From 9204f1aa894cbeae8104418a0ea34d0ad81ea746 Mon Sep 17 00:00:00 2001 From: Millie Olsen Date: Wed, 24 Apr 2024 23:21:51 -0700 Subject: [PATCH] Add NSG rules, SKU, API version updates --- .../ClusterSetup/Azure/SixNodeD2.json | 129 +++++++++++++++++- .../ClusterSetup/Azure/ThreeNodeD2.json | 123 ++++++++++++++++- .../ClusterSetup/Azure/ThreeNodeD3.json | 119 +++++++++++++++- 3 files changed, 358 insertions(+), 13 deletions(-) diff --git a/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/SixNodeD2.json b/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/SixNodeD2.json index 980eb25..3952a50 100644 --- a/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/SixNodeD2.json +++ b/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/SixNodeD2.json @@ -298,11 +298,14 @@ }, "variables": { "vmssApiVersion": "2016-03-30", - "lbApiVersion": "2015-06-15", - "vNetApiVersion": "2015-06-15", + "lbApiVersion": "2017-08-01", + "vNetApiVersion": "2017-08-01", "storageApiVersion": "2016-01-01", - "publicIPApiVersion": "2015-06-15", + "publicIPApiVersion": "2017-08-01", + "nsgApiVersion": "2021-03-01", "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]", + "subnet0Name": "Subnet-0", + "subnet1Name": "Subnet-1", "subnet0Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet0Name'))]", "subnet1Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet1Name'))]", "lbID0": "[resourceId('Microsoft.Network/loadBalancers', concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name')))]", @@ -397,17 +400,130 @@ "resourceType": "Service Fabric", "clusterName": "[parameters('clusterName')]" } + }, + { + "apiVersion": "2018-08-01", + "type": "Microsoft.Network/networkSecurityGroups", + "name": "[concat('nsg', variables('subnet0Name'))]", + "location": "[resourceGroup().location]", + "properties": { + "securityRules": [ + { + "name": "AzurePortal", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "ServiceFabric", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "19080", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 3900, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "Cluster", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "", + "destinationPortRanges": [ "1025", "1026", "1027" ], + "direction": "Inbound", + "priority": 3930, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "Ephemeral", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "", + "destinationPortRanges": [ "49152", "65334" ], + "direction": "Inbound", + "priority": 3940, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "Application", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "", + "destinationPortRanges": [ "20000", "30000" ], + "direction": "Inbound", + "priority": 3950, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "ResourceProvider", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "ServiceFabric", + "destinationPortRange": "443", + "destinationPortRanges": [], + "direction": "Outbound", + "priority": 4010, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "DownloadBinaries", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "AzureFrontDoor.FirstParty", + "destinationPortRange": "", + "destinationPortRanges": [ "443" ], + "direction": "Outbound", + "priority": 4020, + "protocol": "Tcp", + "description": "" + } + } + ] + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } }, { "apiVersion": "[variables('publicIPApiVersion')]", "type": "Microsoft.Network/publicIPAddresses", "name": "[concat(parameters('lbIPName'),'-','0')]", "location": "[parameters('computeLocation')]", + "sku": { + "name": "Standard" + }, "properties": { "dnsSettings": { "domainNameLabel": "[parameters('dnsName')]" }, - "publicIPAllocationMethod": "Dynamic" + "publicIPAllocationMethod": "Static" }, "tags": { "resourceType": "Service Fabric", @@ -422,6 +538,9 @@ "dependsOn": [ "[concat('Microsoft.Network/publicIPAddresses/',concat(parameters('lbIPName'),'-','0'))]" ], + "sku": { + "name": "Standard" + }, "properties": { "frontendIPConfigurations": [ { @@ -757,7 +876,7 @@ "dnsSettings": { "domainNameLabel": "[concat(parameters('dnsName'),'-','loadgen')]" }, - "publicIPAllocationMethod": "Dynamic" + "publicIPAllocationMethod": "Static" }, "tags": { "resourceType": "Service Fabric", diff --git a/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/ThreeNodeD2.json b/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/ThreeNodeD2.json index 32afa28..d681725 100644 --- a/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/ThreeNodeD2.json +++ b/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/ThreeNodeD2.json @@ -298,11 +298,14 @@ }, "variables": { "vmssApiVersion": "2016-03-30", - "lbApiVersion": "2015-06-15", - "vNetApiVersion": "2015-06-15", + "lbApiVersion": "2017-08-01", + "vNetApiVersion": "2017-08-01", "storageApiVersion": "2016-01-01", - "publicIPApiVersion": "2015-06-15", + "publicIPApiVersion": "2017-08-01", + "nsgApiVersion": "2021-03-01", "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]", + "subnet0Name": "Subnet-0", + "subnet1Name": "Subnet-1", "subnet0Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet0Name'))]", "subnet1Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet1Name'))]", "lbID0": "[resourceId('Microsoft.Network/loadBalancers', concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name')))]", @@ -398,6 +401,116 @@ "clusterName": "[parameters('clusterName')]" } }, + { + "apiVersion": "2018-08-01", + "type": "Microsoft.Network/networkSecurityGroups", + "name": "[concat('nsg', variables('subnet0Name'))]", + "location": "[resourceGroup().location]", + "properties": { + "securityRules": [ + { + "name": "AzurePortal", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "ServiceFabric", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "19080", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 3900, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "Cluster", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "", + "destinationPortRanges": [ "1025", "1026", "1027" ], + "direction": "Inbound", + "priority": 3930, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "Ephemeral", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "", + "destinationPortRanges": [ "49152", "65334" ], + "direction": "Inbound", + "priority": 3940, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "Application", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "", + "destinationPortRanges": [ "20000", "30000" ], + "direction": "Inbound", + "priority": 3950, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "ResourceProvider", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "ServiceFabric", + "destinationPortRange": "443", + "destinationPortRanges": [], + "direction": "Outbound", + "priority": 4010, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "DownloadBinaries", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "AzureFrontDoor.FirstParty", + "destinationPortRange": "", + "destinationPortRanges": [ "443" ], + "direction": "Outbound", + "priority": 4020, + "protocol": "Tcp", + "description": "" + } + } + ] + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, { "apiVersion": "[variables('publicIPApiVersion')]", "type": "Microsoft.Network/publicIPAddresses", @@ -407,7 +520,7 @@ "dnsSettings": { "domainNameLabel": "[parameters('dnsName')]" }, - "publicIPAllocationMethod": "Dynamic" + "publicIPAllocationMethod": "Static" }, "tags": { "resourceType": "Service Fabric", @@ -757,7 +870,7 @@ "dnsSettings": { "domainNameLabel": "[concat(parameters('dnsName'),'-','loadgen')]" }, - "publicIPAllocationMethod": "Dynamic" + "publicIPAllocationMethod": "Static" }, "tags": { "resourceType": "Service Fabric", diff --git a/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/ThreeNodeD3.json b/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/ThreeNodeD3.json index 6fff360..4f47627 100644 --- a/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/ThreeNodeD3.json +++ b/ServiceLoadTest/ServiceFabric/ClusterSetup/Azure/ThreeNodeD3.json @@ -298,11 +298,14 @@ }, "variables": { "vmssApiVersion": "2016-03-30", - "lbApiVersion": "2015-06-15", - "vNetApiVersion": "2015-06-15", + "lbApiVersion": "2017-08-01", + "vNetApiVersion": "2017-08-01", "storageApiVersion": "2016-01-01", - "publicIPApiVersion": "2015-06-15", + "publicIPApiVersion": "2017-08-01", + "nsgApiVersion": "2021-03-01", "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]", + "subnet0Name": "Subnet-0", + "subnet1Name": "Subnet-1", "subnet0Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet0Name'))]", "subnet1Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet1Name'))]", "lbID0": "[resourceId('Microsoft.Network/loadBalancers', concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name')))]", @@ -748,6 +751,116 @@ "clusterName": "[parameters('clusterName')]" } }, + { + "apiVersion": "2018-08-01", + "type": "Microsoft.Network/networkSecurityGroups", + "name": "[concat('nsg', variables('subnet0Name'))]", + "location": "[resourceGroup().location]", + "properties": { + "securityRules": [ + { + "name": "AzurePortal", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "ServiceFabric", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "19080", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 3900, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "Cluster", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "", + "destinationPortRanges": [ "1025", "1026", "1027" ], + "direction": "Inbound", + "priority": 3930, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "Ephemeral", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "", + "destinationPortRanges": [ "49152", "65334" ], + "direction": "Inbound", + "priority": 3940, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "Application", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "*", + "destinationPortRange": "", + "destinationPortRanges": [ "20000", "30000" ], + "direction": "Inbound", + "priority": 3950, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "ResourceProvider", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "ServiceFabric", + "destinationPortRange": "443", + "destinationPortRanges": [], + "direction": "Outbound", + "priority": 4010, + "protocol": "Tcp", + "description": "" + } + }, + { + "name": "DownloadBinaries", + "properties": { + "access": "Allow", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationAddressPrefix": "AzureFrontDoor.FirstParty", + "destinationPortRange": "", + "destinationPortRanges": [ "443" ], + "direction": "Outbound", + "priority": 4020, + "protocol": "Tcp", + "description": "" + } + } + ] + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, { "apiVersion": "[variables('publicIPApiVersion')]", "type": "Microsoft.Network/publicIPAddresses",