Gitting

Creating new Git repository (Use below steps for setup git branch based on the first EC2 server and push to Gitlab)
Below are the high level steps to create repository and perform push of contents to the respective branch in that new repository

Create repository from Gitlabs console under Web-Content group by the name as mentioned by the dev
Confirm the servers and path with the dev from where you need to push the contents
Then follow steps mentioned in the bottom to push contents onto the respective branch. Confirm branches to be created from dev
Perform these steps using credentials TT\SoftixDomainAccount  and use attached gitlab keys if it’s not there on the server
Also make sure you attached .gitignore is used
#(1) First initialize git and connect to remote branch:

git init

git remote add origin git@gitlab.softix.com:web-content/<repo_name>.git

git checkout -b <branch>

#(2) Check the git tracked file status:

git status

##Consider enabling lfs support and lfs filter

git lfs install

git lfs track "*.pdf" 

git lfs track "*.jpeg"

git lfs track "*.png"

git config http.sslverify false

#(4) Add all changed files to be commited locally:

git add *

#(5) Commit all the changed files locally :

git commit -m "Pushing Premier Prod Contents to new PROD branch"

#(7) Push the new changes to remote PROD-AU branch :

git push -u origin PROD-AU



Sync the git content on other EC2 servers (same load balancer/target group etc) after setting up the git repo from scratch via the steps shown above
git init

git remote –v

git remote add origin git@gitlab.softix.com:web-content/<repo_name>.git

git checkout -b <branch>

git lfs install

git lfs track "*.pdf"     #these files won’t have version control, but overwritten every time

git lfs track "*.jpeg"

git lfs track "*.png"

git config http.sslverify false

git fetch --all

git reset --hard origin/<branch>

git pull origin <branch>

git branch -u origin/<branch>  #If using the Powershell scripts from Git-mgmt-prod or Git-Mgmt-uat servers to manage git pulls, please ensure to run this command otherwise you will see git pull errors

Naming convention for new Git branches—Add AU/NZ
It has to be like prod-au/prod-nz/preview-au/preview-nz/uat-au/uat-nz

Prod-my / preview-my/uat-my



Git repositories that have been setup are currently kept in an Excel spreadsheet called GitRepoMapping.xlsx in this path:

\\fileserver.tt.local\Common\DevOps\For_Parikshit\Git-Setup\GitRepoMapping.xlsx



Git Auto Sync Setup after the git repo/branches have been setup from above
Currently there are a couple of different ways of doing git auto sync/pull for web contents: 1) git pull powershell scripts running locally on the web servers configured via windows scheduled task; 2) git pull powershell scripts running remotely from two Git management servers called Git-Mgmt-Prod(IP: 10.130.122.41) and Git-Mgmt-UAT (IP:10.199.122.145). Login as softixdomainaccount 3) New ways of git pull via Jenkins and Gitlab webhook configured on https://jenkins.ticketek.com.au/job/GitPull/ on the Jenkins-AutoScaleGroup server on teg-shared new aws account.

git pull powershell scripts running locally on the web servers configured via windows scheduled task
Go to windows scheduled task and see if there are some jobs configured

Gotchas:

If the local git pull is not working, ensure the scheduled task is running as tt\softixdomainaccount account, not the local admin one. Secondly, ensure the .ssh folder/files are copied there. You can copy the .ssh folder with all required files from the uat server "C:\Users\softixdomainaccount\.ssh" @ 10.199.40.93

2. git pull powershell scripts running remotely from two Git management servers
Pre-requisite:

Make sure the EC2 servers is allowing inbound 5985-5986 TCP ports from the Git-Mgmt-Prod and Git-Mgmt-UAT servers, which is required for running git pull powershell scripts remotely. Double check their security groups.

