Azure · mbrat2005 · Sep 24, 2024
diff --git a/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/main.bicep b/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/main.bicep
@@ -153,50 +153,58 @@ type storageNetworksArrayType = storageNetworksType[]
 @description('An array of JSON objects that define the storage network configuration for the cluster. Each object should contain the adapterName and vlan properties.')
 param storageNetworks storageNetworksArrayType
 
-@description('An array of Network Adapter names present on every cluster node intended for compute traffic')
-param computeIntentAdapterNames array
+@description('An array of Network Adapter names present on every cluster node intended for the converged intent (compute, storage, and management traffic)')
+param convergedIntentAdapterNames array
 
-@description('An array of Network Adapter names present on every cluster node intended for management traffic')
-param managementIntentAdapterNames array
+@description('Required. The name of the Key Vault used for the deployment')
+param keyVaultName string
 
-var clusterWitnessStorageAccountName = '${deploymentPrefix}witness'
+@description('The name of the custom location for the deployment')
+param customLocationName string
 
-var keyVaultName = '${deploymentPrefix}-hcikv'
-var customLocationName = '${deploymentPrefix}_cl'
+@description('The witness storage account name for the deployment')
+param clusterWitnessStorageAccountName string
 
-var storageNetworkList = [for (storageAdapter, index) in storageNetworks:{
+@description('Required. The name of the storage account used for Key Vault diagnostics')
+param keyVaultDiagnosticStorageAccountName string
+
+var storageNetworkList = [
+ for (storageAdapter, index) in storageNetworks: {
  name: 'StorageNetwork${index + 1}'
  networkAdapterName: storageAdapter.adapterName
  vlanId: storageAdapter.vlan
  storageAdapterIPInfo: storageAdapter.?storageAdapterIPInfo
  }
 ]
 
-var arcNodeResourceIds = [for (nodeName, index) in clusterNodeNames: resourceId('Microsoft.HybridCompute/machines', nodeName)]
+var arcNodeResourceIds = [
+ for (nodeName, index) in clusterNodeNames: resourceId('Microsoft.HybridCompute/machines', nodeName)
+]
 
 module ashciPreReqResources 'modules/ashciPrereqs.bicep' = if (deploymentMode == 'Validate') {
  name: 'ashciPreReqResources'
  params: {
- location: location
- tenantId: tenantId
+ arbDeploymentAppId: arbDeploymentAppId
+ arbDeploymentServicePrincipalSecret: arbDeploymentServicePrincipalSecret
+ arbDeploymentSPObjectId: arbDeploymentSPObjectId
+ arcNodeResourceIds: arcNodeResourceIds
+ clusterWitnessStorageAccountName: clusterWitnessStorageAccountName
  deploymentPrefix: deploymentPrefix
  deploymentUsername: deploymentUsername
  deploymentUserPassword: deploymentUserPassword
- localAdminUsername: localAdminUsername
- localAdminPassword: localAdminPassword
- arbDeploymentAppId: arbDeploymentAppId
- arbDeploymentServicePrincipalSecret: arbDeploymentServicePrincipalSecret
+ diagnosticStorageAccountName: keyVaultDiagnosticStorageAccountName
  hciResourceProviderObjectId: hciResourceProviderObjectId
- softDeleteRetentionDays: softDeleteRetentionDays
- logsRetentionInDays: logsRetentionInDays
- arcNodeResourceIds: arcNodeResourceIds
  keyVaultName: keyVaultName
- clusterWitnessStorageAccountName: clusterWitnessStorageAccountName
- arbDeploymentSPObjectId: arbDeploymentSPObjectId
+ localAdminPassword: localAdminPassword
+ localAdminUsername: localAdminUsername
+ location: location
+ logsRetentionInDays: logsRetentionInDays
+ softDeleteRetentionDays: softDeleteRetentionDays
+ tenantId: tenantId
  }
 }
 
-resource cluster 'Microsoft.AzureStackHCI/clusters@2024-02-15-preview' = if (deploymentMode == 'Validate') {
+resource cluster 'Microsoft.AzureStackHCI/clusters@2024-04-01' = if (deploymentMode == 'Validate') {
  name: clusterName
  identity: {
  type: 'SystemAssigned'
@@ -208,7 +216,7 @@ resource cluster 'Microsoft.AzureStackHCI/clusters@2024-02-15-preview' = if (dep
  ]
 }
 
