Last Updated on June 20, 2019 by GrahamWalsh
So you want to make use of Azure Availability Sets? Well, firstly what are they? The Microsof Docs site does a great job of explaining what they are, so I’m not going to do this.
What this PowerShell script does, is create the VM images into disk images and then these images are referenced into an availability set for high availability.
To use this script, simply copy this to PowerShell ISE and edit the top section of variables and you can build your Pexip deployment. Then to initiate the VM creatation (management node or conference node), you need to run this template, then referencing the correct variables.
# Name of your Azure subscription
$subscriptionName = "Azure Px SE Demo EA"
# IP Address Range eg: "10.0.0.0/16"
$addressPrefix = "10.10.0.0/16"
# Name of your Subnet eg: "default"
$subnetName = "default"
# Sunet IP Address Range eg: 10.0.0.0/24
$subnetRange = "10.10.10.0/24"
# Name of your Azure Network - eg: "gw-pexip-network"
$networkName = "gw-pexip-network"
# Network Security Group Name - eg: "gw-pexip-nsg"
$networkSecurity = "gw-pexip-nsg"
# Name of the resource group to use - eg: "gw-pexip-rg"
$resourceGroupName = "gw-pexip-rg"
# Name of the Availability Set to use - eg: "gw-pexip-as"
$AvailabilitySetName = "gw-pexip-as"
# Name of the SSD storage account. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only. - eg: "gwpexip"
$storageAccountName = "gwpexip"
# Location of your Azure Resource Group - eg: "UK South"
$locationName = "UK south"
# Name of the container within the storage account to copy the disk images into - eg: "vm-images"
$containerName = "vm-images"
# Name of the Resource Group for the Management Node - eg: "pexippexmgr"
$mgrResourceName = "pexipmgr"
# Name of the Resource Group for the Conference Node - eg: "pexipconf1"
$conf1ResourceName = "pexipconf1"
# Version of Pexip Infinity to copy - eg: 20-0-0-45400-0-0
$version = "21-0-0-48340-0-0"
# Connect to Azure
# Install-Module AzureRM -force
Connect-AzureRmAccount
# Add your Azure account to the PowerShell environment
Add-AzureRmAccount
# Set the current subscription
Get-AzureRmSubscription -SubscriptionName $subscriptionName | Select-AzureRmSubscription
# Creating a Resource Group
New-AzureRmResourceGroup -Name $resourceGroupName -Location $locationName
# Register Namesapce for new subscriptions
Register-AzureRmResourceProvider -ProviderNamespace “Microsoft.Network”
Register-AzureRmResourceProvider -ProviderNamespace “Microsoft.Storage”
# Creating an Azure Network Security Group, Network and Subnet
$rule1 = New-AzureRmNetworkSecurityRuleConfig -Name allow_http -Description "Permit access to HTTP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 105 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80
$rule2 = New-AzureRmNetworkSecurityRuleConfig -Name allow_https -Description "Permit access to HTTPS" -Access Allow -Protocol Tcp -Direction Inbound -Priority 110 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443
$rule3 = New-AzureRmNetworkSecurityRuleConfig -Name allow_h323cs -Description "Permit access to H.323 CS" -Access Allow -Protocol Tcp -Direction Inbound -Priority 115 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 1720
$rule4 = New-AzureRmNetworkSecurityRuleConfig -Name allow_sip_tcp -Description "Permit access to SIP/TCP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 120 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 5060
$rule5 = New-AzureRmNetworkSecurityRuleConfig -Name allow_sip_tls -Description "Permit access to SIP/TLS" -Access Allow -Protocol Tcp -Direction Inbound -Priority 125 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 5061
$rule6 = New-AzureRmNetworkSecurityRuleConfig -Name allow_signalling_tcp -Description "Permit access to ephemeral TCP call signalling ports" -Access Allow -Protocol Tcp -Direction Inbound -Priority 130 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 33000-39999
$rule7 = New-AzureRmNetworkSecurityRuleConfig -Name allow_media_tcp -Description "Permit access to ephemeral TCP media ports" -Access Allow -Protocol Tcp -Direction Inbound -Priority 135 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 40000-49999
$rule8 = New-AzureRmNetworkSecurityRuleConfig -Name allow_h323ls -Description "Permit access to H.323 LS" -Access Allow -Protocol Udp -Direction Inbound -Priority 140 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 1719
$rule9 = New-AzureRmNetworkSecurityRuleConfig -Name allow_signalling_udp -Description "Permit access to ephemeral UDP call signalling ports" -Access Allow -Protocol Udp -Direction Inbound -Priority 150 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 33000-39999
$rule10 = New-AzureRmNetworkSecurityRuleConfig -Name allow_media_udp -Description "Permit access to ephemeral UDP media ports" -Access Allow -Protocol Udp -Direction Inbound -Priority 155 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 40000-49999
$rule11 = New-AzureRmNetworkSecurityRuleConfig -Name allow_management_traffic -Description "Permit access from the management network" -Access Allow -Protocol * -Direction Inbound -Priority 160 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange *
$rule12 = New-AzureRmNetworkSecurityRuleConfig -Name allow_config -Description "Permit access to upload config" -Access Allow -Protocol Tcp -Direction Inbound -Priority 170 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 8443
$rule13 = New-AzureRmNetworkSecurityRuleConfig -Name allow_rdp -Description "Allow RDP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 180 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
$frontendSubnet = New-AzureRmVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $subnetRange
$virtualNetwork = New-AzureRmVirtualNetwork -Name $networkName -ResourceGroupName $resourceGroupName -Location $locationName -AddressPrefix $addressPrefix -Subnet $frontendSubnet
$networkSecurityGroup = New-AzureRmNetworkSecurityGroup -ResourceGroupName $resourceGroupName -Location $locationName -Name $networkSecurity -SecurityRules $rule1,$rule2,$rule3,$rule4,$rule5,$rule6,$rule7,$rule8,$rule9,$rule10,$rule11,$rule12,$rule13
Set-AzureRmVirtualNetworkSubnetConfig -Name $subnetName -VirtualNetwork $virtualNetwork -AddressPrefix $subnetRange -NetworkSecurityGroup $networkSecurityGroup
