From ffa513054b4af87794ff4ad47842f14fb10822ee Mon Sep 17 00:00:00 2001 From: Sven Aelterman <17446043+SvenAelterman@users.noreply.github.com> Date: Wed, 20 Mar 2024 09:27:26 -0500 Subject: [PATCH] REDCap configuration fixes: cron and SMTP (#75) * Minor enhancements to deploy.ps1 * startup.sh compatibility with PHP 8.2 * Bicep enhancements for web app * Allow SMTP configuration using parameters * Remove dead code --- deploy.ps1 | 6 ++++-- main-sample.bicepparam | 8 ++++++++ main.bicep | 14 +++++++++++++- modules/webapp/main.bicep | 10 +++++++++- modules/webapp/webapp.bicep | 26 +++++++++++++++++++++----- scripts/bash/startup.sh | 13 +++++++++++-- 6 files changed, 66 insertions(+), 11 deletions(-) diff --git a/deploy.ps1 b/deploy.ps1 index 3a90569..26cbb0d 100644 --- a/deploy.ps1 +++ b/deploy.ps1 @@ -17,7 +17,7 @@ Param( # Define common parameters for the New-AzDeployment cmdlet [hashtable]$CmdLetParameters = @{ Location = $Location - TemplateFile = '.\main.bicep' + TemplateFile = './main.bicep' } # Convert the .bicepparam file to JSON to read values that will be used to construct the deployment name @@ -56,7 +56,7 @@ Import-Module .\scripts\PowerShell\Generate-Password.psm1 [securestring]$SqlPassword = New-RandomPassword 25 # Remove the Generate-Password module from the session -Remove-module Generate-Password +Remove-Module Generate-Password $CmdLetParameters.Add('sqlPassword', $SqlPassword) @@ -66,6 +66,8 @@ $DeploymentResult = New-AzDeployment @CmdLetParameters # Evaluate the deployment results if ($DeploymentResult.ProvisioningState -eq 'Succeeded') { Write-Host "🔥 Deployment succeeded." + + $DeploymentResult.Outputs } else { $DeploymentResult diff --git a/main-sample.bicepparam b/main-sample.bicepparam index b006e96..7a9930a 100644 --- a/main-sample.bicepparam +++ b/main-sample.bicepparam @@ -28,6 +28,14 @@ param redcapCommunityPassword = '' param scmRepoUrl = 'https://github.com/Microsoft/azure-redcap-paas' param scmRepoBranch = 'main' +// Specify the values for the SMTP host REDCap will use to send emails. +// These values may be left blank if you will not use SMTP for email notifications. +param smtpFQDN = '' +// Be aware of possible restrictions to using SMTP port 25 in Azure. +// See https://learn.microsoft.com/azure/virtual-network/troubleshoot-outbound-smtp-connectivity +param smtpPort = '587' +param smtpFromEmailAddress = '' + // ** Do not specify anything here! ** // This parameter is required to ensure the parameter file is valid, but should be blank so the password doesn't leak. // A new password is generated for each deployment and stored in Key Vault. diff --git a/main.bicep b/main.bicep index f8363d9..c9290b3 100644 --- a/main.bicep +++ b/main.bicep @@ -39,7 +39,7 @@ param scmRepoUrl string = 'https://github.com/microsoft/azure-redcap-paas' @description('Github Repo Branch where build scripts are downloaded from') param scmRepoBranch string = 'main' @description('The command before build to be run on the web app with an elevated privilege. This is used to install the required packages for REDCap operation.') -param prerequisiteCommand string = 'apt-get install unzip sendmail cron -y' +param prerequisiteCommand string = '/home/startup.sh' param deploymentTime string = utcNow() @@ -47,8 +47,16 @@ param deploymentTime string = utcNow() @secure() param sqlPassword string +@description('The MySQL Flexible Server admin user account name. Defaults to \'sqladmin\'.') param sqlAdmin string = 'sqladmin' +@description('The outgoing SMTP server FQDN or IP address.') +param smtpFQDN string = '' +@description('The outgoing SMTP server port.') +param smtpPort string = '' +@description('The email address to use as the sender for outgoing emails.') +param smtpFromEmailAddress string = '' + var sequenceFormatted = format('{0:00}', sequence) var rgNamingStructure = replace(replace(replace(replace(replace(namingConvention, '{rtype}', 'rg'), '{workloadName}', '${workloadName}-{rgName}'), '{loc}', location), '{seq}', sequenceFormatted), '{env}', environment) var vnetName = nameModule[0].outputs.shortName @@ -388,6 +396,10 @@ module webAppModule './modules/webapp/main.bicep' = { scmRepoBranch: scmRepoBranch prerequisiteCommand: