From 8b4d7e5c2f9e13b0c438963438e874edb5517da8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr?= Date: Tue, 6 Feb 2024 16:19:39 +0100 Subject: [PATCH 1/5] Fix Actions permissions (#575) --- .github/workflows/create-prerelase.yml | 3 +++ .github/workflows/create-release.yml | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/.github/workflows/create-prerelase.yml b/.github/workflows/create-prerelase.yml index ce37d26c..c5a43fbc 100644 --- a/.github/workflows/create-prerelase.yml +++ b/.github/workflows/create-prerelase.yml @@ -16,6 +16,9 @@ jobs: name: Create prerelease if: "!contains(github.event.head_commit.message, '[no release]')" runs-on: windows-2019 + permissions: + # needed to create a release + contents: write steps: - uses: actions/checkout@v3 with: diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 63432c70..ce330a8d 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -17,6 +17,9 @@ jobs: name: Bump version if: "!contains(github.event.head_commit.message, '[no release]')" runs-on: windows-2019 + permissions: + # needed to create a release + contents: write outputs: previous_tag: ${{ steps.bump.outputs.previous_tag }} new_tag: ${{ steps.bump.outputs.new_tag }} @@ -52,6 +55,9 @@ jobs: name: Create release if: "!contains(github.event.head_commit.message, '[no release]')" runs-on: self-hosted + permissions: + # needed to create a release + contents: write needs: new-version steps: - uses: actions/checkout@v3 From 8daa497439150164d7565f6448a02b731dab36f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr?= Date: Tue, 6 Feb 2024 16:32:06 +0100 Subject: [PATCH 2/5] Update 2_CreateParentDisks.ps1 --- Scripts/2_CreateParentDisks.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Scripts/2_CreateParentDisks.ps1 b/Scripts/2_CreateParentDisks.ps1 index 51fd5b4f..40e3adde 100644 --- a/Scripts/2_CreateParentDisks.ps1 +++ b/Scripts/2_CreateParentDisks.ps1 @@ -16,7 +16,7 @@ If (-not $isAdmin) { . $PSScriptRoot\0_Shared.ps1 # [!build-include-inline] #Create Unattend for VHD - Function CreateUnattendFileVHD{ + Function CreateUnattendFileVHD { param ( [parameter(Mandatory=$true)] [string] @@ -1239,4 +1239,4 @@ If (!$LabConfig.AutoClosePSWindows) { Read-Host | Out-Null } -#endregion \ No newline at end of file +#endregion From 30380fb342a8ce1111e168380062674edcb0de1e Mon Sep 17 00:00:00 2001 From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com> Date: Thu, 22 Feb 2024 15:26:45 +0100 Subject: [PATCH 3/5] Update DownloadLatestCUs.ps1 added Azure Stack HCI 23H2 CU and Servicing Stack in a new PR we should remove SSU as they are now part of the CU for all supported releases of Windows Server and Client AFTER 1607 ref: https://www.catalog.update.microsoft.com/Search.aspx?q=servicing%20stack --- Tools/DownloadLatestCUs.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Tools/DownloadLatestCUs.ps1 b/Tools/DownloadLatestCUs.ps1 index 113a5cce..30bcc81b 100644 --- a/Tools/DownloadLatestCUs.ps1 +++ b/Tools/DownloadLatestCUs.ps1 @@ -39,6 +39,7 @@ if ($version.Minor -eq 27){ } $Products=@() +$Products+=@{Product="Azure Stack HCI 23H2 GA" ;SearchString="Cumulative Update for Microsoft server operating system version 23H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Microsoft server operating system version 23H2 for x64-based Systems" ; ID="Microsoft Server operating system-23H2"} #they really removed the ',' in CUs $Products+=@{Product="Azure Stack HCI 22H2" ;SearchString="Cumulative Update for Microsoft server operating system, version 22H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Microsoft server operating system version 22H2 for x64-based Systems" ; ID="Microsoft Server operating system-22H2"} $Products+=@{Product="Azure Stack HCI 21H2 and Windows Server 2022" ;SearchString="Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Microsoft server operating system version 21H2 for x64-based Systems" ; ID="Microsoft Server operating system-21H2"} $Products+=@{Product="Azure Stack HCI 20H2" ;SearchString="Cumulative Update for Azure Stack HCI, version 20H2" ;SSUSearchString="Servicing Stack Update for Azure Stack HCI, version 20H2 for x64-based Systems" ; ID="Azure Stack