From 33ae84432e6e13808b0fc41f2b5d8acc040ef246 Mon Sep 17 00:00:00 2001 From: Niranjan B Date: Fri, 12 Sep 2025 10:39:34 +0530 Subject: [PATCH 1/2] ADLess configuration with internal DNS --- .../azuredeploy.json | 985 ++++++++++++++++++ .../azuredeploy.parameters.json | 217 ++++ 2 files changed, 1202 insertions(+) create mode 100644 quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/azuredeploy.json create mode 100644 quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/azuredeploy.parameters.json diff --git a/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/azuredeploy.json b/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/azuredeploy.json new file mode 100644 index 000000000000..4b5edbf3a076 --- /dev/null +++ b/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/azuredeploy.json @@ -0,0 +1,985 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "parameters": { + "deploymentMode": { + "defaultValue": "Validate", + "type": "string", + "allowedValues": [ + "Validate", + "Deploy" + ], + "metadata": { + "description": "First must pass Validate prior running Deploy" + } + }, + "keyVaultName": { + "type": "string", + "metadata": { + "description": "The KeyVault name used to store the secrets." + } + }, + "createNewKeyVault": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Set this value as false, if you are re-using a Keyvault" + } + }, + "softDeleteRetentionDays": { + "type": "int", + "defaultValue": 30 + }, + "diagnosticStorageAccountName": { + "type": "string", + "metadata": { + "description": "The name of the storage account used for KV audit logs" + } + }, + "logsRetentionInDays": { + "type": "int", + "defaultValue": 30, + "minValue": 0, + "maxValue": 365, + "metadata": { + "description": "Specifies the number of days that logs are gonna be kept. If you do not want to apply any retention policy and retain data forever, set value to 0." + } + }, + "storageAccountType": { + "type": "string", + "defaultValue": "Standard_LRS", + "allowedValues": [ + "Premium_LRS", + "Premium_ZRS", + "Standard_GRS", + "Standard_GZRS", + "Standard_LRS", + "Standard_RAGRS", + "Standard_RAGZRS", + "Standard_ZRS" + ], + "metadata": { + "description": "Storage Account type" + } + }, + "clusterName": { + "type": "string", + "minLength": 3, + "maxLength": 24, + "metadata": { + "description": "This name must be unique from physical node names" + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "tenantId": { + "type": "string", + "defaultValue": "[subscription().tenantId]" + }, + "witnessType": { + "defaultValue": "No Witness", + "type": "string", + "allowedValues": [ + "Cloud", + "No Witness" + ], + "metadata": { + "description": "Witness Type must be 'cloud' for a 2 node cluster. It can be empty of other cluster sizes" + } + }, + "clusterWitnessStorageAccountName": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Storage account name to be created for the cluster witness, required when Witness Type is cloud" + } + }, + "localAdminUserName": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "local administrator username" + } + }, + "localAdminPassword": { + "type": "securestring", + "minLength": 1, + "metadata": { + "description": "local administrator password" + } + }, + "hciResourceProviderObjectID": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "Object ID of HCI Resource Provider" + } + }, + "arcNodeResourceIds": { + "defaultValue": [], + "type": "array", + "metadata": { + "description": "The arc for server node Ids of the hci cluster" + } + }, + "domainFqdn": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The domain name of the Active Directory Domain Services" + } + }, + "namingPrefix": { + "defaultValue": "hci", + "type": "string", + "metadata": { + "description": "The object name prefix (for future use, post 2402)" + } + }, + "adouPath": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The ADDS OU path" + } + }, + "identityProvider": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "valid values are ActiveDirectory, LocalIdentity" + } + }, + "securityLevel": { + "defaultValue": "Recommended", + "type": "string", + "allowedValues": [ + "Recommended", + "Customized" + ], + "metadata": { + "description": "The security level data for deploying a hci cluster" + } + }, + "driftControlEnforced": { + "defaultValue": true, + "type": "bool", + "allowedValues": [ + true, + false + ], + "metadata": { + "description": "The