Merge pull request #453 from microsoft/dev

Dev

Scenarios/AzSHCI and Kubernetes/LabConfig.ps1

@@ -1,11 +1,20 @@
 $LabConfig=@{ DomainAdminName='LabAdmin'; AdminPassword='LS1setup!' ; Prefix = 'MSLab-' ; DCEdition='4'; Internet=$true ; TelemetryLevel='Full' ; TelemetryNickname='' ; AdditionalNetworksConfig=@(); VMs=@()}
 
 #2 nodes for AzSHCI Cluster
-1..2 | ForEach-Object {$VMNames="AzSHCI" ; $LABConfig.VMs += @{ VMName = "$VMNames$_" ; Configuration = 'S2D' ; ParentVHD = 'AzSHCI20H2_G2.vhdx' ; HDDNumber = 4 ; HDDSize= 4TB ; MemoryStartupBytes= 24GB; VMProcessorCount="Max" ; NestedVirt=$true}}
+1..2 | ForEach-Object {$VMNames="AzSHCI" ; $LABConfig.VMs += @{ VMName = "$VMNames$_" ; Configuration = 'S2D' ; ParentVHD = 'AzSHCI20H2_G2.vhdx' ; HDDNumber = 4 ; HDDSize= 4TB ; MemoryStartupBytes= 24GB; VMProcessorCount="Max" ; NestedVirt=$true ; VirtualTPM=$true}}
+
+#or 2 nodes for AzSHCI 21H2 Cluster
+#1..2 | ForEach-Object {$VMNames="AzSHCI" ; $LABConfig.VMs += @{ VMName = "$VMNames$_" ; Configuration = 'S2D' ; ParentVHD = 'AzSHCI21H2_G2.vhdx' ; HDDNumber = 4 ; HDDSize= 4TB ; MemoryStartupBytes= 24GB; VMProcessorCount="Max" ; NestedVirt=$true ; VirtualTPM=$true}}
+
+#or 2 nodes for Windows Server 2022
+#1..2 | ForEach-Object {$VMNames="AzSHCI" ; $LABConfig.VMs += @{ VMName = "$VMNames$_" ; Configuration = 'S2D' ; ParentVHD = 'Win2022Core_G2.vhdx' ; HDDNumber = 4 ; HDDSize= 4TB ; MemoryStartupBytes= 24GB; VMProcessorCount="Max" ; NestedVirt=$true ; VirtualTPM=$true}}
 
 #Windows 10 management machine (for Windows Admin Center)
 $LabConfig.VMs += @{ VMName = 'Win10'; ParentVHD = 'Win1020H1_G2.vhdx' ; AddToolsVHD = $True ; MGMTNICs=1 }
 
+#or Windows 11 management machine (for Windows Admin Center)
+$LabConfig.VMs += @{ VMName = 'Win11'; ParentVHD = 'Win1121H2_G2.vhdx' ; AddToolsVHD = $True ; MGMTNICs=1 }
+
 #Windows Admin Center gateway
 #$LabConfig.VMs += @{ VMName = 'WACGW' ; ParentVHD = 'Win2019Core_G2.vhdx' ; MGMTNICs=1 }
 

Scenarios/AzSHCI and Kubernetes/Scenario.ps1

@@ -26,15 +26,21 @@ Foreach ($VM in $VMs){
 ### Run from DC ###
 ###################
 
-#region Create 2 node cluster (just simple. Not for prod - follow hyperconverged scenario for real clusters https://github.com/microsoft/WSLab/tree/master/Scenarios/S2D%20Hyperconverged)
+#region Create 2 node cluster (just simple. Not for prod - follow hyperconverged scenario for real clusters https://github.com/microsoft/MSLab/tree/master/Scenarios/S2D%20Hyperconverged)
+
+# Set DHCP Server lease time to 90 days for reserving IP dynamicly allocated to AKS management/working cluster control plane & working nodes.
+Invoke-Command -ComputerName DC -ScriptBlock {
+    Set-DhcpServerv4Scope -ScopeId 10.0.0.0 -LeaseDuration 90.00:00:00
+}
+
 # LabConfig
 $Servers="AzsHCI1","AzSHCI2"
 $ClusterName="AzSHCI-Cluster"
 
 # Install features for management on server
 Install-WindowsFeature -Name RSAT-Clustering,RSAT-Clustering-Mgmt,RSAT-Clustering-PowerShell,RSAT-Hyper-V-Tools
 