HCI"} @@ -89,4 +90,4 @@ Foreach($SelectedProduct in $SelectedProducts){ #endregion Write-Host "Job finished. Press enter to continue" -ForegroundColor Green -Read-Host \ No newline at end of file +Read-Host From ac84c9e7d9387200285c64053008a208a9826bf8 Mon Sep 17 00:00:00 2001 From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com> Date: Thu, 22 Feb 2024 17:16:34 +0100 Subject: [PATCH 4/5] Update DownloadLatestCUs.ps1 1. added support for Windows Server 11 23H2 2. added support for Azure Stack HCI 23H2 3. removed "," in Searchstring for consistency, -like is used later on 4. changed SSUSearchString to $null where appropriate (no SSU exist for these releases. left it for older ones, even though latest CUs would have them included. 5. added if else to support $null SSUSearchString notes: for some reason 23H2 releases do not download files even they are correctly found and listed. Problem with the used module Get-MSCatalogUpdate? --- Tools/DownloadLatestCUs.ps1 | 38 +++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/Tools/DownloadLatestCUs.ps1 b/Tools/DownloadLatestCUs.ps1 index 30bcc81b..bd0533c8 100644 --- a/Tools/DownloadLatestCUs.ps1 +++ b/Tools/DownloadLatestCUs.ps1 @@ -39,17 +39,18 @@ if ($version.Minor -eq 27){ } $Products=@() -$Products+=@{Product="Azure Stack HCI 23H2 GA" ;SearchString="Cumulative Update for Microsoft server operating system version 23H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Microsoft server operating system version 23H2 for x64-based Systems" ; ID="Microsoft Server operating system-23H2"} #they really removed the ',' in CUs -$Products+=@{Product="Azure Stack HCI 22H2" ;SearchString="Cumulative Update for Microsoft server operating system, version 22H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Microsoft server operating system version 22H2 for x64-based Systems" ; ID="Microsoft Server operating system-22H2"} -$Products+=@{Product="Azure Stack HCI 21H2 and Windows Server 2022" ;SearchString="Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Microsoft server operating system version 21H2 for x64-based Systems" ; ID="Microsoft Server operating system-21H2"} -$Products+=@{Product="Azure Stack HCI 20H2" ;SearchString="Cumulative Update for Azure Stack HCI, version 20H2" ;SSUSearchString="Servicing Stack Update for Azure Stack HCI, version 20H2 for x64-based Systems" ; ID="Azure Stack HCI"} -$Products+=@{Product="Windows Server 2019" ;SearchString="Cumulative Update for Windows Server 2019 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows Server 2019 for x64-based Systems" ; ID="Windows Server 2019"} -$Products+=@{Product="Windows Server 2016" ;SearchString="Cumulative Update for Windows Server 2016 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows Server 2016 for x64-based Systems" ; ID="Windows Server 2016"} -$Products+=@{Product="Windows 11 22H2" ;SearchString="Cumulative Update for Windows 11 Version 22H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows 11 Version 22H2 for x64-based Systems" ; ID="Windows 11"} -$Products+=@{Product="Windows 10 21H2" ;SearchString="Cumulative Update for Windows 10 Version 21H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows 10 Version 21H2 for x64-based Systems" ; ID="Windows 10, version 1903 and later, Windows 10 LTSB"} -$Products+=@{Product="Windows 10 20H2" ;SearchString="Cumulative Update for Windows 10 Version 20H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows 10 Version 20H2 for x64-based Systems" ; ID="Windows 10, version 1903 and later"} -$Products+=@{Product="Windows 10 2004" ;SearchString="Cumulative Update for Windows 10 Version 2004 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows 10 Version 2004 for x64-based Systems" ; ID="Windows 10, version 1903 and later"} -$Products+=@{Product="Windows 10 1909" ;SearchString="Cumulative Update for Windows 10 Version 1909 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows 10 Version 1909 for x64-based Systems" ; ID="Windows 10, version 1903 and later"} +$Products+=@{Product="Azure Stack HCI 23H2" ;SearchString="Cumulative Update for Microsoft server operating system version 23H2 for x64-based