vm windows update post-deploy

terraform-azurerm-bench-windows/post-deploy-app-vm.ps1

@@ -13,8 +13,8 @@ function Exit-WithError {
 }
 
 function Get-DataDisks {
-    $sleepSeconds = 60
-    $maxAttempts = 5
+    $sleepSeconds = 30
+    $maxAttempts = 4
 
     for ($currentAttempt = 1; $currentAttempt -lt $maxAttempts; $currentAttempt++) {
         Write-Log "Querying Azure instance metadata service for virtual machine storageProfile, attempt '$currentAttempt' of '$maxAttempts'..."
@@ -46,6 +46,59 @@ function Get-DataDisks {
 # Start main
 Write-Log "Running: $PSCommandPath..."
 
+# Install PowerShell prerequisites
+
+$nugetPackage = Get-PackageProvider | Where-Object Name -eq 'NuGet'
+
+if ($null -eq $nugetPackage) {
+    Write-Log "Installing NuGet PowerShell package provider..."
+
+    try {
+        Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force 
+    }
+    catch {
+        Exit-WithError $_
+    }
+}
+
+$nugetPackage = Get-PackageProvider | Where-Object Name -eq 'NuGet'
+Write-Log "NuGet Powershell Package Provider version $($nugetPackage.Version.Major).$($nugetPackage.Version.Minor).$($nugetPackage.Version.Build).$($nugetPackage.Version.Revision) is already installed..."
+
+$repo = Get-PSRepository -Name PSGallery
+
+if ( $repo.InstallationPolicy -eq 'Trusted' ) {
+    Write-Log "PSGallery installation policy is already set to 'Trusted'..."
+}
+else {
+    Write-Log "Setting PSGallery installation policy to 'Trusted'..."
+
+    try {
+        Set-PSRepository -Name PSGallery -InstallationPolicy Trusted    
+    }
+    catch {
+        Exit-WithError $_
+    }
+}
+
+$azModule = Get-Module -ListAvailable -Name Az*
+
+if ($null -eq $azModule ) {
+    Write-Log "Installing PowerShell Az module..."
+
+    try {
+        Install-Module -Name Az -AllowClobber -Scope AllUsers
+    }
+    catch {
+        Exit-WithError $_
+    }
+}
+else {
+    Write-Log "PowerShell Az module is already installed..."
+}
+
+$azComputeMachineModule = Get-Module -ListAvailable -Name Az.Compute
+Write-Log "PowerShell Az.Compute version $($azComputeMachineModule.Version) is installed..."
+
 # Initialize data disks
 $localRawDisks = Get-Disk | Where-Object PartitionStyle -eq 'RAW'
 

terraform-azurerm-vm-windows/10-common.tf

@@ -17,11 +17,6 @@ data "azurerm_key_vault_secret" "adminuser" {
   key_vault_id = var.key_vault_id
 }
 
-data "azurerm_key_vault_secret" "log_analytics_workspace_key" {
-  name         = var.log_analytics_workspace_id
-  key_vault_id = var.key_vault_id
-}
-
 data "azurerm_key_vault_secret" "storage_account_key" {
   name         = var.storage_account_name
   key_vault_id = var.key_vault_id

terraform-azurerm-vm-windows/20-compute.tf

@@ -1,5 +1,4 @@
 # Windows Server virtual machine
-
 resource "azurerm_windows_virtual_machine" "virtual_machine_01" {
   name                     = var.vm_name
   resource_group_name      = azurerm_network_interface.virtual_machine_01_nic_01.resource_group_name
@@ -37,8 +36,11 @@ output "virtual_machine_01_name" {
   value = azurerm_windows_virtual_machine.virtual_machine_01.name
 }
 
-# Nics
+output "virtual_machine_01_principal_id" {
+  value = azurerm_windows_virtual_machine.virtual_machine_01.identity[0].principal_id
+}
 
+# Nics
 resource "azurerm_network_interface" "virtual_machine_01_nic_01" {
   name                = "nic-${var.vm_name}-001"
   location            = var.location
@@ -64,39 +66,14 @@ output "virtual_machine_01_nic_01_private_ip_address" {
   value = azurerm_network_interface.virtual_machine_01_nic_01.private_ip_addresses[0]
 }
 
-# Data disks
-
-resource "azurerm_managed_disk" "virtual_machine_01_data_disks" {
-  for_each = var.vm_data_disk_config
-
-  name                 = "disk-${var.vm_name}-${each.value.name}"
-  location             = var.location
-  resource_group_name  = var.resource_group_name
-  storage_account_type = var.vm_storage_account_type
-  create_option        = "Empty"
-  disk_size_gb         = each.value.disk_size_gb
-  tags                 = var.tags
-}
-
-resource "azurerm_virtual_machine_data_disk_attachment" "virtual_machine_01_data_disk_attachments" {
-  for_each = var.vm_data_disk_config
-
-  managed_disk_id    = azurerm_managed_disk.virtual_machine_01_data_disks[each.key].id
-  virtual_machine_id = azurerm_windows_virtual_machine.virtual_machine_01.id
-  lun                = each.value.lun
-  caching            = each.value.caching
-}
-
 # Virtual machine extensions
-
 resource "azurerm_virtual_machine_extension" "virtual_machine_01_postdeploy_script" {
   name                     = "vmext-${azurerm_windows_virtual_machine.virtual_machine_01.name}-postdeploy-script"
   virtual_machine_id       = azurerm_windows_virtual_machine.virtual_machine_01.id
   publisher                = "Microsoft.Compute"
   type                     = "CustomScriptExtension"
   type_handler_version     = "1.10"
   tags                     = var.tags
-  depends_on               = [azurerm_virtual_machine_data_disk_attachment.virtual_machine_01_data_disk_attachments]
 
   settings = <<SETTINGS
     {

terraform-azurerm-vm-windows/README.md

@@ -25,7 +25,7 @@ This section describes how to provision this quick start using default settings.
 
