Skip to content

Commit

Permalink
Merge pull request #1162 from et1975/master
Browse files Browse the repository at this point in the history 
gallery image reference and security profile support for VMs
  • Loading branch information
@ninjarobot
ninjarobot authored Dec 6, 2024
2 parents d3e8979 + 6d9525e commit d81de41
Show file tree
Hide file tree
Showing 10 changed files with 530 additions and 16 deletions.
3 changes: 3 additions & 0 deletions RELEASE_NOTES.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
Release Notes
=============
## vNext
- Support gallery references for VMs (`operating_system`)
- Support for VM/VMSS security profile options (#1163)

## 1.9.6
- Network Interface: Support for adding Network Security Group (NSG) to Network Interface (NIC)
Expand Down
8 changes: 7 additions & 1 deletion docs/content/api-overview/resources/virtual-machine.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ In addition, every VM you create will add a SecureString parameter to the ARM te
| diagnostics_support | Turns on diagnostics support using an automatically created storage account. |
| diagnostics_support_managed | Turns on diagnostics support using an Azure-managed storage account. |
| diagnostics_support_external | Turns on diagnostics support using an existing storage account. |
| encryption_at_host | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. |
| encryption_identity | Specifies the Managed Identity used by ADE to get access token for keyvault operations. |
| proxy_agent | Specifies ProxyAgent settings while creating the virtual machine. |
| secure_boot | UEFI security settings for secure boot. |
| vtpm | UEFI security settings for vTPM. |
| security_type | Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. |
| vm_size | Sets the size of the VM. |
| priority | Sets the VM Priority. Only one `spot_instance` or `priority` setting is allowed per VM. No priority is set by default. |
| spot_instance | Makes the VM a spot instance. Shorthand for `priority (Spot (<EvictionPolicy>, <maxPrice>)`. Only one `spot_instance` or `priority` setting is allowed per VM. |
Expand Down Expand Up @@ -60,7 +66,7 @@ In addition, every VM you create will add a SecureString parameter to the ARM te
| private_ip_allocation | Sets the *private* IP as Dynamic or Static. The default is dynamic. |
| ip_forwarding | Enable or disable IP forwarding on the primary network interface. Secondary NICs will leave it undefined. |
| accelerated_networking | Enable or disable accelerated networking on all network interfaces generated for the VM. |
| add_ip_configuration | Add `ipConfig` definitions to add additional IP addresses or connect to multiple subnets. Connecting to additional subnets will generate a NIC for each subnet. |
| add_ip_configuration | Add `ipConfig` definitions to add additional IP addresses or connect to multiple subnets. Connecting to additional subnets will generate a NIC for each subnet. |
| network_security_group | Sets the Network Security Group (NSG) for VM/NIC. Enables you to create and share firewall rule sets. |
| link_to_network_security_group | Specify an existing Network Security Group (NSG) for VM/NIC. |
| link_application_security_groups | Link this VM to one or more application security groups (no dependency generated). |
Expand Down
4 changes: 4 additions & 0 deletions docs/content/api-overview/resources/vm-scale-set.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ The Virtual Machine Scale Set builder (`vmss`) creates a virtual machine scale s
| vmss | scale_in_policy | Specify the policy for determining which VMs to remove when scaling in. |
| vmss | scale_in_force_deletion | Indicates the VMs should be force deleted so they free the resources more quickly. |
| vmss | upgrade_mode | Specify Manual, Automatic, or Rolling upgrades. Rolling upgrades require the Application Health Extension or a Health Probe to ensure newly replaced instances are healthy before replacing more of them. |
| vmss | osupgrade_automatic | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. |
| vmss | osupgrade_automatic_rollback | Whether OS image rollback feature should be enabled. Enabled by default. |
| vmss | osupgrade_rolling_upgrade | Indicates whether rolling upgrade policy should be used during Auto OS Upgrade. Default value is false. Auto OS Upgrade will fallback to the default policy if no policy is defined on the VMSS. |
| vmss | osupgrade_rolling_upgrade_deferral | Indicates whether Auto OS Upgrade should undergo deferral. Deferred OS upgrades will send advanced notifications on a per-VM basis that an OS upgrade from rolling upgrades is incoming, via the IMDS tag 'Platform.PendingOSUpgrade'. The upgrade then defers until the upgrade is approved via an ApproveRollingUpgrade call. |
| applicationHealthExtension | vmss | When adding the extension as a resource, this specifies the VM scale set it should be applied to. |
| applicationHealthExtension | os | Operating system (Linux or Windows) to install the correct extension for that OS. |
| applicationHealthExtension | protocol | Protocol (TCP, HTTP, or HTTPS) to probe, and if specifying HTTP or HTTPS, include the path. |
Expand Down
1 change: 1 addition & 0 deletions samples/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
farmer-deploy.json
120 changes: 118 additions & 2 deletions src/Farmer/Arm/Compute.fs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,69 @@ type NetworkInterfaceConfiguration = {
|}
|}

type VmProxyAgentSettings = {
Enabled: bool
KeyIncarnationId: int
Mode: VmProxyAgentMode
}

type UefiSettings = {
SecureBoot: FeatureFlag option
Vtpm: FeatureFlag option
} with

static member Default = { SecureBoot = None; Vtpm = None }

type VmSecurityProfile = {
EncryptionAtHost: bool option
EncryptionIdentity: Identity.ManagedIdentity option
ProxyAgentSettings: VmProxyAgentSettings option
SecurityType: VmSecurityType option
UefiSettings: UefiSettings option
} with

static member Default = {
EncryptionAtHost = None
EncryptionIdentity = None
ProxyAgentSettings = None
SecurityType = None
UefiSettings = None
}