Systems" ;SSUSearchString=$null ; ID="Microsoft Server operating system-23H2"} #MSFT really removed the ',' in CUs +$Products+=@{Product="Azure Stack HCI 22H2" ;SearchString="Cumulative Update for Microsoft server operating system version 22H2 for x64-based Systems" ;SSUSearchString=$null ; ID="Microsoft Server operating system-22H2"} +$Products+=@{Product="Azure Stack HCI 21H2 and Windows Server 2022" ;SearchString="Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Microsoft server operating system version 21H2 for x64-based Systems" ; ID="Microsoft Server operating system-21H2"} +$Products+=@{Product="Azure Stack HCI 20H2" ;SearchString="Cumulative Update for Azure Stack HCI, version 20H2" ;SSUSearchString="Servicing Stack Update for Azure Stack HCI, version 20H2 for x64-based Systems" ; ID="Azure Stack HCI"} #unsupported release SSU no longer required but remain for compat reasons +$Products+=@{Product="Windows Server 2019" ;SearchString="Cumulative Update for Windows Server 2019 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows Server 2019 for x64-based Systems" ; ID="Windows Server 2019"} #SSU no longer required but remain for compat reasons +$Products+=@{Product="Windows Server 2016" ;SearchString="Cumulative Update for Windows Server 2016 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows Server 2016 for x64-based Systems" ; ID="Windows Server 2016"} #SSU no longer required but remain for compat reasons +$Products+=@{Product="Windows 11 23H2" ;SearchString="Cumulative Update for Windows 11 Version 23H2 for x64-based Systems" ;SSUSearchString=$null ; ID="Windows 11"} +$Products+=@{Product="Windows 11 22H2" ;SearchString="Cumulative Update for Windows 11 Version 22H2 for x64-based Systems" ;SSUSearchString=$null ; ID="Windows 11"} +$Products+=@{Product="Windows 10 21H2" ;SearchString="Cumulative Update for Windows 10 Version 21H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows 10 Version 21H2 for x64-based Systems" ; ID="Windows 10, version 1903 and later, Windows 10 LTSB"} #SSU no longer required but remain for compat reasons +$Products+=@{Product="Windows 10 20H2" ;SearchString="Cumulative Update for Windows 10 Version 20H2 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows 10 Version 20H2 for x64-based Systems" ; ID="Windows 10, version 1903 and later"} #SSU no longer required but remain for compat reasons +$Products+=@{Product="Windows 10 2004" ;SearchString="Cumulative Update for Windows 10 Version 2004 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows 10 Version 2004 for x64-based Systems" ; ID="Windows 10, version 1903 and later"} #SSU no longer required but remain for compat reasons +$Products+=@{Product="Windows 10 1909" ;SearchString="Cumulative Update for Windows 10 Version 1909 for x64-based Systems" ;SSUSearchString="Servicing Stack Update for Windows 10 Version 1909 for x64-based Systems" ; ID="Windows 10, version 1903 and later"} #SSU no longer required but remain for compat reasons #grab folder to download to $folder=Read-Host -Prompt "Please type path to download. For example `"c:\temp`" (if nothing specified, $PSScriptRoot is used)" @@ -81,11 +82,16 @@ Foreach($SelectedProduct in $SelectedProducts){ $update | Save-MSCatalogUpdate -Destination "$DestinationFolder" #-UseBits #Download SSU - $update=Get-MSCatalogUpdate -Search $item.SSUSearchString | Where-Object Products -eq $item.ID | Select-Object -First 1 - if ($update){ - Write-Output "Downloading $($update.title) to $destinationFolder" - $update | Save-MSCatalogUpdate -Destination $DestinationFolder #-UseBits - } + If (!