diff --git a/quickstarts/microsoft.azurestackhci/upgrade-cluster/README.md b/quickstarts/microsoft.azurestackhci/upgrade-cluster/README.md new file mode 100644 index 000000000000..3dcca905f99f --- /dev/null +++ b/quickstarts/microsoft.azurestackhci/upgrade-cluster/README.md @@ -0,0 +1,33 @@ +--- +description: This template upgrades an Azure Stack HCI 22H2 cluster to 23H2 version using an ARM template. +page_type: sample +products: +- azure +- azure-resource-manager +urlFragment: upgrade-cluster +languages: +- json +--- +# creates an Azure Stack HCI 23H2 cluster + +This template allows you to upgrade an Azure Stack HCI cluster from version 22H2 to 23H2. First you deploy the template in validate mode which does confirm the parameters at the device. Once passed you re-deploy the template with mode set to deploy. + +[![Deploy To Azure](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazure.svg?sanitize=true)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fcreate-cluster%2Fazuredeploy.json) +[![Visualize](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/visualizebutton.svg?sanitize=true)](http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fcreate-cluster%2Fazuredeploy.json) + +## Prerequisites + +In order to deploy this template, you must have the cluster with 23H2 OS installed. Arc enabled the server(s) and installed the mandatory extensions. The following pre-requisites must be completed: +- Register these resource providers + - Microsoft.HybridCompute + - Microsoft.GuestConfiguration + - Microsoft.HybridConnectivity + - Microsoft.AzureStackHCI +- A Service Principal must be created. + - Make a note of the SPNs APP ID + - Make a note of the SPNs Object ID + - Make a note of the SPNs secret (if not already generated , generate one) +- Make a note of the HCI Resource Provider SPNs Object ID in the tenant. + + +`Tags: Microsoft.AzureStackHCI/clusters, hci` \ No newline at end of file diff --git a/quickstarts/microsoft.azurestackhci/upgrade-cluster/azuredeploy.json b/quickstarts/microsoft.azurestackhci/upgrade-cluster/azuredeploy.json new file mode 100644 index 000000000000..c807ab98c92f --- /dev/null +++ b/quickstarts/microsoft.azurestackhci/upgrade-cluster/azuredeploy.json @@ -0,0 +1,523 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "deploymentMode": { + "defaultValue": "Validate", + "type": "string", + "allowedValues": [ + "Validate", + "Deploy" + ], + "metadata": { + "description": "First must pass Validate prior running Deploy" + } + }, + "keyVaultName": { + "type": "string", + "metadata": { + "description": "The KeyVault name used to store the secrets." + } + }, + "createNewKeyVault": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Set this value as false, if you are re-using a Keyvault" + } + }, + "softDeleteRetentionDays": { + "type": "int", + "defaultValue": 30 + }, + "diagnosticStorageAccountName": { + "type": "string", + "metadata": { + "description": "The name of the storage account used for KV audit logs" + } + }, + "logsRetentionInDays": { + "type": "int", + "defaultValue": 30, + "minValue": 0, + "maxValue": 365, + "metadata": { + "description": "Specifies the number of days that logs are gonna be kept. If you do not want to apply any retention policy and retain data forever, set value to 0." + } + }, + "storageAccountType": { + "type": "string", + "defaultValue": "Standard_LRS", + "allowedValues": [ + "Premium_LRS", + "Premium_ZRS", + "Standard_GRS", + "Standard_GZRS", + "Standard_LRS", + "Standard_RAGRS", + "Standard_RAGZRS", + "Standard_ZRS" + ], + "metadata": { + "description": "Storage Account type" + } + }, + "clusterName": { + "type": "string" + // "minLength": 3, + // "maxLength": 24 + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "tenantId": { + "type": "string", + "defaultValue": "[subscription().tenantId]" + }, + "AzureStackLCMAdminUsername": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "Deployment user