microsoft · TheFitzZZ · Mar 4, 2024 · Feb 19, 2024 · Feb 19, 2024 · Feb 19, 2024
diff --git a/...ure/02_Hybrid_Azure_Arc_Servers/resources/ChangeTracking/template-DCR-ChangeTracking.json b/...ure/02_Hybrid_Azure_Arc_Servers/resources/ChangeTracking/template-DCR-ChangeTracking.json
diff --git a/...-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/README.md b/...-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/README.md
@@ -0,0 +1,29 @@
+# Overview
+As a coach (or participant) you might need to have some VMs available which you can use in this microhack to onboard via Arc to Azure. This folder provides scripts and templates to quickly create such VMs. As deployment platform Azure IaaS will be used. Azure VMs need to be [reconfigured](https://learn.microsoft.com/en-us/azure/azure-arc/servers/plan-evaluate-on-azure-virtual-machine) in order to simulate on-prem VMs, so that the Azure Guest agent does not interfere with the Azure Arc agent. The scripts to reconfigure this are included in the ```create_vms.sh```. 
+
+For each partipant, you will need one Windows and one Linux VM. You can provide the number of participants in the script. The script will then create 1 Windows 2019-datacenter-gensecond and 1 Ubuntu 20_04-lts-gen2 VM for each participant. 
+
+## Deployment instructions
+Open a bash shell and login to Azure:
+```shell
+az login
+```
+Make sure you are using the subscription you intent to (if not, set it to the correct subscription: ```az account set -s <your-subscription-guid>```).
+
+Open the file ```create_vms.sh``` in an editor and adjust the parameters as needed.
+
+|Parameter        |Description    |Default value    |
+|-----------------      |---------------|------------|
+|resourceGroupName      |The name of the resource group the VMs willl get deployed to. Will be created if not existing|rg-on-prem-vms|
+|resourceGroupLocation  |Azure region where your resource group will be created in|germanywestcentral|
+|adminUsername          |local admin/root account in your VMs (will be the same for all machines)|MHAdmin|
+|adminPassword          |local admin/root password (will be the same for all machines). Use a password which honors complexity rules for Windows & Ubuntu|SecretP@$$W0rd|
+|number_of_participants |Adjust this to the number of participants in your cohort. For each particpants 2 VMs are created|10|
+|regions                |An array of regions to which you want to deploy. If using a Sponsored subscription, you might have core limits per region. If providing more than one region in the array, the script will iterate through the regions and distribute the VMs evenly to the named regions. 1 Win and 1 Linux VM will be deployed to a region before moving on in the iteration|("germanywestcentral" "northeurope" "swedencentral" "francecentral" "westeurope")|
+|virtualMachineSize     |You can adjust the VM size if needed|Standard_D2ads_v5|
+
+Save the file. Make sure the shell script has execution permission in your directory (if not add it: ```chmod +x create_vms.sh```). Now, execute the shell script
+```shell
+./create_vms.sh
+```
+
diff --git a/.../01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/create_vms.sh b/.../01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/create_vms.sh
@@ -0,0 +1,72 @@
+# adjust parameters with your own values as needed
+resourceGroupName="rg-on-prem"
+resourceGroupLocation="germanywestcentral"
+adminUsername="MHAdmin"
+adminPassword="REPLACEME"
+
+# in a sponsored subscription there is a core limit of 10 cores per VM-series per region. Therefore, the script will distribute the VMs to different regions
+# assuming you stick to the Standard_D2ads_v5, max 5 VMs per region can be deployed. As each participant should have one windows and one linux machine,
+# we are deploying always 2 VMs (1 linux and 1 windows) per user. This means we can fit 2 participants into one region. So make your that you add enough regions
+# to the regions array to fit all participants.
