From cb151e74bb99206890ed01e6e5b5bbb1cd0584be Mon Sep 17 00:00:00 2001 From: Jan Egil Ring Date: Thu, 2 Nov 2023 22:14:24 +0100 Subject: [PATCH 1/4] Updated installations for Azure CLI and Azure PowerShell Signed-off-by: Jan Egil Ring --- .../privatelink/artifacts/Bootstrap.ps1 | 48 ++++++------------- 1 file changed, 15 insertions(+), 33 deletions(-) diff --git a/azure_arc_servers_jumpstart/privatelink/artifacts/Bootstrap.ps1 b/azure_arc_servers_jumpstart/privatelink/artifacts/Bootstrap.ps1 index 5a2939061..30d33fc29 100644 --- a/azure_arc_servers_jumpstart/privatelink/artifacts/Bootstrap.ps1 +++ b/azure_arc_servers_jumpstart/privatelink/artifacts/Bootstrap.ps1 @@ -5,9 +5,9 @@ param ( [string]$resourceGroup, [string]$subscriptionId, [string]$Location, - [string]$PEname, + [string]$PEname, [string]$adminUsername, - [string]$PLscope + [string]$PLscope ) [System.Environment]::SetEnvironmentVariable('appId', $appId,[System.EnvironmentVariableTarget]::Machine) @@ -25,36 +25,18 @@ New-Item -Path "C:\" -Name "Temp" -ItemType "directory" -Force Start-Transcript -Path C:\Temp\LogonScript.log #Install pre-requisites -workflow ClientTools_01 - { - $chocolateyAppList = 'azure-cli,az.powershell' - InlineScript { - param ( - [string]$chocolateyAppList - ) - if ([string]::IsNullOrWhiteSpace($using:chocolateyAppList) -eq $false) - { - try{ - choco config get cacheLocation - }catch{ - Write-Output "Chocolatey not detected, trying to install now" - Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) - } - } - if ([string]::IsNullOrWhiteSpace($using:chocolateyAppList) -eq $false){ - Write-Host "Chocolatey Apps Specified" - - $appsToInstall = $using:chocolateyAppList -split "," | foreach { "$($_.Trim())" } - - foreach ($app in $appsToInstall) - { - Write-Host "Installing $app" - & choco install $app /y -Force| Write-Output - } - } - } - } -ClientTools_01 | Format-Table + +Write-Output "Installing Azure PowerShell Module" + +Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force +Install-Module -Name Az -Force + +Write-Output "Installing Azure CLI" + +$ProgressPreference = 'SilentlyContinue' +Invoke-WebRequest -Uri https://aka.ms/installazurecliwindowsx64 -OutFile .\AzureCLI.msi +Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet' +Remove-Item .\AzureCLI.msi #Download and run Arc onboarding script Invoke-WebRequest ("https://raw.githubusercontent.com/microsoft/azure_arc/main/azure_arc_servers_jumpstart/privatelink/artifacts/installArcAgent.ps1") -OutFile C:\Temp\installArcAgent.ps1 @@ -89,5 +71,5 @@ Get-ScheduledTask -TaskName ServerManager | Disable-ScheduledTask # Clean up Bootstrap.log Stop-Transcript -$logSuppress = Get-Content C:\Temp\LogonScript.log -Force | Where { $_ -notmatch "Host Application: powershell.exe" } +$logSuppress = Get-Content C:\Temp\LogonScript.log -Force | Where { $_ -notmatch "Host Application: powershell.exe" } $logSuppress | Set-Content C:\Temp\LogonScript.log -Force From 197c6f54a9ce394f433ff2e3022fdd58315254d8 Mon Sep 17 00:00:00 2001 From: Jan Egil Ring Date: Thu, 2 Nov 2023 22:39:23 +0100 Subject: [PATCH 2/4] Updated VM image to WS 2022 Signed-off-by: Jan Egil Ring --- .../privatelink/ARM/onPremisesDeploy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure_arc_servers_jumpstart/privatelink/ARM/onPremisesDeploy.json b/azure_arc_servers_jumpstart/privatelink/ARM/onPremisesDeploy.json index ffb5a31fa..dc09a7879 100644 --- a/azure_arc_servers_jumpstart/privatelink/ARM/onPremisesDeploy.json +++ b/azure_arc_servers_jumpstart/privatelink/ARM/onPremisesDeploy.json @@ -279,7 +279,7 @@ "imageReference": { "publisher": "MicrosoftWindowsServer", "offer": "WindowsServer", - "sku": "2019-datacenter-gensecond", + "sku": "2022-Datacenter", "version": "latest" }, "osDisk": { From 01901e92ef8e884869c15ed90e5caa732812dc3f Mon Sep 17 00:00:00 2001 From: Jan Egil Ring Date: Fri, 3 Nov 2023 16:27:12 +0100 Subject: [PATCH 3/4] Updated sensitive parameters to be of type seurestring Signed-off-by: Jan Egil Ring --- .../privatelink/azuredeploy.