SHARE
TWEET

Untitled

a guest Feb 20th, 2019 56 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. The collection of scripts in this repository plus this readme will guide a user through the creation of an automated solution to create a templated image of a Windows VM which is updated and maintained weekly.
  2.  
  3. Step 0. - Pre Requisites:
  4.  
  5.     It is expected that the user will have access to:
  6.         *   An Azure Subscription or MSDN Account with Azure Credits.
  7.         *   Rights within azure to create and edit resources.
  8.  
  9. Step 1 - Environment Setup:
  10.  
  11.     *   Create a Resource Group specifically for the use of storing and maintianing the VM template, images and automation
  12.     *   Within the Resourse group add an Automation Account, by using the Add option in the Resource Group, searching for and selecting Automation
  13.         *   Provide a relevant name for the automation account, ensure it is in the correct subscription and resource group, ensure the 'Create Azure Run As Account' it selected 'yes'
  14.     *   Select the newly created Automation Account, select modules in the left hand menu and ensure the following modules are present. if not use the 'add a module' and follow the UI instuctions to add them:
  15.         *   Azure
  16.         *   Azure.Storage
  17.         *   AzureRM.Automation
  18.         *   AzureRM.Compute
  19.         *   AzureRM.KeyVault
  20.         *   AzureRM.Network
  21.         *   AzureRM.Profile
  22.         *   AzureRM.Resources
  23.         *   AzureRM.Sql
  24.         *   AzureRM.Storage
  25.     * Within the Resourse group add Key Vault, by using the Add option in the Resource Group, searching for an selecting Key Vault
  26.         *   Provide a relevant name for the Key Vault, ensure it is in the correct Subscription and Resource Group.
  27.             *   Select 'Access Policies' in the Key Vault Creation Page, which should have 1 principal (you). In the Access Policies menu select 'Add New'
  28.                 *   In the Add Access Policy Menu, select 'Secret Management' as the Template. Click Add Principal and seach for and select the name of the previously created automation account
  29.         *   OK everything and Create the Key Vault
  30.     * Within the Resourse group add Storage Account, by using the Add option in the Resource Group, searching for an selecting 'Storage account - blob, file, table, queue'
  31.         * Provide a relevant name for the Storage Account, ensure it is in the correct Subscription and Resource Group.
  32.             * Select Stoage Account from the Resource Group Dashboard, in the left hand menu select 'Blobs' under the 'Blob Service' section
  33.                 * In the Blobs pane that loads, click on '+ Container' at the top of the pane
  34.                     * Provide a name for this blob store (As it is going to be used to store scripts I recommend calling it 'scripts'), ensure the access level is set to 'Private'
  35.                 * Ok Eveything to create the Blog container.
  36.         * Browse to the Blob Container in the Azure Portal, (Resource Group > Storage Account > Blob Container)
  37.             * in the container pane, select the upload options and upload the following 2 scripts to this location:
  38.                 1. "2a. WindowsUpdate.ps1"
  39.                 2. "3a. Sysprep.ps1"
  40.  
  41.  
  42. Step 2 - Create Automation Runbooks:
  43.  
  44.     *  Browse to the Runbooks section of the Automation Account previously created (Resource Group > Automation Account > Runbooks)
  45.         1.  Add a runbook, select 'Create a new runbook', give this a name ("DeployTemplateVM"), Select 'PowerShell' in Runbook type then create the Runbook
  46.             *   When the Runbook is created it will take you to the 'Edit PowerShell Runbook' pane, enter the code from '1. Build New Template to Update.ps1'
  47.             *   enter the relevant variables in the top section of the code and use the test pane to ensure the code executes correctly.
  48.         2.  Add a runbook, select 'Create a new runbook', give this a name ("InvokeUpdate"), Select 'PowerShell' in Runbook type then create the Runbook
  49.             *   When the Runbook is created it will take you to the 'Edit PowerShell Runbook' pane, enter the code from '2. Invoke Updates.ps1'
  50.             *   enter the relevant variables in the top section of the code and use the test pane to ensure the code executes correctly.
  51.         3.  Add a runbook, select 'Create a new runbook', give this a name ("InvokeSysprep"), Select 'PowerShell' in Runbook type then create the Runbook
  52.             *   When the Runbook is created it will take you to the 'Edit PowerShell Runbook' pane, enter the code from '3. Invoke Sysprep.ps1'
  53.             *   enter the relevant variables in the top section of the code and use the test pane to ensure the code executes correctly.
  54.         4.  Add a runbook, select 'Create a new runbook', give this a name ("SnapshotAndCopy"), Select 'PowerShell' in Runbook type then create the Runbook
  55.             *   When the Runbook is created it will take you to the 'Edit PowerShell Runbook' pane, enter the code from '4. Snapshot and Move to SAs.ps1'
  56.             *   enter the relevant variables in the top section of the code and use the test pane to ensure the code executes correctly.
