search

aws-quickstart / quickstart-citrix-daas

AWS Quick Start Team
Apache License 2.0
1 stars 1 forks source link

QS failes at Connector Creation #20

Closed PastafarianPirate closed 2 years ago

PastafarianPirate commented 3 years ago

Getting the following: Embedded stack arn:aws:cloudformation:us-east-2:117793589184:stack/Citrix-Virtual-Apps-CitrixResourceLocationStack-1BGIHCBTSORE3/52f97590-ebcf-11eb-8285-02c1f8d20b10 was not successfully created: The following resource(s) failed to create: [CitrixCloudConnectors]

Also, and not an issue so much as a question. Is there a way to change the AD type from Ent to Std?

PastafarianPirate commented 3 years ago

Chased it down to : API: ec2:RunInstances Not authorized for images: [ami-0db153619de617953]

vsnyc commented 3 years ago

This issue has been resolved in PR #19, but the Quick Start still does not fully work - it would fail at the VDA creation step because the VDA setup file URL in code has been restricted access: https://s3.us-east-2.amazonaws.com/ctxs-vda-installer/vda/VDAServerSetup_1903.exe.

Thus we haven't been able to push the templates through our CI to get it republished. I'm working with Citrix to get it resolved.

A temporary workaround is to run the Quick Start from your own bucket using the code in develop branch, with the following modifications.

  1. See the instructions to clone and run the Quick Start from your own bucket here: https://aws-quickstart.github.io/option1.html
  2. Change the branch to develop
  3. Download the Server OS Virtual Delivery Agent 1903 file directly from https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/product-software/citrix-virtual-apps-and-desktops-1903.html
  4. Upload it to a S3 bucket you own.
  5. Change this line in the template: https://github.com/aws-quickstart/quickstart-citrix-virtualapps-service/blob/develop/templates/citrix-virtualapps-service-vda-serveros.yaml#L391 from source: https://s3.us-east-2.amazonaws.com/ctxs-vda-installer/vda/VDAServerSetup_1903.exe to match the bucket path you uploaded the file to. For example, source: https://s3.<bucket-region>.amazonaws.com/<bucket-name>/<path>/VDAServerSetup_1903.exe
  6. For the above to work, the file also needs to be made public. Alternatively, the file can be uploaded to the same bucket that is being used for QSS3BucketName and then S3AccessCreds credentials be added for authentication. For example, the code below, assuming the VDAServerSetup_1903.exe file was copied to 
    s3://${QSS3BucketName}/${QSS3KeyPrefix}installer/VDAServerSetup.exe:
   c:\cfn\scripts\VDAServerSetup.exe:
          source:
            !Sub
              - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}installer/VDAServerSetup.exe'
              - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
                S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
          authentication: S3AccessCreds

    You can simplify it as well to not use the conditional substitutions, by hardcoding the Region of the bucket, e.g. assuming it is us-east-1

       c:\cfn\scripts\VDAServerSetup.exe:
          source:
            !Sub https://${QSS3BucketName}.s3.us-east-1.${AWS::URLSuffix}/${QSS3KeyPrefix}installer/VDAServerSetup.exe
          authentication: S3AccessCreds

I can also solve this by adding a new parameter: CitrixVDAServerSetupFileLocation that you can pass a value to, but I'm trying to avoid that extra work if we can restore the past behavior.

PastafarianPirate commented 3 years ago

Perfect! Thank you. How can i change the managed AD from Enterprise to Standard.

THANK YOU!

vsnyc commented 3 years ago

Sorry to be daft here, but have this done.

Uploaded the exe to a public bucket Edited the code to reference the public bucket

Now how do I use this?

No worries, feel free to contact me on LinkedIn (details in profile) if you'd like to arrange a meeting.

The short gist is that you would use the Template URL from your bucket when launching the stack in CloudFormation, i.e. instead of the default one: https://s3.amazonaws.com/aws-quickstart/quickstart-citrix-virtualapps-service/templates/citrix-virtualapps-service-master.yaml, use

