From 99df60d1576a7c40e8640e7759f6ecdd8db90c80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cmbt1=E2=80=9D?= Date: Thu, 7 Dec 2023 21:27:53 -0500 Subject: [PATCH 1/4] added -TrustServerCertificate to first SQL Server connection --- CI/Azure-DevOps/CreateSQLVM_azcli.ps1 | 35 ++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 b/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 index 42b7b68ea..24206c696 100644 --- a/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 +++ b/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 @@ -1,4 +1,10 @@ -<# USAGE: ./CreateSQLVM.ps1 -Location "East US 2" -Size "Standard_D2as_v4" -ResourceGroupName "myTestResourceGroup" -VMAdminName "azureAdminName" -VMAdminPwd "aoeihag;ladjfalkj23" -SQLVersionEdition "2017" -SQLPort "41433" -SQLUserName "tSQLt_sa" -SQLPwd "aoeihag;ladjfalkj46" -BuildId "001" #> +<# USAGE: + +az login +az account set --name "tSQLt CI Subscription" + +./CreateSQLVM_azcli.ps1 -Location "East US 2" -Size "Standard_D2as_v4" -ResourceGroupName "myTestResourceGroup" -VMAdminName "azureadminname" -VMAdminPwd "aoeihag;ladjfalkj23" -SQLVersionEdition "2017" -SQLPort "41433" -SQLUserName "tSQLt_sa" -SQLPwd "aoeihag;ladjfalkj46" -BuildId "001" -VmPriority "Spot" +#> Param( [Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][string] $Location, [Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][string] $Size, @@ -99,21 +105,30 @@ Log-Output "FQDN: ", $FQDN; Log-Output "DONE: Creating PIP $PipName"; Log-Output "START: Creating NSG and Rules $NsgName"; +Log-Output "START: Creating NSG and Rules $NsgName --> nsg create"; $output = az network nsg create --name $NsgName --resource-group $ResourceGroupName --location $Location | ConvertFrom-Json; if (!$output) { Write-Error "Error creating NIC"; return } +Log-Output "START: Creating NSG and Rules $NsgName --> nsg rule create --name `"RDPRule`""; +$DestPort = 3389; +Log-Output "<-><-><-><-><-><-><-><-><-><-><-><-><-><->"; +Log-Output "ResourceGroupName: ", $ResourceGroupName; +Log-Output "NsgName: ", $NsgName; +Log-Output "DestPort: ", $DestPort; +Log-Output "<-><-><-><-><-><-><-><-><-><-><-><-><-><->"; $output = az network nsg rule create --name "RDPRule" --nsg-name $NsgName --priority 1000 --resource-group $ResourceGroupName --access Allow ` - --destination-address-prefixes * --destination-port-ranges 3389 --direction Inbound --protocol Tcp --source-address-prefixes * ` - --source-port-ranges * | ConvertFrom-Json; + --destination-address-prefixes '*' --destination-port-ranges $DestPort --direction Inbound --protocol Tcp --source-address-prefixes '*' ` + --source-port-ranges '*' | ConvertFrom-Json; if (!$output) { Write-Error "Error creating NIC RDPRule"; return } +Log-Output "START: Creating NSG and Rules $NsgName --> nsg rule create --name `"MSSQLRule`""; $output = az network nsg rule create --name "MSSQLRule" --nsg-name $NsgName --priority 1001 --resource-group $ResourceGroupName --access Allow ` - --destination-address-prefixes * --destination-port-ranges $SQLPort --direction Inbound --protocol Tcp --source-address-prefixes * ` - --source-port-ranges * | ConvertFrom-Json; + --destination-address-prefixes '*' --destination-port-ranges $SQLPort --direction Inbound --protocol Tcp --source-address-prefixes '*' ` + --source-port-ranges '*' | ConvertFrom-Json; if (!$output) { Write-Error "Error creating NIC MSSQLRule"; return @@ -162,8 +177,16 @@ if (!$output) { $SQLVM|Out-String|Log-Output; Log-Output 'DONE: Applying SqlVM Config' +# Log-Output 'START: Getting SQL Server Certificate' +# & openssl s_client -connect "$FQDN`:$SQLPort" -showcerts /dev/null | openssl x509 -outform PEM > "Connection_Certificate_$VMName.pem" +# $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("Connection_Certificate_$VMName.pem") +# $store = New-Object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::TrustedPeople, 'LocalMachine') +# $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) +# $store.Add($cert) +# $store.Close() + Log-Output 'START: Prep SQL Server for tSQLt Build' -$DS = Invoke-Sqlcmd -InputFile "$dir/GetSQLServerVersion.sql" -ServerInstance "$FQDN,$SQLPort" -Username "$SQLUserName" -Password "$SQLPwd" -As DataSet +$DS = Invoke-Sqlcmd -InputFile "$dir/GetSQLServerVersion.sql" -ServerInstance "$FQDN,$SQLPort" -Username "$SQLUserName" -Password "$SQLPwd" -As DataSet -TrustServerCertificate $DS.Tables[0].Rows | %{ Log-Output "{ $($_['LoginName']), $($_['TimeStamp']), $($_['VersionDetail']), $($_['ProductVersion']), $($_['ProductLevel']), $($_['SqlVersion']), $($_['ServerCollation']) }" } $ActualSQLVersion = $DS.Tables[0].Rows[0]['SqlVersion']; From a6c6c1e5199ec5583f3abb6329ca39f5e53d392b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cmbt1=E2=80=9D?