REDCap configuration fixes: cron and SMTP (#75)

* Minor enhancements to deploy.ps1 * startup.sh compatibility with PHP 8.2 * Bicep enhancements for web app * Allow SMTP configuration using parameters * Remove dead code
microsoft · Mar 20, 2024 · ffa5130 · ffa5130
1 parent 08400c5
commit ffa5130
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 11 deletions.
diff --git a/deploy.ps1 b/deploy.ps1
@@ -17,7 +17,7 @@ Param(
 # Define common parameters for the New-AzDeployment cmdlet
 [hashtable]$CmdLetParameters = @{
     Location     = $Location
-    TemplateFile = '.\main.bicep'
+    TemplateFile = './main.bicep'
 }
 
 # Convert the .bicepparam file to JSON to read values that will be used to construct the deployment name
@@ -56,7 +56,7 @@ Import-Module .\scripts\PowerShell\Generate-Password.psm1
 [securestring]$SqlPassword = New-RandomPassword 25
 
 # Remove the Generate-Password module from the session
-Remove-module Generate-Password
+Remove-Module Generate-Password
 
 $CmdLetParameters.Add('sqlPassword', $SqlPassword)
 
@@ -66,6 +66,8 @@ $DeploymentResult = New-AzDeployment @CmdLetParameters
 # Evaluate the deployment results
 if ($DeploymentResult.ProvisioningState -eq 'Succeeded') {
     Write-Host "🔥 Deployment succeeded."
+
+    $DeploymentResult.Outputs
 }
 else {
     $DeploymentResult

diff --git a/main-sample.bicepparam b/main-sample.bicepparam
@@ -28,6 +28,14 @@ param redcapCommunityPassword = '<Valid Redcap Community Password>'
 param scmRepoUrl = 'https://github.com/Microsoft/azure-redcap-paas'
 param scmRepoBranch = 'main'
 
+// Specify the values for the SMTP host REDCap will use to send emails.
+// These values may be left blank if you will not use SMTP for email notifications.
+param smtpFQDN = '<Specify valid SMTP FQDN>'
+// Be aware of possible restrictions to using SMTP port 25 in Azure.
+// See https://learn.microsoft.com/azure/virtual-network/troubleshoot-outbound-smtp-connectivity
+param smtpPort = '587'
+param smtpFromEmailAddress = '<Specify valid SMTP From Email Address>'
+
 // ** Do not specify anything here! **
 // This parameter is required to ensure the parameter file is valid, but should be blank so the password doesn't leak. 
 // A new password is generated for each deployment and stored in Key Vault.

diff --git a/main.bicep b/main.bicep
@@ -39,16 +39,24 @@ param scmRepoUrl string = 'https://github.com/microsoft/azure-redcap-paas'
 @description('Github Repo Branch where build scripts are downloaded from')
 param scmRepoBranch string = 'main'
 @description('The command before build to be run on the web app with an elevated privilege. This is used to install the required packages for REDCap operation.')
-param prerequisiteCommand string = 'apt-get install unzip sendmail cron -y'
+param prerequisiteCommand string = '/home/startup.sh'
 
 param deploymentTime string = utcNow()
 
 @description('The password to use for the MySQL Flexible Server admin account \'sqladmin\'.')
 @secure()
 param sqlPassword string
 
+@description('The MySQL Flexible Server admin user account name. Defaults to \'sqladmin\'.')
 param sqlAdmin string = 'sqladmin'
 
+@description('The outgoing SMTP server FQDN or IP address.')
+param smtpFQDN string = ''
+@description('The outgoing SMTP server port.')
+param smtpPort string = ''
+@description('The email address to use as the sender for outgoing emails.')
+param smtpFromEmailAddress string = ''
+
 var sequenceFormatted = format('{0:00}', sequence)
 var rgNamingStructure = replace(replace(replace(replace(replace(namingConvention, '{rtype}', 'rg'), '{workloadName}', '${workloadName}-{rgName}'), '{loc}', location), '{seq}', sequenceFormatted), '{env}', environment)
 var vnetName = nameModule[0].outputs.shortName
@@ -388,6 +396,10 @@ module webAppModule './modules/webapp/main.bicep' = {
     scmRepoBranch: scmRepoBranch
     prerequisiteCommand: prerequisiteCommand
 
