Showing posts with label networking. Show all posts
Showing posts with label networking. Show all posts

Sunday, June 6, 2021

Azure networking and storage accounts

 HOWTO

 

Github 

Create Storage account with  Network Rules

Terraform plan

resource "azurerm_storage_account" "davestorageaccounttf" {
  name                = "davestorageaccounttf"
  resource_group_name = azurerm_resource_group.daveterraformgroup.name

  location                 = "westeurope"
  account_tier             = "Standard"
  account_replication_type = "LRS"

  network_rules {
    default_action             = "Deny"
    ip_rules                   = ["100.0.0.1"]
    virtual_network_subnet_ids = [azurerm_subnet.daveterraformsubnet.id]
    bypass                     = ["Metrics", "AzureServices"]
  }

  tags = {
    environment = "staging"
  }
} 
Add container 
resource "azurerm_storage_container" "example" {
  name                  = "${var.prefix}storagecontainer"
  storage_account_name  = azurerm_storage_account.davestorageaccounttf.name
  container_access_type = "blob"
}

# azurerm_storage_account.daveterraformsa will be created
  + resource "azurerm_storage_account" "daveterraformsa" {
      + access_tier                      = (known after apply)
      + account_kind                     = "StorageV2"
      + account_replication_type         = "LRS"
      + account_tier                     = "Standard"
      + allow_blob_public_access         = false
      + enable_https_traffic_only        = true
      + id                               = (known after apply)
      + is_hns_enabled                   = false
      + large_file_share_enabled         = (known after apply)
      + location                         = "westeurope"
      + min_tls_version                  = "TLS1_0"
      + name                             = "davestorageaccount"
      + nfsv3_enabled                    = false
      + primary_access_key               = (sensitive value)
      + primary_blob_connection_string   = (sensitive value)
      + primary_blob_endpoint            = (known after apply)
      + primary_blob_host                = (known after apply)
      + primary_connection_string        = (sensitive value)
      + primary_dfs_endpoint             = (known after apply)
      + primary_dfs_host                 = (known after apply)
      + primary_file_endpoint            = (known after apply)
      + primary_file_host                = (known after apply)
      + primary_location                 = (known after apply)
      + primary_queue_endpoint           = (known after apply)
      + primary_queue_host               = (known after apply)
      + primary_table_endpoint           = (known after apply)
      + primary_table_host               = (known after apply)
      + primary_web_endpoint             = (known after apply)
      + primary_web_host                 = (known after apply)
      + resource_group_name              = "rg-dave-terraform-test"
      + secondary_access_key             = (sensitive value)
      + secondary_blob_connection_string = (sensitive value)
      + secondary_blob_endpoint          = (known after apply)
      + secondary_blob_host              = (known after apply)
      + secondary_connection_string      = (sensitive value)
      + secondary_dfs_endpoint           = (known after apply)
      + secondary_dfs_host               = (known after apply)
      + secondary_file_endpoint          = (known after apply)
      + secondary_file_host              = (known after apply)
      + secondary_location               = (known after apply)
      + secondary_queue_endpoint         = (known after apply)
      + secondary_queue_host             = (known after apply)
      + secondary_table_endpoint         = (known after apply)
      + secondary_table_host             = (known after apply)
      + secondary_web_endpoint           = (known after apply)
      + secondary_web_host               = (known after apply)
      + tags                             = {
          + "environment" = "Development"
        }

      + blob_properties {
          + change_feed_enabled      = (known after apply)
          + default_service_version  = (known after apply)
          + last_access_time_enabled = (known after apply)
          + versioning_enabled       = (known after apply)

          + container_delete_retention_policy {
              + days = (known after apply)
            }

          + cors_rule {
              + allowed_headers    = (known after apply)
              + allowed_methods    = (known after apply)
              + allowed_origins    = (known after apply)
              + exposed_headers    = (known after apply)
              + max_age_in_seconds = (known after apply)
            }

          + delete_retention_policy {
              + days = (known after apply)
            }
        }

      + identity {
          + principal_id = (known after apply)
          + tenant_id    = (known after apply)
          + type         = (known after apply)
        }

      + network_rules {
          + bypass                     = (known after apply)
          + default_action             = "Deny"
          + ip_rules                   = [
              + "100.0.0.1",
            ]
          + virtual_network_subnet_ids = [
              + "/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet/subnets/daveSubnet",
            ]
        }

