Templates/DeploymentSettingsTemplate.json
|
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "apiVersion": { "defaultValue": "2024-02-15-preview", "type": "string", "metadata": { "description": "The api version for deploying a hci cluster" } }, "name": { "defaultValue": "democlusteratda3", "type": "string", "metadata": { "description": "The name of the hci cluster" } }, "arcNodeResourceIds": { "defaultValue": [ "/subscriptions/ff0aa6da-20f8-44fe-9aee-381c8e8a4aeb/resourceGroups/deployFromCloud-CanaryRg/providers/Microsoft.HybridCompute/machines/ASRR1S46R17U40" ], "type": "array", "metadata": { "description": "The arc for server node Ids of the hci cluster" } }, "domainFqdn": { "defaultValue": "contoso.com", "type": "string", "metadata": { "description": "The domain name of the active directory" } }, "namingPrefix": { "defaultValue": "HCI01", "type": "string", "metadata": { "description": "The computer name prefix" } }, "adouPath": { "defaultValue": "OU=HCI01,DC=contoso,DC=com", "type": "string", "metadata": { "description": "The oU path" } }, "securityLevel": { "defaultValue": "Customized", "type": "string", "metadata": { "description": "The security level data for deploying a hci cluster" } }, "driftControlEnforced": { "defaultValue": true, "type": "bool", "metadata": { "description": "The security setting driftControlEnforced data for deploying a hci cluster" } }, "credentialGuardEnforced": { "defaultValue": true, "type": "bool", "metadata": { "description": "The security setting credentialGuardEnforced data for deploying a hci cluster" } }, "smbSigningEnforced": { "defaultValue": true, "type": "bool", "metadata": { "description": "The security setting smbSigningEnforced data for deploying a hci cluster" } }, "smbClusterEncryption": { "defaultValue": true, "type": "bool", "metadata": { "description": "The security setting smbClusterEncryption data for deploying a hci cluster" } }, "bitlockerBootVolume": { "defaultValue": true, "type": "bool", "metadata": { "description": "The security setting bitlockerBootVolume data for deploying a hci cluster" } }, "bitlockerDataVolumes": { "defaultValue": true, "type": "bool", "metadata": { "description": "The security setting bitlockerDataVolumes data for deploying a hci cluster" } }, "wdacEnforced": { "defaultValue": false, "type": "bool", "metadata": { "description": "The security setting wdacEnforced data for deploying a hci cluster" } }, "streamingDataClient": { "defaultValue": true, "type": "bool", "metadata": { "description": "The metrics data for deploying a hci cluster" } }, "euLocation": { "defaultValue": true, "type": "bool", "metadata": { "description": "The location data for deploying a hci cluster" } }, "episodicDataUpload": { "defaultValue": true, "type": "bool", "metadata": { "description": "The diagnostic data for deploying a hci cluster" } }, "clusterName": { "defaultValue": "democluster", "type": "string", "metadata": { "description": "The name of the hci cluster" } }, "cloudAccountName": { "defaultValue": "democlustersa", "type": "string", "metadata": { "description": "The storage account for deploying a hci cluster" } }, "configurationMode": { "defaultValue": "KeepStorage", "type": "string", "metadata": { "description": "The volume type for deploying a hci cluster" } }, "subnetMask": { "defaultValue": "255.255.255.0", "type": "string", "metadata": { "description": "The subnet mask for deploying a hci cluster" } }, "defaultGateway": { "defaultValue": "10.0.0.1", "type": "string", "metadata": { "description": "The default gateway for deploying a hci cluster" } }, "infrastructureIpPoolSettings": { "defaultValue": [ { "startingAddress": "10.0.0.8", "endingAddress": "10.0.0.10" } ], "type": "array", "metadata": { "description": "The Ip pools for deploying a hci cluster" } }, "dnsServers": { "defaultValue": [ "10.0.0.7", "10.0.0.5" ], "type": "array", "metadata": { "description": "The dns servers for deploying a hci cluster" } }, "useDhcp": { "type": "bool", "defaultValue": false, "metadata": { "description": "Allows customers to use DHCP for Hosts and Cluster IPs. If not declared, the deployment will default to static IPs. When true, GW and DNS servers are not required" } }, "physicalNodesSettings": { "defaultValue": [ { "name": "default", "ipv4Address": "10.10.10.12" } ], "type": "array", "metadata": { "description": "The