Merge pull request #136 from Azure-Samples/vnext

README.md

@@ -29,8 +29,8 @@ This repository contains a collection of inter-dependent [cloud computing](https
 * [PowerShell](https://learn.microsoft.com/powershell/scripting/overview?view=powershell-7.1)
   * [PowerShell 7.x](https://learn.microsoft.com/en-us/powershell/scripting/whats-new/differences-from-windows-powershell)
   * [PowerShell 5.1](https://learn.microsoft.com/powershell/scripting/overview?view=powershell-5.1) for Windows Server configuration.
-* [Terraform](https://www.terraform.io/intro/index.html#what-is-terraform-) v1.10.1 for [Infrastructure as Code](https://en.wikipedia.org/wiki/Infrastructure_as_code) (IaC).
-  * [Azure Provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs) (azuerrm) v4.13.0
+* [Terraform](https://www.terraform.io/intro/index.html#what-is-terraform-) v1.10.3 for [Infrastructure as Code](https://en.wikipedia.org/wiki/Infrastructure_as_code) (IaC).
+  * [Azure Provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs) (azuerrm) v4.14.0
   * [AzAPI Provider](https://registry.terraform.io/providers/Azure/azapi/latest/docs) (azapi) v2.1.0
   * [cloud-init Provider](https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs) (cloudinit) v2.3.5
   * [Random Provider](https://registry.terraform.io/providers/hashicorp/random/latest/docs) (random) v3.6.3

extras/terraform-azurerm-ai-callcenter/010-common.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=4.13.0"
+      version = "=4.14.0"
     }
 
     random = {

extras/terraform-azurerm-aistudio/010-common.tf

@@ -7,7 +7,7 @@ terraform {
 
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=4.13.0"
+      version = "=4.14.0"
     }
 
     random = {

extras/terraform-azurerm-rg-devops/010-common.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=4.13.0"
+      version = "=4.14.0"
     }
 
     cloudinit = {

extras/terraform-azurerm-vm-devops/010-common.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=4.13.0"
+      version = "=4.14.0"
     }
   }
 }

extras/terraform-azurerm-vnet-onprem/010-common.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=4.13.0"
+      version = "=4.14.0"
     }
 
     random = {

extras/terraform-azurerm-vnet-onprem/JumpBoxConfig2.ps1

@@ -13,44 +13,23 @@ configuration JumpBoxConfig2 {
     $domainAdminCredential = Get-AutomationPSCredential 'domainadmin'
 
     node $ComputerName {
-        xDSCDomainjoin 'JoinDomain' {
-            Domain = $domain
-            Credential = $domainAdminCredential
-        }
-
         WindowsFeature 'RSAT-AD-PowerShell' {
             Name = 'RSAT-AD-PowerShell'
             Ensure = 'Present'
-            DependsOn = '[xDSCDomainjoin]JoinDomain'            
         }
 
         WindowsFeature 'RSAT-ADDS' {
             Name = 'RSAT-ADDS'
             Ensure = 'Present'
-            DependsOn = '[xDSCDomainjoin]JoinDomain'            
         }
 
         WindowsFeature 'RSAT-DNS-Server' {
             Name = 'RSAT-DNS-Server'
             Ensure = 'Present'
-            DependsOn = '[xDSCDomainjoin]JoinDomain' 
         }
 
         cChocoInstaller 'Chocolatey' {
             InstallDir = 'c:\choco'
-            DependsOn = '[xDSCDomainjoin]JoinDomain'
-        }
-
-        cChocoPackageInstaller 'Edge' {
-            Name = 'microsoft-edge'
-            DependsOn = '[cChocoInstaller]Chocolatey'
-            AutoUpgrade = $true
-        }
-
-        cChocoPackageInstaller 'AzPowerShell' {
-            Name = 'az.powershell'
-            DependsOn = '[cChocoInstaller]Chocolatey'
-            AutoUpgrade = $true
         }
 
         cChocoPackageInstaller 'VSCode' {
@@ -88,5 +67,11 @@ configuration JumpBoxConfig2 {
             DependsOn = '[cChocoInstaller]Chocolatey'
             AutoUpgrade = $true
         }
+
+        xDSCDomainjoin 'JoinDomain' {
+            Domain = $domain
+            Credential = $domainAdminCredential
+            DependsOn = '[WindowsFeature]RSAT-AD-PowerShell' 
+        }
     }
 }

extras/terraform-azurerm-vnet-onprem/README.md

@@ -186,24 +186,60 @@ This smoke testing uses the RDP connection to *jumpwin2* established previously
 
