Skip to content

Commit 2e55b9e

Browse files
ExchMasterExchMaster
committed
Updated readme, updated keyvault refs
1 parent eb5a49d commit 2e55b9e

File tree

5 files changed

+302
-24
lines changed

5 files changed

+302
-24
lines changed

.gitignore

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
parameters.json

ReadMe.MD

+4-1
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,10 @@ This template assumes that you are a US regulated entity with typical requiremen
1313
* A virtual network exists and has VNET Service Endpoints enabled for Azure SQL & Azure Storage
1414
* A [user-assigned Azure Managed Identity](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal) has been created to serve as the identity of the Azure virtual machine that is deployed as part of this template.
1515
* An Azure Key Vault exists and a corresponding secret also exists which contains the password of the Azure AD SQL Admin account defined in the template. Please ensure that the user-assigned managed identity you have created has permission to 'Get' secrets from the Key Vault.
16-
* A custom image which contains the installation of Azure DevOps Server 2020 (installed only, do not configure until after the deployment), SQL CMD, SQL Management Studio, and Java SDK 8. Please see additona notes below for links to each. See [create a managed image of a generalized VM in Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource) to aid in the creation of an image.
16+
* A custom image which contains the installation of Azure DevOps Server 2020 (installed only, do not configure until after the deployment), SQL CMD, SQL Management Studio, and Java SDK 8.
17+
* Set system environment variable "JAVA_HOME" to the java install path, if you use the link below by default the path would be, "C:\Program Files\Zulu\zulu-8".Please see additona notes below for links to each.
18+
* Install the "Web Server (IIS)" on the server using role and feature defaults, open IIS manager and delete the default web site,then follow link below to finish creating VM image.
19+
* See [create a managed image of a generalized VM in Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource) to aid in the creation of an image.
1720
* An Active Directory domain is avalaible for computer join operations and is accessible from within the specified virtual network.
1821
* As part of the template deployment, you must provide Active Directory domain information to enable the Azure DevOps Server to join your Active Directory domain.
1922
* To automatically deploy all the required infrastructure, utilize our <a href="https://github.com/Microsoft/aad-hybrid-lab" target="_blank">AAD Hybrid Deployment template</a>. NOTE: You do not need to configure Azure AD Connect piece of the hybrid deployment template.

azuredeploy.json

+22-22
Original file line numberDiff line numberDiff line change
@@ -304,6 +304,28 @@
304304
"hardwareProfile": {
305305
"vmSize": "Standard_DS3_v2"
306306
},
307+
"networkProfile": {
308+
"networkInterfaces": [
309+
{
310+
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
311+
}
312+
]
313+
},
314+
"osProfile": {
315+
"computerName": "[parameters('virtualMachineName')]",
316+
"adminUsername": "[parameters('localVMAdminUsername')]",
317+
"adminPassword": "[parameters('localVMAdminPassword')]",
318+
"windowsConfiguration": {
319+
"enableAutomaticUpdates": true,
320+
"provisionVmAgent": true
321+
}
322+
},
323+
"diagnosticsProfile": {
324+
"bootDiagnostics": {
325+
"enabled": true,
326+
"storageUri": "[concat('https://', variables('diagName'), '.blob.core.usgovcloudapi.net/')]"
327+
}
328+
},
307329
"storageProfile": {
308330
"osDisk": {
309331
"createOption": "fromImage",
@@ -313,28 +335,6 @@
313335
},
314336
"imageReference": {
315337
"id": "[concat('/subscriptions/', subscription().subscriptionId ,'/resourceGroups/',parameters('vmDevOpsImageResourceGroup'),'/providers/Microsoft.Compute/images/',parameters('vmDevOpsImageName'))]"
316-
},
317-
"networkProfile": {
318-
"networkInterfaces": [
319-
{
320-
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
321-
}
322-
]
323-
},
324-
"osProfile": {
325-
"computerName": "[parameters('virtualMachineName')]",
326-
"adminUsername": "[parameters('localVMAdminUsername')]",
327-
"adminPassword": "[parameters('localVMAdminPassword')]",
328-
"windowsConfiguration": {
329-
"enableAutomaticUpdates": true,
330-
"provisionVmAgent": true
331-
}
332-
},
333-
"diagnosticsProfile": {
334-
"bootDiagnostics": {
335-
"enabled": true,
336-
"storageUri": "[concat('https://', variables('diagName'), '.blob.core.usgovcloudapi.net/')]"
337-
}
338338
}
339339
}
340340
}