  57.         5.  Add a runbook, select 'Create a new runbook', give this a name ("ImageAndCleanup"), Select 'PowerShell' in Runbook type then create the Runbook
  58.             *   When the Runbook is created it will take you to the 'Edit PowerShell Runbook' pane, enter the code from '5. Create all Images and Cleanup.ps1'
  59.             *   enter the relevant variables in the top section of the code and use the test pane to ensure the code executes correctly.
  60.  
  61. Step 3 - Create VM (Template/Baseline):
  62.  
  63.     *   Create a Windows VM in azure, (whatever version of windows you would like) install relevant tools ect. to setup the environemnt.
  64.     *   Once you have built the VM and installed all required software, you need to use 'sysprep.exe' to prepare the VM for imaging.
  65.     *   In the VM, open Powershell as an Administrator enter the following, bare in mind that this will shutdown the VM and remove all user specific files.:
  66.        
  67.         >C:\Windows\System32\sysprep\sysprep.exe /generalize /oobe /shutdown
  68.        
  69.     *   The VM will disconnect the RDP session. After while you will see the dashed lines for the resource useage data for the VM in the VM overview, this signifies the sysprep has completed.
  70.  
  71. Step 4 - Create set of images.
  72.  
  73.     * Once the Sysprep has completed, browse to the runbook "SnapshotAndCopy" (Resource Group > SnapshotAndCopy)
  74.         * In the Runbook, Click the 'Start' button at the top of the screen to initiate the first half of the image creation process
  75.     * For obvious reasons Azure Runbooks will not run forwever and the copy process takes a few hours. Wait about 3 hours from the time the 'SnapshotAndCopy' was initiated
  76.     * After waiting a couple of hours, browse to the runbook "ImageAndCleanup" (Resource Group > ImageAndCleanup)
  77.         * In the Runbook, Click the 'Start' button at the top of the screen to initiate the second half of the image creation process.
  78.  
  79. Step 5 - Check and Test.
  80.  
  81.     * Once completed, browse to your Resource Group, there you should see an image for all the locations you specified along with the runbooks, automation account, key vault and storage account required for the automation.
  82.     * It is recommended to test a VM deployment from one of the newlsy created images to ensure that eveything has worked as expected.
  83.         * You can do this by running the script "CreateInvestigationVM_v2.ps1" on you local machine (you will need to configure the script with relevant variables)
  84.             * This will create a VM from one of the images you have created using the automation, (depending on your configuration you may need to create a new Resource Group with a Key Vault)
  85.  
  86. Step 6 - Create Schedual.
  87.  
  88.     * After everything has been checked and you are happy to automate the process of updating the template and deploying updated images automatically, you need to create a scheduel to execute the runbooks in order.
  89.     * Navigte to the Schedules within the Automation Account (Resource Group > Automation Account > Schedules).
  90.     * Select "+ Add a schedule", provide a name, a start date and time, a timezone and a reccurrence, examples are as follows:
  91.         * Name                          Start Date / Time       Time Zone       Reccurrence
  92.         * Deploy_Saturday_PM            05/01/2019 23:00        UTC             Every 1 week on a Sunday                                    
  93.         * Update_Sunday_AM_1            06/01/2019 00:00        UTC             Every 1 week on a Sunday
  94.         * Update_Sunday_AM_2            06/01/2019 01:00        UTC             Every 1 week on a Sunday
  95.         * Sysprep_Sunday_AM             06/01/2019 02:00        UTC             Every 1 week on a Sunday
  96.         * CopyToSAs_Sunday_AM           06/01/2019 04:00        UTC             Every 1 week on a Sunday
  97.         * ImageAndCleanup_Sunday_AM     06/01/2019 07:00        UTC             Every 1 week on a Sunday
  98.     * Finally you need to Assing the relevant Runbook to the Schedule you have just created. Navigate to each runbook (Resourse Group > Runbook)
  99.         * Select Schedules in the left side menu, select 'Link a schedule to your runbook', select the relevant schedule then click OK to confirm the selection.
  100.         * examples are as follows:
  101.             * Schedule Name                 Associated Runbook
  102.             * Deploy_Saturday_PM            DeployTemplateVM                            
  103.             * Update_Sunday_AM_1            InvokeUpdate
  104.             * Update_Sunday_AM_2            InvokeUpdate
  105.             * Sysprep_Sunday_AM             InvokeSysprep
  106.             * CopyToSAs_Sunday_AM           SnapshotAndCopy
  107.             * ImageAndCleanup_Sunday_AM     ImageAndCleanup
  108.  
  109. Thats it, you now have an automated setup to ensure regionally deployed images are updated regulaly.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top