AzSHCI.CloudDeploymentTool.psm1
|
<#############################################################
# # # Copyright (C) Microsoft Corporation. All rights reserved. # # # #############################################################> Import-Module $PSScriptRoot\Classes\reporting.psm1 -Force -DisableNameChecking -Global function Invoke-AzStackHCIEnvironmentPreparator { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Tenant used for HCI Cluster Deployment")] [string] $TenantID, # AzureCloud , AzureUSGovernment , AzureChinaCloud [Parameter(Mandatory = $true, HelpMessage = "Azure Cloud type used for HCI Cluster Deployment. Valid values are : AzureCloud , AzureUSGovernment , AzureChinaCloud")] [string] $Cloud, [Parameter(Mandatory = $true, HelpMessage = "Azure Region used for HCI Cluster Deployment")] [string] $Region, [Parameter(Mandatory = $true, HelpMessage = "Registration user credentials for HCI cluster deployment")] [System.Management.Automation.PSCredential] $RegistrationUserCredentials, [Parameter(Mandatory = $false, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $true, HelpMessage = "Local Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $LocalAdminCredentials, [Parameter(Mandatory = $true, HelpMessage = "Cloud Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $DomainAdminCredentials, [Parameter(Mandatory = $true, HelpMessage = "Arc Node ids required for cloud based deployment")] [string[]] $ArcNodeIds, [Parameter(Mandatory = $false, HelpMessage = "Return PSObject result.")] [System.Collections.Hashtable] $Tag, [Parameter(Mandatory = $false, HelpMessage = "Directory path for log and report output")] [string]$OutputPath, [Parameter(Mandatory = $false)] [Switch] $Force, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { $script:ErrorActionPreference = 'Stop' $ProgressPreference = 'SilentlyContinue' $DebugPreference = "Continue" Set-AzStackHciOutputPath -Path $OutputPath if(CheckIfScriptIsRunByAdministrator){ Log-Info -Message "Script is run as administrator, so enabling" [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072; } else{ throw "This script should be executed in administrator mode or above" } Log-Info -Message "Trying to connect using registration user credentials" Connect-AzAccount -Subscription $SubscriptionID -Tenant $TenantID -Credential $RegistrationUserCredentials | Out-Null Log-Info -Message "Successfully connected using the registration user credentials" if ($null -eq $ClusterName) { Log-Info -Message "Obtained cluster name is null, so getting the cluster Name from the answer file" -ConsoleOut $ClusterName = GetClusterNameFromAnswerFile -AnswerFilePath $AnswerFilePath Log-Info -Message "Obtained cluster name from answer file is $ClusterName" -ConsoleOut } Log-Info -Message "Starting AzStackHci Deployment Initialization" -ConsoleOut CreateResourceGroupIfNotExists -ResourceGroupName $ResourceGroup -Region $Region Log-Info -Message "Registering Resource providers step" -ConsoleOut RegisterRequiredResourceProviders Log-Info -Message "Creating cluster and assigning permissions for ARC machines" -ConsoleOut CreateClusterAndAssignRoles -SubscriptionID $SubscriptionID -ResourceGroup $ResourceGroup -Region $Region -ClusterName $ClusterName Log-Info -Message "Creating storage cloud for witness" -ConsoleOut CreateStorageAccountForCloudDeployment -ResourceGroup $ResourceGroup -Region $Region -ClusterName $ClusterName -Prefix $Prefix Log-Info -Message "Creating key vault and adding the secrets" CreateKeyVaultAndAddSecrets -SubscriptionID $SubscriptionID -ResourceGroup $ResourceGroup -Region $Region -RegistrationUserCredentials $RegistrationUserCredentials -LocalAdminCredentials $LocalAdminCredentials -DomainAdminCredentials $DomainAdminCredentials -ClusterName $ClusterName -Prefix $Prefix Log-Info -Message "Trying to assign the rbac permissions on the Arc Machines" -ConsoleOut AssignPermissionsToArcMachines -ArcMachineIds $ArcNodeIds -ResourceGroup $ResourceGroup Log-Info -Message "Successfully assigned the rbac permission on the Arc Machines" -ConsoleOut Log-Info -Message "Successfully prepared the environment with cluster, storage account and kv" -ConsoleOut } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error $cmdletFailed = $true throw $_ } finally { Disconnect-AzAccount -ErrorAction SilentlyContinue | out-null $Script:ErrorActionPreference = 'SilentlyContinue' Write-AzStackHciFooter -invocation $MyInvocation -Failed:$cmdletFailed -PassThru:$PassThru $DebugPreference = "Stop" } } function Invoke-AzStackHCIEnvironmentValidator { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Tenant used for HCI Cluster Deployment")] [string] $TenantID, [Parameter(Mandatory = $true, HelpMessage = "Registration user credentials for HCI cluster deployment")] [System.Management.Automation.PSCredential] $RegistrationUserCredentials, [Parameter(Mandatory = $false, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $true, HelpMessage = "Arc Node ids required for cloud based deployment")] [string[]] $ArcNodeIds, [Parameter(Mandatory = $true, HelpMessage = "Answer file path required for deployment")] [string] $AnswerFilePath, [Parameter(Mandatory = $false, HelpMessage = "Return PSObject result.")] [System.Collections.Hashtable] $Tag, [Parameter(Mandatory = $false, HelpMessage = "Directory path for log and report output")] [string]$OutputPath, [Parameter(Mandatory = $false)] [Switch] $Force, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { $script:ErrorActionPreference = 'Stop' $ProgressPreference = 'SilentlyContinue' $DebugPreference = "Continue" Set-AzStackHciOutputPath -Path $OutputPath if(CheckIfScriptIsRunByAdministrator){ Log-Info -Message "Script is run as administrator, so enabling" [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072; } else{ throw "This script should be executed in administrator mode or above" } Log-Info -Message "Trying to connect using registration user credentials" Connect-AzAccount -Subscription $SubscriptionID -Tenant $TenantID -Credential $RegistrationUserCredentials | Out-Null Log-Info -Message "Successfully connected using the registration user credentials" if ($null -eq $ClusterName) { Log-Info -Message "Obtained cluster name is null, so getting the cluster Name from the answer file" -ConsoleOut $ClusterName = GetClusterNameFromAnswerFile -AnswerFilePath $AnswerFilePath Log-Info -Message "Obtained cluster name from answer file is $ClusterName" -ConsoleOut } Log-Info -Message "Starting Deployment Settings Validation Operation" -ConsoleOut $storageAccountName = GetStorageAccountName -ClusterName $ClusterName -Prefix $Prefix $KVName = GetKeyVaultName -ClusterName $ClusterName -Prefix $Prefix $deploymentSettingsObject = Get-Content $AnswerFilePath | ConvertFrom-Json if ($null -eq $deploymentSettingsObject){ throw "Deployment Settings Object cannot be null" } Log-Info -Message "Deployment Settings Object obtained is $deploymentSettingsObject" -ConsoleOut $kvResource = Get-AzResource -Name $KVName -ResourceType "Microsoft.KeyVault/vaults" -ResourceGroupName $ResourceGroup $kvVaultUri = $kvResource.Properties.vaultUri Log-Info -Message "Key Vault Uri obtained is $kvVaultUri" -ConsoleOut # Will Trigger Validate first $deploymentSettingsParameters = ReplaceDeploymentSettingsParametersTemplateWithActualValues -deploymentSettingsObject $deploymentSettingsObject -clusterName $ClusterName -arcNodeResourceIds $ArcNodeIds -storageAccountName $storageAccountName -secretsLocation $kvVaultUri if ($null -eq $deploymentSettingsParameters){ throw "Deployment Settings Parameters cannot be null" } $deploymentSettingsParameters.parameters.deploymentMode.value = "Validate" Log-Info -Message "Deployment settings parameters obtained is $deploymentSettingsParameters" -ConsoleOut $deploymentSettingsParametersJson = $deploymentSettingsParameters | ConvertTo-Json -Depth 100 Log-Info -Message "Deployment Settings Parameters to json is $deploymentSettingsParametersJson" -ConsoleOut $updatedDeploymentSettingsParametersFilePath = (Join-Path -Path $env:TEMP -ChildPath "\DeploymentSettingsReportedPropertiesValidate.json") Log-Info -Message "Updated Deployment Settings Parameters File Path $updatedDeploymentSettingsParametersFilePath" -ConsoleOut Set-Content -Path $updatedDeploymentSettingsParametersFilePath -Value $deploymentSettingsParametersJson | Out-Null $deploymentSettingsTemplateFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Templates\DeploymentSettingsTemplate.json") $deploymentIdentifier = [guid]::NewGuid().ToString().Split("-")[0] $deploymentSettingsValidationName = $ResourceGroup + "-DSValidate" + $deploymentIdentifier Log-Info -Message "Deployment Settings Template File Path $deploymentSettingsTemplateFilePath and Deployment Name $deploymentSettingsDeploymentName" -ConsoleOut $resourceGroupDeploymentStatus = New-AzResourceGroupDeployment -Name $deploymentSettingsValidationName -ResourceGroupName $ResourceGroup -TemplateFile $deploymentSettingsTemplateFilePath -TemplateParameterFile $updatedDeploymentSettingsParametersFilePath -Force -Verbose -AsJob $deploystatusString = $resourceGroupDeploymentStatus | Out-String Log-Info -Message "Triggered Validated the deployment Settings Resource $deploystatusString" -ConsoleOut Start-Sleep -Seconds 120 $deploymentStatus = Get-AzResourceGroupDeployment -ResourceGroupName $ResourceGroup -Name $deploymentSettingsValidationName | Format-Table ResourceGroupName, DeploymentName, ProvisioningState $deploystatusString = $deploymentStatus | Out-String Log-Info -Message "Triggered Validated the deployment Settings Resource $deploystatusString" -ConsoleOut } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } finally { Disconnect-AzAccount -ErrorAction SilentlyContinue | out-null $Script:ErrorActionPreference = 'SilentlyContinue' Write-AzStackHciFooter -invocation $MyInvocation -Failed:$cmdletFailed -PassThru:$PassThru $DebugPreference = "Stop" } } function Invoke-AzStackHCIDeployment { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Tenant used for HCI Cluster Deployment")] [string] $TenantID, [Parameter(Mandatory = $true, HelpMessage = "Registration user credentials for HCI cluster deployment")] [System.Management.Automation.PSCredential] $RegistrationUserCredentials, [Parameter(Mandatory = $false, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $true, HelpMessage = "Arc Node ids required for cloud based deployment")] [string[]] $ArcNodeIds, [Parameter(Mandatory = $true, HelpMessage = "Answer file path required for deployment")] [string] $AnswerFilePath, [Parameter(Mandatory = $false, HelpMessage = "Return PSObject result.")] [System.Collections.Hashtable] $Tag, [Parameter(Mandatory = $false, HelpMessage = "Directory path for log and report output")] [string]$OutputPath, [Parameter(Mandatory = $false)] [Switch] $Force, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { $script:ErrorActionPreference = 'Stop' $ProgressPreference = 'SilentlyContinue' $DebugPreference = "Continue" Set-AzStackHciOutputPath -Path $OutputPath if(CheckIfScriptIsRunByAdministrator){ Log-Info -Message "Script is run as administrator, so enabling" [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072; } else{ throw "This script should be executed in administrator mode or above" } Log-Info -Message "Trying to connect using registration user credentials" Connect-AzAccount -Subscription $SubscriptionID -Tenant $TenantID -Credential $RegistrationUserCredentials | Out-Null Log-Info -Message "Successfully connected using the registration user credentials" if ($null -eq $ClusterName) { Log-Info -Message "Obtained cluster name is null, so getting the cluster Name from the answer file" -ConsoleOut $ClusterName = GetClusterNameFromAnswerFile -AnswerFilePath $AnswerFilePath Log-Info -Message "Obtained cluster name from answer file is $ClusterName" -ConsoleOut } Log-Info -Message "Starting Deployment Settings Validation Operation" -ConsoleOut $storageAccountName = GetStorageAccountName -ClusterName $ClusterName -Prefix $Prefix $KVName = GetKeyVaultName -ClusterName $ClusterName -Prefix $Prefix $deploymentSettingsObject = Get-Content $AnswerFilePath | ConvertFrom-Json if ($null -eq $deploymentSettingsObject){ throw "Deployment Settings Object cannot be null" } Log-Info -Message "Deployment Settings Object obtained is $deploymentSettingsObject" -ConsoleOut $kvResource = Get-AzResource -Name $KVName -ResourceType "Microsoft.KeyVault/vaults" -ResourceGroupName $ResourceGroup $kvVaultUri = $kvResource.Properties.vaultUri Log-Info -Message "Key Vault Uri obtained is $kvVaultUri" -ConsoleOut # Will Trigger Deployment $deploymentSettingsParameters = ReplaceDeploymentSettingsParametersTemplateWithActualValues -deploymentSettingsObject $deploymentSettingsObject -clusterName $ClusterName -arcNodeResourceIds $ArcNodeIds -storageAccountName $storageAccountName -secretsLocation $kvVaultUri if ($null -eq $deploymentSettingsParameters){ throw "Deployment Settings Parameters cannot be null" } $deploymentSettingsParameters.parameters.deploymentMode.value = "Deploy" Log-Info -Message "Deployment settings parameters obtained is $deploymentSettingsParameters" -ConsoleOut $deploymentSettingsParametersJson = $deploymentSettingsParameters | ConvertTo-Json -Depth 100 Log-Info -Message "Deployment Settings Parameters to json is $deploymentSettingsParametersJson" -ConsoleOut $updatedDeploymentSettingsParametersFilePath = (Join-Path -Path $env:TEMP -ChildPath "\DeploymentSettingsReportedPropertiesDeploy.json") Log-Info -Message "Updated Deployment Settings Parameters File Path $updatedDeploymentSettingsParametersFilePath" -ConsoleOut Set-Content -Path $updatedDeploymentSettingsParametersFilePath -Value $deploymentSettingsParametersJson | Out-Null $deploymentSettingsTemplateFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Templates\DeploymentSettingsTemplate.json") $deploymentIdentifier = [guid]::NewGuid().ToString().Split("-")[0] $deploymentSettingsValidationName = $ResourceGroup + "-DSDeploy" + $deploymentIdentifier Log-Info -Message "Deployment Settings Template File Path $deploymentSettingsTemplateFilePath and Deployment Name $deploymentSettingsDeploymentName" -ConsoleOut New-AzResourceGroupDeployment -Name $deploymentSettingsValidationName -ResourceGroupName $ResourceGroup -TemplateFile $deploymentSettingsTemplateFilePath -TemplateParameterFile $updatedDeploymentSettingsParametersFilePath -Force -Verbose -AsJob Start-Sleep -Seconds 120 $deploymentStatus = Get-AzResourceGroupDeployment -ResourceGroupName $ResourceGroup -Name $deploymentSettingsValidationName $deploystatusString = $deploymentStatus | Out-String Log-Info -Message "Triggered the deployment Settings Resource in deploy mode: $deploystatusString " -ConsoleOut } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } finally { Disconnect-AzAccount -ErrorAction SilentlyContinue | out-null $Script:ErrorActionPreference = 'SilentlyContinue' Write-AzStackHciFooter -invocation $MyInvocation -Failed:$cmdletFailed -PassThru:$PassThru $DebugPreference = "Stop" } } function Invoke-AzStackHCIFullDeployment { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Tenant used for HCI Cluster Deployment")] [string] $TenantID, # AzureCloud , AzureUSGovernment , AzureChinaCloud [Parameter(Mandatory = $true, HelpMessage = "Azure Cloud type used for HCI Cluster Deployment. Valid values are : AzureCloud , AzureUSGovernment , AzureChinaCloud")] [string] $Cloud, [Parameter(Mandatory = $true, HelpMessage = "Azure Region used for HCI Cluster Deployment")] [string] $Region, [Parameter(Mandatory = $true, HelpMessage = "Registration user credentials for HCI cluster deployment")] [System.Management.Automation.PSCredential] $RegistrationUserCredentials, [Parameter(Mandatory = $false, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $true, HelpMessage = "Local Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $LocalAdminCredentials, [Parameter(Mandatory = $true, HelpMessage = "Cloud Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $DomainAdminCredentials, [Parameter(Mandatory = $true, HelpMessage = "Arc Node ids required for cloud based deployment")] [string[]] $ArcNodeIds, [Parameter(Mandatory = $true, HelpMessage = "Answer file path required for deployment")] [string] $AnswerFilePath, [Parameter(Mandatory = $false, HelpMessage = "Return PSObject result.")] [System.Collections.Hashtable] $Tag, [Parameter(Mandatory = $false, HelpMessage = "Directory path for log and report output")] [string]$OutputPath, [Parameter(Mandatory = $false)] [Switch] $Force, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { $script:ErrorActionPreference = 'Stop' $ProgressPreference = 'SilentlyContinue' $DebugPreference = "Continue" Set-AzStackHciOutputPath -Path $OutputPath if(CheckIfScriptIsRunByAdministrator){ Log-Info -Message "Script is run as administrator, so enabling" [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072; } else{ throw "This script should be executed in administrator mode or above" } Log-Info -Message "Trying to connect using registration user credentials" Connect-AzAccount -Subscription $SubscriptionID -Tenant $TenantID -Credential $RegistrationUserCredentials | Out-Null Log-Info -Message "Successfully connected using the registration user credentials" if ($null -eq $ClusterName) { Log-Info -Message "Obtained cluster name is null, so getting the cluster Name from the answer file" -ConsoleOut $ClusterName = GetClusterNameFromAnswerFile -AnswerFilePath $AnswerFilePath Log-Info -Message "Obtained cluster name from answer file is $ClusterName" -ConsoleOut } Log-Info -Message "Starting AzStackHci Full Deployment" -ConsoleOut $environmentPreparationParameters = @{ SubscriptionID = $SubscriptionID ResourceGroup = $ResourceGroup TenantID = $TenantID Cloud = $Cloud Region = $Region RegistrationUserCredentials = $RegistrationUserCredentials ClusterName = $ClusterName LocalAdminCredentials = $LocalAdminCredentials DomainAdminCredentials = $DomainAdminCredentials ArcNodeIds = $ArcNodeIds Tag = $Tag OutputPath = $OutputPath Force = $Force Prefix = $Prefix } Log-Info -Message "Successfully got the parameters for environment validation" -ConsoleOut Invoke-AzStackHCIEnvironmentPreparator @environmentPreparationParameters Log-Info -Message "Successfully prepared the environment for cloud deployment, triggering validation" $deploymentSettingsParameters = @{ SubscriptionID = $SubscriptionID ResourceGroup = $ResourceGroup TenantID = $TenantID Cloud = $Cloud Region = $Region RegistrationUserCredentials = $RegistrationUserCredentials ClusterName = $ClusterName ArcNodeIds = $ArcNodeIds AnswerFilePath = $AnswerFilePath Tag = $Tag OutputPath = $OutputPath Force = $Force Prefix = $Prefix } Log-Info -Message "Successfully got the parameters for deployment settings validation" -ConsoleOut Invoke-AzStackHCIEnvironmentValidator @deploymentSettingsParameters Log-Info -Message "Started polling on the environment validation status" $status = PollDeploymentSettingsStatus -SubscriptionID $SubscriptionID -ResourceGroup $ResourceGroup -TenantID $TenantID -ClusterName $ClusterName if($status){ Log-Info -Message "Environment Validation succeeded , so moving to the deployment stage" -ConsoleOut Invoke-AzStackHCIDeployment @deploymentSettingsParameters Log-Info -Message "Starting polling on the deployment action plan" $deployStatus = PollDeploymentSettingsStatus -SubscriptionID $SubscriptionID -ResourceGroup $ResourceGroup -TenantID $TenantID -ClusterName $ClusterName if($deployStatus){ Log-Info -Message "Congrats, the Azure Stack HCI cluster has been deployed successfully" } else{ Log-Info -Message "Clearing the resource group since deployment failed" Remove-AzResourceGroup -Name $ResourceGroup -Force -Verbose throw "The deployment failed, please reset the parameters and retrigger again" } } else{ throw "Deployment Failed at environment validation, please re-check the parameters and try again" } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error $cmdletFailed = $true throw $_ } finally { Disconnect-AzAccount -ErrorAction SilentlyContinue | out-null $Script:ErrorActionPreference = 'SilentlyContinue' Write-AzStackHciFooter -invocation $MyInvocation -Failed:$cmdletFailed -PassThru:$PassThru $DebugPreference = "Stop" } } function GetClusterNameFromAnswerFile { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Answer File Path")] [string] $AnswerFilePath ) try { $deploymentSettingsObject = Get-Content $AnswerFilePath | ConvertFrom-Json if ($null -eq $deploymentSettingsObject){ throw "Deployment Settings Object cannot be null" } $deploymentDataFromAnswerFile = $deploymentSettingsObject.ScaleUnits[0].DeploymentData $clusterName = $deploymentDataFromAnswerFile.Cluster.Name Log-Info -Message "Cluster Name obtained in answer file is $clusterName" -ConsoleOut if ($null -ne $clusterName) { Log-Info -Message "Cluster Name is not null, so returning clustername $clusterName" -ConsoleOut return $clusterName } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } return $null } function CreateKeyVaultAndAddSecrets { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Region used for HCI Cluster Deployment")] [string] $Region, [Parameter(Mandatory = $true, HelpMessage = "Registration user credentials for HCI cluster deployment")] [System.Management.Automation.PSCredential] $RegistrationUserCredentials, [Parameter(Mandatory = $true, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $true, HelpMessage = "Local Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $LocalAdminCredentials, [Parameter(Mandatory = $true, HelpMessage = "Cloud Admin Credentials Required for deployment")] [System.Management.Automation.PSCredential] $DomainAdminCredentials, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { Log-Info -Message "Initializing the flow where the kv creation starts" -ConsoleOut $storageAccountName = GetStorageAccountName -ClusterName $ClusterName -Prefix $Prefix $KVName = GetKeyVaultName -ClusterName $ClusterName -Prefix $Prefix $storageWitnessKey = GetStorageWitnessKey -SubscriptionId $SubscriptionID -ResourceGroup $ResourceGroup -StorageAccountName $storageAccountName if ($null -eq $storageWitnessKey){ throw "Storage Witness Key is null, so cannot proceed with deployment" } Log-Info -Message "Successfully received the storage witness key for storage account $storageAccountName" -ConsoleOut $storageWitnessKeyB64Encoded = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($storageWitnessKey)) #Starting to create the spn for ARB Deployment $spnDisplayName = GetSpnName -ClusterName $ClusterName -Prefix $Prefix $servicePrincialCreds = CreateServicePrincipalForCloudDeployment -DisplayName $spnDisplayName -ResourceGroup $ResourceGroup if ($null -eq $servicePrincialCreds){ throw "Service Principal Credentials are null, so cannot proceed with deployment" } Log-Info -Message "Successfully created the service principal and the corresponding credentials to put in the kv" -ConsoleOut Log-Info -Message "Starting Key Vault Creation...." -ConsoleOut $localAdminSecret = ExtractUsernameAndPasswordFromCredential -Credential $LocalAdminCredentials if ($null -eq $localAdminSecret){ throw "Local Admin secret cannot be null, so cannot proceed with deployment" } Log-Info -Message "Successfully extracted and encoded the Local Admin Credentials" $domainAdminSecret = ExtractUsernameAndPasswordFromCredential -Credential $DomainAdminCredentials if ($null -eq $domainAdminSecret){ throw "Domain Admin secret cannot be null, so cannot proceed with deployment" } Log-Info -Message "Successfully extracted and encoded the Domain Admin Credentials" $keyVaultParameters = ReplaceKeyVaultTemplateWithActualValues -KVName $KVName -Region $Region -LocalAdminSecret $localAdminSecret -DomainAdminSecret $domainAdminSecret -ArbDeploymentSpnSecret $servicePrincialCreds -StorageWitnessKey $storageWitnessKeyB64Encoded if ($null -eq $keyVaultParameters){ throw "Key Vault parameters file could not be updated with actual values" } $deploymentIdentifier = [guid]::NewGuid().ToString().Split("-")[0] $KVDeploymentName = $KVName + "-KVDeploy" + $deploymentIdentifier $kvTemplateFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Templates\KeyVaultTemplate.json") Log-Info -Message "Key Vault Template file path $kvTemplateFilePath" -ConsoleOut $keyVaultParametersJson = $keyVaultParameters | ConvertTo-Json Log-Info -Message "Json value of key vault parameters $keyVaultParametersJson" -ConsoleOut $updatedKVParametersFilePath = (Join-Path -Path $env:TEMP -ChildPath "\KeyVaultReportedParameters.json") Set-Content -Path $updatedKVParametersFilePath -Value $keyVaultParametersJson | Out-Null New-AzResourceGroupDeployment -Name $KVDeploymentName -ResourceGroupName $ResourceGroup -TemplateFile $kvTemplateFilePath -TemplateParameterFile $updatedKVParametersFilePath -Force -Verbose $kvDeploymentStatus = Get-AzResourceGroupDeployment -ResourceGroupName $ResourceGroup -DeploymentName $KVDeploymentName if ($kvDeploymentStatus.ProvisioningState -eq "Succeeded"){ Log-Info -Message "Successfully deployed the KV with name $KVName" -ConsoleOut } else{ throw "KV Deployment Failed so not proceeding with the deployment" } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function CreateStorageAccountForCloudDeployment { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Region used for HCI Cluster Deployment")] [string] $Region, [Parameter(Mandatory = $true, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName, [Parameter(Mandatory = $false, HelpMessage = "Prefix to uniquely identify a storage account and a keyvault")] [string] $Prefix ) try { Log-Info -Message "Starting to create the storage account for deployment" -ConsoleOut #Perform Storage Account Deployment here $storageAccountName = GetStorageAccountName -ClusterName $ClusterName -Prefix $Prefix $deploymentIdentifier = [guid]::NewGuid().ToString().Split("-")[0] $storageAccountDeploymentName = $storageAccountName + "sadeployment" + $deploymentIdentifier Log-Info -Message "Trying to create storage account with name $storageAccountName and Deployment Name $storageAccountDeploymentName" -ConsoleOut $storageAccountParameters = ReplaceStorageAccountTemplateWithActualValues -StorageAccountName $storageAccountName -Location $Region if ($null -ne $storageAccountParameters){ $storageAccountTemplateFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Templates\StorageAccountTemplate.json") Log-Info -Message "Storage Account Template File Path $storageAccountTemplateFilePath" $storageAccountParametersJson = $storageAccountParameters | ConvertTo-Json Log-Info -Message "Storage Account Parameters Converted to JSON is $storageAccountParametersJson" -ConsoleOut $updatedStorageAccountParametersFilePath = (Join-Path -Path $env:TEMP -ChildPath "\StorageAccountReportedParameters.json") Log-Info -Message "Updated Storage Account Parameters File Path is $updatedStorageAccountParametersFilePath" -ConsoleOut Set-Content -Path $updatedStorageAccountParametersFilePath -Value $storageAccountParametersJson | Out-Null New-AzResourceGroupDeployment -Name $storageAccountDeploymentName -ResourceGroupName $ResourceGroup -TemplateFile $storageAccountTemplateFilePath -TemplateParameterFile $updatedStorageAccountParametersFilePath -Force -Verbose $statusOfStorageAccountDeployment = Get-AzResourceGroupDeployment -ResourceGroupName $ResourceGroup -DeploymentName $storageAccountDeploymentName if ($statusOfStorageAccountDeployment.ProvisioningState -eq "Succeeded"){ Log-Info -Message "Storage Account $storageAccountName is created successfully" -ConsoleOut } else{ throw "Storage account deployment with name $storageAccountName and deploymentName $storageAccountDeploymentName failed" } } else{ throw "Could not replace storage account parameter template with the parameter values" } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function