AzSHCI.CloudDeploymentTool.psm1
|
<#############################################################
# # # Copyright (C) Microsoft Corporation. All rights reserved. # # # #############################################################> Import-Module $PSScriptRoot\Classes\reporting.psm1 -Force -DisableNameChecking -Global function Invoke-AzStackHCIEnvironmentPreparator { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Tenant used for HCI Cluster Deployment")] [string] $TenantID, # AzureCloud , AzureUSGovernment , AzureChinaCloud [Parameter(Mandatory = $true, HelpMessage = "Azure Cloud type used for HCI Cluster Deployment. Valid values are : AzureCloud , AzureUSGovernment , AzureChinaCloud")] [string] $Cloud, [Parameter(Mandatory = $true, HelpMessage = "Azure Region used for HCI Cluster Deployment")] [string] $Region, [Parameter(Mandatory = $true, HelpMessage = "Registration user credentials for HCI cluster deployment")] [System.Management.Automation.PSCredential] $RegistrationUserCredentials, [Parameter(Mandatory = $false, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $true, HelpMessage = "Local Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $LocalAdminCredentials, [Parameter(Mandatory = $true, HelpMessage = "Cloud Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $DomainAdminCredentials, [Parameter(Mandatory = $true, HelpMessage = "Arc Node ids required for cloud based deployment")] [string[]] $ArcNodeIds, [Parameter(Mandatory = $false, HelpMessage = "Return PSObject result.")] [System.Collections.Hashtable] $Tag, [Parameter(Mandatory = $false, HelpMessage = "Directory path for log and report output")] [string]$OutputPath, [Parameter(Mandatory = $false)] [Switch] $Force, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { $script:ErrorActionPreference = 'Stop' $ProgressPreference = 'SilentlyContinue' $DebugPreference = "Continue" Set-AzStackHciOutputPath -Path $OutputPath if(CheckIfScriptIsRunByAdministrator){ Log-Info -Message "Script is run as administrator, so enabling" [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072; } else{ throw "This script should be executed in administrator mode or above" } Log-Info -Message "Trying to connect using registration user credentials" Connect-AzAccount -Subscription $SubscriptionID -Tenant $TenantID -Credential $RegistrationUserCredentials | Out-Null Log-Info -Message "Successfully connected using the registration user credentials" if ($null -eq $ClusterName) { Log-Info -Message "Obtained cluster name is null, so getting the cluster Name from the answer file" -ConsoleOut $ClusterName = GetClusterNameFromAnswerFile -AnswerFilePath $AnswerFilePath Log-Info -Message "Obtained cluster name from answer file is $ClusterName" -ConsoleOut } Log-Info -Message "Starting AzStackHci Deployment Initialization" -ConsoleOut CreateResourceGroupIfNotExists -ResourceGroupName $ResourceGroup -Region $Region Log-Info -Message "Registering Resource providers step" -ConsoleOut RegisterRequiredResourceProviders Log-Info -Message "Creating cluster and assigning permissions for ARC machines" -ConsoleOut CreateClusterAndAssignRoles -SubscriptionID $SubscriptionID -ResourceGroup $ResourceGroup -Region $Region -ClusterName $ClusterName Log-Info -Message "Creating storage cloud for witness" -ConsoleOut CreateStorageAccountForCloudDeployment -ResourceGroup $ResourceGroup -Region $Region -ClusterName $ClusterName -Prefix $Prefix Log-Info -Message "Creating key vault and adding the secrets" CreateKeyVaultAndAddSecrets -SubscriptionID $SubscriptionID -ResourceGroup $ResourceGroup -Region $Region -RegistrationUserCredentials $RegistrationUserCredentials -LocalAdminCredentials $LocalAdminCredentials -DomainAdminCredentials $DomainAdminCredentials -ClusterName $ClusterName -Prefix $Prefix Log-Info -Message "Trying to assign the rbac permissions on the Arc Machines" -ConsoleOut AssignPermissionsToArcMachines -ArcMachineIds $ArcNodeIds -ResourceGroup $ResourceGroup Log-Info -Message "Successfully assigned the rbac permission on the Arc Machines" -ConsoleOut Log-Info -Message "Successfully prepared the environment with cluster, storage account and kv" -ConsoleOut } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error $cmdletFailed = $true throw $_ } finally { Disconnect-AzAccount -ErrorAction SilentlyContinue | out-null $Script:ErrorActionPreference = 'SilentlyContinue' Write-AzStackHciFooter -invocation $MyInvocation -Failed:$cmdletFailed -PassThru:$PassThru $DebugPreference = "Stop" } } function Invoke-AzStackHCIEnvironmentValidator { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Tenant used for HCI Cluster Deployment")] [string] $TenantID, [Parameter(Mandatory = $true, HelpMessage = "Registration user credentials for HCI cluster deployment")] [System.Management.Automation.PSCredential] $RegistrationUserCredentials, [Parameter(Mandatory = $false, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $true, HelpMessage = "Arc Node ids required for cloud based deployment")] [string[]] $ArcNodeIds, [Parameter(Mandatory = $true, HelpMessage = "Answer file path required for deployment")] [string] $AnswerFilePath, [Parameter(Mandatory = $false, HelpMessage = "Return PSObject result.")] [System.Collections.Hashtable] $Tag, [Parameter(Mandatory = $false, HelpMessage = "Directory path for log and report output")] [string]$OutputPath, [Parameter(Mandatory = $false)] [Switch] $Force, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { $script:ErrorActionPreference = 'Stop' $ProgressPreference = 'SilentlyContinue' $DebugPreference = "Continue" Set-AzStackHciOutputPath -Path $OutputPath if(CheckIfScriptIsRunByAdministrator){ Log-Info -Message "Script is run as administrator, so enabling" [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072; } else{ throw "This script should be executed in administrator mode or above" } Log-Info -Message "Trying to connect using registration user credentials" Connect-AzAccount -Subscription $SubscriptionID -Tenant $TenantID -Credential $RegistrationUserCredentials | Out-Null Log-Info -Message "Successfully connected using the registration user credentials" if ($null -eq $ClusterName) { Log-Info -Message "Obtained cluster name is null, so getting the cluster Name from the answer file" -ConsoleOut $ClusterName = GetClusterNameFromAnswerFile -AnswerFilePath $AnswerFilePath Log-Info -Message "Obtained cluster name from answer file is $ClusterName" -ConsoleOut } Log-Info -Message "Starting Deployment Settings Validation Operation" -ConsoleOut $storageAccountName = GetStorageAccountName -ClusterName $ClusterName -Prefix $Prefix $KVName = GetKeyVaultName -ClusterName $ClusterName -Prefix $Prefix $deploymentSettingsObject = Get-Content $AnswerFilePath | ConvertFrom-Json if ($null -eq $deploymentSettingsObject){ throw "Deployment Settings Object cannot be null" } Log-Info -Message "Deployment Settings Object obtained is $deploymentSettingsObject" -ConsoleOut $kvResource = Get-AzResource -Name $KVName -ResourceType "Microsoft.KeyVault/vaults" -ResourceGroupName $ResourceGroup $kvVaultUri = $kvResource.Properties.vaultUri Log-Info -Message "Key Vault Uri obtained is $kvVaultUri" -ConsoleOut # Will Trigger Validate first $deploymentSettingsParameters = ReplaceDeploymentSettingsParametersTemplateWithActualValues -deploymentSettingsObject $deploymentSettingsObject -clusterName $ClusterName -arcNodeResourceIds $ArcNodeIds -storageAccountName $storageAccountName -secretsLocation $kvVaultUri if ($null -eq $deploymentSettingsParameters){ throw "Deployment Settings Parameters cannot be null" } $deploymentSettingsParameters.parameters.deploymentMode.value = "Validate" Log-Info -Message "Deployment settings parameters obtained is $deploymentSettingsParameters" -ConsoleOut $deploymentSettingsParametersJson = $deploymentSettingsParameters | ConvertTo-Json -Depth 100 Log-Info -Message "Deployment Settings Parameters to json is $deploymentSettingsParametersJson" -ConsoleOut $updatedDeploymentSettingsParametersFilePath = (Join-Path -Path $env:TEMP -ChildPath "\DeploymentSettingsReportedPropertiesValidate.json") Log-Info -Message "Updated Deployment Settings Parameters File Path $updatedDeploymentSettingsParametersFilePath" -ConsoleOut Set-Content -Path $updatedDeploymentSettingsParametersFilePath -Value $deploymentSettingsParametersJson | Out-Null $deploymentSettingsTemplateFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Templates\DeploymentSettingsTemplate.json") $deploymentIdentifier = [guid]::NewGuid().ToString().Split("-")[0] $deploymentSettingsValidationName = $ResourceGroup + "-DSValidate" + $deploymentIdentifier Log-Info -Message "Deployment Settings Template File Path $deploymentSettingsTemplateFilePath and Deployment Name $deploymentSettingsDeploymentName" -ConsoleOut $resourceGroupDeploymentStatus = New-AzResourceGroupDeployment -Name $deploymentSettingsValidationName -ResourceGroupName $ResourceGroup -TemplateFile $deploymentSettingsTemplateFilePath -TemplateParameterFile $updatedDeploymentSettingsParametersFilePath -Force -Verbose -AsJob $deploystatusString = $resourceGroupDeploymentStatus | Out-String Log-Info -Message "Triggered Validated the deployment Settings Resource $deploystatusString" -ConsoleOut Start-Sleep -Seconds 120 $deploymentStatus = Get-AzResourceGroupDeployment -ResourceGroupName $ResourceGroup -Name $deploymentSettingsValidationName | Format-Table ResourceGroupName, DeploymentName, ProvisioningState $deploystatusString = $deploymentStatus | Out-String Log-Info -Message "Triggered Validated the deployment Settings Resource $deploystatusString" -ConsoleOut } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } finally { Disconnect-AzAccount -ErrorAction SilentlyContinue | out-null $Script:ErrorActionPreference = 'SilentlyContinue' Write-AzStackHciFooter -invocation $MyInvocation -Failed:$cmdletFailed -PassThru:$PassThru $DebugPreference = "Stop" } } function Invoke-AzStackHCIDeployment { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Tenant used for HCI Cluster Deployment")] [string] $TenantID, [Parameter(Mandatory = $true, HelpMessage = "Registration user credentials for HCI cluster deployment")] [System.Management.Automation.PSCredential] $RegistrationUserCredentials, [Parameter(Mandatory = $false, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $true, HelpMessage = "Arc Node ids required for cloud based deployment")] [string[]] $ArcNodeIds, [Parameter(Mandatory = $true, HelpMessage = "Answer file path required for deployment")] [string] $AnswerFilePath, [Parameter(Mandatory = $false, HelpMessage = "Return PSObject result.")] [System.Collections.Hashtable] $Tag, [Parameter(Mandatory = $false, HelpMessage = "Directory path for log and report output")] [string]$OutputPath, [Parameter(Mandatory = $false)] [Switch] $Force, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { $script:ErrorActionPreference = 'Stop' $ProgressPreference = 'SilentlyContinue' $DebugPreference = "Continue" Set-AzStackHciOutputPath -Path $OutputPath if(CheckIfScriptIsRunByAdministrator){ Log-Info -Message "Script is run as administrator, so enabling" [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072; } else{ throw "This script should be executed in administrator mode or above" } Log-Info -Message "Trying to connect using registration user credentials" Connect-AzAccount -Subscription $SubscriptionID -Tenant $TenantID -Credential $RegistrationUserCredentials | Out-Null Log-Info -Message "Successfully connected using the registration user credentials" if ($null -eq $ClusterName) { Log-Info -Message "Obtained cluster name is null, so getting the cluster Name from the answer file" -ConsoleOut $ClusterName = GetClusterNameFromAnswerFile -AnswerFilePath $AnswerFilePath Log-Info -Message "Obtained cluster name from answer file is $ClusterName" -ConsoleOut } Log-Info -Message "Starting Deployment Settings Validation Operation" -ConsoleOut $storageAccountName = GetStorageAccountName -ClusterName $ClusterName -Prefix $Prefix $KVName = GetKeyVaultName -ClusterName $ClusterName -Prefix $Prefix $deploymentSettingsObject = Get-Content $AnswerFilePath | ConvertFrom-Json if ($null -eq $deploymentSettingsObject){ throw "Deployment Settings Object cannot be null" } Log-Info -Message "Deployment Settings Object obtained is $deploymentSettingsObject" -ConsoleOut $kvResource = Get-AzResource -Name $KVName -ResourceType "Microsoft.KeyVault/vaults" -ResourceGroupName $ResourceGroup $kvVaultUri = $kvResource.Properties.vaultUri Log-Info -Message "Key Vault Uri obtained is $kvVaultUri" -ConsoleOut # Will Trigger Deployment $deploymentSettingsParameters = ReplaceDeploymentSettingsParametersTemplateWithActualValues -deploymentSettingsObject $deploymentSettingsObject -clusterName $ClusterName -arcNodeResourceIds $ArcNodeIds -storageAccountName $storageAccountName -secretsLocation $kvVaultUri if ($null -eq $deploymentSettingsParameters){ throw "Deployment Settings Parameters cannot be null" } $deploymentSettingsParameters.parameters.deploymentMode.value = "Deploy" Log-Info -Message "Deployment settings parameters obtained is $deploymentSettingsParameters" -ConsoleOut $deploymentSettingsParametersJson = $deploymentSettingsParameters | ConvertTo-Json -Depth 100 Log-Info -Message "Deployment Settings Parameters to json is $deploymentSettingsParametersJson" -ConsoleOut $updatedDeploymentSettingsParametersFilePath = (Join-Path -Path $env:TEMP -ChildPath "\DeploymentSettingsReportedPropertiesDeploy.json") Log-Info -Message "Updated Deployment Settings Parameters File Path $updatedDeploymentSettingsParametersFilePath" -ConsoleOut Set-Content -Path $updatedDeploymentSettingsParametersFilePath -Value $deploymentSettingsParametersJson | Out-Null $deploymentSettingsTemplateFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Templates\DeploymentSettingsTemplate.json") $deploymentIdentifier = [guid]::NewGuid().ToString().Split("-")[0] $deploymentSettingsValidationName = $ResourceGroup + "-DSDeploy" + $deploymentIdentifier Log-Info -Message "Deployment Settings Template File Path $deploymentSettingsTemplateFilePath and Deployment Name $deploymentSettingsDeploymentName" -ConsoleOut New-AzResourceGroupDeployment -Name $deploymentSettingsValidationName -ResourceGroupName $ResourceGroup -TemplateFile $deploymentSettingsTemplateFilePath -TemplateParameterFile $updatedDeploymentSettingsParametersFilePath -Force -Verbose -AsJob Start-Sleep -Seconds 120 $deploymentStatus = Get-AzResourceGroupDeployment -ResourceGroupName $ResourceGroup -Name $deploymentSettingsValidationName $deploystatusString = $deploymentStatus | Out-String Log-Info -Message "Triggered the deployment Settings Resource in deploy mode: $deploystatusString " -ConsoleOut } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } finally { Disconnect-AzAccount -ErrorAction SilentlyContinue | out-null $Script:ErrorActionPreference = 'SilentlyContinue' Write-AzStackHciFooter -invocation $MyInvocation -Failed:$cmdletFailed -PassThru:$PassThru $DebugPreference = "Stop" } } function Invoke-AzStackHCIFullDeployment { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Tenant used for HCI Cluster Deployment")] [string] $TenantID, # AzureCloud , AzureUSGovernment , AzureChinaCloud [Parameter(Mandatory = $true, HelpMessage = "Azure Cloud type used for HCI Cluster Deployment. Valid values are : AzureCloud , AzureUSGovernment , AzureChinaCloud")] [string] $Cloud, [Parameter(Mandatory = $true, HelpMessage = "Azure Region used for HCI Cluster Deployment")] [string] $Region, [Parameter(Mandatory = $true, HelpMessage = "Registration user credentials for HCI cluster deployment")] [System.Management.Automation.PSCredential] $RegistrationUserCredentials, [Parameter(Mandatory = $false, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $true, HelpMessage = "Local Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $LocalAdminCredentials, [Parameter(Mandatory = $true, HelpMessage = "Cloud Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $DomainAdminCredentials, [Parameter(Mandatory = $true, HelpMessage = "Arc Node ids required for cloud based deployment")] [string[]] $ArcNodeIds, [Parameter(Mandatory = $true, HelpMessage = "Answer file path required for deployment")] [string] $AnswerFilePath, [Parameter(Mandatory = $false, HelpMessage = "Return PSObject result.")] [System.Collections.Hashtable] $Tag, [Parameter(Mandatory = $false, HelpMessage = "Directory path for log and report output")] [string]$OutputPath, [Parameter(Mandatory = $false)] [Switch] $Force, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { $script:ErrorActionPreference = 'Stop' $ProgressPreference = 'SilentlyContinue' $DebugPreference = "Continue" Set-AzStackHciOutputPath -Path $OutputPath if(CheckIfScriptIsRunByAdministrator){ Log-Info -Message "Script is run as administrator, so enabling" [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072; } else{ throw "This script should be executed in administrator mode or above" } Log-Info -Message "Trying to connect using registration user credentials" Connect-AzAccount -Subscription $SubscriptionID -Tenant $TenantID -Credential $RegistrationUserCredentials | Out-Null Log-Info -Message "Successfully connected using the registration user credentials" if ($null -eq $ClusterName) { Log-Info -Message "Obtained cluster name is null, so getting the cluster Name from the answer file" -ConsoleOut $ClusterName = GetClusterNameFromAnswerFile -AnswerFilePath $AnswerFilePath Log-Info -Message "Obtained cluster name from answer file is $ClusterName" -ConsoleOut } Log-Info -Message "Starting AzStackHci Full Deployment" -ConsoleOut $environmentPreparationParameters = @{ SubscriptionID = $SubscriptionID ResourceGroup = $ResourceGroup TenantID = $TenantID Cloud = $Cloud Region = $Region RegistrationUserCredentials = $RegistrationUserCredentials ClusterName = $ClusterName LocalAdminCredentials = $LocalAdminCredentials DomainAdminCredentials = $DomainAdminCredentials ArcNodeIds = $ArcNodeIds Tag = $Tag OutputPath = $OutputPath Force = $Force Prefix = $Prefix } Log-Info -Message "Successfully got the parameters for environment validation" -ConsoleOut Invoke-AzStackHCIEnvironmentPreparator @environmentPreparationParameters Log-Info -Message "Successfully prepared the environment for cloud deployment, triggering validation" $deploymentSettingsParameters = @{ SubscriptionID = $SubscriptionID ResourceGroup = $ResourceGroup TenantID = $TenantID Cloud = $Cloud Region = $Region RegistrationUserCredentials = $RegistrationUserCredentials ClusterName = $ClusterName ArcNodeIds = $ArcNodeIds AnswerFilePath = $AnswerFilePath Tag = $Tag OutputPath = $OutputPath Force = $Force Prefix = $Prefix } Log-Info -Message "Successfully got the parameters for deployment settings validation" -ConsoleOut Invoke-AzStackHCIEnvironmentValidator @deploymentSettingsParameters Log-Info -Message "Started polling on the environment validation status" $status = PollDeploymentSettingsStatus -SubscriptionID $SubscriptionID -ResourceGroup $ResourceGroup -TenantID $TenantID -ClusterName $ClusterName if($status){ Log-Info -Message "Environment Validation succeeded , so moving to the deployment stage" -ConsoleOut Invoke-AzStackHCIDeployment @deploymentSettingsParameters Log-Info -Message "Starting polling on the deployment action plan" $deployStatus = PollDeploymentSettingsStatus -SubscriptionID $SubscriptionID -ResourceGroup $ResourceGroup -TenantID $TenantID -ClusterName $ClusterName if($deployStatus){ Log-Info -Message "Congrats, the Azure Stack HCI cluster has been deployed successfully" } else{ Log-Info -Message "Clearing the resource group since deployment failed" Remove-AzResourceGroup -Name $ResourceGroup -Force -Verbose throw "The deployment failed, please reset the parameters and retrigger again" } } else{ throw "Deployment Failed at environment validation, please re-check the parameters and try again" } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error $cmdletFailed = $true throw $_ } finally { Disconnect-AzAccount -ErrorAction SilentlyContinue | out-null $Script:ErrorActionPreference = 'SilentlyContinue' Write-AzStackHciFooter -invocation $MyInvocation -Failed:$cmdletFailed -PassThru:$PassThru $DebugPreference = "Stop" } } function GetClusterNameFromAnswerFile { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Answer File Path")] [string] $AnswerFilePath ) try { $deploymentSettingsObject = Get-Content $AnswerFilePath | ConvertFrom-Json if ($null -eq $deploymentSettingsObject){ throw "Deployment Settings Object cannot be null" } $deploymentDataFromAnswerFile = $deploymentSettingsObject.ScaleUnits[0].DeploymentData $clusterName = $deploymentDataFromAnswerFile.Cluster.Name Log-Info -Message "Cluster Name obtained in answer file is $clusterName" -ConsoleOut if ($null -ne $clusterName) { Log-Info -Message "Cluster Name is not null, so returning clustername $clusterName" -ConsoleOut return $clusterName } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } return $null } function CreateKeyVaultAndAddSecrets { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Region used for HCI Cluster Deployment")] [string] $Region, [Parameter(Mandatory = $true, HelpMessage = "Registration user credentials for HCI cluster deployment")] [System.Management.Automation.PSCredential] $RegistrationUserCredentials, [Parameter(Mandatory = $true, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $true, HelpMessage = "Local Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $LocalAdminCredentials, [Parameter(Mandatory = $true, HelpMessage = "Cloud Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $DomainAdminCredentials, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { Log-Info -Message "Initializing the flow where the kv creation starts" -ConsoleOut $storageAccountName = GetStorageAccountName -ClusterName $ClusterName -Prefix $Prefix $KVName = GetKeyVaultName -ClusterName $ClusterName -Prefix $Prefix $storageWitnessKey = GetStorageWitnessKey -SubscriptionId $SubscriptionID -ResourceGroup $ResourceGroup -StorageAccountName $storageAccountName if ($null -eq $storageWitnessKey){ throw "Storage Witness Key is null, so cannot proceed with deployment" } Log-Info -Message "Successfully received the storage witness key for storage account $storageAccountName" -ConsoleOut $storageWitnessKeyB64Encoded = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($storageWitnessKey)) #Starting to create the spn for ARB Deployment $spnDisplayName = GetSpnName -ClusterName $ClusterName -Prefix $Prefix $servicePrincialCreds = CreateServicePrincipalForCloudDeployment -DisplayName $spnDisplayName -ResourceGroup $ResourceGroup if ($null -eq $servicePrincialCreds){ throw "Service Principal Credentials are null, so cannot proceed with deployment" } Log-Info -Message "Successfully created the service principal and the corresponding credentials to put in the kv" -ConsoleOut Log-Info -Message "Starting Key Vault Creation...." -ConsoleOut $localAdminSecret = ExtractUsernameAndPasswordFromCredential -Credential $LocalAdminCredentials if ($null -eq $localAdminSecret){ throw "Local Admin secret cannot be null, so cannot proceed with deployment" } Log-Info -Message "Successfully extracted and encoded the Local Admin Credentials" $domainAdminSecret = ExtractUsernameAndPasswordFromCredential -Credential $DomainAdminCredentials if ($null -eq $domainAdminSecret){ throw "Domain Admin secret cannot be null, so cannot proceed with deployment" } Log-Info -Message "Successfully extracted and encoded the Domain Admin Credentials" $keyVaultParameters = ReplaceKeyVaultTemplateWithActualValues -KVName $KVName -Region $Region -LocalAdminSecret $localAdminSecret -DomainAdminSecret $domainAdminSecret -ArbDeploymentSpnSecret $servicePrincialCreds -StorageWitnessKey $storageWitnessKeyB64Encoded if ($null -eq $keyVaultParameters){ throw "Key Vault parameters file could not be updated with actual values" } $deploymentIdentifier = [guid]::NewGuid().ToString().Split("-")[0] $KVDeploymentName = $KVName + "-KVDeploy" + $deploymentIdentifier $kvTemplateFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Templates\KeyVaultTemplate.json") Log-Info -Message "Key Vault Template file path $kvTemplateFilePath" -ConsoleOut $keyVaultParametersJson = $keyVaultParameters | ConvertTo-Json Log-Info -Message "Json value of key vault parameters $keyVaultParametersJson" -ConsoleOut $updatedKVParametersFilePath = (Join-Path -Path $env:TEMP -ChildPath "\KeyVaultReportedParameters.json") Set-Content -Path $updatedKVParametersFilePath -Value $keyVaultParametersJson | Out-Null New-AzResourceGroupDeployment -Name $KVDeploymentName -ResourceGroupName $ResourceGroup -TemplateFile $kvTemplateFilePath -TemplateParameterFile $updatedKVParametersFilePath -Force -Verbose $kvDeploymentStatus = Get-AzResourceGroupDeployment -ResourceGroupName $ResourceGroup -DeploymentName $KVDeploymentName if ($kvDeploymentStatus.ProvisioningState -eq "Succeeded"){ Log-Info -Message "Successfully deployed the KV with name $KVName" -ConsoleOut } else{ throw "KV Deployment Failed so not proceeding with the deployment" } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function CreateStorageAccountForCloudDeployment { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Region used for HCI Cluster Deployment")] [string] $Region, [Parameter(Mandatory = $true, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { Log-Info -Message "Starting to create the storage account for deployment" -ConsoleOut #Perform Storage Account Deployment here $storageAccountName = GetStorageAccountName -ClusterName $ClusterName -Prefix $Prefix $deploymentIdentifier = [guid]::NewGuid().ToString().Split("-")[0] $storageAccountDeploymentName = $storageAccountName + "sadeployment" + $deploymentIdentifier Log-Info -Message "Trying to create storage account with name $storageAccountName and Deployment Name $storageAccountDeploymentName" -ConsoleOut $storageAccountParameters = ReplaceStorageAccountTemplateWithActualValues -StorageAccountName $storageAccountName -Location $Region if ($null -ne $storageAccountParameters){ $storageAccountTemplateFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Templates\StorageAccountTemplate.json") Log-Info -Message "Storage Account Template File Path $storageAccountTemplateFilePath" $storageAccountParametersJson = $storageAccountParameters | ConvertTo-Json Log-Info -Message "Storage Account Parameters Converted