security setting driftControlEnforced data for deploying a hci cluster" + } + }, + "credentialGuardEnforced": { + "defaultValue": true, + "type": "bool", + "allowedValues": [ + true, + false + ], + "metadata": { + "description": "The security setting credentialGuardEnforced data for deploying a hci cluster" + } + }, + "smbSigningEnforced": { + "defaultValue": true, + "type": "bool", + "allowedValues": [ + true, + false + ], + "metadata": { + "description": "The security setting smbSigningEnforced data for deploying a hci cluster" + } + }, + "smbClusterEncryption": { + "defaultValue": false, + "type": "bool", + "allowedValues": [ + true, + false + ], + "metadata": { + "description": "The security setting smbClusterEncryption data for deploying a hci cluster" + } + }, + "bitlockerBootVolume": { + "defaultValue": true, + "type": "bool", + "allowedValues": [ + true, + false + ], + "metadata": { + "description": "The security setting bitlockerBootVolume data for deploying a hci cluster" + } + }, + "bitlockerDataVolumes": { + "defaultValue": true, + "type": "bool", + "allowedValues": [ + true, + false + ], + "metadata": { + "description": "The security setting bitlockerDataVolumes data for deploying a hci cluster" + } + }, + "wdacEnforced": { + "defaultValue": true, + "type": "bool", + "allowedValues": [ + true, + false + ], + "metadata": { + "description": "The security setting wdacEnforced data for deploying a hci cluster" + } + }, + "streamingDataClient": { + "defaultValue": true, + "type": "bool", + "allowedValues": [ + true, + false + ], + "metadata": { + "description": "The metrics data for deploying a hci cluster" + } + }, + "euLocation": { + "defaultValue": false, + "type": "bool", + "allowedValues": [ + true, + false + ], + "metadata": { + "description": "The location data for deploying a hci cluster" + } + }, + "episodicDataUpload": { + "defaultValue": true, + "type": "bool", + "allowedValues": [ + true, + false + ], + "metadata": { + "description": "The diagnostic data for deploying a hci cluster" + } + }, + "configurationMode": { + "defaultValue": "Express", + "type": "string", + "allowedValues": [ + "Express", + "InfraOnly", + "KeepStorage" + ], + "metadata": { + "description": "The storage volume configuration mode" + } + }, + "subnetMask": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The subnet mask for deploying a hci cluster" + } + }, + "defaultGateway": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The default gateway for deploying a hci cluster" + } + }, + "startingIPAddress": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The starting ip address for deploying a hci cluster" + } + }, + "endingIPAddress": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The ending ip address for deploying a hci cluster" + } + }, + "dnsServers": { + "defaultValue": [ + "" + ], + "type": "array", + "metadata": { + "description": "The dns servers for deploying a hci cluster" + } + }, + "useDhcp": { + "type": "bool", + "allowedValues": [ + true, + false + ], + "defaultValue": false, + "metadata": { + "description": "Allows customers to use DHCP for Hosts and Cluster IPs. If not declared, the deployment will default to static IPs. When true, GW and DNS servers are not required" + } + }, + "dnsServerConfig": { + "defaultValue": "UseDnsServer", + "type": "string", + "allowedValues": [ + "UseForwarder", + "UseDnsServer" + ], + "metadata": { + "description": "Specifies how DNS servers are configured for the infrastructure network. Allowed values are 'UseDnsServer' to use the provided DNS servers, and 'UseForwarder' to use DNS forwarders." + } + }, + "dnsZones": { + "defaultValue": [ + { + "dnsZoneName": "redmond.contoso.com", + "dnsForwarder": ["10.50.10.50"] + } + ], + "type": "Array", + "metadata": "The dns zones for deploying a hci cluster" + }, + "physicalNodesSettings": { + "defaultValue": [ + { + "name": "node1", + "ipv4Address": "100.69.32.64" + }, + { + "name": "node2", + "ipv4Address": "100.69.32.65" + } + ], + "type": "array", + "metadata": { + "description": "The physical nodes settings for deploying a hci cluster" + } + }, + "networkingType": { + "defaultValue": "switchedMultiServerDeployment", + "type": "string", + "allowedValues": [ + "switchedMultiServerDeployment", + "switchlessMultiServerDeployment", + "singleServerDeployment" + ], + "metadata": { + "description": "The networking type for deploying a hci