Both Git mgmt servers use the powershell aws profile to retrieve information from AWS

PS C:\Get-AWSCredential -ListProfile
WARNING: The ListProfile switch is deprecated and will be removed from a future release. Please use ListProfileDetail
instead.
GitPullProfile
default
default
access

One of the gitpullprofile should be from the Git-EC2-Readonly or the Gitpull one in the ticketek aws account.







Git-Mgmt-Prod is for production servers:
All remote git pull scripts are in the C:\Scripts\  folder.

the Working-Scripts subfolder are running ones already setup which have a correspondent scheduled task.

The Scripts-Templates subfolders are templates. Normally for production servers, we use either GitPull-Templates-TargetGroup or GitPull-Templates-ELBClassic if you can find a proper target group or load balancer for all the production server fleet. We don't use GitPull-Templates-SingleInstance normally.

To setup new auto git pull using these templates, follow these steps:

a) make a copy of "GitPull-Templates-TargetGroup" or "GitPull-Templates-ELBClassic" from the "Scripts-Templates" folder and place them into "Working-Scripts\ForTargetGroups" or "Working-Scripts\ForClassicELBs" folder.

b) Change the folder name to a distinctive and meaningful name such as AU_WhiteLabel_Premier_Mobile.

c) edit the env.ps1 file and replace $env with the folder name you just changed to such as "AU_WhiteLabel_Premier_Mobile";

change the $targetGroupName to point to the target group which includes all the EC2 servers for the web application, i.e. InvictusGames

change the $seconds, which is the running interval for the git pull scheduled task.



edit the GitPullScriptTG.ps1 file and change $gitDirectory to point to the correct IIS root folder path for the web app.

Caution: always triple check $gitDirectory to ensure the correct IIS root folder path is used!!!
E.g. $gitDirectory ="Z:\TicketekAU\WhiteLabels\MobilePremier"

Change $branch to point to the correct git branch.

Warning: Please change $branch with great caution!! Any mistake may end up in a disaster. Correct format normally is $branch="uat-au" or #$branch="preview-au"
This is CASE SENSITIVE!!!

If unsure, just cd to the root folder of the IIS site and do a git status to find the correct git branch and git remote -v to find the correct remote git repo.



d) launch a cmd in admin mode and cd to the folder where all the script files (env.ps1,GitPullScriptTG.ps1 etc) are located  and ./GitTaskGeneratorTG.ps1 to generate a scheduled task for the webapp.

e) Check the log file in C:\Scripts\Logs to see if there is any error. Get the dev to do some test commit and see if you receive slack notification in the channel git_notifications or test-channel01.

It should look like:

Git Pull Report for All 4 Targets in TargetGroup InvictusGames
**********************************************************************
4 servers with successful git pull update applied:
i-02e37dfc8ddb24783;i-0a0c90783e3c02e47;i-02c956b88711d9d8d;i-0096ac8c705677051
0 servers without new git pull update applied:

0 servers with potential git pull errors:

One sample message of successful git pull update:
-------------------------------------------------------------------
Git Pull Notification
Site: AU_WhiteLabel_Premier
InstanceID: i-02e37dfc8ddb24783
ServerIP: 10.130.40.254
DateTime: 09/05/2018 10:23:13
Author: Marion Wood <marionw@ticketek.com.au>
Last Commit ID: 288116a
Last Commit Description:
FCT-777 - Created test survey for Fastcheck
-------------------------------------------------------------------
#############################################################



Git-Mgmt-UAT is for Preview and Uat servers:
Script files are in the same folder as prod: C:\Scripts

The only difference is that normally we use C:\Scripts\Scripts-Templates templates and put them in the C:\Scripts\Working-Scripts\ForSingleServer folder as preview and uat servers normally are standalone, not clustered.

For most preview server webapps, we normally use the Hostworks preview server which is "$fqdn_Git="TKTPRPWADM01-2.tt.local", so you can copy the folder from AU-ML-MOB-PRM in the working-scripts folder and simply change the variables. Keep the $fqdn_Git="TKTPRPWADM01-2.tt.local setting if the preview site is hosted there.

