This script is an example on how provision a SEPPmail VM via PowerShell.
|
Note: Do not execute the script without customizing it. Make sure that you understand the implications and effects. |
Description
The script starts by establishing a connection to an Azure account using the Connect-AzAccount command. This step is necessary for executing Azure commands that interact with Azure resources. It then creates a new Azure resource group in the specified location using New-AzResourceGroup. Resource groups are containers that hold related resources for an Azure solution. After creating the resource group, the script proceeds to create a new Azure Storage account with the name "seppmailvm" within the created resource group. The storage account uses the "Standard_LRS" SKU indicating it is using Standard performance tier with Locally Redundant Storage.
It retrieves the keys for the newly created storage account using Get-AzStorageAccountKey. Storage account keys are used to authenticate access to the data in the storage account.
The script sets up a new container named "vhdcontainer" within the storage account, for storing VHD files. This is done using New-AzStorageContainer. Containers in Azure Blob Storage are used to group a set of blobs (files) and are analogous to directories in a file system.
Finally, it creates a storage context with New-AzStorageContext, which is essentially a way of providing authentication information and storage account details for subsequent operations on the storage account.
Required Modules
Az.Storage
Az.Compute
Az.Resources
Az.Accounts
Az.Network
Az.Security
Have azcopy installed on your machine.
Code
Connect-AzAccount
$loc = 'Switzerland North'
$rg = New-AzResourceGroup -Name nomoreStore -Location $loc
$sa = New-AzStorageAccount -ResourceGroupName $rg.ResourceGroupName -Name seppmailvm -SkuName Standard_LRS -Location $loc
$saKey = Get-AzStorageAccountKey -StorageAccountName $sa.StorageAccountName -ResourceGroupName $rg.ResourceGroupName
$sastoken = New-AzStorageAccountSASToken -Context $context -Service Blob -ResourceType Container,Object -Permission 'racwdlup' -ExpiryTime (Get-Date).AddDays(7) -Protocol HttpsOnly
$ctName = 'vhdcontainer'
$context = New-AzStorageContext -StorageAccountName $sa.StorageAccountName -StorageAccountKey $saKey[0].Value
$ct = New-AzStorageContainer -Name $ctName -Context $context -Permission Off
$DiskName = 'SEPPmail'
$blobUri = "https://$($sa.StorageAccountName).blob.core.windows.net/$($ct.Name)/$diskName.vhd"
$copyDest = $bloburi + '?' + $sastoken
azcopy copy 'C:\pathtoyourfile\System.vhd' $copyDest
$osType = 'Linux'
$diskSizeGB = 60 # set this to the size of your VHD
$diskConfig = New-AzDiskConfig -SkuName 'Standard_LRS' -Location $loc -CreateOption Import -SourceUri $blobUri -OsType $osType -DiskSizeGB $diskSizeGB -StorageAccountId $sa.id
$vmDisk = New-AzDisk -Disk $diskConfig -ResourceGroupName $rg.ResourceGroupName -DiskName $diskName
# Create a VM Network
$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name SMDevSubnet -AddressPrefix 10.50.0.0/24
$vnet = New-AzVirtualNetwork -ResourceGroupName $rg.ResourceGroupName -Location $loc -Name SEPPmailVnet -AddressPrefix 10.50.0.0/16 -Subnet $subnetConfig
$publicIp = New-AzPublicIpAddress -Name SEPPmailPublicIP -ResourceGroupName $rg.ResourceGroupName -Location $loc -AllocationMethod Static
$nic = New-AzNetworkInterface -Name SEPPmailNic -ResourceGroupName $rg.ResourceGroupName -Location $loc -SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $publicIp.Id
# Setup VM Config
$vmConfig = New-AzVMConfig -VMName SEPPmailAzure -VMSize Standard_DS2_v2
$vmConfig = Set-AzVMOSDisk -VM $vmConfig -ManagedDiskId $vmdisk.Id -CreateOption Attach -Linux
$vmConfig = Add-AzVMNetworkInterface -VM $vmConfig -Id $nic.Id
# Create VM
$SEPPmailVM = New-AzVM -ResourceGroupName $rg.ResourceGroupName -Location $loc -VM $vmConfig
# Open Port 8443 to the public Interface
$rule = New-AzNetworkSecurityRuleConfig -Name SEPPmailInboundRule -Description "Allow TCP 8443" -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 8443
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName $rg.ResourceGroupName -Location $loc -Name SEPPmailInboundNSG -SecurityRules $rule
$nic.NetworkSecurityGroup = $nsg
$nic | Set-AzNetworkInterface