+    smtpFQDN: smtpFQDN
+    smtpFromEmailAddress: smtpFromEmailAddress
+    smtpPort: smtpPort
+
     deploymentNameStructure: deploymentNameStructure
 
     uamiId: uamiModule.outputs.id

diff --git a/modules/webapp/main.bicep b/modules/webapp/main.bicep
@@ -16,6 +16,10 @@ param privateDnsZoneName string
 param virtualNetworkId string
 param integrationSubnetId string
 
+param smtpFQDN string = ''
+param smtpPort string = ''
+param smtpFromEmailAddress string = ''
+
 #disable-next-line secure-secrets-in-params
 param storageAccountKeySecretRef string
 param storageAccountName string
@@ -36,7 +40,7 @@ param prerequisiteCommand string
 
 param uamiId string
 
-// Disabling this check because this is no longer a secret; it's a reference to Key Vault
+// Disabling this check because this is not a secret; it's a reference to Key Vault
 #disable-next-line secure-secrets-in-params
 param dbPasswordSecretRef string
 
@@ -77,6 +81,10 @@ module appService 'webapp.bicep' = {
     storageAccountKeySecretRef: storageAccountKeySecretRef
     storageAccountName: storageAccountName
 
+    smtpFQDN: smtpFQDN
+    smtpFromEmailAddress: smtpFromEmailAddress
+    smtpPort: smtpPort
+
     uamiId: uamiId
   }
 }

diff --git a/modules/webapp/webapp.bicep b/modules/webapp/webapp.bicep
@@ -23,12 +23,17 @@ param redcapCommunityUsernameSecretRef string
 #disable-next-line secure-secrets-in-params
 param redcapCommunityPasswordSecretRef string
 param scmRepoUrl string
-param scmRepoBranch string = 'main'
+param scmRepoBranch string
 param prerequisiteCommand string
 
 param appInsights_connectionString string
 param appInsights_instrumentationKey string
 
+param smtpFQDN string = ''
+param smtpPort string = ''
+param smtpFromEmailAddress string = ''
+
+// This is not a secret, it's a Key Vault reference
 #disable-next-line secure-secrets-in-params
 param storageAccountKeySecretRef string
 param storageAccountName string
@@ -105,15 +110,15 @@ resource webApp 'Microsoft.Web/sites@2022-03-01' = {
         }
         {
           name: 'smtpFQDN'
-          value: ''
+          value: smtpFQDN
         }
         {
           name: 'smtpPort'
-          value: ''
+          value: smtpPort
         }
         {
           name: 'fromEmailAddress'
-          value: ''
+          value: smtpFromEmailAddress
         }
         {
           name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
@@ -154,14 +159,25 @@ resource webApp 'Microsoft.Web/sites@2022-03-01' = {
   }
 }
 
-resource webSiteName_web 'Microsoft.Web/sites/sourcecontrols@2022-09-01' = {
+// SCM Basic Authentication is required when using the App Service Build Service
+// Per https://learn.microsoft.com/en-us/azure/app-service/deploy-continuous-deployment?tabs=github%2Cappservice#what-are-the-build-providers
+resource basicScmCredentials 'Microsoft.Web/sites/basicPublishingCredentialsPolicies@2023-01-01' = {
+  parent: webApp
+  name: 'scm'
+  properties: {
+    allow: true
+  }
+}
+
+resource sourcecontrol 'Microsoft.Web/sites/sourcecontrols@2022-09-01' = {
   parent: webApp
   name: 'web'
   properties: {
     repoUrl: scmRepoUrl
     branch: scmRepoBranch
     isManualIntegration: true
   }
+  dependsOn: [ privateDnsZoneGroupsWebApp ]
 }
 
 resource peWebApp 'Microsoft.Network/privateEndpoints@2022-07-01' = {

diff --git a/scripts/bash/startup.sh b/scripts/bash/startup.sh
@@ -1,11 +1,20 @@
 #!/bin/bash
-
+
+echo "Custom container startup"
+
+####################################################################################
+#
+# Install required packages in container
+#
+####################################################################################
+
+apt-get update -qq && apt-get install sendmail cron -yqq
 
 ####################################################################################
 #
 # Configure REDCap cronjob to run every minute
 #
 ####################################################################################
 
-echo "* * * * * /usr/local/bin/php /home/site/wwwroot/cron.php > /dev/null" >> /etc/crontab
 service cron start
+(crontab -l 2>/dev/null; echo "* * * * * /usr/local/bin/php /home/site/wwwroot/cron.php > /dev/null")|crontab