Merge pull request #162 from Sitecore/sxp/10.4.1.012149.2344

Update 10.4 SXP Sitecore Container Deployment to 10.4.1.012149.2344

Author: sc-fotisniarchos

compose/sxp/10.4/ltsc2019/upgrade/xm1/compose-init.ps1

@@ -50,7 +50,16 @@ Param (
 
     [string]
     $CertDataFolder = ".\traefik\certs",
-    
+
+    [string]
+    $IdFolder = ".\id",
+
+    [string]
+    $SqlServerFolder = ".\mssql",
+
+    [string]
+    $SqlServerCertificatePassword = "Password12345",
+
     [string]
     $SpecificVersion
 )
@@ -116,7 +125,11 @@ function Create-Certificates{
         [string]$Topology,
         [string]$CdHost,
         [string]$CmHost,
-        [string]$IdHost
+        [string]$IdHost,
+        [string]$IdFolder,
+        [string]$MsSql,
+        [string]$MsSqlFolder,
+        [string]$MsSqlCertPswd
     )
 
     Write-Information -MessageData "Starting create certificates for '$Topology' topology..." -InformationAction Continue
@@ -136,7 +149,18 @@ function Create-Certificates{
 		$rootKey = Create-RSAKey -KeyLength 4096
 		$rootCertificate = Create-SelfSignedCertificate -Key $rootKey
 		Create-CertificateFile -Certificate $rootCertificate -OutCertPath "$CertDataFolder\RootCA.crt"
-		
+
+        # Copy RootCA.crt into id\cert
+        Copy-Item "$CertDataFolder\RootCA.crt" -Destination "$IdFolder\certs"
+
+        $securePswd = (ConvertTo-SecureString -String $MsSqlCertPswd -Force -AsPlainText)
+        $signerCertificate = Import-CertificateForSigning -SignerCertificate $rootCertificate -SignerCertificatePassword $securePswd
+
+        # Create Sql Server Certificate and Key as PFX file
+        $msSqlCertPath = [System.IO.Path]::Combine((Get-Location), "$MsSqlFolder\certs\$MsSql.pfx")
+        $mssqlCertificate = Create-SqlServerCertificate -CommonName $MsSql -DnsName $MsSql -SignerCertificate $signerCertificate
+        Create-PfxFile -Certificate $mssqlCertificate -OutCertPath $msSqlCertPath -Password $securePswd
+
 		# Create Certificate and Key files for each Sitecore role
 		$dnsNames | ForEach-Object {
             $selfSignedKey = Create-RSAKey
@@ -246,6 +270,7 @@ function Invoke-ComposeInit {
         "SQL_SERVER" = $SqlServer
         "SQL_USERNAME" = $SqlUserName
         "SQL_PASSWORD" = $SqlSaPassword
+        "SQL_TLS_CERTIFICATE_PASSWORD" = $SqlServerCertificatePassword
         "IS_ALWAYS_ENCRYPTED" = $IsAlwaysEncrypted
         "PROCESSING_ENGINE_TASKS_DATABASE_USERNAME" = $ProcessingEngineTasksDatabaseUserName
         "CD_HOST" = $CdHost
@@ -269,7 +294,7 @@ function Invoke-ComposeInit {
         Populate-EnvironmentFile -EnvFilePath $EnvFilePath -EnvVariablesTable $envVariablesTable
 
         # Configure TLS/HTTPS certificates
-        $RootCertificateCreated = Create-Certificates -CertDataFolder $CertDataFolder -Topology $Topology -CdHost $CdHost -CmHost $CmHost -IdHost $IdHost
+        $RootCertificateCreated = Create-Certificates -CertDataFolder $CertDataFolder -Topology $Topology -CdHost $CdHost -CmHost $CmHost -IdHost $IdHost -IdFolder $IdFolder -MsSql $SqlServer -MsSqlFolder $SqlServerFolder -MsSqlCertPswd $SqlServerCertificatePassword
 
