Appendix D: Script Index
DOCUMENT CATEGORY: Reference SCOPE: Alternative script implementations per phase PURPOSE: Provide equivalent Azure CLI, Bash, and PowerShell scripts for tasks documented in the main runbook MASTER REFERENCE: Azure Local Toolkit
Status: PowerShell scripts implemented for all phases. Azure CLI and Bash variants planned.
Overview
The main implementation guide documents the recommended method for each task (typically Azure PowerShell or Azure Portal). This appendix provides equivalent alternative implementations using different toolchains so teams can use whichever tool fits their workflow.
Toolchain Options:
| Toolchain | Shell | Use Case |
|---|---|---|
Azure PowerShell (Az module) | PowerShell | Windows-native, Az module cmdlets |
| Azure CLI in PowerShell | PowerShell | az commands in a PowerShell terminal |
| Azure CLI in Bash | Bash | Linux/macOS/WSL environments |
| Terraform | Any | Infrastructure-as-code, repeatable deployments |
Script Repository: All scripts are stored in the Azure Local Toolkit:
scripts/deploy/<stage>/<phase>/<task>/powershell/— Azure PowerShell scriptsscripts/deploy/<stage>/<phase>/<task>/azurecli/— Azure CLI scripts (scaffolded)scripts/deploy/<stage>/<phase>/<task>/bash/— Bash scripts (scaffolded)
How to Use
Each section below maps to an implementation phase. Find the phase you're working on, then pick your preferred toolchain. The main runbook shows the recommended path; scripts here are functionally equivalent alternatives.
Phase-by-Phase Script Coverage
Phase 01 — CI/CD Infrastructure
| Sub-Phase | Task | Az PS | Az CLI PS | Az CLI Bash | Terraform | Status |
|---|---|---|---|---|---|---|
| 01 - CI/CD Setup | CI/CD runner deployment | — | — | — | 📋 | Planned |
| 03 - Infrastructure Deployment | CI/CD infrastructure provisioning | — | — | — | 📋 | Planned |
Phase 02 — Azure Foundation
| Sub-Phase | Task | Az PS | Az CLI PS | Az CLI Bash | Terraform | Status |
|---|---|---|---|---|---|---|
| 01 - Landing Zones | Resource group creation | ✅ | — | 📋 | 📋 | PS Implemented |
| 02 - Resource Providers | Register required resource providers | ✅ | — | 📋 | — | PS Implemented |
| 02 - Resource Providers | Verify provider registration | ✅ | — | 📋 | — | PS Implemented |
| 03 - RBAC Permissions | Create deployment service principal | ✅ | — | 📋 | — | PS Implemented |
| 03 - RBAC Permissions | Assign RBAC roles | ✅ | — | 📋 | — | PS Implemented |
| 04 - Management Infra | Virtual network | ✅ | — | 📋 | 📋 | PS Implemented |
| 04 - Management Infra | VPN gateway | ✅ | — | 📋 | 📋 | PS Implemented |
| 04 - Management Infra | S2S VPN connection | ✅ | — | 📋 | 📋 | PS Implemented |
| 04 - Management Infra | Azure Bastion | ✅ | — | 📋 | 📋 | PS Implemented |
| 04 - Management Infra | Network security groups | ✅ | — | 📋 | 📋 | PS Implemented |
| 04 - Management Infra | NAT gateway | ✅ | — | 📋 | 📋 | PS Implemented |
| 04 - Management Infra | Arc gateway | ✅ | — | 📋 | — | PS Implemented |
| 04 - Management Infra | Log Analytics workspace | ✅ | — | 📋 | 📋 | PS Implemented |
| 04 - Management Infra | Key Vault | ✅ | — | 📋 | 📋 | PS Implemented |
| 04 - Management Infra | Domain controller | ✅ | — | — | — | PS Implemented |
| 04 - Management Infra | Utility server | ✅ | — | — | — | PS Implemented |
| 04 - Management Infra | NDM server | ✅ | — | — | — | PS Implemented |
| 04 - Management Infra | Lighthouse | ✅ | — | 📋 | 📋 | PS Implemented |
| 05 - Identity & Security | PIM / Conditional Access | ✅ | — | 📋 | — | PS Implemented |
Phase 03 — On-Premises Readiness
| Sub-Phase | Task | Az PS | Az CLI PS | Az CLI Bash | Terraform | Status |
|---|---|---|---|---|---|---|