Gotchas:

The two git-mgmt-xxx servers are of t2-medium instance size. We can consider increasing the ram as there are many git pull jobs running every some minutes so there might be memory/cpu spikes occasionally, causing git pull slowness.



3. New ways of git pull via Jenkins and Gitlab webhook

The above 2nd approach is currently applicable only for servers hosted on our old exisitng Tickektek account but not yet applicable for servers launched on the new teg-prod-au account, as the git management servers reside on the old exiting account and there is some permission issue if you try to remotely manage the new servers from the old management servers. Therefore, we come to the 3rd approach, git pull via the Jenkins server hosted on the new teg-shared account.

Login to the Jenkins server via https://jenkins.ticketek.com.au/

Navigate to Gitpull folder and you can see some subfolders there.

The ticketek subfolder has a template Tmplt-Prod-AU-Ticketek with permission for managing old exiting ticketek account(ID 389920326251) while the teg-prod-au one has a template teg-prod-au for the new teg-prod-au account (167471469006).

Steps for configuring the auto git pull for this:

Make sure the new EC2 servers have allowed inbound 5985-5986 Tcp ports to the Jenkins server. You can manually open the ports in the security group and add inbound 5985-5986 from subnet range 10.161.64.0/18. However, since the new aws account resources are launched via IaaC, it is advisable that this is added to the cloudformation/packer script to automate everything.

Enable the psremoting feature by running this powershell script: "powershell.exe -NoProfile -ExecutionPolicy Bypass -File \\10.130.0.215\Common\Scripts\PSRemoting\ConfigureRemotingForAnsible.ps1 -Verbose -CertValidityDays 3650 -EnableCredSSP -ForceNewSSLCert -SkipNetworkProfileCheck"     Again it is advisable that this is added to the cloudformation/packer script to automate everything.
Go to the https://jenkins.ticketek.com.au/job/GitPull/job/teg-prod-au/ folder and create a new Jenkins item/job by copying from the existing template "Tmplt-ByTag-tegProdAU", give it a meaningful name, such as Premier-premier-PRODA-Desktop
Got to the Configure page and update all the parameters for the job such as the branch, gitRootDir (The IIS gitRootDir for doing git pull to; Please put the correct git root directory here as the default value and ensure you use DOUBLE back slash \ in the windows path without quotes. i.e. C:\\testSite), key (The key of the tag for filtering the EC2 instances with, i.e. Name, Role. ###Wanrning: Please ensure this key/value returns the exact number of servers you intend to manage, as there can be UNWANTED servers included###), value(The value of the tag for filtering the EC2 instances with, i.e. Premier. ###Warning: Please ensure this key/value returns the exact number of servers you intend to manage, as there can be UNWANTED servers included###), valueName(The name for creating a temp inventory file for this job. Please provide a unique name WITHOUT ANY WHITESPACE to identify the EC2 hosts involved in this Git pull job. E.g. you can use "MemberlinkAU" if this job targets all servers for Memberlink AU. )
change the repository url to the correct one, e.g. git@gitlab.softix.com:web-content/TKTAU-Content-PR.git
Go to the Build triggers section and click on advanced, manually change the "Filter branches by name "–"include" part to match the correct git branch, so that we can enable the gitlab trigger whenenver a dev pushes new commits to the gitlab repo.
Copy this webhook url and the secret token (you can generate a new one) and paste them in the gitlab portal as shown below

Logon to gitlab and go to the webcontent repo page, click on setting/integration, paste the webhook url and security token copied from Jenkins, and save them. You can click on test to see if it returns a 200 success message.