         # The update for the certs_config.yaml file is if Certificates were created for the custom hostnames.
         if ($RootCertificateCreated){

compose/sxp/10.4/ltsc2019/upgrade/xm1/upgrade.env

@@ -6,6 +6,6 @@ SQL_SERVER=
 SQL_USERNAME=
 SQL_PASSWORD=
 DATABASE_UPGRADE_FROM_VERSION=10.3.0
-DATABASE_UPGRADE_TO_VERSION=10.4.0
+DATABASE_UPGRADE_TO_VERSION=10.4.1
 SITECORE_LICENSE=
 ISOLATION=default

compose/sxp/10.4/ltsc2019/upgrade/xp1/compose-init.ps1

@@ -50,7 +50,16 @@ Param (
 
     [string]
     $CertDataFolder = ".\traefik\certs",
-    
+
+    [string]
+    $IdFolder = ".\id",
+
+    [string]
+    $SqlServerFolder = ".\mssql",
+
+    [string]
+    $SqlServerCertificatePassword = "Password12345",
+
     [string]
     $SpecificVersion
 )
@@ -116,7 +125,11 @@ function Create-Certificates{
         [string]$Topology,
         [string]$CdHost,
         [string]$CmHost,
-        [string]$IdHost
+        [string]$IdHost,
+        [string]$IdFolder,
+        [string]$MsSql,
+        [string]$MsSqlFolder,
+        [string]$MsSqlCertPswd
     )
 
     Write-Information -MessageData "Starting create certificates for '$Topology' topology..." -InformationAction Continue
@@ -136,7 +149,18 @@ function Create-Certificates{
 		$rootKey = Create-RSAKey -KeyLength 4096
 		$rootCertificate = Create-SelfSignedCertificate -Key $rootKey
 		Create-CertificateFile -Certificate $rootCertificate -OutCertPath "$CertDataFolder\RootCA.crt"
-		
+
+        # Copy RootCA.crt into id\cert
+        Copy-Item "$CertDataFolder\RootCA.crt" -Destination "$IdFolder\certs"
+
+        $securePswd = (ConvertTo-SecureString -String $MsSqlCertPswd -Force -AsPlainText)
+        $signerCertificate = Import-CertificateForSigning -SignerCertificate $rootCertificate -SignerCertificatePassword $securePswd
+
+        # Create Sql Server Certificate and Key as PFX file
+        $msSqlCertPath = [System.IO.Path]::Combine((Get-Location), "$MsSqlFolder\certs\$MsSql.pfx")
+        $mssqlCertificate = Create-SqlServerCertificate -CommonName $MsSql -DnsName $MsSql -SignerCertificate $signerCertificate
+        Create-PfxFile -Certificate $mssqlCertificate -OutCertPath $msSqlCertPath -Password $securePswd
+
 		# Create Certificate and Key files for each Sitecore role
 		$dnsNames | ForEach-Object {
             $selfSignedKey = Create-RSAKey
@@ -246,6 +270,7 @@ function Invoke-ComposeInit {
         "SQL_SERVER" = $SqlServer
         "SQL_USERNAME" = $SqlUserName
         "SQL_PASSWORD" = $SqlSaPassword
+        "SQL_TLS_CERTIFICATE_PASSWORD" = $SqlServerCertificatePassword
         "IS_ALWAYS_ENCRYPTED" = $IsAlwaysEncrypted
         "PROCESSING_ENGINE_TASKS_DATABASE_USERNAME" = $ProcessingEngineTasksDatabaseUserName
         "CD_HOST" = $CdHost
@@ -269,7 +294,7 @@ function Invoke-ComposeInit {
         Populate-EnvironmentFile -EnvFilePath $EnvFilePath -EnvVariablesTable $envVariablesTable
 