to JSON is $storageAccountParametersJson" -ConsoleOut $updatedStorageAccountParametersFilePath = (Join-Path -Path $env:TEMP -ChildPath "\StorageAccountReportedParameters.json") Log-Info -Message "Updated Storage Account Parameters File Path is $updatedStorageAccountParametersFilePath" -ConsoleOut Set-Content -Path $updatedStorageAccountParametersFilePath -Value $storageAccountParametersJson | Out-Null New-AzResourceGroupDeployment -Name $storageAccountDeploymentName -ResourceGroupName $ResourceGroup -TemplateFile $storageAccountTemplateFilePath -TemplateParameterFile $updatedStorageAccountParametersFilePath -Force -Verbose $statusOfStorageAccountDeployment = Get-AzResourceGroupDeployment -ResourceGroupName $ResourceGroup -DeploymentName $storageAccountDeploymentName if ($statusOfStorageAccountDeployment.ProvisioningState -eq "Succeeded"){ Log-Info -Message "Storage Account $storageAccountName is created successfully" -ConsoleOut } else{ throw "Storage account deployment with name $storageAccountName and deploymentName $storageAccountDeploymentName failed" } } else{ throw "Could not replace storage account parameter template with the parameter values" } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function CreateClusterAndAssignRoles { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Region used for HCI Cluster Deployment")] [string] $Region, [Parameter(Mandatory = $true, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName ) try { # Checking if cluster is already deployed $resClusCheck = CheckIfAlreadyClusterResourceExists -ClusterName $ClusterName -ResourceGroupName $ResourceGroup if ($resClusCheck -eq [ErrorDetail]::ClusterAlreadyExists) { throw "A cluster with the same name already exists in the same resource group and is in deployed state, so cannot create the cluster again" } # Trying to create the cluster object $properties = [ResourceProperties]::new($Region, @{}) $payload = ConvertTo-Json -InputObject $properties Log-Info -Message "Payload for cluster creation is $payload" -ConsoleOut $resourceId = "/subscriptions/$SubscriptionID/resourceGroups/$ResourceGroup/providers/Microsoft.AzureStackHCI/clusters/$ClusterName" $RPAPIVersion = "2023-08-01-preview" $resourceIdApiVersion = "{0}?api-version={1}" -f $resourceId, $RPAPIVersion Log-Info -Message "Resource Id is $resourceId" -ConsoleOut $clusterResult = New-ClusterWithRetries -ResourceIdWithAPI $resourceIdApiVersion -Payload $payload if ($clusterResult -eq $false) { throw "Cluster creation with name $ClusterName failed in $Region with Resource Group $ResourceGroup" } $clusterResource = Get-AzResource -ResourceId $resourceId -ApiVersion $RPAPIVersion -ErrorAction SilentlyContinue if ($null -ne $clusterResource) { Log-Info -Message "Successfully created the cluster resource $clusterResource" -ConsoleOut #Assigning permission to the HCI first party object id on the resource group level AssignRolesToHCIResourceProvider -ResourceGroup $ResourceGroup -hciObjectId $clusterResource.Properties.resourceProviderObjectId } else { throw "Cluster creation with name $ClusterName failed in $Region with Resource Group $ResourceGroup" } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function PollDeploymentSettingsStatus { param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Tenant used for HCI Cluster Deployment")] [string] $TenantID, [Parameter(Mandatory = $true)] [string] $ClusterName ) $RPAPIVersion = "2023-08-01-preview" $deploymentSettingsResourceUri = "/subscriptions/$SubscriptionID/resourceGroups/$ResourceGroup/providers/Microsoft.AzureStackHCI/clusters/$ClusterName/deploymentSettings/default" Log-Info -Message "Deployment Settings Resource Uri is $deploymentSettingsResourceUri" -ConsoleOut $stopLoop = $false $status = $false do { $deploymentSettingsResource = Get-AzResource -ResourceId $deploymentSettingsResourceUri -ApiVersion $RPAPIVersion -Verbose Log-Info -Message "Deployment Settings Resource obtained is $deploymentSettingsResource" -ConsoleOut $provisioningState = $deploymentSettingsResource.properties.provisioningState if (("Succeeded" -eq $provisioningState) -or ("Failed" -eq $provisioningState)){ $stopLoop = $true if (("Succeeded" -eq $provisioningState)){ $status = $true } Log-Info -Message "Provisioning State has reached a terminal state, so closing the operation" } $reportedProperties = $deploymentSettingsResource.properties.reportedProperties $reportedPropertiesJson = $reportedProperties | ConvertTo-Json Log-Info -Message "Reported Properties obtained is $reportedPropertiesJson" -ConsoleOut Start-Sleep -Seconds 120 } While (-Not $stopLoop) return $status } function RegisterRequiredResourceProviders { try { Log-Info -Message "Registering required resource providers" -ConsoleOut Register-RPIfRequired -ProviderNamespace "Microsoft.HybridCompute" Register-RPIfRequired -ProviderNamespace "Microsoft.GuestConfiguration" Register-RPIfRequired -ProviderNamespace "Microsoft.HybridConnectivity" Register-RPIfRequired -ProviderNamespace "Microsoft.AzureStackHCI" Register-RPIfRequired -ProviderNamespace "Microsoft.Storage" Register-RPIfRequired -ProviderNamespace "Microsoft.KeyVault" Register-RPIfRequired -ProviderNamespace "Microsoft.ResourceConnector" Register-RPIfRequired -ProviderNamespace "Microsoft.HybridContainerService" Log-Info -Message "Successfully registered Resource Providers" -ConsoleOut } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } } function Register-RPIfRequired{ param( [string] $ProviderNamespace ) $rpState = Get-AzResourceProvider -ProviderNamespace $ProviderNamespace $notRegisteredResourcesForRP = ($rpState.Where({$_.RegistrationState -ne "Registered"}) | Measure-Object ).Count if ($notRegisteredResourcesForRP -eq 0 ) { Log-Info -Message "$ProviderNamespace RP already registered, skipping registration" -ConsoleOut } else { try { Register-AzResourceProvider -ProviderNamespace $ProviderNamespace | Out-Null Log-Info -Message "registered Resource Provider: $ProviderNamespace " -ConsoleOut } catch { Log-Info -Message -Message "Exception occured while registering $ProviderNamespace RP, $_" -ConsoleOut throw } } } function GetStorageAccountName { param ( [Parameter(Mandatory = $true)] [string] $ClusterName, [Parameter(Mandatory = $false)] [string] $Prefix ) try { $storageAccountName = $ClusterName + "sa" if ([string]::IsNullOrEmpty($Prefix)) { Log-Info -Message "Storage account name with null prefix is $storageAccountName" -ConsoleOut } else { $storageAccountName = $storageAccountName + $Prefix Log-Info -Message "Storage account name appended with prefix is $storageAccountName" -ConsoleOut } $storageAccountName = $storageAccountName -replace "[^a-zA-Z0-9]", "" $storageAccountName = $storageAccountName.ToLower() if ($storageAccountName.Length -gt 24) { $storageAccountName = $storageAccountName.Substring(0, 24) } Log-Info -Message "Storage account name is $storageAccountName" -ConsoleOut return $storageAccountName } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function GetKeyVaultName { param ( [Parameter(Mandatory = $true)] [string] $ClusterName, [Parameter(Mandatory = $false)] [string] $Prefix ) try { $KVName = $ClusterName + "-KV" if ([string]::IsNullOrEmpty($Prefix)) { Log-Info -Message "KV Name with without prefix is $KVName" -ConsoleOut } else { $KVName = $KVName + $Prefix Log-Info -Message "KV Name with unique prefix provided by user is $KVName" -ConsoleOut } $KVName = $KVName -replace "[^a-zA-Z0-9]", "" $KVName = $KVName.ToLower() if ($KVName.Length -gt 24) { $KVName = $KVName.Substring(0, 24) } Log-Info -Message "Key Vault name is $KVName" -ConsoleOut return $KVName } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function GetSpnName { param ( [Parameter(Mandatory = $true)] [string] $ClusterName, [Parameter(Mandatory = $false)] [string] $Prefix ) try { $spnDisplayName = $ClusterName + "-SPN" if ([string]::IsNullOrEmpty($Prefix)) { Log-Info -Message "Spn display name without prefix is $spnDisplayName" -ConsoleOut } else { $spnDisplayName = $ClusterName + "-SPN" + $Prefix Log-Info -Message "Spn display name with prefix is $spnDisplayName" -ConsoleOut } return $spnDisplayName } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function CheckIfKVAlreadyExists { param ( [Parameter(Mandatory = $true)] [string] $KVName, [Parameter(Mandatory = $true)] [string] $ResourceGroupName ) try { $kvAccount = Get-AzResource -Name $KVName -ResourceType "Microsoft.KeyVault/vaults" -ResourceGroupName $ResourceGroupName -ErrorAction SilentlyContinue if (($null -ne $kvAccount) -and ($null -ne $kvAccount.properties.ProvisioningState)){ $status = $kvAccount.properties.ProvisioningState if (($status -eq "Succeeded")){ Log-Info -Message "Key Vault with the same name $kvAccount exists in the Resource Group $ResourceGroupName" -ConsoleOut return [ErrorDetail]::KeyVaultAlreadyExists } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return [ErrorDetail]::NotFound } function CheckIfStorageAccountAlreadyExists { param ( [Parameter(Mandatory = $true)] [string] $StorageAccountName, [Parameter(Mandatory = $true)] [string] $ResourceGroupName ) try { $storageAccount = Get-AzResource -Name $StorageAccountName -ResourceType "Microsoft.Storage/storageAccounts" -ResourceGroupName $ResourceGroupName -ErrorAction SilentlyContinue if (($null -ne $storageAccount) -and ($null -ne $storageAccount.properties.ProvisioningState)){ $status = $storageAccount.properties.ProvisioningState if (($status -eq "Succeeded")){ Log-Info -Message "Storage Account with the same name $StorageAccountName exists in the Resource Group $ResourceGroupName" -ConsoleOut return [ErrorDetail]::StorageAccountAlreadyExists } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return [ErrorDetail]::NotFound } function CheckIfAlreadyClusterResourceExists { param ( [Parameter(Mandatory = $true)] [string] $ClusterName, [Parameter(Mandatory = $true)] [string] $ResourceGroupName ) try { $clusterResource = Get-AzResource -Name $ClusterName -ResourceType "Microsoft.AzureStackHCI/clusters" -ResourceGroupName $ResourceGroupName -ErrorAction SilentlyContinue if (($null -ne $clusterResource) -and ($null -ne $clusterResource.properties.status)){ $status = $clusterResource.properties.status if (($status -eq "ConnectedRecently") -or ($status -eq "DeploymentSuccess")){ Log-Info -Message "Cluster with the same name $ClusterName exists in the Resource Group $ResourceGroupName and is in state $state" -ConsoleOut return [ErrorDetail]::ClusterAlreadyExists } else{ Log-Info -Message "Cluster state obtained is $status" -ConsoleOut } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return [ErrorDetail]::NotFound } function GetStorageWitnessKey { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $SubscriptionId, [Parameter(Mandatory = $true)] [string] $ResourceGroup, [Parameter(Mandatory = $true)] [string] $StorageAccountName ) try { $resourceId = "/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Storage/storageAccounts/{2}" -f $SubscriptionId, $ResourceGroup, $StorageAccountName Log-Info -Message "Resource id of storage account is $resourceId" -ConsoleOut $res = Invoke-AzResourceAction -ResourceId $resourceId -Action "listKeys" -ApiVersion "2023-01-01" -Force Log-Info -Message "Successfully got the keys for the storage account $StorageAccountName" -ConsoleOut if (($null -ne $res) -and ($res.keys.Count -gt 0)){ return $res.keys[0].value } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function ReplaceDeploymentSettingsParametersTemplateWithActualValues { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [object] $deploymentSettingsObject, [Parameter(Mandatory = $true)] [string] $clusterName, [Parameter(Mandatory = $true)] [string[]] $arcNodeResourceIds, [Parameter(Mandatory = $true)] [string] $storageAccountName, [Parameter(Mandatory = $true)] [string] $secretsLocation ) try { $customLocationName = $clusterName + "-customlocation" $deploymentDataFromAnswerFile = $deploymentSettingsObject.ScaleUnits[0].DeploymentData $deploymentSettingsParameterFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Parameters\DeploymentSettingsParameters.json") $deploymentSettingsParameters = Get-Content $deploymentSettingsParameterFilePath | ConvertFrom-Json $deploymentSettingsParameters.parameters.name.value = $clusterName $deploymentSettingsParameters.parameters.arcNodeResourceIds.value = $arcNodeResourceIds $deploymentSettingsParameters.parameters.domainFqdn.value = $deploymentDataFromAnswerFile.DomainFQDN $deploymentSettingsParameters.parameters.namingPrefix.value = $deploymentDataFromAnswerFile.NamingPrefix $deploymentSettingsParameters.parameters.adouPath.value = $deploymentDataFromAnswerFile.ADOUPath $deploymentSettingsParameters.parameters.driftControlEnforced.value = $deploymentDataFromAnswerFile.SecuritySettings.DriftControlEnforced $deploymentSettingsParameters.parameters.credentialGuardEnforced.value = $deploymentDataFromAnswerFile.SecuritySettings.CredentialGuardEnforced $deploymentSettingsParameters.parameters.smbSigningEnforced.value = $deploymentDataFromAnswerFile.SecuritySettings.SMBSigningEnforced $deploymentSettingsParameters.parameters.smbClusterEncryption.value = $deploymentDataFromAnswerFile.SecuritySettings.SMBClusterEncryption $deploymentSettingsParameters.parameters.bitlockerBootVolume.value = $deploymentDataFromAnswerFile.SecuritySettings.BitlockerBootVolume $deploymentSettingsParameters.parameters.bitlockerDataVolumes.value = $deploymentDataFromAnswerFile.SecuritySettings.BitlockerDataVolumes $deploymentSettingsParameters.parameters.wdacEnforced.value = $deploymentDataFromAnswerFile.SecuritySettings.WDACEnforced $deploymentSettingsParameters.parameters.streamingDataClient.value = $deploymentDataFromAnswerFile.Observability.StreamingDataClient $deploymentSettingsParameters.parameters.euLocation.value = $deploymentDataFromAnswerFile.Observability.EULocation $deploymentSettingsParameters.parameters.episodicDataUpload.value = $deploymentDataFromAnswerFile.Observability.EpisodicDataUpload $deploymentSettingsParameters.parameters.clusterName.value = $clusterName $deploymentSettingsParameters.parameters.cloudAccountName.value = $storageAccountName $deploymentSettingsParameters.parameters.configurationMode.value = $deploymentDataFromAnswerFile.Storage.ConfigurationMode $deploymentSettingsParameters.parameters.subnetMask.value = $deploymentDataFromAnswerFile.InfrastructureNetwork.SubnetMask $deploymentSettingsParameters.parameters.defaultGateway.value = $deploymentDataFromAnswerFile.InfrastructureNetwork.Gateway $deploymentSettingsParameters.parameters.startingIPAddress.value = $deploymentDataFromAnswerFile.InfrastructureNetwork.IPPools[0].StartingAddress $deploymentSettingsParameters.parameters.endingIPAddress.value = $deploymentDataFromAnswerFile.InfrastructureNetwork.IPPools[0].EndingAddress $deploymentSettingsParameters.parameters.dnsServers.value = @($deploymentDataFromAnswerFile.InfrastructureNetwork.DNSServers) $deploymentSettingsParameters.parameters.physicalNodesSettings.value = @(GetPhysicalNodesSettingsFromAnswerFile -deploymentData $deploymentDataFromAnswerFile) $deploymentSettingsParameters.parameters.storageNetworkList.value = @(GetStorageNetworkListFromDeploymentData -deploymentData $deploymentDataFromAnswerFile) $deploymentSettingsParameters.parameters.intentList.value = @(GetNetworkIntents -deploymentData $deploymentDataFromAnswerFile) $deploymentSettingsParameters.parameters.customLocation.value = $customLocationName $deploymentSettingsParameters.parameters.secretsLocation.value = $secretsLocation Log-Info -Message "Deployment Settings Parameters Object $deploymentSettingsParameters" -ConsoleOut return $deploymentSettingsParameters } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function GetNetworkIntents { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [object] $deploymentData ) $networkIntents = @() try { $networkIntentList = $deploymentData.HostNetwork.Intents foreach ($intent in $networkIntentList) { $networkIntentInfo = New-Object -TypeName PSObject $networkIntentInfo | Add-Member -Name 'name' -MemberType Noteproperty -Value $intent.Name $networkIntentInfo | Add-Member -Name 'trafficType' -MemberType Noteproperty -Value @($intent.TrafficType) $networkIntentInfo | Add-Member -Name 'adapter' -MemberType Noteproperty -Value @($intent.Adapter) $networkIntentInfo | Add-Member -Name 'overrideVirtualSwitchConfiguration' -MemberType Noteproperty -Value $intent.OverrideVirtualSwitchConfiguration $networkIntentInfo | Add-Member -Name 'overrideQosPolicy' -MemberType Noteproperty -Value $intent.OverrideQosPolicy $networkIntentInfo | Add-Member -Name 'overrideAdapterProperty' -MemberType Noteproperty -Value $intent.overrideAdapterProperty $virtualSwitchConfigurationOverrides = New-Object -TypeName PSObject $virtualSwitchConfigurationOverrides | Add-Member -Name 'enableIov' -MemberType Noteproperty -Value $intent.VirtualSwitchConfigurationOverrides.EnableIov $virtualSwitchConfigurationOverrides | Add-Member -Name 'loadBalancingAlgorithm' -MemberType Noteproperty -Value $intent.VirtualSwitchConfigurationOverrides.LoadBalancingAlgorithm $networkIntentInfo | Add-Member -Name 'virtualSwitchConfigurationOverrides' -MemberType Noteproperty -Value $virtualSwitchConfigurationOverrides $qosPolicyOverrides = New-Object -TypeName PSObject $qosPolicyOverrides | Add-Member -Name 'priorityValue8021Action_Cluster' -MemberType Noteproperty -Value $intent.QosPolicyOverrides.PriorityValue8021Action_Cluster $qosPolicyOverrides | Add-Member -Name 'priorityValue8021Action_SMB' -MemberType Noteproperty -Value $intent.QosPolicyOverrides.PriorityValue8021Action_Cluster $qosPolicyOverrides | Add-Member -Name 'bandwidthPercentage_SMB' -MemberType Noteproperty -Value $intent.QosPolicyOverrides.BandwidthPercentage_SMB $networkIntentInfo | Add-Member -Name 'qosPolicyOverrides' -MemberType Noteproperty -Value $qosPolicyOverrides $adapterPropertyOverrides = New-Object -TypeName PSObject $adapterPropertyOverrides | Add-Member -Name 'jumboPacket' -MemberType Noteproperty -Value $intent.AdapterPropertyOverrides.JumboPacket if( ([string]::IsNullOrEmpty($intent.AdapterPropertyOverrides.NetworkDirect))) { $adapterPropertyOverrides | Add-Member -Name 'networkDirect' -MemberType Noteproperty -Value "Disabled" }else { $adapterPropertyOverrides | Add-Member -Name 'networkDirect' -MemberType Noteproperty -Value $intent.AdapterPropertyOverrides.NetworkDirect } $adapterPropertyOverrides | Add-Member -Name 'networkDirectTechnology' -MemberType Noteproperty -Value $intent.AdapterPropertyOverrides.NetworkDirectTechnology $networkIntentInfo | Add-Member -Name 'adapterPropertyOverrides' -MemberType Noteproperty -Value $adapterPropertyOverrides $networkIntents += $networkIntentInfo Log-Info -Message "Network Intent Info obtained is $networkIntentInfo" -ConsoleOut } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } Log-Info -Message "Network Intents obtained is $networkIntents" -ConsoleOut return $networkIntents } function GetStorageNetworkListFromDeploymentData { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [object] $deploymentData ) $storageNetworks = @() try { $storageNetworksList = $deploymentData.HostNetwork.StorageNetworks foreach ($network in $storageNetworksList) { $storageNetworkInfo = New-Object -TypeName psobject $storageNetworkInfo | Add-Member -Name 'name' -MemberType Noteproperty -Value $network.Name $storageNetworkInfo | Add-Member -Name 'networkAdapterName' -MemberType Noteproperty -Value $network.NetworkAdapterName $storageNetworkInfo | Add-Member -Name 'vlanId' -MemberType Noteproperty -Value $network.VlanId.ToString() $storageNetworks += $storageNetworkInfo Log-Info -Message "Storage Network Setting Info is $storageNetworkInfo" -ConsoleOut } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } Log-Info -Message "Storage Network Settings Obtained is $storageNetworks" -ConsoleOut return $storageNetworks } function GetPhysicalNodesSettingsFromAnswerFile { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [object] $deploymentData ) $physicalNodeSettings = @() try { $physicalNodesData = $deploymentData.PhysicalNodes foreach ($settings in $physicalNodesData) { $physicalNodeInfo = New-Object -TypeName psobject $physicalNodeInfo | Add-Member -Name 'name' -MemberType Noteproperty -Value $settings.Name $physicalNodeInfo | Add-Member -Name 'ipv4Address' -MemberType Noteproperty -Value $settings.Ipv4Address $physicalNodeSettings += $physicalNodeInfo Log-Info -Message "Physical Node Ip info is $physicalNodeInfo" -ConsoleOut } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } Log-Info -Message "Physical Node Settings obtained is $physicalNodeSettings" -ConsoleOut return $physicalNodeSettings } function AssignPermissionsToArcMachines { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string[]] $ArcMachineIds, [Parameter(Mandatory = $true)] [string] $ResourceGroup ) try { ForEach ($arcMachineUri in $ArcMachineIds) { $objectId = GetArcMachineObjectId -ArcMachineUri $arcMachineUri if ($null -ne $objectId) { $setHCIRegistrationRoleResult = PerformObjectRoleAssignmentWithRetries -ObjectId $objectId -RoleName "Azure Stack HCI registration role" -ResourceGroup $ResourceGroup -Verbose if ($setHCIRegistrationRoleResult -ne [ErrorDetail]::Success) { Log-Info -Message "Failed to assign the Azure Stack HCI registration role on the resource group" -ConsoleOut -Type Error } else { Log-Info -Message "Successfully assigned the Azure Stack HCI registration role on the resource group" -ConsoleOut } $keyVaultSecretsUserRoleResult = PerformObjectRoleAssignmentWithRetries -ObjectId $objectId -RoleName "Key Vault Secrets User" -ResourceGroup $ResourceGroup -Verbose if ($keyVaultSecretsUserRoleResult -ne [ErrorDetail]::Success) { Log-Info -Message "Failed to assign the Key Vault Secrets User role on the resource group" -ConsoleOut -Type Error } else { Log-Info -Message "Successfully assigned the Key Vault Secrets User role on the resource group" -ConsoleOut } } else{ Log-Info -Message "HCI Object Id is null, so could not assign the required permissions the HCI RP on the RG" -Type Error -ConsoleOut } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function GetArcMachineObjectId { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string] $ArcMachineUri ) try { Log-Info -Message "Arc Machine Uri $ArcMachineUri" -ConsoleOut $arcResource = Get-AzResource -ResourceId $ArcMachineUri $objectId = $arcResource.Identity.PrincipalId Log-Info -Message "Successfully got Object Id for Arc Installation $objectId" -ConsoleOut return $objectId } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } return $null } function ReplaceKeyVaultTemplateWithActualValues { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $KVName, [Parameter(Mandatory = $true)] [string] $Region, [Parameter(Mandatory = $true)] [string] $LocalAdminSecret, [Parameter(Mandatory = $true)] [string] $DomainAdminSecret, [Parameter(Mandatory = $true)] [string] $ArbDeploymentSpnSecret, [Parameter(Mandatory = $true)] [string] $StorageWitnessKey ) try { Log-Info -Message "Starting to change the parameters of the key vault parameyters template" -ConsoleOut $keyVaultParameterFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Parameters\KeyVaultParameters.json") $keyVaultParameters = Get-Content $keyVaultParameterFilePath | ConvertFrom-Json Log-Info -Message "Successfully got the template file for the key vault parameters" -ConsoleOut $keyVaultParameters.parameters.keyVaultName.value = $KVName $keyVaultParameters.parameters.location.value = $Region $keyVaultParameters.parameters.localAdminSecretValue.value = $LocalAdminSecret $keyVaultParameters.parameters.domainAdminSecretValue.value = $DomainAdminSecret $keyVaultParameters.parameters.arbDeploymentSpnValue.value = $ArbDeploymentSpnSecret $keyVaultParameters.parameters.storageWitnessValue.value = $StorageWitnessKey Log-Info -Message "Successfully updated the key vault parameters file with the actual values" -ConsoleOut return $keyVaultParameters } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function CreateServicePrincipalForCloudDeployment { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $DisplayName, [Parameter(Mandatory = $true)] [string] $ResourceGroup ) try { $servicePrincipal = New-AzADServicePrincipal -DisplayName $DisplayName $AADApp = Get-AzADApplication -ApplicationId $servicePrincipal.AppId Log-Info -Message "Created a spn with the appId $AADApp" -ConsoleOut $PasswordCedentials = @{ StartDateTime = Get-Date EndDateTime = (Get-Date).AddDays(90) DisplayName = ("Secret auto-rotated on: " + (Get-Date).ToUniversalTime().ToString("yyyy'-'MM'-'dd")) } $servicePrincipalSecret = New-AzADAppCredential -ApplicationObject $AADApp -PasswordCredentials $PasswordCedentials $servicePrincipalSecretTest = $servicePrincipalSecret.SecretText Log-Info -Message "Successfully created a service principal secret for the app $AADApp" -ConsoleOut $spnCredentialForArb = $servicePrincipal.AppId + ":" + $servicePrincipalSecretTest $base64EncodedSpnCredential = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($spnCredentialForArb)) Log-Info -Message "The base 64 encoded spn credential for deployment is created successfully" -ConsoleOut Log-Info -Message "Trying to assign permission to the SPN" -ConsoleOut AssignPermissionToSPN -spnObjectId $servicePrincipal.Id -ResourceGroup $ResourceGroup return $base64EncodedSpnCredential } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function ReplaceStorageAccountTemplateWithActualValues { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $StorageAccountName, [Parameter(Mandatory = $true)] [string] $Location ) try { $storageAccountParameterFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Parameters\StorageAccountParameters.json") Log-Info -Message "Storage Account Parameters File Path $storageAccountParameterFilePath" -ConsoleOut $storageAccountParameters = Get-Content $storageAccountParameterFilePath | ConvertFrom-Json $storageAccountParameters.parameters.cloudDeployStorageAccountName.value = $StorageAccountName $storageAccountParameters.parameters.location.value = $Location Log-Info -Message "Successfully replaced the storage account name in the parameters file" -ConsoleOut return $storageAccountParameters } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function ExtractUsernameAndPasswordFromCredential { [CmdletBinding()] param ( [System.Management.Automation.PSCredential] $Credential ) try { $secretName = $Credential.GetNetworkCredential().UserName $secretValue = $Credential.GetNetworkCredential().Password Log-Info -Message "Successfully extracted the secret Name $secretName and the secret Value from the Credential Object" -ConsoleOut $KVSecret = $secretName + ":" + $secretValue $base64EncodedKVSecret = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($KVSecret)) Log-Info -Message "Successfully base 64 encoded the secret $secretName " return $base64EncodedKVSecret } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function AssignPermissionToSPN { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $ResourceGroup, [Parameter(Mandatory = $true)] [string] $spnObjectId ) try { if ($null -ne $spnObjectId) { $arcManagerRoleStatus = PerformObjectRoleAssignmentWithRetries -ObjectId $spnObjectId -RoleName "User Access Administrator" if ($arcManagerRoleStatus -ne [ErrorDetail]::Success) { Log-Info -Message "Failed to assign User Access administrator role on the resource group for the SPN" -ConsoleOut -Type Error } else { Log-Info -Message "Successfully assigned the Access administrator role on the resource group for the SPN" -ConsoleOut } $arcContributorRoleStatus = PerformObjectRoleAssignmentWithRetries -ObjectId $spnObjectId -RoleName "contributor" if ($arcContributorRoleStatus -ne [ErrorDetail]::Success) { Log-Info -Message "Failed to assign User Contributor role on the resource group for the SPN" -ConsoleOut -Type Error } else { Log-Info -Message "Successfully assigned the Contributor role on the resource group for the SPN" -ConsoleOut } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } } function AssignRolesToHCIResourceProvider { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $ResourceGroup, [Parameter(Mandatory = $true)] [string] $hciObjectId ) try { if ($null -ne $hciObjectId) { $arcManagerRoleStatus = PerformObjectRoleAssignmentWithRetries -ObjectId $hciObjectId -RoleName "Azure Connected Machine Resource Manager" -ResourceGroup $ResourceGroup if ($arcManagerRoleStatus -ne [ErrorDetail]::Success) { Log-Info -Message "Failed to assign the Azure Connected Machine Resource Nanager role on the resource group" -ConsoleOut -Type Error } else { Log-Info -Message "Successfully assigned the Azure Connected Machine Resource Nanager role on the resource group" -ConsoleOut } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } } function PerformObjectRoleAssignmentWithRetries { param( [String] $ObjectId, [String] $ResourceGroup, [string] $RoleName ) $stopLoop = $false [int]$retryCount = "0" [int]$maxRetryCount = "5" Log-Info -Message $"Checking if $RoleName is assigned already for SPN with Object ID: $ObjectId" -ConsoleOut if( [string]::IsNullOrEmpty($ResourceGroup)) { $arcSPNRbacRoles = Get-AzRoleAssignment -ObjectId $ObjectId } else { $arcSPNRbacRoles = Get-AzRoleAssignment -ObjectId $ObjectId -ResourceGroupName $ResourceGroup } $alreadyFoundRole = $false $arcSPNRbacRoles | ForEach-Object { $roleFound = $_.RoleDefinitionName if ($roleFound -eq $RoleName) { $alreadyFoundRole = $true Log-Info -Message $"Already Found $RoleName Not Assigning" -ConsoleOut } } if ( -not $alreadyFoundRole) { Log-Info -Message "Assigning $RoleName to Object : $ObjectId" -ConsoleOut do { try { if( [string]::IsNullOrEmpty($ResourceGroup)) { New-AzRoleAssignment -ObjectId $ObjectId -RoleDefinitionName $RoleName | Out-Null } else { New-AzRoleAssignment -ObjectId $ObjectId -ResourceGroupName $ResourceGroup -RoleDefinitionName $RoleName | Out-Null } Log-Info -Message $"Sucessfully assigned $RoleName to Object Id $ObjectId" -ConsoleOut $stopLoop = $true } catch { # 'Conflict' can happen when either the RoleAssignment already exists or the limit for number of role assignments has been reached. if ($_.Exception.Response.StatusCode -eq 'Conflict') { if( [string]::IsNullOrEmpty($ResourceGroup)) { $roleAssignment = Get-AzRoleAssignment -ObjectId $ObjectId -RoleDefinitionName $RoleName } else { $roleAssignment = Get-AzRoleAssignment -ObjectId $ObjectId -ResourceGroupName $ResourceGroup -RoleDefinitionName $RoleName } if ($null -ne $roleAssignment) { Log-Info -Message $"Sucessfully assigned $RoleName to Object Id $ObjectId" -ConsoleOut return [ErrorDetail]::Success } Log-Info -Message $"Failed to assign roles to service principal with object Id $($ObjectId). ErrorMessage: " + $_.Exception.Message + " PositionalMessage: " + $_.InvocationInfo.PositionMessage -ConsoleOut -Type Error return [ErrorDetail]::PermissionsMissing } if ($retryCount -ge $maxRetryCount) { # Timed out. Log-Info -Message $"Failed to assign roles to service principal with object Id $($ObjectId). ErrorMessage: " + $_.Exception.Message + " PositionalMessage: " + $_.InvocationInfo.PositionMessage -ConsoleOut -Type Error return [ErrorDetail]::PermissionsMissing } Log-Info -Message $"Could not assign roles to service principal with Object Id $($ObjectId). Retrying in 10 seconds..." -ConsoleOut Start-Sleep -Seconds 10 $retryCount = $retryCount + 1 } } While (-Not $stopLoop) } return [ErrorDetail]::Success } function CreateResourceGroupIfNotExists { param ( [Parameter(Mandatory = $true)] [string] $ResourceGroupName, [Parameter(Mandatory = $true)] [string] $Region ) try { # Check if the resource group exists $existingResourceGroup = Get-AzResourceGroup -Name $ResourceGroupName -ErrorAction SilentlyContinue if (([string]::IsNullOrEmpty($existingResourceGroup)) -or ([string]::IsNullOrEmpty($existingResourceGroup.ResourceGroupName))) { # Resource group doesn't exist, create it Log-Info -Message "$ResourceGroupName does not exist, creating it" -ConsoleOut New-AzResourceGroup -Name $ResourceGroupName -Location $Region -Force | Out-Null Log-info -Message "Created the resource group $ResourceGroupName" -ConsoleOut } else { # Resource group already exists Log-Info -Message "The resource group '$ResourceGroupName' already exists." -ConsoleOut } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } } function CheckIfScriptIsRunByAdministrator { try { $user = [System.Security.Principal.WindowsIdentity]::GetCurrent() # Get the Windows Principal for the current user $principal = New-Object System.Security.Principal.WindowsPrincipal($user) # Check if the user is in the Administrator role $is_admin = $principal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator) if ($is_admin) { Log-Info -Message "User has administrator access" -ConsoleOut return $is_admin } Log-Info -Message "User is not running the script in administrator mode" -ConsoleOut return $is_admin } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } } function New-ClusterWithRetries { param( [String] $ResourceIdWithAPI, [String] $Payload ) $stopLoop = $false [int]$retryCount = "0" [int]$maxRetryCount = "10" do { $response = Invoke-AzRestMethod -Path $ResourceIdWithAPI -Method PUT -Payload $Payload if (($response.StatusCode -ge 200) -and ($response.StatusCode -lt 300)) { $stopLoop = $true return $true } if ($retryCount -ge $maxRetryCount) { # Timed out. Log-Info -Message "Failed to create ARM resource representing the cluster. StatusCode: {0}, ErrorCode: {1}, Details: {2}" -f $response.StatusCode, $response.ErrorCode, $response.Content -Type Error -ConsoleOut return $false } Log-Info -Message "Failed to create ARM resource representing the cluster. Retrying in 10 seconds..." -Type Error -ConsoleOut Start-Sleep -Seconds 10 $retryCount = $retryCount + 1 } While (-Not $stopLoop) return $true } class Identity { [string] $type = "SystemAssigned" } class ResourceProperties { [string] $location [object] $properties [Identity] $identity = [Identity]::new() ResourceProperties ( [string] $location, [object] $properties ) { $this.location = $location $this.properties = $properties } } enum ErrorDetail { Unused; PermissionsMissing; Success; NodeAlreadyArcEnabled; NotFound; ClusterAlreadyExists; ConnectedRecently; DeploymentSuccess; StorageAccountAlreadyExists; KeyVaultAlreadyExists; EnvironmentValidationFailed } Export-ModuleMember -Function Invoke-AzStackHCIDeployment Export-ModuleMember -Function Invoke-AzStackHCIEnvironmentValidator Export-ModuleMember -Function Invoke-AzStackHCIEnvironmentPreparator Export-ModuleMember -Function Invoke-AzStackHCIFullDeployment Export-ModuleMember -Function PollDeploymentSettingsStatus # SIG # Begin signature block # MIIoOAYJKoZIhvcNAQcCoIIoKTCCKCUCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCDThwAIuCgfmlb # bBPQ+y6rPM7VcBvgCCW+i55AevIsG6CCDYUwggYDMIID66ADAgECAhMzAAADTU6R # phoosHiPAAAAAANNMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMwMzE2MTg0MzI4WhcNMjQwMzE0MTg0MzI4WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDUKPcKGVa6cboGQU03ONbUKyl4WpH6Q2Xo9cP3RhXTOa6C6THltd2RfnjlUQG+ # Mwoy93iGmGKEMF/jyO2XdiwMP427j90C/PMY/d5vY31sx+udtbif7GCJ7jJ1vLzd # j28zV4r0FGG6yEv+tUNelTIsFmmSb0FUiJtU4r5sfCThvg8dI/F9Hh6xMZoVti+k # bVla+hlG8bf4s00VTw4uAZhjGTFCYFRytKJ3/mteg2qnwvHDOgV7QSdV5dWdd0+x # zcuG0qgd3oCCAjH8ZmjmowkHUe4dUmbcZfXsgWlOfc6DG7JS+DeJak1DvabamYqH # g1AUeZ0+skpkwrKwXTFwBRltAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUId2Img2Sp05U6XI04jli2KohL+8w # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMDUxNzAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # ACMET8WuzLrDwexuTUZe9v2xrW8WGUPRQVmyJ1b/BzKYBZ5aU4Qvh5LzZe9jOExD # YUlKb/Y73lqIIfUcEO/6W3b+7t1P9m9M1xPrZv5cfnSCguooPDq4rQe/iCdNDwHT # 6XYW6yetxTJMOo4tUDbSS0YiZr7Mab2wkjgNFa0jRFheS9daTS1oJ/z5bNlGinxq # 2v8azSP/GcH/t8eTrHQfcax3WbPELoGHIbryrSUaOCphsnCNUqUN5FbEMlat5MuY # 94rGMJnq1IEd6S8ngK6C8E9SWpGEO3NDa0NlAViorpGfI0NYIbdynyOB846aWAjN # fgThIcdzdWFvAl/6ktWXLETn8u/lYQyWGmul3yz+w06puIPD9p4KPiWBkCesKDHv # XLrT3BbLZ8dKqSOV8DtzLFAfc9qAsNiG8EoathluJBsbyFbpebadKlErFidAX8KE # usk8htHqiSkNxydamL/tKfx3V/vDAoQE59ysv4r3pE+zdyfMairvkFNNw7cPn1kH # Gcww9dFSY2QwAxhMzmoM0G+M+YvBnBu5wjfxNrMRilRbxM6Cj9hKFh0YTwba6M7z # ntHHpX3d+nabjFm/TnMRROOgIXJzYbzKKaO2g1kWeyG2QtvIR147zlrbQD4X10Ab # rRg9CpwW7xYxywezj+iNAc+QmFzR94dzJkEPUSCJPsTFMIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGgkwghoFAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAANNTpGmGiiweI8AAAAA # A00wDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIOuZ # z1gPlp0tZI9GZMe7t81PUluYzTUfmOIKKu1llX/bMEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAVMO5VzF/f+JRqmqzmmi2MJSdZgc/F0A4V7HX # 45dbrArl6634SWjhqE3ivqXV0pccc6EB4tTBLDUyDA/OD5GzFkwwV2uB9sVADttr # kn3cxqfrsXCEdw+InbDW2TrzUJg3fBP/qSMAhatwp5Tfxm1VfmRJEcjbUMhDkn5D # cufRu7NBewwHD1olU0msT1RAze14PnblxPoYWLATaGdwWdqcTnG7wKcQptExFKEv # MBPGtcEuDR/zhgMQVHbJO86KhwYaN1Yu0aY6GrWFx+N4fQyT267IuZqH8jgHxk7P # NLSk0eOGpFNoujBIokVSOVd8qCaf7LXeRxBXAN+ipOwdfr/+haGCF5MwghePBgor # BgEEAYI3AwMBMYIXfzCCF3sGCSqGSIb3DQEHAqCCF2wwghdoAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCBJqslGNCnVFkELJ8500ZNp446I9eH+QJ2C # bWqqYBBitwIGZSis3cl/GBMyMDIzMTAyMDEyMzUxNi4yOTJaMASAAgH0oIHRpIHO # MIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQL # ExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxk # IFRTUyBFU046RTAwMi0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1l # LVN0YW1wIFNlcnZpY2WgghHpMIIHIDCCBQigAwIBAgITMwAAAdmcXAWSsINrPgAB # AAAB2TANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MDAeFw0yMzA2MDExODMyNThaFw0yNDAyMDExODMyNThaMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046RTAwMi0w # NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Uw # ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDV6SDN1rgY2305yLdCdUNv # HCEE4Z0ucD6CKvL5lA7HM81SMkW36RU77UaBL9PScviqfVzE2r2pRbRMtDBMwEx1 # iaizV2EZsNGGuzeR3XNYObQvJVLaCiBktAZdq75BNFIil+SfdpXgKzVQZiDBJDN5 # 0WCADNrrb48Z4Z7/KvyzaD4Gb+aZeCioB2Gg1m53d+6pUTBc3WO5xHZi/rrI/Xdn # hiE6/bspjpU5aufClIDx0QDq1QRw04adrKhcDWyGL3SaBp/hjN+4JJU7KzvsKWZV # dTuXPojnaTwWcHdEGfzxiaF30zd8SY4YRUcMGPOQORH1IPwkwwlqQkc0HBkJCQzi # aXY/IpgMRw/XP4Uv+JBJ8RZGKZN1zRPWT9d5vHGUSmX3m77RKoCfkgSJifIiQi6F # c0OYKS6gZOA7nd4t+liArr9niqeC/UcNOuVrcVC4CbkwfJ2eHkaWh18sUt3UD8QH # YLQwn95P+Hm8PZJigr1SRLcsm8pOPee7PBbndI/VeKJsmQdjek2aFO9VGnUtzDDB # owlhXshswZMMkLJ/4jUzQmUBfm+JAH1516E+G02wS7NgzMwmpHWCmAaFdd7DyJIq # Ga6bcZrR7QALdkwIhVQDgzZAuNxqwvh4Ia4ZI5Voyj4b7zWAhmurpwpMpijz+iee # Wwf6ZdmysRjR/yZ6UXmGawIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFBw6wSlTZ6gF # Xl05w/s3Ga1f51wnMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8G # A1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv # Y3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBs # BggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy # MDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUH # AwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQAqNtVYLO61TMuI # anC7clt0i+XRRbHwnwNo05Q3s4ppFtd4nCmB/TJPDJ6uvEryxs0vw5Y+jQwUiKnh # l2VGGwIq0pWDIuaW4ppMV1pYQfJ6dtBGkRiTP1eKVvARYZMRaITe9ZhwJJnYP83p # MxHCxaEsZC4ilY3/55dqd4ZXTCz/cpG5anmDartnWmgysygNstTwbWJJRj85gYRk # jxi/nxKAiEFxl6GfkcnXVy8DRFQj1d3AiqsePoeIzxu1iuAJRwDrfe4NnKHqoTgW # sv7eCWJnWjWWRt7RRGrpvzLQo/BxUb8i49UwRg9G5bxpd5Su1b224Gv6G1HRU+qJ # HB1zoe41D2r/ic2BPousV9neYK5qI5PHLshAn6YTQllbV9pCbOUvZO0dtdwp5HH2 # fw6ofJNwKcPElaqkEcxvrhhRWqwNgaEVTyIV4jMc8jPbx2Nh9zAztnb9NfnDFOE+ # /gF8cZqTa/T65TGNP3uMiP3gr8nIXQ2IRwMVUoLmGu2qfmhDoews3dcvk6s1aA6m # XHw+MANEIDKKjw3i2G6JtZkEemu1OXtskg/tGnfywaMgq5CauU9b6enTtA+UE+GK # nmiQW6YUHPhBI0L2QG76TRBre5PpNVHiyc/01bjUEMpeaB+InAH4nDxYXx18wbJE # +e/IbMv0147EFL792dELF0XwqqcU0TCCB3EwggVZoAMCAQICEzMAAAAVxedrngKb # SZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmlj # YXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIy # NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE # AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXI # yjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjo # YH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1y # aa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v # 3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pG # ve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viS # kR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYr # bqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlM # jgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSL # W6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AF # emzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIu # rQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIE # FgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWn # G1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEW # M2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5 # Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBi # AEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV # 9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3Js # Lm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAx # MC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2 # LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv # 6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZn # OlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1 # bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4 # rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU # 6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDF # NLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/ # HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdU # CbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKi # excdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTm # dHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZq # ELQdVTNYs6FwZvKhggNMMIICNAIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJp # Y2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOkUwMDItMDVF # MC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMK # AQEwBwYFKw4DAhoDFQDiHEW6Ca3n5BgZV/tQ/fCR09Tf96CBgzCBgKR+MHwxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jv # c29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA6NxliDAi # GA8yMDIzMTAyMDAyMzM0NFoYDzIwMjMxMDIxMDIzMzQ0WjBzMDkGCisGAQQBhFkK # BAExKzApMAoCBQDo3GWIAgEAMAYCAQACATwwBwIBAAICFpwwCgIFAOjdtwgCAQAw # NgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgC # AQACAwGGoDANBgkqhkiG9w0BAQsFAAOCAQEAgwLsk4h4z6MHCQyYCCl8Tsfxfnxf # EysR+OnUdKa/0YtH0a8dSAEIaTFaSR+bdOLZsgIo1fZaHOr2OuemW0IYvec3f+ZW # DrkU77qH9o4YypqTyFr4PiJCfFubQYUla7nWM5jnpyx3BbNQB6gvf1kq+XtdcPPN # g6vETcxb4C+cZIKk2s5LnwSUBqI8tobxI93bfDXsn/xJkb4dv7lgxl1RORqWD13S # bp/bGIZiHB9bDpdj1aAWAv02hNvDlJZEpQvHjqrD3j7kwyWZdjPOaXB4N5X2EYqh # WoW3siWJ4o3mkypSLFb/x3tEXLQleXK05gHFFVPyDevNd+IJ0SttxnB1ejGCBA0w # ggQJAgEBMIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # JjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB2Zxc # BZKwg2s+AAEAAAHZMA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYL # KoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEINK/QDIIcOCcpLfy0PjPimj3ODEM # fIYZAVwkHrwaRSRuMIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgn6AVsi06 # b9QwMCcRPNsl7S7QNZ3YyCmBvRJxtCAHefMwgZgwgYCkfjB8MQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGlt # ZS1TdGFtcCBQQ0EgMjAxMAITMwAAAdmcXAWSsINrPgABAAAB2TAiBCAakyxR7EFi # b58+fHJyEvtxY4XziwHDZThLVzQN1QJO7zANBgkqhkiG9w0BAQsFAASCAgC0CKWP # vjxSF+h58xOdecKKSwrLgFFu73/eGAuHoIa+pUyJqXVdVCswcqZW3LsDYii/ds9a # jAauQfKvl3rt2QC6Z9ar3j99fi4w/7Hxbubk7bGs5w18hSLhhuOV4RfxGQtuSZCn # 7hcI0eyLhEi9weTZEYH0PF4i7+KDf3cetJFhVSi6Sh0jptitNSdK3fASELrAn3VD # d6UR5y8dTkF5vZoFS4zHEXeVufjXdbMMGP7p2844q1/AmfqHIX+pJwiV9Mq4ytFr # MGbLUVkif8vROgOtz5rNziYXJBkuqwpOUtfqbRyAeCPE6U1Mn3x1VICbU4i15RHn # uvh4RKXMXcL4trEZvaHkU9TefLrHqjBASaqLlrwL5TrFRQjP80CMGLAmUGr3s4mk # Ys0iq/D0W1Qtl02foy+7MCU2NwUXldmIkpwH+WDlppF8Ex0n69Fncxxv5i7XAjyy # l4zOEZz9da/Q07Jshz78ioVvgNI4KoQ/hPchXLf3BbK/R3pVl5Lb5PYFZaYmqyYP # SLA3H1tDD3yK7zThpbwdhz9QHiVWdpw75XyC+qru0gxrgoc7O+uJCFoaSDUbVoKG # sGEv1Mio/92QzSpDDZA/gc/urhbjwEZPMu9rz/mnwN4RhRiiPO1kNs3eNCgg2tDH # sGOtS4BEjwyR96xJN6hZ/1nstcdDLoZOhrTOtA== # SIG # End signature block |