configureSQL.ps1

+1-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
$response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.usgovcloudapi.net' -UseBasicParsing -Method GET -Headers @{Metadata="true"}
1010
$content = $response.Content | ConvertFrom-Json
1111
$KeyVaultToken = $content.access_token
12-
$akv_Content = (Invoke-WebRequest -Uri 'https://' + $keyVaultName + '.vault.usgovcloudapi.net/secrets/AzDevOpsSqlPass?api-version=2016-10-01' -UseBasicParsing -Method GET -Headers @{Authorization="Bearer $KeyVaultToken"}).content
12+
$akv_Content = (Invoke-WebRequest -Uri "https://$keyVaultName.vault.usgovcloudapi.net/secrets/AzDevOpsSqlPass?api-version=2016-10-01" -UseBasicParsing -Method GET -Headers @{Authorization="Bearer $KeyVaultToken"}).content
1313
$value = ($akv_Content | ConvertFrom-JSON).value
1414
$Password = $value
1515

samplevm.json

+274
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,274 @@
1+
{
2+
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
3+
"contentVersion": "1.0.0.0",
4+
"parameters": {
5+
"adminUsername": {
6+
"type": "string",
7+
"metadata": {
8+
"description": "Username for the Virtual Machine."
9+
}
10+
},
11+
"adminPassword": {
12+
"type": "securestring",
13+
"minLength": 12,
14+
"metadata": {
15+
"description": "Password for the Virtual Machine."
16+
}
17+
},
18+
"dnsLabelPrefix": {
19+
"type": "string",
20+
"defaultValue": "[toLower(concat(parameters('vmName'),'-', uniqueString(resourceGroup().id, parameters('vmName'))))]",
21+
"metadata": {
22+
"description": "Unique DNS Name for the Public IP used to access the Virtual Machine."
23+
}
24+
},
25+
"publicIpName": {
26+
"type": "string",
27+
"defaultValue": "myPublicIP",
28+
"metadata": {
29+
"description": "Name for the Public IP used to access the Virtual Machine."
30+
}
31+
},
32+
"publicIPAllocationMethod": {
33+
"type": "string",
34+
"defaultValue": "Dynamic",
35+
"allowedValues": [
36+
"Dynamic",
37+
"Static"
38+
],
39+
"metadata": {
40+
"description": "Allocation method for the Public IP used to access the Virtual Machine."
41+
}
42+
},
43+
"publicIpSku": {
44+
"type": "string",
45+
"defaultValue": "Basic",
46+
"allowedValues": [
47+
"Basic",
48+
"Standard"
49+
],
50+
"metadata": {
51+
"description": "SKU for the Public IP used to access the Virtual Machine."
52+
}
53+
},
54+
55+
"OSVersion": {
56+
"type": "string",
57+
"defaultValue": "2019-Datacenter",
58+
"allowedValues": [
59+
"2008-R2-SP1",
60+
"2012-Datacenter",
61+
"2012-R2-Datacenter",
62+
"2016-Nano-Server",
63+
"2016-Datacenter-with-Containers",
64+
"2016-Datacenter",
65+
"2019-Datacenter",
66+
"2019-Datacenter-Core",
67+
"2019-Datacenter-Core-smalldisk",
68+
"2019-Datacenter-Core-with-Containers",
69+
"2019-Datacenter-Core-with-Containers-smalldisk",
70+
"2019-Datacenter-smalldisk",
71+
"2019-Datacenter-with-Containers",
72+
"2019-Datacenter-with-Containers-smalldisk"
73+
],
74+
"metadata": {
75+
"description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version."
76+
}
77+
},
78+
"vmSize": {
79+
"type": "string",
80+
"defaultValue": "Standard_D2_v3",
81+
"metadata": {
82+
"description": "Size of the virtual machine."
83+
}
84+
},
85+
"location": {
86+
"type": "string",
87+
"defaultValue": "[resourceGroup().location]",
88+
"metadata": {
89+
"description": "Location for all resources."
90+
}
91+
},
92+
"vmName": {
93+
"type": "string",
94+
"defaultValue": "simple-vm",
95+
"metadata": {
96+
"description": "Name of the virtual machine."
97+
}
98+
}
99+
},
100+
"variables": {
101+
"storageAccountName": "[concat('bootdiags', uniquestring(resourceGroup().id))]",
102+
"nicName": "myVMNic",
103+
"addressPrefix": "10.0.0.0/16",
104+
"subnetName": "Subnet",
105+
"subnetPrefix": "10.0.0.0/24",
106+
"virtualNetworkName": "MyVNET",
107+
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
108+
"networkSecurityGroupName": "default-NSG"
109+
},
110+
"resources": [
111+
{
112+
"type": "Microsoft.Storage/storageAccounts",
113+
"apiVersion": "2019-06-01",
114+
"name": "[variables('storageAccountName')]",
115+
"location": "[parameters('location')]",