member this.ToArmJson = {|
encryptionAtHost = this.EncryptionAtHost |> Option.toNullable
encryptionIdentity =
this.EncryptionIdentity
|> Option.map (fun x -> {|
userAssignedIdentityResourceId =
if x = ManagedIdentity.Empty then
Unchecked.defaultof<_>
else
x.ToArmJson
|})
|> Option.defaultValue Unchecked.defaultof<_>
proxyAgentSettings =
this.ProxyAgentSettings
|> Option.map (fun x -> {|
enabled = x.Enabled
keyIncarnationId = x.KeyIncarnationId
mode = x.Mode.ArmValue
|})
|> Option.defaultValue Unchecked.defaultof<_>
securityType =
this.SecurityType
|> Option.map _.ArmValue
|> Option.defaultValue Unchecked.defaultof<_>
uefiSettings =
this.UefiSettings
|> Option.map (fun x -> {|
secureBootEnabled = x.SecureBoot |> Option.map FeatureFlag.toBool |> Option.toNullable
vTpmEnabled = x.Vtpm |> Option.map FeatureFlag.toBool |> Option.toNullable
|})
|> Option.defaultValue Unchecked.defaultof<_>
|}


module VirtualMachine =
let additionalCapabilities (dataDisks: DataDiskCreateOption list) =
// If data disks use UltraSSD then enable that support
Expand Down Expand Up @@ -285,7 +348,17 @@ module VirtualMachine =
{|
imageReference =
match osDisk with
| FromImage(imageDefintion, _) ->
| FromImage(GalleryImageRef(_, (SharedGalleryImageId _ as imageRef)), _) ->
{|
sharedGalleryImageId = imageRef.ArmValue
|}
:> obj
| FromImage(GalleryImageRef(_, (CommunityGalleryImageId _ as imageRef)), _) ->
{|
communityGalleryImageId = imageRef.ArmValue
|}
:> obj
| FromImage(ImageDefinition imageDefintion, _) ->
{|
publisher = imageDefintion.Publisher.ArmValue
offer = imageDefintion.Offer.ArmValue
Expand Down Expand Up @@ -395,6 +468,7 @@ type VirtualMachine = {
Dependencies: ResourceId Set
AvailabilityZone: string option
DiagnosticsEnabled: bool option
SecurityProfile: VmSecurityProfile option
StorageAccount: LinkedResource option
Size: VMSize
Priority: Priority option
Expand Down Expand Up @@ -456,6 +530,10 @@ type VirtualMachine = {
this.CustomData,
this.PublicKeys
)
securityProfile =
this.SecurityProfile
|> Option.map _.ToArmJson
|> Option.defaultValue Unchecked.defaultof<_>
storageProfile = VirtualMachine.storageProfile (this.Name, this.OsDisk, this.DataDisks, false)
networkProfile = VirtualMachine.networkProfile (this.NetworkInterfaceIds, [])
diagnosticsProfile = VirtualMachine.diagnosticsProfile (this.DiagnosticsEnabled, this.StorageAccount)
Expand All @@ -481,11 +559,44 @@ type VirtualMachine = {
zones = this.AvailabilityZone |> Option.map ResizeArray |> Option.toObj
|}

type VmssAutomaticOSUpgradePolicy = {
DisableAutomaticRollback: bool option
EnableAutomaticOSUpgrade: bool option
OsRollingUpgradeDeferral: bool option
UseRollingUpgradePolicy: bool option
} with

member this.ArmJson = {|
disableAutomaticRollback = this.DisableAutomaticRollback |> Option.toNullable
enableAutomaticOSUpgrade = this.EnableAutomaticOSUpgrade |> Option.toNullable
osRollingUpgradeDeferral = this.OsRollingUpgradeDeferral |> Option.toNullable
useRollingUpgradePolicy = this.UseRollingUpgradePolicy |> Option.toNullable
|}

static member Default = {
DisableAutomaticRollback = None
EnableAutomaticOSUpgrade = None
OsRollingUpgradeDeferral = None
UseRollingUpgradePolicy = None
}

type ScaleSetUpgradePolicy = {
Mode: VmScaleSet.UpgradeMode
AutomaticOSUpgradePolicy: VmssAutomaticOSUpgradePolicy option
} with

member this.ArmJson = {| mode = this.Mode.ArmValue |}
static member Default = {
Mode = VmScaleSet.UpgradeMode.Automatic
AutomaticOSUpgradePolicy = None
}

member this.ArmJson = {|
mode = this.Mode.ArmValue
automaticOSUpgradePolicy =
this.AutomaticOSUpgradePolicy
|> Option.map _.ArmJson
|> Option.defaultValue Unchecked.defaultof<_>
|}

type ScaleSetScaleInPolicy = {
// Set false when reusing disks or MAC addresses
Expand Down Expand Up @@ -522,6 +633,7 @@ type VirtualMachineScaleSet = {
Size: VMSize
Capacity: int
ScaleInPolicy: ScaleSetScaleInPolicy
SecurityProfile: VmSecurityProfile option
UpgradePolicy: ScaleSetUpgradePolicy
AutomaticRepairsPolicy: ScaleSetAutomaticRepairsPolicy option
Priority: Priority option
Expand Down Expand Up @@ -609,6 +721,10 @@ type VirtualMachineScaleSet = {
this.CustomData,
this.PublicKeys
)
securityProfile =
this.SecurityProfile
|> Option.map _.ToArmJson
|> Option.defaultValue Unchecked.defaultof<_>
storageProfile =
VirtualMachine.storageProfile (this.Name, this.OsDisk, this.DataDisks, true)
networkProfile = {|
Expand Down
Loading

0 comments on commit d81de41

Please sign in to comment.