Save all your setting in the Jenkins page and get the dev to do some test commits. Hopefully you should see some slack messages posted in the git_notifications or test-channel01 if everything is configured properly.
One important thing about using this Jenkins job for auto git pull is that we filter the EC2 servers via EC2 tags, so you need to make sure the tag key and value returns exactly the expected number of servers you would like to manage, not too many, not too few, and they are correct servers. If the tag name and key is not filtering properly, consider adding/updating some unique tags to the servers, otherwise you might accidentally git pull the wrong content to wrong servers.
If running successfully, you should see slack logs like this:
********************Git Pull Report Begins********************
- '#WebsiteName#: AU_Mobile_Premier'
- '#RootDir#: D:\TicketekAU\Powerweb\MobilePremier'
TASK [Auto Git Pull for Branch PROD-AU] ****************************************
changed: [WIN-DCNVJ2PA4M5]
changed: [WIN-MV5NIOIOUIU]
changed: [WIN-4CCANG3LSOI]
changed: [WIN-3J9G03G3HVE]

TASK [debug] *******************************************************************
ok: [WIN-MV5NIOIOUIU] =>
gitPullResult.stdout_lines:
- HEAD is now at c4328dc FCT 788 - Added file changes but not Live yet
- Already up to date.
- 'Author: Naga Rao <nagar@ticketek.com.au>'
- 'Date: Wed Sep 5 14:48:22 2018 +1000'
ok: [WIN-3J9G03G3HVE] =>
gitPullResult.stdout_lines:
- HEAD is now at c4328dc FCT 788 - Added file changes but not Live yet
- Already up to date.
- 'Author: Naga Rao <nagar@ticketek.com.au>'
- 'Date: Wed Sep 5 14:48:22 2018 +1000'
ok: [WIN-DCNVJ2PA4M5] =>
gitPullResult.stdout_lines:
- HEAD is now at c4328dc FCT 788 - Added file changes but not Live yet
- Already up to date.
- 'Author: Naga Rao <nagar@ticketek.com.au>'
- 'Date: Wed Sep 5 14:48:22 2018 +1000'
ok: [WIN-4CCANG3LSOI] =>
gitPullResult.stdout_lines:
- HEAD is now at c4328dc FCT 788 - Added file changes but not Live yet
- Already up to date.
- 'Author: Naga Rao <nagar@ticketek.com.au>'
- 'Date: Wed Sep 5 14:48:22 2018 +1000'
to retry, use: --limit @/gitPull/Infrastructure-Automation-Ansible/cloudformation/roles/GitPull/tasks/playbooks/Premier-PRODA-Mobile.retry

PLAY RECAP *********************************************************************
WIN-3J9G03G3HVE : ok=4 changed=2 unreachable=0 failed=0
WIN-4CCANG3LSOI : ok=4 changed=2 unreachable=0 failed=0
WIN-DCNVJ2PA4M5 : ok=4 changed=2 unreachable=0 failed=0
WIN-MV5NIOIOUIU : ok=4 changed=2 unreachable=0 failed=0

Gotchas:

If you see errors like below, ensure tt\softixdomainaccount is a member of local administrators for the target servers (apart from firewall port)

kerberos: HTTPSConnectionPool(host='win-3cfv8ejkcvn', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f1acc6da7d0>, 'Connection to win-3cfv8ejkcvn timed out. (connect timeout=30)')

If you see this error on Jenkins web portal or Jenkins server cli, run "chown -R jenkins:jenkins /gitPull" to change ownership

[WARNING]: Could not create retry file '/gitPull/Infrastructure-Automation-
Ansible/cloudformation/roles/GitPull/tasks/playbooks/Premier-PRODA.retry'. [Errno 13] Permission denied: u'/gitPull
/Infrastructure-Automation-Ansible/cloudformation/roles/GitPull/tasks/playbooks/Premier-PRODA.retry'

Note:

The jenkins server does not require IAM user credentials as it already has EC2 IAM role attached to it, which allows it to assume poweruser role for doing gitpull across different accounts.