         # Configure TLS/HTTPS certificates
-        $RootCertificateCreated = Create-Certificates -CertDataFolder $CertDataFolder -Topology $Topology -CdHost $CdHost -CmHost $CmHost -IdHost $IdHost
+        $RootCertificateCreated = Create-Certificates -CertDataFolder $CertDataFolder -Topology $Topology -CdHost $CdHost -CmHost $CmHost -IdHost $IdHost -IdFolder $IdFolder -MsSql $SqlServer -MsSqlFolder $SqlServerFolder -MsSqlCertPswd $SqlServerCertificatePassword
 
         # The update for the certs_config.yaml file is if Certificates were created for the custom hostnames.
         if ($RootCertificateCreated){

compose/sxp/10.4/ltsc2019/upgrade/xp1/upgrade.env

@@ -8,6 +8,6 @@ SQL_PASSWORD=
 IS_ALWAYS_ENCRYPTED=
 PROCESSING_ENGINE_TASKS_DATABASE_USERNAME=
 DATABASE_UPGRADE_FROM_VERSION=10.3.0
-DATABASE_UPGRADE_TO_VERSION=10.4.0
+DATABASE_UPGRADE_TO_VERSION=10.4.1
 SITECORE_LICENSE=
 ISOLATION=default

compose/sxp/10.4/ltsc2019/xm1/.env

@@ -1,13 +1,15 @@
 COMPOSE_PROJECT_NAME=sitecore-xm1
 SITECORE_DOCKER_REGISTRY=scr.sitecore.com/sxp/
 SITECORE_VERSION=10.4-ltsc2019
+SITECORE_ID_VERSION=8.0-ltsc2019
 EXTERNAL_IMAGE_TAG_SUFFIX=ltsc2019
 SITECORE_ADMIN_PASSWORD=
 SQL_SERVER=mssql
 SQL_SA_LOGIN=sa
 SQL_SA_PASSWORD=
 SQL_DATABASE_PREFIX=Sitecore
 SQL_CUSTOM_DATABASE_PREFIX_UPDATE_FROM=
+SQL_TLS_CERTIFICATE_PASSWORD=
 TELERIK_ENCRYPTION_KEY=
 SITECORE_GRAPHQL_ENABLED=true
 SITECORE_GRAPHQL_EXPOSEPLAYGROUND=false

compose/sxp/10.4/ltsc2019/xm1/compose-init.ps1

@@ -50,7 +50,16 @@ Param (
 
     [string]
     $CertDataFolder = ".\traefik\certs",
-    
+
+    [string]
+    $IdFolder = ".\id",
+
+    [string]
+    $SqlServerFolder = ".\mssql",
+
+    [string]
+    $SqlServerCertificatePassword = "Password12345",
+
     [string]
     $SpecificVersion
 )
@@ -116,7 +125,11 @@ function Create-Certificates{
         [string]$Topology,
         [string]$CdHost,
         [string]$CmHost,
-        [string]$IdHost
+        [string]$IdHost,
+        [string]$IdFolder,
+        [string]$MsSql,
+        [string]$MsSqlFolder,
+        [string]$MsSqlCertPswd
     )
 
