diff --git a/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/main.bicep b/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/main.bicep index e61ed026ffef..7f702a0ffa75 100644 --- a/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/main.bicep +++ b/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/main.bicep @@ -153,18 +153,23 @@ type storageNetworksArrayType = storageNetworksType[] @description('An array of JSON objects that define the storage network configuration for the cluster. Each object should contain the adapterName and vlan properties.') param storageNetworks storageNetworksArrayType -@description('An array of Network Adapter names present on every cluster node intended for compute traffic') -param computeIntentAdapterNames array +@description('An array of Network Adapter names present on every cluster node intended for the converged intent (compute, storage, and management traffic)') +param convergedIntentAdapterNames array -@description('An array of Network Adapter names present on every cluster node intended for management traffic') -param managementIntentAdapterNames array +@description('Required. The name of the Key Vault used for the deployment') +param keyVaultName string -var clusterWitnessStorageAccountName = '${deploymentPrefix}witness' +@description('The name of the custom location for the deployment') +param customLocationName string -var keyVaultName = '${deploymentPrefix}-hcikv' -var customLocationName = '${deploymentPrefix}_cl' +@description('The witness storage account name for the deployment') +param clusterWitnessStorageAccountName string -var storageNetworkList = [for (storageAdapter, index) in storageNetworks:{ +@description('Required. The name of the storage account used for Key Vault diagnostics') +param keyVaultDiagnosticStorageAccountName string + +var storageNetworkList = [ + for (storageAdapter, index) in storageNetworks: { name: 'StorageNetwork${index + 1}' networkAdapterName: storageAdapter.adapterName vlanId: storageAdapter.vlan @@ -172,31 +177,34 @@ var storageNetworkList = [for (storageAdapter, index) in storageNetworks:{ } ] -var arcNodeResourceIds = [for (nodeName, index) in clusterNodeNames: resourceId('Microsoft.HybridCompute/machines', nodeName)] +var arcNodeResourceIds = [ + for (nodeName, index) in clusterNodeNames: resourceId('Microsoft.HybridCompute/machines', nodeName) +] module ashciPreReqResources 'modules/ashciPrereqs.bicep' = if (deploymentMode == 'Validate') { name: 'ashciPreReqResources' params: { - location: location - tenantId: tenantId + arbDeploymentAppId: arbDeploymentAppId + arbDeploymentServicePrincipalSecret: arbDeploymentServicePrincipalSecret + arbDeploymentSPObjectId: arbDeploymentSPObjectId + arcNodeResourceIds: arcNodeResourceIds + clusterWitnessStorageAccountName: clusterWitnessStorageAccountName deploymentPrefix: deploymentPrefix deploymentUsername: deploymentUsername deploymentUserPassword: deploymentUserPassword - localAdminUsername: localAdminUsername - localAdminPassword: localAdminPassword - arbDeploymentAppId: arbDeploymentAppId - arbDeploymentServicePrincipalSecret: arbDeploymentServicePrincipalSecret + diagnosticStorageAccountName: keyVaultDiagnosticStorageAccountName hciResourceProviderObjectId: hciResourceProviderObjectId - softDeleteRetentionDays: softDeleteRetentionDays - logsRetentionInDays: logsRetentionInDays - arcNodeResourceIds: arcNodeResourceIds keyVaultName: keyVaultName - clusterWitnessStorageAccountName: clusterWitnessStorageAccountName - arbDeploymentSPObjectId: arbDeploymentSPObjectId + localAdminPassword: localAdminPassword + localAdminUsername: localAdminUsername + location: location + logsRetentionInDays: logsRetentionInDays + softDeleteRetentionDays: softDeleteRetentionDays + tenantId: tenantId } } -resource cluster 'Microsoft.AzureStackHCI/clusters@2024-02-15-preview' = if (deploymentMode == 'Validate') { +resource cluster 'Microsoft.AzureStackHCI/clusters@2024-04-01' = if (deploymentMode == 'Validate') { name: clusterName identity: { type: 'SystemAssigned' @@ -208,7 +216,7 @@ resource cluster 