username" + } + }, + "AzureStackLCMAdminPasssword": { + "type": "securestring", + "minLength": 1, + "metadata": { + "description": "Deployment user password" + } + }, + "arbDeploymentAppID": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "ARB SPN's AppID" + } + }, + "arbDeploymentAppSecret": { + "type": "securestring", + "minLength": 1, + "metadata": { + "description": "ARB SPN's Password" + } + }, + "arbDeploymentSPNObjectID": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "ARB SPN's ObjectID" + } + }, + "arcNodeResourceIds": { + "defaultValue": [], + "type": "array", + "metadata": { + "description": "The arc for server node Ids of the hci cluster" + } + }, + "domainFqdn": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The domain name of the Active Directory Domain Services" + } + }, + "adouPath": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The ADDS OU path" + } + }, + "securityLevel": { + "defaultValue": "Recommended", + "type": "string", + "allowedValues": [ + "Recommended", + "Customized" + ], + "metadata": { + "description": "The security level data for deploying a hci cluster" + } + }, + "subnetMask": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The subnet mask for deploying a hci cluster" + } + }, + "defaultGateway": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The default gateway for deploying a hci cluster" + } + }, + "startingIPAddress": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The starting ip address for deploying a hci cluster" + } + }, + "endingIPAddress": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The ending ip address for deploying a hci cluster" + } + }, + "dnsServers": { + "defaultValue": [ + "" + ], + "type": "array", + "metadata": { + "description": "The dns servers for deploying a hci cluster" + } + }, + "physicalNodesSettings": { + "defaultValue": [ + { + "name": "node1", + "ipv4Address": "100.69.32.64" + }, + { + "name": "node2", + "ipv4Address": "100.69.32.65" + } + ], + "type": "array", + "metadata": { + "description": "The physical nodes settings for deploying a hci cluster" + } + }, + "customLocation": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The custom location for deploying a hci cluster" + } + } + }, + "variables": { + "domainAdminCredentialECEName": "AzureStackLCMUserCredential", + "arbDeploymentSpnCredentialECEName": "DefaultARBApplication", + "domainAdminSecretName": "[concat( parameters('clusterName'), '-', 'AzureStackLCMUserCredential')]", + "arbDeploymentSpnSecretName": "[concat( parameters('clusterName'), '-', 'DefaultARBApplication')]", + "storageWitnessNameVar": "WitnessStorageKey", + "secretsLocationVar": "[concat('https://',parameters('keyVaultName'), '.vault.azure.net')]", + "domainAdminSecretValueVar": "[base64(concat(parameters('AzureStackLCMAdminUsername'),':',parameters('AzureStackLCMAdminPasssword')))]", + "arbDeploymentSpnValueVar": "[base64(concat(parameters('arbDeploymentAppID'),':',parameters('arbDeploymentAppSecret')))]", + "deploymentSecretsList":[ + { + "secretName": "[variables('domainAdminSecretName')]", + "eceSecretName" : "[variables('domainAdminCredentialECEName')]", + "secretLocation": "[concat('https://', parameters('keyVaultName'), '.vault.azure.net/secrets/', variables('domainAdminSecretName'))]" + }, + { + "secretName": "[variables('arbDeploymentSpnSecretName')]", + "eceSecretName" : "[variables('arbDeploymentSpnCredentialECEName')]", + "secretLocation": "[concat('https://', parameters('keyVaultName'), '.vault.azure.net/secrets/', variables('arbDeploymentSpnSecretName'))]" + } + ] + }, + "resources": [ + // { + // "type": "Microsoft.Storage/storageAccounts", + // "apiVersion": "2023-01-01", + // "name": "[parameters('clusterWitnessStorageAccountName')]", + // "location": "[parameters('location')]", + // "sku": { + // "name": "[parameters('storageAccountType')]", + // "tier": "Standard" + // }, + // "kind": "StorageV2", + // "properties": { + // "supportsHttpsTrafficOnly": true, + // "minimumTlsVersion": "TLS1_2" + // } + // }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[concat('MOC-ARB-Role-Assignment',guid(concat('MOCARB-SPN-Subscription-Scope-Role-Assignment',resourceGroup().id,parameters('location'), parameters('arbDeploymentSPNObjectID'))))]", + "location": "[parameters('location')]", + "subscriptionId": "[subscription().subscriptionId]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(concat('ARB-', parameters('arbDeploymentSPNObjectID')))]", + "properties": { + "mode": "Incremental", + "roleDefinitionId": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', '7b1f81f9-4196-4058-8aae-762e593270df')]", + "principalId": "[parameters('arbDeploymentSPNObjectID')]" + } + } + ] + } + } + }, + // { + // "type": "Microsoft.Authorization/roleAssignments", + // "apiVersion": "2022-04-01", + // "name": "[guid(concat('HCIRP-',resourceGroup().id, parameters('hciResourceProviderObjectID')))]", + // "properties": { + // "mode": "Incremental", + // "roleDefinitionId": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', 'f5819b54-e033-4d82-ac66-4fec3cbf3f4c')]", + // "principalId": "[parameters('hciResourceProviderObjectID')]", + // "scope": "[resourceGroup().id]", + // "description": "Azure Connected Machine Resource Manager role assignment to HCI Resource Provider" + // } + // }, + { + "copy": { + "name": "roleAssignmentCopy", + "count": "[length(parameters('arcNodeResourceIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(concat('DMR-', parameters('arcNodeResourceIds')[copyIndex()]))]", + "properties": { + "mode": "Incremental", + "roleDefinitionId": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', '865ae368-6a45-4bd1-8fbf-0d5151f56fc1')]", + "principalId": "[reference(parameters('arcNodeResourceIds')[copyIndex()], '2023-10-03-preview', 'full').identity.principalId]", + "scope": "[resourceGroup().id]", + "description": "[concat(substring(parameters('arcNodeResourceIds')[copyIndex()],lastIndexOf(parameters('arcNodeResourceIds')[copyIndex()],'/')),'- Azure Stack HCI Device Management Role')]" + } + }, + { + "copy": { + "name": "roleAssignmentCopy", + "count": "[length(parameters('arcNodeResourceIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(concat('KVSU-RoleAssign', parameters('arcNodeResourceIds')[copyIndex()]))]", + "properties": { + "mode": "Incremental", + "roleDefinitionId": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', '4633458b-17de-408a-b874-0445c86b69e6')]", + "principalId": "[reference(parameters('arcNodeResourceIds')[copyIndex()], '2023-10-03-preview', 'full').identity.principalId]", + "scope": "[resourceGroup().id]", + "description": "[concat(substring(parameters('arcNodeResourceIds')[copyIndex()],lastIndexOf(parameters('arcNodeResourceIds')[copyIndex()],'/')),'- Key Vault Secrets User')]" + } + }, + { + "copy": { + "name": "roleAssignmentCopy", + "count": "[length(parameters('arcNodeResourceIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(concat('INFRAVM-RoleAssign', parameters('arcNodeResourceIds')[copyIndex()]))]", + "properties": { + "mode": "Incremental", + "roleDefinitionId": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', 'c99c945f8bd14fb1a90301460aae6068')]", + "principalId": "[reference(parameters('arcNodeResourceIds')[copyIndex()], '2023-10-03-preview', 'full').identity.principalId]", + "scope": "[resourceGroup().id]", + "description": "[concat(substring(parameters('arcNodeResourceIds')[copyIndex()],lastIndexOf(parameters('arcNodeResourceIds')[copyIndex()],'/')),'- Azure Stack HCI Connected