Merge pull request #82 from sdl/develop

Release
RWS · Dec 1, 2017 · 2507d83 · 2507d83
2 parents 31ac05d + 43746bf
commit 2507d83
Show file tree

Hide file tree

Showing 14 changed files with 337 additions and 122 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Change log
 
+## release v1.2
+
+- GH-53: Add support for docker container images
+- GH-78: Make ContentManager2018 the primary target
+
+Remarks:
+- Moved links from https://github.com/Sarafian to https://github.com/sdl .
+
 ## release v1.1
 
 - GH-66: Allow parallel building of AMI and Vagrant boxes.

diff --git a/Examples/Initialize-ISHServer.ps1 b/Examples/Initialize-ISHServer.ps1
@@ -150,12 +150,14 @@ if($webCertificate)
         }
     }
 
-    & $serverScriptsPaths\IIS\Set-IISSslBinding.ps1 -Computer $computerName -Credential $credential -Thumbprint $certificate.Thumbprint
 }
 else
 {
-    & $serverScriptsPaths\IIS\Set-IISSslBinding.ps1 -Computer $computerName -Credential $credential
+    $certificate=& $serverScriptsPaths\Certificates\New-SelfSignedTrustedCertificate.ps1 -Computer $computerName -Credential $credential
 }
+& $serverScriptsPaths\IIS\Set-IISSslBinding.ps1 -Computer $computerName -Credential $credential -Thumbprint $certificate.Thumbprint
+
+
 
 if($unc)
 {

diff --git a/README.md b/README.md
@@ -6,28 +6,26 @@ Bootstrapper for [SDL Knowledge Center](https://sdl.com/xml) Content Manager dep
 For those who don't like repetitive tasks, this repository is all about automating the deployment of [SDL Knowledge Center](sdl.com/xml) Content Manager.
 [SDL Knowledge Center](sdl.com/xml) Content Manager is also known as with historical names ~~Trisoft~~, ~~InfoShare~~ or as we recently established **ISH**.
 
-I initially started this codebase as my own internal automation for a lab that I use to experiment with [ISHDeploy](https://sarafian.github.io/tags/ishdeploy/). 
+I initially started this codebase as my own internal automation for a lab that I use to experiment with [ISHDeploy](https://sarafian.github.io/tags/#ISHDeploy). 
 This repository is a port of that code base combined with some effort to improve it.
 
 # Goal 
-With the ISHBootstrapper the following flow gets automated for a clean/default Windows Server 2012 R2 installation
+With the ISHBootstrapper the following flow gets automated for a clean/default Windows Server 2016 installation
 
-1. Install the `PowerShellGet` powershell module to easily install modules. Windows Server 2012 R2 offers out of the box Powershell v4.0. Content Manager 12.0.* supports version v4.0.
 1. Enable and configure the **WinRM** (Windows Remoting) for secure connections and `CredSSP`
-1. Install Content Manager prerequisites as described in the [documentation](https://docs.sdl.com/LiveContent/web/pub.xql?action=home&pub=SDL Knowledge Center full documentation-v2&lang=en-US)
+1. Install Content Manager prerequisites as described in the [documentation](https://docs.sdl.com/LiveContent/web/pub.xql?action=home&pub=SDL%20Knowledge%20Center%20full%20documentation-v3&lang=en-US)
 1. Copy the deliverable of the Content Manager CD
 1. Install Content Manager. One or more deployments.
-1. Execute [ISHDeploy](powershellgallery.com/packages/ISHDeploy.12.0.0/) based code as configuration scripts
+1. Execute [ISHDeploy](powershellgallery.com/packages/ISHDeploy.13/) based code as configuration scripts
 
 Do all of the above with minimum manual actions and all should work locally and remotely. 
 At the end the dream goal is to execute a seamless update of a Content Manager deployments   
 