cluster" + } + }, + "networkingPattern": { + "defaultValue": "hyperConverged", + "type": "string", + "allowedValues": [ + "hyperConverged", + "convergedManagementCompute", + "convergedComputeStorage", + "custom" + ], + "metadata": { + "description": "The networking pattern for deploying a hci cluster" + } + }, + "intentList": { + "defaultValue": [], + "type": "array", + "metadata": { + "description": "The intent list for deploying a hci cluster" + } + }, + "storageNetworkList": { + "defaultValue": [], + "type": "array", + "metadata": { + "description": "The storage network list for deploying a hci cluster" + } + }, + "storageConnectivitySwitchless": { + "defaultValue": false, + "type": "bool", + "metadata": { + "description": "The storage connectivity switchless value for deploying a hci cluster" + } + }, + "enableStorageAutoIp": { + "defaultvalue": true, + "type": "bool", + "metadata": { + "description": "The enable storage auto ip value for deploying a hci cluster" + } + }, + "customLocation": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "The custom location for deploying a hci cluster" + } + }, + "sbeVersion": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Solution builder extension (SBE) version" + } + }, + "sbeFamily": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Solution builder extension (SBE) family value" + } + }, + "sbePublisher": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Solution builder extension (SBE) publisher name" + } + }, + "sbeManifestSource": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Solution builder extension (SBE) manifest source" + } + }, + "sbeManifestCreationDate": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Solution builder extension (SBE) creation date" + } + }, + "partnerProperties": { + "defaultValue": [], + "type": "array", + "metadata": { + "description": "Solution builder extension (SBE) partner properties" + } + }, + "partnerCredentiallist": { + "defaultValue": [], + "type": "array", + "metadata": { + "description": "Solution builder extension (SBE) partner credential properties" + } + } + }, + "variables": { + "storageWitnessECEName": "WitnessStorageKey", + "LocalAdminCredentialECEName": "LocalAdminCredential", + "domainAdminCredentialECEName": "AzureStackLCMUserCredential", + "storageWitnessSecretName": "[concat( parameters('clusterName'), '-', 'WitnessStorageKey')]", + "LocalAdminCredentialSecretName": "[concat( parameters('clusterName'), '-', 'LocalAdminCredential')]", + "domainAdminSecretName": "[concat( parameters('clusterName'), '-', 'AzureStackLCMUserCredential')]", + "storageWitnessNameVar": "WitnessStorageKey", + "secretsLocationVar": "[concat('https://',parameters('keyVaultName'), '.vault.azure.net')]", + "witnessTypeVar": "[if(equals(parameters('witnessType'), 'No Witness'), '','Cloud')]", + "clusterWitnessStorageAccountNameVar": "[if(equals(parameters('witnessType'), 'No Witness'), '', parameters('clusterWitnessStorageAccountName'))]", + "AzureServiceEndpointVar": "[if(equals(parameters('witnessType'), 'No Witness'), '', 'core.windows.net')]", + "localAdminSecretValue": "[base64(concat(parameters('localAdminUserName'),':',parameters('localAdminPassword')))]", + "CloudWithnessStorageAccountIdVar": "[resourceId('Microsoft.Storage/storageAccounts', parameters('clusterWitnessStorageAccountName'))]", + "copy": [ + { + "name": "answerfileSBESecrets", + "count": "[length(parameters('partnerCredentialList'))]", + "input": { + "secretName": "[parameters('partnerCredentialList')[copyIndex('answerfileSBESecrets')].secretName]", + "eceSecretName": "[parameters('partnerCredentialList')[copyIndex('answerfileSBESecrets')].secretName]", + "secretLocation": "[concat('https://', parameters('keyVaultName'), '.vault.azure.net/secrets/', parameters('partnerCredentialList')[copyIndex('answerfileSBESecrets')].secretName)]" + } + }, + { + "name": "isNodeNameValid", + "count": "[length(parameters('physicalNodesSettings'))]", + "input": "[if(equals(parameters('clusterName'), parameters('physicalNodesSettings')[copyIndex('isNodeNameValid')].name), 'false', 'true')]" + } + ], + "deploymentSecretsList":[ + { + "secretName": "[variables('storageWitnessSecretName')]", + "eceSecretName" : "[variables('storageWitnessECEName')]", + "secretLocation": "[concat('https://', parameters('keyVaultName'), '.vault.azure.net/secrets/', variables('storageWitnessSecretName'))]" + }, + { + "secretName": "[variables('LocalAdminCredentialSecretName')]", + "eceSecretName" : "[variables('LocalAdminCredentialECEName')]", + "secretLocation": "[concat('https://', parameters('keyVaultName'), '.vault.azure.net/secrets/', variables('LocalAdminCredentialSecretName'))]" + } + , + { + "secretName": "[variables('domainAdminSecretName')]", + "eceSecretName" : "[variables('domainAdminCredentialECEName')]", + "secretLocation": "[concat('https://', parameters('keyVaultName'), '.vault.azure.net/secrets/', variables('domainAdminSecretName'))]" + } + + ] + }, + "resources":{ + "witnessStorageAcc" : { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2023-01-01", + "name": "[parameters('clusterWitnessStorageAccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('storageAccountType')]", + "tier": "Standard" + }, + "kind": "StorageV2", + "properties": { + "supportsHttpsTrafficOnly": true, + "minimumTlsVersion": "TLS1_2" + } + }, + "hcirproleassignment": { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "AzureConnectedMachineResourceManager-RoleAssignment", + "subscriptionId": "[subscription().subscriptionId]", + "resourceGroup": "[resourceGroup().name]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "hciResourceProviderObjectID1": { + "type": "string" + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(concat('HCIRP-',resourceGroup().id, parameters('hciResourceProviderObjectID1')))]", + "properties": { + "mode": "Incremental", + "roleDefinitionId": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', 'f5819b54-e033-4d82-ac66-4fec3cbf3f4c')]", + "principalId": "[parameters('hciResourceProviderObjectID1')]", + "scope": "[resourceGroup().id]", + "description": "Azure Connected Machine Resource Manager role assignment to HCI Resource Provider" + } + } + ] + }, + "parameters": { + "hciResourceProviderObjectID1": { + "value": "[parameters('hciResourceProviderObjectID')]" + } + } + } + }, + "edgeDevices" : { + "condition": "[equals(parameters('deploymentMode'), 'Validate')]", + "dependsOn": [ + "hcirproleassignment" + ], + "copy": { + "name": "edgeDeviceCopy", + "count": "[length(parameters('arcNodeResourceIds'))]" + }, + "type": "Microsoft.AzureStackHCI/edgeDevices", + "apiVersion": "2024-04-01", + "name": "default", + "scope": "[concat('Microsoft.HybridCompute/machines', '/', last(split(parameters('arcNodeResourceIds')[copyindex()], '/')))]", + "kind": "HCI", + "properties": {} + }, + "arcMachineRoleAssignment": { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "AzureStackHCIDeviceManagementRole-RoleAssignment", + "subscriptionId": "[subscription().subscriptionId]", + "resourceGroup": "[resourceGroup().name]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "arcNodeResourceIds1": { + "type": "array" + } + }, + "variables": {}, + "resources": [ + { + "copy": { + "name": "DVMroleAssignmentCopy", + "count": "[length(parameters('arcNodeResourceIds1'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(concat('DMR-', parameters('arcNodeResourceIds1')[copyIndex()]))]", + "properties": { + "mode": "Incremental", + "roleDefinitionId": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', '865ae368-6a45-4bd1-8fbf-0d5151f56fc1')]", + "principalId": "[reference(parameters('arcNodeResourceIds1')[copyIndex()], '2023-10-03-preview', 'full').identity.principalId]", + "scope": "[resourceGroup().id]", + "description": "[concat(substring(parameters('arcNodeResourceIds1')[copyIndex()],lastIndexOf(parameters('arcNodeResourceIds1')[copyIndex()],'/')),'- Azure Stack HCI Device Management Role')]" + } + } + ] + }, + "parameters": { + "arcNodeResourceIds1": { + "value": "[parameters('arcNodeResourceIds')]" + } + } + } + }, + "ArcMachineKVRoleAssignment": { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "KeyVaultSecretsUser-RoleAssignment", + "subscriptionId": "[subscription().subscriptionId]", + "resourceGroup": "[resourceGroup().name]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "arcNodeResourceIds1": { + "type": "array" + } + }, + "variables": {}, + "resources": [ + { + "copy": { + "name": "KVroleAssignmentCopy", + "count": "[length(parameters('arcNodeResourceIds1'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(concat('KVSU-RoleAssign', parameters('arcNodeResourceIds1')[copyIndex()]))]", + "properties": { + "mode": "Incremental", + "roleDefinitionId": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', 