prerequisiteCommand + smtpFQDN: smtpFQDN + smtpFromEmailAddress: smtpFromEmailAddress + smtpPort: smtpPort + deploymentNameStructure: deploymentNameStructure uamiId: uamiModule.outputs.id diff --git a/modules/webapp/main.bicep b/modules/webapp/main.bicep index b4f0c17..019f90a 100644 --- a/modules/webapp/main.bicep +++ b/modules/webapp/main.bicep @@ -16,6 +16,10 @@ param privateDnsZoneName string param virtualNetworkId string param integrationSubnetId string +param smtpFQDN string = '' +param smtpPort string = '' +param smtpFromEmailAddress string = '' + #disable-next-line secure-secrets-in-params param storageAccountKeySecretRef string param storageAccountName string @@ -36,7 +40,7 @@ param prerequisiteCommand string param uamiId string -// Disabling this check because this is no longer a secret; it's a reference to Key Vault +// Disabling this check because this is not a secret; it's a reference to Key Vault #disable-next-line secure-secrets-in-params param dbPasswordSecretRef string @@ -77,6 +81,10 @@ module appService 'webapp.bicep' = { storageAccountKeySecretRef: storageAccountKeySecretRef storageAccountName: storageAccountName + smtpFQDN: smtpFQDN + smtpFromEmailAddress: smtpFromEmailAddress + smtpPort: smtpPort + uamiId: uamiId } } diff --git a/modules/webapp/webapp.bicep b/modules/webapp/webapp.bicep index b4802fa..2888c4e 100644 --- a/modules/webapp/webapp.bicep +++ b/modules/webapp/webapp.bicep @@ -23,12 +23,17 @@ param redcapCommunityUsernameSecretRef string #disable-next-line secure-secrets-in-params param redcapCommunityPasswordSecretRef string param scmRepoUrl string -param scmRepoBranch string = 'main' +param scmRepoBranch string param prerequisiteCommand string param appInsights_connectionString string param appInsights_instrumentationKey string +param smtpFQDN string = '' +param smtpPort string = '' +param smtpFromEmailAddress string = '' + +// This is not a secret, it's a Key Vault reference #disable-next-line secure-secrets-in-params param storageAccountKeySecretRef string param storageAccountName string @@ -105,15 +110,15 @@ resource webApp 'Microsoft.Web/sites@2022-03-01' = { } { name: 'smtpFQDN' - value: '' + value: smtpFQDN } { name: 'smtpPort' - value: '' + value: smtpPort } { name: 'fromEmailAddress' - value: '' + value: smtpFromEmailAddress } { name: 'APPINSIGHTS_INSTRUMENTATIONKEY' @@ -154,7 +159,17 @@ resource webApp 'Microsoft.Web/sites@2022-03-01' = { } } -resource webSiteName_web 'Microsoft.Web/sites/sourcecontrols@2022-09-01' = { +// SCM Basic Authentication is required when using the App Service Build Service +// Per https://learn.microsoft.com/en-us/azure/app-service/deploy-continuous-deployment?tabs=github%2Cappservice#what-are-the-build-providers +resource basicScmCredentials 'Microsoft.Web/sites/basicPublishingCredentialsPolicies@2023-01-01' = { + parent: webApp + name: 'scm' + properties: { + allow: true + } +} + +resource sourcecontrol 'Microsoft.Web/sites/sourcecontrols@2022-09-01' = { parent: webApp name: 'web' properties: { @@ -162,6 +177,7 @@ resource webSiteName_web 'Microsoft.Web/sites/sourcecontrols@2022-09-01' = { branch: scmRepoBranch isManualIntegration: true } + dependsOn: [ privateDnsZoneGroupsWebApp ] } resource peWebApp 'Microsoft.Network/privateEndpoints@2022-07-01' = { diff --git a/scripts/bash/startup.sh b/scripts/bash/startup.sh index 57f36e2..fbb08ce 100644 --- a/scripts/bash/startup.sh +++ b/scripts/bash/startup.sh @@ -1,5 +1,14 @@ #!/bin/bash - + +echo "Custom container startup" + +#################################################################################### +# +# Install required packages in container +# +#################################################################################### + +apt-get update -qq && apt-get install sendmail cron -yqq #################################################################################### # @@ -7,5 +16,5 @@ # #################################################################################### -echo "* * * * * /usr/local/bin/php /home/site/wwwroot/cron.php > /dev/null" >> /etc/crontab service cron start +(crontab -l 2>/dev/null; echo "* * * * * /usr/local/bin/php /home/site/wwwroot/cron.php > /dev/null")|crontab