'Microsoft.AzureStackHCI/clusters@2024-02-15-preview' = if (dep ] } -resource deploymentSettings 'Microsoft.AzureStackHCI/clusters/deploymentSettings@2024-02-15-preview' = if (deploymentMode != 'LocksOnly') { +resource deploymentSettings 'Microsoft.AzureStackHCI/clusters/deploymentSettings@2024-04-01' = if (deploymentMode != 'LocksOnly') { name: 'default' parent: cluster properties: { @@ -261,45 +269,20 @@ resource deploymentSettings 'Microsoft.AzureStackHCI/clusters/deploymentSettings dnsServers: dnsServers } ] - physicalNodes: [for hciNode in arcNodeResourceIds: { - name: reference(hciNode,'2022-12-27','Full').properties.displayName - // Getting the IP from the first management NIC of the node based on the first NIC name in the managementIntentAdapterNames array parameter - // - // During deployment, a management vNIC will be created with the name 'vManagement(managment)' and the IP config will be moved to the new vNIC-- - // this causes a null-index error when re-running the template mid-deployment, after net intents have applied. To workaround, change the name of - // the management NIC in parameter file to 'vManagement(managment)' - ipv4Address: (filter(reference('${hciNode}/providers/microsoft.azurestackhci/edgeDevices/default','2024-01-01','Full').properties.deviceConfiguration.nicDetails, nic => nic.adapterName == managementIntentAdapterNames[0]))[0].ip4Address - } + physicalNodes: [ + for hciNode in arcNodeResourceIds: { + name: reference(hciNode, '2022-12-27', 'Full').properties.displayName + ipv4Address: (filter( + reference('${hciNode}/providers/microsoft.azurestackhci/edgeDevices/default', '2024-01-01', 'Full').properties.deviceConfiguration.nicDetails, + nic => nic.?defaultGateway != null + ))[0].ip4Address + } ] hostNetwork: { intents: [ { - adapter: managementIntentAdapterNames - name: 'managment' - overrideAdapterProperty: false - adapterPropertyOverrides: { - jumboPacket: '9014' - networkDirect: 'Enabled' - networkDirectTechnology: 'RoCEv2' - } - overrideQosPolicy: false - qosPolicyOverrides: { - bandwidthPercentage_SMB: '50' - priorityValue8021Action_Cluster: '7' - priorityValue8021Action_SMB: '3' - } - overrideVirtualSwitchConfiguration: false - virtualSwitchConfigurationOverrides: { - enableIov: '' - loadBalancingAlgorithm: '' - } - trafficType: [ - 'Management' - ] - } - { - adapter: computeIntentAdapterNames - name: 'compute' + adapter: convergedIntentAdapterNames + name: 'converged' overrideAdapterProperty: false adapterPropertyOverrides: { jumboPacket: '9014' @@ -311,38 +294,16 @@ resource deploymentSettings 'Microsoft.AzureStackHCI/clusters/deploymentSettings bandwidthPercentage_SMB: '50' priorityValue8021Action_Cluster: '7' priorityValue8021Action_SMB: '3' - } - overrideVirtualSwitchConfiguration: false - virtualSwitchConfigurationOverrides: { - enableIov: '' - loadBalancingAlgorithm: 'Dynamic' - } - trafficType: [ - 'Compute' - ] - } - { - adapter: [for storageNetwork in storageNetworks: storageNetwork.adapterName] - name: 'storage' - overrideAdapterProperty: false - adapterPropertyOverrides: { - jumboPacket: '9014' - networkDirect: 'Enabled' - networkDirectTechnology: 'RoCEv2' } - overrideQosPolicy: false - qosPolicyOverrides: { - bandwidthPercentage_SMB: '50' - priorityValue8021Action_Cluster: '7' - priorityValue8021Action_SMB: '3' - } overrideVirtualSwitchConfiguration: false virtualSwitchConfigurationOverrides: { enableIov: '' loadBalancingAlgorithm: '' } trafficType: [ + 'Management' 'Storage' + 'Compute' ] } ] diff --git a/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/modules/ashciARBSPRoleAssignment.bicep b/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/modules/ashciARBSPRoleAssignment.bicep index 4727e513f973..579939c35f02 100644 --- a/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/modules/ashciARBSPRoleAssignment.bicep +++ b/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/modules/ashciARBSPRoleAssignment.bicep @@ -5,7 +5,7 @@ param arbDeploymentSPObjectId string var ARBDeploymentRoleID = subscriptionResourceId('Microsoft.Authorization/roleDefinitions','7b1f81f9-4196-4058-8aae-762e593270df') resource