search

WASdev / azure.websphere-traditional.image

Apache License 2.0
1 stars 7 forks source link

Pipelines and docs for updating tWAS VM Images on RHEL 9.x #67

Closed majguo closed 1 year ago

majguo commented 1 year ago

Description

The PR addresses most of the requirements listed in #64 by providing pipelines and docs for updating tWAS VM Images on RHEL 9.x in Azure Marketplace.

Change summary

The following major changes are implemented:

Testing

CICD pipelines for generating VHD files for tWAS VM Images on RHEL 9.x:

These generated VHD files are also used for updating the testing tWAS VM offer in PartnerCenter. The testing tWAS VM offer is successfully published and in preview, which is verified by deploying VM from both Azure Portal and solution template. The preview links for creating VMs:

How-To docs

Part of how-to docs of updating the VM images are located in the following PRs:

The others are included in this PR.

As a result, after the above PRs and this PR are merged, instructions on how to update tWAS VM images on RHEL 9.x can be referenced from howto-update-image.md.

Partner center HTML

I drafted contents of Azure virtual machine offer as requested, they're located in:

@gcharters @git4rk @m-reza-rahman @edburns, pls continue working on it when updating vm offers in partner center.

OpenSCAP reports

The scanning reports before and after compliance remediation can be downloaded from the summary of pipeline workflow, e.g.:

Note: after applying OpenSCAP rules, additional commands (e.g., waagent -deprovision+user -force) have to be executed for generating Azure VM image. The followings are what waagent -deprovision+user -force does during the execution:

waagent -deprovision+user -force
WARNING! The waagent service will be stopped.
WARNING! All SSH host key pairs will be deleted.
WARNING! Cached DHCP leases will be deleted.
WARNING! root password will be disabled. You will not be able to login as root.
WARNING! /etc/resolv.conf will be deleted.
WARNING! <admin-account-name> account and entire home directory will be deleted.
2023-02-21T00:57:42.690257Z INFO MainThread Examine /proc/net/route for primary interface
2023-02-21T00:57:42.690784Z INFO MainThread Primary interface is [eth0]

Besides, VM creation may also introduce some difference regarding to security. So I deployed a new VM with twas-base and ran the scanning again, there is only slight difference between reports, which should be acceptable:

Signed-off-by: Jianguo Ma jiangma@microsoft.com

majguo commented 1 year ago

Hello @venunathb @git4rk @edburns Could you pls review the PR? Thanks.

venunathb commented 1 year ago

@majguo Do we have Openscap reports links in CICD pipelines? If yes, how to access them?

I see the following on the CICD summary page, but I need help finding the ink to the Openscap report.

image

twas-base CICD twas-nd CICD ihs CICD

venunathb commented 1 year ago

PR review.

majguo commented 1 year ago

@majguo Do we have Openscap reports links in CICD pipelines? If yes, how to access them?

I see the following on the CICD summary page, but I need help finding the ink to the Openscap report. image

twas-base CICD twas-nd CICD ihs CICD

@venunathb Yes, we have. Follow steps below to access them:

  1. Click to open workflow ran twas-base CICD mentioned in the PR. The Summary will be displayed.
  2. Scroll down to the bottom of the page.
  3. In Artifacts section, there're two links for OpenSCAP reports: scan-report-before and scan-report-after.
  4. Click links to download reports.

Same steps for accessing reports for twas-nd CICD and ihs CICD.

@majguo I can access the reports from the CICD Summary page. Thank you.