anwather/OnboardingScript.ps1

## OnboardingScript.ps1
# Lines 32-44 we will change to be parameters for the script - so multiple copies don't have to be maintained.
# Not all these values need to be exposed e.g. proxy, tenant, auth_type should remain the same.

# Line 66 calls out to "https://gbl.his.arc.azure.com/azcmagent-windows" which is the script to download and install the agent.
# This script verifies a whole heap of pre-requisites on the server.
# The agent installer comes from "https://gbl.his.arc.azure.com/azcmagent/latest/AzureConnectedMachineAgent.msi"

# Once agent installation is complete it returns to this script and runs the "azcmagent connect" command to connect to Azure.


$global:scriptPath = $myinvocation.mycommand.definition

function Restart-AsAdmin {
    $pwshCommand = "powershell"
    if ($PSVersionTable.PSVersion.Major -ge 6) {
        $pwshCommand = "pwsh"
    }

    try {
        Write-Host "This script requires administrator permissions to install the Azure Connected Machine Agent. Attempting to restart script with elevated permissions..."
        $arguments = "-NoExit -Command `"& '$scriptPath'`""
        Start-Process $pwshCommand -Verb runAs -ArgumentList $arguments
        exit 0
    }
    catch {
        throw "Failed to elevate permissions. Please run this script as Administrator."
    }
}

try {
    if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
        if ([System.Environment]::UserInteractive) {
            Restart-AsAdmin
        }
        else {
            throw "This script requires administrator permissions to install the Azure Connected Machine Agent. Please run this script as Administrator."
        }
    }

    # Add the service principal application ID and secret here
    $ServicePrincipalId = "1a967826-d9b2-4e5e-907d-2a459f017a55";
    $ServicePrincipalClientSecret = "<ENTER SECRET HERE>";

    $env:SUBSCRIPTION_ID = "01e2f327-74ac-451e-8ad9-1f923a06d634"; # Subscription Id
    $env:RESOURCE_GROUP = "arc_gw_test"; # Resource Group
    $env:TENANT_ID = "ab9330c6-7920-437d-9ff9-c6f2e3814689"; # Tenant Id
    $env:LOCATION = "australiaeast"; # Location
    $env:AUTH_TYPE = "principal"; # Auth Type
    $env:CORRELATION_ID = "1ea0c497-e98b-4573-8a92-88a0db8810c9"; # Auto generated Correlation Id for this instance of the script - you can generate your own GUID
    $env:CLOUD = "AzureCloud";
    $env:GATEWAY_ID = "/subscriptions/01e2f327-74ac-451e-8ad9-1f923a06d634/resourceGroups/arc_gw/providers/Microsoft.HybridCompute/gateways/arc-gw-aue-001"; # Arc Gateway Resource Id
    $env:PROXY = "http://myproxy:8080"; # Proxy if required


    [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072;

    $azcmagentPath = Join-Path $env:SystemRoot "AzureConnectedMachineAgent"
    if (-Not (Test-Path -Path $azcmagentPath)) {
        New-Item -Path $azcmagentPath -ItemType Directory
        Write-Output "Directory '$azcmagentPath' created"
    }

    $tempPath = Join-Path $azcmagentPath "temp"
    if (-Not (Test-Path -Path $tempPath)) {
        New-Item -Path $tempPath -ItemType Directory
        Write-Output "Directory '$tempPath' created"
    }

    $installScriptPath = Join-Path $tempPath "install_windows_azcmagent.ps1"

    # Download the installation package
    Invoke-WebRequest -UseBasicParsing -Uri "https://gbl.his.arc.azure.com/azcmagent-windows" -TimeoutSec 30 -OutFile "$installScriptPath" -proxy $env:PROXY;

    # Install the hybrid agent
    & "$installScriptPath" -proxy $env:PROXY;
    if ($LASTEXITCODE -ne 0) { exit 1; }
    Start-Sleep -Seconds 5;

    # Run connect command
    & "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" connect --service-principal-id "$ServicePrincipalId" --service-principal-secret "$ServicePrincipalClientSecret" --resource-group "$env:RESOURCE_GROUP" --tenant-id "$env:TENANT_ID" --location "$env:LOCATION" --subscription-id "$env:SUBSCRIPTION_ID" --cloud "$env:CLOUD" --gateway-id "$env:GATEWAY_ID" --tags 'Country=Australia' --correlation-id "$env:CORRELATION_ID";
}
catch {
    $logBody = @{subscriptionId = "$env:SUBSCRIPTION_ID"; resourceGroup = "$env:RESOURCE_GROUP"; tenantId = "$env:TENANT_ID"; location = "$env:LOCATION"; correlationId = "$env:CORRELATION_ID"; authType = "$env:AUTH_TYPE"; operation = "onboarding"; messageType = $_.FullyQualifiedErrorId; message = "$_"; };
    Invoke-WebRequest -UseBasicParsing -Uri "https://gbl.his.arc.azure.com/log" -Method "PUT" -Body ($logBody | ConvertTo-Json) -proxy $env:PROXY | out-null;
    Write-Host  -ForegroundColor red $_.Exception;
}
	# Lines 32-44 we will change to be parameters for the script - so multiple copies don't have to be maintained.
	# Not all these values need to be exposed e.g. proxy, tenant, auth_type should remain the same.

