Skip to content

Commit

Permalink
Merge branch 'develop' into python-migration
Browse files Browse the repository at this point in the history
  • Loading branch information
@jemrobinson
jemrobinson committed Aug 24, 2023
2 parents 2105d28 + 46a5db7 commit a57be6b
Show file tree
Hide file tree
Showing 95 changed files with 1,860 additions and 7,019 deletions.
11 changes: 3 additions & 8 deletions deployment/administration/SHM_Manage_VMs.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ if ($Group -eq "Identity") {
} elseif ($Group -eq "Mirrors") {
# Remove Identity VMs from list
$vmsByRg.Remove($config.dc.rg)
$vmsByRg.Remove($config.nps.rg)
}

switch ($Action) {
Expand All @@ -48,23 +47,19 @@ switch ($Action) {
$primaryDCAlreadyRunning = Confirm-VmRunning -Name $config.dc.vmName -ResourceGroupName $config.dc.rg
if ($primaryDCAlreadyRunning) {
Add-LogMessage -Level InfoSuccess "VM '$($config.dc.vmName)' already running."
# Start Secondary DC and NPS
# Start Secondary DC
Start-VM -Name $config.dcb.vmName -ResourceGroupName $config.dc.rg
Start-VM -Name $config.nps.vmName -ResourceGroupName $config.nps.rg -SkipIfNotExist
} else {
# Stop Secondary DC and NPS as these must start after Primary DC
# Stop Secondary DC as it must start after Primary DC
Add-LogMessage -Level Info "Stopping Secondary DC and NPS as Primary DC is not running."
Stop-Vm -Name $config.dcb.vmName -ResourceGroupName $config.dc.rg
Stop-Vm -Name $config.nps.vmName -ResourceGroupName $config.nps.rg -SkipIfNotExist
# Start Primary DC
Start-VM -Name $config.dc.vmName -ResourceGroupName $config.dc.rg
# Start Secondary DC and NPS
# Start Secondary DC
Start-VM -Name $config.dcb.vmName -ResourceGroupName $config.dc.rg
Start-VM -Name $config.nps.vmName -ResourceGroupName $config.nps.rg -SkipIfNotExist
}
# Remove Identity VMs from general VM list so they are not processed twice
$vmsByRg.Remove($config.dc.rg)
$vmsByRg.Remove($config.nps.rg)
}
# Process remaining SHM VMs covered by the specified group
foreach ($key in $vmsByRg.Keys) {
Expand Down
29 changes: 3 additions & 26 deletions deployment/administration/SRE_Manage_VMs.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ $vmsByRg = Get-VMsByResourceGroupPrefix -ResourceGroupPrefix $config.sre.rgPrefi
switch ($Action) {
"EnsureStarted" {
# Remove remote desktop VMs to process last
# May be able to simplify this further now that MSRDS is removed
$remoteDesktopVms = $vmsByRg[$config.sre.remoteDesktop.rg]
$vmsByRg.Remove($config.sre.remoteDesktop.rg)
# Start all other VMs before RDS VMs so all services will be available when users can login via RDS
Expand All @@ -40,32 +41,8 @@ switch ($Action) {
}
# Ensure remote desktop VMs are started
Add-LogMessage -Level Info "Ensuring VMs in resource group '$($config.sre.remoteDesktop.rg)' are started..."
if ($config.sre.remoteDesktop.provider -eq "ApacheGuacamole") {
# Start Guacamole VMs
$remoteDesktopVms | ForEach-Object { Start-VM -VM $_ }
} elseif ($config.sre.remoteDesktop.provider -eq "MicrosoftRDS") {
# RDS gateway must be started before RDS session hosts
$gatewayAlreadyRunning = Confirm-VmRunning -Name $config.sre.remoteDesktop.gateway.vmName -ResourceGroupName $config.sre.remoteDesktop.rg
if ($gatewayAlreadyRunning) {
Add-LogMessage -Level InfoSuccess "VM '$($config.sre.remoteDesktop.gateway.vmName)' already running."
# Ensure session hosts started
foreach ($vm in $remoteDesktopVms | Where-Object { $_.Name -ne $config.sre.remoteDesktop.gateway.vmName }) {
Start-VM -VM $vm
}
} else {
# Stop session hosts as they must start after gateway
Add-LogMessage -Level Info "Stopping RDS session hosts as gateway is not running."
foreach ($vm in $remoteDesktopVms | Where-Object { $_.Name -ne $config.sre.remoteDesktop.gateway.vmName }) {
Stop-VM -VM $vm
}
