tseed
a79cac8cd8
|
||
|---|---|---|
| .. | ||
| Azure_RHEL_instance.json | ||
| Azure_RHEL_instance.yaml | ||
| Azure_UbuntuServer_instance.json | ||
| Azure_UbuntuServer_instance.yaml | ||
| Azure_WindowsServer_instance.json | ||
| Azure_WindowsServer_instance.yaml | ||
| CFLinux_Azure_network_security_group.json | ||
| CFLinux_Azure_network_security_group.yaml | ||
| CFWindows_Azure_network_security_group.json | ||
| CFWindows_Azure_network_security_group.yaml | ||
| README.md | ||
| rhel_customscript_extension.sh | ||
| ubuntu_customscript_extension.sh | ||
README.md
Default target Resource Group
These templates were built on the Research Managed subscription in the rg-svc-rem-we-spp-1 resource group, the network vnet+subnet used resuide within the rg-vn-rem-we-1 resource group.
json vs yaml
The templates are written in yaml and converted to json with yarn. Conversion operates both ways, it is helpful to take example json arm templates and convert to yaml - usage https://github.com/Azure/azure-quickstart-templates Yaml allows comments and is much easier to read. https://github.com/TeamYARM/YARM-CLI
./Yarm.ConsoleApp.exe -i CFInstance_win.yaml
CFInstance_win.yaml => CFInstance_win.json
Templates
CFInstance_rhel.json CFInstance_rhel.yaml CFInstance_win.json CFInstance_win.yaml CFLinux_nsg.json CFLinux_nsg.yaml CFWindows_nsg.json CFWindows_nsg.yaml rhel_customscript_extension.sh
Purpose
Azure_RHEL_instance / Azure_UbuntuServer_instance
Template for a RHEL Azure instance with attached network adapter and dynamic private ip, uses parameterized network security group CFLinux_nsg. Parameter networkResourceGroup included for UoN midtier vnet that resides in a different resource group, if the value is 'unused' network interfaces will be build in the vnet+subnet of the resource group supplied during the invocation of the template. Uses waagent to run a CustomScript extension rather than cloud_init, this joins the host to the domain and performs a lookup of the owner tag to modify the sssd.conf with the tag value to ensure only the owner has access to the instance. The customscript is base64 encoded and the resultant string is put in the ARM template.
create customscript extension script property
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-linux
cat rhel_customscript_extension.sh | gzip -9 | base64 -w 0
customscript extensions
rhel_customscript_extension.sh ubuntu_customscript_extension.sh
Azure_WindowsServer_instance
Template for a Windows Azure instance with attached network adapter and dynamic private ip, uses parameterized network security group CFWindows_nsg. Parameter networkResourceGroup included for UoN midtier vnet that resides in a different resource group, if the value is 'unused' network interfaces will be build in the vnet+subnet of the resource group supplied during the invocation of the template. Uses waagent to run JsonADDomainExtension extension and CustomScriptExtension extension to join a domain and chnage the local rdp group to ensure only the owner has access to the instance.
CFLinux_Azure_network_security_group / CFWindows_Azure_network_security_group
Templates for windows or linux network security group, allows RDP/SSH respectively. Host isolation rules dropped owing to gateway being in the default vnet range.