Redesign arcgis-enterprise-base template

[pbobov]

Streamline Initial Deployment

In the current design initial deployment of aws/arcgis-enterprise-base requires:

• Changing deployment properties in three JSON files: image.vars.json, infrastructure.tfvars.json, and application.tfvars.json.
• Running four workflows in a sequence: arcgis-enterprise-base-aws-image, arcgis-enterprise-base-aws-infrastructure, arcgis-enterprise-base-aws-application, and arcgis-enterprise-base-aws-test.

This process is too error prone and complex.

We should combine those four workflow into one 'arcgis-enterprise-base-aws', and use single configuration file for the combined workflow as well as the backup and restore workflows.

Wiring of arcgis-enterprise-base-aws.linux.json and arcgis-enterprise-base-aws.windows.json config files properties to the jobs:

Input Variable	Image	Infrastructure	Application	Test
arcgis_data_store_patches	X		X
arcgis_portal_patches	X		X
arcgis_server_patches	X		X
arcgis_version	X
arcgis_web_adaptor_patches	X		X
deployment_id	X	X	X	X
instance_type	X	X
os	X	X	X
root_volume_size		X
run_as_user	X		X
run_as_password	Windows only		Windows only
site_id	X	X	X	X
fileserver_instance_type		Windows only
fileserver_volume_size		Windows only
key_name		X
ssl_certificate_arn		X			,
subnet_type		X
admin_description			X
admin_email			X
admin_full_name			X
admin_password			X
admin_username			X
domain_name			X	X
is_upgrade	Skipped if true		X
keystore_file_password			X
keystore_file_path			X
log_level			X
portal_authorization_file_path			X
portal_user_license_type_id			X
root_cert_file_path			X
security_question			X
security_question_answer			X
server_authorization_file_path			X

Use Separate Workflows for Windows and Linux

Though the Packer templates, Terraform modules, and JSON config files used by arcgis-enterprise-base workflows are platform-specific, the same workflows are used for both Windows and Linux platforms. GitHub Action PLATFORM variable (windows | linux) makes the workflows to use Windows or Linux specific implementations.

This makes it difficult to use both Windows and Linux deployments in one site and it's not safe because running the workflows after changing PLATFORM variable will make the workflow use different modules and config files breaking the deployment.

We should use separate workflows for Windows and Linux instead of using PLATFORM variable.

Separate Config from Code

In the current design the config files (JSON input variables files, software authorization files, and SSL certificates) are located inside aws/arcgis-enterprise-base template.

That makes it difficult to merge/update the changes in automation code made in the parent template repository.

To simplify updates we should move the config files from the template directory to /config directory at the root of the repository.

Support Testing of Passive Deployments

In the current design arcgis-enterprise-base-aws-test workflow calls the portal URL that uses the domain name specified by domain_name input variable in application.tfvars.json. That domain name points to ALB DNS of the active deployment. So arcgis-enterprise-base-aws-test workflow cannot be used to test passive / not yet activated deployments.

The application tests should support testing of passive deployment.

The test should not use ALB DNS directly because of potential issues with SSL certificates and redirections. Instead, the test workflow should map domain_name to ALB DNS in the GitHub Action runner container or in the python test script.

IP_ADDRESS=$(dig +short $DOMAIL_NAME | tail -1)
echo "$IP_ADDRESS  $DOMAIL_NAME" >> /etc/hosts

[pbobov]

I'm having second thoughts about combining image, infrastructure, application, and test workflows into one.

• The workflows may be run by different users/departments with different AWS permissions.
• Only the initial deployment requires running all 4 workflow. Upgrades only use application and test workflows.
• Rerunning the combined workflow after correcting configuration mistakes will take longer time.