| 01 - Active Directory | OU creation & pre-creation artifacts | ✅ | — | — | — | PS Implemented |
| 01 - Active Directory | Security group creation | ✅ | — | — | — | PS Implemented |
| 01 - Active Directory | DNS forwarding configuration | ✅ | — | — | — | PS Implemented |
| 01 - Active Directory | AD account creation | ✅ | — | — | — | PS Implemented |
| 01 - Active Directory | Security group memberships | ✅ | — | — | — | PS Implemented |
| 02 - Enterprise Readiness | Hardware inspection | ✅ | — | — | — | PS Implemented |
| 02 - Enterprise Readiness | Network service verification | ✅ | — | — | — | PS Implemented |
| 02 - Enterprise Readiness | Opengear verification | ✅ | — | — | — | PS Implemented |
| 02 - Enterprise Readiness | Validation signoff | ✅ | — | — | — | PS Implemented |
| 03 - Network Infrastructure | Opengear console server | ✅ | — | — | — | PS Implemented |
| 03 - Network Infrastructure | Dell PowerSwitch configuration | ✅ | — | — | — | PS Implemented |
| 03 - Network Infrastructure | Firewall endpoint verification | ✅ | — | — | — | PS Implemented |
| 03 - Network Infrastructure | Network validation | ✅ | — | — | — | PS Implemented |
Phase 04 — Cluster Deployment
| Sub-Phase | Task | Az PS | Az CLI PS | Az CLI Bash | Terraform | Status |
|---|---|---|---|---|---|---|
| 01 - Hardware Provisioning | DHCP reservations (iDRAC) | ✅ | — | 📋 | — | PS Implemented |
| 01 - Hardware Provisioning | Hardware discovery (Redfish) | ✅ | — | 📋 | — | PS Implemented |
| 01 - Hardware Provisioning | DHCP reservations (management) | ✅ | — | 📋 | — | PS Implemented |
| 01 - Hardware Provisioning | BIOS/iDRAC validation | ✅ | — | — | — | PS Implemented |
| 01 - Hardware Provisioning | BIOS/iDRAC remediation | ✅ | — | — | — | PS Implemented |
| 02 - OS Installation | Verify OS deployment | ✅ | — | — | — | PS Implemented |
| 03 - OS Configuration | WinRM, RDP, IP, DNS, NTP, hostname, etc. | ✅ | — | — | — | PS Implemented |
| 04 - Arc Registration | Pre-registration validation | ✅ | 📋 | 📋 | — | PS Implemented |
| 04 - Arc Registration | Register nodes with Azure Arc | ✅ | 📋 | 📋 | — | PS Implemented |
| 04 - Arc Registration | Monitor bootstrap process | ✅ | 📋 | 📋 | — | PS Implemented |
| 04 - Arc Registration | Verify Arc registration | ✅ | 📋 | 📋 | — | PS Implemented |
| 05 - Cluster Deployment | Initiate deployment via ARM | ✅ | — | — | 📋 | PS Implemented |
| 05 - Cluster Deployment | Verify deployment completion | ✅ | — | — | — | PS Implemented |
| 06 - Post-Deployment | Windows Admin Center | ✅ | — | — | — | PS Implemented |
| 06 - Post-Deployment | SDN deployment | ✅ | — | — | — | PS Implemented |
| 06 - Post-Deployment | Cluster quorum configuration | ✅ | — | — | — | PS Implemented |
| 06 - Post-Deployment | Security groups on nodes | ✅ | — | — | — | PS Implemented |
| 06 - Post-Deployment | SSH connectivity | ✅ | — | — | — | PS Implemented |
| 06 - Post-Deployment | Storage configuration | ✅ | — | 📋 | — | PS Implemented |
| 06 - Post-Deployment | Image downloads | ✅ | — | 📋 | — | PS Implemented |
| 06 - Post-Deployment | Logical network creation | ✅ | — | 📋 | — | PS Implemented |
| 06 - Post-Deployment | Post-deployment verification | ✅ | — | — | — | PS Implemented |
Phase 05 — Operational Foundations
| Sub-Phase | Task | Az PS | Az CLI PS | Az CLI Bash | Terraform | Status |
|---|---|---|---|---|---|---|
| 01 - SDN Deployment | Validate SDN prerequisites | ✅ | — | — | — | PS Implemented |
| 01 - SDN Deployment | Enable SDN integration | ✅ | — | — | — | PS Implemented |
| 01 - SDN Deployment | Configure network security groups | ✅ | — | — | — | PS Implemented |