'b86a8fe4-44ce-4948-aee5-eccb2c155cd7')]", + "principalId": "[reference(parameters('arcNodeResourceIds1')[copyIndex()], '2023-10-03-preview', 'full').identity.principalId]", + "scope": "[resourceGroup().id]", + "description": "[concat(substring(parameters('arcNodeResourceIds1')[copyIndex()],lastIndexOf(parameters('arcNodeResourceIds1')[copyIndex()],'/')),'- Key Vault Secrets Officer')]" + } + } + ] + }, + "parameters": { + "arcNodeResourceIds1": { + "value": "[parameters('arcNodeResourceIds')]" + } + } + } + }, + "ArcMachineInfraVMRoleAssignment": { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "AzureStackHCIConnectedInfraVMs-RoleAssignment", + "subscriptionId": "[subscription().subscriptionId]", + "resourceGroup": "[resourceGroup().name]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "arcNodeResourceIds1": { + "type": "array" + } + }, + "variables": {}, + "resources": [ + { + "copy": { + "name": "IfraVMroleAssignmentCopy", + "count": "[length(parameters('arcNodeResourceIds1'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(concat('INFRAVM-RoleAssign', parameters('arcNodeResourceIds1')[copyIndex()]))]", + "properties": { + "mode": "Incremental", + "roleDefinitionId": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', 'c99c945f8bd14fb1a90301460aae6068')]", + "principalId": "[reference(parameters('arcNodeResourceIds1')[copyIndex()], '2023-10-03-preview', 'full').identity.principalId]", + "scope": "[resourceGroup().id]", + "description": "[concat(substring(parameters('arcNodeResourceIds1')[copyIndex()],lastIndexOf(parameters('arcNodeResourceIds1')[copyIndex()],'/')),'- Azure Stack HCI Connected InfraVMs')]" + } + } + ] + }, + "parameters": { + "arcNodeResourceIds1": { + "value": "[parameters('arcNodeResourceIds')]" + } + } + } + }, + "StorageAccountConfigurations":{ + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2023-01-01", + "name": "[parameters('diagnosticStorageAccountName')]", + "location": "[parameters('location')]", + "condition": "[parameters('createNewKeyVault')]", + "sku": { + "name": "[parameters('storageAccountType')]", + "tier": "Standard" + }, + "kind": "StorageV2", + "properties": { + "publicNetworkAccess": "Disabled", + "allowSharedKeyAccess": false, + "supportsHttpsTrafficOnly": true, + "minimumTlsVersion": "TLS1_2", + "networkAcls": { + "defaultAction": "Deny" + } + } + }, + "KVConfigurations":{ + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-06-01-preview", + "name": "[parameters('keyVaultName')]", + "location": "[parameters('location')]", + "condition": "[parameters('createNewKeyVault')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', parameters('clusterWitnessStorageAccountName'))]", + "[resourceId('Microsoft.Storage/storageAccounts', parameters('diagnosticStorageAccountName'))]" + ], + "properties": { + "enabledForDeployment": true, + "enabledForTemplateDeployment": true, + "enabledForDiskEncryption": true, + "enableSoftDelete": true, + "softDeleteRetentionInDays": "[parameters('softDeleteRetentionDays')]", + "enableRbacAuthorization": true, + "publicNetworkAccess": "Enabled", + "accessPolicies": [], + "tenantId": "[parameters('tenantId')]", + "sku": { + "name": "standard", + "family": "A" + } + } + }, + "KVDiagnosticsConfig":{ + "type": "Microsoft.KeyVault/vaults/providers/diagnosticsettings", + "name": "[concat(parameters('keyVaultName'), '/Microsoft.Insights/service')]", + "apiVersion": "2016-09-01", + "Location": "[resourceGroup().location]", + "condition": "[parameters('createNewKeyVault')]", + "dependsOn": [ + "[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]", + "[concat('Microsoft.Storage/storageAccounts/', parameters('diagnosticStorageAccountName'))]" + ], + "properties": { + "storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('diagnosticStorageAccountName'))]", + "logs": [ + { + "category": "AuditEvent", + "enabled": true, + "retentionPolicy": { + "enabled": true, + "days": "[parameters('LogsRetentionInDays')]" + } + } + ] + } + }, + "nodeNameValidation":{ + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[if(contains(variables('isNodeNameValid'), 'false'), '##ClusterNameIsSameAsNodeName##', 'NodeNameIsValid')]", + "properties":{ + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + "HCICluster":{ + "condition": "[equals(parameters('deploymentMode'), 