      + queue_properties {
          + cors_rule {
              + allowed_headers    = (known after apply)
              + allowed_methods    = (known after apply)
              + allowed_origins    = (known after apply)
              + exposed_headers    = (known after apply)
              + max_age_in_seconds = (known after apply)
            }

          + hour_metrics {
              + enabled               = (known after apply)
              + include_apis          = (known after apply)
              + retention_policy_days = (known after apply)
              + version               = (known after apply)
            }

          + logging {
              + delete                = (known after apply)
              + read                  = (known after apply)
              + retention_policy_days = (known after apply)
              + version               = (known after apply)
              + write                 = (known after apply)
            }

          + minute_metrics {
              + enabled               = (known after apply)
              + include_apis          = (known after apply)
              + retention_policy_days = (known after apply)
              + version               = (known after apply)
            }
        }

      + routing {
          + choice                      = (known after apply)
          + publish_internet_endpoints  = (known after apply)
          + publish_microsoft_endpoints = (known after apply)
        }
    }

Plan: 1 to add, 1 to change, 0 to destroy.
Terraform apply 
[dave@dave azure]$ terraform apply
azurerm_resource_group.daveterraformgroup: Refreshing state... [id=/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test]
azurerm_public_ip.daveterraformpublicip: Refreshing state... [id=/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/publicIPAddresses/davePublicIP]
azurerm_virtual_network.daveterraformnetwork: Refreshing state... [id=/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet]
azurerm_network_security_group.daveterraformnsg: Refreshing state... [id=/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/networkSecurityGroups/daveNetworkSecurityGroup]
azurerm_subnet.daveterraformsubnet: Refreshing state... [id=/subscriptions/3434434-343-40/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet/subnets/daveSubnet]
azurerm_network_interface.daveterraformnic: Refreshing state... [id=/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/networkInterfaces/daveNIC]
azurerm_network_interface_security_group_association.dave: Refreshing state... [id=/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/networkInterfaces/daveNIC|/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/networkSecurityGroups/daveNetworkSecurityGroup]
azurerm_linux_virtual_machine.daveterraformvm: Refreshing state... [id=/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Compute/virtualMachines/dave-terraform-test]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform will perform the following actions:

  # azurerm_storage_account.davestorageaccounttf will be created
  + resource "azurerm_storage_account" "davestorageaccounttf" {
      + access_tier                      = (known after apply)
      + account_kind                     = "StorageV2"
      + account_replication_type         = "LRS"
      + account_tier                     = "Standard"
      + allow_blob_public_access         = false
      + enable_https_traffic_only        = true
      + id                               = (known after apply)
      + is_hns_enabled                   = false
      + large_file_share_enabled         = (known after apply)
      + location                         = "westeurope"
      + min_tls_version                  = "TLS1_0"
      + name                             = "davestorageaccounttf"
      + nfsv3_enabled                    = false
      + primary_access_key               = (sensitive value)
      + primary_blob_connection_string   = (sensitive value)
      + primary_blob_endpoint            = (known after apply)
      + primary_blob_host                = (known after apply)
      + primary_connection_string        = (sensitive value)
      + primary_dfs_endpoint             = (known after apply)
      + primary_dfs_host                 = (known after apply)
      + primary_file_endpoint            = (known after apply)
      + primary_file_host                = (known after apply)
      + primary_location                 = (known after apply)
      + primary_queue_endpoint           = (known after apply)
      + primary_queue_host               = (known after apply)
      + primary_table_endpoint           = (known after apply)
      + primary_table_host               = (known after apply)
      + primary_web_endpoint             = (known after apply)
      + primary_web_host                 = (known after apply)
      + resource_group_name              = "rg-dave-terraform-test"
      + secondary_access_key             = (sensitive value)
      + secondary_blob_connection_string = (sensitive value)
      + secondary_blob_endpoint          = (known after apply)
      + secondary_blob_host              = (known after apply)
      + secondary_connection_string      = (sensitive value)
      + secondary_dfs_endpoint           = (known after apply)
      + secondary_dfs_host               = (known after apply)
      + secondary_file_endpoint          = (known after apply)
      + secondary_file_host              = (known after apply)
      + secondary_location               = (known after apply)
      + secondary_queue_endpoint         = (known after apply)
      + secondary_queue_host             = (known after apply)
      + secondary_table_endpoint         = (known after apply)
      + secondary_table_host             = (known after apply)
      + secondary_web_endpoint           = (known after apply)
      + secondary_web_host               = (known after apply)
      + tags                             = {
          + "environment" = "staging"
        }