-resource deploymentSettings 'Microsoft.AzureStackHCI/clusters/deploymentSettings@2024-02-15-preview' = if (deploymentMode != 'LocksOnly') {
+resource deploymentSettings 'Microsoft.AzureStackHCI/clusters/deploymentSettings@2024-04-01' = if (deploymentMode != 'LocksOnly') {
  name: 'default'
  parent: cluster
  properties: {
@@ -261,45 +269,20 @@ resource deploymentSettings 'Microsoft.AzureStackHCI/clusters/deploymentSettings
  dnsServers: dnsServers
  }
  ]
- physicalNodes: [for hciNode in arcNodeResourceIds: {
- name: reference(hciNode,'2022-12-27','Full').properties.displayName
- // Getting the IP from the first management NIC of the node based on the first NIC name in the managementIntentAdapterNames array parameter
- //
- // During deployment, a management vNIC will be created with the name 'vManagement(managment)' and the IP config will be moved to the new vNIC--
- // this causes a null-index error when re-running the template mid-deployment, after net intents have applied. To workaround, change the name of
- // the management NIC in parameter file to 'vManagement(managment)' 
- ipv4Address: (filter(reference('${hciNode}/providers/microsoft.azurestackhci/edgeDevices/default','2024-01-01','Full').properties.deviceConfiguration.nicDetails, nic => nic.adapterName == managementIntentAdapterNames[0]))[0].ip4Address
- }
+ physicalNodes: [
+ for hciNode in arcNodeResourceIds: {
+ name: reference(hciNode, '2022-12-27', 'Full').properties.displayName
+ ipv4Address: (filter(
+ reference('${hciNode}/providers/microsoft.azurestackhci/edgeDevices/default', '2024-01-01', 'Full').properties.deviceConfiguration.nicDetails,
+ nic => nic.?defaultGateway != null
+ ))[0].ip4Address
+ }
  ]
  hostNetwork: {
  intents: [
  {
- adapter: managementIntentAdapterNames
- name: 'managment'
- overrideAdapterProperty: false
- adapterPropertyOverrides: {
- jumboPacket: '9014'
- networkDirect: 'Enabled'
- networkDirectTechnology: 'RoCEv2'
- }
- overrideQosPolicy: false
- qosPolicyOverrides: {
- bandwidthPercentage_SMB: '50'
- priorityValue8021Action_Cluster: '7'
- priorityValue8021Action_SMB: '3'
- }
- overrideVirtualSwitchConfiguration: false
- virtualSwitchConfigurationOverrides: {
- enableIov: ''
- loadBalancingAlgorithm: ''
- }
- trafficType: [
- 'Management'
- ]
- }
- {
- adapter: computeIntentAdapterNames
- name: 'compute'
+ adapter: convergedIntentAdapterNames
+ name: 'converged'
  overrideAdapterProperty: false
  adapterPropertyOverrides: {
  jumboPacket: '9014'
@@ -311,38 +294,16 @@ resource deploymentSettings 'Microsoft.AzureStackHCI/clusters/deploymentSettings
  bandwidthPercentage_SMB: '50'
  priorityValue8021Action_Cluster: '7'
  priorityValue8021Action_SMB: '3'
- }
- overrideVirtualSwitchConfiguration: false
- virtualSwitchConfigurationOverrides: {
- enableIov: ''
- loadBalancingAlgorithm: 'Dynamic'
- }
- trafficType: [
- 'Compute'
- ]
- }
- {
- adapter: [for storageNetwork in storageNetworks: storageNetwork.adapterName]
- name: 'storage'
- overrideAdapterProperty: false
- adapterPropertyOverrides: {
- jumboPacket: '9014'
- networkDirect: 'Enabled'
- networkDirectTechnology: 'RoCEv2'
  }
- overrideQosPolicy: false
- qosPolicyOverrides: {
- bandwidthPercentage_SMB: '50'
- priorityValue8021Action_Cluster: '7'
- priorityValue8021Action_SMB: '3'
- }
  overrideVirtualSwitchConfiguration: false
  virtualSwitchConfigurationOverrides: {
  enableIov: ''
  loadBalancingAlgorithm: ''
  }
  trafficType: [
+ 'Management'
  'Storage'
+ 'Compute'
  ]
  }
  ]

diff --git a/...icrosoft.azurestackhci/create-cluster-with-prereqs/modules/ashciARBSPRoleAssignment.bicep b/...icrosoft.azurestackhci/create-cluster-with-prereqs/modules/ashciARBSPRoleAssignment.bicep
@@ -5,7 +5,7 @@ param arbDeploymentSPObjectId string
 var ARBDeploymentRoleID = subscriptionResourceId('Microsoft.Authorization/roleDefinitions','7b1f81f9-4196-4058-8aae-762e593270df')
 