'Validate')]", + "type": "Microsoft.AzureStackHCI/clusters", + "apiVersion": "2025-09-15-preview", + "name": "[parameters('clusterName')]", + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]", + "edgeDevices", + "nodeNameValidation" + ], + "identity": { + "type": "SystemAssigned" + }, + "location": "[parameters('location')]", + "properties": { + "secretsLocations" :[ + { + "secretsType": "BackupSecrets", + "secretsLocation": "[variables('secretsLocationVar')]" + } + ] + } + }, + "KVLocalAdminSecret":{ + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2021-06-01-preview", + "name": "[concat(parameters('keyVaultName'), '/', variables('LocalAdminCredentialSecretName'))]", + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ], + "location": "[parameters('location')]", + "scale": null, + "properties": { + "contentType": "Secret", + "value": "[variables('localAdminSecretValue')]", + "attributes": { + "enabled": true + } + } + }, + "KVWitnessSecret":{ + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2021-06-01-preview", + "name": "[concat(parameters('keyVaultName'), '/', variables('storageWitnessSecretName'))]", + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ], + "location": "[parameters('location')]", + "scale": null, + "properties": { + "contentType": "Secret", + "value": "[base64(listKeys(variables('CloudWithnessStorageAccountIdVar'), '2019-04-01').keys[0].value)]", + "attributes": { + "enabled": true + } + } + }, + "KVPartnerCreds":{ + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2021-06-01-preview", + "name": "[concat(parameters('keyVaultName'), '/', parameters('partnerCredentialList')[copyIndex()].secretName)]", + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ], + "location": "[parameters('location')]", + "condition": "[not(empty(parameters('partnerCredentialList')))]", + "copy": { + "name": "partnerCredsLoop", + "count": "[length(parameters('partnerCredentialList'))]" + }, + "properties": { + "contentType": "Secret", + "value": "[base64(parameters('partnerCredentialList')[copyIndex()].secretValue)]", + "attributes": { + "enabled": true + } + } + }, + "DeploymentSettings": { + "type": "microsoft.azurestackhci/clusters/deploymentSettings", + "apiVersion": "2025-09-15-preview", + "name": "[format('{0}/default', parameters('clusterName'))]", + "dependsOn": [ + "[resourceId('Microsoft.AzureStackHCI/clusters', parameters('clusterName'))]" + ], + "properties": { + "arcNodeResourceIds": "[parameters('arcNodeResourceIds')]", + "deploymentMode": "[parameters('deploymentMode')]", + "deploymentConfiguration": { + "version": "10.0.0.0", + "scaleUnits": [ + { + "deploymentData": { + "securitySettings": { + "hvciProtection": true, + "drtmProtection": true, + "driftControlEnforced": "[parameters('driftControlEnforced')]", + "credentialGuardEnforced": "[parameters('credentialGuardEnforced')]", + "smbSigningEnforced": "[parameters('smbSigningEnforced')]", + "smbClusterEncryption": "[parameters('smbClusterEncryption')]", + "sideChannelMitigationEnforced": true, + "bitlockerBootVolume": "[parameters('bitlockerBootVolume')]", + "bitlockerDataVolumes": "[parameters('bitlockerDataVolumes')]", + "wdacEnforced": "[parameters('wdacEnforced')]" + }, + "observability": { + "streamingDataClient": "[parameters('streamingDataClient')]", + "euLocation": "[parameters('euLocation')]", + "episodicDataUpload": "[parameters('episodicDataUpload')]" + }, + "cluster": { + "name": "[parameters('clusterName')]", + "witnessType": "[variables('witnessTypeVar')]", + "witnessPath": "", + "cloudAccountName": "[variables('clusterWitnessStorageAccountNameVar')]", + "azureServiceEndpoint": "[variables('AzureServiceEndpointVar')]" + }, + "storage": { + "configurationMode": "[parameters('configurationMode')]" + }, + "namingPrefix": "[parameters('namingPrefix')]", + "infrastructureNetwork": [ + { + "subnetMask": "[parameters('subnetMask')]", + "gateway": "[parameters('defaultGateway')]", + "ipPools": [ + { + "startingAddress": "[parameters('startingIPAddress')]", + "endingAddress": "[parameters('endingIPAddress')]" + } + ], + "dnsServers": "[parameters('dnsServers')]", + "useDhcp": "[parameters('useDhcp')]", + "dnsZones": "[parameters('dnsZones')]", + "dnsServerConfig": "[parameters('dnsServerConfig')]" + } + ], + "physicalNodes": "[parameters('physicalNodesSettings')]", + "hostNetwork": { + "intents": "[parameters('intentList')]", + "storageNetworks": "[parameters('storageNetworkList')]", + "storageConnectivitySwitchless": "[parameters('storageConnectivitySwitchless')]", + "enableStorageAutoIp": "[parameters('enableStorageAutoIp')]" + }, + "secrets": "[variables('deploymentSecretsList')]", + "identityProvider":"[parameters('identityProvider')]", + "optionalServices": { + "customLocation": "[parameters('customLocation')]" + } + }, + "sbePartnerInfo": { + "sbeDeploymentInfo": { + "version": "[parameters('sbeVersion')]", + "family": "[parameters('sbeFamily')]", + "publisher": "[parameters('sbePublisher')]", + "sbeManifestSource": "[parameters('sbeManifestSource')]", + "sbeManifestCreationDate": "[if(not(empty(parameters('sbeManifestCreationDate'))), parameters('sbeManifestCreationDate'), json('null'))]" + }, + "partnerProperties": "[parameters('partnerProperties')]", + "credentialList": "[variables('answerfileSBESecrets')]" + } + } + ] + } + } + } +} +} \ No newline at end of file diff --git a/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/azuredeploy.parameters.json b/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/azuredeploy.parameters.json new file mode 100644 index 000000000000..7c1f6e42acd0 --- /dev/null +++ b/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/azuredeploy.parameters.json @@ -0,0 +1,217 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "deploymentMode": { + "value": "Validate" + }, + "keyVaultName": { + "value": "hciclus-hcikv" + }, + "softDeleteRetentionDays": { + "value": 30 + }, + "diagnosticStorageAccountName": { + "value": "kvauditsa6891534bf42" + }, + "logsRetentionInDays": { + "value": 30 + }, + "storageAccountType": { + "value": "Standard_LRS" + }, + "clusterName": { + "value": "" + }, + "location": { + "value": "eastus" + }, + "tenantId": { + "value": "" + }, + "witnessType": { + "value": "Cloud" + }, + "clusterWitnessStorageAccountName": { + "value": "cluster1witnessthoroet" + }, + "localAdminUserName": { + "value": "admin" + }, + "localAdminPassword": { + "value": null + }, + "hciResourceProviderObjectID": { + "value": "" + }, + "arcNodeResourceIds": { + "value": [ + "/subscriptions/86a43cee-777a-4d3e-b9bc-80d6a9c6c73c/resourceGroups/ARMRG/providers/Microsoft.HybridCompute/machines/vhost1" + ] + }, + "namingPrefix": { + "value": "HCI01" + }, + "identityProvider":{ + "value": "LocalIdentity" + }, + "securityLevel": { + "value": "Recommended" + }, + "driftControlEnforced": { + "value": true + }, + "credentialGuardEnforced": { + "value": true + }, + "smbSigningEnforced": { + "value": true + }, + "smbClusterEncryption": { + "value": false + }, + "bitlockerBootVolume": { + "value": true + }, + "bitlockerDataVolumes": { + "value": true + }, + "wdacEnforced": { + "value": true + }, + "streamingDataClient": { + "value": true + }, + "euLocation": { + "value": false + }, + "episodicDataUpload": { + "value": true + }, + "configurationMode": { + "value": "Express" + }, + "subnetMask": { + "value": "255.255.255.0" + }, + "defaultGateway": { + "value": "100.69.32.1" + }, + "startingIPAddress": { + "value": "100.69.32.21" + }, + "endingIPAddress": { + "value": "100.69.32.27" + }, + "dnsServers": { + "value": [ + ] + }, + "useDhcp": { + "value": false + }, + "dnsServerConfig": { + "value": "UseForwarder" + }, + "dnsZones": { + "value": [ + { + "dnsZoneName": "contoso.redmond.com", + "dnsForwarder": ["10.50.10.50"] + } + ] + }, + "physicalNodesSettings": { + "value": [ + { + "name": "v-host1", + "ipv4Address": "100.69.32.20" + } + ] + }, + "networkingType": { + "value": "switchlessMultiServerDeployment" + }, + "networkingPattern": { + "value": "hyperConverged" + }, + "intentList": { + "value": [ + { + "name": "Compute_Management_Storage", + "trafficType": [ + "Compute", + "Management", + "Storage" + ], + "adapter": [ + "ethernet", + "ethernet 2" + ], + "overrideVirtualSwitchConfiguration": false, + "virtualSwitchConfigurationOverrides": { + "enableIov": "", + "loadBalancingAlgorithm": "" + }, + "overrideQosPolicy": false, + "qosPolicyOverrides": { + "priorityValue8021Action_Cluster": "7", + "priorityValue8021Action_SMB": "3", + "bandwidthPercentage_SMB": "50" + }, + "overrideAdapterProperty": true, + "adapterPropertyOverrides": { + "jumboPacket": "1514", + "networkDirect": "Disabled", + "networkDirectTechnology": "" + } + } + ] + }, + "storageNetworkList": { + "value": [ + { + "name": "StorageNetwork1", + "networkAdapterName": "Ethernet", + "vlanId": "711" + }, + { + "name": "StorageNetwork2", + "networkAdapterName": "Ethernet 