	# Line 66 calls out to "https://gbl.his.arc.azure.com/azcmagent-windows" which is the script to download and install the agent.
	# This script verifies a whole heap of pre-requisites on the server.
	# The agent installer comes from "https://gbl.his.arc.azure.com/azcmagent/latest/AzureConnectedMachineAgent.msi"

	# Once agent installation is complete it returns to this script and runs the "azcmagent connect" command to connect to Azure.


	$global:scriptPath = $myinvocation.mycommand.definition

	function Restart-AsAdmin {
	$pwshCommand = "powershell"
	if ($PSVersionTable.PSVersion.Major -ge 6) {
	$pwshCommand = "pwsh"
	}

	try {
	Write-Host "This script requires administrator permissions to install the Azure Connected Machine Agent. Attempting to restart script with elevated permissions..."
	$arguments = "-NoExit -Command `"& '$scriptPath'`""
	Start-Process $pwshCommand -Verb runAs -ArgumentList $arguments
	exit 0
	}
	catch {
	throw "Failed to elevate permissions. Please run this script as Administrator."
	}
	}

	try {
	if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
	if ([System.Environment]::UserInteractive) {
	Restart-AsAdmin
	}
	else {
	throw "This script requires administrator permissions to install the Azure Connected Machine Agent. Please run this script as Administrator."
	}
	}

	# Add the service principal application ID and secret here
	$ServicePrincipalId = "1a967826-d9b2-4e5e-907d-2a459f017a55";
	$ServicePrincipalClientSecret = "<ENTER SECRET HERE>";

	$env:SUBSCRIPTION_ID = "01e2f327-74ac-451e-8ad9-1f923a06d634"; # Subscription Id
	$env:RESOURCE_GROUP = "arc_gw_test"; # Resource Group
	$env:TENANT_ID = "ab9330c6-7920-437d-9ff9-c6f2e3814689"; # Tenant Id
	$env:LOCATION = "australiaeast"; # Location
	$env:AUTH_TYPE = "principal"; # Auth Type
	$env:CORRELATION_ID = "1ea0c497-e98b-4573-8a92-88a0db8810c9"; # Auto generated Correlation Id for this instance of the script - you can generate your own GUID
	$env:CLOUD = "AzureCloud";
	$env:GATEWAY_ID = "/subscriptions/01e2f327-74ac-451e-8ad9-1f923a06d634/resourceGroups/arc_gw/providers/Microsoft.HybridCompute/gateways/arc-gw-aue-001"; # Arc Gateway Resource Id
	$env:PROXY = "http://myproxy:8080"; # Proxy if required


	[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072;

	$azcmagentPath = Join-Path $env:SystemRoot "AzureConnectedMachineAgent"
	if (-Not (Test-Path -Path $azcmagentPath)) {
	New-Item -Path $azcmagentPath -ItemType Directory
	Write-Output "Directory '$azcmagentPath' created"
	}

	$tempPath = Join-Path $azcmagentPath "temp"
	if (-Not (Test-Path -Path $tempPath)) {
	New-Item -Path $tempPath -ItemType Directory
	Write-Output "Directory '$tempPath' created"
	}

	$installScriptPath = Join-Path $tempPath "install_windows_azcmagent.ps1"

	# Download the installation package
	Invoke-WebRequest -UseBasicParsing -Uri "https://gbl.his.arc.azure.com/azcmagent-windows" -TimeoutSec 30 -OutFile "$installScriptPath" -proxy $env:PROXY;

	# Install the hybrid agent
	& "$installScriptPath" -proxy $env:PROXY;
	if ($LASTEXITCODE -ne 0) { exit 1; }
	Start-Sleep -Seconds 5;

	# Run connect command
	& "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" connect --service-principal-id "$ServicePrincipalId" --service-principal-secret "$ServicePrincipalClientSecret" --resource-group "$env:RESOURCE_GROUP" --tenant-id "$env:TENANT_ID" --location "$env:LOCATION" --subscription-id "$env:SUBSCRIPTION_ID" --cloud "$env:CLOUD" --gateway-id "$env:GATEWAY_ID" --tags 'Country=Australia' --correlation-id "$env:CORRELATION_ID";
	}
	catch {
	$logBody = @{subscriptionId = "$env:SUBSCRIPTION_ID"; resourceGroup = "$env:RESOURCE_GROUP"; tenantId = "$env:TENANT_ID"; location = "$env:LOCATION"; correlationId = "$env:CORRELATION_ID"; authType = "$env:AUTH_TYPE"; operation = "onboarding"; messageType = $_.FullyQualifiedErrorId; message = "$_"; };
	Invoke-WebRequest -UseBasicParsing -Uri "https://gbl.his.arc.azure.com/log" -Method "PUT" -Body ($logBody \| ConvertTo-Json) -proxy $env:PROXY \| out-null;
	Write-Host -ForegroundColor red $_.Exception;
	}
No results found