step #4] Deploying CBS managed app (~20mins):${NO_FORMAT} " # Deploy our infrastructure @@ -132,7 +151,8 @@ output=$(az deployment group create \ azureMarketPlacePlanVersion=$AZURE_MARKETPLACE_PLAN_VERSION \ azureMarketPlacePlanName=$AZURE_MARKETPLACE_PLAN_NAME \ azureMarketPlacePlanPublisher=$AZURE_MARKETPLACE_PUBLISHER \ - azureMarketPlacePlanOffer=$AZURE_MARKETPLACE_PLAN_OFFER + azureMarketPlacePlanOffer=$AZURE_MARKETPLACE_PLAN_OFFER \ + sshPublicKey="$sshPublicKeyInOpenSSHFormat" ) cbsmanagementLbIp=`echo $output | jq -r '.properties.outputs.cbsmanagementLbIp.value'` @@ -178,7 +198,7 @@ echo " -----------------------------------------------" echo -e "${C_BLUE3}${C_GREY85} -[Step #4] Getting your current IP address...${NO_FORMAT} +[Step #5] Getting your current IP address...${NO_FORMAT} " @@ -196,7 +216,7 @@ fi echo -e "${C_BLUE3}${C_GREY85} -[Step #5] Deploying VM into subscription $subscriptionId into RG ${resourceGroupName} (~20mins):${NO_FORMAT} +[Step #6] Deploying VM into subscription $subscriptionId into RG ${resourceGroupName} (~20mins):${NO_FORMAT} " @@ -220,6 +240,7 @@ output=$(az deployment group create \ adminUsername=$adminUsername \ adminPassword=$adminPassword \ vNetName=$arrayVnetName \ + sshPrivateKeyContentInBase64="${sshPrivateKeyContentInBase64}"\ whitelistedSourceAddress=$myIpAddress ) @@ -252,7 +273,7 @@ echo "" if [ -n "${WSLENV}" ]; then echo -e "${C_BLUE3}${C_GREY85} -[Step #3][Optional] Opening Remote Desktop Connection session into the test VM:${NO_FORMAT} +[Step #7][Optional] Opening Remote Desktop Connection session into the test VM:${NO_FORMAT} " echo " Adding credentials to cmdkey:" cmdkey.exe /generic:"$vmIpAddress" /user:"$adminUsername" /pass:"$adminPassword" diff --git a/script-modules/common.sh b/script-modules/common.sh index 33516cb..a470676 100644 --- a/script-modules/common.sh +++ b/script-modules/common.sh @@ -1,6 +1,6 @@ #!/bin/bash -CLI_VERSION='1.0.2' +CLI_VERSION='1.0.3' # terminal colors diff --git a/templates/test-vm-extensions/customize-vm.ps1 b/templates/test-vm-extensions/customize-vm.ps1 index 711d4ff..bf9e167 100644 --- a/templates/test-vm-extensions/customize-vm.ps1 +++ b/templates/test-vm-extensions/customize-vm.ps1 @@ -1,4 +1,4 @@ -param ([Parameter(Mandatory)]$PureManagementIP,$PureManagementUser, $PureManagementPassword) +param ([Parameter(Mandatory)]$PureManagementIP,$PureManagementUser, $PureManagementPassword, $VmUser, $SSHPrivateKeyBase64 = '') #Variables $arrayendpoint = $PureManagementIP $pureuser = $PureManagementUser @@ -48,14 +48,41 @@ $Shortcut.Save() # download Pure favicon mkdir -Path $env:temp\purecustomization -erroraction SilentlyContinue | Out-Null -$Download = join-path $env:temp\purecustomization favicon.ico -Invoke-WebRequest "https://support.purestorage.com/@api/deki/files/47337/pcbs.ico?origin=mt-web" -OutFile $Download +$DownloadFavicon = join-path $env:temp\purecustomization favicon.ico +Invoke-WebRequest "https://support.purestorage.com/@api/deki/files/47337/pcbs.ico?origin=mt-web" -OutFile $DownloadFavicon # create a desktop icon to mgmt. interface $WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut("C:\Users\Public\Desktop\Open CBS Console.lnk") $Shortcut.TargetPath = "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -$shortcut.IconLocation = $Download +$shortcut.IconLocation = $DownloadFavicon $Shortcut.Arguments = "https://$arrayendpoint" -$Shortcut.Save() \ No newline at end of file +$Shortcut.Save() + + + + +# copy the ssh private key into desktop +if (-not ([string]::IsNullOrEmpty($SSHPrivateKeyBase64))) +{ + $sshKeyFilename = "C:\ssh.key" + Write-Host $SSHPrivateKeyBase64 + + [System.Convert]::FromBase64String($SSHPrivateKeyBase64) | Set-Content $sshKeyFilename -Encoding Byte + + # remove other permissions + Icacls $sshKeyFilename /Inheritance:r + Icacls $sshKeyFilename /Grant:r ${vmUser}:"(R)" + + + # create a desktop icon to ssh the array + + $WshShell = New-Object -comObject WScript.Shell + $Shortcut = $WshShell.CreateShortcut("C:\Users\Public\Desktop\SSH Access to CBS.lnk") + $Shortcut.TargetPath = "C:\Windows\System32\OpenSSH\ssh.exe" + $shortcut.IconLocation = $DownloadFavicon + $Shortcut.Arguments = "$pureuser@$arrayendpoint -i $sshKeyFilename" + $Shortcut.Save() + +} \ No newline at end of file diff --git a/templates/test-vm.bicep b/templates/test-vm.bicep index 32a743a..989a930 100644 --- a/templates/test-vm.bicep +++ b/templates/test-vm.bicep @@ -50,6 +50,10 @@ param extensionFileUrl string param extensionCustomizeUXFileUrl string +@description('When provided, they key will be saved for SSH connection into the CBS array. Encoded in base64 format.') +@secure() +param sshPrivateKeyContentInBase64 string = '' + module variables 'modules/variables.bicep' = { name: 'scriptVariables' params: {} @@ -177,7 +181,7 @@ resource customScriptExtension 'Microsoft.Compute/virtualMachines/extensions@202 ] } protectedSettings: { - commandToExecute: 'powershell.exe -Command "./setup-demo-cbs.ps1 -PureManagementIP ${PureManagementIP} -PureManagementUser ${PureManagementUser} -PureManagementPassword ${PureManagementPassword}; ./customize-vm.ps1 -PureManagementIP ${PureManagementIP} -PureManagementUser ${PureManagementUser} -PureManagementPassword ${PureManagementPassword};exit 0;"' + commandToExecute: 'powershell.exe -Command "./setup-demo-cbs.ps1 -PureManagementIP ${PureManagementIP} -PureManagementUser ${PureManagementUser} -PureManagementPassword ${PureManagementPassword}; ./customize-vm.ps1 -VmUser ${adminUsername} -PureManagementIP ${PureManagementIP} -PureManagementUser ${PureManagementUser} -PureManagementPassword ${PureManagementPassword} -SSHPrivateKeyBase64 ${sshPrivateKeyContentInBase64};exit 0;"' } } }