2", + "vlanId": "712" + } + ] + }, + "storageConnectivitySwitchless": { + "value": true + }, + "enableStorageAutoIp": { + "value": true + }, + "customLocation": { + "value": "" + }, + "sbeVersion":{ + "value": "" + }, + "sbeFamily":{ + "value": "" + }, + "sbePublisher":{ + "value": "" + }, + "sbeManifestSource":{ + "value": "" + }, + "sbeManifestCreationDate":{ + "value": "" + }, + "partnerProperties": { + "value":[ + ] + }, + "partnerCredentiallist": { + "value": [] + } + } +} \ No newline at end of file From 8bae677eaa6cafeebe29b1e2f51a6afc887b3586 Mon Sep 17 00:00:00 2001 From: Niranjan B Date: Fri, 12 Sep 2025 10:42:15 +0530 Subject: [PATCH 2/2] ADLess configuration with internal DNS --- .../README.md | 40 +++++++++++++++++++ .../metadata.json | 10 +++++ 2 files changed, 50 insertions(+) create mode 100644 quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/README.md create mode 100644 quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/metadata.json diff --git a/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/README.md b/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/README.md new file mode 100644 index 000000000000..a4901ea3a0d9 --- /dev/null +++ b/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/README.md @@ -0,0 +1,40 @@ +--- +description: This template creates an Azure Stack HCI 23H2 cluster using an ARM template, using custom storage IP +page_type: sample +products: +- azure +- azure-resource-manager +urlFragment: create-cluster-2-node-switched-custom-storageip +languages: +- json +--- +# creates an Azure Stack HCI 23H2 cluster + +![Azure Public Test Date](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.azurestackhci/create-cluster/PublicLastTestDate.svg) +![Azure Public Test Result](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.azurestackhci/create-cluster/PublicDeployment.svg) + +![Azure US Gov Last Test Date](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.azurestackhci/create-cluster/FairfaxLastTestDate.svg) +![Azure US Gov Last Test Result](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.azurestackhci/create-cluster/FairfaxDeployment.svg) + +![Best Practice Check](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.azurestackhci/create-cluster/BestPracticeResult.svg) +![Cred Scan Check](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.azurestackhci/create-cluster/CredScanResult.svg) + +![Bicep Version](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.azurestackhci/create-cluster/BicepVersion.svg) + +This template allows you to create an Azure Stack HCI cluster using version 23H2. First you deploy the template in validate mode which does confirm the parameters at the device. Once passed you re-deploy the template with mode set to deploy. + +[![Deploy To Azure](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazure.svg?sanitize=true)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fcreate-cluster%2Fazuredeploy.json) + +[![Visualize](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/visualizebutton.svg?sanitize=true)](http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fcreate-cluster%2Fazuredeploy.json) + +## Prerequisites + +In order to deploy this template, you must have Arc enabled the server(s) and installed the mandatory extensions. The following pre-requisites must be completed: +- Register these resource providers + - Microsoft.HybridCompute + - Microsoft.GuestConfiguration + - Microsoft.HybridConnectivity + - Microsoft.AzureStackHCI +- Make a note of the HCI Resource Provider SPNs Object ID in the tenant. + +`Tags: Microsoft.AzureStackHCI/clusters, hci` diff --git a/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/metadata.json b/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/metadata.json new file mode 100644 index 000000000000..67a97316920c --- /dev/null +++ b/quickstarts/microsoft.azurestackhci/create-adless-cluster-internal-dns/metadata.json @@ -0,0 +1,10 @@ +{ + "$schema": "https://aka.ms/azure-quickstart-templates-metadata-schema#", + "type": "QuickStart", + "itemDisplayName": "creates an Azure Local cluster without Active directory supporting an internal DNS server", + "description": "This template creates an Azure Local cluster using an ARM template", + "summary": "his template creates an Azure Local cluster using an ARM template.", + "githubUsername": "troettinger", + "validationType": "Manual", + "dateUpdated": "2024-12-20" +} \ No newline at end of file