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/azure_arc_servers_jumpstart/privatelink/azuredeploy.json b/azure_arc_servers_jumpstart/privatelink/azuredeploy.json index 20191bcab..a05e70a02 100644 --- a/azure_arc_servers_jumpstart/privatelink/azuredeploy.json +++ b/azure_arc_servers_jumpstart/privatelink/azuredeploy.json @@ -101,7 +101,7 @@ } }, "adminPassword": { - "type": "string", + "type": "securestring", "metadata": { "description": "SSH key or password for the Azure Arc-enabled virtual Machine. SSH key is recommended for Linux." } @@ -163,7 +163,7 @@ } }, "sharedKey": { - "type": "string", + "type": "securestring", "defaultValue": "ArcPa$$w0rd", "metadata": { "description": "Shared secret key for the vNET-to-vNET connection between Virtual Network Gateways." @@ -176,7 +176,7 @@ } }, "password": { - "type": "string", + "type": "securestring", "metadata": { "description": "Unique SPN password" } @@ -189,7 +189,7 @@ } }, "variables": { - + }, "resources": [ { @@ -414,7 +414,7 @@ "type": "string" }, "sharedKey": { - "type": "string" + "type": "securestring" } }, "resources": [ @@ -471,10 +471,10 @@ }, "PLscope": { "value": "[reference('AzureDeployment').outputs.PLscope.value]" - }, + }, "privateEndpoints_name": { "value": "[parameters('privateEndpoints_name')]" - }, + }, "adminUsername": { "value": "[parameters('adminUsername')]" } @@ -494,7 +494,7 @@ "type": "string" }, "password": { - "type": "string" + "type": "securestring" }, "tenantId": { "type": "string" @@ -510,7 +510,7 @@ } }, "variables": { - + }, "resources": [ { From f9b5db2899fb059f03126acb337d3cfe5c5268c0 Mon Sep 17 00:00:00 2001 From: Jan Egil Ring Date: Fri, 3 Nov 2023 16:29:05 +0100 Subject: [PATCH 4/4] Reverted bootstrap to leverage Chocolatey for installing prerequisites Signed-off-by: Jan Egil Ring --- .../privatelink/artifacts/Bootstrap.ps1 | 40 ++++++++++++++----- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/azure_arc_servers_jumpstart/privatelink/artifacts/Bootstrap.ps1 b/azure_arc_servers_jumpstart/privatelink/artifacts/Bootstrap.ps1 index 30d33fc29..516d175fb 100644 --- a/azure_arc_servers_jumpstart/privatelink/artifacts/Bootstrap.ps1 +++ b/azure_arc_servers_jumpstart/privatelink/artifacts/Bootstrap.ps1 @@ -25,18 +25,36 @@ New-Item -Path "C:\" -Name "Temp" -ItemType "directory" -Force Start-Transcript -Path C:\Temp\LogonScript.log #Install pre-requisites +workflow ClientTools_01 + { + $chocolateyAppList = 'azure-cli,az.powershell' + InlineScript { + param ( + [string]$chocolateyAppList + ) + if ([string]::IsNullOrWhiteSpace($using:chocolateyAppList) -eq $false) + { + try{ + choco config get cacheLocation + }catch{ + Write-Output "Chocolatey not detected, trying to install now" + Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) + } + } + if ([string]::IsNullOrWhiteSpace($using:chocolateyAppList) -eq $false){ + Write-Host "Chocolatey Apps Specified" -Write-Output "Installing Azure PowerShell Module" + $appsToInstall = $using:chocolateyAppList -split "," | foreach { "$($_.Trim())" } -Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -Install-Module -Name Az -Force - -Write-Output "Installing Azure CLI" - -$ProgressPreference = 'SilentlyContinue' -Invoke-WebRequest -Uri https://aka.ms/installazurecliwindowsx64 -OutFile .\AzureCLI.msi -Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet' -Remove-Item .\AzureCLI.msi + foreach ($app in $appsToInstall) + { + Write-Host "Installing $app" + & choco install $app /y -Force| Write-Output + } + } + } + } +ClientTools_01 | Format-Table #Download and run Arc onboarding script Invoke-WebRequest ("https://raw.githubusercontent.com/microsoft/azure_arc/main/azure_arc_servers_jumpstart/privatelink/artifacts/installArcAgent.ps1") -OutFile C:\Temp\installArcAgent.ps1 @@ -72,4 +90,4 @@ Get-ScheduledTask -TaskName ServerManager | Disable-ScheduledTask # Clean up Bootstrap.log Stop-Transcript $logSuppress = Get-Content C:\Temp\LogonScript.log -Force | Where { $_ -notmatch "Host Application: powershell.exe" } -$logSuppress | Set-Content C:\Temp\LogonScript.log -Force +$logSuppress | Set-Content C:\Temp\LogonScript.log -Force \ No newline at end of file