diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index c3e154508..8e72b25aa 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -486,7 +486,6 @@ var varSessionHostLocationAcronym = varLocations[varSessionHostLocationLowercase var varManagementPlaneLocationAcronym = varLocations[varManagementPlaneLocationLowercase].acronym var varLocations = loadJsonContent('../variables/locations.json') var varTimeZoneSessionHosts = varLocations[varSessionHostLocationLowercase].timeZone -var varTimeZoneManagementPlane = varLocations[varManagementPlaneLocationLowercase].timeZone var varManagementPlaneNamingStandard = '${varDeploymentPrefixLowercase}-${varDeploymentEnvironmentLowercase}-${varManagementPlaneLocationAcronym}' var varComputeStorageResourcesNamingStandard = '${varDeploymentPrefixLowercase}-${varDeploymentEnvironmentLowercase}-${varSessionHostLocationAcronym}' var varDiskEncryptionSetName = avdUseCustomNaming ? '${ztDiskEncryptionSetCustomNamePrefix}-${varComputeStorageResourcesNamingStandard}-001' : 'des-zt-${varComputeStorageResourcesNamingStandard}-001' @@ -537,11 +536,11 @@ var varZtKvName = avdUseCustomNaming ? '${ztKvPrefixCustomName}-${varComputeStor var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // var varFslogixSharePath = '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' -var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' -var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/complex-adjoin-pw/workload/' +var varSessionHostConfigurationScriptFileName = 'Set-SessionHostConfiguration.ps1' +var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/${varSessionHostConfigurationScriptFileName}' +var varSessionHostConfigurationScript = './${varSessionHostConfigurationScriptFileName}' var varDiskEncryptionKeyExpirationInEpoch = dateTimeToEpoch(dateTimeAdd(time, 'P${string(diskEncryptionKeyExpirationInDays)}D')) -var varAvdAgentPackageLocation = 'https://wvdportalstorageblob.blob.${environment().suffixes.storage}/galleryartifacts/Configuration_09-08-2022.zip' var varCreateStorageDeployment = (createAvdFslogixDeployment || createMsixDeployment == true) ? true : false var varFslogixStorageSku = zoneRedundantStorage ? '${fslogixStoragePerformance}_ZRS' : '${fslogixStoragePerformance}_LRS' var varMsixStorageSku = zoneRedundantStorage ? '${msixStoragePerformance}_ZRS' : '${msixStoragePerformance}_LRS' @@ -753,9 +752,11 @@ var varMarketPlaceGalleryWindows = { version: 'latest' } } -var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip' -var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' -var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' + +var varStorageAzureFilesDscAgentPackageLocation = '${varBaseScriptUri}scripts/DSCStorageScripts.zip' +var varStorageToDomainScriptFileName = 'Manual-DSC-Storage-Scripts.ps1' +var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/${varStorageToDomainScriptFileName}' +var varStorageToDomainScript = './${varStorageToDomainScriptFileName}' var varOuStgPath = !empty(storageOuPath) ? '"${storageOuPath}"' : '"${varDefaultStorageOuPath}"' var varDefaultStorageOuPath = (avdIdentityServiceProvider == 'AADDS') ? 'AADDC Computers' : 'Computers' var varStorageCustomOuPath = !empty(storageOuPath) ? 'true' : 'false' @@ -913,6 +914,7 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre vnetPeeringName: varVnetPeeringName remoteVnetPeeringName: varRemoteVnetPeeringName vnetAvdSubnetName: varVnetAvdSubnetName + //existingPeSubnetResourceId: existingVnetPrivateEndpointSubnetResourceId vnetPrivateEndpointSubnetName: varVnetPrivateEndpointSubnetName createVnetPeering: varCreateVnetPeering deployPrivateEndpointSubnet: (deployPrivateEndpointKeyvaultStorage == true) ? true : false //adding logic that will be used when also including AVD control plane PEs @@ -960,7 +962,7 @@ module managementPLane './modules/avdManagementPlane/deploy.bicep' = { startVmOnConnect: (avdHostPoolType == 'Pooled') ? avdDeployScalingPlan : avdStartVmOnConnect workloadSubsId: avdWorkloadSubsId identityServiceProvider: avdIdentityServiceProvider - securityPrincipalIds: !empty(securityPrincipalId)? array(securityPrincipalId): [] + securityPrincipalIds: !empty(securityPrincipalId) ? array(securityPrincipalId) : [] tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' hostPoolAgentUpdateSchedule: varHostPoolAgentUpdateSchedule @@ -987,7 +989,7 @@ module identity './modules/identity/deploy.bicep' = { enableStartVmOnConnect: avdStartVmOnConnect identityServiceProvider: avdIdentityServiceProvider createStorageDeployment: varCreateStorageDeployment - securityPrincipalIds: !empty(securityPrincipalId)? array(securityPrincipalId): [] + securityPrincipalIds: !empty(securityPrincipalId) ? array(securityPrincipalId) : [] tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags } dependsOn: [ @@ -1168,7 +1170,7 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if deployPrivateEndpoint: deployPrivateEndpointKeyvaultStorage ouStgPath: varOuStgPath managedIdentityClientId: varCreateStorageDeployment ? identity.outputs.managedIdentityStorageClientId : '' - securityPrincipalName: !empty(securityPrincipalName)? securityPrincipalName: '' + securityPrincipalName: !empty(securityPrincipalName) ? securityPrincipalName : '' domainJoinUserName: avdDomainJoinUserName wrklKvName: varWrklKvName serviceObjectsRgName: varServiceObjectsRgName @@ -1212,7 +1214,7 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (cr deployPrivateEndpoint: deployPrivateEndpointKeyvaultStorage ouStgPath: varOuStgPath managedIdentityClientId: varCreateStorageDeployment ? identity.outputs.managedIdentityStorageClientId : '' - securityPrincipalName: !empty(securityPrincipalName)? securityPrincipalName: '' + securityPrincipalName: !empty(securityPrincipalName) ? securityPrincipalName : '' domainJoinUserName: avdDomainJoinUserName wrklKvName: varWrklKvName serviceObjectsRgName: varServiceObjectsRgName diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index eea5a9e45..f8ac24773 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -15,6 +15,9 @@ param deployAsg bool @sys.description('Existing virtual network subnet for AVD.') param existingAvdSubnetResourceId string +//@sys.description('Existing virtual network subnet for private endpoints.') +//param existingPeSubnetResourceId string + @sys.description('Resource Group Name for the AVD session hosts') param computeObjectsRgName string @@ -105,11 +108,16 @@ var varVirtualNetworkLogsDiagnostic = varAzureCloudName == 'AzureUSGovernment' ? var varVirtualNetworkMetricsDiagnostic = [ 'AllMetrics' ] + var varCreateAvdStaicRoute = true var varExistingAvdVnetSubId = !createVnet ? split(existingAvdSubnetResourceId, '/')[2] : '' var varExistingAvdVnetSubRgName = !createVnet ? split(existingAvdSubnetResourceId, '/')[4] : '' var varExistingAvdVnetName = !createVnet ? split(existingAvdSubnetResourceId, '/')[8] : '' var varExistingAvdVnetResourceId = !createVnet ? '/subscriptions/${varExistingAvdVnetSubId}/resourceGroups/${varExistingAvdVnetSubRgName}/providers/Microsoft.Network/virtualNetworks/${varExistingAvdVnetName}' : '' +//var varExistingPeVnetSubId = split(existingPeSubnetResourceId, '/')[2] +//var varExistingPeVnetSubRgName = split(existingPeSubnetResourceId, '/')[4] +//var varExistingAPeVnetName = split(existingPeSubnetResourceId, '/')[8] +//var varExistingPeVnetResourceId = '/subscriptions/${varExistingPeVnetSubId}/resourceGroups/${varExistingPeVnetSubRgName}/providers/Microsoft.Network/virtualNetworks/${varExistingAPeVnetName}' // =========== // // Deployments // // =========== // diff --git a/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep b/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep index 873065f21..c840ceb29 100644 --- a/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep +++ b/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep @@ -20,6 +20,13 @@ param scriptArguments string @sys.description('Domain join user password.') param adminUserPassword string +// =========== // +// Variable declaration // +// =========== // + +var varscriptArgumentsWithPassword = '${scriptArguments} -DomainAdminUserPassword "${replace(adminUserPassword, '"', '""')}" -verbose' + + // =========== // // Deployments // // =========== // @@ -36,7 +43,8 @@ resource dscStorageScript 'Microsoft.Compute/virtualMachines/extensions@2022-08- settings: {} protectedSettings: { fileUris: array(baseScriptUri) - commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File ${file} ${scriptArguments} -AdminUserPassword ${adminUserPassword} -verbose' + commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File ${file} ${varscriptArgumentsWithPassword} -verbose' } } } + diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 3a7434b1d..7b6fe5665 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -102,7 +102,6 @@ param storageAccountFqdn string // Variable declaration // // =========== // var varAzureCloudName = environment().name -var varStoragePurposeLower = toLower(storagePurpose) var varAvdFileShareLogsDiagnostic = [ 'allLogs' ] @@ -140,7 +139,7 @@ module storageAndFile '../../../../carml/1.3.0/Microsoft.Storage/storageAccounts activeDirectoryProperties: (identityServiceProvider == 'AAD') ? { domainGuid: identityDomainGuid domainName: identityDomainName - }: {} + } : {} } accessTier: 'Hot' networkAcls: deployPrivateEndpoint ? { @@ -176,7 +175,7 @@ module storageAndFile '../../../../carml/1.3.0/Microsoft.Storage/storageAccounts privateDnsZoneGroup: { privateDNSResourceIds: [ vnetPrivateDnsZoneFilesId - ] + ] } } ] : [] diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index 76c0bce42..6a29d544d 100644 Binary files a/workload/scripts/DSCStorageScripts.zip and b/workload/scripts/DSCStorageScripts.zip differ diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 similarity index 99% rename from workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 rename to workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 index 2507c1331..0253b590b 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 @@ -180,10 +180,12 @@ Try { icacls ${DriveLetter}: /grant "${Group}:(M)" Write-Log "AD group $Group ACLs set" } + # Write-Log "Unmounting drive" # # Remove-PSDrive -Name $DriveLetter -Force # net use ${DriveLetter} /delete # Write-Log "Drive unmounted" + } Catch { Write-Log -Err "Error while setting up NTFS permission for FSLogix"