116+
"sku": {
117+
"name": "Standard_LRS"
118+
},
119+
"kind": "Storage",
120+
"properties": {}
121+
},
122+
{
123+
"type": "Microsoft.Network/publicIPAddresses",
124+
"apiVersion": "2020-06-01",
125+
"name": "[parameters('publicIPName')]",
126+
"location": "[parameters('location')]",
127+
"sku": {
128+
"name": "[parameters('publicIpSku')]"
129+
},
130+
"properties": {
131+
"publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]",
132+
"dnsSettings": {
133+
"domainNameLabel": "[parameters('dnsLabelPrefix')]"
134+
}
135+
}
136+
},
137+
{
138+
"type": "Microsoft.Network/networkSecurityGroups",
139+
"apiVersion": "2020-06-01",
140+
"name": "[variables('networkSecurityGroupName')]",
141+
"location": "[parameters('location')]",
142+
"properties": {
143+
"securityRules": [
144+
{
145+
"name": "default-allow-3389",
146+
"properties": {
147+
"priority": 1000,
148+
"access": "Allow",
149+
"direction": "Inbound",
150+
"destinationPortRange": "3389",
151+
"protocol": "Tcp",
152+
"sourcePortRange": "*",
153+
"sourceAddressPrefix": "*",
154+
"destinationAddressPrefix": "*"
155+
}
156+
}
157+
]
158+
}
159+
},
160+
{
161+
"type": "Microsoft.Network/virtualNetworks",
162+
"apiVersion": "2020-06-01",
163+
"name": "[variables('virtualNetworkName')]",
164+
"location": "[parameters('location')]",
165+
"dependsOn": [
166+
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
167+
],
168+
"properties": {
169+
"addressSpace": {
170+
"addressPrefixes": [
171+
"[variables('addressPrefix')]"
172+
]
173+
},
174+
"subnets": [
175+
{
176+
"name": "[variables('subnetName')]",
177+
"properties": {
178+
"addressPrefix": "[variables('subnetPrefix')]",
179+
"networkSecurityGroup": {
180+
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
181+
}
182+
}
183+
}
184+
]
185+
}
186+
},
187+
{
188+
"type": "Microsoft.Network/networkInterfaces",
189+
"apiVersion": "2020-06-01",
190+
"name": "[variables('nicName')]",
191+
"location": "[parameters('location')]",
192+
"dependsOn": [
193+
"[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPName'))]",
194+
"[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
195+
],
196+
"properties": {
197+
"ipConfigurations": [
198+
{
199+
"name": "ipconfig1",
200+
"properties": {
201+
"privateIPAllocationMethod": "Dynamic",
202+
"publicIPAddress": {
203+
"id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPName'))]"
204+
},
205+
"subnet": {
206+
"id": "[variables('subnetRef')]"
207+
}
208+
}
209+
}
210+
]
211+
}
212+
},
213+
{
214+
"type": "Microsoft.Compute/virtualMachines",
215+
"apiVersion": "2020-06-01",
216+
"name": "[parameters('vmName')]",
217+
"location": "[parameters('location')]",
218+
"dependsOn": [
219+
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
220+
"[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
221+
],
222+
"properties": {
223+
"hardwareProfile": {
224+
"vmSize": "[parameters('vmSize')]"
225+
},
226+
"osProfile": {
227+
"computerName": "[parameters('vmName')]",
228+
"adminUsername": "[parameters('adminUsername')]",
229+
"adminPassword": "[parameters('adminPassword')]"
230+
},
231+
"storageProfile": {
232+
"imageReference": {
233+
"publisher": "MicrosoftWindowsServer",
234+
"offer": "WindowsServer",
235+
"sku": "[parameters('OSVersion')]",
236+
"version": "latest"
237+
},
238+
"osDisk": {
239+
"createOption": "FromImage",
240+
"managedDisk": {
241+
"storageAccountType": "StandardSSD_LRS"
242+
}
243+
},
244+
"dataDisks": [
245+
{
246+
"diskSizeGB": 1023,
247+
"lun": 0,
248+
"createOption": "Empty"
249+
}
250+
]
251+
},
252+
"networkProfile": {
253+
"networkInterfaces": [
254+
{
255+
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
256+
}
257+
]
258+
},
259+
"diagnosticsProfile": {
260+
"bootDiagnostics": {
261+
"enabled": true,
262+
"storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))).primaryEndpoints.blob]"
263+
}
264+
}
265+
}
266+
}
267+
],
268+
"outputs": {
269+
"hostname": {
270+
"type": "string",
271+
"value": "[reference(parameters('publicIPName')).dnsSettings.fqdn]"
272+
}
273+
}
274+
}

0 commit comments

Comments
 (0)