physical nodes settings for deploying a hci cluster" } }, "networkingType": { "defaultValue": "singleServerDeployment", "type": "string", "metadata": { "description": "The networking type for deploying a hci cluster" } }, "networkingPattern": { "defaultValue": "convergedManagementCompute", "type": "string", "metadata": { "description": "The networking pattern for deploying a hci cluster" } }, "intentList": { "defaultValue": [ { "name": "Compute_Management", "trafficType": [ "Management", "Compute" ], "adapter": [ "ethernet" ], "overrideVirtualSwitchConfiguration": false, "virtualSwitchConfigurationOverrides": { "enableIov": "", "loadBalancingAlgorithm": "" }, "overrideQosPolicy": true, "qosPolicyOverrides": { "priorityValue8021Action_Cluster": "7", "priorityValue8021Action_SMB": "3", "bandwidthPercentage_SMB": "50" }, "overrideAdapterProperty": true, "adapterPropertyOverrides": { "jumboPacket": "9014", "networkDirect": "Enabled", "networkDirectTechnology": "iWARP" } }, { "name": "Storage", "trafficType": [ "Storage" ], "adapter": [ "ethernet1" ], "overrideVirtualSwitchConfiguration": false, "virtualSwitchConfigurationOverrides": { "enableIov": "", "loadBalancingAlgorithm": "" }, "overrideQosPolicy": true, "qosPolicyOverrides": { "priorityValue8021Action_Cluster": "7", "priorityValue8021Action_SMB": "3", "bandwidthPercentage_SMB": "50" }, "overrideAdapterProperty": true, "adapterPropertyOverrides": { "jumboPacket": "9014", "networkDirect": "Enabled", "networkDirectTechnology": "iWARP" } } ], "type": "array", "metadata": { "description": "The intent list for deploying a hci cluster" } }, "storageNetworkList": { "defaultValue": [ { "name": "StorageNetwork2", "networkAdapterName": "ethernet1", "vlanId": "716" } ], "type": "array", "metadata": { "description": "The storage network list for deploying a hci cluster" } }, "storageConnectivitySwitchless": { "defaultValue": true, "type": "bool", "metadata": { "description": "The storage connectivity switchless value for deploying a hci cluster" } }, "secretsLocation":{ "defaultValue": "test.vault.azure.net", "type": "string", "metadata": { "description": "The custom location for deploying a hci cluster" } }, "customLocation": { "defaultValue": "democlusloc", "type": "string", "metadata": { "description": "The custom location for deploying a hci cluster" } }, "deploymentMode":{ "defaultValue": "Validate", "type": "string", "metadata": { "description" : "Can be of two types Validate or Deploy" } }, "enableStorageAutoIp": { "defaultvalue": false, "type": "bool", "metadata": { "description": "The enable storage auto ip value for deploying a hci cluster" } }, "sdnIntegration":{ "defaultValue": {}, "type": "object", "metadata": { "description": "SDN Configuration" } }, "sbeVersion": { "defaultValue": "", "type": "string", "metadata": { "description": "The sbe version" } }, "sbeFamily": { "defaultValue": "", "type": "string", "metadata": { "description": "The sbe version" } }, "sbePublisher": { "defaultValue": "", "type": "string", "metadata": { "description": "The sbe version" } }, "sbeManifestSource": { "defaultValue": "", "type": "string", "metadata": { "description": "The sbe version" } }, "sbeManifestCreationDate": { "defaultValue": "", "type": "string", "metadata": { "description": "The sbe version" } }, "partnerProperties": { "defaultValue": [], "type": "array", "metadata": { "description": "The partner properties" } }, "credentiallist": { "defaultValue": [], "type": "array", "metadata": { "description": "The partner credential properties" } }, "storageWitnessSecretName": { "defaultValue": "", "type": "string", "metadata": { "description": "The storage witness secret name" } }, "LocalAdminCredentialSecretName": { "defaultValue": "", "type": "string", "metadata": { "description": "The local admin credential secret name" } }, "domainAdminSecretName": { "defaultValue": "", "type": "string", "metadata": { "description": "The domain admin secret name" } }, "arbDeploymentSpnSecretName": { "defaultValue": "", "type": "string", "metadata": { "description": "The arb deployment spn secret name" } }, "storageWitnessECEName": { "defaultValue": "WitnessStorageKey", "type": "string", "metadata": { "description": "The storage witness ece name" } }, "LocalAdminCredentialECEName": { "defaultValue": "LocalAdminCredential", "type": "string", "metadata": { "description": "The