$virtualNetwork | Set-AzureRmVirtualNetwork
# Creating a Storage Account for Pexip - Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only.
New-AzureRmStorageAccount -ResourceGroupName $resourceGroupName -Name "$storageAccountName" -Location $locationName -SkuName Standard_LRS -Kind Storage
# Creating the Availability Set
New-AzureRmAvailabilitySet -ResourceGroupName $resourceGroupName -Name $AvailabilitySetName -Location $locationName -Sku Aligned -PlatformFaultDomainCount 2 -PlatformUpdateDomainCount 5
# Preparing disk images for Azure deployments
# Obtain the access key for the storage account
$storageAccountKey = Get-AzureRmStorageAccountKey -ResourceGroupName $resourceGroupName -Name $storageAccountName
If($storageAccountKey.GetType().Name -eq "StorageAccountKeys") {
# AzureRM.Storage < 1.1.0
$storageAccountKey = $storageAccountKey.Key1
} Else {
# AzureRm.Storage 1.1.0
$storageAccountKey = $storageAccountKey[0].Value
}
# Create the storage access context
$ctx = New-AzureStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey
# Ensure that the container exists
New-AzureStorageContainer -Name $containerName -Context $ctx
# Start copying the Management Node image
$mgmt = Start-AzureStorageBlobCopy -AbsoluteUri "https://pexipas.blob.core.windows.net/infinity/$version/management-node.vhd" -DestContainer $containerName -DestBlob "pexip-infinity-$version-management-node.vhd" -DestContext $ctx
# Start copying the Conferencing Node image
$cnfc = Start-AzureStorageBlobCopy -AbsoluteUri "https://pexipas.blob.core.windows.net/infinity/$version/conferencing-node.vhd" -DestContainer $containerName -DestBlob "pexip-infinity-$version-conferencing-node.vhd" -DestContext $ctx
# Wait for the Management Node image to finish copying
$status = Get-AzureStorageBlobCopyState -Blob $mgmt.Name -Container $containerName -Context $ctx
While($status.Status -eq "Pending") {
$status
$status = Get-AzureStorageBlobCopyState -Blob $mgmt.Name -Container $containerName -Context $ctx
Start-Sleep 10
}
$status
# Wait for the Conferencing Node image to finish copying
$status = Get-AzureStorageBlobCopyState -Blob $cnfc.Name -Container $containerName -Context $ctx
While($status.Status -eq "Pending") {
$status
$status = Get-AzureStorageBlobCopyState -Blob $cnfc.Name -Container $containerName -Context $ctx
Start-Sleep 10
}
$status
# Print out the prepared disk image URLs for later use
"Prepared Management Node disk image: " + $mgmt.ICloudBlob.Uri.AbsoluteUri
"Prepared Conferencing Node disk image: " + $cnfc.ICloudBlob.Uri.AbsoluteUri
# Creating the Azure VM Images
$imageConfig = New-AzureRmImageConfig -Location "$locationName";
$MgrDiskVhdUri = "https://$storageaccountname.blob.core.windows.net/vm-images/pexip-infinity-$version-management-node.vhd"
$ConfDiskVhdUri = "https://$storageaccountname.blob.core.windows.net/vm-images/pexip-infinity-$version-conferencing-node.vhd"
$MGRimagename = "mgr-$version"
$Confimagename = "conf-$version"
Set-AzureRmImageOsDisk -Image $imageConfig -OsType 'Linux' -OsState 'Generalized' -BlobUri $MgrDiskVhdUri -StorageAccountType Premium_LRS -Caching ReadWrite;
New-AzureRmImage -image $imageConfig -ImageName "$MGRimagename" -ResourceGroupName "$resourceGroupName";
Set-AzureRmImageOsDisk -Image $imageConfig -OsType 'Linux' -OsState 'Generalized' -BlobUri $ConfDiskVhdUri -StorageAccountType Premium_LRS -Caching ReadWrite;
New-AzureRmImage -image $imageConfig -ImageName "$Confimagename" -ResourceGroupName "$resourceGroupName"
## You can now run the Template to deploy the nodes
https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Frpv3.pexip.com%2Ftemplates%2Ftest.json
That’s it, you can simply use this script to get a Pexip deployment up and running.
Remember, the full docs site is here at https://docs.pexip.com