https://s3.amazonaws.com/

/quickstart-citrix-virtualapps-service/templates/citrix-virtualapps-service-master.yaml In the parameters section, make sure to change the default values in AWS Quick Start configuration section to match your bucket name and bucket Region. On Fri, Jul 23, 2021 at 2:56 PM PastafarianPirate ***@***.***> wrote: > > Sorry to be daft here, but have this done. > > Uploaded the exe to a public bucket > Edited the code to reference the public bucket > > Now how do I use this? > > Thanks > > Raj Croager > MARJEN Technology Group LLC > Phone:+1 817.471.1238 > Email: ***@***.*** > Web: www.marjentech.com > Address:559 Silicon Dr. Ste 101 > Southlake, TX > 76092 > This email and any files transmitted with it are confidential and intended > solely for the use of the individual(s) to whom they are addressed. > Information contained herein may be privileged or otherwise protected by > copyright, work product immunity, or other legal statutes. If you are not > the intended recipient you are hereby notified that copying, distributing, > disclosing, or otherwise disseminating the content in any way is strictly > prohibited. Views or opinions presented in this email are solely those of > the author and do not necessarily represent those of the company. > From: Vinod Shukla ***@***.***> > Sent: Friday, July 23, 2021 12:42 PM > To: aws-quickstart/quickstart-citrix-virtualapps-service ***@***.***> > Cc: Raj Croager ***@***.***>; Author ***@***.***> > Subject: Re: [aws-quickstart/quickstart-citrix-virtualapps-service] QS > failes at Connector Creation (#20) > > > [ CAUTION: This email originated from outside of the organization. Do not > follow guidance, click links, or open attachments unless you recognize the > sender and know the content is safe.] > > This issue has been resolved in PR #19< > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_aws-2Dquickstart_quickstart-2Dcitrix-2Dvirtualapps-2Dservice_pull_19&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=KeyfTXTYfufCLfxhgKlPTjggOTbXc4cP5zrkIy3Awgc&s=oUSzVAylc_HNSKkK96EXSf4shHuARjNqVLbnlpc8zgA&e=>, > but the Quick Start still does not fully work - it would fail at the VDA > creation step because the VDA setup file URL in code has been restricted > access: > https://s3.us-east-2.amazonaws.com/ctxs-vda-installer/vda/VDAServerSetup_1903.exe > < > https://urldefense.proofpoint.com/v2/url?u=https-3A__s3.us-2Deast-2D2.amazonaws.com_ctxs-2Dvda-2Dinstaller_vda_VDAServerSetup-5F1903.exe&d=DwQCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=KeyfTXTYfufCLfxhgKlPTjggOTbXc4cP5zrkIy3Awgc&s=srYTT5jDHGGVSSAdsmetlR2DBEPWA50fJxMXwr9I-ks&e= > >. > > Thus we haven't been able to push the templates through our CI to get it > republished. I'm working with Citrix to get it resolved. > > A temporary workaround is to run the Quick Start from your own bucket > using the code in develop branch, with the following modifications. > > 1. See the instructions to clone and run the Quick Start from your own > bucket here: https://aws-quickstart.github.io/option1.html< > https://urldefense.proofpoint.com/v2/url?u=https-3A__aws-2Dquickstart.github.io_option1.html&d=DwQCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=KeyfTXTYfufCLfxhgKlPTjggOTbXc4cP5zrkIy3Awgc&s=sDF-EdQL7QdHqlAB0ixF0kZ40cQX2wbYPiseXprTU1k&e= > > > 2. Change the branch to develop > 3. Download the Server OS Virtual Delivery Agent 1903 file directly from > https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/product-software/citrix-virtual-apps-and-desktops-1903.html > < > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.citrix.com_downloads_citrix-2Dvirtual-2Dapps-2Dand-2Ddesktops_product-2Dsoftware_citrix-2Dvirtual-2Dapps-2Dand-2Ddesktops-2D1903.html&d=DwQCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=KeyfTXTYfufCLfxhgKlPTjggOTbXc4cP5zrkIy3Awgc&s=PfcnBCLHML49mWxtP11vFn32_fs_gFB-IOXFTs4wyTk&e= > > > 4. Upload it to a S3 bucket you own. > 5. Change this line in the template: > https://github.com/aws-quickstart/quickstart-citrix-virtualapps-service/blob/develop/templates/citrix-virtualapps-service-vda-serveros.yaml#L391 > < > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_aws-2Dquickstart_quickstart-2Dcitrix-2Dvirtualapps-2Dservice_blob_develop_templates_citrix-2Dvirtualapps-2Dservice-2Dvda-2Dserveros.yaml-23L391&d=DwQCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=KeyfTXTYfufCLfxhgKlPTjggOTbXc4cP5zrkIy3Awgc&s=uIl4wymNY6QJ5hYn8p5ke6ZZ30szkAatMcIKvUT011o&e=> > from > source: > https://s3.us-east-2.amazonaws.com/ctxs-vda-installer/vda/VDAServerSetup_1903.exe > < > https://urldefense.proofpoint.com/v2/url?u=https-3A__s3.us-2Deast-2D2.amazonaws.com_ctxs-2Dvda-2Dinstaller_vda_VDAServerSetup-5F1903.exe&d=DwQCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=KeyfTXTYfufCLfxhgKlPTjggOTbXc4cP5zrkIy3Awgc&s=srYTT5jDHGGVSSAdsmetlR2DBEPWA50fJxMXwr9I-ks&e= > > > to match the bucket path you uploaded the file to. For example, > source: https://s3..amazonaws.com/ > //VDAServerSetup_1903.exe< > https://urldefense.proofpoint.com/v2/url?u=https-3A__s3.-26lt-3Bbucket-2Dregion-26gt-3B.amazonaws.com_-26lt-3Bbucket-2Dname-26gt-3B_-26lt-3Bpath-26gt-3B_VDAServerSetup-5F1903.exe&d=DwQCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=KeyfTXTYfufCLfxhgKlPTjggOTbXc4cP5zrkIy3Awgc&s=701QoL9_mHcFVn4Rma9KVEvYwtGh7iKcqFXDqbwUPUE&e= > > > 6. For the above to work, the file also needs to be made public. > Alternatively, the file can be uploaded to the same bucket that is being > used for QSS3BucketName and then S3AccessCreds credentials be added for > authentication. > For example, the code below, assuming the VDAServerSetup_1903.exe file was > copied to > > s3://${QSS3BucketName}/${QSS3KeyPrefix}installer/VDAServerSetup.exe: > > c:\cfn\scripts\VDAServerSetup.exe: > > source: > > !Sub > > - 'https://$< > https://urldefense.proofpoint.com/v2/url?u=https-3A__-24&d=DwQCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=KeyfTXTYfufCLfxhgKlPTjggOTbXc4cP5zrkIy3Awgc&s=J0w1RJxC6bWa8OzjPz1x0X6EFX5LFKmsW0KLHgwh41s&e= > >{S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}installer/VDAServerSetup.exe' > > - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref > QSS3BucketRegion] > > S3Bucket: !If [UsingDefaultBucket, !Sub > '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] > > authentication: S3AccessCreds > > You can simplify it as well to not use the conditional substitutions, by > hardcoding the Region of the bucket, e.g. assuming it is us-east-1 > > c:\cfn\scripts\VDAServerSetup.exe: > > source: > > !Sub https://$< > https://urldefense.proofpoint.com/v2/url?u=https-3A__-24&d=DwQCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=KeyfTXTYfufCLfxhgKlPTjggOTbXc4cP5zrkIy3Awgc&s=J0w1RJxC6bWa8OzjPz1x0X6EFX5LFKmsW0KLHgwh41s&e= > >{QSS3BucketName}.s3.us-east-1.${AWS::URLSuffix}/${QSS3KeyPrefix}installer/VDAServerSetup.exe > > authentication: S3AccessCreds > > I can also solve this by adding a new parameter: > CitrixVDAServerSetupFileLocation that you can pass a value to, but I'm > trying to avoid that extra work if we can restore the past behavior. > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub< > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_aws-2Dquickstart_quickstart-2Dcitrix-2Dvirtualapps-2Dservice_issues_20-23issuecomment-2D885796570&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=KeyfTXTYfufCLfxhgKlPTjggOTbXc4cP5zrkIy3Awgc&s=QvNwK6Ba_rX5ZPb7pH-zXpGtw8XpMKG0FobMqiIhi3s&e=>, > or unsubscribe< > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ALTZB5WQHOQXGV3K2OXNILTTZGSU3ANCNFSM5A4JGYCQ&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=KeyfTXTYfufCLfxhgKlPTjggOTbXc4cP5zrkIy3Awgc&s=PcL7Oc1FPVl5_IRO_7pCvUoNvUyEoKViQP8F2eAPRBw&e= > >. > > > > ________________________________ > > This email has been scanned for spam and viruses by Proofpoint Essentials. > Click here< > https://us3.proofpointessentials.com/index01.php?mod_id=11&mod_option=logitem&mail_id=1627062094-TuGULjT3w408&r_address=rcroager%40marjentech.com&report=1> > to report this email as spam. > > > — > You are receiving this because you commented. > Reply to this email directly, view it on GitHub > , > or unsubscribe > > . >
vsnyc commented 3 years ago