      + blob_properties {
          + change_feed_enabled      = (known after apply)
          + default_service_version  = (known after apply)
          + last_access_time_enabled = (known after apply)
          + versioning_enabled       = (known after apply)

          + container_delete_retention_policy {
              + days = (known after apply)
            }

          + cors_rule {
              + allowed_headers    = (known after apply)
              + allowed_methods    = (known after apply)
              + allowed_origins    = (known after apply)
              + exposed_headers    = (known after apply)
              + max_age_in_seconds = (known after apply)
            }

          + delete_retention_policy {
              + days = (known after apply)
            }
        }

      + identity {
          + principal_id = (known after apply)
          + tenant_id    = (known after apply)
          + type         = (known after apply)
        }

      + network_rules {
          + bypass                     = [
              + "AzureServices",
              + "Metrics",
            ]
          + default_action             = "Deny"
          + ip_rules                   = [
              + "100.0.0.1",
            ]
          + virtual_network_subnet_ids = [
              + "/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet/subnets/daveSubnet",
            ]
        }

      + queue_properties {
          + cors_rule {
              + allowed_headers    = (known after apply)
              + allowed_methods    = (known after apply)
              + allowed_origins    = (known after apply)
              + exposed_headers    = (known after apply)
              + max_age_in_seconds = (known after apply)
            }

          + hour_metrics {
              + enabled               = (known after apply)
              + include_apis          = (known after apply)
              + retention_policy_days = (known after apply)
              + version               = (known after apply)
            }

          + logging {
              + delete                = (known after apply)
              + read                  = (known after apply)
              + retention_policy_days = (known after apply)
              + version               = (known after apply)
              + write                 = (known after apply)
            }

          + minute_metrics {
              + enabled               = (known after apply)
              + include_apis          = (known after apply)
              + retention_policy_days = (known after apply)
              + version               = (known after apply)
            }
        }

      + routing {
          + choice                      = (known after apply)
          + publish_internet_endpoints  = (known after apply)
          + publish_microsoft_endpoints = (known after apply)
        }
    }

  # azurerm_storage_account_network_rules.davenetworkrules will be created
  + resource "azurerm_storage_account_network_rules" "davenetworkrules" {
      + bypass                     = [
          + "AzureServices",
          + "Metrics",
        ]
      + default_action             = "Allow"
      + id                         = (known after apply)
      + ip_rules                   = [
          + "127.0.0.1",
        ]
      + resource_group_name        = "rg-dave-terraform-test"
      + storage_account_name       = "davestorageaccounttf"
      + virtual_network_subnet_ids = [
          + "/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet/subnets/daveSubnet",
        ]
    }

  # azurerm_subnet.daveterraformsubnet will be updated in-place
  ~ resource "azurerm_subnet" "daveterraformsubnet" {
        id                                             = "/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet/subnets/daveSubnet"
        name                                           = "daveSubnet"
      ~ service_endpoints                              = [
          + "Microsoft.Storage",
        ]
        # (7 unchanged attributes hidden)
    }

Plan: 2 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

azurerm_subnet.daveterraformsubnet: Modifying... [id=/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet/subnets/daveSubnet]
azurerm_subnet.daveterraformsubnet: Modifications complete after 4s [id=/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Network/virtualNetworks/daveVnet/subnets/daveSubnet]
azurerm_storage_account.davestorageaccounttf: Creating...
azurerm_storage_account.davestorageaccounttf: Still creating... [10s elapsed]
azurerm_storage_account.davestorageaccounttf: Still creating... [20s elapsed]
azurerm_storage_account.davestorageaccounttf: Creation complete after 22s [id=/subscriptions/3434434-343-4/resourceGroups/rg-dave-terraform-test/providers/Microsoft.Storage/storageAccounts/davestorageaccounttf]


Azure Storage Account

Azure list of resources



Azure VM network topology




Posted by at No comments:
Labels: , ,

Saturday, February 13, 2021

Docker network between standalone containers

 HOWTO

 

