Locale

Bash

sudo locale-gen "de_DE.UTF-8"
sudo update-locale LANG="de_DE.UTF-8"

Powershell

• See: https://make-it-easier.com/2015/02/12/change-language-settings-powershell/

Set-WinUILanguageOverride -Language de-DE

Keyboard Layout

Bash

sudo sed -i 's|'XKBMODEL=.*'|'XKBMODEL=pc105'|g' /etc/default/keyboard
sudo sed -i 's|'XKBLAYOUT=.*'|'XKBLAYOUT=de'|g' /etc/default/keyboard

Powershell

Set-WinUserLanguageList -LanguageList DE-DE

Timezone

Bash

sudo timedatectl set-timezone Europe/Berlin

Powershell

Set-TimeZone -Name "W. Europe Standard Time"

• See:
  • https://github.com/chrisipa/ansible-esxi
  • https://gist.github.com/treyperrone/38d578a02ce75c0fd1ee0afa5e784431

Please write a Java client application which is operating system agnostic. This will make it easier to integrate the client into a Continuous Delivery Pipeline in Jenkins running on Windows or MacOS.

Provision log entries get overwritten if a virtual machine is deprovisioned successfully. So the creation log entry will disappear from the list which is bad in terms of auditability.

It would be possible to add a parent or child id to a provisioning log entry.

• See:
  • https://www.terraform.io/docs/providers/vcd/index.html
  • https://github.com/UKHomeOffice/vcloud_packer_images

Add support for Public Key and Username and Password auth.

With the current release it is not possible to create a new VM in vsphere with IE 11.0.9600…

• Use random_id from terraform

• Add passwort repeat field
• Add help text explaining the password complexity

Close firewall port 5985 after provisoning of a Windows Server VM.

Be aware: The user you use for your connection will need a lot of different rights for vcenter.

Example:

provider "vsphere" {
  user = "my_username"
  password = "my_password"
  vsphere_server = "my.server.url"
  allow_unverified_ssl = true
  version = "~> 1.1"
}

data "vsphere_datacenter" "dc" {
  name = "my_datacenter_name"
}

data "vsphere_datastore" "datastore" {
  name          = "my_datastore_name"
  datacenter_id = "${data.vsphere_datacenter.dc.id}"
}

data "vsphere_resource_pool" "pool" {
  name          = "my_resource_pool"
  datacenter_id = "${data.vsphere_datacenter.dc.id}"
}

data "vsphere_network" "network" {
  name          = "my_network"
  datacenter_id = "${data.vsphere_datacenter.dc.id}"
}

data "vsphere_virtual_machine" "template" {
  name          = "my_template"
  datacenter_id = "${data.vsphere_datacenter.dc.id}"
}

resource "vsphere_virtual_machine" "vm" {

  name             = "my_vm"
  resource_pool_id = "${data.vsphere_resource_pool.pool.id}"
  datastore_id     = "${data.vsphere_datastore.datastore.id}"

  num_cpus = 2
  memory   = 1024
  guest_id = "${data.vsphere_virtual_machine.template.guest_id}"
  folder = "my/folder/path"

  network_interface {
    network_id = "${data.vsphere_network.network.id}"
  }

  disk {
    name = "my_vm.vmdk"
    size = 20
  }

  clone {
    template_uuid = "${data.vsphere_virtual_machine.template.id}"    
  }  
}

output "datacenter id" {
    value = "${data.vsphere_datacenter.dc.id}"
}

output "datastore id" {
    value = "${data.vsphere_datastore.datastore.id}"
}

output "resource pool id" {
    value = "${data.vsphere_resource_pool.pool.id}"
}

output "network id" {
    value = "${data.vsphere_network.network.id}"
}

output "template id" {
    value = "${data.vsphere_virtual_machine.template.id}"
}

See also:

• https://www.hashicorp.com/blog/a-re-introduction-to-the-terraform-vsphere-provider
• https://www.terraform.io/docs/providers/vsphere/index.html
• https://github.com/terraform-providers/terraform-provider-vsphere
• https://github.com/terraform-providers/terraform-provider-vsphere/tree/master/examples/end-to-end-1.1.0

• The VM templates from vpshere have a fixed disk size
• When provisioning VMs these templates are simply cloned
• The clones will have the same VM size
• Support additional disks for data storage
• The current disk can be used for storing the OS and packages

• e.g.: Dependency between VM image and vRAM:
  • Windows Server 2016 -> minimum of 2048 MB

This way it is clear from which system the provisioning of VMs was started.

Add tags for:

• Username
• Group
• Datetime

See:

• https://programmaticponderings.com/2017/05/08/decoupling-microservices-using-message-based-rpc-ipc-with-spring-rabbitmq-and-ampq/
• https://github.com/garystafford/voter-service
• https://github.com/Architrek/simple-bus-mongo

• Create real world example for docker-compose
• Add hint: Project under heavy development: Data structures and configuration mechanisms are not fixed right now

Add these variables:

• title
• description

• See:
  https://hodgkins.io/best-practices-with-packer-and-windows
  http://www.hurryupandwait.io/blog/creating-windows-base-images-for-virtualbox-and-hyper-v-using-packer-boxstarter-and-vagrant

• Show statistics of provisioned and destroyed VMs of different providers
• See:
  https://blackrockdigital.github.io/startbootstrap-sb-admin-2/data/flot-data.js
  https://blackrockdigital.github.io/startbootstrap-sb-admin-2/pages/flot.html

• Maybe it's to hard to destroy a vm directly:
  • Shutdown vm first
  • Move to quarantine
  • Destroy after a special period of time
• It could also be helpful to inform a user by mail

What: Setting only a public ssh key for provisioning should be possible.
This enables the user to directly use the VM without providing his private key.

