Deploy-AzureHDInsightEnvironment

1. #Requires -Version 3.0
2. #Requires -Modules Azure
3. #Requires -RunAsAdministrator
4. <#
5.         .NOTES
6.         #------------------------------------------------------------------------------------------------------------
7.         # Date              : 21-07-2016
8.         # Script name       : Deploy-AzureHDInsightEnvironment.ps1
9.         # Description       : Deploys the HDInsight environment in Azure.
10.         #
11.         # Created by        : Ralph Jansen
12.         # Extra module      : Azure (available from http://aka.ms/webpi-azps)
13.         # History           : RJA 21-07-2016 Initial version
14.         #
15.         #------------------------------------------------------------------------------------------------------------
16.        
17.         .DESCRIPTION
18.         Deploys the HDInsight environment in Azure
19.        
20. #>
21.  
22. # Set variables
23. # Change these:
24. $environment = "PRD"  # Value can be DEV, TST, ACC and PRD
25. $NetworkAddressRange = "172.0.0.10/24"
26. $SubnetAddressRange = "172.0.0.10/27"
27. $parametersFilePath = "C:\TEMP\parameters.json"
28. $templateFilePath = "C:\TEMP\template.json"
29. $ResourceGroupName = "AZU-RSG-HDINSIGHT-$environment"
30. $SubnetName = "AZU-NET-HDINSIGHT-$environment"
31. $VirtualNetworkName = "AZU-VNW-HDINSIGHT-$environment"
32. $NetworkSecurityGroupName = "AZU-NSG-HDINSIGHT-$environment"
33. $StorageAccountName = "azustahdinsight"+$environment.ToLower()
34. $deploymentlocation = "West Europe"
35.  
36. $ErrorActionPreference = "Stop"
37.  
38. Read-Host "Make sure that `n
39. - The Resource Group does not exist
40. - The subnet IP range and Network Address Range are correct
41. - The Environment name variable has been changed in this script, it is now $environment
42. - The Template.json and Paramters.json files can be access from the share with this account
43. Continue?"
44.  
45.  
46. $accounttype = Read-Host "Do you use a federated (corporate) account or an account like a live ID? Enter CORP or LIVE"
47. Switch ($accounttype)
48. {
49.     CORP { $Credential =Get-Credential; Login-AzureRmAccount -Credential $Credential }
50.     LIVE { Login-AzureRmAccount }
51.     Default { $Credential =Get-Credential; Login-AzureRmAccount -Credential $Credential }
52. }
53.  
54. # Do not change these:
55. $subnet = New-AzureRmVirtualNetworkSubnetConfig -Name "$SubnetName" -AddressPrefix "$SubnetAddressRange"
56.  
57. # Create new Resource Group
58. Write-Host "Creating Resource Group $ResourceGroupName in $deploymentlocation"
59. New-AzureRmResourceGroup -Name $ResourceGroupName -Location "$deploymentlocation"
60.  
61. # Create new virtual network
62. Write-Host "Creating network $VirtualNetworkName in Resource Group $ResourceGroupName in $deploymentlocation"
63. New-AzureRmVirtualNetwork -Name "$VirtualNetworkName" -ResourceGroupName "$ResourceGroupName" -Location "$deploymentlocation" -AddressPrefix "$NetworkAddressRange" -Subnet $subnet
64.  
65. # Register Resource Provider
66. Function RegisterRP {
67.     Param(
68.         [string]$ResourceProviderNamespace
69.     )
70.  
71.     Write-Host "Registering resource provider '$ResourceProviderNamespace'";
72.     Register-AzureRmResourceProvider -ProviderNamespace $ResourceProviderNamespace -Force;
73. }
74.  
75. $resourceProviders = @("microsoft.hdinsight","microsoft.storage");
76. if($resourceProviders.length) {
77.     Write-Host "Registering resource providers"
78.     foreach($resourceProvider in $resourceProviders) {
79.         RegisterRP($resourceProvider);
80.     }
81. }
82.  