-# Update servers
+# Update servers (does not work on Windows Server 2022 and 21H2 azure stack as WindowsUpdate namespace no longer exists)
 Invoke-Command -ComputerName $servers -ScriptBlock {
     #Grab updates
     $SearchCriteria = "IsInstalled=0"
@@ -208,7 +214,7 @@ Update-Module -Name PowerShellGet
 #Install-Module -Name Az.Resources -Repository PSGallery -RequiredVersion 3.2.0 -Force
 #Install-Module -Name AzureAD -Repository PSGallery -RequiredVersion 2.0.2.128 -Force
 #to be able to install AKSHCI, powershellget 2.2.5 needs to be used - to this posh restart is needed
-Start-Process -FilePath PowerShell -ArgumentList {
+Start-Process -Wait -FilePath PowerShell -ArgumentList {
     Install-Module -Name AksHci -Repository PSGallery -Force -AcceptLicense
 }
 #add required modules (parsing required modules from kva.psd - it also requires certain version of modules)
@@ -224,7 +230,7 @@ foreach ($RequiredModule in $RequiredModules){
 #distribute modules to cluster nodes
 $ClusterName="AzSHCI-Cluster"
 $Servers=(Get-ClusterNode -Cluster $Clustername).Name
-$ModuleNames="AksHci","Moc","Kva"
+$ModuleNames="AksHci","Moc","Kva","TraceProvider"
 $PSSessions=New-PSSession -ComputerName $Servers
 Foreach ($PSSession in $PSSessions){
     Foreach ($ModuleName in $ModuleNames){
@@ -328,9 +334,14 @@ Foreach ($PSSession in $PSSessions){
     }
     #>
 
+    #validate registration
+    Invoke-Command -computername $servers[0] -ScriptBlock {
+        Get-AksHciRegistration
+    }    
+
     #Install
     Invoke-Command -ComputerName $servers[0] -Credential $Credentials -Authentication Credssp -ScriptBlock {
-        Install-AksHci
+        Install-AksHci -Verbose
     }
 
     # Disable CredSSP
@@ -384,11 +395,6 @@ Standard_K8S3_v1 4   6
 #>
 #endregion
 
-############################################################################
-# Tested until here - GA AKS
-############################################################################
-
-
 #region onboard AKS cluster to Azure ARC
 $ClusterName="AzSHCI-Cluster"
 
@@ -416,19 +422,23 @@ $sp = New-AzADServicePrincipal -DisplayName $servicePrincipalDisplayName -Scope
 $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($sp.Secret)
 $UnsecureSecret = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
 $ClientID=$sp.ApplicationId
+#create credentials
+$SecureSecret= ConvertTo-SecureString $UnsecureSecret -AsPlainText -Force
+$Credentials = New-Object System.Management.Automation.PSCredential ($ClientID.Guid , $SecureSecret)
 
 #register namespace Microsoft.KubernetesConfiguration and Microsoft.Kubernetes
 Register-AzResourceProvider -ProviderNamespace Microsoft.Kubernetes
 Register-AzResourceProvider -ProviderNamespace Microsoft.KubernetesConfiguration
 
 #onboard cluster
 Invoke-Command -ComputerName $ClusterName -ScriptBlock {
-    #generage kubeconfig first
+    #Generate kubeconfig
     Get-AksHciCredential -Name demo
     #onboard
-    Install-AksHciArcOnboarding -Name $using:AKSClusterName -tenantId $using:tenantID -subscriptionId $using:subscriptionID -resourcegroup $using:resourcegroup -Location $using:location -clientId $using:ClientID -clientSecret $using:UnsecureSecret
+    Enable-AksHciArcConnection -Name $using:AKSClusterName -tenantId $using:tenantID -subscriptionId $using:subscriptionID -resourcegroup $using:resourcegroup -Location $using:location -credential $using:Credentials
 }
 