| 02 - Monitoring | Configure Log Analytics workspace | ✅ | — | 📋 | 📋 | PS Implemented |
| 02 - Monitoring | Configure Azure Monitor Agent | ✅ | — | 📋 | 📋 | PS Implemented |
| 02 - Monitoring | Enable HCI Insights | ✅ | — | 📋 | — | PS Implemented |
| 02 - Monitoring | Setup alerting | ✅ | — | 📋 | 📋 | PS Implemented |
| 02 - Monitoring | Deploy OMIMSWAC monitoring | ✅ | — | — | — | PS Implemented |
| 02 - Monitoring | Configure network device logging | ✅ | — | — | — | PS Implemented |
| 02 - Monitoring | Configure Datadog integration | ✅ | — | 📋 | — | PS Implemented |
| 03 - Backup & DR | Configure Azure Backup | ✅ | — | 📋 | — | PS Implemented |
| 03 - Backup & DR | Configure Site Recovery | ✅ | — | 📋 | — | PS Implemented |
| 03 - Backup & DR | Test DR procedures | ✅ | — | — | — | PS Implemented |
| 04 - Security & Governance | Enable Defender for Cloud | ✅ | — | 📋 | 📋 | PS Implemented |
| 04 - Security & Governance | Apply Azure Policy initiatives | ✅ | — | 📋 | 📋 | PS Implemented |
| 04 - Security & Governance | Configure security baselines | ✅ | — | — | — | PS Implemented |
| 04 - Security & Governance | Enable security logging | ✅ | — | — | — | PS Implemented |
| 04 - Security & Governance | Configure Azure Update Manager | ✅ | — | 📋 | — | PS Implemented |
| 05 - Licensing & Telemetry | Enable Azure Hybrid Benefit | ✅ | — | 📋 | — | PS Implemented |
| 05 - Licensing & Telemetry | Activate Windows Server subscription | ✅ | — | — | — | PS Implemented |
| 05 - Licensing & Telemetry | Configure enhanced telemetry | ✅ | — | — | — | PS Implemented |
Phase 06 — Cluster Testing & Validation
| Sub-Phase | Task | Az PS | Az CLI PS | Az CLI Bash | Terraform | Status |
|---|---|---|---|---|---|---|
| Testing | Infrastructure health validation | ✅ | — | — | — | PS Implemented |
| Testing | VMFleet storage testing | ✅ | — | — | — | PS Implemented |
| Testing | Network/RDMA validation | ✅ | — | — | — | PS Implemented |
| Testing | HA failover testing | ✅ | — | — | — | PS Implemented |
| Testing | Security compliance validation | ✅ | — | — | — | PS Implemented |
| Testing | Backup & DR validation | ✅ | — | — | — | PS Implemented |
Phase 07 — Validation & Handover
| Sub-Phase | Task | Az PS | Az CLI PS | Az CLI Bash | Terraform | Status |
|---|---|---|---|---|---|---|
| Validation | Final cluster validation | 📋 | — | — | — | Planned |
| Handover | As-built report generation | 📋 | — | — | — | Planned |
Phase 08 — Lifecycle Operations
| Sub-Phase | Task | Az PS | Az CLI PS | Az CLI Bash | Terraform | Status |
|---|---|---|---|---|---|---|
| Operations | Node patching / update management | 📋 | — | 📋 | — | Planned |
| Operations | Cluster scaling (add/remove nodes) | 📋 | — | 📋 | — | Planned |
| Operations | Deprovisioning | 📋 | — | 📋 | 📋 | Planned |
Script Naming Convention
<Action>-<Resource>-<Method>.<ext>
Examples:
Register-AzureLocalResourceProviders.ps1 # Azure PowerShell
register-resource-providers.sh # Azure CLI Bash
assign-user-permissions.ps1 # Azure CLI in PowerShell
assign-user-permissions.sh # Azure CLI in Bash
Script Template
Every script in this index follows a standard structure:
- Header — Synopsis, description, prerequisites, version
- Variables — Read from
variables.ymlor passed as parameters - Validation — Check Azure connection, verify prerequisites
- Execution — Perform the task with error handling
- Verification — Confirm the action succeeded
- Summary — Output results and next steps
Status Legend
| Icon | Meaning |
|---|---|
| ✅ | Script implemented and tested |
| 🔨 | Script in development |
| 📋 | Planned — not yet started |
| — | Not applicable for this toolchain |