Billy O'Neal 7f52deab66
Update VMs for Patch Tuesday May 2023 (#31358)
* Update PowerShell Core to not vulnerable versions.

* Fix Android create-image relative paths.

* Update pools and add docs.

* Get android create-vmss to setup managed identity.
2023-05-14 01:54:42 -07:00

128 lines
4.0 KiB
PowerShell
Executable File

# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: MIT
#
<#
.SYNOPSIS
Creates a Linux virtual machine scale set, set up for vcpkg's CI.
.DESCRIPTION
create-vmss.ps1 creates an Azure Linux VM scale set, set up for vcpkg's CI
system. See https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview
for more information.
This script assumes you have installed Azure tools into PowerShell by following the instructions
at https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-3.6.1
or are running from Azure Cloud Shell.
This script assumes you have installed the OpenSSH Client optional Windows component.
.PARAMETER ImageName
The name of the image to deploy into the scale set.
#>
[CmdLetBinding()]
Param(
[parameter(Mandatory=$true)]
[string]$ImageName,
[parameter(Mandatory=$false)]
[string]$Prefix = "PrLin-",
[switch]$AddAndroidContainerRegistryPermissions
)
$Location = 'eastasia'
$Prefix += (Get-Date -Format 'yyyy-MM-dd')
$VMSize = 'Standard_D32a_v4'
$LiveVMPrefix = 'BUILD'
$ErrorActionPreference = 'Stop'
Import-Module "$PSScriptRoot/../create-vmss-helpers.psm1" -DisableNameChecking
$sshDir = [System.IO.Path]::GetTempPath() + [System.IO.Path]::GetRandomFileName()
mkdir $sshDir
try {
ssh-keygen.exe -q -b 2048 -t rsa -f "$sshDir/key" -P [string]::Empty
$sshPublicKey = Get-Content "$sshDir/key.pub"
} finally {
Remove-Item $sshDir -Recurse -Force
}
$ResourceGroupName = Find-ResourceGroupName $Prefix
$AdminPW = New-Password
$Image = Get-AzImage -ResourceGroupName 'vcpkg-image-minting' -ImageName $ImageName
New-AzResourceGroup -Name $ResourceGroupName -Location $Location
$VirtualNetwork = Create-LockedDownNetwork -ResourceGroupName $ResourceGroupName -Location $Location
$VmssIpConfigName = $ResourceGroupName + 'VmssIpConfig'
$VmssIpConfig = New-AzVmssIpConfig -SubnetId $VirtualNetwork.Subnets[0].Id -Primary -Name $VmssIpConfigName
$VmssName = $ResourceGroupName + 'Vmss'
$Vmss = New-AzVmssConfig `
-Location $Location `
-SkuCapacity 0 `
-SkuName $VMSize `
-SkuTier 'Standard' `
-Overprovision $false `
-UpgradePolicyMode Manual `
-EvictionPolicy Delete `
-Priority Spot `
-MaxPrice -1 `
-IdentityType SystemAssigned
$NicName = $ResourceGroupName + 'NIC'
New-AzNetworkInterface `
-Name $NicName `
-ResourceGroupName $ResourceGroupName `
-Location $Location `
-Subnet $VirtualNetwork.Subnets[0]
$Vmss = Add-AzVmssNetworkInterfaceConfiguration `
-VirtualMachineScaleSet $Vmss `
-Primary $true `
-IpConfiguration $VmssIpConfig `
-NetworkSecurityGroupId $VirtualNetwork.Subnets[0].NetworkSecurityGroup.Id `
-Name $NicName
$VmssPublicKey = New-Object -TypeName 'Microsoft.Azure.Management.Compute.Models.SshPublicKey' `
-ArgumentList @('/home/AdminUser/.ssh/authorized_keys', $sshPublicKey)
$Vmss = Set-AzVmssOsProfile `
-VirtualMachineScaleSet $Vmss `
-ComputerNamePrefix $LiveVMPrefix `
-AdminUsername AdminUser `
-AdminPassword $AdminPW `
-LinuxConfigurationDisablePasswordAuthentication $true `
-PublicKey @($VmssPublicKey)
$Vmss = Set-AzVmssStorageProfile `
-VirtualMachineScaleSet $Vmss `
-OsDiskCreateOption 'FromImage' `
-OsDiskCaching ReadOnly `
-DiffDiskSetting Local `
-ImageReferenceId $Image.Id
$Vmss = Set-AzVmssBootDiagnostic `
-VirtualMachineScaleSet $Vmss `
-Enabled $true
$VmssCreated = New-AzVmss `
-ResourceGroupName $ResourceGroupName `
-Name $VmssName `
-VirtualMachineScaleSet $Vmss
if ($AddAndroidContainerRegistryPermissions) {
$spID = $VmssCreated.Identity.PrincipalId
$acrGroup = "And-Registry"
$acrName = "AndContainerRegistry"
$resourceID = (Get-AzContainerRegistry -ResourceGroupName $acrGroup -Name $acrName).Id
# needs admin privileges
New-AzRoleAssignment -ObjectId $spID -Scope $resourceID -RoleDefinitionName AcrPull
}
Write-Host "Location: $Location"
Write-Host "Resource group name: $ResourceGroupName"
Write-Host 'Finished!'