Perfect! Thank you. How can i change the managed AD from Enterprise to Standard.

We didn't expose the parameter in the Citrix Quick Start, but the nested AD Quick Start does support that. So to switch to Standard, you can update the citrix-virtualapps-service-master.yaml template and pass it to ADStack. i.e. add a new parameter: ADEdition: Standard in this section when invoking the nested ADStack: https://github.com/aws-quickstart/quickstart-citrix-virtualapps-service/blob/80767f1ef72812e5e9f93f8060f8186c001f8ac0/templates/citrix-virtualapps-service-master.yaml#L366-L382

PastafarianPirate commented 3 years ago

Vinod,

I have made the changes you suggested, but now get: Embedded stack arn:aws:cloudformation:us-east-2:522596926697:stack/Citrix-Virtual-Apps-CitrixResourceLocationStack-1UH42THFUTJ8T/9f2fef00-f428-11eb-bfa0-021d769ca334 was not successfully created: The following resource(s) failed to create: [CitrixCloudConnectors].

Raj Croager MARJEN Technology Group LLC Phone:+1 817.471.1238 Email: @. Web: www.marjentech.com Address:559 Silicon Dr. Ste 101 Southlake, TX 76092 This email and any files transmitted with it are confidential and intended solely for the use of the individual(s) to whom they are addressed. Information contained herein may be privileged or otherwise protected by copyright, work product immunity, or other legal statutes. If you are not the intended recipient you are hereby notified that copying, distributing, disclosing, or otherwise disseminating the content in any way is strictly prohibited. Views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. From: Vinod Shukla @.> Sent: Friday, July 23, 2021 2:37 PM To: aws-quickstart/quickstart-citrix-virtualapps-service @.> Cc: Raj Croager @.>; Author @.***> Subject: Re: [aws-quickstart/quickstart-citrix-virtualapps-service] QS failes at Connector Creation (#20)

[ CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.]

Perfect! Thank you. How can i change the managed AD from Enterprise to Standard.

We didn't expose the parameter in the Citrix Quick Start, but the nested AD Quick Start does support that. So to switch to Standard, you can update the citrix-virtualapps-service-master.yaml template and pass it to ADStack. i.e. add a new parameter: ADEdition: Standard in this section when invoking the nested ADStack: https://github.com/aws-quickstart/quickstart-citrix-virtualapps-service/blob/80767f1ef72812e5e9f93f8060f8186c001f8ac0/templates/citrix-virtualapps-service-master.yaml#L366-L382https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_aws-2Dquickstart_quickstart-2Dcitrix-2Dvirtualapps-2Dservice_blob_80767f1ef72812e5e9f93f8060f8186c001f8ac0_templates_citrix-2Dvirtualapps-2Dservice-2Dmaster.yaml-23L366-2DL382&d=DwQCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=tbVeyO1dMJG6tm5f9yqBIRHew_7VGUCJiUHWvRDgrM8&s=sDOzJOU5ffQM5BRPmI0NDy8hz2gt-XvbzHS9bpUgwQ8&e=

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_aws-2Dquickstart_quickstart-2Dcitrix-2Dvirtualapps-2Dservice_issues_20-23issuecomment-2D885871436&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=tbVeyO1dMJG6tm5f9yqBIRHew_7VGUCJiUHWvRDgrM8&s=WBQLJG-p1wcm7stMoLHb5D-syQYKMfQrdjgtH4hNbt8&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ALTZB5TUFYT7MGOX474DPZLTZHAEPANCNFSM5A4JGYCQ&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=vivnF-GxMYckwhv66hwf3N2Hom4sSUmYFYqGZ_HRwo0&m=tbVeyO1dMJG6tm5f9yqBIRHew_7VGUCJiUHWvRDgrM8&s=w0FMTYU8uIUZKsqlwG_GEt3CBVBYPq5Sp1i_TkmTuk0&e=.

This email has been scanned for spam and viruses by Proofpoint Essentials. Click herehttps://us3.proofpointessentials.com/index01.php?mod_id=11&mod_option=logitem&mail_id=1627069004-uktdXT7DVre1&r_address=rcroager%40marjentech.com&report=1 to report this email as spam.

vsnyc commented 2 years ago

This is resolved in #27