 resource ARBServicePrincipalResourceBridgeDeploymentRolePermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
- name: guid('ARBServicePrincipalResourceBridgeDeploymentRolePermissions',subscription().id,arbDeploymentSPObjectId)
+ name: guid(ARBDeploymentRoleID,subscription().id,arbDeploymentSPObjectId)
  properties: {
  roleDefinitionId: ARBDeploymentRoleID
  principalId: arbDeploymentSPObjectId

diff --git a/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/modules/ashciPrereqs.bicep b/quickstarts/microsoft.azurestackhci/create-cluster-with-prereqs/modules/ashciPrereqs.bicep
@@ -19,6 +19,7 @@ param arbDeploymentAppId string
 param arbDeploymentSPObjectId string
 @secure()
 param arbDeploymentServicePrincipalSecret string
+param diagnosticStorageAccountName string
 
 // secret names for the Azure Key Vault - these cannot be changed
 var localAdminSecretName = 'LocalAdminCredential'
@@ -33,8 +34,6 @@ var arbDeploymentServicePrincipalValue = base64('${arbDeploymentAppId}:${arbDepl
 
 var storageAccountType = 'Standard_LRS'
 
-var diagnosticStorageAccountName = '${deploymentPrefix}diag'
-
 var azureConnectedMachineResourceManagerRoleID = subscriptionResourceId('Microsoft.Authorization/roleDefinitions','f5819b54-e033-4d82-ac66-4fec3cbf3f4c')
 var readerRoleID = subscriptionResourceId('Microsoft.Authorization/roleDefinitions','acdd72a7-3385-48ef-bd42-f606fba81ae7')
 var azureStackHCIDeviceManagementRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions','865ae368-6a45-4bd1-8fbf-0d5151f56fc1')
@@ -115,7 +114,7 @@ resource keyVaultName_Microsoft_Insights_service 'microsoft.insights/diagnosticS
 }
 
 resource SPConnectedMachineResourceManagerRolePermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
- name: guid('ConnectedMachineResourceManagerRolePermissions',resourceGroup().id)
+ name: guid(azureConnectedMachineResourceManagerRoleID,resourceGroup().id,hciResourceProviderObjectId)
  scope: resourceGroup()
  properties: {
  roleDefinitionId: azureConnectedMachineResourceManagerRoleID
@@ -126,7 +125,7 @@ resource SPConnectedMachineResourceManagerRolePermissions 'Microsoft.Authorizati
 }
 
 resource NodeAzureConnectedMachineResourceManagerRolePermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for hciNode in arcNodeResourceIds:{
- name: guid(hciNode, azureConnectedMachineResourceManagerRoleID)
+ name: guid(resourceGroup().id,hciNode, azureConnectedMachineResourceManagerRoleID)
  properties: {
  roleDefinitionId: azureConnectedMachineResourceManagerRoleID
  principalId: reference(hciNode,'2023-10-03-preview','Full').identity.principalId
@@ -136,7 +135,7 @@ resource NodeAzureConnectedMachineResourceManagerRolePermissions 'Microsoft.Auth
 }
 ]
 resource NodeazureStackHCIDeviceManagementRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for hciNode in arcNodeResourceIds:{
- name: guid(hciNode, azureStackHCIDeviceManagementRole)
+ name: guid(resourceGroup().id,hciNode, azureStackHCIDeviceManagementRole)
  properties: {
  roleDefinitionId: azureStackHCIDeviceManagementRole
  principalId: reference(hciNode,'2023-10-03-preview','Full').identity.principalId
@@ -147,7 +146,7 @@ resource NodeazureStackHCIDeviceManagementRole 'Microsoft.Authorization/roleAssi
 ]
 
 resource NodereaderRoleIDPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for hciNode in arcNodeResourceIds:{
- name: guid(hciNode, readerRoleID)
+ name: guid(resourceGroup().id,hciNode, readerRoleID)
  properties: {
  roleDefinitionId: readerRoleID
  principalId: reference(hciNode,'2023-10-03-preview','Full').identity.principalId
@@ -158,7 +157,7 @@ resource NodereaderRoleIDPermissions 'Microsoft.Authorization/roleAssignments@20
 ]
 
 resource KeyVaultSecretsUserPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for hciNode in arcNodeResourceIds:{
- name: guid(hciNode, keyVaultSecretUserRoleID)
+ name: guid(resourceGroup().id,hciNode, keyVaultSecretUserRoleID)
  scope: keyVault
  properties: {
  roleDefinitionId: keyVaultSecretUserRoleID