 **Remarks**:
 
 - Typically a Content Manager deployment is deployed on a server already part of Active Directory. 
-For this reason, some remote instructions fill face the double hop limitation described in [Powershell Remoting Caveats](https://sarafian.github.io/post/powershell/powershell-remoting-caveats/) and to work around the problem sessions with `CredSSP` will be required.
+For this reason, some remote instructions fill face the double hop limitation described in [Powershell Remoting Caveats](https://sarafian.github.io/2016/07/05/remoting-caveats.html) and to work around the problem sessions with `CredSSP` will be required.
 - Not all modules available here will be published to PowerShell gallery. Setting up an internal nuget repository is easy. The process is described [here](https://docs.nuget.org/create/hosting-your-own-nuget-feeds).
-- The code base will work against current **Knowledge Center 2016 Content Manager 12.0.0** but the code base will support future minor releases like **Knowledge Center 2016 Content Manager 12.0.1** and future major releases that is only internally available.
 - To avoid revealing internal asset names some variables will not be defined in code but we'll be acquired with cmdlets such as `Get-Variable`
 
 # Using the repository
@@ -45,4 +43,4 @@ Potential targets of a trigger can be:
 
 # Acknowledgements
 
-This a **personal** effort and by **no means** reflects an official deliverable for [SDL](sdl.com). 
+This a **personal** effort and by **no means** reflects an official deliverable for [SDL](sdl.com).
diff --git a/Source/Builders/Database/Restore-MockDatabase.ps1 b/Source/Builders/Database/Restore-MockDatabase.ps1
@@ -55,8 +55,8 @@ $segments=@(
     $ishCDPath
     "Database"
     "Dump"
-    "SQLServer2012"
-    "20151116.InfoShareEmpty-12.0.0-sqlserver2012.isource.InfoShare-OasisDita.1.2.bak"
+    "SQLServer2014"
+    "20171018.ISHEmpty-13.0.0-sqlserver2014.isource.InfoShare-OasisDita.1.2.bak"
 )
 $infoShareBakPath=$segments -join '\'
 

diff --git a/Source/Builders/Initialize-ISH.Instance.ps1 b/Source/Builders/Initialize-ISH.Instance.ps1
@@ -17,7 +17,10 @@ param(
     [securestring]$PFXCertificatePassword,
     [Parameter(Mandatory=$false,ParameterSetName="External Database")]
     [Parameter(Mandatory=$false,ParameterSetName="Demo Database")]
-    [string]$HostName=$null
+    [string]$HostName=$null,
+    [Parameter(Mandatory=$false,ParameterSetName="External Database")]
+    [Parameter(Mandatory=$false,ParameterSetName="Demo Database")]
+    [switch]$InContainer=$false
 )
 
 $cmdletsPaths="$PSScriptRoot\..\Cmdlets"
@@ -102,6 +105,27 @@ Set-ISHUserLocal -OSUserCredentials $OSUserCredentials
 Set-ISHUserAdministrator -OSUser $osUserName
 Initialize-ISHUserLocalProfile -OSUserCredentials $OSUserCredentials
 
+#region Grant read access to certificate private key
+
+if($InContainer)
+{
+    $permission = $OSUserCredentials.UserName,"Read","Allow"
+    $accessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
+
+    $keyPath = $env:ProgramData + "\Microsoft\Crypto\RSA\MachineKeys\"
+    $keyName = $certificate.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
+    $keyFullPath = Join-Path $keyPath $keyName
+
+    # Get the current acl of the private key
+    $acl = Get-Acl -Path $keyFullPath
+
+    # Add the new ace to the acl of the private key
+    $acl.AddAccessRule($accessRule)
+
+    # Write back the new acl
+    Set-Acl -Path $keyFullPath -AclObject $acl
+}
+#endregion
 
 #endregion
 
@@ -206,6 +230,7 @@ $extensions=@(
     "*.xsl"
     "*.ps1"
     "*.psm1"
+    "*.bat"
 )
 