+
+number_of_participants=10
+regions=("germanywestcentral" "northeurope" "swedencentral" "francecentral" "westeurope")
+virtualMachineSize="Standard_D2ads_v5"
+
+# create a resource group
+az group create --name $resourceGroupName --location $resourceGroupLocation
+number_of_regions=${#regions[@]}
+echo "Number of regions: $number_of_regions"
+number_of_loops=$((number_of_participants * 2 - 1 ))
+echo "Number of loops: $number_of_loops"
+
+for j in $(eval echo {0..$number_of_loops})
+do
+    # i++ for every second iteration, so we have win-0 and lnx-0 in the same region
+    i=$(($j / 2))
+    region_index=$((i % number_of_regions))
+    location=${regions[($i % $number_of_regions)]}
+
+    # every loop we switch between creating a linux and a windows VM
+    if (( $j % 2 == 0 )); then
+        type="lnx"   
+    else
+        type="win"
+    fi
+
+    vmName="vm-$type-mh$i"
+    echo "Creating VM $vmName in $location"
+
+    networkInterfaceName="$vmName-nic"
+    publicIpAddressName="$vmName-pip"
+    networkSecurityGroupName="$vmName-nsg"
+    virtualNetworkName="$vmName-vnet"
+    virtualMachineComputerName=$vmName
+    deploymentName="$vmName-Deploy"
+
+    # Create a VM
+    az deployment group create \
+    --resource-group $resourceGroupName \
+    --name $deploymentName \
+    --template-file ./template-$type.json \
+    --parameters @parameters-$type.json \
+    --parameters virtualMachineName=$vmName \
+        adminUsername=$adminUsername \
+        adminPassword=$adminPassword \
+        networkInterfaceName=$networkInterfaceName \
+        publicIpAddressName=$publicIpAddressName \
+        networkSecurityGroupName=$networkSecurityGroupName \
+        virtualNetworkName=$virtualNetworkName \
+        virtualMachineComputerName=$virtualMachineComputerName \
+        virtualMachineRG=$resourceGroupName \
+        virtualMachineSize=$virtualMachineSize \
+        location=$location
+
+    # Run the reconfig script to disable the Azure Guest Agent
+    if [ $type == "win" ]; then
+        az vm run-command create --name reconfigWin$i --vm-name $vmName -g $resourceGroupName --location $location --script @reconfig-win.ps1 --async-execution
+    else
+        az vm run-command invoke -g $resourceGroupName -n $vmName --command-id RunShellScript --scripts @reconfig-ubuntu.sh --no-wait
+    fi
+
+done
diff --git a/...-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/parameters-lnx.json b/...-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/parameters-lnx.json
@@ -0,0 +1,95 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "location": {
+            "value": "francecentral"
+        },
+        "networkInterfaceName": {
+            "value": "asdadasd1"
+        },
+        "networkSecurityGroupName": {
+            "value": "asdadasd-nsg"
+        },
+        "networkSecurityGroupRules": {
+            "value": [
+                {
+                    "name": "SSH",
+                    "properties": {
+                        "priority": 300,
+                        "protocol": "TCP",
+                        "access": "Allow",
+                        "direction": "Inbound",
+                        "sourceAddressPrefix": "*",
+                        "sourcePortRange": "*",
+                        "destinationAddressPrefix": "*",
+                        "destinationPortRange": "22"
+                    }
+                }
+            ]
+        },
+        "subnetName": {
+            "value": "default"
+        },
+        "virtualNetworkName": {
+            "value": "gxgggssg"
+        },
+        "addressPrefixes": {
+            "value": [
+                "10.1.0.0/16"
+            ]
+        },
+        "subnets": {
+            "value": [
+                {
+                    "name": "default",
+                    "properties": {
+                        "addressPrefix": "10.1.0.0/24"
+                    }
+                }
+            ]
+        },
+        "publicIpAddressName": {
+            "value": "asdadasd-ip"
+        },
+        "publicIpAddressType": {
+            "value": "Static"
+        },
+        "publicIpAddressSku": {
+            "value": "Standard"
+        },
+        "pipDeleteOption": {
+            "value": "Delete"
+        },
+        "virtualMachineName": {
+            "value": "asdadasd"
+        },
+        "virtualMachineComputerName": {
+            "value": "asdadasd"
+        },
+        "virtualMachineRG": {
+            "value": "rg-onpremvms"
+        },
+        "osDiskType": {
+            "value": "StandardSSD_LRS"
+        },