Multi-Boot Strap Powershell again

<powershell>

$Role = "Powerweb"

$Environment = "PROD-A"

$DeployScriptPath = '\\10.130.0.215\temp_share\tmp\userdata-scripts'

New-Item C:\Install -type directory

Copy-Item $DeployScriptPath\ec2-userdata-13082018.ps1 C:\Install

& C:\Install\ec2-userdata-13082018.ps1.ps1 -Role $Role -Environment $Environment

</powershell>

<powershell>
Param(
   [string]$Role, [string]$Environment
)

Set-ExecutionPolicy -Force Unrestricted

#Set source directory for install and pre-requisite files
#
$source = "C:\Deployment"
if(!(Test-Path -Path $source )){
    New-Item -ItemType directory -Path $source
}

#start Logging
Start-Transcript -Path $source\Bootstrap.txt

#initialize new Volumes Win 2016
if((Test-Path -Path C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts)){
    C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeDisks.ps1
}

If (Test-Path -Path "D:\"){
  Set-Volume -DriveLetter D -NewFileSystemLabel Data
}

If (Test-Path "E:\"){
  Set-Volume -DriveLetter E -NewFileSystemLabel Logs
}

#Install Windows Tools and Features
#
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module -Name 'Carbon' -AllowClobber -Force

Import-Module ServerManager

Install-WindowsFeature Web-Server,Web-Http-Redirect,Web-Custom-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Dyn-Compression,Web-Basic-Auth,Web-IP-Security,Web-Url-Auth,Web-Windows-Auth,Web-Net-Ext45,Web-Asp-Net45,Web-AppInit,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Mgmt-Console,Web-Mgmt-Tools,Web-Mgmt-Compat,Web-Metabase,Web-Lgcy-Mgmt-Console,Web-Lgcy-Scripting,Web-WMI,Web-Scripting-Tools,Web-Mgmt-Service,smtp-server
Add-WindowsFeature NET-WCF-HTTP-Activation45, NET-HTTP-Activation

Import-Module 'Carbon'
Import-Module AWSPowerShell

#Copy pre-requisite Files and Scripts
#
robocopy /MIR /NFL /NDL /Z \\10.130.0.215\Common\Scripts\Common $source
robocopy /MIR /NFL /NDL /Z \\10.130.0.215\temp_share\tmp\configs $source\API
robocopy /MIR /NFL /NDL /Z \\10.130.0.215\Common\Tools\AppDynamics\dotNetAgent $source\AppDynamics

Copy-Item \\10.130.0.215\Common\Tools\ConnectPerformanceCounterCategoryInstall.exe $source -Verbose

#Functions will be split from the main file and used later
#
#Import Functions
#. $source\IIS.ps1
#. $source\Misc.ps1
. $source\InstallOctopus.ps1
#. $source\Functions.ps1


#Set default region for AWS cli tools
#
$instance_az = Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/placement/availability-zone
$instance_region = $instance_az.Substring(0,$instance_az.Length-1)
Set-DefaultAWSRegion -Region $instance_region

#Update Hostname Tag in AWS
#
$hostname = $env:COMPUTERNAME
$aws_instance =  Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/instance-id

$tag = New-Object Amazon.EC2.Model.Tag
$tag.Key = "Hostname"
$tag.Value = $hostname
New-EC2Tag -Resource $aws_instance -Tag $tag

### Will have a join domain function in CFN
#
#Add instance to AD
$username = 'tt.local\softixdomainaccount'
$password = 'PA$$word70'
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr
Add-Computer -DomainName tt.local -OUPath "OU=AWS,OU=Computers,OU=TT-Managed,DC=tt,DC=local" -Force -Credential $cred
"complete join to domain"

### Add domain users to local Administrators
#
$users = @("softixdomainaccount","Appadmin Security","TT Server Desktop Administrators")

$group = [ADSI]("WinNT://$hostname/Administrators,group")
$groupname = $group.PSBase.Name