 ## Resource index
 
-This section provides an index of the ~5 resources included in this quick start.
+This section provides an index of the 3 resources included in this quick start.
 
 ### Windows jump box virtual machine
 
@@ -44,6 +44,7 @@ vm_image_sku | Input | string | Local | 2019-Datacenter
 vm_image_version | Input | string | Local | Latest
 virtual_machine_01_id | Output | string | Local | /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-vdc-nonprod-001/providers/Microsoft.Compute/virtualMachines/winjump1
 virtual_machine_01_name | Output | string | Local | winjump1
+virtual_machine_01_principal_id | Output | string | Local | 00000000-0000-0000-0000-000000000000
 
 #### Network interface
 
@@ -55,15 +56,6 @@ virtual_machine_01_nic_01_id | Output | string | Local | /subscriptions/00000000
 virtual_machine_01_nic_01_name | Output | string | Local | nic-winjump1-001
 virtual_machine_01_nic_01_private_ip_address | Output | string | Local | 10.1.0.4
 
-#### Managed disks and data disk attachments
-
-One or more dedicated [managed disks](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview) for use by the Windows jump box virtual machine as data disks. Each of the dedicated managed disks is automatically attached to the virtual machine.
-
-Variable | In/Out | Type | Scope | Sample
---- | --- | --- | --- | ---
-vm_data_disk_config | Input | map | Local | { data = { name = "vol_data_N", disk_size_gb = "4", lun = "0", caching = "ReadWrite" } }
-vm_storage_account_type | Input | string | Local | Standard_LRS
-
 #### Virtual machine extensions
 
 Pre-configured [virtual machine extensions](https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/overview) attached to the Windows jump box virtual machine including:
@@ -72,7 +64,6 @@ Pre-configured [virtual machine extensions](https://docs.microsoft.com/en-us/azu
 
 Variable | In/Out | Type | Scope | Sample
 --- | --- | --- | --- | ---
-log_analytics_workspace_id | Input | string | Local | 00000000-0000-0000-0000-000000000000
 app_vm_post_deploy_script_name | Input | string | Local | post-deploy-app-vm.ps1
 app_vm_post_deploy_script_uri | Input | string | Local | <https://stbfde01d4ee60a358001.blob.core.windows.net/scripts/post-deploy-app-vm.ps1>
 storage_account_name | Input | String | Local | st8e644ec51c5be098001

terraform-azurerm-vm-windows/bootstrap.sh

@@ -29,8 +29,6 @@ default_resource_group_name=$(terraform output -state=$state_file resource_group
 default_location=$(terraform output -state=$state_file resource_group_01_location)
 default_key_vault_id=$(terraform output -state=$state_file key_vault_01_id)
 default_key_vault_name=$(terraform output -state=$state_file key_vault_01_name)
-default_log_analytics_workspace_id=$(terraform output -state=$state_file log_analytics_workspace_01_workspace_id)
-default_law_workspace_key=$(terraform output -state=$state_file log_analytics_workspace_01_primary_shared_key)
 default_subnet_id=$(terraform output -state=$state_file vnet_shared_01_default_subnet_id)
 default_storage_account_name=$(terraform output -state=$state_file storage_account_01_name)
 default_storage_account_key=$(terraform output -state=$state_file storage_account_01_key)
@@ -68,13 +66,6 @@ az keyvault secret set \
     --value "$admin_password" \
     --output none
 
-printf "Setting log analytics secret $default_log_analytics_workspace_id with value $default_law_workspace_key in keyvault $default_key_vault_name...\n"
-az keyvault secret set \
-    --vault-name ${default_key_vault_name:1:-1} \
-    --name ${default_log_analytics_workspace_id:1:-1} \
-    --value "${default_law_workspace_key:1:-1}" \
-    --output none
-
 printf "Setting storage account secret $default_storage_account_name with value $default_storage_account_key to keyvault $default_key_vault_name...\n"
 az keyvault secret set \
     --vault-name ${default_key_vault_name:1:-1} \
@@ -102,7 +93,6 @@ printf "app_vm_post_deploy_script_uri   = \"$app_vm_post_deploy_script_uri\"\n"
 printf "key_vault_id                    = $default_key_vault_id\n"                  >> ./terraform.tfvars
 printf "key_vault_name                  = $default_key_vault_name\n"                >> ./terraform.tfvars
 printf "location                        = $default_location\n"                      >> ./terraform.tfvars
-printf "log_analytics_workspace_id      = $default_log_analytics_workspace_id\n"    >> ./terraform.tfvars
 printf "resource_group_name             = $default_resource_group_name\n"           >> ./terraform.tfvars
 printf "storage_account_name            = $default_storage_account_name\n"          >> ./terraform.tfvars
 printf "subnet_id                       = $default_subnet_id\n"                     >> ./terraform.tfvars