I have a web application with <security-role-assignment> nodes in weblogic.xml
Eg:
<security-role-assignment>
<role-name>Application Role 1</role-name>
<principal-name>Active Directory Group Principal</principal-name>
</security-role-assignment>
During the deployment in WebLogic the principal-name are overwritten with a deployment plan to set the correct group principal name (this works).
I now have to access that role-name <-> principal-name mapping programatically from within the web application.
Reading the weblogic.xml this way does not work, that results in the original (unmodified by the deployment plan) XML and values:
request.getServletContext().getResourceAsStream("/WEB-INF/weblogic.xml")
Question
How can I access entries in weblogic.xml which are overwritten by a deployment plan?
Related
I have a pulumi repository setup for an AWS project such that I have a directory of services
index.ts
services/
user-service/
recommendation-service/
chat-service/
convert-service/
Each service has its own docker file and application code (i.e. node or go micro service).
There is a pulumi script in the root index.ts that currently scans the services directory for directories with directory name matching the pattern: *-service.
For each service directory a fargateType ECS service is created.
These services are then added to their own target group and attached to an Application Load Balancer using a ALB listener with path based routing condition so that
/user/* -> user service /recommendation/* -> recommendation service /chat/* -> chat service ...etc
This is all working fine and dandy!!
The only issue is I wish to build a git pipeline with incremental builds... Meaning If there is no diff to the user-service I do not want to build the docker image or have pulumi calculate a diff of aws resources I want to skip all that without deleting the resource... It would be simple enough to just check to see if the file has been modified either using git to see what files have changed since last commit, or use a checksum.
I can do that but currently pulumi will delete those resources if they are skipped in the "pulumi up" script.
I would like to do this without creating a separate stack for each service, as it is convenient to reproduce the entire environment by creating a single new stack for all resources.
I want those resources to stay as they were if there is no change without pulumi having to create all those resources.
I have a Azure Pipeline to create alerts in Azure. So in pipeline task I am using the AzureResourceGroupDeployment task and where I gave option to define the deployment name. My requirement is to create alerts timely basis when needed and using a sample alertquert deployment template and parameters.json where the parameters values will be replaced with each time when pipeline triggered for creating the alerts with different input values using runtime parameter ad the parameters.json will be updated accordingly.
So here I am not sure about the deployment name, as whether I have to specify the deployment name differently in each time when I create different alerts or, I can have the same deployment name itself?
If i create the alerts with same deployment name for with different alerts names, whether this will delete or modify the previously created alerts using the same deployment ?
Also if I want to update the alerts which is already created, whether I can update it by using the ame deployment name and same alert name?
The resource group keeps a record of deployment events; the information stored includes the parameters input, the resources created, and any outputs.
Each record is identified by a name; that's what the deployment name is.
This history of deployment events is accessible in the azure portal, and also through az cli and azure powershell.
It's up to you whether you want to reuse a deployment name again, or use unique names (e.g. by adding a datetime suffix). If you reuse a name in a future deployment then the previous record will be overwritten; so you lose your history a bit, but it means that the deployment events record is quite tidy, holding only the most recent deployment record for each resource.
If you prefer to use new unique deployment names each time, then you get the advantage of having a fuller history; but there is a limit of 800 deployments per resource group and if you reach it then you cannot deploy anything until you delete some records.
Consider the following things are already satisfied.
1. The maria-db is running in separate pod and is pre-installed.
2. When we deploy a new service it is able to connect to maria-db and create SCHEMA in it.
But the final requirement is when the service is deleted then it should cleanup the SCHEMA.
I have tried writing a job with post-delete tag.
So just a thought, you could possible do this by using a Admission Control i.e your logic could possible be along the lines of:
Delete Pod Requested --> Hits Addmission Control --> Addmission Controller Removes Schema --> Pod Deleted
However this would be a lot of custom code and you would need a way to identify the Schema that that particular service has created in the DB.
Can deployment groups be searched for a particular machine? I need a way to find if a server is already part of a deployment group. I can't tell from the group names if they are applicable to the project.
You could use the REST API for Deployment Groups and look in the Machines property.
Or, if you have access, you can open the deployment groups navigation and look at the targets.
You may want to employ a more robust implementation of tags for the machines in your deployment groups, so you know you'll only deploy to machines in the group that are applicable.
You could simply use Rest API to list all deployment groups in a specific team project.
GET https://dev.azure.com/fabrikam/{project}/_apis/distributedtask/deploymentgroups?api-version=5.0-preview.1
Conversely, it's not able to list all target groups for a special machine at present.
As a workaround, you can add a tag to a machine on the depoyment group configuration.
After that, specify the tag at the release deployment group phase.
This will make the release to choose all machine within the group deployment that match you tag.
I have created separate ARM templates each for the DocumentDB, Azure SQL Server, Storage Account, Azure Key Vault, Azure Batch, HDInsight Cluster.
Using New-AzureRmResourceGroupDeployment powershell command when I deploy above resources in a loop within the same resource group I found a strange behaviour. While deploying DocDB all my previously deployed resources in the resource group vanishes (probably deleted automatically). Same is the case when I deploy Azure SQL Server.
Has anybody encountered the same issue? Is there a fix?
New-AzureRmResourceGroupDeployment has a -mode parameter which can be set to either complete or incremental
Complete mode will create a resource group exactly as you define it in a template deleting any resource that is not explicitly defined in the template.
Incremental mode will add or modify resources to achieve what is specified by the template. Ignoring any additional resources that are present within the resource group. Incremental mode will modify any pre-existing resources to match what is in the template.