<#
#
#$user1 = [ADSI]("WinNT://tt.local/softixdomainaccount")
#$user2 = [ADSI]("WinNT://tt.local/Appadmin Security")
#$$user3 = [ADSI]("WinNT://tt.local/TT Server Desktop Administrators")
#$users = $user1,$user2,$user3
#"add users to admin group"
#"$user1"
#"$user2"
#"$user3"
#
#>

$membersObj = @($group.psbase.Invoke("Members"))
$members = ($membersObj | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)})

ForEach ($user in $users) {
$userads = [ADSI]("WinNT://tt.local/$user")
$name = $userads.PSBase.Name
If ($members -contains $userads.PSBase.Name ){
     Write-Host "$name exists in the group $groupname"
}
Else {
       Write-Host "$name not exists in the group $groupname"
       "add users to admin group"
       "$name has been added to the $group"
       $group.PSBase.Invoke("Add",$userads.PSBase.Path)
}
}

#Set instance System Locale
#
Import-Module International

tzutil /s "AUS Eastern Standard Time"

$currentlist = Get-WinUserLanguageList
$currentlist | ForEach-Object {if(($_.LanguageTag -ne "en-AU") -and ($_.LanguageTag -ne "en-US")){exit}}

Set-WinUserLanguageList en-AU -Force
Set-WinSystemLocale en-AU
Set-Culture en-AU

#Enable Remoting
#
Enable-PSRemoting

#Create Default Site Directories
New-Item D:\Ticketek\ -type directory
New-Item E:\Weblogs -type directory
New-Item E:\Logs -type directory  # to do, work out how to do permissions to .\IIS_IUSRS
New-Item D:\Common\LoadBalancer -type directory
New-Item D:\Common\LoadBalancer -Name "index.html" -type file

#Change ACL for new volumes
#
$Paths = @("E:\","D:\")

ForEach ($Path in $Paths) {
  $Acl = (Get-Item $Path).GetAccessControl('Access')
  $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("everyone","modify","ContainerInherit,Objectinherit","none","Allow")
  $Acl.SetAccessRule($Ar)
  $Acl | Set-Acl $Path
}


Remove-WebAppPool '.NET v4.5'
Remove-WebAppPool '.NET v4.5 Classic'

Set-WebConfigurationProperty "/system.applicationHost/sites/siteDefaults" -name logfile.directory -value E:\Weblogs

$p = (Get-Item IIS:\AppPools\DefaultAppPool)
$p.managedRunTimeVersion = ''
$p | Set-Item

Stop-Website -name 'Default Web Site'
Rename-Item 'IIS:\Sites\Default Web Site' 'Load Balancer'
Set-ItemProperty 'IIS:\Sites\Load Balancer' -Name bindings -Value @{protocol="http";bindingInformation="*:8000:"}
Set-ItemProperty 'IIS:\Sites\Load Balancer' -Name physicalPath -Value D:\Common\LoadBalancer
Set-ItemProperty 'IIS:\Sites\Load Balancer' -Name applicationPool -Value 'DefaultAppPool'
Set-ItemProperty 'IIS:\Sites\Load Balancer' -Name id -Value 1
Start-Website -name 'Load Balancer'

New-NetFirewallRule -DisplayName 'Load Balancer' -Direction Inbound -Protocol TCP -LocalPort 8000 -Action Allow
New-NetFirewallRule -DisplayName 'Octopus Tentacle' -Direction Inbound -Protocol TCP -LocalPort 10933 -Action Allow
New-NetFirewallRule -DisplayName 'SMB' -Direction Inbound -Protocol TCP -LocalPort 445 -Action Allow


Copy-Item \\10.130.0.215\Common\Utilities\IncreasePerformanceCounters.ps1 $source -Verbose

$regfiles = @("db_aliases-production.reg","localisation_au.reg","tls_1_2_change_for_NET_Apps.reg")
$utilpath = "\\10.130.0.215\Common\Utilities"
Foreach ($regfile in $regfiles)
{
  Copy-Item $utilpath\$regfile $source -Verbose
  regedit /s $source\$regfile
}