 $foldersToScan=@(

diff --git a/Source/Docker/ISH.Cmd.ps1 b/Source/Docker/ISH.Cmd.ps1
@@ -1,103 +1,122 @@
 param(
-    [Parameter(Mandatory=$true,ParameterSet="External Database")]
-    [Parameter(Mandatory=$true,ParameterSet="Internal Database")]
+    [Parameter(Mandatory=$true,ParameterSetName="External Database")]
+    [Parameter(Mandatory=$true,ParameterSetName="Internal Database")]
     [string]$OsUserName,
-    [Parameter(Mandatory=$true,ParameterSet="External Database")]
-    [Parameter(Mandatory=$true,ParameterSet="Internal Database")]
+    [Parameter(Mandatory=$true,ParameterSetName="External Database")]
+    [Parameter(Mandatory=$true,ParameterSetName="Internal Database")]
     [string]$OsUserPassword,
-    [Parameter(Mandatory=$true,ParameterSet="External Database")]
-    [Parameter(Mandatory=$true,ParameterSet="Internal Database")]
+    [Parameter(Mandatory=$true,ParameterSetName="External Database")]
+    [Parameter(Mandatory=$true,ParameterSetName="Internal Database")]
     [string]$PFXCertificatePath,
-    [Parameter(Mandatory=$true,ParameterSet="External Database")]
-    [Parameter(Mandatory=$true,ParameterSet="Internal Database")]
-    [securestring]$PFXCertificatePassword,
-    [Parameter(Mandatory=$false,ParameterSet="External Database")]
-    [Parameter(Mandatory=$false,ParameterSet="Internal Database")]
+    [Parameter(Mandatory=$true,ParameterSetName="External Database")]
+    [Parameter(Mandatory=$true,ParameterSetName="Internal Database")]
+    [string]$PFXCertificatePassword,
+    [Parameter(Mandatory=$false,ParameterSetName="External Database")]
+    [Parameter(Mandatory=$false,ParameterSetName="Internal Database")]
     [string]$HostName=$null,
-    [Parameter(Mandatory=$true,ParameterSet="External Database")]
+    [Parameter(Mandatory=$true,ParameterSetName="External Database")]
     [string]$ConnectionString,
-    [Parameter(Mandatory=$true,ParameterSet="External Database")]
+    [Parameter(Mandatory=$true,ParameterSetName="External Database")]
     [ValidateSet("sqlserver2014","oracle")]
     [string]$DBType,
-    [Parameter(Mandatory=$false,ParameterSet="Internal Database")]
+    [Parameter(Mandatory=$false,ParameterSetName="Internal Database")]
     [string]$sa_password,
-    [Parameter(Mandatory=$false,ParameterSet="Internal Database")]
+    [Parameter(Mandatory=$false,ParameterSetName="Internal Database")]
     [string]$ACCEPT_EULA,
-    [Parameter(Mandatory=$false,ParameterSet="External Database")]
-    [Parameter(Mandatory=$false,ParameterSet="Internal Database")]
+    [Parameter(Mandatory=$false,ParameterSetName="External Database")]
+    [Parameter(Mandatory=$false,ParameterSetName="Internal Database")]
     [switch]$Loop=$false
 )
 
 if ($PSBoundParameters['Debug']) {
     $DebugPreference = 'Continue'
 }
 
-$buildersPath=Join-Path $PSScriptRoot "..\Builders"
+$firstRunPath=Join-Path $env:ProgramData "ISHDocker"
 
-$osUserCredentials=New-Object System.Management.Automation.PSCredential($OsUserName, (ConvertTo-SecureString -String $OsUserPassword -AsPlainText -Force))
-$pfxCertificateSecurePassword=ConvertTo-SecureString -String $PFXCertificatePassword -AsPlainText -Force
+if(-not (Test-Path -Path $firstRunPath))
+{
+    Write-Host "[DockerHost]Initializing container"
 
-$hash=@{
-    OsUserCredentials=$osUserCredentials
-    PFXCertificatePath=$PFXCertificatePath
-    PFXCertificatePassword=$pfxCertificateSecurePassword
-}
+    $buildersPath=Join-Path $PSScriptRoot "..\Builders"
 