+        "osDiskDeleteOption": {
+            "value": "Delete"
+        },
+        "virtualMachineSize": {
+            "value": "Standard_D2s_v3"
+        },
+        "nicDeleteOption": {
+            "value": "Delete"
+        },
+        "hibernationEnabled": {
+            "value": false
+        },
+        "adminUsername": {
+            "value": "mhadminyes"
+        },
+        "adminPassword": {
+            "value": null
+        }
+    }
+}
diff --git a/...-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/parameters-win.json b/...-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/parameters-win.json
@@ -0,0 +1,101 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "location": {
+            "value": "westeurope"
+        },
+        "networkInterfaceName": {
+            "value": "testname558"
+        },
+        "networkSecurityGroupName": {
+            "value": "testname-nsg"
+        },
+        "networkSecurityGroupRules": {
+            "value": [
+                {
+                    "name": "RDP",
+                    "properties": {
+                        "priority": 300,
+                        "protocol": "TCP",
+                        "access": "Allow",
+                        "direction": "Inbound",
+                        "sourceAddressPrefix": "*",
+                        "sourcePortRange": "*",
+                        "destinationAddressPrefix": "*",
+                        "destinationPortRange": "3389"
+                    }
+                }
+            ]
+        },
+        "subnetName": {
+            "value": "default"
+        },
+        "virtualNetworkName": {
+            "value": "testname-vnet"
+        },
+        "addressPrefixes": {
+            "value": [
+                "10.0.0.0/16"
+            ]
+        },
+        "subnets": {
+            "value": [
+                {
+                    "name": "default",
+                    "properties": {
+                        "addressPrefix": "10.0.0.0/24"
+                    }
+                }
+            ]
+        },
+        "publicIpAddressName": {
+            "value": "testname-ip"
+        },
+        "publicIpAddressType": {
+            "value": "Static"
+        },
+        "publicIpAddressSku": {
+            "value": "Standard"
+        },
+        "pipDeleteOption": {
+            "value": "Delete"
+        },
+        "virtualMachineName": {
+            "value": "testname"
+        },
+        "virtualMachineComputerName": {
+            "value": "testname"
+        },
+        "virtualMachineRG": {
+            "value": "test"
+        },
+        "osDiskType": {
+            "value": "StandardSSD_LRS"
+        },
+        "osDiskDeleteOption": {
+            "value": "Delete"
+        },
+        "virtualMachineSize": {
+            "value": "Standard_D2ads_v5"
+        },
+        "nicDeleteOption": {
+            "value": "Delete"
+        },
+        "hibernationEnabled": {
+            "value": false
+        },
+        "adminUsername": {
+            "value": "asdasdasdas"
+        },
+        "adminPassword": {
+            "value": null
+        },
+        "patchMode": {
+            "value": "AutomaticByOS"
+        },
+        "enableHotpatching": {
+            "value": false
+        }
+    }
+}
diff --git a/...3-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/reconfig-ubuntu.sh b/...3-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/reconfig-ubuntu.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+CURRENT_HOSTNAME=$(hostname)
+sudo service walinuxagent stop
+sudo waagent -deprovision -force
+sudo rm -rf /var/lib/waagent
+sudo hostnamectl set-hostname $CURRENT_HOSTNAME
+
+sudo ufw --force enable
+sudo ufw deny out from any to 169.254.169.254
+sudo ufw default allow incoming
diff --git a/...-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/reconfig-win.ps1 b/...-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/demo-vm-creator/reconfig-win.ps1
@@ -0,0 +1,10 @@
+
+# set the environment variable to override the ARC on an Azure VM installation.
+[System.Environment]::SetEnvironmentVariable("MSFT_ARC_TEST",'true', [System.EnvironmentVariableTarget]::Machine)
+
+# disable the Azure VM guest agent
+Set-Service WindowsAzureGuestAgent -StartupType Disabled -Verbose
+Stop-Service WindowsAzureGuestAgent -Force -Verbose
+
+# Block access to the Azure IMDS endpoint
+New-NetFirewallRule -Name BlockAzureIMDS -DisplayName "Block access to Azure IMDS" -Enabled True -Profile Any -Direction Outbound -Action Block -RemoteAddress 169.254.169.254