 #### Test TDS (port 1433) connectivity to *mssqlwin1* private endpoint (IaaS)
 
-* From a Windows PowerShell command prompt, run the following command:
+* From *mssqlwin1*, temporarily configure the default SQL Server instance  to use SQL Server mixed authentication.
+  * Navigate to *Start* > *Microsoft SQL Server Tools 20* > *Microsoft SQL Server Management Studio 20*
+  * Connect to the default instance of SQL Server installed on the database server virtual machine using the following settings:
+    * Server
+      * Server type: `Database Engine`
+      * Server name: `mssqlwin1`
+      * Authentication: `Windows Authentication` (this will default to *MYSANDBOX\bootstrapadmin*)
+    * Connection security
+      * Encryption: `Optional`
+  * Right click on *mssqlwin1* and select *Properties*.
+  * Select the *Security* tab.
+  * Change *Server authentication* to `SQL Server and Windows Authentication mode`.
+  * Click *OK*.
+  * Right click on *mssqlwin1* and select *Restart*.
+  * Expand *Security* > *Logins*.
+  * Right click on *Logins* and select *New Login...*
+  * Configure the following settings, then click *OK*
+
+    Setting | Value
+    --- | ---
+    Login name | *bootstrapadmin*
+    Login type | `SQL Server authentication`
+    Password | Use the value of the *adminpassword* secret in key vault.
+    Enforce password policy | Enabled
+    Enforce password expiration | Enabled
+    User must change password at next login | Disabled
+    Server Roles | `public` and `sysadmin`
+
+* From *jumpwin2*, test connectivity to the default SQL Server instance on *mssqlwin1*.
+  * From a Windows PowerShell command prompt, run the following command:
 
-  ```powershell
-  # Replace FQDN with the value copied previously.
-  Resolve-DnsName mssqlwin1.mysandbox.local
-  ```
+    ```powershell
+    # Replace FQDN with the value copied previously.
+    Resolve-DnsName mssqlwin1.mysandbox.local
+    ```
 
-* Verify the *IP4Address* returned is within the IP address prefix for *azurerm_subnet.vnet_app_01_subnets["snet-db-01"]*, e.g. `10.2.1.4`.
-* Navigate to *Start* > *Microsoft SQL Server Tools 19* > *Microsoft SQL Server Management Studio 19*.
-* Connect to the default instance of SQL Server installed on mssqlwin1 using the following values:
-  * Server name: *mssqlwin1.mysandbox.local*
-  * Authentication: *SQL Server Authentication*
-    * Login: `sa`
-    * Password: Use the value of the *adminpassword* secret in key vault.
-* Close SQL Server Management Studio.
+  * Verify the *IP4Address* returned is within the IP address prefix for *azurerm_subnet.vnet_app_01_subnets["snet-db-01"]*, e.g. `10.2.1.4`.
+  * Navigate to *Start* > *Microsoft SQL Server Tools 20* > *Microsoft SQL Server Management Studio 20*.
+  * Connect to the default instance of SQL Server installed on *mssqlwin1* using the following values:
+    * Server
+      * Server type: `Database Engine`
+      * Server name: *mssqlwin1.mysandbox.local*
+      * Authentication: *SQL Server Authentication*
+      * Login: *bootstrapadmin*
+      * Password: Use the value of the *adminpassword* secret in key vault.
+    * Connection security
+      * Encryption: `Optional`
+  * Close SQL Server Management Studio.
+
+* From *mssqlwin1*, revert the SQL Server instance to use Windows Authentication only.
 
 #### Test TDS (port 1433) connectivity to Azure SQL Database private endpoint (PaaS)
 
+* Note: This test will not work if the `Support only Microsoft Entra authentication for this server` option is enabled. You must temporarily disable this option to complete this test.
 * From the client environment, navigate to *portal.azure.com* > *SQL Servers* > *mssql-xxxxxxxxxxxxxxxx* > *Properties* > *Server name* and copy the the FQDN, e.g. *mssql‑xxxxxxxxxxxxxxxx.database.windows.net*.
 * From *jumpwin2*, run the following Windows PowerShell command:
 