     Write-Information -MessageData "Starting create certificates for '$Topology' topology..." -InformationAction Continue
@@ -136,7 +149,18 @@ function Create-Certificates{
 		$rootKey = Create-RSAKey -KeyLength 4096
 		$rootCertificate = Create-SelfSignedCertificate -Key $rootKey
 		Create-CertificateFile -Certificate $rootCertificate -OutCertPath "$CertDataFolder\RootCA.crt"
-		
+
+        # Copy RootCA.crt into id\cert
+        Copy-Item "$CertDataFolder\RootCA.crt" -Destination "$IdFolder\certs"
+
+        $securePswd = (ConvertTo-SecureString -String $MsSqlCertPswd -Force -AsPlainText)
+        $signerCertificate = Import-CertificateForSigning -SignerCertificate $rootCertificate -SignerCertificatePassword $securePswd
+
+        # Create Sql Server Certificate and Key as PFX file
+        $msSqlCertPath = [System.IO.Path]::Combine((Get-Location), "$MsSqlFolder\certs\$MsSql.pfx")
+        $mssqlCertificate = Create-SqlServerCertificate -CommonName $MsSql -DnsName $MsSql -SignerCertificate $signerCertificate
+        Create-PfxFile -Certificate $mssqlCertificate -OutCertPath $msSqlCertPath -Password $securePswd
+
 		# Create Certificate and Key files for each Sitecore role
 		$dnsNames | ForEach-Object {
             $selfSignedKey = Create-RSAKey
@@ -246,6 +270,7 @@ function Invoke-ComposeInit {
         "SQL_SERVER" = $SqlServer
         "SQL_USERNAME" = $SqlUserName
         "SQL_PASSWORD" = $SqlSaPassword
+        "SQL_TLS_CERTIFICATE_PASSWORD" = $SqlServerCertificatePassword
         "IS_ALWAYS_ENCRYPTED" = $IsAlwaysEncrypted
         "PROCESSING_ENGINE_TASKS_DATABASE_USERNAME" = $ProcessingEngineTasksDatabaseUserName
         "CD_HOST" = $CdHost
@@ -269,7 +294,7 @@ function Invoke-ComposeInit {
         Populate-EnvironmentFile -EnvFilePath $EnvFilePath -EnvVariablesTable $envVariablesTable
 
         # Configure TLS/HTTPS certificates
-        $RootCertificateCreated = Create-Certificates -CertDataFolder $CertDataFolder -Topology $Topology -CdHost $CdHost -CmHost $CmHost -IdHost $IdHost
+        $RootCertificateCreated = Create-Certificates -CertDataFolder $CertDataFolder -Topology $Topology -CdHost $CdHost -CmHost $CmHost -IdHost $IdHost -IdFolder $IdFolder -MsSql $SqlServer -MsSqlFolder $SqlServerFolder -MsSqlCertPswd $SqlServerCertificatePassword
 
         # The update for the certs_config.yaml file is if Certificates were created for the custom hostnames.
         if ($RootCertificateCreated){