-if($HostName)
-{
-    $hash.HostName=$HostName
-}
+    $osUserCredentials=New-Object System.Management.Automation.PSCredential($OsUserName, (ConvertTo-SecureString -String $OsUserPassword -AsPlainText -Force))
+    $osUserCredentials=Get-ISHNormalizedCredential -Credentials $osUserCredentials
+    $pfxCertificateSecurePassword=ConvertTo-SecureString -String $PFXCertificatePassword -AsPlainText -Force
 
-switch ($PSCmdlet.ParameterSetName)
-{
-    'External Database' {
-        $hash.ConnectionString=$ConnectionString
-        $hash.DbType=$DBType
+    $hash=@{
+        OsUserCredentials=$osUserCredentials
+        PFXCertificatePath=$PFXCertificatePath
+        PFXCertificatePassword=$pfxCertificateSecurePassword
     }
-    'Internal Database' {
-        $hash=@{
-        }
-        & .\start -sa_password $sa_password -ACCEPT_EULA $ACCEPT_EULA -attach_dbs $attach_dbs
+
+    if($HostName)
+    {
+        $hash.HostName=$HostName
     }
-}
 
-if($PSCmdlet.ParameterSetName -eq "Internal Database")
-{
-    # Doing part of the https://github.com/Sarafian/Docker/blob/master/Source/mssql2014-server-windows-express/start.ps1
+    switch ($PSCmdlet.ParameterSetName)
+    {
+        'External Database' {
+            $hash.ConnectionString=$ConnectionString
+            $hash.DbType=$DBType
+        }
+        'Internal Database' {
+            Write-Host "[DockerHost]Starting internal database"
+            # Doing part of the https://github.com/Sarafian/Docker/blob/master/Source/mssql2014-server-windows-express/start.ps1
 
-    if($ACCEPT_EULA -ne "Y" -And $ACCEPT_EULA -ne "y"){
-	    Write-Verbose "ERROR: You must accept the End User License Agreement before this container can start."
-	    Write-Verbose "Set the environment variable ACCEPT_EULA to 'Y' if you accept the agreement."
+            if($ACCEPT_EULA -ne "Y" -And $ACCEPT_EULA -ne "y"){
+	            Write-Verbose "ERROR: You must accept the End User License Agreement before this container can start."
+	            Write-Verbose "Set the environment variable ACCEPT_EULA to 'Y' if you accept the agreement."
 
-        exit 1 
-    }
+                exit 1 
+            }
+
+            Write-Verbose "Starting SQL Server"
+            start-service MSSQL`$SQLEXPRESS
 
-    Write-Verbose "Starting SQL Server"
-    start-service MSSQL`$SQLEXPRESS
+            if($sa_password -ne "_"){
+	            Write-Verbose "Changing SA login credentials"
+                $sqlcmd = "ALTER LOGIN sa with password=" +"'" + $sa_password + "'" + ";ALTER LOGIN sa ENABLE;"
+                Invoke-Sqlcmd -Query $sqlcmd -ServerInstance ".\SQLEXPRESS" 
+            }
 
-    if($sa_password -ne "_"){
-	    Write-Verbose "Changing SA login credentials"
-        $sqlcmd = "ALTER LOGIN sa with password=" +"'" + $sa_password + "'" + ";ALTER LOGIN sa ENABLE;"
-        Invoke-Sqlcmd -Query $sqlcmd -ServerInstance ".\SQLEXPRESS" 
+            Write-Verbose "Started SQL Server."
+        }
     }
 
-    Write-Verbose "Started SQL Server."
+    Write-Host "[DockerHost]Initializing deployment"
+    & $buildersPath\Initialize-ISH.Instance.ps1 @hash -InContainer
+
+    "Initialized" | Out-File -FilePath $firstRunPath -Force
+    Write-Host "[DockerHost]Container ready"
+}
+else
+{
+    Write-Host "[DockerHost]Container already initialized"
 }
 