CreateClusterAndAssignRoles { [CmdletBinding(DefaultParametersetName = 'AZContext')] param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Region used for HCI Cluster Deployment")] [string] $Region, [Parameter(Mandatory = $true, HelpMessage = "Azure Stack HCI Cluster Name for Registration")] [string] $ClusterName ) try { # Checking if cluster is already deployed $resClusCheck = CheckIfAlreadyClusterResourceExists -ClusterName $ClusterName -ResourceGroupName $ResourceGroup if ($resClusCheck -eq [ErrorDetail]::ClusterAlreadyExists) { throw "A cluster with the same name already exists in the same resource group and is in deployed state, so cannot create the cluster again" } # Trying to create the cluster object $properties = [ResourceProperties]::new($Region, @{}) $payload = ConvertTo-Json -InputObject $properties Log-Info -Message "Payload for cluster creation is $payload" -ConsoleOut $resourceId = "/subscriptions/$SubscriptionID/resourceGroups/$ResourceGroup/providers/Microsoft.AzureStackHCI/clusters/$ClusterName" $RPAPIVersion = "2023-08-01-preview" $resourceIdApiVersion = "{0}?api-version={1}" -f $resourceId, $RPAPIVersion Log-Info -Message "Resource Id is $resourceId" -ConsoleOut $clusterResult = New-ClusterWithRetries -ResourceIdWithAPI $resourceIdApiVersion -Payload $payload if ($clusterResult -eq $false) { throw "Cluster creation with name $ClusterName failed in $Region with Resource Group $ResourceGroup" } $clusterResource = Get-AzResource -ResourceId $resourceId -ApiVersion $RPAPIVersion -ErrorAction SilentlyContinue if ($null -ne $clusterResource) { Log-Info -Message "Successfully created the cluster resource $clusterResource" -ConsoleOut #Assigning permission to the HCI first party object id on the resource group level AssignRolesToHCIResourceProvider -ResourceGroup $ResourceGroup -hciObjectId $clusterResource.Properties.resourceProviderObjectId } else { throw "Cluster creation with name $ClusterName failed in $Region with Resource Group $ResourceGroup" } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function Invoke-validateNodesForDeployment { param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Tenant used for HCI Cluster Deployment")] [string] $TenantID, # AzureCloud , AzureUSGovernment , AzureChinaCloud [Parameter(Mandatory = $true, HelpMessage = "Azure Cloud type used for HCI Cluster Deployment. Valid values are : AzureCloud , AzureUSGovernment , AzureChinaCloud")] [string] $Cloud, [Parameter(Mandatory = $true, HelpMessage = "Azure Region used for HCI Cluster Deployment")] [string] $Region, [Parameter(Mandatory = $true, HelpMessage = "Registration user credentials for HCI cluster deployment")] [System.Management.Automation.PSCredential] $RegistrationUserCredentials, [Parameter(Mandatory = $true, HelpMessage = "Arc Node ids required for cloud based deployment")] [string[]] $ArcNodeIds ) try { Log-Info -Message "Trying to connect using registration user credentials" -ConsoleOut Connect-AzAccount -Subscription $SubscriptionID -Tenant $TenantID -Credential $RegistrationUserCredentials | Out-Null Log-Info -Message "Successfully connected using the registration user credentials" -ConsoleOut $RPAPIVersion = "2023-08-01-preview" $edgeDeviceNodeIds=@() foreach ($arcResourceID in $ArcNodeIds) { $edgeDeviceNodeIds += "$($arcResourceID)/providers/Microsoft.AzureStackHCI/edgeDevices/default" } $edgeDevicesValidateEndpointWithAPI = "{0}/validate?api-version={1}" -f $edgeDeviceNodeIds[0], $RPAPIVersion Log-Info -Message "Validation Endpoint Uri : $edgeDevicesValidateEndpointWithAPI" -ConsoleOut $parameters = @{EdgeDeviceIds=$edgeDeviceNodeIds} $jsonString = $parameters | ConvertTo-Json Log-Info -Message "Validation action payload : $($jsonString) " -ConsoleOut $response = Invoke-AzRestMethod -Path $edgeDevicesValidateEndpointWithAPI -Method POST -Payload $jsonString Log-Info -Message "Validation action response : $($response.StatusCode) " -ConsoleOut $asyncURL = $response.Headers.GetValues("Azure-AsyncOperation") $asyncuri =$asyncURL[0].Substring(0,$asyncURL[0].IndexOf('&')) $stopLoop = $false $status = $false do { Log-Info -Message "Querying validation status using : $asyncuri " -ConsoleOut $response = Invoke-AzRestMethod -URI $asyncuri -Method GET Log-Info -Message "validation Response: $response " -ConsoleOut $validationResponse = $response.Content | ConvertFrom-Json $prettyResponse = $validationResponse | ConvertTo-Json -Depth 100 Log-Info -Message "Validation status $prettyResponse" -ConsoleOut if( $validationResponse.status.Equals("Inprogress") ) { Start-Sleep -Seconds 10 } else { $stopLoop = $true Log-Info -Message "Validation has completed" $status = $validationResponse.status.Equals("Succeeded") } } While (-Not $stopLoop) } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error $status = $false } finally { Disconnect-AzAccount -ErrorAction SilentlyContinue | out-null $Script:ErrorActionPreference = 'SilentlyContinue' Write-AzStackHciFooter -invocation $MyInvocation -Failed:$cmdletFailed -PassThru:$PassThru $DebugPreference = "Stop" } return $status } function PollDeploymentSettingsStatus { param ( [Parameter(Mandatory = $true, HelpMessage = "Azure Subscription Id for HCI Cluster Deployment")] [string] $SubscriptionID, [Parameter(Mandatory = $true, HelpMessage = "Azure Resource group used for HCI Cluster Deployment")] [string] $ResourceGroup, [Parameter(Mandatory = $true, HelpMessage = "Azure Tenant used for HCI Cluster Deployment")] [string] $TenantID, [Parameter(Mandatory = $true)] [string] $ClusterName ) $RPAPIVersion = "2023-08-01-preview" $deploymentSettingsResourceUri = "/subscriptions/$SubscriptionID/resourceGroups/$ResourceGroup/providers/Microsoft.AzureStackHCI/clusters/$ClusterName/deploymentSettings/default" Log-Info -Message "Deployment Settings Resource Uri is $deploymentSettingsResourceUri" -ConsoleOut $stopLoop = $false $status = $false do { $deploymentSettingsResource = Get-AzResource -ResourceId $deploymentSettingsResourceUri -ApiVersion $RPAPIVersion -Verbose Log-Info -Message "Deployment Settings Resource obtained is $deploymentSettingsResource" -ConsoleOut $provisioningState = $deploymentSettingsResource.properties.provisioningState if (("Succeeded" -eq $provisioningState) -or ("Failed" -eq $provisioningState)){ $stopLoop = $true if (("Succeeded" -eq $provisioningState)){ $status = $true } Log-Info -Message "Provisioning State has reached a terminal state, so closing the operation" } $reportedProperties = $deploymentSettingsResource.properties.reportedProperties $reportedPropertiesJson = $reportedProperties | ConvertTo-Json Log-Info -Message "Reported Properties obtained is $reportedPropertiesJson" -ConsoleOut Start-Sleep -Seconds 120 } While (-Not $stopLoop) return $status } function RegisterRequiredResourceProviders { try { Log-Info -Message "Registering required resource providers" -ConsoleOut Register-RPIfRequired -ProviderNamespace "Microsoft.HybridCompute" Register-RPIfRequired -ProviderNamespace "Microsoft.GuestConfiguration" Register-RPIfRequired -ProviderNamespace "Microsoft.HybridConnectivity" Register-RPIfRequired -ProviderNamespace "Microsoft.AzureStackHCI" Register-RPIfRequired -ProviderNamespace "Microsoft.Storage" Register-RPIfRequired -ProviderNamespace "Microsoft.KeyVault" Register-RPIfRequired -ProviderNamespace "Microsoft.ResourceConnector" Register-RPIfRequired -ProviderNamespace "Microsoft.HybridContainerService" Log-Info -Message "Successfully registered Resource Providers" -ConsoleOut } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } } function Register-RPIfRequired{ param( [string] $ProviderNamespace ) $rpState = Get-AzResourceProvider -ProviderNamespace $ProviderNamespace $notRegisteredResourcesForRP = ($rpState.Where({$_.RegistrationState -ne "Registered"}) | Measure-Object ).Count if ($notRegisteredResourcesForRP -eq 0 ) { Log-Info -Message "$ProviderNamespace RP already registered, skipping registration" -ConsoleOut } else { try { Register-AzResourceProvider -ProviderNamespace $ProviderNamespace | Out-Null Log-Info -Message "registered Resource Provider: $ProviderNamespace " -ConsoleOut } catch { Log-Info -Message -Message "Exception occured while registering $ProviderNamespace RP, $_" -ConsoleOut throw } } } function GetStorageAccountName { param ( [Parameter(Mandatory = $true)] [string] $ClusterName, [Parameter(Mandatory = $false)] [string] $Prefix ) try { $storageAccountName = $ClusterName + "sa" if ([string]::IsNullOrEmpty($Prefix)) { Log-Info -Message "Storage account name with null prefix is $storageAccountName" -ConsoleOut } else { $storageAccountName = $storageAccountName + $Prefix Log-Info -Message "Storage account name appended with prefix is $storageAccountName" -ConsoleOut } $storageAccountName = $storageAccountName -replace "[^a-zA-Z0-9]", "" $storageAccountName = $storageAccountName.ToLower() if ($storageAccountName.Length -gt 24) { $storageAccountName = $storageAccountName.Substring(0, 24) } Log-Info -Message "Storage account name is $storageAccountName" -ConsoleOut return $storageAccountName } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function GetKeyVaultName { param ( [Parameter(Mandatory = $true)] [string] $ClusterName, [Parameter(Mandatory = $false)] [string] $Prefix ) try { $KVName = $ClusterName + "-KV" if ([string]::IsNullOrEmpty($Prefix)) { Log-Info -Message "KV Name with without prefix is $KVName" -ConsoleOut } else { $KVName = $KVName + $Prefix Log-Info -Message "KV Name with unique prefix provided by user is $KVName" -ConsoleOut } $KVName = $KVName -replace "[^a-zA-Z0-9]", "" $KVName = $KVName.ToLower() if ($KVName.Length -gt 24) { $KVName = $KVName.Substring(0, 24) } Log-Info -Message "Key Vault name is $KVName" -ConsoleOut return $KVName } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function GetSpnName { param ( [Parameter(Mandatory = $true)] [string] $ClusterName, [Parameter(Mandatory = $false)] [string] $Prefix ) try { $spnDisplayName = $ClusterName + "-SPN" if ([string]::IsNullOrEmpty($Prefix)) { Log-Info -Message "Spn display name without prefix is $spnDisplayName" -ConsoleOut } else { $spnDisplayName = $ClusterName + "-SPN" + $Prefix Log-Info -Message "Spn display name with prefix is $spnDisplayName" -ConsoleOut } return $spnDisplayName } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function CheckIfKVAlreadyExists { param ( [Parameter(Mandatory = $true)] [string] $KVName, [Parameter(Mandatory = $true)] [string] $ResourceGroupName ) try { $kvAccount = Get-AzResource -Name $KVName -ResourceType "Microsoft.KeyVault/vaults" -ResourceGroupName $ResourceGroupName -ErrorAction SilentlyContinue if (($null -ne $kvAccount) -and ($null -ne $kvAccount.properties.ProvisioningState)){ $status = $kvAccount.properties.ProvisioningState if (($status -eq "Succeeded")){ Log-Info -Message "Key Vault with the same name $kvAccount exists in the Resource Group $ResourceGroupName" -ConsoleOut return [ErrorDetail]::KeyVaultAlreadyExists } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return [ErrorDetail]::NotFound } function CheckIfStorageAccountAlreadyExists { param ( [Parameter(Mandatory = $true)] [string] $StorageAccountName, [Parameter(Mandatory = $true)] [string] $ResourceGroupName ) try { $storageAccount = Get-AzResource -Name $StorageAccountName -ResourceType "Microsoft.Storage/storageAccounts" -ResourceGroupName $ResourceGroupName -ErrorAction SilentlyContinue if (($null -ne $storageAccount) -and ($null -ne $storageAccount.properties.ProvisioningState)){ $status = $storageAccount.properties.ProvisioningState if (($status -eq "Succeeded")){ Log-Info -Message "Storage Account with the same name $StorageAccountName exists in the Resource Group $ResourceGroupName" -ConsoleOut return [ErrorDetail]::StorageAccountAlreadyExists } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return [ErrorDetail]::NotFound } function CheckIfAlreadyClusterResourceExists { param ( [Parameter(Mandatory = $true)] [string] $ClusterName, [Parameter(Mandatory = $true)] [string] $ResourceGroupName ) try { $clusterResource = Get-AzResource -Name $ClusterName -ResourceType "Microsoft.AzureStackHCI/clusters" -ResourceGroupName $ResourceGroupName -ErrorAction SilentlyContinue if (($null -ne $clusterResource) -and ($null -ne $clusterResource.properties.status)){ $status = $clusterResource.properties.status if (($status -eq "ConnectedRecently") -or ($status -eq "DeploymentSuccess")){ Log-Info -Message "Cluster with the same name $ClusterName exists in the Resource Group $ResourceGroupName and is in state $state" -ConsoleOut return [ErrorDetail]::ClusterAlreadyExists } else{ Log-Info -Message "Cluster state obtained is $status" -ConsoleOut } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return [ErrorDetail]::NotFound } function GetStorageWitnessKey { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $SubscriptionId, [Parameter(Mandatory = $true)] [string] $ResourceGroup, [Parameter(Mandatory = $true)] [string] $StorageAccountName ) try { $resourceId = "/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Storage/storageAccounts/{2}" -f $SubscriptionId, $ResourceGroup, $StorageAccountName Log-Info -Message "Resource id of storage account is $resourceId" -ConsoleOut $res = Invoke-AzResourceAction -ResourceId $resourceId -Action "listKeys" -ApiVersion "2023-01-01" -Force Log-Info -Message "Successfully got the keys for the storage account $StorageAccountName" -ConsoleOut if (($null -ne $res) -and ($res.keys.Count -gt 0)){ return $res.keys[0].value } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function ReplaceDeploymentSettingsParametersTemplateWithActualValues { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [object] $deploymentSettingsObject, [Parameter(Mandatory = $true)] [string] $clusterName, [Parameter(Mandatory = $true)] [string[]] $arcNodeResourceIds, [Parameter(Mandatory = $true)] [string] $storageAccountName, [Parameter(Mandatory = $true)] [string] $secretsLocation ) try { $customLocationName = $clusterName + "-customlocation" $deploymentDataFromAnswerFile = $deploymentSettingsObject.ScaleUnits[0].DeploymentData $deploymentSettingsParameterFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Parameters\DeploymentSettingsParameters.json") $deploymentSettingsParameters = Get-Content $deploymentSettingsParameterFilePath | ConvertFrom-Json $deploymentSettingsParameters.parameters.name.value = $clusterName $deploymentSettingsParameters.parameters.arcNodeResourceIds.value = $arcNodeResourceIds $deploymentSettingsParameters.parameters.domainFqdn.value = $deploymentDataFromAnswerFile.DomainFQDN $deploymentSettingsParameters.parameters.namingPrefix.value = $deploymentDataFromAnswerFile.NamingPrefix $deploymentSettingsParameters.parameters.adouPath.value = $deploymentDataFromAnswerFile.ADOUPath $deploymentSettingsParameters.parameters.driftControlEnforced.value = $deploymentDataFromAnswerFile.SecuritySettings.DriftControlEnforced $deploymentSettingsParameters.parameters.credentialGuardEnforced.value = $deploymentDataFromAnswerFile.SecuritySettings.CredentialGuardEnforced $deploymentSettingsParameters.parameters.smbSigningEnforced.value = $deploymentDataFromAnswerFile.SecuritySettings.SMBSigningEnforced $deploymentSettingsParameters.parameters.smbClusterEncryption.value = $deploymentDataFromAnswerFile.SecuritySettings.SMBClusterEncryption $deploymentSettingsParameters.parameters.bitlockerBootVolume.value = $deploymentDataFromAnswerFile.SecuritySettings.BitlockerBootVolume $deploymentSettingsParameters.parameters.bitlockerDataVolumes.value = $deploymentDataFromAnswerFile.SecuritySettings.BitlockerDataVolumes $deploymentSettingsParameters.parameters.wdacEnforced.value = $deploymentDataFromAnswerFile.SecuritySettings.WDACEnforced $deploymentSettingsParameters.parameters.streamingDataClient.value = $deploymentDataFromAnswerFile.Observability.StreamingDataClient $deploymentSettingsParameters.parameters.euLocation.value = $deploymentDataFromAnswerFile.Observability.EULocation $deploymentSettingsParameters.parameters.episodicDataUpload.value = $deploymentDataFromAnswerFile.Observability.EpisodicDataUpload $deploymentSettingsParameters.parameters.clusterName.value = $clusterName $deploymentSettingsParameters.parameters.cloudAccountName.value = $storageAccountName $deploymentSettingsParameters.parameters.configurationMode.value = $deploymentDataFromAnswerFile.Storage.ConfigurationMode $deploymentSettingsParameters.parameters.subnetMask.value = $deploymentDataFromAnswerFile.InfrastructureNetwork.SubnetMask $deploymentSettingsParameters.parameters.defaultGateway.value = $deploymentDataFromAnswerFile.InfrastructureNetwork.Gateway $deploymentSettingsParameters.parameters.startingIPAddress.value = $deploymentDataFromAnswerFile.InfrastructureNetwork.IPPools[0].StartingAddress $deploymentSettingsParameters.parameters.endingIPAddress.value = $deploymentDataFromAnswerFile.InfrastructureNetwork.IPPools[0].EndingAddress $deploymentSettingsParameters.parameters.dnsServers.value = @($deploymentDataFromAnswerFile.InfrastructureNetwork.DNSServers) $deploymentSettingsParameters.parameters.physicalNodesSettings.value = @(GetPhysicalNodesSettingsFromAnswerFile -deploymentData $deploymentDataFromAnswerFile) $deploymentSettingsParameters.parameters.storageNetworkList.value = @(GetStorageNetworkListFromDeploymentData -deploymentData $deploymentDataFromAnswerFile) $deploymentSettingsParameters.parameters.intentList.value = @(GetNetworkIntents -deploymentData $deploymentDataFromAnswerFile) $deploymentSettingsParameters.parameters.customLocation.value = $customLocationName $deploymentSettingsParameters.parameters.secretsLocation.value = $secretsLocation Log-Info -Message "Deployment Settings Parameters Object $deploymentSettingsParameters" -ConsoleOut return $deploymentSettingsParameters } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function GetNetworkIntents { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [object] $deploymentData ) $networkIntents = @() try { $networkIntentList = $deploymentData.HostNetwork.Intents foreach ($intent in $networkIntentList) { $networkIntentInfo = New-Object -TypeName PSObject $networkIntentInfo | Add-Member -Name 'name' -MemberType Noteproperty -Value $intent.Name $networkIntentInfo | Add-Member -Name 'trafficType' -MemberType Noteproperty -Value @($intent.TrafficType) $networkIntentInfo | Add-Member -Name 'adapter' -MemberType Noteproperty -Value @($intent.Adapter) $networkIntentInfo | Add-Member -Name 'overrideVirtualSwitchConfiguration' -MemberType