+
 #check onboarding
 #generate kubeconfig (this step was already done)
 <#
@@ -440,7 +450,7 @@ Invoke-Command -ComputerName $ClusterName -ScriptBlock {
 $session=New-PSSession -ComputerName $ClusterName
 Copy-Item -Path "$env:userprofile\.kube" -Destination $env:userprofile -FromSession $session -Recurse -Force
 #install kubectl
-$uri = "https://kubernetes.io/docs/tasks/tools/install-kubectl/"
+$uri = "https://kubernetes.io/docs/tasks/tools/install-kubectl-windows/"
 $req = Invoke-WebRequest -UseBasicParsing -Uri $uri
 $downloadlink = ($req.Links | where href -Match "kubectl.exe").href
 $downloadLocation="c:\Program Files\AksHci\"
@@ -450,8 +460,8 @@ Start-BitsTransfer $downloadlink -DisplayName "Getting KubeCTL from $downloadlin
 [System.Environment]::SetEnvironmentVariable('PATH',$Env:PATH+';c:\program files\AksHci')
 #alternatively copy kubectl from cluster
 #Copy-Item -Path $env:ProgramFiles\AksHCI\ -Destination $env:ProgramFiles -FromSession $session -Recurse -Force
-#validate onboarding
-kubectl logs job/azure-arc-onboarding -n azure-arc-onboarding --follow
+#validate
+kubectl -n azure-arc get deployments,pods
 #endregion
 
 #region add sample configuration to the cluster https://docs.microsoft.com/en-us/azure/azure-arc/kubernetes/use-gitops-connected-cluster
@@ -519,8 +529,8 @@ $Workspace=Get-AzOperationalInsightsWorkspace -ErrorAction SilentlyContinue | Ou
 #Create Log Analytics Workspace if not available
 if (-not ($Workspace)){
     $SubscriptionID=(Get-AzContext).Subscription.ID
-    $WorkspaceName="WSLabWorkspace-$SubscriptionID"
-    $ResourceGroupName="WSLabAzureArc"
+    $WorkspaceName="MSLabWorkspace-$SubscriptionID"
+    $ResourceGroupName="MSLabAzureArc"
     #Pick Region
     $Location=Get-AzLocation | Where-Object Providers -Contains "Microsoft.OperationalInsights" | Out-GridView -OutputMode Single
     if (-not(Get-AzResourceGroup -Name $ResourceGroupName -ErrorAction SilentlyContinue)){
@@ -585,7 +595,7 @@ Start-BitsTransfer $downloadlink -DisplayName "Getting KubeCTL from $downloadlin
 #region cleanup
 <#
 Get-AzResourceGroup -Name "$ClusterName-rg" | Remove-AzResourceGroup -Force
-Get-AzResourceGroup -Name "WSLabAzureArc" | Remove-AzResourceGroup -Force
+Get-AzResourceGroup -Name "MSLabAzureArc" | Remove-AzResourceGroup -Force
 $principals=Get-AzADServicePrincipal -DisplayNameBeginsWith $ClusterName
 foreach ($principal in $principals){
     Remove-AzADServicePrincipal -ObjectId $principal.id -Force
@@ -599,70 +609,17 @@ Get-AzADApplication -DisplayNameStartWith $ClusterName | Remove-AzADApplication
 #TBD: Enable monitoring
 #https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-enable-arc-enabled-clusters
 
-######################################
-# following code is work-in-progress #
-######################################
-
-######################
-### Run from Win10 ###
-######################
-
-#region Windows Admin Center on Win10
-
-    #install WAC
-    #Download Windows Admin Center if not present
-    if (-not (Test-Path -Path "$env:USERPROFILE\Downloads\WindowsAdminCenter.msi")){
-        Start-BitsTransfer -Source https://aka.ms/WACDownload -Destination "$env:USERPROFILE\Downloads\WindowsAdminCenter.msi"
-    }
-    #Install Windows Admin Center (https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/deploy/install)
-    Start-Process msiexec.exe -Wait -ArgumentList "/i $env:USERPROFILE\Downloads\WindowsAdminCenter.msi /qn /L*v log.txt SME_PORT=6516 SSL_CERTIFICATE_OPTION=generate"
-    #Open Windows Admin Center
-    Start-Process "C:\Program Files\Windows Admin Center\SmeDesktop.exe"
-
-#endregion
-
-#region setup AKS (win10)
-    #import wac module
-    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
-    Import-Module "$env:ProgramFiles\windows admin center\PowerShell\Modules\ExtensionTools"
-    # List feeds
-    Get-Feed "https://localhost:6516/"
-
-
-    #add feed
-    #download nupgk (included in aks-hci module)
-    Start-BitsTransfer -Source "https://aka.ms/aks-hci-download" -Destination "$env:USERPROFILE\Downloads\AKS-HCI-Public-Preview-Apr-2021.zip"
-    #unzip
-    Expand-Archive -Path "$env:USERPROFILE\Downloads\AKS-HCI-Public-Preview-Apr-2021.zip" -DestinationPath "$env:USERPROFILE\Downloads" -Force
-    Expand-Archive -Path "$env:USERPROFILE\Downloads\AksHci.Powershell.zip" -DestinationPath "$env:USERPROFILE\Downloads\AksHci.Powershell" -Force
-    $Filename=Get-ChildItem -Path $env:userprofile\downloads\ | Where-Object Name -like "msft.sme.aks.*.nupkg"
-    New-Item -Path "C:\WACFeeds\" -Name Feeds -ItemType Directory -Force
-    Copy-Item -Path $FileName.FullName -Destination "C:\WACFeeds\"
-    Add-Feed -GatewayEndpoint "https://localhost:6516/" -Feed "C:\WACFeeds\"
-
-    # List Kubernetes extensions (you need to log into WAC in Edge for this command to succeed)
-    Get-Extension "https://localhost:6516/" | where title -like *kubernetes*
-
-    # Install Kubernetes Extension
-    $extension=Get-Extension "https://localhost:6516/" | where title -like *kubernetes*
-    Install-Extension -ExtensionId $extension.id
-
-#endregion
-
-###################
-### Run from DC ###
-###################
-
 #region Windows Admin Center on GW
 
