From 4430048c0d03208dc0d2b33b93f7ba1a28db21da Mon Sep 17 00:00:00 2001 From: Roger Doherty Date: Tue, 31 Dec 2024 16:33:35 -0500 Subject: [PATCH] Upgrade to Windows Server 2025 #133 --- extras/terraform-azurerm-vnet-onprem/040-vm-adds.tf | 5 +++-- extras/terraform-azurerm-vnet-onprem/050-vm-jumpbox-win.tf | 4 +++- extras/terraform-azurerm-vnet-onprem/README.md | 4 ++-- extras/terraform-azurerm-vnet-onprem/variables.tf | 4 ++-- terraform-azurerm-vnet-app/030-vm-jumpbox-win.tf | 1 + terraform-azurerm-vnet-app/README.md | 2 +- terraform-azurerm-vnet-app/variables.tf | 2 +- terraform-azurerm-vnet-shared/050-vm-adds.tf | 1 + terraform-azurerm-vnet-shared/README.md | 2 +- terraform-azurerm-vnet-shared/variables.tf | 2 +- 10 files changed, 16 insertions(+), 11 deletions(-) diff --git a/extras/terraform-azurerm-vnet-onprem/040-vm-adds.tf b/extras/terraform-azurerm-vnet-onprem/040-vm-adds.tf index eed25c9..effc2a2 100644 --- a/extras/terraform-azurerm-vnet-onprem/040-vm-adds.tf +++ b/extras/terraform-azurerm-vnet-onprem/040-vm-adds.tf @@ -9,9 +9,10 @@ resource "azurerm_windows_virtual_machine" "vm_adds" { admin_username = data.azurerm_key_vault_secret.adminuser.value admin_password = data.azurerm_key_vault_secret.adminpassword.value network_interface_ids = [azurerm_network_interface.vm_adds_nic_01.id] - encryption_at_host_enabled = true - enable_automatic_updates = true + patch_assessment_mode = "AutomaticByPlatform" patch_mode = "AutomaticByPlatform" + provision_vm_agent = true + encryption_at_host_enabled = true tags = var.tags os_disk { diff --git a/extras/terraform-azurerm-vnet-onprem/050-vm-jumpbox-win.tf b/extras/terraform-azurerm-vnet-onprem/050-vm-jumpbox-win.tf index 5e75393..152b3ef 100644 --- a/extras/terraform-azurerm-vnet-onprem/050-vm-jumpbox-win.tf +++ b/extras/terraform-azurerm-vnet-onprem/050-vm-jumpbox-win.tf @@ -7,8 +7,10 @@ resource "azurerm_windows_virtual_machine" "vm_jumpbox_win" { admin_username = data.azurerm_key_vault_secret.adminuser.value admin_password = data.azurerm_key_vault_secret.adminpassword.value network_interface_ids = [azurerm_network_interface.vm_jumpbox_win_nic_01.id] - encryption_at_host_enabled = true + patch_assessment_mode = "AutomaticByPlatform" patch_mode = "AutomaticByPlatform" + provision_vm_agent = true + encryption_at_host_enabled = true tags = var.tags os_disk { diff --git a/extras/terraform-azurerm-vnet-onprem/README.md b/extras/terraform-azurerm-vnet-onprem/README.md index c4b6410..c13375a 100644 --- a/extras/terraform-azurerm-vnet-onprem/README.md +++ b/extras/terraform-azurerm-vnet-onprem/README.md @@ -369,7 +369,7 @@ azurerm_network_interface.vm_adds_nic_01 (nic-adds2-1) | The configured subnet i This Windows Server VM is used as an [Active Directory Domain Services](https://learn.microsoft.com/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview) [Domain Controller](https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786438(v=ws.10)) and a DNS Server running in Active Directory-integrated mode. -* Guest OS: Windows Server 2022 Datacenter Core +* Guest OS: Windows Server 2025 Datacenter Azure Edition Core * By default the [Patch orchestration mode](https://learn.microsoft.com/azure/virtual-machines/automatic-vm-guest-patching#patch-orchestration-modes) is set to `AutomaticByPlatform`. * *admin_username* and *admin_password* are configured using the key vault secrets *adminuser* and *adminpassword*. * This resource has a dependency on *azurerm_automation_account.automation_account_01*. @@ -401,7 +401,7 @@ azurerm_network_interface.vm_jumpbox_win_nic_01 (nic-jumpwin2-1) | The configure This Windows Server VM is used as a jumpbox for development and remote server administration. -* Guest OS: Windows Server 2022 Datacenter. +* Guest OS: Windows Server 2025 Datacenter Azure Edition. * By default the [patch orchestration mode](https://learn.microsoft.com/azure/virtual-machines/automatic-vm-guest-patching#patch-orchestration-modes) is set to `AutomaticByPlatform`. * *admin_username* and *admin_password* are configured using the key vault secrets *adminuser* and *adminpassword*. * This resource is configured using a [provisioner](https://www.terraform.io/docs/language/resources/provisioners/syntax.html) that runs [aadsc-register-node.ps1](./aadsc-register-node.ps1) which registers the node with *azurerm_automation_account.automation_account_01* and applies the configuration [JumpBoxConfig2](./JumpBoxConfig2.ps1). diff --git a/extras/terraform-azurerm-vnet-onprem/variables.tf b/extras/terraform-azurerm-vnet-onprem/variables.tf index aea5086..acf111b 100644 --- a/extras/terraform-azurerm-vnet-onprem/variables.tf +++ b/extras/terraform-azurerm-vnet-onprem/variables.tf @@ -109,7 +109,7 @@ variable "vm_adds_image_publisher" { variable "vm_adds_image_sku" { type = string description = "The sku of the virtual machine image used to create the VM" - default = "2022-datacenter-core-g2" + default = "2025-datacenter-azure-edition-core" } variable "vm_adds_image_version" { @@ -150,7 +150,7 @@ variable "vm_jumpbox_win_image_publisher" { variable "vm_jumpbox_win_image_sku" { type = string description = "The sku of the virtual machine image used to create the VM" - default = "2022-datacenter-g2" + default = "2025-datacenter-azure-edition" } variable "vm_jumpbox_win_image_version" { diff --git a/terraform-azurerm-vnet-app/030-vm-jumpbox-win.tf b/terraform-azurerm-vnet-app/030-vm-jumpbox-win.tf index 5056cb5..39f7a8e 100644 --- a/terraform-azurerm-vnet-app/030-vm-jumpbox-win.tf +++ b/terraform-azurerm-vnet-app/030-vm-jumpbox-win.tf @@ -26,6 +26,7 @@ resource "azurerm_windows_virtual_machine" "vm_jumpbox_win" { admin_password = data.azurerm_key_vault_secret.adminpassword.value network_interface_ids = [azurerm_network_interface.vm_jumpbox_win_nic_01.id] patch_assessment_mode = "AutomaticByPlatform" + patch_mode = "AutomaticByPlatform" provision_vm_agent = true encryption_at_host_enabled = true tags = var.tags diff --git a/terraform-azurerm-vnet-app/README.md b/terraform-azurerm-vnet-app/README.md index c0641d6..389be77 100644 --- a/terraform-azurerm-vnet-app/README.md +++ b/terraform-azurerm-vnet-app/README.md @@ -341,7 +341,7 @@ azurerm_role_assignment . vm_jumpbox_win_storage_account_role_assignment | Assig This Windows Server VM is used as a jumpbox for development and remote server administration. -* Guest OS: Windows Server 2022 Datacenter. +* Guest OS: Windows Server 2025 Datacenter Azure Edition. * By default the [patch assessment mode](https://learn.microsoft.com/en-us/azure/update-manager/assessment-options) is set to `AutomaticByPlatform` and `provision_vm_agent` is set to `true` to enable use of [Azure Update Manager Update or Patch Orchestration](https://learn.microsoft.com/en-us/azure/update-manager/updates-maintenance-schedules#update-or-patch-orchestration). * *admin_username* and *admin_password* are configured using the key vault secrets *adminuser* and *adminpassword*. * A system assigned managed identity is configured by default for use in DevOps related identity and access management scenarios. diff --git a/terraform-azurerm-vnet-app/variables.tf b/terraform-azurerm-vnet-app/variables.tf index 219868d..69b0783 100644 --- a/terraform-azurerm-vnet-app/variables.tf +++ b/terraform-azurerm-vnet-app/variables.tf @@ -190,7 +190,7 @@ variable "vm_jumpbox_win_image_publisher" { variable "vm_jumpbox_win_image_sku" { type = string description = "The sku of the virtual machine image used to create the VM" - default = "2022-datacenter-g2" + default = "2025-datacenter-azure-edition" } variable "vm_jumpbox_win_image_version" { diff --git a/terraform-azurerm-vnet-shared/050-vm-adds.tf b/terraform-azurerm-vnet-shared/050-vm-adds.tf index 29f0682..469cbb0 100644 --- a/terraform-azurerm-vnet-shared/050-vm-adds.tf +++ b/terraform-azurerm-vnet-shared/050-vm-adds.tf @@ -10,6 +10,7 @@ resource "azurerm_windows_virtual_machine" "vm_adds" { admin_password = data.azurerm_key_vault_secret.adminpassword.value network_interface_ids = [azurerm_network_interface.vm_adds_nic_01.id] patch_assessment_mode = "AutomaticByPlatform" + patch_mode = "AutomaticByPlatform" provision_vm_agent = true encryption_at_host_enabled = true tags = var.tags diff --git a/terraform-azurerm-vnet-shared/README.md b/terraform-azurerm-vnet-shared/README.md index a9e1366..f77fa81 100644 --- a/terraform-azurerm-vnet-shared/README.md +++ b/terraform-azurerm-vnet-shared/README.md @@ -250,7 +250,7 @@ azurerm_network_interface.vm_adds_nic_01 (nic‑adds1‑1) | The confi This Windows Server VM is used as an [Active Directory Domain Services](https://learn.microsoft.com/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview) [Domain Controller](https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786438(v=ws.10)) and a DNS Server running in Active Directory-integrated mode. -* Guest OS: Windows Server 2022 Datacenter Core +* Guest OS: Windows Server 2025 Datacenter Azure Edition Core * `encryption_at_host_enabled` is set to `true` * By default the [patch assessment mode](https://learn.microsoft.com/en-us/azure/update-manager/assessment-options) is set to `AutomaticByPlatform` and `provision_vm_agent` is set to `true` to enable use of [Azure Update Manager Update or Patch Orchestration](https://learn.microsoft.com/en-us/azure/update-manager/updates-maintenance-schedules#update-or-patch-orchestration). * *admin_username* and *admin_password* are configured using the key vault secrets *adminuser* and *adminpassword*. diff --git a/terraform-azurerm-vnet-shared/variables.tf b/terraform-azurerm-vnet-shared/variables.tf index 9767e1e..b998f93 100644 --- a/terraform-azurerm-vnet-shared/variables.tf +++ b/terraform-azurerm-vnet-shared/variables.tf @@ -119,7 +119,7 @@ variable "vm_adds_image_publisher" { variable "vm_adds_image_sku" { type = string description = "The sku of the virtual machine image used to create the VM" - default = "2022-datacenter-core-g2" + default = "2025-datacenter-azure-edition-core" } variable "vm_adds_image_version" {