Add Quick Start Template

.azure/scale.csv

@@ -0,0 +1,7 @@
+stage,siteId,location,domainFqdn
+dev,contoso," ""eastus"""," ""jumpstart.local"""
+dev,,
+dev,,
+dev,,
+dev,,
+dev,,

dev/contoso/.gitignore

@@ -0,0 +1 @@
+*.tfvars

dev/contoso/backend.tf

@@ -0,0 +1,10 @@
+terraform {
+  backend "azurerm" {
+    resource_group_name  = "hybrid-iac"
+    storage_account_name = "hybridiac"
+    container_name       = "hybridiac"
+    key                  = "contoso.tfstate"
+    use_azuread_auth     = true
+    subscription_id      = "bd7961c1-21fb-449a-afff-070bf4b4e500"
+  }
+}

dev/contoso/imports.tf

@@ -0,0 +1,6 @@
+# # Uncomment the following lines to import the resource group when Arc servers are provisioned by yourself.
+
+# import {
+#   id = "/subscriptions/<subscription_id>/resourceGroups/<resourceGroup>"
+#   to = module.base.azurerm_resource_group.rg
+# }

dev/contoso/main.tf

@@ -0,0 +1,6 @@
+module "base" {
+  source          = "../../modules/base"
+  location        = "eastus"
+  siteId          = basename(abspath(path.module))
+  domainFqdn      = "jumpstart.local"
+}

dev/contoso/provider.tf

@@ -0,0 +1,9 @@
+provider "azurerm" {
+  features {
+  }
+  subscription_id = var.subscription_id
+}
+
+provider "azapi" {
+  subscription_id = var.subscription_id
+}

dev/contoso/terraform.tf

@@ -0,0 +1,15 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+    azapi = {
+      source = "azure/azapi"
+    }
+  }
+}

dev/contoso/variables.tf

@@ -0,0 +1,66 @@
+variable "subscription_id" {
+  description = "The subscription id to register this environment."
+  type        = string
+}
+
+variable "local_admin_user" {
+  description = "The username of the local administrator account."
+  sensitive   = true
+  type        = string
+}
+
+variable "local_admin_password" {
+  description = "The password of the local administrator account."
+  sensitive   = true
+  type        = string
+}
+
+variable "domain_admin_user" {
+  description = "The username of the domain account."
+  sensitive   = true
+  type        = string
+}
+
+variable "domain_admin_password" {
+  description = "The password of the domain account."
+  sensitive   = true
+  type        = string
+}
+
+variable "deployment_user_password" {
+  sensitive   = true
+  type        = string
+  description = "The password for deployment user."
+}
+
+variable "service_principal_id" {
+  description = "The id of service principal to create hci cluster."
+  sensitive   = true
+  type        = string
+}
+
+variable "service_principal_secret" {
+  description = "The secret of service principal to create hci cluster."
+  sensitive   = true
+  type        = string
+}
+
+variable "rp_service_principal_object_id" {
+  default     = ""
+  type        = string
+  description = "The object ID of the HCI resource provider service principal."
+}
+
+variable "vm_admin_password" {
+  description = "Admin password for the VM"
+  type        = string
+  sensitive   = true
+  default     = ""
+}
+
+variable "domain_join_password" {
+  description = "Password of User with permissions to join the domain."
+  type        = string
+  sensitive   = true
+  default     = ""
+}

modules/base/checks.tf

@@ -0,0 +1,16 @@
+locals {
+  is_windows = length(regexall("^[a-z]:", lower(abspath(path.root)))) > 0
+  program = local.is_windows ? "powershell.exe" : "pwsh"
+}
+
+data "external" "lnet_ip_check" {
+  program = [local.program, "-File", "${abspath(path.module)}/scripts/ip-range-overlap.ps1", var.starting_address, var.ending_address, var.lnet_starting_address, var.lnet_ending_address]
+
+  lifecycle {
+    postcondition {
+      condition     = self.result.result == "ok"
+      error_message = "AKS Arc IP range overlaps with HCI IP range."
+    }
+  }
+}
+