@@ -213,13 +249,18 @@ This smoke testing uses the RDP connection to *jumpwin2* established previously
   ```
 
 * Verify the *IP4Address* returned is within the subnet IP address prefix for *azurerm_subnet.vnet_app_01_subnets["snet-privatelink-01"]*, e.g. `10.2.2.*`.
-* Navigate to *Start* > *Microsoft SQL Server Tools 18* > *Microsoft SQL Server Management Studio 18*
+* Navigate to *Start* > *Microsoft SQL Server Tools 20* > *Microsoft SQL Server Management Studio 20*
 * Connect to the Azure SQL Database server private endpoint
-  * Server name: `mssql-xxxxxxxxxxxxxxxx.database.windows.net`
-  * Authentication: `SQL Server Authentication`
-  * Login: `bootstrapadmin`
-  * Password: Use the value stored in the *adminpassword* key vault secret
+  * Server
+    * Server type: `Database Engine`
+    * Server name: `mssql-xxxxxxxxxxxxxxxx.database.windows.net`
+    * Authentication: `SQL Server Authentication`
+    * Login: `bootstrapadmin`
+    * Password: Use the value stored in the *adminpassword* key vault secret
+  * Connection security
+    * Encryption: `Optional`
 * Expand the *Databases* tab and verify you can see *testdb*.
+* Close SQL Server Management Studio.
 
 #### Test port 3306 connectivity to Azure MySQL Flexible Server private endpoint (PaaS)
 
@@ -240,6 +281,7 @@ This smoke testing uses the RDP connection to *jumpwin2* established previously
   * Uwername: `bootstrapadmin`
   * Schema: `testdb`
   * Click *OK* and when prompted for *password* use the value of the *adminpassword* secret in key vault.
+* Close MySQL Workbench.
 
 ## Documentation
 

extras/terraform-azurerm-vnet-onprem/aadsc-register-node.ps1

@@ -128,6 +128,61 @@ function Register-DscNode {
         -RebootNodeIfNeeded $true `
         -ActionAfterReboot 'ContinueConfiguration' `
         -ErrorAction SilentlyContinue
+
+    Write-Log "Sleeping for 60 seconds before checking node status..."    
+    Start-Sleep -Seconds 60
+
+    try {
+        $dscNodes = Get-AzAutomationDscNode `
+            -ResourceGroupName $ResourceGroupName `
+            -AutomationAccountName $AutomationAccountName `
+            -Name $VirtualMachineName `
+            -ErrorAction Stop
+    }
+    catch {
+        Exit-WithError $_
+    }
+
+    if ($null -eq $dscNodes) {
+        Exit-WithError "No existing DSC node registrations for '$VirtualMachineName' with node configuration '$nodeConfigName' found..."
+    }
+
+    $dscNode = $dscNodes[0]
+    $dscNodeId = $dscNode.Id
+    $dscNodeStatus = $dscNode.Status
+    Write-Log "DSC node registration id '$dscNodeId' found with status '$dscNodeStatus'..."    
+
+    $maxRetries = 30
+    $retryCount = 0
+    $statusCompliant = "Compliant"
+
+    while ($retryCount -lt $maxRetries -and $dscNodeStatus -ne $statusCompliant) {
+        $retryCount++
+        try {
+            $dscNodes = Get-AzAutomationDscNode `
+                -Id $dscNodeId `
+                -ResourceGroupName $ResourceGroupName `
+                -AutomationAccountName $AutomationAccountName `
+                -ErrorAction Stop
+            }
+        catch {
+            Exit-WithError $_
+        }
+
+        $dscNode = $dscNodes[0]
+        $dscNodeId = $dscNode.Id
+        $dscNodeStatus = $dscNode.Status
+        Write-Log "Retry '$retryCount': DSC node registration id '$dscNodeId' status is '$dscNodeStatus'..."
+
+        if ($dscNodeStatus -ne $statusCompliant) {
+            Write-Log "DSC node status is not '$statusCompliant'. Retrying in 30 seconds..."
+            Start-Sleep -Seconds 30
+        }
+    }
+
+    if ($dscNodeStatus -ne $statusCompliant) {
+        Exit-WithError "DSC node status did not reach '$statusCompliant' after $maxRetries attempts."
+    }    
 }
 #endregion
 

extras/terraform-azurerm-vnet-onprem/configure-automation.ps1

@@ -105,11 +105,21 @@ function Start-DscCompliationJob {
         ComputerName = $VirtualMachineName
     }
 
+    $configuationData = @{
+        AllNodes = @(
+            @{
+                NodeName = "$VirtualMachineName"
+                PsDscAllowPlainTextPassword = $true
+            }
+        )
+    }
+
     try {
         $dscCompilationJob = Start-AzAutomationDscCompilationJob `
             -ResourceGroupName $ResourceGroupName `
             -AutomationAccountName $AutomationAccountName `
             -ConfigurationName $DscConfigurationName `
+            -ConfigurationData $configuationData `
             -Parameters $params `
             -ErrorAction Stop
     }

terraform-azurerm-mssql/010-common.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=4.13.0"
+      version = "=4.14.0"
     }
 
     random = {

terraform-azurerm-mysql/010-common.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=4.13.0"
+      version = "=4.14.0"
     }
 
     random = {

terraform-azurerm-vm-mssql/010-common.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=4.13.0"
+      version = "=4.14.0"
     }
   }
 }

terraform-azurerm-vnet-app/010-common.tf

@@ -7,7 +7,7 @@ terraform {
 
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=4.13.0"
+      version = "=4.14.0"
     }
 
     random = {

terraform-azurerm-vnet-shared/010-common.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=4.13.0"
+      version = "=4.14.0"
     }
 
     random = {

terraform-azurerm-vwan/010-common.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "=4.13.0"
+      version = "=4.14.0"
     }
 
     random = {