# Start gateway
Start-VM -Name $config.sre.remoteDesktop.gateway.vmName -ResourceGroupName $config.sre.remoteDesktop.rg
# Start session hosts
foreach ($vm in $remoteDesktopVms | Where-Object { $_.Name -ne $config.sre.remoteDesktop.gateway.vmName }) {
Start-VM -VM $vm
}
}
}
# Start Guacamole VMs
$remoteDesktopVms | ForEach-Object { Start-VM -VM $_ }
}
"EnsureStopped" {
foreach ($key in $vmsByRg.Keys) {
Expand Down
95 changes: 20 additions & 75 deletions deployment/common/Configuration.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,14 +186,12 @@ function Get-ShmConfig {
netbiosName = ($shmConfigBase.netbiosName ? $shmConfigBase.netbiosName : $shm.id).ToUpper() | Limit-StringLength -MaximumLength 15 -FailureIsFatal
dn = "DC=$(($shmConfigBase.domain).Replace('.',',DC='))"
ous = [ordered]@{
databaseServers = [ordered]@{ name = "Secure Research Environment Database Servers" }
linuxServers = [ordered]@{ name = "Secure Research Environment Linux Servers" }
rdsGatewayServers = [ordered]@{ name = "Secure Research Environment RDS Gateway Servers" }
rdsSessionServers = [ordered]@{ name = "Secure Research Environment RDS Session Servers" }
researchUsers = [ordered]@{ name = "Safe Haven Research Users" }
securityGroups = [ordered]@{ name = "Safe Haven Security Groups" }
serviceAccounts = [ordered]@{ name = "Safe Haven Service Accounts" }
identityServers = [ordered]@{ name = "Safe Haven Identity Servers" }
databaseServers = [ordered]@{ name = "Secure Research Environment Database Servers" }
linuxServers = [ordered]@{ name = "Secure Research Environment Linux Servers" }
researchUsers = [ordered]@{ name = "Safe Haven Research Users" }
securityGroups = [ordered]@{ name = "Safe Haven Security Groups" }
serviceAccounts = [ordered]@{ name = "Safe Haven Service Accounts" }
identityServers = [ordered]@{ name = "Safe Haven Identity Servers" }
}
}
$shm.domain.fqdnLower = ($shm.domain.fqdn).ToLower()
Expand Down Expand Up @@ -400,31 +398,21 @@ function Get-ShmConfig {
# ---------
$shm.users = [ordered]@{
computerManagers = [ordered]@{
databaseServers = [ordered]@{
databaseServers = [ordered]@{
name = "$($shm.domain.netbiosName) Database Servers Manager"
samAccountName = "$($shm.id)databasesrvrs".ToLower() | Limit-StringLength -MaximumLength 20
passwordSecretName = "shm-$($shm.id)-computer-manager-password-database-servers".ToLower()
}
identityServers = [ordered]@{
identityServers = [ordered]@{
name = "$($shm.domain.netbiosName) Identity Servers Manager"
samAccountName = "$($shm.id)identitysrvrs".ToLower() | Limit-StringLength -MaximumLength 20
passwordSecretName = "shm-$($shm.id)-computer-manager-password-identity-servers".ToLower()
}
linuxServers = [ordered]@{
linuxServers = [ordered]@{
name = "$($shm.domain.netbiosName) Linux Servers Manager"
samAccountName = "$($shm.id)linuxsrvrs".ToLower() | Limit-StringLength -MaximumLength 20
passwordSecretName = "shm-$($shm.id)-computer-manager-password-linux-servers".ToLower()
}
rdsGatewayServers = [ordered]@{
name = "$($shm.domain.netbiosName) RDS Gateway Manager"
samAccountName = "$($shm.id)gatewaysrvrs".ToLower() | Limit-StringLength -MaximumLength 20
passwordSecretName = "shm-$($shm.id)-computer-manager-password-rds-gateway-servers".ToLower()
}
rdsSessionServers = [ordered]@{
name = "$($shm.domain.netbiosName) RDS Session Servers Manager"
samAccountName = "$($shm.id)sessionsrvrs".ToLower() | Limit-StringLength -MaximumLength 20
passwordSecretName = "shm-$($shm.id)-computer-manager-password-rds-session-servers".ToLower()
}
}
serviceAccounts = [ordered]@{
aadLocalSync = [ordered]@{
Expand Down Expand Up @@ -624,22 +612,17 @@ function Get-SreConfig {
# Import minimal management config parameters from JSON config file - we can derive the rest from these
$sreConfigBase = Get-CoreConfig -shmId $shmId -sreId $sreId