modules/base/main.tf

@@ -0,0 +1,195 @@
+resource "azurerm_resource_group" "rg" {
+  depends_on = [
+    data.external.lnet_ip_check
+  ]
+  name     = local.resource_group_name
+  location = var.location
+  tags = {
+    siteId = var.site_id
+  }
+
+  lifecycle {
+    ignore_changes = [tags]
+  }
+}
+
+data "azurerm_client_config" "current" {}
+
+module "edge_site" {
+  source  = "Azure/avm-res-edge-site/azurerm"
+  version = "~>0.0"
+
+  location              = azurerm_resource_group.rg.location
+  address_resource_name = local.address_resource_name
+  country               = var.country
+  resource_group_id     = azurerm_resource_group.rg.id
+  site_display_name     = local.site_display_name
+  site_resource_name    = local.site_resource_name
+  enable_telemetry      = var.enable_telemetry
+}
+
+# Prepare AD
+module "hci_ad_provisioner" {
+  source  = "Azure/avm-ptn-hci-ad-provisioner/azurerm"
+  version = "~>0.0"
+
+  count               = var.enable_provisioners ? 1 : 0
+  resource_group_name = azurerm_resource_group.rg.name
+
+  enable_telemetry = var.enable_telemetry # see variables.tf
+  # Beginning of specific varible for virtual environment
+  dc_port                  = var.dc_port
+  dc_ip                    = var.dc_ip
+  authentication_method    = var.authentication_method
+  domain_fqdn              = var.domain_fqdn
+  deployment_user_password = var.deployment_user_password
+  domain_admin_user        = var.domain_admin_user
+  domain_admin_password    = var.domain_admin_password
+  deployment_user          = local.deployment_user_name
+  adou_path                = local.adou_path
+}
+
+# Prepare arc server
+module "hci_server_provisioner" {
+  source  = "Azure/avm-ptn-hci-server-provisioner/azurerm"
+  version = "~>0.0"
+
+  for_each = var.enable_provisioners ? {
+    for index, server in var.servers :
+    server.name => server.ipv4Address
+  } : {}
+
+  enable_telemetry         = var.enable_telemetry # see variables.tf
+  name                     = each.key
+  resource_group_name      = azurerm_resource_group.rg.name
+  local_admin_user         = var.local_admin_user
+  local_admin_password     = var.local_admin_password
+  authentication_method    = var.authentication_method
+  server_ip                = var.virtual_host_ip == "" ? each.value : var.virtual_host_ip
+  winrm_port               = var.virtual_host_ip == "" ? 5985 : var.server_ports[each.key]
+  subscription_id          = var.subscription_id
+  location                 = azurerm_resource_group.rg.location
+  tenant                   = data.azurerm_client_config.current.tenant_id
+  service_principal_id     = var.service_principal_id
+  service_principal_secret = var.service_principal_secret
+  expand_c                 = var.virtual_host_ip == "" ? false : true
+}
+
+module "azurestackhci_cluster" {
+  source  = "Azure/avm-res-azurestackhci-cluster/azurerm"
+  version = "~>0.0"
+
+  depends_on = [module.hci_server_provisioner, module.hci_ad_provisioner]
+
+  location            = azurerm_resource_group.rg.location
+  name                = local.cluster_name
+  resource_group_name = azurerm_resource_group.rg.name
+
+  enable_telemetry = var.enable_telemetry # see variables.tf
+
+  site_id                         = var.site_id
+  domain_fqdn                     = var.domain_fqdn
+  starting_address                = var.starting_address
+  ending_address                  = var.ending_address
+  subnet_mask                     = var.subnet_mask
+  default_gateway                 = var.default_gateway
+  dns_servers                     = var.dns_servers
+  adou_path                       = local.adou_path
+  servers                         = var.servers
+  management_adapters             = var.management_adapters
+  storage_networks                = var.storage_networks
+  rdma_enabled                    = var.rdma_enabled
+  storage_connectivity_switchless = var.storage_connectivity_switchless
+  custom_location_name            = local.custom_location_name
+  witness_storage_account_name    = local.witness_storage_account_name
+  keyvault_name                   = local.keyvault_name
+  random_suffix                   = local.random_suffix
+  deployment_user                 = local.deployment_user_name
+  deployment_user_password        = var.deployment_user_password
+  local_admin_user                = var.local_admin_user
+  local_admin_password            = var.local_admin_password
+  service_principal_id            = var.service_principal_id
+  service_principal_secret        = var.service_principal_secret
+  rp_service_principal_object_id  = var.rp_service_principal_object_id
+}
+
+module "azurestackhci_logicalnetwork" {
+  source  = "Azure/avm-res-azurestackhci-logicalnetwork/azurerm"
+  version = "~>0.0"
+
+  depends_on = [module.azurestackhci_cluster]
+
+  location            = azurerm_resource_group.rg.location
+  name                = local.logical_network_name
+  resource_group_name = azurerm_resource_group.rg.name
+
+  enable_telemetry   = var.enable_telemetry # see variables.tf
+  resource_group_id  = azurerm_resource_group.rg.id
+  custom_location_id = module.azurestackhci_cluster.customlocation.id
+  vm_switch_name     = module.azurestackhci_cluster.v_switch_name
+  starting_address   = var.lnet_starting_address
+  ending_address     = var.lnet_ending_address
+  dns_servers        = length(var.lnet_dns_servers) == 0 ? var.dns_servers : var.lnet_dns_servers
+  default_gateway    = var.lnet_default_gateway == "" ? var.default_gateway : var.lnet_default_gateway
+  address_prefix     = var.lnet_address_prefix
+  vlan_id            = var.lnet_vlan_id
+}
+
+module "hybridcontainerservice_provisionedclusterinstance" {
+  source  = "Azure/avm-res-hybridcontainerservice-provisionedclusterinstance/azurerm"
+  version = "~>0.0"
+
+  depends_on = [module.azurestackhci_cluster, module.azurestackhci_logicalnetwork]
+
+  location            = azurerm_resource_group.rg.location
+  name                = local.aks_arc_name
+  resource_group_name = azurerm_resource_group.rg.name
+
+  enable_telemetry = var.enable_telemetry # see variables.tf
+
+  custom_location_id          = module.azurestackhci_cluster.customlocation.id
+  logical_network_id          = module.azurestackhci_logicalnetwork.resource_id
+  agent_pool_profiles         = var.agent_pool_profiles
+  ssh_key_vault_id            = module.azurestackhci_cluster.keyvault.id
+  control_plane_ip            = var.aks_arc_control_plane_ip
+  kubernetes_version          = var.kubernetes_version
+  control_plane_count         = var.control_plane_count
+  rbac_admin_group_object_ids = var.rbac_admin_group_object_ids
+}
+
+locals {
+  server_names = [for server in var.servers : server.name]
+}
+
+module "azuremonitorwindowsagent" {
+  source  = "Azure/avm-ptn-azuremonitorwindowsagent/azurerm"
+  version = "~>0.0"
+
+  depends_on       = [module.azurestackhci_cluster]
+  enable_telemetry = var.enable_telemetry
+
+  count                            = var.enable_insights ? 1 : 0
+  resource_group_name              = azurerm_resource_group.rg.name
+  server_names                     = local.server_names
+  arc_setting_id                   = module.azurestackhci_cluster.arc_settings.id
+  data_collection_rule_resource_id = var.data_collection_rule_resource_id
+}
+
+resource "azapi_resource" "alerts" {
+  depends_on = [module.azurestackhci_cluster]
+  count      = var.enable_alerts && var.enable_insights ? 1 : 0
+  type       = "Microsoft.AzureStackHCI/clusters/ArcSettings/Extensions@2023-08-01"
+  parent_id  = module.azurestackhci_cluster.arc_settings.id
+  name       = "AzureEdgeAlerts"
+  body = {
+    properties = {
+      extensionParameters = {
+        enableAutomaticUpgrade  = true
+        autoUpgradeMinorVersion = false
+        publisher               = "Microsoft.AzureStack.HCI.Alerts"
+        type                    = "AlertsForWindowsHCI"
+        settings                = {}
+      }
+    }
+  }
+}