83. # Start the deployment of the HDInsight cluster
84. Write-Host "Starting deployment of the HDInsight cluster...";
85. if(Test-Path $parametersFilePath) {
86.     New-AzureRmResourceGroupDeployment -ResourceGroupName $ResourceGroupName -TemplateFile $templateFilePath -TemplateParameterFile $parametersFilePath;
87. } else {
88.     New-AzureRmResourceGroupDeployment -ResourceGroupName $ResourceGroupName -TemplateFile $templateFilePath;
89. }
90.  
91. Write-Host "Deployment of HDInsigh cluster finished, performing post-install steps"
92.  
93. # Get the Virtual Network object
94. Write-Host "Creating and configuring Virtual Network"
95.  
96. $vnet = Get-AzureRmVirtualNetwork -Name $VirtualNetworkName -ResourceGroupName $ResourceGroupName
97. # Get the region the Virtual network is in.
98. $location = $vnet.Location
99. # Get the subnet object
100. $subnet = $vnet.Subnets | Where-Object Name -eq $SubnetName
101.  
102. # Creating a new Network Security Group and adding exemptions for the HDInsight health and management services.
103. $nsg = New-AzureRmNetworkSecurityGroup `
104.     -Name "$NetworkSecurityGroupName" `
105.     -ResourceGroupName $ResourceGroupName `
106.     -Location $location `
107.     | Add-AzureRmNetworkSecurityRuleConfig `
108.         -name "AZU-NSR-HDINSIGHT-$environment-01" `
109.         -Description "HDI health and management address 168.61.49.99" `
110.         -Protocol "*" `
111.         -SourcePortRange "*" `
112.         -DestinationPortRange "443" `
113.         -SourceAddressPrefix "168.61.49.99" `
114.         -DestinationAddressPrefix "VirtualNetwork" `
115.         -Access Allow `
116.         -Priority 300 `
117.         -Direction Inbound `
118.     | Add-AzureRmNetworkSecurityRuleConfig `
119.         -Name "AZU-NSR-HDINSIGHT-$environment-02" `
120.         -Description "HDI health and management 23.99.5.239" `
121.         -Protocol "*" `
122.         -SourcePortRange "*" `
123.         -DestinationPortRange "443" `
124.         -SourceAddressPrefix "23.99.5.239" `
125.         -DestinationAddressPrefix "VirtualNetwork" `
126.         -Access Allow `
127.         -Priority 301 `
128.         -Direction Inbound `
129.     | Add-AzureRmNetworkSecurityRuleConfig `
130.         -Name "AZU-NSR-HDINSIGHT-$environment-03" `
131.         -Description "HDI health and management 168.61.48.131" `
132.         -Protocol "*" `
133.         -SourcePortRange "*" `
134.         -DestinationPortRange "443" `
135.         -SourceAddressPrefix "168.61.48.131" `
136.         -DestinationAddressPrefix "VirtualNetwork" `
137.         -Access Allow `
138.         -Priority 302 `
139.         -Direction Inbound `
140.     | Add-AzureRmNetworkSecurityRuleConfig `
141.         -Name "AZU-NSR-HDINSIGHT-$environment-04" `
142.         -Description "HDI health and management 138.91.141.162" `
143.         -Protocol "*" `
144.         -SourcePortRange "*" `
145.         -DestinationPortRange "443" `
146.         -SourceAddressPrefix "138.91.141.162" `
147.         -DestinationAddressPrefix "VirtualNetwork" `
148.         -Access Allow `
149.         -Priority 303 `
150.         -Direction Inbound
151.  
152. # Apply the changes to the security group
153. Write-Host "Applying changes to Network Security Group"
154. Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $nsg
155.  
156. # Apply the NSG to the subnet
157. Write-Host "Applying the NSG to the subnet"
158. $vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $ResourceGroupName -Name $VirtualNetworkName
159. $subnetName = $vnet.Subnets.Name
160. $subnet = $vnet.Subnets | Where-Object Name -eq $subnetName
161. Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnetName -AddressPrefix $subnet.AddressPrefix -NetworkSecurityGroup $nsg | Set-AzureRmVirtualNetwork
162.  
163. Read-Host "Press any key to exit"