# Support for "MicrosoftRDS" has been removed. The "remotedDesktopProvider" field now defaults to "ApacheGuacamole"
if ($sreConfigBase.remoteDesktopProvider -ne "ApacheGuacamole") {
Add-LogMessage -Level Fatal "Support for remote desktops other than ApacheGuacamole has been removed"
} elseif ($sreConfigBase.remoteDesktopProvider -eq "ApacheGuacamole") {
Add-LogMessage -Level Warning "The remoteDesktopProvider configuration option has been deprecated and will be removed in the future"
}
$sreConfigBase.remoteDesktopProvider = "ApacheGuacamole"

# Secure research environment config
# ----------------------------------
# Check that one of the allowed remote desktop providers is selected
$remoteDesktopProviders = @("ApacheGuacamole", "MicrosoftRDS")
if (-not $sreConfigBase.remoteDesktopProvider) {
Add-LogMessage -Level Warning "No remoteDesktopType was provided. Defaulting to $($remoteDesktopProviders[0])"
$sreConfigBase.remoteDesktopProvider = $remoteDesktopProviders[0]
}
if (-not $remoteDesktopProviders.Contains($sreConfigBase.remoteDesktopProvider)) {
Add-LogMessage -Level Fatal "Did not recognise remote desktop provider '$($sreConfigBase.remoteDesktopProvider)' as one of the allowed remote desktop types: $remoteDesktopProviders"
}
if (
($sreConfigBase.remoteDesktopProvider -eq "MicrosoftRDS") -and (-not @(2, 3, 4).Contains([int]$sreConfigBase.tier))
) {
Add-LogMessage -Level Fatal "RemoteDesktopProvider '$($sreConfigBase.remoteDesktopProvider)' cannot be used for tier '$($sreConfigBase.tier)'"
}

# Setup the basic config
$config = [ordered]@{
shm = Get-ShmConfig -shmId $sreConfigBase.shmId
Expand Down Expand Up @@ -879,8 +862,8 @@ function Get-SreConfig {
}
}

# Remote desktop either through Apache Guacamole or Microsoft RDS
# ---------------------------------------------------------------
# Apache Guacamole remote desktop
# -------------------------------
$config.sre.remoteDesktop.rg = "$($config.sre.rgPrefix)_REMOTE_DESKTOP".ToUpper()
if ($config.sre.remoteDesktop.provider -eq "ApacheGuacamole") {
$config.sre.network.vnet.subnets.remoteDesktop.nsg = [ordered]@{
Expand All @@ -900,44 +883,6 @@ function Get-SreConfig {
}
}
}
} elseif ($config.sre.remoteDesktop.provider -eq "MicrosoftRDS") {
$config.sre.remoteDesktop.gateway = [ordered]@{
adminPasswordSecretName = "$($config.sre.shortName)-vm-admin-password-rds-gateway"
vmName = "RDG-SRE-$($config.sre.id)".ToUpper() | Limit-StringLength -MaximumLength 15
vmSize = "Standard_DS2_v2"
ip = Get-NextAvailableIpInRange -IpRangeCidr $config.sre.network.vnet.subnets.remoteDesktop.cidr -Offset 4
installationDirectory = "C:\Installation"
nsg = [ordered]@{
name = "$($config.sre.nsgPrefix)_RDS_SERVER".ToUpper()
rules = "sre-nsg-rules-gateway.json"
}
disks = [ordered]@{
data = [ordered]@{
sizeGb = "1023"
type = $config.sre.diskTypeDefault
}
os = [ordered]@{
sizeGb = "128"
type = $config.sre.diskTypeDefault
}
}
}
$config.sre.remoteDesktop.appSessionHost = [ordered]@{
adminPasswordSecretName = "$($config.sre.shortName)-vm-admin-password-rds-sh1"
vmName = "APP-SRE-$($config.sre.id)".ToUpper() | Limit-StringLength -MaximumLength 15
vmSize = "Standard_DS2_v2"
ip = Get-NextAvailableIpInRange -IpRangeCidr $config.sre.network.vnet.subnets.remoteDesktop.cidr -Offset 5
nsg = [ordered]@{
name = "$($config.sre.nsgPrefix)_RDS_SESSION_HOSTS".ToUpper()
rules = "sre-nsg-rules-session-hosts.json"
}
disks = [ordered]@{
os = [ordered]@{
sizeGb = "128"
type = $config.sre.diskTypeDefault
}
}
}
} else {
Add-LogMessage -Level Fatal "Remote desktop type '$($config.sre.remoteDesktop.type)' was not recognised!"
}
Expand Down
Loading

0 comments on commit a57be6b

Please sign in to comment.