InfraVMs')]" + } + }, + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2023-01-01", + "name": "[parameters('diagnosticStorageAccountName')]", + "location": "[parameters('location')]", + "condition": "[parameters('createNewKeyVault')]", + "sku": { + "name": "[parameters('storageAccountType')]", + "tier": "Standard" + }, + "kind": "StorageV2", + "properties": { + "publicNetworkAccess": "Disabled", + "supportsHttpsTrafficOnly": true, + "minimumTlsVersion": "TLS1_2", + "networkAcls": { + "defaultAction": "Deny" + } + } + }, + { + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-06-01-preview", + "name": "[parameters('keyVaultName')]", + "location": "[parameters('location')]", + "condition": "[parameters('createNewKeyVault')]", + "dependsOn": [ + // "[resourceId('Microsoft.Storage/storageAccounts', parameters('clusterWitnessStorageAccountName'))]", + "[resourceId('Microsoft.Storage/storageAccounts', parameters('diagnosticStorageAccountName'))]" + ], + "properties": { + "enabledForDeployment": true, + "enabledForTemplateDeployment": true, + "enabledForDiskEncryption": true, + "enableSoftDelete": false, + "softDeleteRetentionInDays": "[parameters('softDeleteRetentionDays')]", + "enableRbacAuthorization": true, + "publicNetworkAccess": "Enabled", + "accessPolicies": [], + "tenantId": "[parameters('tenantId')]", + "sku": { + "name": "standard", + "family": "A" + } + } + }, + { + "type": "Microsoft.KeyVault/vaults/providers/diagnosticsettings", + "name": "[concat(parameters('keyVaultName'), '/Microsoft.Insights/service')]", + "apiVersion": "2016-09-01", + "Location": "[resourceGroup().location]", + "condition": "[parameters('createNewKeyVault')]", + "dependsOn": [ + "[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]", + "[concat('Microsoft.Storage/storageAccounts/', parameters('diagnosticStorageAccountName'))]" + ], + "properties": { + "storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('diagnosticStorageAccountName'))]", + "logs": [ + { + "category": "AuditEvent", + "enabled": true, + "retentionPolicy": { + "enabled": true, + "days": "[parameters('LogsRetentionInDays')]" + } + } + ] + } + }, + // { + // "condition": "[equals(parameters('deploymentMode'), 'Validate')]", + // "type": "Microsoft.AzureStackHCI/clusters", + // "apiVersion": "[parameters('apiVersion')]", + // "name": "[parameters('clusterName')]", + // "dependsOn": [ + // "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + // ], + // "identity": { + // "type": "SystemAssigned" + // }, + // "location": "[parameters('location')]", + // "properties": {} + // }, + { + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2021-06-01-preview", + "name": "[concat(parameters('keyVaultName'), '/', variables('domainAdminSecretName'))]", + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ], + "location": "[parameters('location')]", + "scale": null, + "properties": { + "contentType": "Secret", + "value": "[variables('domainAdminSecretValueVar')]", + "attributes": { + "enabled": true + } + } + }, + // { + // "type": "Microsoft.KeyVault/vaults/secrets", + // "apiVersion": "2021-06-01-preview", + // "name": "[concat(parameters('keyVaultName'), '/', variables('LocalAdminCredentialSecretName'))]", + // "dependsOn": [ + // "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + // ], + // "location": "[parameters('location')]", + // "scale": null, + // "properties": { + // "contentType": "Secret", + // "value": "[variables('localAdminSecretValue')]", + // "attributes": { + // "enabled": true + // } + // } + // }, + { + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2021-06-01-preview", + "name": "[concat(parameters('keyVaultName'), '/', variables('arbDeploymentSpnSecretName'))]", + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ], + "location": "[parameters('location')]", + "scale": null, + "properties": { + "contentType": "Secret", + "value": "[variables('arbDeploymentSpnValueVar')]", + "attributes": { + "enabled": true + } + } + }, + { + "type": "microsoft.azurestackhci/clusters/deploymentSettings", + "apiVersion": "2024-04-01", + "name": "[format('{0}/default', parameters('clusterName'))]", + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ], + "properties": { + "arcNodeResourceIds": "[parameters('arcNodeResourceIds')]", + "deploymentMode": "[parameters('deploymentMode')]", + "operationType": "ClusterUpgrade", + "deploymentConfiguration": { + "version": "10.1.0.0", + "scaleUnits": [ + { + "deploymentData": { + "observability": { + "streamingDataClient": true, + "euLocation": true, + "episodicDataUpload": true + }, + "cluster": { + "name": "[parameters('clusterName')]" + }, + "storage": { + //TODO: confirm if this can be hardcoded + "configurationMode": "InfraOnly" + }, + "namingPrefix": "HCI001", + "domainFqdn": "[parameters('domainFqdn')]", + "infrastructureNetwork": [ + { + "subnetMask": "[parameters('subnetMask')]", + "gateway": "[parameters('defaultGateway')]", + "ipPools": [ + { + "startingAddress": "[parameters('startingIPAddress')]", + "endingAddress": "[parameters('endingIPAddress')]" + } + ], + "dnsServers": "[parameters('dnsServers')]" + } + ], + "physicalNodes": "[parameters('physicalNodesSettings')]", + "adouPath": "[parameters('adouPath')]", + "secrets": "[variables('deploymentSecretsList')]", + "optionalServices": { + "customLocation": "[parameters('customLocation')]" + } + } + } + ] + } + } + } + ] +} \ No newline at end of file diff --git a/quickstarts/microsoft.azurestackhci/upgrade-cluster/azuredeploy.parameters.json b/quickstarts/microsoft.azurestackhci/upgrade-cluster/azuredeploy.parameters.json new file mode 100644 index 000000000000..49bb6b82b392 --- /dev/null +++ b/quickstarts/microsoft.azurestackhci/upgrade-cluster/azuredeploy.parameters.json @@ -0,0 +1,93 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "deploymentMode": { + "value": "Validate" + }, + "keyVaultName": { + "value": "armdeploykv" + }, + "softDeleteRetentionDays": { + "value": 30 + }, + "diagnosticStorageAccountName": { + "value": "partnerdiagsa3" + }, + "logsRetentionInDays": { + "value": 30 + }, + "storageAccountType": { + "value": "Standard_LRS" + }, + "clusterName": { + "value": "cluster1" + }, + "location": { + "value": "eastus" + }, + "tenantId": { + "value": "" + }, + "AzureStackLCMAdminUsername": { + "value": "lcmuser" + }, + "AzureStackLCMAdminPasssword": { + "value": null + }, + "arbDeploymentAppID": { + "value": "" + }, + "arbDeploymentAppSecret": { + "value": null + }, + "arbDeploymentSPNObjectID": { + "value": "" + }, + "hciResourceProviderObjectID": { + "value": "" + }, + "arcNodeResourceIds": { + "value": [ + "/subscriptions/86a43cee-777a-4d3e-b9bc-80d6a9c6c73c/resourceGroups/ARMRG/providers/Microsoft.HybridCompute/machines/vhost1" + ] + }, + "domainFqdn": { + "value": "s31r1501.masd.stbtest.microsoft.com" + }, + "adouPath": { + "value": "OU=HCI002,DC=s31r1501,DC=masd,DC=stbtest,DC=microsoft,DC=com" + }, + "securityLevel": { + "value": "Recommended" + }, + "subnetMask": { + "value": "255.255.255.0" + }, + "defaultGateway": { + "value": "100.69.32.1" + }, + "startingIPAddress": { + "value": "100.69.32.21" + }, + "endingIPAddress": { + "value": "100.69.32.27" + }, + "dnsServers": { + "value": [ + "100.71.45.125" + ] + }, + "physicalNodesSettings": { + "value": [ + { + "name": "vhost1", + "ipv4Address": "100.69.32.20" + } + ] + }, + "customLocation": { + "value": "mylocation" + } + } +} \ No newline at end of file diff --git a/quickstarts/microsoft.azurestackhci/upgrade-cluster/metadata.json b/quickstarts/microsoft.azurestackhci/upgrade-cluster/metadata.json new file mode 100644 index 000000000000..6f206d388a06 --- /dev/null +++ b/quickstarts/microsoft.azurestackhci/upgrade-cluster/metadata.json @@ -0,0 +1,10 @@ +{ + "$schema": "https://aka.ms/azure-quickstart-templates-metadata-schema#", + "type": "QuickStart", + "itemDisplayName": "upgrades an Azure Stack HCI 22H2 cluster to 23H2 cluster", + "description": "This template upgrades an Azure Stack HCI 22H2 cluster to 23H2 cluster using an ARM template.", + "summary": "This template upgrades an Azure Stack HCI 22H2 cluster to 23H2 cluster using an ARM template.", + "githubUsername": "troettinger", + "validationType": "Manual", + "dateUpdated": "2024-09-16" +} \ No newline at end of file