compose/sxp/10.4/ltsc2019/xm1/docker-compose.yml

@@ -34,14 +34,19 @@ services:
     isolation: ${ISOLATION}
     image: ${SITECORE_DOCKER_REGISTRY}nonproduction/mssql-developer:2022-${EXTERNAL_IMAGE_TAG_SUFFIX}
     environment:
+      NAME: ${SQL_SERVER}
       SA_PASSWORD: ${SQL_SA_PASSWORD}
+      TLS_CERTIFICATE_PASSWORD: ${SQL_TLS_CERTIFICATE_PASSWORD}
       ACCEPT_EULA: "Y"
     ports:
       - "14330:1433"
     volumes:
       - type: bind
         source: .\mssql-data
         target: c:\data
+      - type: bind
+        source: .\mssql\certs
+        target: c:\certs
   mssql-init:
     isolation: ${ISOLATION}
     image: ${SITECORE_DOCKER_REGISTRY}sitecore-xm1-mssql-init:${SITECORE_VERSION}
@@ -62,7 +67,7 @@ services:
         condition: service_healthy
   solr:
     isolation: ${ISOLATION}
-    image: ${SITECORE_DOCKER_REGISTRY}nonproduction/solr:8.11.2-${EXTERNAL_IMAGE_TAG_SUFFIX}
+    image: ${SITECORE_DOCKER_REGISTRY}nonproduction/solr:9.8.1-${EXTERNAL_IMAGE_TAG_SUFFIX}
     ports:
       - "8984:8983"
     volumes:
@@ -72,7 +77,7 @@ services:
     environment:
       SOLR_MODE: solrcloud
     healthcheck:
-      test: ["CMD", "powershell", "-command", "try { $$statusCode = (iwr http://solr:8983/solr/admin/cores?action=STATUS -UseBasicParsing).StatusCode; if ($$statusCode -eq 200) { exit 0 } else { exit 1} } catch { exit 1 }"]
+      test: ["CMD", "powershell", "-command", "try { $$statusCode = (iwr http://solr:8983/solr/admin/collections?action=LIST -UseBasicParsing).StatusCode; if ($$statusCode -eq 200) { exit 0 } else { exit 1} } catch { exit 1 }"]
   solr-init:
     isolation: ${ISOLATION}
     image: ${SITECORE_DOCKER_REGISTRY}sitecore-xm1-solr-init:${SITECORE_VERSION}
@@ -84,9 +89,9 @@ services:
         condition: service_healthy
   id:
     isolation: ${ISOLATION}
-    image: ${SITECORE_DOCKER_REGISTRY}sitecore-id7:${SITECORE_VERSION}
+    image: ${SITECORE_DOCKER_REGISTRY}sitecore-identity:${SITECORE_ID_VERSION}
     environment:
-      Sitecore_Sitecore__IdentityServer__SitecoreMemberShipOptions__ConnectionString: Data Source=${SQL_SERVER};Initial Catalog=${SQL_DATABASE_PREFIX}.Core;User ID=${SQL_SA_LOGIN};Password=${SQL_SA_PASSWORD}
+      Sitecore_Sitecore__IdentityServer__SitecoreMemberShipOptions__ConnectionString: Data Source=${SQL_SERVER};Initial Catalog=${SQL_DATABASE_PREFIX}.Core;User ID=${SQL_SA_LOGIN};Password=${SQL_SA_PASSWORD};Encrypt=true;TrustServerCertificate=false;
       Sitecore_Sitecore__IdentityServer__AccountOptions__PasswordRecoveryUrl: https://${CM_HOST}/sitecore/login?rc=1
       Sitecore_Sitecore__IdentityServer__Clients__PasswordClient__ClientSecrets__ClientSecret1: ${SITECORE_IDSECRET}
       Sitecore_Sitecore__IdentityServer__Clients__DefaultClient__AllowedCorsOrigins__AllowedCorsOriginsGroup1: https://${CM_HOST}
@@ -105,6 +110,10 @@ services:
       - "traefik.http.routers.id-secure.entrypoints=websecure"
       - "traefik.http.routers.id-secure.rule=Host(`${ID_HOST}`)"
       - "traefik.http.routers.id-secure.tls=true"
+    volumes:
+      - type: bind
+        source: .\id\certs
+        target: c:\certs
   cd:
     isolation: ${ISOLATION}
     image: ${SITECORE_DOCKER_REGISTRY}sitecore-xm1-cd:${SITECORE_VERSION}

compose/sxp/10.4/ltsc2019/xm1/id/certs/readme

@@ -0,0 +1,2 @@
+Add a CA certificate to the trusted root store:
+    RootCA.crt

compose/sxp/10.4/ltsc2019/xm1/mssql/certs/readme

@@ -0,0 +1,2 @@
+Add TLS certificates for the mssql service to this folder:
+    mssql.pfx

compose/sxp/10.4/ltsc2019/xp0/.env

@@ -1,13 +1,15 @@
 COMPOSE_PROJECT_NAME=sitecore-xp0
 SITECORE_DOCKER_REGISTRY=scr.sitecore.com/sxp/
 SITECORE_VERSION=10.4-ltsc2019
+SITECORE_ID_VERSION=8.0-ltsc2019
 EXTERNAL_IMAGE_TAG_SUFFIX=ltsc2019
 SITECORE_ADMIN_PASSWORD=
 SQL_SERVER=mssql
 SQL_SA_LOGIN=sa
 SQL_SA_PASSWORD=
 SQL_DATABASE_PREFIX=Sitecore
 SQL_CUSTOM_DATABASE_PREFIX_UPDATE_FROM=
+SQL_TLS_CERTIFICATE_PASSWORD=
 TELERIK_ENCRYPTION_KEY=
 SITECORE_GRAPHQL_ENABLED=true
 SITECORE_GRAPHQL_EXPOSEPLAYGROUND=false