GitHub repo

https://github.com/dveselka/weblogic/tree/master/docker-compose-managed-server

Containers

 

 docker ps
CONTAINER ID        IMAGE                           COMMAND                  CREATED             STATUS              PORTS                                            NAMES
bb6155b895af        12214-weblogic-domain-generic   "/u01/oracle/contain…"   3 minutes ago       Up 3 minutes        0.0.0.0:8001->8001/tcp                           managedserver
edc43bd0ce1c        12214-weblogic-domain-generic   "/u01/oracle/contain…"   3 minutes ago       Up 3 minutes        0.0.0.0:7001->7001/tcp, 0.0.0.0:9002->9002/tcp   adminserver

 

 Ping adminserver by hostname from managed server 

$ docker exec -it managedserver /bin/bash
[oracle@bb6155b895af ~]$ ping adminserver
PING adminserver (172.19.0.2) 56(84) bytes of data.
64 bytes from adminserver.docker-compose-managed-server_wlsnet (172.19.0.2): icmp_seq=1 ttl=64 time=0.143 ms
64 bytes from adminserver.docker-compose-managed-server_wlsnet (172.19.0.2): icmp_seq=2 ttl=64 time=0.126 ms

Docker networks

 

[dave@dave ~]$ docker network ls
NETWORK ID          NAME                                   DRIVER              SCOPE
f52862010f16        bridge                                 bridge              local
4d18d28369b0        docker-compose-managed-server_wlsnet   bridge              local
fc58b29d0364        docker-compose_wlsnet                  bridge              local
f17fcc698c57        host                                   host                local
17497f49dcb2        none                                   null                local

 

Docker network for Weblogic servers

[dave@dave ~]$ docker inspect docker-compose-managed-server_wlsnet
[
    {
        "Name": "docker-compose-managed-server_wlsnet",
        "Id": "4d18d28369b0ec5dae676239ab95a3f64a2389091f0b47929aec9ca19e4b958b",
        "Created": "2021-02-13T08:46:13.300367764+01:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.19.0.0/16",
                    "Gateway": "172.19.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "bb6155b895af6f96341d1526d6e08597b3aab2156e29e1b8f90f980b44f0d198": {
                "Name": "managedserver",
                "EndpointID": "455729a26be89f9d37dde62a8b4b8e8a8fccfe248ee2425e574fb6f82ffa7ecb",
                "MacAddress": "02:42:ac:13:00:03",
                "IPv4Address": "172.19.0.3/16",
                "IPv6Address": ""
            },
            "edc43bd0ce1cee7f9d1b9cc9a32b9868396794a9b0e6ab32196ac32aec04ac31": {
                "Name": "adminserver",
                "EndpointID": "3744588006fc91c958625a115b2db839fe7dd5c601f774d9b648d717ba300dd9",
                "MacAddress": "02:42:ac:13:00:02",
                "IPv4Address": "172.19.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {
            "com.docker.compose.network": "wlsnet",
            "com.docker.compose.project": "docker-compose-managed-server",
            "com.docker.compose.version": "1.27.4"
        }
    }
]

Weblogic servers

Posted by at No comments:
Labels: , ,

Sunday, January 24, 2021

Configure Weblogic Custom Network Channel

HOWTO

WLST to add custom channel

[dave@dave base_domain]$ more Script1611468688411.py 

cd('/Servers/AdminServer')
cmo.createNetworkAccessPoint('DaveChannel')

cd('/Servers/AdminServer/NetworkAccessPoints/DaveChannel')
cmo.setProtocol('t3')
cmo.setListenPort(8001)
cmo.setEnabled(true)
cmo.setHttpEnabledForThisProtocol(true)
cmo.setTunnelingEnabled(false)
cmo.setOutboundEnabled(false)
cmo.setTwoWaySSLEnabled(false)
cmo.setClientCertificateEnforced(false)

activate()

Weblogic server log

####<Jan 24, 2021 6:13:42,045 AM GMT> <Notice> <Server> <f403a85ea0c9> <AdminServer> <weblogic.socket.ServerListenThread> <<WLS Kernel>> <> <365e7dc7-40ef-4cff-bf44-b736fef5ffdd-0000000e> <1611468822045> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] 
> <BEA-002613> <Channel "DaveChannel[1]" is now listening on 127.0.0.1:8001 for protocols t3, http.>
Posted by at No comments:
Labels: , ,
Subscribe to: Comments (Atom)