C:\Deployment\IncreasePerformanceCounters.ps1

##Install Chrome and notepad++
write-host "########## Installing Git, Notepad++ and Chrome ##########"

$nppUrl = "https://notepad-plus-plus.org/repository/7.x/7.5.8/npp.7.5.8.Installer.x64.exe"
$chromeUrl = "http://dl.google.com/chrome/install/375.126/chrome_installer.exe"
$nppoutput = "C:\Deployment\npp.exe"
$chromeoutput = "C:\Deployment\ChromeSetup.exe"
$wc = New-Object System.Net.WebClient
$wc.Headers.Add("user-agent", "PowerShell")
$wc.DownloadFile($nppUrl, $nppoutput)
$wc.DownloadFile($chromeUrl, $chromeoutput)

Start-Process -FilePath "C:\Deployment\npp.exe" /S -Wait
Start-Process -FilePath "C:\Deployment\ChromeSetup.exe" -Args "/silent /install" -Verb RunAs -Wait
#end installation

## Install connect Performance Counter for all App with connection to the Origin
#
C:\Deployment\ConnectPerformanceCounterCategoryInstall.exe
#end installation

#Set config path for SumoLogic and AppDynamics
#
$rolecfg = $Role.replace(' ','')
$configPath = "C:\Deployment\API\$rolecfg"

#Installing and configuring Sumo Logic
#
write-host "########## Install Sumologic Collector ##########"
#
New-Item -ItemType directory -Path $source\Sumo
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12'
Invoke-WebRequest 'https://collectors.sumologic.com/rest/download/win64' -outfile 'C:\Deployment\Sumo\SumoCollector.exe'

C:\Deployment\Sumo\SumoCollector.exe -console -q "-VskipRegistration=true" "-Vsumo.accessid=suf85JGx5cAUUq" "-Vsumo.accesskey=p32H3qFUErPdSQuxsgVBVT6VeVT6aXKqm1e3sRebNiWgJ95QUB8lYfKkWMmn3E2W" "-Vsources=" + $configPath + "\\" + $rolecfg + ".json"
timeout 30
start-service sumo-collector

#Installing and configuring AppDynamics
#
write-host " Installing App Dynamics..."
#
#Installs the .NET and Machine AppDynamics Agents
#Function requires the config parameter config to be specified. This dictates which .xml configuration file it will use to create the correct Application Tier for the dotNetAgent.
#
#Install-AppDynamics -config $Role
#

$tempDir = "C:\windows\temp"
$sourcePath = "C:\Deployment\AppDynamics"
$installer = "$sourcePath\dotNetAgentSetup.msi"
$configFile = $configPath + "\" + $rolecfg + ".xml"

$options = "/q /norestart /l $tempDir\AgentInstaller.log AD_SetupFile=$configFile"
$msiInstall = "/i $installer $options"
echo "start-process msiexec $msiInstall -wait"
start-process msiexec $msiInstall -wait
iisreset /noforce

## disabling Real Time Scan for Windows Defender - Applicable only for Windows 16 (Defender is not available on Windows 12)
Set-MpPreference -DisableRealtimeMonitoring 1 #toggle Real-time Protection ON/OFF
$preferences = Get-MpPreference #gets preferences for the Windows Defender scans and updates
$status = $preferences.DisableRealtimeMonitoring #store current status of Real-time Protection in $status
Write-host " "
if ($status) {
   Write-host "Real-time Protection is  OFF"
} Else {
   Write-host "Real-time Protection is  ON"
}
Write-host " "

####*********** SOME EXTRAS ***********###

#### Install a tentacle and create a role for Octopus server Using Cloud Formation ####

If (($Role -ne "NONE") -and ($Environment -ne "NONE")) {
Write-Host "Role is " $Role
Write-Host "Environment is " $Environment
InstallOctopus -Role $Role -Environments $Environment
}

# Stop logging
Stop-Transcript

Restart-Computer -Force

</powershell>