($Null -eq $item.SSUSearchString)){ + $update=Get-MSCatalogUpdate -Search $item.SSUSearchString | Where-Object Products -eq $item.ID | Select-Object -First 1 + if ($update){ + Write-Output "Downloading $($update.title) to $destinationFolder" + $update | Save-MSCatalogUpdate -Destination $DestinationFolder #-UseBits + } + }#end if check if SSUString is not $Null + else{ + Write-Host "The selected release does not require seperate SSU." -ForegroundColor Green + }#end elseif check if SSUString is $Null } #endregion From cc75212b50cc20ee84e0bc78ab6fd606415191fa Mon Sep 17 00:00:00 2001 From: Jaromir Kaspar Date: Fri, 22 Mar 2024 13:01:55 +0100 Subject: [PATCH 5/5] cloud deploy update --- .../Scenario.ps1 | 52 +++++++++++++------ 1 file changed, 35 insertions(+), 17 deletions(-) diff --git a/Scenarios/AzSHCI and Cloud Based Deployment/Scenario.ps1 b/Scenarios/AzSHCI and Cloud Based Deployment/Scenario.ps1 index fbbf0a7d..ecc6fe3e 100644 --- a/Scenarios/AzSHCI and Cloud Based Deployment/Scenario.ps1 +++ b/Scenarios/AzSHCI and Cloud Based Deployment/Scenario.ps1 @@ -1,29 +1,24 @@ #region Prepare Active Directory $AsHCIOUName="OU=ASClus01,DC=Corp,DC=contoso,DC=com" - $Servers="ASNode1","ASNode2" - $DomainFQDN=$env:USERDNSDOMAIN - $ClusterName="ASClus01" - $Prefix="ASClus01" - $UserName="ASClus01-DeployUser" - $Password="LS1setup!LS1setup!" - $SecuredPassword = ConvertTo-SecureString $password -AsPlainText -Force - $Credentials= New-Object System.Management.Automation.PSCredential ($UserName,$SecuredPassword) + #$Servers="ASNode1","ASNode2" + #$DomainFQDN=$env:USERDNSDOMAIN + #$ClusterName="ASClus01" + #$Prefix="ASClus01" + $LCMUserName="ASClus01-LCMUser" + $LCMPassword="LS1setup!LS1setup!" + $SecuredPassword = ConvertTo-SecureString $LCMPassword -AsPlainText -Force + $LCMCredentials= New-Object System.Management.Automation.PSCredential ($LCMUserName,$SecuredPassword) #install posh module for prestaging Active Directory Install-PackageProvider -Name NuGet -Force Install-Module AsHciADArtifactsPreCreationTool -Repository PSGallery -Force - #add KDS Root Key - if (-not (Get-KdsRootKey)){ - Add-KdsRootKey -EffectiveTime ((Get-Date).addhours(-10)) - } - #make sure active directory module and GPMC is installed Install-WindowsFeature -Name RSAT-AD-PowerShell,GPMC #populate objects - New-HciAdObjectsPreCreation -Deploy -AzureStackLCMUserCredential $Credentials -AsHciOUName $AsHCIOUName -AsHciPhysicalNodeList $Servers -DomainFQDN $DomainFQDN -AsHciClusterName $ClusterName -AsHciDeploymentPrefix $Prefix - + New-HciAdObjectsPreCreation -AzureStackLCMUserCredential $LCMCredentials -AsHciOUName $AsHCIOUName + #install management features to explore cluster,settings... Install-WindowsFeature -Name "RSAT-ADDS","RSAT-Clustering" #endregion @@ -140,7 +135,7 @@ "Microsoft.ExtendedLocation/register/action", "Microsoft.HybridContainerService/register/action", "Microsoft.ResourceConnector/appliances/write", - "Microsoft.ResourceConnector/appliances/delete, + "Microsoft.ResourceConnector/appliances/delete", "Microsoft.ResourceConnector/appliances/listClusterUserCredential/action", "Microsoft.ResourceConnector/appliances/read", "Microsoft.ExtendedLocation/customLocations/read", @@ -284,6 +279,13 @@ Install-Module -Name az.accounts -Force } -Credential $Credentials + #make sure resource providers are registered + Register-AzResourceProvider -ProviderNamespace "Microsoft.HybridCompute" + Register-AzResourceProvider -ProviderNamespace "Microsoft.GuestConfiguration" + Register-AzResourceProvider -ProviderNamespace "Microsoft.HybridConnectivity" + Register-AzResourceProvider -ProviderNamespace "Microsoft.AzureStackHCI" + + #deploy ARC Agent with device authentication $ARMtoken = (Get-AzAccessToken).Token $id = (Get-AzContext).Account.Id @@ -390,7 +392,7 @@ } Write-Host "." -NoNewline } until ( - $status.provisioningstate -notcontains "Creatingg" + $status.provisioningstate -notcontains "Creating" ) #Assign role to ARC Objects @@ -432,6 +434,22 @@ #endregion #region final touches + #make sure NTP server is configured + #note make sure integration service is disabled on host if running in VMs + #Get-VM *ASNode* | Disable-VMIntegrationService -Name "Time Synchronization" + + $NTPServer="DC.corp.contoso.com" + Invoke-Command -ComputerName $servers -ScriptBlock { + w32tm /config /manualpeerlist:$using:NTPServer /syncfromflags:manual /update + Restart-Service w32time + } -Credential $Credentials + + Start-Sleep 20 + + #check if source is NTP Server + Invoke-Command -ComputerName $servers -ScriptBlock { + w32tm /query /source + } -Credential $Credentials #make sure there is only one management NIC with IP address (setup is complaining about multiple gateways) Invoke-Command -ComputerName $servers -ScriptBlock {