 #Install Edge
-Start-BitsTransfer -Source "https://aka.ms/edge-msi" -Destination "$env:USERPROFILE\Downloads\MicrosoftEdgeEnterpriseX64.msi"
-#start install
-Start-Process -Wait -Filepath msiexec.exe -Argumentlist "/i $env:UserProfile\Downloads\MicrosoftEdgeEnterpriseX64.msi /q"
-#start Edge
-start-sleep 5
-& "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
-
+if (-not (test-path "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe")){
+    Start-BitsTransfer -Source "https://aka.ms/edge-msi" -Destination "$env:USERPROFILE\Downloads\MicrosoftEdgeEnterpriseX64.msi"
+    #start install
+    Start-Process -Wait -Filepath msiexec.exe -Argumentlist "/i $env:UserProfile\Downloads\MicrosoftEdgeEnterpriseX64.msi /q"
+    #start Edge
+    start-sleep 5
+    & "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
+}
 
 #install WAC
 $GatewayServerName="WACGW"
@@ -682,7 +639,7 @@ Invoke-Command -Session $session -ScriptBlock {
 
 $Session | Remove-PSSession
 
-#add certificate to trusted root certs
+#add certificate to trusted root certs (not recommended for production)
 start-sleep 10
 $cert = Invoke-Command -ComputerName $GatewayServerName -ScriptBlock {Get-ChildItem Cert:\LocalMachine\My\ |where subject -eq "CN=Windows Admin Center"}
 $cert | Export-Certificate -FilePath $env:TEMP\WACCert.cer
@@ -697,80 +654,22 @@ foreach ($computer in $computers){
     Set-ADComputer -Identity $computerObject -PrincipalsAllowedToDelegateToAccount $gatewayObject
 }
 