How: Provisioning might be done with a randomly created ssh keypair, that will be deleted after successfull provisioning while the users public key will be added to the authorized keys.

Main Reasons: Providing your own private ssh key is unintuitive and potentially unsecure.

Add support for different flavours of Linux and Windows:

• Debian
• Red Hat Enterprise Linux
• CentOS
• Windows Server 2012

• It's pretty obvious that use cases can be dependant from each other, e.g:
  • Create a virtual machine on vsphere
  • Install Jenkins application on that machine (also see issue #44)
• Here it could make sense to specify a parent child relationsship between use cases:
  • The application has to make sure that the use cases are provisioned in the correct order, e.g.: First VM then Jenkins
  • The results of a use case provisioning has to be accessible from a dependant provisioning job, e.g.: IP of the VM

To speed up provisioning times provider files (e.g. for AWS) could be downloaded on startup. Later on these files could be used for every terraform provisioning.

• Create playbook.yml file:

- hosts: all
  vars:
    jenkins_hostname: 192.168.0.1
  roles:
    - role: geerlingguy.java
      become: yes
    - role: geerlingguy.jenkins
      become: yes

• Parse playbook.yml for ansible galaxy roles
• Use ansible-galaxy install to download roles

ansible-galaxy --ignore-certs install geerlingguy.jenkins

• Execute ansible-playbook:

ansible-playbook -i 192.168.0.1, --extra-vars ansible_ssh_user=my_user --extra-vars ansible_sudo_pass='my_pass' --extra-vars ansible_python_interpreter=/usr/bin/python3 playbook.yml

Use cases should be configured using yml files:

• Dynamic UI rendering (menu, forms, ...)
• Merge structure.yml with variables.yml
• See:
  https://stackoverflow.com/questions/33993063/annotation-based-servicelocatorfactorybean

Refactor application to allow different workflow actions after provisioning. Create initial mechanism for workflow actions.

Ideally Workflow actions (like email delivery) should be created by implementing a generic workflow action interface.

An example for a zero downtime deployment could look like this:

• Provisioning jobs are saved in a queue
• If maintenance mode is active no new jobs will be executed
• Deployment script for application waits until all provisioning jobs have finished
• Deployment is performed and maintenance mode will be deactivated

• Add to popup with console output

https://www.youtube.com/watch?v=NKZ46OSocp8&feature=youtu.be

Allow an admin to configure scripts before and after user script execution:

1. Execute prepare script (can be used to install common tools etc)
2. Execute bootstrap script from user
3. Execute cleanup script

use docker-compose.yml

mongodb:
  image: mongo:3.4.10
  volumes:
   - /srv/docker/cloud-portal/data:/data/db

tomcat:
  image: chrisipa/cloud-portal:latest
  links: 
  - mongodb
  environment:    
  - TOMCAT_SESSION_TIMEOUT=720
  - application.title=Cloud Portal
  - application.admin.group=my-admin-group
  - encryptor.secret=my-encryptor-secret
  - ldap.base.dn=dc=example,dc=com
  - ldap.group.attribute=memberOf
  - ldap.login.attribute=userPrincipalName
  - ldap.password=password
  - ldap.principal=cn=m y-admin-user,ou=users,dc=example,dc=com
  - ldap.url.string=ldap://192.168.0.62:389
  - ldap.user.search.filter=
  - [email protected]
  - mail.host=smtp.gmail.com
  - mail.send=true
  - spring.data.mongodb.uri=mongodb://mongodb:27017/cloud-portal
  volumes:
  - /srv/docker/cloud-portal/logs:/opt/tomcat/log
  ports:
   - "80:8080"
   - "443:8443"

Where [email protected] - Login E-mail,
password - Password

LDAP server - working

{'groups': [('cn=my-admin-group,dc=example,dc=com',
             {'cn': ['my-admin-group'],
              'description': ['my-admin-group'],
              'gidNumber': ['1'],
              'objectClass': ['posixGroup', 'top']})],
 'orgs': [('ou=Cloud Portal,dc=example,dc=com',
           {'description': ['Cloud Portal'],
            'objectClass': ['organizationalUnit', 'top'],
            'ou': ['Cloud Portal']}),
          ('ou=users,dc=example,dc=com',
           {'description': ['users'],
            'objectClass': ['organizationalUnit', 'top'],
            'ou': ['users']})],
 'users': [('cn=m y-admin-user,ou=users,dc=example,dc=com',
            {'cn': ['m y-admin-user'],
             'gidNumber': ['1'],
             'givenName': ['m'],
             'homeDirectory': ['/home/my-admin-user'],
             'initials': ['m.y.'],
             'loginShell': ['/bin/bash'],
             'mail': ['[email protected]'],
             'objectClass': ['inetOrgPerson', 'posixAccount', 'top'],
             'sn': ['y-admin-user'],
             'uid': ['my-admin-user'],
             'uidNumber': ['1002'],
             'userPassword': ['{SSHA}K7D/LX91DPJnIn+EHTCHsOpo+b0RUipL']})]}

/cloud-portal/login?error

here is my mistake?

getting invalid credential error while making an authentication to the application any idea how to fix it

In a corporate environment you often have the following scenario:

• You generally have quite strict firewall and security policies
• The Cloud self service portal is deployed in a central datacenter
• The target environments for provisionings could be located in decentralized company sites
• Maybe it's not allowed to open that communication from the central Cloud self service portal to that environments

Possible solution:

• Externalize a provisioning worker service which is running on each site where a target environment is located
• Provisioning jobs are routed to that provisioning workers

• Use AutoFlushingStreamPumper:
  https://gist.github.com/martypitt/4653381