Simon Waight sjwaight

## create-linux-vm.ps1
# Script assumes you have setup your subscription and
# have a default storage account in West US.

# You should change these to values you want.
$cloudService = "{cloudservice}"
$hostname = "{dockermanagementhost}"
$linuxUser = "{linxuser}"
$linuxPass = "{linxpasswd}"
$location = "West US"

## setup-docker-manager.sh
#!/bin/bash

if [ "$EUID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

# pull down the necessary bits to install node
curl -sL https://rpm.nodesource.com/setup | bash -

## vmdeploy-snippet.json
"osProfile": {
    "computername": "[variables('vmName')]",
    "adminUsername": "[parameters('adminUsername')]",
    "adminPassword": "[parameters('adminPassword')]"
}

## provision-vault.ps1
# Log into our Account.
Login-AzureRmAccount
# Create a new Resource Group
New-AzureRmResourceGroup -Name 'sw-sec-demo' -Location 'West US'
# Create new Key Vault instance - important to add "EnabledForDeployment"
New-AzureRmKeyVault -VaultName 'ProvisioningVault' -ResourceGroupName 'sw-sec-demo' -Location 'West US' -EnabledForTemplateDeployment

## create-secret.ps1
# Convert plaintext to secure string
$adminPass = ConvertTo-SecureString -String 'L0Lcat5^_^!' -AsPlainText -Force
# Add the password as a Secret
Set-AzureKeyVaultSecret -VaultName 'ProvisionVault' -Name 'LocalAdminPass' -SecretValue $adminPass

## keyvault-params-definition.json
 "adminPassword": {
     "reference": {
        "keyVault": {
          "id": "/subscriptions/{subscription-guid}/resourceGroups/{keyvault-rg}/providers/Microsoft.KeyVault/vaults/ProvisioningVault"
        },
        "secretName": "LocalAdminPass"
      }
  }

## dsc-arm-snippet.json
{
  "_comment": "originally from: https://github.com/Azure/azure-quickstart-templates/blob/master/201-web-app-vm-dsc/azuredeploy.json"
  "name": "DSCExt1",
  "type": "extensions",
  "location": "[parameters('vmLocation')]",
  "apiVersion": "2015-05-01-preview",
  "dependsOn": [
    "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
  ],
  "tags": {

## enforce-tags.json

  "if": {
    "not": {
      "anyOf": [
        {
          "field": "tags",
          "containsKey": "CostCentre"
        },
        {
          "field": "tags",

## vm-power-manager-customrole.json
{
  "Name": "Virtual Machine Power Manager",
  "IsCustom": true,
  "Description": "Can monitor, stop, start and restart v2 ARM virtual machines.",
  "Actions": [
    "Microsoft.Storage/*/read",
    "Microsoft.Network/*/read",
    "Microsoft.Compute/*/read",
    "Microsoft.Compute/virtualMachines/start/action",
    "Microsoft.Compute/virtualMachines/powerOff/action",

## Set-AzureRmADGroupRoleForResourceGroup.ps1
param(
    [Parameter(Mandatory=$true)]
    [string] $SecurityGroupName,

    [Parameter(Mandatory=$true)]
    [string] $RequiredAzureRoleName,

    [Parameter(Mandatory=$true)]
    [string] $ResourceGroupName
)
	# Script assumes you have setup your subscription and
	# have a default storage account in West US.

	# You should change these to values you want.
	$cloudService = "{cloudservice}"
	$hostname = "{dockermanagementhost}"
	$linuxUser = "{linxuser}"
	$linuxPass = "{linxpasswd}"
	$location = "West US"
	#!/bin/bash

	if [ "$EUID" -ne 0 ]
	then echo "Please run as root"
	exit
	fi

	# pull down the necessary bits to install node
	curl -sL https://rpm.nodesource.com/setup \| bash -
	"osProfile": {
	"computername": "[variables('vmName')]",
	"adminUsername": "[parameters('adminUsername')]",
	"adminPassword": "[parameters('adminPassword')]"
	}
	# Log into our Account.
	Login-AzureRmAccount
	# Create a new Resource Group
	New-AzureRmResourceGroup -Name 'sw-sec-demo' -Location 'West US'
	# Create new Key Vault instance - important to add "EnabledForDeployment"
	New-AzureRmKeyVault -VaultName 'ProvisioningVault' -ResourceGroupName 'sw-sec-demo' -Location 'West US' -EnabledForTemplateDeployment
	# Convert plaintext to secure string
	$adminPass = ConvertTo-SecureString -String 'L0Lcat5^_^!' -AsPlainText -Force
	# Add the password as a Secret
	Set-AzureKeyVaultSecret -VaultName 'ProvisionVault' -Name 'LocalAdminPass' -SecretValue $adminPass
	"adminPassword": {
	"reference": {
	"keyVault": {
	"id": "/subscriptions/{subscription-guid}/resourceGroups/{keyvault-rg}/providers/Microsoft.KeyVault/vaults/ProvisioningVault"
	},
	"secretName": "LocalAdminPass"
	}
	}
	{
	"_comment": "originally from: https://github.com/Azure/azure-quickstart-templates/blob/master/201-web-app-vm-dsc/azuredeploy.json"
	"name": "DSCExt1",
	"type": "extensions",
	"location": "[parameters('vmLocation')]",
	"apiVersion": "2015-05-01-preview",
	"dependsOn": [
	"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
	],
	"tags": {

	"if": {
	"not": {
	"anyOf": [
	{
	"field": "tags",
	"containsKey": "CostCentre"
	},
	{
	"field": "tags",
	{
	"Name": "Virtual Machine Power Manager",
	"IsCustom": true,
	"Description": "Can monitor, stop, start and restart v2 ARM virtual machines.",
	"Actions": [
	"Microsoft.Storage/*/read",
	"Microsoft.Network/*/read",
	"Microsoft.Compute/*/read",
	"Microsoft.Compute/virtualMachines/start/action",
	"Microsoft.Compute/virtualMachines/powerOff/action",
	param(
	[Parameter(Mandatory=$true)]
	[string] $SecurityGroupName,

	[Parameter(Mandatory=$true)]
	[string] $RequiredAzureRoleName,

	[Parameter(Mandatory=$true)]
	[string] $ResourceGroupName
	)