Skip to content

Brings QSG into line with Environments Projects #293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
May 27, 2025
Merged

Brings QSG into line with Environments Projects #293

merged 17 commits into from
May 27, 2025

Conversation

@JPRuskin
Copy link
Member

@JPRuskin JPRuskin commented Mar 12, 2025
edited by ryanrichter94
Loading

Description Of Changes

  • Updates to use Jenkins Job packages
  • Uses NexuShell instead of cribbed functions
  • Updates ClientSetup to match Azure changes
  • Updates Jenkins, Nexus, and CCM scripts to deploy correctly at setup (as in Ansible)
  • Removes SSL-unrelated scripts from Set-SSL
  • Renames Start-C4bSetup, Start-C4bValidation, and Set-SslSecurity scripts
  • Removes use of Web::GeneratePassword

Motivation and Context

This environment had several key differences to the other environments that could be brought into line, resulting in a more cohesive set of environments.

Testing

  • Deployed with self-signed certificate
  • Deployed with wildcard
  • Deployed with single-CN SSL certificate
  • Deployed unattended
  • Deployed piecemeal

It's worth noting that this requires the latest NexuShell, chocolatey-licensed-jenkins-jobs, and chocolatey-licensed-jenkins-scripts packages available to succeed.

Operating Systems Testing

  • Windows Server 2022
  • Windows Server 2019 (automated only)

Change Types Made

  • Bug fix (non-breaking change).
  • Feature / Enhancement (non-breaking change).
  • Breaking change (fix or feature that could cause existing functionality to change).
  • Documentation changes.
  • PowerShell code changes.

Change Checklist

  • Requires a change to the documentation.
  • Documentation has been updated.
  • Tests to cover my changes, have been added.
  • short.io link for qsg and qsg-go has been updated to point to Initialize- not Start-.
  • All new and existing tests passed?
  • [ ] PowerShell code changes: PowerShell v3 compatibility checked?

@JPRuskin JPRuskin force-pushed the hardenNexusOperations branch 2 times, most recently from 61042cf to 636ebfd Compare March 17, 2025 15:20
@JPRuskin
Copy link
Member Author

JPRuskin commented Mar 18, 2025

Realised that I meant to mention that the build will be broken until we merge in the build changes, due to the security-first approach we take. If we're happy with the code changes here, I can add the build changes as a commit and the tests will call the right filenames.

@JPRuskin JPRuskin force-pushed the hardenNexusOperations branch from 636ebfd to b3115fc Compare March 26, 2025 11:15
@JPRuskin JPRuskin force-pushed the hardenNexusOperations branch from b3115fc to d41a37a Compare May 6, 2025 10:37
@JPRuskin JPRuskin force-pushed the hardenNexusOperations branch from d41a37a to d2992b1 Compare May 21, 2025 09:55
@JPRuskin JPRuskin force-pushed the hardenNexusOperations branch from d2992b1 to 0f17aef Compare May 22, 2025 08:08
JPRuskin added 16 commits May 22, 2025 11:10
@JPRuskin
(#292) Uses Jenkins Job Packages
c408036
@JPRuskin
(#245) Uses NexuShell for Nexus Operations
b9a5b0c 
Additionally, hardens some flakey Nexus operations to improve reliability.
@JPRuskin
(#291) Adds Nexus Configuration to Start-C4BNexus
8180a3d 
Configuring the Nexus users and (optionally) SSL earlier in the Nexus script allows us to use the correct users and FQDNs immediately, and result in a more immediately available environment.

Now that we are always doing these actions (e.g. securing the repositories), this should also reduce a lot of confusion with what the SSL script does.
@JPRuskin
(#291) Adds Jenkins HTTPS Configuration in Start-C4BJenkins
3ebe059 
Brings Jenkins configuration from the Set-SSL script to the Jenkins script, resulting in a correctly configured installation.
@JPRuskin
(#291) Adds CCM HTTPS Configuration in Start-C4BCCM
7021045
@JPRuskin
(#291) Removes SSL Unrelated Operations from Set-SSL
f3360c0 
Customers are being confused by Set-SSL. This change removes remaining non-SSL-related operations from the script, which should allow it to be re-run if required (or accidentally) without issue.
@JPRuskin
(#290) Removes usage of Web::GeneratePassword
94afea4 
This generator has no control over which characters are used and so was creating issues with our lazy replacements in the readme.

This removes all uses of it in favour of the method used in New-ServicePassword, which is more controlled.

Consequently, this commit also removes the New-CCMSalt function, which is now unused.
@JPRuskin
(#291) Updates ClientSetup to match other Environments
395e15e
@JPRuskin
(#291) Improves Idempotency of SQL Setup
1ae7763 
Previously, re-running could result in a user being in use and consequently not being dropped.
@JPRuskin
(docs) Updates Script Names
bf60025 
After discussion with Ryan, this results in a more obvious flow (and use) of script names.

The quicklink and docs will need to be updated.
@JPRuskin
(#280) Updates CCM Website Root Address
ac363f3
@JPRuskin
(#291) Adds Single-Entrypoint for Usage
49ce633 
We should no longer tempt customer's fates by providing multiple things to enter into the terminal. Instead, we have a single thing to run, and we can drill in if we need to.
@JPRuskin
(#291) Allow for Beta Testing CCM Packages
d91d227 
The installer should allow for testing beta packages where available, as long as we've specified the version. This should control that more precisely.
@JPRuskin
(#291) Update Jenkins Plugin Versions
d579e83
@JPRuskin
(#291) Improve Edge Firstrun Experience
d8d5de3 
...by successfully removing it.
@JPRuskin
(maint) Update Packages
9b2def1 
This updates Chocolatey dependencies within the repository to the latest available versions.
@JPRuskin JPRuskin force-pushed the hardenNexusOperations branch from 0f17aef to 9b2def1 Compare May 22, 2025 11:24
@JPRuskin
(docs) Adds Endpoint Configuration Doc to Readme
df2af33 
I found this was missing when I trued up the docs PR.
@JPRuskin JPRuskin force-pushed the hardenNexusOperations branch from 6a292b3 to df2af33 Compare May 22, 2025 14:44
@ryanrichter94 ryanrichter94 merged commit b2e59b8 into main May 27, 2025
15 checks passed
@ryanrichter94 ryanrichter94 deleted the hardenNexusOperations branch May 27, 2025 13:09
@JPRuskin JPRuskin linked an issue May 27, 2025 that may be closed by this pull request
Add check for and enable ChocolateyTest source to Update test repository from Chocolatey Community Repository Jenkins job #294
Open
2 tasks
@JPRuskin JPRuskin mentioned this pull request May 27, 2025
Open
2 tasks
This was linked to issues May 27, 2025
Jenkins Jobs should be deployed via chocolatey-licensed-jenkins-jobs #292
Closed
Complete Environment should match C4B-Azure and C4B-Ansible #291
Closed
Nexus Setup should use up to date NexuShell #245
Closed
Braces in password generator causes issue with regex #290
Closed
This was referenced May 29, 2025
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ryanrichter94 ryanrichter94 ryanrichter94 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

3 participants

@JPRuskin @ryanrichter94