= Date: Tue, 19 Dec 2023 02:12:39 +0000 Subject: [PATCH 2/4] added -trustServerCertificate = true (or equivalent) to all connections --- Build/tSQLt.validatebuild.xml | 2 +- CI/Azure-DevOps/AZ_MainPipeline.yml | 2 +- CI/Azure-DevOps/CreateSQLVM_azcli.ps1 | 8 -------- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/Build/tSQLt.validatebuild.xml b/Build/tSQLt.validatebuild.xml index 98055037a..8fdea3b60 100644 --- a/Build/tSQLt.validatebuild.xml +++ b/Build/tSQLt.validatebuild.xml @@ -451,7 +451,7 @@ - + diff --git a/CI/Azure-DevOps/AZ_MainPipeline.yml b/CI/Azure-DevOps/AZ_MainPipeline.yml index 276fb1b51..49b469775 100644 --- a/CI/Azure-DevOps/AZ_MainPipeline.yml +++ b/CI/Azure-DevOps/AZ_MainPipeline.yml @@ -195,7 +195,7 @@ stages: inputs: targetType: 'inline' script: | - $DS = Invoke-Sqlcmd -Query "SELECT SUSER_NAME() U,SYSDATETIME() T,@@VERSION V;" -ServerInstance "$(CreateSQLVMEnvironment.FQDNAndPort)" -Username "$(CreateSQLVMEnvironment.SQLUserName)" -Password "$(CreateSQLVMEnvironment.SQLPwd)" -As DataSet + $DS = Invoke-Sqlcmd -Query "SELECT SUSER_NAME() U,SYSDATETIME() T,@@VERSION V;" -ServerInstance "$(CreateSQLVMEnvironment.FQDNAndPort)" -Username "$(CreateSQLVMEnvironment.SQLUserName)" -Password "$(CreateSQLVMEnvironment.SQLPwd)" -As DataSet -TrustServerCertificate $DS.Tables[0].Rows | %{ echo "{ $($_['U']), $($_['T']), $($_['V']) }" } diff --git a/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 b/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 index 24206c696..10b17d858 100644 --- a/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 +++ b/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 @@ -177,14 +177,6 @@ if (!$output) { $SQLVM|Out-String|Log-Output; Log-Output 'DONE: Applying SqlVM Config' -# Log-Output 'START: Getting SQL Server Certificate' -# & openssl s_client -connect "$FQDN`:$SQLPort" -showcerts /dev/null | openssl x509 -outform PEM > "Connection_Certificate_$VMName.pem" -# $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("Connection_Certificate_$VMName.pem") -# $store = New-Object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::TrustedPeople, 'LocalMachine') -# $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) -# $store.Add($cert) -# $store.Close() - Log-Output 'START: Prep SQL Server for tSQLt Build' $DS = Invoke-Sqlcmd -InputFile "$dir/GetSQLServerVersion.sql" -ServerInstance "$FQDN,$SQLPort" -Username "$SQLUserName" -Password "$SQLPwd" -As DataSet -TrustServerCertificate $DS.Tables[0].Rows | %{ Log-Output "{ $($_['LoginName']), $($_['TimeStamp']), $($_['VersionDetail']), $($_['ProductVersion']), $($_['ProductLevel']), $($_['SqlVersion']), $($_['ServerCollation']) }" } From 8d96ac37fb0ba527b5542b8529c5f5b5c1afd40c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cmbt1=E2=80=9D?= Date: Tue, 19 Dec 2023 02:54:20 +0000 Subject: [PATCH 3/4] removed 2008 from default run matrix --- CI/Azure-DevOps/AZ_MainPipeline.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/CI/Azure-DevOps/AZ_MainPipeline.yml b/CI/Azure-DevOps/AZ_MainPipeline.yml index 49b469775..9e62f375e 100644 --- a/CI/Azure-DevOps/AZ_MainPipeline.yml +++ b/CI/Azure-DevOps/AZ_MainPipeline.yml @@ -20,8 +20,6 @@ parameters: # TODO, these don't work for scheduled pipelines, not even the defau - name: VMMatrix type: object default: - - name: SQL2008R2 - SQLVersionEdition: 2008R2Std - name: SQL2012 SQLVersionEdition: 2012Ent - name: SQL2014 From ac7b78429c2a985df429eb512cc44d500c73aa47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cmbt1=E2=80=9D?= Date: Tue, 19 Dec 2023 14:31:37 +0000 Subject: [PATCH 4/4] removed double print statement --- CI/Azure-DevOps/CreateSQLVM_azcli.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 b/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 index 10b17d858..cc61a18bd 100644 --- a/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 +++ b/CI/Azure-DevOps/CreateSQLVM_azcli.ps1 @@ -104,7 +104,6 @@ $FQDN = (az network public-ip show --resource-group $ResourceGroupName --name $P Log-Output "FQDN: ", $FQDN; Log-Output "DONE: Creating PIP $PipName"; -Log-Output "START: Creating NSG and Rules $NsgName"; Log-Output "START: Creating NSG and Rules $NsgName --> nsg create"; $output = az network nsg create --name $NsgName --resource-group $ResourceGroupName --location $Location | ConvertFrom-Json; if (!$output) {