ARBServicePrincipalResourceBridgeDeploymentRolePermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid('ARBServicePrincipalResourceBridgeDeploymentRolePermissions',subscription().id,arbDeploymentSPObjectId) + name: guid(ARBDeploymentRoleID,subscription().id,arbDeploymentSPObjectId) properties: { roleDefinitionId: ARBDeploymentRoleID principalId: arbDeploymentSPObjectId diff --git a/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/modules/ashciPrereqs.bicep b/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/modules/ashciPrereqs.bicep index 0dfb7e49d95e..d4aa89865b8f 100644 --- a/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/modules/ashciPrereqs.bicep +++ b/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/modules/ashciPrereqs.bicep @@ -19,6 +19,7 @@ param arbDeploymentAppId string param arbDeploymentSPObjectId string @secure() param arbDeploymentServicePrincipalSecret string +param diagnosticStorageAccountName string // secret names for the Azure Key Vault - these cannot be changed var localAdminSecretName = 'LocalAdminCredential' @@ -33,8 +34,6 @@ var arbDeploymentServicePrincipalValue = base64('${arbDeploymentAppId}:${arbDepl var storageAccountType = 'Standard_LRS' -var diagnosticStorageAccountName = '${deploymentPrefix}diag' - var azureConnectedMachineResourceManagerRoleID = subscriptionResourceId('Microsoft.Authorization/roleDefinitions','f5819b54-e033-4d82-ac66-4fec3cbf3f4c') var readerRoleID = subscriptionResourceId('Microsoft.Authorization/roleDefinitions','acdd72a7-3385-48ef-bd42-f606fba81ae7') var azureStackHCIDeviceManagementRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions','865ae368-6a45-4bd1-8fbf-0d5151f56fc1') @@ -115,7 +114,7 @@ resource keyVaultName_Microsoft_Insights_service 'microsoft.insights/diagnosticS } resource SPConnectedMachineResourceManagerRolePermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid('ConnectedMachineResourceManagerRolePermissions',resourceGroup().id) + name: guid(azureConnectedMachineResourceManagerRoleID,resourceGroup().id,hciResourceProviderObjectId) scope: resourceGroup() properties: { roleDefinitionId: azureConnectedMachineResourceManagerRoleID @@ -126,7 +125,7 @@ resource SPConnectedMachineResourceManagerRolePermissions 'Microsoft.Authorizati } resource NodeAzureConnectedMachineResourceManagerRolePermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for hciNode in arcNodeResourceIds:{ - name: guid(hciNode, azureConnectedMachineResourceManagerRoleID) + name: guid(resourceGroup().id,hciNode, azureConnectedMachineResourceManagerRoleID) properties: { roleDefinitionId: azureConnectedMachineResourceManagerRoleID principalId: reference(hciNode,'2023-10-03-preview','Full').identity.principalId @@ -136,7 +135,7 @@ resource NodeAzureConnectedMachineResourceManagerRolePermissions 'Microsoft.Auth } ] resource NodeazureStackHCIDeviceManagementRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for hciNode in arcNodeResourceIds:{ - name: guid(hciNode, azureStackHCIDeviceManagementRole) + name: guid(resourceGroup().id,hciNode, azureStackHCIDeviceManagementRole) properties: { roleDefinitionId: azureStackHCIDeviceManagementRole principalId: reference(hciNode,'2023-10-03-preview','Full').identity.principalId @@ -147,7 +146,7 @@ resource NodeazureStackHCIDeviceManagementRole 'Microsoft.Authorization/roleAssi ] resource NodereaderRoleIDPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for hciNode in arcNodeResourceIds:{ - name: guid(hciNode, readerRoleID) + name: guid(resourceGroup().id,hciNode, readerRoleID) properties: { roleDefinitionId: readerRoleID principalId: reference(hciNode,'2023-10-03-preview','Full').identity.principalId @@ -158,7 +157,7 @@ resource NodereaderRoleIDPermissions 'Microsoft.Authorization/roleAssignments@20 ] resource KeyVaultSecretsUserPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for hciNode in arcNodeResourceIds:{ - name: guid(hciNode, keyVaultSecretUserRoleID) + name: guid(resourceGroup().id,hciNode, keyVaultSecretUserRoleID) scope: keyVault properties: { roleDefinitionId: keyVaultSecretUserRoleID