modules/base/naming.tf

@@ -0,0 +1,21 @@
+locals {
+  resource_group_name           = "${var.site_id}-rg"
+  site_resource_name            = length(var.site_id) < 4 ? "${var.site_id}-site" : "${var.site_id}"
+  site_display_name             = var.site_id
+  address_resource_name         = "${var.site_id}-address"
+  deployment_user_name          = "${var.site_id}deploy"
+  witness_storage_account_name  = "${lower(var.site_id)}wit"
+  keyvault_name                 = "${var.site_id}-kv"
+  adou_path                     = "OU=${var.site_id},${var.adou_suffix}"
+  cluster_name                  = "${var.site_id}-cl"
+  custom_location_name          = "${var.site_id}-customlocation"
+  workspace_name                = "${var.site_id}-workspace"
+  data_collection_endpoint_name = "${var.site_id}-dce"
+  data_collection_rule_name     = "AzureStackHCI-${var.site_id}-dcr"
+  logical_network_name          = "${var.site_id}-logicalnetwork"
+  aks_arc_name                  = "${var.site_id}-aksArc"
+  vm_name                       = "${var.site_id}-vm"
+  vm_admin_username             = "${var.site_id}admin"
+  domain_join_user_name         = "${var.site_id}vmuser"
+  random_suffix                 = true
+}

modules/base/scripts/ip-range-overlap.ps1

@@ -0,0 +1,25 @@
+param(
+    $range1_start,
+    $range1_end,
+    $range2_start,
+    $range2_end
+)
+
+$script:ErrorActionPreference = 'Stop'
+$result = "overlap"
+
+if (([IPAddress]$range1_start).Address -gt ([IPAddress]$range1_end).Address -or ([IPAddress]$range2_start).Address -gt ([IPAddress]$range2_end).Address) {
+    $result = "invalid"
+}
+
+if (([IPAddress]$range1_end).Address -lt ([IPAddress]$range2_start).Address) {
+    $result = "ok"
+}
+
+if (([IPAddress]$range2_end).Address -lt ([IPAddress]$range1_start).Address) {
+    $result = "ok"
+}
+
+echo @{
+    "result"= $result
+} | ConvertTo-Json