final gc migration fixes

deep-security · Mar 28, 2016 · b153f14 · b153f14
1 parent 507c6c5
commit b153f14
Show file tree

Hide file tree

Showing 9 changed files with 459 additions and 32 deletions.
diff --git a/DeepSecurity/Common/DB/DSDBAbstract.template b/DeepSecurity/Common/DB/DSDBAbstract.template
@@ -122,7 +122,7 @@
             "Type" : "AWS::CloudFormation::Stack",
             "Condition" : "DBTypeIsOracle",
             "Properties" : {
-                "TemplateURL" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.2/Common/DB/DSDBOracleRDS.template",
+                "TemplateURL" : "https://s3-us-gov-west-1.amazonaws.com/trend-micro-quick-start/v3.2/Common/DB/DSDBOracleRDS.template",
                 "TimeoutInMinutes" : "10",
                 "Parameters"       : {
                     "DBIRDSInstanceSize" : {
@@ -156,7 +156,7 @@
             "Type" : "AWS::CloudFormation::Stack",
             "Condition" : "DBTypeIsSQL",
             "Properties" : {
-                "TemplateURL" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.2/Common/DB/DSDBSQLRDS.template",
+                "TemplateURL" : "https://s3-us-gov-west-1.amazonaws.com/trend-micro-quick-start/v3.2/Common/DB/DSDBSQLRDS.template",
                 "TimeoutInMinutes" : "10",
                 "Parameters"       : {
                     "DBIRDSInstanceSize" : {

diff --git a/DeepSecurity/Common/DSM96ELB.template b/DeepSecurity/Common/DSM96ELB.template
@@ -47,7 +47,7 @@
         "ELBSG" : {
             "Type" : "AWS::CloudFormation::Stack",
             "Properties" : {
-                "TemplateURL" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.2/Common/SecurityGroups/DSELBSG.template",
+                "TemplateURL" : "https://s3-us-gov-west-1.amazonaws.com/trend-micro-quick-start/v3.2/Common/SecurityGroups/DSELBSG.template",
                 "Parameters"  : {
                     "AWSIVPC" : {
                         "Ref" : "AWSIVPC"

diff --git a/DeepSecurity/Common/Scripts/create-console-listener b/DeepSecurity/Common/Scripts/create-console-listener
@@ -4,7 +4,7 @@
 if [ $5 -eq 1 ]; then
   openssl req -nodes -new -sha256 -newkey rsa:2048 -subj '/CN='DeepSecurityManager'/O=Trend Micro/OU=Deep Security Manager' -keyout /etc/cfn/privatekey -out /etc/cfn/csr;
   openssl x509 -req -days 3650 -in /etc/cfn/csr -signkey /etc/cfn/privatekey -out /etc/cfn/certificatebody;
-  aws iam upload-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --certificate-body file:///etc/cfn/certificatebody --private-key file:///etc/cfn/privatekey
+  aws iam upload-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --certificate-body file:///etc/cfn/certificatebody --private-key file:///etc/cfn/privatekey --region $6
 fi
 
 loop=1
@@ -15,7 +15,7 @@ do
   if [ $loop -eq 1 ]; then echo 'checking for cert availability in iam'; else echo 'cert not yet available in iam'; fi
   loop=$((loop+1))
   sleep 10
-  certid=$(aws iam get-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --query ServerCertificate.ServerCertificateMetadata.Arn --output text)
+  certid=$(aws iam get-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --query ServerCertificate.ServerCertificateMetadata.Arn --region $6 --output text)
 done
 
 loadbalancer=" "