-#Download AKS HCI module
-Start-BitsTransfer -Source "https://aka.ms/aks-hci-download" -Destination "$env:USERPROFILE\Downloads\AKS-HCI-Public-Preview-Apr-2021.zip"
-#unzip
-Expand-Archive -Path "$env:USERPROFILE\Downloads\AKS-HCI-Public-Preview-Apr-2021.zip" -DestinationPath "$env:USERPROFILE\Downloads" -Force
-Expand-Archive -Path "$env:USERPROFILE\Downloads\AksHci.Powershell.zip" -DestinationPath "$env:USERPROFILE\Downloads" -Force
-
-#copy nupkg to WAC
-$GatewayServerName="WACGW1"
-$PSSession=New-PSSession -ComputerName $GatewayServerName
-$Filename=Get-ChildItem -Path $env:userprofile\downloads\ | where Name -like "msft.sme.aks.*.nupkg"
-Invoke-Command -ComputerName $GatewayServerName -ScriptBlock {
-    New-Item -Path "C:\WACFeeds\" -Name Feeds -ItemType Directory -Force
-}
-Copy-Item -Path $FileName.FullName -Destination "C:\WACFeeds\" -ToSession $PSSession
-
-#grab WAC Posh from GW
-Copy-Item -Recurse -Force -Path "$env:ProgramFiles\windows admin center\PowerShell\Modules\ExtensionTools" -Destination "$env:ProgramFiles\windows admin center\PowerShell\Modules\" -FromSession $PSSession
-
-#import wac module
-Import-Module "$env:ProgramFiles\windows admin center\PowerShell\Modules\ExtensionTools"
-
-# List feeds
-Get-Feed "https://$GatewayServerName"
-#add feed
-Add-Feed -GatewayEndpoint "https://$GatewayServerName" -Feed "C:\WACFeeds\"
-
-# List all extensions Does not work
-Get-Extension "https://$GatewayServerName"
-
-<#
-PS C:\Windows\system32> Get-Extension "https://$GatewayServerName"
-Invoke-WebRequest : {"error":{"code":"PathTooLongException","message":"The specified path, file name, or both are too
-long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248
-characters."}}
-At C:\Program Files\windows admin center\PowerShell\Modules\ExtensionTools\ExtensionTools.psm1:236 char:17
-+     $response = Invoke-WebRequest @params
-+                 ~~~~~~~~~~~~~~~~~~~~~~~~~
-    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
-   eption
-    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
-Failed to get the extensions
-At C:\Program Files\windows admin center\PowerShell\Modules\ExtensionTools\ExtensionTools.psm1:238 char:9
-+         throw "Failed to get the extensions"
-+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-    + CategoryInfo          : OperationStopped: (Failed to get the extensions:String) [], RuntimeException
-    + FullyQualifiedErrorId : Failed to get the extensions
-#>
-
 #endregion
 
-<#setup AKS (WAC GW) - does not work, bug
-    #copy nupkg to WAC
-    $GatewayServerName="WACGW1"
-    $PSSession=New-PSSession -ComputerName $GatewayServerName
-    $Filename=Get-ChildItem -Path $env:userprofile\downloads\ | where Name -like "msft.sme.aks.*.nupkg"
-    Invoke-Command -ComputerName $GatewayServerName -ScriptBlock {
-        New-Item -Path "C:\WACFeeds\" -Name Feeds -ItemType Directory -Force
-    }
-    Copy-Item -Path $FileName.FullName -Destination "C:\WACFeeds\" -ToSession $PSSession
-
-
-    #grab WAC Posh from GW
-    Copy-Item -Recurse -Force -Path "$env:ProgramFiles\windows admin center\PowerShell\Modules\ExtensionTools" -Destination "$env:ProgramFiles\windows admin center\PowerShell\Modules\" -FromSession $PSSession
-
-    #import wac module
-    Import-Module "$env:ProgramFiles\windows admin center\PowerShell\Modules\ExtensionTools"
-
-    # List feeds
-    Get-Feed "https://$GatewayServerName"
-    #add feed
-    Add-Feed -GatewayEndpoint "https://$GatewayServerName" -Feed "C:\WACFeeds\"
+######################
+### Run from Win10 ###
+######################
 
-    # List all extensions Does not work
-    Get-Extension "https://$GatewayServerName"
+#region Windows Admin Center on Win10
 
-#>
+    #install WAC
+    #Download Windows Admin Center if not present
+    if (-not (Test-Path -Path "$env:USERPROFILE\Downloads\WindowsAdminCenter.msi")){
+        Start-BitsTransfer -Source https://aka.ms/WACDownload -Destination "$env:USERPROFILE\Downloads\WindowsAdminCenter.msi"
+    }
+    #Install Windows Admin Center (https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/deploy/install)
+    Start-Process msiexec.exe -Wait -ArgumentList "/i $env:USERPROFILE\Downloads\WindowsAdminCenter.msi /qn /L*v log.txt SME_PORT=6516 SSL_CERTIFICATE_OPTION=generate"
+    #Open Windows Admin Center
+    Start-Process "C:\Program Files\Windows Admin Center\SmeDesktop.exe"
 
+#endregion

Scenarios/AzSHCI and Kubernetes/readme.md

@@ -2,6 +2,8 @@
 
 ## About the lab
 
+Note: I updated scenario.ps1 several times, so readme.md might be bit outdated (JaromirK)
+
 In following lab you will deploy Azure Kubernetes Service into Azure Stack HCI cluster. There are currently two options. From PowerShell and from Windows Admin Center. Windows Admin Center can be installed on Windows 10 or on Windows Server in Gateway mode.
 
 Note: there is a known issue, that deploying Azure Kubernetes Server from Windows Admin Center in Gateway mode does not work (importing extension succeeds, but then it is not able to display it).