Noteproperty -Value $intent.OverrideVirtualSwitchConfiguration $networkIntentInfo | Add-Member -Name 'overrideQosPolicy' -MemberType Noteproperty -Value $intent.OverrideQosPolicy $networkIntentInfo | Add-Member -Name 'overrideAdapterProperty' -MemberType Noteproperty -Value $intent.overrideAdapterProperty $virtualSwitchConfigurationOverrides = New-Object -TypeName PSObject $virtualSwitchConfigurationOverrides | Add-Member -Name 'enableIov' -MemberType Noteproperty -Value $intent.VirtualSwitchConfigurationOverrides.EnableIov $virtualSwitchConfigurationOverrides | Add-Member -Name 'loadBalancingAlgorithm' -MemberType Noteproperty -Value $intent.VirtualSwitchConfigurationOverrides.LoadBalancingAlgorithm $networkIntentInfo | Add-Member -Name 'virtualSwitchConfigurationOverrides' -MemberType Noteproperty -Value $virtualSwitchConfigurationOverrides $qosPolicyOverrides = New-Object -TypeName PSObject $qosPolicyOverrides | Add-Member -Name 'priorityValue8021Action_Cluster' -MemberType Noteproperty -Value $intent.QosPolicyOverrides.PriorityValue8021Action_Cluster $qosPolicyOverrides | Add-Member -Name 'priorityValue8021Action_SMB' -MemberType Noteproperty -Value $intent.QosPolicyOverrides.PriorityValue8021Action_Cluster $qosPolicyOverrides | Add-Member -Name 'bandwidthPercentage_SMB' -MemberType Noteproperty -Value $intent.QosPolicyOverrides.BandwidthPercentage_SMB $networkIntentInfo | Add-Member -Name 'qosPolicyOverrides' -MemberType Noteproperty -Value $qosPolicyOverrides $adapterPropertyOverrides = New-Object -TypeName PSObject $adapterPropertyOverrides | Add-Member -Name 'jumboPacket' -MemberType Noteproperty -Value $intent.AdapterPropertyOverrides.JumboPacket if( ([string]::IsNullOrEmpty($intent.AdapterPropertyOverrides.NetworkDirect))) { $adapterPropertyOverrides | Add-Member -Name 'networkDirect' -MemberType Noteproperty -Value "Disabled" }else { $adapterPropertyOverrides | Add-Member -Name 'networkDirect' -MemberType Noteproperty -Value $intent.AdapterPropertyOverrides.NetworkDirect } $adapterPropertyOverrides | Add-Member -Name 'networkDirectTechnology' -MemberType Noteproperty -Value $intent.AdapterPropertyOverrides.NetworkDirectTechnology $networkIntentInfo | Add-Member -Name 'adapterPropertyOverrides' -MemberType Noteproperty -Value $adapterPropertyOverrides $networkIntents += $networkIntentInfo Log-Info -Message "Network Intent Info obtained is $networkIntentInfo" -ConsoleOut } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } Log-Info -Message "Network Intents obtained is $networkIntents" -ConsoleOut return $networkIntents } function GetStorageNetworkListFromDeploymentData { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [object] $deploymentData ) $storageNetworks = @() try { $storageNetworksList = $deploymentData.HostNetwork.StorageNetworks foreach ($network in $storageNetworksList) { $storageNetworkInfo = New-Object -TypeName psobject $storageNetworkInfo | Add-Member -Name 'name' -MemberType Noteproperty -Value $network.Name $storageNetworkInfo | Add-Member -Name 'networkAdapterName' -MemberType Noteproperty -Value $network.NetworkAdapterName $storageNetworkInfo | Add-Member -Name 'vlanId' -MemberType Noteproperty -Value $network.VlanId.ToString() $storageNetworks += $storageNetworkInfo Log-Info -Message "Storage Network Setting Info is $storageNetworkInfo" -ConsoleOut } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } Log-Info -Message "Storage Network Settings Obtained is $storageNetworks" -ConsoleOut return $storageNetworks } function GetPhysicalNodesSettingsFromAnswerFile { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [object] $deploymentData ) $physicalNodeSettings = @() try { $physicalNodesData = $deploymentData.PhysicalNodes foreach ($settings in $physicalNodesData) { $physicalNodeInfo = New-Object -TypeName psobject $physicalNodeInfo | Add-Member -Name 'name' -MemberType Noteproperty -Value $settings.Name $physicalNodeInfo | Add-Member -Name 'ipv4Address' -MemberType Noteproperty -Value $settings.Ipv4Address $physicalNodeSettings += $physicalNodeInfo Log-Info -Message "Physical Node Ip info is $physicalNodeInfo" -ConsoleOut } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } Log-Info -Message "Physical Node Settings obtained is $physicalNodeSettings" -ConsoleOut return $physicalNodeSettings } function AssignPermissionsToArcMachines { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string[]] $ArcMachineIds, [Parameter(Mandatory = $true)] [string] $ResourceGroup ) try { ForEach ($arcMachineUri in $ArcMachineIds) { $objectId = GetArcMachineObjectId -ArcMachineUri $arcMachineUri if ($null -ne $objectId) { $setHCIRegistrationRoleResult = PerformObjectRoleAssignmentWithRetries -ObjectId $objectId -RoleName "Azure Stack HCI registration role" -ResourceGroup $ResourceGroup -Verbose if ($setHCIRegistrationRoleResult -ne [ErrorDetail]::Success) { Log-Info -Message "Failed to assign the Azure Stack HCI registration role on the resource group" -ConsoleOut -Type Error } else { Log-Info -Message "Successfully assigned the Azure Stack HCI registration role on the resource group" -ConsoleOut } $keyVaultSecretsUserRoleResult = PerformObjectRoleAssignmentWithRetries -ObjectId $objectId -RoleName "Key Vault Secrets User" -ResourceGroup $ResourceGroup -Verbose if ($keyVaultSecretsUserRoleResult -ne [ErrorDetail]::Success) { Log-Info -Message "Failed to assign the Key Vault Secrets User role on the resource group" -ConsoleOut -Type Error } else { Log-Info -Message "Successfully assigned the Key Vault Secrets User role on the resource group" -ConsoleOut } } else{ Log-Info -Message "HCI Object Id is null, so could not assign the required permissions the HCI RP on the RG" -Type Error -ConsoleOut } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } } function GetArcMachineObjectId { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string] $ArcMachineUri ) try { Log-Info -Message "Arc Machine Uri $ArcMachineUri" -ConsoleOut $arcResource = Get-AzResource -ResourceId $ArcMachineUri $objectId = $arcResource.Identity.PrincipalId Log-Info -Message "Successfully got Object Id for Arc Installation $objectId" -ConsoleOut return $objectId } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error throw $_ } return $null } function ReplaceKeyVaultTemplateWithActualValues { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $KVName, [Parameter(Mandatory = $true)] [string] $Region, [Parameter(Mandatory = $true)] [string] $LocalAdminSecret, [Parameter(Mandatory = $true)] [string] $DomainAdminSecret, [Parameter(Mandatory = $true)] [string] $ArbDeploymentSpnSecret, [Parameter(Mandatory = $true)] [string] $StorageWitnessKey ) try { Log-Info -Message "Starting to change the parameters of the key vault parameyters template" -ConsoleOut $keyVaultParameterFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Parameters\KeyVaultParameters.json") $keyVaultParameters = Get-Content $keyVaultParameterFilePath | ConvertFrom-Json Log-Info -Message "Successfully got the template file for the key vault parameters" -ConsoleOut $keyVaultParameters.parameters.keyVaultName.value = $KVName $keyVaultParameters.parameters.location.value = $Region $keyVaultParameters.parameters.localAdminSecretValue.value = $LocalAdminSecret $keyVaultParameters.parameters.domainAdminSecretValue.value = $DomainAdminSecret $keyVaultParameters.parameters.arbDeploymentSpnValue.value = $ArbDeploymentSpnSecret $keyVaultParameters.parameters.storageWitnessValue.value = $StorageWitnessKey Log-Info -Message "Successfully updated the key vault parameters file with the actual values" -ConsoleOut return $keyVaultParameters } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function CreateServicePrincipalForCloudDeployment { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $DisplayName, [Parameter(Mandatory = $true)] [string] $ResourceGroup ) try { $servicePrincipal = New-AzADServicePrincipal -DisplayName $DisplayName $AADApp = Get-AzADApplication -ApplicationId $servicePrincipal.AppId Log-Info -Message "Created a spn with the appId $AADApp" -ConsoleOut $PasswordCedentials = @{ StartDateTime = Get-Date EndDateTime = (Get-Date).AddDays(90) DisplayName = ("Secret auto-rotated on: " + (Get-Date).ToUniversalTime().ToString("yyyy'-'MM'-'dd")) } $servicePrincipalSecret = New-AzADAppCredential -ApplicationObject $AADApp -PasswordCredentials $PasswordCedentials $servicePrincipalSecretTest = $servicePrincipalSecret.SecretText Log-Info -Message "Successfully created a service principal secret for the app $AADApp" -ConsoleOut $spnCredentialForArb = $servicePrincipal.AppId + ":" + $servicePrincipalSecretTest $base64EncodedSpnCredential = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($spnCredentialForArb)) Log-Info -Message "The base 64 encoded spn credential for deployment is created successfully" -ConsoleOut Log-Info -Message "Trying to assign permission to the SPN" -ConsoleOut AssignPermissionToSPN -spnObjectId $servicePrincipal.Id -ResourceGroup $ResourceGroup return $base64EncodedSpnCredential } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function ReplaceStorageAccountTemplateWithActualValues { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $StorageAccountName, [Parameter(Mandatory = $true)] [string] $Location ) try { $storageAccountParameterFilePath = (Join-Path -Path $PSScriptRoot -ChildPath "Parameters\StorageAccountParameters.json") Log-Info -Message "Storage Account Parameters File Path $storageAccountParameterFilePath" -ConsoleOut $storageAccountParameters = Get-Content $storageAccountParameterFilePath | ConvertFrom-Json $storageAccountParameters.parameters.cloudDeployStorageAccountName.value = $StorageAccountName $storageAccountParameters.parameters.location.value = $Location Log-Info -Message "Successfully replaced the storage account name in the parameters file" -ConsoleOut return $storageAccountParameters } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function ExtractUsernameAndPasswordFromCredential { [CmdletBinding()] param ( [System.Management.Automation.PSCredential] $Credential ) try { $secretName = $Credential.GetNetworkCredential().UserName $secretValue = $Credential.GetNetworkCredential().Password Log-Info -Message "Successfully extracted the secret Name $secretName and the secret Value from the Credential Object" -ConsoleOut $KVSecret = $secretName + ":" + $secretValue $base64EncodedKVSecret = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($KVSecret)) Log-Info -Message "Successfully base 64 encoded the secret $secretName " return $base64EncodedKVSecret } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } return $null } function AssignPermissionToSPN { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $ResourceGroup, [Parameter(Mandatory = $true)] [string] $spnObjectId ) try { if ($null -ne $spnObjectId) { $arcManagerRoleStatus = PerformObjectRoleAssignmentWithRetries -ObjectId $spnObjectId -RoleName "User Access Administrator" if ($arcManagerRoleStatus -ne [ErrorDetail]::Success) { Log-Info -Message "Failed to assign User Access administrator role on the resource group for the SPN" -ConsoleOut -Type Error } else { Log-Info -Message "Successfully assigned the Access administrator role on the resource group for the SPN" -ConsoleOut } $arcContributorRoleStatus = PerformObjectRoleAssignmentWithRetries -ObjectId $spnObjectId -RoleName "contributor" if ($arcContributorRoleStatus -ne [ErrorDetail]::Success) { Log-Info -Message "Failed to assign User Contributor role on the resource group for the SPN" -ConsoleOut -Type Error } else { Log-Info -Message "Successfully assigned the Contributor role on the resource group for the SPN" -ConsoleOut } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } } function AssignRolesToHCIResourceProvider { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $ResourceGroup, [Parameter(Mandatory = $true)] [string] $hciObjectId ) try { if ($null -ne $hciObjectId) { $arcManagerRoleStatus = PerformObjectRoleAssignmentWithRetries -ObjectId $hciObjectId -RoleName "Azure Connected Machine Resource Manager" -ResourceGroup $ResourceGroup if ($arcManagerRoleStatus -ne [ErrorDetail]::Success) { Log-Info -Message "Failed to assign the Azure Connected Machine Resource Nanager role on the resource group" -ConsoleOut -Type Error } else { Log-Info -Message "Successfully assigned the Azure Connected Machine Resource Nanager role on the resource group" -ConsoleOut } } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } } function PerformObjectRoleAssignmentWithRetries { param( [String] $ObjectId, [String] $ResourceGroup, [string] $RoleName ) $stopLoop = $false [int]$retryCount = "0" [int]$maxRetryCount = "5" Log-Info -Message $"Checking if $RoleName is assigned already for SPN with Object ID: $ObjectId" -ConsoleOut if( [string]::IsNullOrEmpty($ResourceGroup)) { $arcSPNRbacRoles = Get-AzRoleAssignment -ObjectId $ObjectId } else { $arcSPNRbacRoles = Get-AzRoleAssignment -ObjectId $ObjectId -ResourceGroupName $ResourceGroup } $alreadyFoundRole = $false $arcSPNRbacRoles | ForEach-Object { $roleFound = $_.RoleDefinitionName if ($roleFound -eq $RoleName) { $alreadyFoundRole = $true Log-Info -Message $"Already Found $RoleName Not Assigning" -ConsoleOut } } if ( -not $alreadyFoundRole) { Log-Info -Message "Assigning $RoleName to Object : $ObjectId" -ConsoleOut do { try { if( [string]::IsNullOrEmpty($ResourceGroup)) { New-AzRoleAssignment -ObjectId $ObjectId -RoleDefinitionName $RoleName | Out-Null } else { New-AzRoleAssignment -ObjectId $ObjectId -ResourceGroupName $ResourceGroup -RoleDefinitionName $RoleName | Out-Null } Log-Info -Message $"Sucessfully assigned $RoleName to Object Id $ObjectId" -ConsoleOut $stopLoop = $true } catch { # 'Conflict' can happen when either the RoleAssignment already exists or the limit for number of role assignments has been reached. if ($_.Exception.Response.StatusCode -eq 'Conflict') { if( [string]::IsNullOrEmpty($ResourceGroup)) { $roleAssignment = Get-AzRoleAssignment -ObjectId $ObjectId -RoleDefinitionName $RoleName } else { $roleAssignment = Get-AzRoleAssignment -ObjectId $ObjectId -ResourceGroupName $ResourceGroup -RoleDefinitionName $RoleName } if ($null -ne $roleAssignment) { Log-Info -Message $"Sucessfully assigned $RoleName to Object Id $ObjectId" -ConsoleOut return [ErrorDetail]::Success } Log-Info -Message $"Failed to assign roles to service principal with object Id $($ObjectId). ErrorMessage: " + $_.Exception.Message + " PositionalMessage: " + $_.InvocationInfo.PositionMessage -ConsoleOut -Type Error return [ErrorDetail]::PermissionsMissing } if ($retryCount -ge $maxRetryCount) { # Timed out. Log-Info -Message $"Failed to assign roles to service principal with object Id $($ObjectId). ErrorMessage: " + $_.Exception.Message + " PositionalMessage: " + $_.InvocationInfo.PositionMessage -ConsoleOut -Type Error return [ErrorDetail]::PermissionsMissing } Log-Info -Message $"Could not assign roles to service principal with Object Id $($ObjectId). Retrying in 10 seconds..." -ConsoleOut Start-Sleep -Seconds 10 $retryCount = $retryCount + 1 } } While (-Not $stopLoop) } return [ErrorDetail]::Success } function CreateResourceGroupIfNotExists { param ( [Parameter(Mandatory = $true)] [string] $ResourceGroupName, [Parameter(Mandatory = $true)] [string] $Region ) try { # Check if the resource group exists $existingResourceGroup = Get-AzResourceGroup -Name $ResourceGroupName -ErrorAction SilentlyContinue if (([string]::IsNullOrEmpty($existingResourceGroup)) -or ([string]::IsNullOrEmpty($existingResourceGroup.ResourceGroupName))) { # Resource group doesn't exist, create it Log-Info -Message "$ResourceGroupName does not exist, creating it" -ConsoleOut New-AzResourceGroup -Name $ResourceGroupName -Location $Region -Force | Out-Null Log-info -Message "Created the resource group $ResourceGroupName" -ConsoleOut } else { # Resource group already exists Log-Info -Message "The resource group '$ResourceGroupName' already exists." -ConsoleOut } } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } } function CheckIfScriptIsRunByAdministrator { try { $user = [System.Security.Principal.WindowsIdentity]::GetCurrent() # Get the Windows Principal for the current user $principal = New-Object System.Security.Principal.WindowsPrincipal($user) # Check if the user is in the Administrator role $is_admin = $principal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator) if ($is_admin) { Log-Info -Message "User has administrator access" -ConsoleOut return $is_admin } Log-Info -Message "User is not running the script in administrator mode" -ConsoleOut return $is_admin } catch { Log-Info -Message "" -ConsoleOut Log-Info -Message "$($_.Exception.Message)" -ConsoleOut -Type Error Log-Info -Message "$($_.ScriptStackTrace)" -ConsoleOut -Type Error } } function New-ClusterWithRetries { param( [String] $ResourceIdWithAPI, [String] $Payload ) $stopLoop = $false [int]$retryCount = "0" [int]$maxRetryCount = "10" do { $response = Invoke-AzRestMethod -Path $ResourceIdWithAPI -Method PUT -Payload $Payload if (($response.StatusCode -ge 200) -and ($response.StatusCode -lt 300)) { $stopLoop = $true return $true } if ($retryCount -ge $maxRetryCount) { # Timed out. Log-Info -Message "Failed to create ARM resource representing the cluster. StatusCode: {0}, ErrorCode: {1}, Details: {2}" -f $response.StatusCode, $response.ErrorCode, $response.Content -Type Error -ConsoleOut return $false } Log-Info -Message "Failed to create ARM resource representing the cluster. Retrying in 10 seconds..." -Type Error -ConsoleOut Start-Sleep -Seconds 10 $retryCount = $retryCount + 1 } While (-Not $stopLoop) return $true } class Identity { [string] $type = "SystemAssigned" } class ResourceProperties { [string] $location [object] $properties [Identity] $identity = [Identity]::new() ResourceProperties ( [string] $location, [object] $properties ) { $this.location = $location $this.properties = $properties } } enum ErrorDetail { Unused; PermissionsMissing; Success; NodeAlreadyArcEnabled; NotFound; ClusterAlreadyExists; ConnectedRecently; DeploymentSuccess; StorageAccountAlreadyExists; KeyVaultAlreadyExists; EnvironmentValidationFailed } Export-ModuleMember -Function Invoke-AzStackHCIDeployment Export-ModuleMember -Function Invoke-AzStackHCIEnvironmentValidator Export-ModuleMember -Function Invoke-AzStackHCIEnvironmentPreparator Export-ModuleMember -Function Invoke-AzStackHCIFullDeployment Export-ModuleMember -Function PollDeploymentSettingsStatus Export-ModuleMember -Function Invoke-validateNodesForDeployment # SIG # Begin signature block # MIIoPAYJKoZIhvcNAQcCoIIoLTCCKCkCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCDwtYfCc9qAyZu # CYtBgei+LkxXlSQ1r41GPLPhBvkOAaCCDYUwggYDMIID66ADAgECAhMzAAADTU6R # phoosHiPAAAAAANNMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMwMzE2MTg0MzI4WhcNMjQwMzE0MTg0MzI4WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDUKPcKGVa6cboGQU03ONbUKyl4WpH6Q2Xo9cP3RhXTOa6C6THltd2RfnjlUQG+ # Mwoy93iGmGKEMF/jyO2XdiwMP427j90C/PMY/d5vY31sx+udtbif7GCJ7jJ1vLzd # j28zV4r0FGG6yEv+tUNelTIsFmmSb0FUiJtU4r5sfCThvg8dI/F9Hh6xMZoVti+k # bVla+hlG8bf4s00VTw4uAZhjGTFCYFRytKJ3/mteg2qnwvHDOgV7QSdV5dWdd0+x # zcuG0qgd3oCCAjH8ZmjmowkHUe4dUmbcZfXsgWlOfc6DG7JS+DeJak1DvabamYqH # g1AUeZ0+skpkwrKwXTFwBRltAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUId2Img2Sp05U6XI04jli2KohL+8w # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMDUxNzAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # ACMET8WuzLrDwexuTUZe9v2xrW8WGUPRQVmyJ1b/BzKYBZ5aU4Qvh5LzZe9jOExD # YUlKb/Y73lqIIfUcEO/6W3b+7t1P9m9M1xPrZv5cfnSCguooPDq4rQe/iCdNDwHT # 6XYW6yetxTJMOo4tUDbSS0YiZr7Mab2wkjgNFa0jRFheS9daTS1oJ/z5bNlGinxq # 2v8azSP/GcH/t8eTrHQfcax3WbPELoGHIbryrSUaOCphsnCNUqUN5FbEMlat5MuY # 94rGMJnq1IEd6S8ngK6C8E9SWpGEO3NDa0NlAViorpGfI0NYIbdynyOB846aWAjN # fgThIcdzdWFvAl/6ktWXLETn8u/lYQyWGmul3yz+w06puIPD9p4KPiWBkCesKDHv # XLrT3BbLZ8dKqSOV8DtzLFAfc9qAsNiG8EoathluJBsbyFbpebadKlErFidAX8KE # usk8htHqiSkNxydamL/tKfx3V/vDAoQE59ysv4r3pE+zdyfMairvkFNNw7cPn1kH # Gcww9dFSY2QwAxhMzmoM0G+M+YvBnBu5wjfxNrMRilRbxM6Cj9hKFh0YTwba6M7z # ntHHpX3d+nabjFm/TnMRROOgIXJzYbzKKaO2g1kWeyG2QtvIR147zlrbQD4X10Ab # rRg9CpwW7xYxywezj+iNAc+QmFzR94dzJkEPUSCJPsTFMIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGg0wghoJAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAANNTpGmGiiweI8AAAAA # A00wDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIJiv # iAjsNoEhH98xeZOfL/s4JMujwARyIkhYgkxR9mkrMEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAyaC31G/HlgV+KFDtDvZUsDKxXw4YisJ89aRp # VwMXCRaQs8UU+73Qnqf0/eASBf6fBq6r7qNJMY/WSRbtoaBi7RfPRjp5XWOvOq0B # QoZyuQF7HgcOXXK+8Be11c0PfLdbigOdUr+3QvKUlRKoM2JSkLAm1PtoTSZ0gwuE # KA8/fZU/efpDH64S9HabVsLJVUCf3o4vduBuf2ZVjYqlgq7jVw8/wNi2dr/LrWba # Pdux4PfbEMxjR6vQuhchsgHYg8m7eujDpF+riEYSYUYztdzrEkfZqJ4JEcLA94RK # z9ITK/lY9inJ+bYyzIRERapiXyA3NQr4A5LhTv7Cxc7iZ325+aGCF5cwgheTBgor # BgEEAYI3AwMBMYIXgzCCF38GCSqGSIb3DQEHAqCCF3AwghdsAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCBXnlQfqvKV8YSCBpvMoZtgejphQAnLgzPF # QWzw52CJogIGZSi0OYAHGBMyMDIzMTAyNjA4MDkxMS40NThaMASAAgH0oIHRpIHO # MIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQL # ExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxk # IFRTUyBFU046MzMwMy0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1l # LVN0YW1wIFNlcnZpY2WgghHtMIIHIDCCBQigAwIBAgITMwAAAcyGpdw369lhLQAB # AAABzDANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MDAeFw0yMzA1MjUxOTEyMDFaFw0yNDAyMDExOTEyMDFaMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046MzMwMy0w # NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Uw # ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDMsSIF8e9NmEc+83NVZGgW # WZi/wBYt8zhxAfSGM7xw7K7CbA/1A4GhovPvkIY873tnyzdyZe+6YHXx+Rd618lQ # Dmmm5X4euiYG53Ld7WIK+Dd+hyi0H97D6HM4ZzGqovmwB0fZ3lh+phJLoPT+9yrT # LFzkkKw2Vcb7wXMBziD0MVVYbmwRlRaypTntl39IENCEijW9j6MElTyXP2zrc0Ot # hQN5RrMTY5iZja3MyHCFmYMGinmHftsaG3Ydi8Ga8BQjdtoTm5dVhnqs2qKNEOqZ # Son28R4Xff0tlJL5UHyI3bywH/+zQeJu8qnsSCi8VFPOsZEb6cZzhXHaAiSGtdKA # bQRaAIhExbIUpeJypC7l+wqKC3BO9ADGupB9ZgUFbSv5ECFjMDzbfm8M5zz2A4xY # NPQXqZv0wGWL+jTvb7kFYiDPPe+zRyBbzmrSpObB7XqjqzUFNKlwp+Mx15k1F7FM # s5EM2uG68IQsdAGBkZbSDmuGmjPbZ7dtim+XHuh3NS6JmXYPS7rikpCbUsMZMn5e # WxiWFIk6f00skR4RLWmh0N6Oq+KYI1fA59LzGiAbOrcxgvQkRo3OD4o1JW9z1TNM # wEbkzPrXMo8rrGsuGoyYWcsm9xhd0GXIRHHC64nzbI3e0G5jqEsWQc4uaQeSRyr7 # 0KRijzVyWjjYfsEtvVMlJwIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFIKmHGRdPIdL # RXtsR5XRSyM3+2kMMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8G # A1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv # Y3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBs # BggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy # MDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUH # AwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQB5GUMo9XviUl3g # 72u8oQTorIKDoAdgWZ4LQ9+dAEQCmaetsThkxbNm15seu7GmwpZdhMQN8TNddGki # 5s5Ie+aA2VEo9vZz31llusHBXAVrQtpufQqtIA+2nnusfaYviitr6p5kVT609LIT # OYgdKRWEpfx/4yT5R9yMeKxoxkk8tyGiGPZK40ST5Z14OPdJfVbkYeCvlLQclsX1 # +WBZNx/XZvazJmXjvYjTuG0QbZpxw4ZO3ZoffQYxZYRzn0z41U7MDFlXo2ihfasd # bHuua6kpHxJ9AIoUevh3mzvUxYp0u0z3wYDPpLuo+M2VYh8XOCUB0u75xG3S5+98 # TKmFbqZYgpgr6P+YKeao2YpB1izs850YSzuwaX7kRxAURlmN/j5Hv4wabnOfZb36 # mDqJp4IeGmwPtwI8tEPsuRAmyreejyhkZV7dfgJ4N83QBhpHVZlB4FmlJR8yF3aB # 15QW6tw4CaH+PMIDud6GeOJO4cQE+lTc6rIJmN4cfi2TTG7e49TvhCXfBS2pzOyb # 9YemSm0krk8jJh6zgeGqztk7zewfE+3shQRc74sXLY58pvVoznfgfGvy1llbq4Oe # y96KouwiuhDtxuKlTnW7pw7xaNPhIMsOxW8dpSp915FtKfOqKR/dfJOsbHDSJY/i # iJz4mWKAGoydeLM6zLmohRCPWk/Q5jCCB3EwggVZoAMCAQICEzMAAAAVxedrngKb # SZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmlj # YXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIy # NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE # AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXI # yjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjo # YH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1y # aa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v # 3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pG # ve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viS # kR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYr # bqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlM # jgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSL # W6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AF # emzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIu # rQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIE # FgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWn # G1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEW # M2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5 # Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBi # AEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV # 9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3Js # Lm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAx # MC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2 # LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv # 6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZn # OlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1 # bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4 # rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU # 6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDF # NLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/ # HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdU # CbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKi # excdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTm # dHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZq # ELQdVTNYs6FwZvKhggNQMIICOAIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJp # Y2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjMzMDMtMDVF # MC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMK # AQEwBwYFKw4DAhoDFQBOTuZ3uYfiihS4zRToxisDt9mJpKCBgzCBgKR+MHwxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jv # c29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA6ORVlDAi # GA8yMDIzMTAyNjAzMDM0OFoYDzIwMjMxMDI3MDMwMzQ4WjB3MD0GCisGAQQBhFkK # BAExLzAtMAoCBQDo5FWUAgEAMAoCAQACAl2ZAgH/MAcCAQACAhL2MAoCBQDo5acU # AgEAMDYGCisGAQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSCh # CjAIAgEAAgMBhqAwDQYJKoZIhvcNAQELBQADggEBAI3O3X9Gy0+Tk/kDY6vyVEIx # HfXm6QO+nodmCau6GChTWmyPzJbsg3EchIbacPzGShETlZedUjiblx+atCc8/rs5 # w4uswQEZ55yruWQWeplg43+W3s9e4CzFxVNmq/89Xn6nRWL3XwFNDgrLsXJnxUxi # eeBz0t1UB9WCl6mvjDSJiC3I+OrGwIaQGQLh5pGS2Csu06c3htNaSXr33772tkY7 # 74VqebGmwth91O1KkXFSyKmW1oBdDXTwVQ7Kt4SkkiCsJKR1W1PRmwNpqX1C/0GB # B6L+4ekO1ghbYEygXYLZfFuZkqvIEAXkTv3MKsy4X7aN9cufK5naac+G2UYxvCkx # ggQNMIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAA # AcyGpdw369lhLQABAAABzDANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkD # MQ0GCyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCAy44RP1RZmudI1rtLeMzVs # twjJj4CvgjeOvo1rN7rsDjCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EINbu # ZQHC/sMCE+cgKVSkwKpDICfnefFZYgDbF4HrcFjmMIGYMIGApH4wfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAHMhqXcN+vZYS0AAQAAAcwwIgQg+5uH # XZAwMXptcfvlYTmiTSWvU4rc7mQ4De2+hpH2pUwwDQYJKoZIhvcNAQELBQAEggIA # A2j77O+UAegeQfYGFcqjHur7NUF2a+zoOSi9Wjg/6LIogPmzE3YubThq7+iEOUI6 # JrgUHKIqxjtQEoC5lU4wr8yxkKqC6cOsjW2mUCLqhEVaxtsmXQW+EsRD6PyYYcfT # wRVNp5HHBULMe1/E0o3UlTdbuUhsL8GjfFr40Ffo+skzPDvCJnaL2bKRppu81btF # J6FGnkU9W7SMegvYKJtb8ViTg9gP3yv7QRybuEdunoz+O9h5+7WpeGY9wWDluqqz # tshl2/sYCJAv85dLXXn/y68oqiFs8KgdCt3yy9jWxEvAlAnBHmEWYSE3VhAbJukL # hqtC3MC+e5miZ82W1sJ2SfcX3afHaxLdBvaM8EDM03zgnFlL0Jncy0EEeq7royn/ # TXKh+/x91NKQXweQXND5rz0hXiamac36ksDeESFMg9L0QGpxxz7tbFVzmBZI/BOb # t/PRn6AdTjedq262W3iaAoU7KdQyr4hB/wv/KTqXHYqSblPcFTj8Alix5g8Jn8Xn # kzUzMdN2ipI//CaP4h9b8ep2H9pKOASHOdcHCcPmsdL1ZgROIJfnq16f9sqPGRFm # k8vWEcWYxZgpyHkttV3GKJpK/a3+Adj4zvQ9h5JKYlxFDhF9F5ncohKJG3lqr0mx # l3LQ+FstE6DOnWHu2nbWFGY/Iss2Ay5k7dVl6vRgsVY= # SIG # End signature block |