diff --git a/DeepSecurity/Common/Scripts/createCloudAccountGc b/DeepSecurity/Common/Scripts/createCloudAccountGc
@@ -0,0 +1,61 @@
+#!/bin/bash
+# createcloudaccount dsmuser dsmpass connectorName guiPort accesskey secretkey
+username=$1
+password=$2
+accesskey=$5
+secretkey=$6
+
+# replace this with your DSM IP or FQDN
+DSMURL="localhost:$4"
+
+# Remove regions you don't want from this list
+#REGIONS=(useast1 uswest1 uswest2 euwest1 apsoutheast1 apsoutheast2 apnortheast1 saeast1 eucentral1 apnortheast2)
+
+# map aws regions to dsm region keys
+#useast1=amazon.cloud.region.key.1
+#uswest2=amazon.cloud.region.key.2
+#uswest1=amazon.cloud.region.key.3
+#euwest1=amazon.cloud.region.key.4
+#apsoutheast1=amazon.cloud.region.key.5
+#apnortheast1=amazon.cloud.region.key.6
+#saeast1=amazon.cloud.region.key.7
+#apsoutheast2=amazon.cloud.region.key.8
+#eucentral1=amazon.cloud.region.key.9
+#apnortheast2=amazon.cloud.region.key.12
+
+# map aws regions to ec2 endpoints
+#useast1ep=ec2.us-east-1.amazonaws.com
+#uswest2ep=ec2.us-west-2.amazonaws.com
+#uswest1ep=ec2.us-west-1.amazonaws.com
+#euwest1ep=ec2.eu-west-1.amazonaws.com
+#apsoutheast1ep=ec2.ap-southeast-1.amazonaws.com
+#apnortheast1ep=ec2.ap-northeast-1.amazonaws.com
+#saeast1ep=ec2.sa-east-1.amazonaws.com
+#apsoutheast2ep=ec2.ap-southeast-2.amazonaws.com
+#eucentral1ep=ec2.eu-central-1.amazonaws.com
+#apnortheast2ep=ec2.ap-northeast-2.amazonaws.com
+
+
+echo "#####Login to DSM"
+tempDSSID=$(curl -k -H "Content-Type: application/json" -X POST "https://$DSMURL/rest/authentication/login/primary" -d "{"dsCredentials":{"userName":"$username","password":"$password"}}")
+
+echo "#####Looping through regions to create connectors"
+#for region in "${REGIONS[@]}"
+#do
+#  endpoint="${region}ep"
+#  echo "##### creating connector for $region region with endpoint ${!endpoint}"
+#  curl -ks -H "Content-Type: application/json" "Accept: application/json" -X POST "https://$DSMURL/rest/cloudaccounts" -d '{"createCloudAccountRequest":{"cloudAccountElement":{"accessKey":"'${accesskey}'","cloudRegion":"'${!region}'","cloudType":"AMAZON","name":"'$3'","secretKey":"'${secretkey}'","endpoint":"'${!endpoint}'","azureCertificate":"-"},"sessionId":"'$tempDSSID'"}}'
+#done
+
+curl -ks -H "Content-Type: application/json" "Accept: application/json" -X POST "https://$DSMURL/rest/cloudaccounts" -d '{"createCloudAccountRequest":{"cloudAccountElement":{"accessKey":"'${accesskey}'","cloudRegion":"'amazon.cloud.region.key.10'","cloudType":"AMAZON","name":"'$3'","secretKey":"'${secretkey}'","endpoint":"'ec2.us-gov-west-1.amazonaws.com'","azureCertificate":"-"},"sessionId":"'$tempDSSID'"}}'
+
+curl -k -X DELETE https://$DSMURL/rest/authentication/logout?sID=$tempDSSID
+
+unset accesskey
+unset secretkey
+unset tempDSSID
+unset username
+unset password
+
+
+
diff --git a/DeepSecurity/Common/Scripts/set-aiaSettings b/DeepSecurity/Common/Scripts/set-aiaSettings
@@ -24,11 +24,6 @@ curl -k -v -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "systemSett
 '<urn:settingUnit>NONE</urn:settingUnit>'\
 '<urn:settingValue>2</urn:settingValue>'\
 '</urn:editableSettings>'\
-'<urn:editableSettings>'\
-'<urn:settingKey>CONFIGURATION_AGENTCOMMUNICATIONS</urn:settingKey>'\
-'<urn:settingUnit>NONE</urn:settingUnit>'\
-'<urn:settingValue>1</urn:settingValue>'\
-'</urn:editableSettings>'\
 '<urn:sID>'${SID}'</urn:sID>'\
 '</urn:systemSettingSet>'\
 '</soapenv:Body>'\

diff --git a/DeepSecurity/DeepSecurity.cfproj b/DeepSecurity/DeepSecurity.cfproj
@@ -63,6 +63,9 @@
     <Compile Include="Quickstart\TMQuickStartPPU.template">
       <SubType>Code</SubType>
     </Compile>
+    <Compile Include="Quickstart\TMQuickStartRHEL-gc.template">
+      <SubType>Code</SubType>
+    </Compile>
     <Compile Include="RHEL\DSM96RH.template">
       <SubType>Code</SubType>
     </Compile>
@@ -89,6 +92,9 @@
     <Content Include="Common\Scripts\createCloudAccount">
       <SubType>Content</SubType>
     </Content>
+    <Content Include="Common\Scripts\createCloudAccountGc">
+      <SubType>Content</SubType>
+    </Content>
     <Content Include="Common\Scripts\dsm_s.service">
       <SubType>Content</SubType>
     </Content>