From 3052d00815089ddd0682bab1ac7b0a01c6bd52f8 Mon Sep 17 00:00:00 2001 From: Glenn Musa <4622125+glennmusa@users.noreply.github.com> Date: Wed, 20 Oct 2021 16:22:55 +0000 Subject: [PATCH] update the remote access example to include a log analytics workspace --- src/bicep/examples/remoteAccess/README.md | 14 +- src/bicep/examples/remoteAccess/main.bicep | 3 + src/bicep/examples/remoteAccess/main.json | 200 ++++++++++++++++++--- 3 files changed, 192 insertions(+), 25 deletions(-) diff --git a/src/bicep/examples/remoteAccess/README.md b/src/bicep/examples/remoteAccess/README.md index e8784c833..b32119b9f 100644 --- a/src/bicep/examples/remoteAccess/README.md +++ b/src/bicep/examples/remoteAccess/README.md @@ -74,6 +74,11 @@ az deployment sub show \ "type": "String", "value": "/subscriptions/.../providers/Microsoft.Network/networkSecurityGroups/hub-nsg" }, + ... + "logAnalyticsWorkspaceResourceId": { + "type": "String", + "value": "/subscriptions/.../providers/Microsoft.OperationalInsights/workspaces/mlz-dev-laws" + }, } ``` @@ -81,7 +86,7 @@ az deployment sub show \ ```bash -export $(az deployment sub show --name "myMlzDeployment" --query "properties.outputs.{ args: [ join('', ['hubResourceGroupName=', hubResourceGroupName.value]), join('', ['hubVirtualNetworkName=', hubVirtualNetworkName.value]), join('', ['hubSubnetResourceId=', hubSubnetResourceId.value]), join('', ['hubNetworkSecurityGroupResourceId=', hubNetworkSecurityGroupResourceId.value]) ] }.args" --output tsv | xargs) +export $(az deployment sub show --name "myMlzDeployment" --query "properties.outputs.{ args: [ join('', ['hubResourceGroupName=', hubResourceGroupName.value]), join('', ['hubVirtualNetworkName=', hubVirtualNetworkName.value]), join('', ['hubSubnetResourceId=', hubSubnetResourceId.value]), join('', ['hubNetworkSecurityGroupResourceId=', hubNetworkSecurityGroupResourceId.value]), join('', ['logAnalyticsWorkspaceResourceId=', logAnalyticsWorkspaceResourceId.value]) ] }.args" --output tsv | xargs) ``` @@ -98,8 +103,9 @@ hubResourceGroupName="mlz-dev-hub" hubVirtualNetworkName="hub-vnet" hubSubnetResourceId="/subscriptions/.../providers/Microsoft.Network/virtualNetworks/hub-vnet/subnets/hub-subnet" hubNetworkSecurityGroupResourceId="/subscriptions/.../providers/Microsoft.Network/networkSecurityGroups/hub-nsg" +logAnalyticsWorkspaceResourceId="/subscriptions/.../providers/Microsoft.OperationalInsights/workspaces/mlz-dev-laws" -linuxPassword=$(openssl rand -base64 14) # generate a random 14 character password +my_password=$(openssl rand -base64 14) # generate a random 14 character password az deployment group create \ --name "RemoteAccessExample" \ @@ -109,7 +115,9 @@ az deployment group create \ hubVirtualNetworkName="$hubVirtualNetworkName" \ hubSubnetResourceId="$hubSubnetResourceId" \ hubNetworkSecurityGroupResourceId="$hubNetworkSecurityGroupResourceId" \ - linuxVmAdminPasswordOrKey="$linuxPassword" + logAnalyticsWorkspaceResourceId="$logAnalyticsWorkspaceResourceId" \ + linuxVmAdminPasswordOrKey="$my_password" \ + windowsVmAdminPassword="$my_password" ``` Or, completely experimentally, try the Portal: diff --git a/src/bicep/examples/remoteAccess/main.bicep b/src/bicep/examples/remoteAccess/main.bicep index eaef3a7ff..1193d83ac 100644 --- a/src/bicep/examples/remoteAccess/main.bicep +++ b/src/bicep/examples/remoteAccess/main.bicep @@ -3,6 +3,7 @@ param location string = resourceGroup().location param hubVirtualNetworkName string param hubSubnetResourceId string param hubNetworkSecurityGroupResourceId string +param logAnalyticsWorkspaceResourceId string param bastionHostName string = 'bastionHost' param bastionHostSubnetAddressPrefix string = '10.0.100.160/27' @@ -99,5 +100,7 @@ module remoteAccess '../../modules/remoteAccess.bicep' = { windowsVmVersion: windowsVmVersion windowsVmCreateOption: windowsVmCreateOption windowsVmStorageAccountType: windowsVmStorageAccountType + + logAnalyticsWorkspaceId: logAnalyticsWorkspaceResourceId } } diff --git a/src/bicep/examples/remoteAccess/main.json b/src/bicep/examples/remoteAccess/main.json index 102115f84..080e968f7 100644 --- a/src/bicep/examples/remoteAccess/main.json +++ b/src/bicep/examples/remoteAccess/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.613.9944", - "templateHash": "10649862739162036164" + "version": "0.4.1008.15138", + "templateHash": "10398940261016449040" } }, "parameters": { @@ -22,6 +22,9 @@ "hubNetworkSecurityGroupResourceId": { "type": "string" }, + "logAnalyticsWorkspaceId": { + "type": "string" + }, "bastionHostName": { "type": "string", "defaultValue": "bastionHost" @@ -171,7 +174,7 @@ "resources": [ { "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", + "apiVersion": "2020-06-01", "name": "[format('deploy-remoteAccess-Example-{0}', parameters('nowUtc'))]", "properties": { "expressionEvaluationOptions": { @@ -292,6 +295,9 @@ }, "windowsVmStorageAccountType": { "value": "[parameters('windowsVmStorageAccountType')]" + }, + "logAnalyticsWorkspaceId": { + "value": "[parameters('logAnalyticsWorkspaceId')]" } }, "template": { @@ -300,8 +306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.613.9944", - "templateHash": "9206703012100649755" + "version": "0.4.1008.15138", + "templateHash": "1148831067271080103" } }, "parameters": { @@ -428,13 +434,16 @@ }, "windowsVmStorageAccountType": { "type": "string" + }, + "logAnalyticsWorkspaceId": { + "type": "string" } }, "functions": [], "resources": [ { "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", + "apiVersion": "2020-06-01", "name": "remoteAccess-bastionHost", "properties": { "expressionEvaluationOptions": { @@ -479,8 +488,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.613.9944", - "templateHash": "10497818437168204965" + "version": "0.4.1008.15138", + "templateHash": "8312671392588769494" } }, "parameters": { @@ -575,7 +584,7 @@ }, { "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", + "apiVersion": "2020-06-01", "name": "remoteAccess-linuxNetworkInterface", "properties": { "expressionEvaluationOptions": { @@ -611,8 +620,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.613.9944", - "templateHash": "14459425343428091407" + "version": "0.4.1008.15138", + "templateHash": "15767041695622422511" } }, "parameters": { @@ -680,7 +689,7 @@ }, { "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", + "apiVersion": "2020-06-01", "name": "remoteAccess-linuxVirtualMachine", "properties": { "expressionEvaluationOptions": { @@ -728,7 +737,10 @@ "value": "[parameters('linuxVmAdminPasswordOrKey')]" }, "networkInterfaceName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface'), '2019-10-01').outputs.name.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface'), '2020-06-01').outputs.name.value]" + }, + "logAnalyticsWorkspaceId": { + "value": "[parameters('logAnalyticsWorkspaceId')]" } }, "template": { @@ -737,8 +749,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.613.9944", - "templateHash": "9484732926763055555" + "version": "0.4.1008.15138", + "templateHash": "16381556259285133052" } }, "parameters": { @@ -789,6 +801,9 @@ "adminPasswordOrKey": { "type": "secureString", "minLength": 14 + }, + "logAnalyticsWorkspaceId": { + "type": "string" } }, "functions": [], @@ -844,6 +859,75 @@ "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), null(), variables('linuxConfiguration'))]" } } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2020-06-01", + "name": "[format('{0}/Microsoft.Azure.NetworkWatcher', parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.Azure.NetworkWatcher", + "type": "NetworkWatcherAgentLinux", + "typeHandlerVersion": "1.4" + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines/extensions', split(format('{0}/Microsoft.Azure.AzurePolicyforLinux', parameters('name')), '/')[0], split(format('{0}/Microsoft.Azure.AzurePolicyforLinux', parameters('name')), '/')[1])]", + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2020-06-01", + "name": "[format('{0}/Microsoft.Azure.AzurePolicyforLinux', parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.GuestConfiguration", + "type": "ConfigurationforLinux", + "typeHandlerVersion": "1.0", + "autoUpgradeMinorVersion": true, + "enableAutomaticUpgrade": true + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2020-06-01", + "name": "[format('{0}/OMSExtension', parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.EnterpriseCloud.Monitoring", + "type": "OmsAgentForLinux", + "typeHandlerVersion": "1.13", + "settings": { + "workspaceId": "[reference(parameters('logAnalyticsWorkspaceId'), '2015-11-01-preview').customerId]", + "stopOnMultipleConnections": true + }, + "protectedSettings": { + "workspaceKey": "[listKeys(parameters('logAnalyticsWorkspaceId'), '2015-11-01-preview').primarySharedKey]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines/extensions', split(format('{0}/Microsoft.Azure.NetworkWatcher', parameters('name')), '/')[0], split(format('{0}/Microsoft.Azure.NetworkWatcher', parameters('name')), '/')[1])]", + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2020-06-01", + "name": "[format('{0}/DependencyAgentLinux', parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.Azure.Monitoring.DependencyAgent", + "type": "DependencyAgentLinux", + "typeHandlerVersion": "9.5", + "autoUpgradeMinorVersion": true + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines/extensions', split(format('{0}/OMSExtension', parameters('name')), '/')[0], split(format('{0}/OMSExtension', parameters('name')), '/')[1])]", + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] } ], "outputs": { @@ -864,7 +948,7 @@ }, { "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", + "apiVersion": "2020-06-01", "name": "remoteAccess-windowsNetworkInterface", "properties": { "expressionEvaluationOptions": { @@ -900,8 +984,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.613.9944", - "templateHash": "14459425343428091407" + "version": "0.4.1008.15138", + "templateHash": "15767041695622422511" } }, "parameters": { @@ -969,7 +1053,7 @@ }, { "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", + "apiVersion": "2020-06-01", "name": "remoteAccess-windowsVirtualMachine", "properties": { "expressionEvaluationOptions": { @@ -1014,7 +1098,10 @@ "value": "[parameters('windowsVmStorageAccountType')]" }, "networkInterfaceName": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'remoteAccess-windowsNetworkInterface'), '2019-10-01').outputs.name.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'remoteAccess-windowsNetworkInterface'), '2020-06-01').outputs.name.value]" + }, + "logAnalyticsWorkspaceId": { + "value": "[parameters('logAnalyticsWorkspaceId')]" } }, "template": { @@ -1023,8 +1110,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.613.9944", - "templateHash": "13028397952765670280" + "version": "0.4.1008.15138", + "templateHash": "5398822015781472627" } }, "parameters": { @@ -1068,6 +1155,9 @@ }, "storageAccountType": { "type": "string" + }, + "logAnalyticsWorkspaceId": { + "type": "string" } }, "functions": [], @@ -1109,6 +1199,72 @@ ] } } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-04-01", + "name": "[format('{0}/DependencyAgentWindows', parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.Azure.Monitoring.DependencyAgent", + "type": "DependencyAgentWindows", + "typeHandlerVersion": "9.5", + "autoUpgradeMinorVersion": true + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-04-01", + "name": "[format('{0}/AzurePolicyforWindows', parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.GuestConfiguration", + "type": "ConfigurationforWindows", + "typeHandlerVersion": "1.0", + "autoUpgradeMinorVersion": true, + "enableAutomaticUpgrade": true + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-04-01", + "name": "[format('{0}/MMAExtension', parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.EnterpriseCloud.Monitoring", + "type": "MicrosoftMonitoringAgent", + "typeHandlerVersion": "1.0", + "settings": { + "workspaceId": "[reference(parameters('logAnalyticsWorkspaceId'), '2015-11-01-preview').customerId]", + "stopOnMultipleConnections": true + }, + "protectedSettings": { + "workspaceKey": "[listKeys(parameters('logAnalyticsWorkspaceId'), '2015-11-01-preview').primarySharedKey]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2020-06-01", + "name": "[format('{0}/Microsoft.Azure.NetworkWatcher', parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.Azure.NetworkWatcher", + "type": "NetworkWatcherAgentWindows", + "typeHandlerVersion": "1.4" + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] } ] }