local admin credential ece name" } }, "domainAdminCredentialECEName": { "defaultValue": "AzureStackLCMUserCredential", "type": "string", "metadata": { "description": "The domain admin ece name" } }, "arbDeploymentSpnCredentialECEName": { "defaultValue": "DefaultARBApplication", "type": "string", "metadata": { "description": "The arb deployment spn ece name" } }, "keyVaultName": { "defaultValue": "", "type": "string", "metadata": { "description": "The key vault name" } } }, "resources": [ { "type": "microsoft.azurestackhci/clusters/deploymentSettings", "apiVersion": "[parameters('apiVersion')]", "name": "[format('{0}/default', parameters('name'))]", "properties": { "arcNodeResourceIds": "[parameters('arcNodeResourceIds')]", "deploymentMode": "[parameters('deploymentMode')]", "deploymentConfiguration": { "version": "10.0.0.0", "scaleUnits": [ { "deploymentData": { "securitySettings": { "hvciProtection": true, "drtmProtection": true, "driftControlEnforced": "[parameters('driftControlEnforced')]", "credentialGuardEnforced": "[parameters('credentialGuardEnforced')]", "smbSigningEnforced": "[parameters('smbSigningEnforced')]", "smbClusterEncryption": "[parameters('smbClusterEncryption')]", "sideChannelMitigationEnforced": true, "bitlockerBootVolume": "[parameters('bitlockerBootVolume')]", "bitlockerDataVolumes": "[parameters('bitlockerDataVolumes')]", "wdacEnforced": "[parameters('wdacEnforced')]" }, "observability": { "streamingDataClient": "[parameters('streamingDataClient')]", "euLocation": "[parameters('euLocation')]", "episodicDataUpload": "[parameters('episodicDataUpload')]" }, "cluster": { "name": "[parameters('clusterName')]", "witnessType": "Cloud", "witnessPath": "", "cloudAccountName": "[parameters('cloudAccountName')]", "azureServiceEndpoint": "core.windows.net" }, "storage": { "configurationMode": "[parameters('configurationMode')]" }, "namingPrefix": "[parameters('namingPrefix')]", "domainFqdn": "[parameters('domainFqdn')]", "infrastructureNetwork": [ { "subnetMask": "[parameters('subnetMask')]", "gateway": "[parameters('defaultGateway')]", "ipPools": "[parameters('infrastructureIpPoolSettings')]", "dnsServers": "[parameters('dnsServers')]", "useDhcp": "[parameters('useDhcp')]" } ], "physicalNodes": "[parameters('physicalNodesSettings')]", "hostNetwork": { "intents": "[parameters('intentList')]", "storageNetworks": "[parameters('storageNetworkList')]", "storageConnectivitySwitchless": "[parameters('storageConnectivitySwitchless')]", "enableStorageAutoIp": "[parameters('enableStorageAutoIp')]" }, "secrets" : [ { "secretName": "[parameters('storageWitnessSecretName')]", "eceSecretName" : "[parameters('storageWitnessECEName')]", "secretLocation": "[concat('https://', parameters('keyVaultName'), '.vault.azure.net/secrets/', parameters('storageWitnessSecretName'))]" }, { "secretName": "[parameters('LocalAdminCredentialSecretName')]", "eceSecretName" : "[parameters('LocalAdminCredentialECEName')]", "secretLocation": "[concat('https://', parameters('keyVaultName'), '.vault.azure.net/secrets/', parameters('LocalAdminCredentialSecretName'))]" }, { "secretName": "[parameters('domainAdminSecretName')]", "eceSecretName" : "[parameters('domainAdminCredentialECEName')]", "secretLocation": "[concat('https://', parameters('keyVaultName'), '.vault.azure.net/secrets/', parameters('domainAdminSecretName'))]" }, { "secretName": "[parameters('arbDeploymentSpnSecretName')]", "eceSecretName" : "[parameters('arbDeploymentSpnCredentialECEName')]", "secretLocation": "[concat('https://', parameters('keyVaultName'), '.vault.azure.net/secrets/', parameters('arbDeploymentSpnSecretName'))]" } ], // disabling SDN ingetration until answefile validator bug is fixed // "sdnIntegration": "[parameters('sdnIntegration')]", "adouPath": "[parameters('adouPath')]", "secretsLocation": "[parameters('secretsLocation')]", "optionalServices": { "customLocation": "[parameters('customLocation')]" } }, "sbePartnerInfo": { "sbeDeploymentInfo": { "version": "[parameters('sbeVersion')]", "family": "[parameters('sbeFamily')]", "publisher": "[parameters('sbePublisher')]", "sbeManifestSource": "[parameters('sbeManifestSource')]", "sbeManifestCreationDate": "[parameters('sbeManifestCreationDate')]" }, "partnerProperties": "[parameters('partnerProperties')]", "credentialList": "[parameters('credentiallist')]" } } ] } } } ] } |