-& $buildersPath\Initialize-ISH.Instance.ps1 @hash
 
 if($Loop)
 {
-    $lastCheck = (Get-Date).AddSeconds(-2) 
+    $intervalSeconds=30
+    $lastCheck = (Get-Date).AddSeconds(-($intervalSeconds)) 
     while ($true) { 
         if($PSCmdlet.ParameterSetName -eq "Internal Database")
         {
+            Write-Host "Probing event log for MSSQL"
             Get-EventLog -LogName Application -Source "MSSQL*" -After $lastCheck | Select-Object TimeGenerated, EntryType, Message	 
         }
         # TODO: Figure out ISH event log source
+        Write-Host "Probing event log for Trisoft"
         Get-EventLog -LogName Application -Source "Trisoft*" -After $lastCheck | Select-Object TimeGenerated, EntryType, Message	 
 
         $lastCheck = Get-Date 
-        Start-Sleep -Seconds 2 
+        Write-Host "Sleeping for $intervalSeconds seconds"
+        Start-Sleep -Seconds $intervalSeconds 
     }
+}
+else
+{
+    Write-Host "hostname=$HostName"
 }
diff --git a/Source/Docker/ISH.HealthCheck.ps1 b/Source/Docker/ISH.HealthCheck.ps1
@@ -17,12 +17,15 @@ if($IncludeMSSQL)
 }
 
 $serviceNames|ForEach-Object {
+    Write-Host "Probing service $_"
     $service=Get-Service -Name $_
+    Write-Host "Service $_ status is $($service.Status)"
     if($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running)
     {
-        Write-Host "$_ is not running"
-        exit -1
+        Write-Host "[DockerHost]$_ is not running"
+        Write-Host "[DockerHost]Not healthy"
+        exit 1
     }
 }
-
+Write-Host "[DockerHost]Healthy"
 exit 0
diff --git a/Source/ISH.MSSQL.dockerfile b/Source/ISH.MSSQL.dockerfile
@@ -16,6 +16,10 @@ ENV ACCEPT_EULA _
 
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
+# Workaround for powershell in interactive container can paste only 50 chars from clipboard
+# https://github.com/moby/moby/issues/29646#issuecomment-300474598
+RUN Remove-Item -Path $env:ProgramFiles/WindowsPowerShell/Modules/PSReadLine" -Recurse -Force
+
 ADD . C:/Provision/ISHBootstrap/Source
 ADD https://github.com/Microsoft/iis-docker/blob/master/windowsservercore/ServiceMonitor.exe?raw=true /Provision/ServiceMonitor.exe
 

diff --git a/Source/ISH.dockerfile b/Source/ISH.dockerfile
@@ -17,6 +17,10 @@ ENV HostName _
 
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
+# Workaround for powershell in interactive container can paste only 50 chars from clipboard
+# https://github.com/moby/moby/issues/29646#issuecomment-300474598
+RUN Remove-Item -Path $env:ProgramFiles/WindowsPowerShell/Modules/PSReadLine" -Recurse -Force
+
 ADD . C:/Provision/ISHBootstrap/Source
 ADD https://github.com/Microsoft/iis-docker/blob/master/windowsservercore/ServiceMonitor.exe?raw=true /Provision/ServiceMonitor.exe
 

diff --git a/Source/Invoke-DockerBuild.ps1 b/Source/Invoke-DockerBuild.ps1
@@ -1,5 +1,3 @@
-#requires -runasadministrator
-
 param(
     [Parameter(Mandatory=$true,ParameterSetName="WindowsServerCore")]
     [Parameter(Mandatory=$true,ParameterSetName="MSSQLExpress")]
@@ -72,11 +70,11 @@ else
 
 if($isWindowsClient)
 {
-    $memory="2GB"
+    $memory="4GB"
     Write-Warning "Client operating system detected. Container will run with Hyper-V isolation. Increasing the memory size to $memory"
     $dockerArgs+=@(
         "-m"
-        "2GB"
+        $memory
     )
 }