Add Windows support to vmss

Author: jsturtevant

cloud/services/scalesets/scalesets.go

@@ -25,6 +25,7 @@ import (
 	"github.com/Azure/go-autorest/autorest/to"
 	"github.com/go-logr/logr"
 	"github.com/pkg/errors"
+	"sigs.k8s.io/cluster-api-provider-azure/util/generators"
 
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1alpha3"
 	azure "sigs.k8s.io/cluster-api-provider-azure/cloud"
@@ -142,13 +143,9 @@ func (s *Service) Reconcile(ctx context.Context) error {
 		}
 	}
 
-	sshKey, err := base64.StdEncoding.DecodeString(vmssSpec.SSHKeyData)
-	if err != nil {
-		return errors.Wrapf(err, "failed to decode ssh public key")
-	}
-	bootstrapData, err := s.Scope.GetBootstrapData(ctx)
+	osProfile, err := s.generateOSProfile(ctx, vmssSpec)
 	if err != nil {
-		return errors.Wrap(err, "failed to retrieve bootstrap data")
+		return err
 	}
 
 	vmss := compute.VirtualMachineScaleSet{
@@ -170,22 +167,7 @@ func (s *Service) Reconcile(ctx context.Context) error {
 				Mode: compute.UpgradeModeManual,
 			},
 			VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfile{
-				OsProfile: &compute.VirtualMachineScaleSetOSProfile{
-					ComputerNamePrefix: to.StringPtr(vmssSpec.Name),
-					AdminUsername:      to.StringPtr(azure.DefaultUserName),
-					CustomData:         to.StringPtr(bootstrapData),
-					LinuxConfiguration: &compute.LinuxConfiguration{
-						SSH: &compute.SSHConfiguration{
-							PublicKeys: &[]compute.SSHPublicKey{
-								{
-									Path:    to.StringPtr(fmt.Sprintf("/home/%s/.ssh/authorized_keys", azure.DefaultUserName)),
-									KeyData: to.StringPtr(string(sshKey)),
-								},
-							},
-						},
-						DisablePasswordAuthentication: to.BoolPtr(true),
-					},
-				},
+				OsProfile:       osProfile,
 				StorageProfile:  storageProfile,
 				SecurityProfile: securityProfile,
 				DiagnosticsProfile: &compute.DiagnosticsProfile{
@@ -399,6 +381,52 @@ func (s *Service) generateStorageProfile(vmssSpec azure.ScaleSetSpec, sku resour
 	return storageProfile, nil
 }
 
+func (s *Service) generateOSProfile(ctx context.Context, vmssSpec azure.ScaleSetSpec) (*compute.VirtualMachineScaleSetOSProfile, error) {
+	sshKey, err := base64.StdEncoding.DecodeString(vmssSpec.SSHKeyData)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to decode ssh public key")
+	}
+	bootstrapData, err := s.Scope.GetBootstrapData(ctx)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to retrieve bootstrap data")
+	}
+
+	osProfile := &compute.VirtualMachineScaleSetOSProfile{
+		ComputerNamePrefix: to.StringPtr(vmssSpec.Name),
+		AdminUsername:      to.StringPtr(azure.DefaultUserName),
+		CustomData:         to.StringPtr(bootstrapData),
+	}
+
+	switch vmssSpec.OSDisk.OSType {
+	case string(compute.Windows):
+		// Cloudbase-init is used to generate a password.
+		// https://cloudbase-init.readthedocs.io/en/latest/plugins.html#setting-password-main
+		//
+		// We generate a random password here in case of failure
+		// but the password on the VM will NOT be the same as created here.
+		// Access is provided via SSH public key that is set during deployment
+		// Azure also provides a way to reset user passwords in the case of need.
+		osProfile.AdminPassword = to.StringPtr(generators.SudoRandomPassword(123))
+		osProfile.WindowsConfiguration = &compute.WindowsConfiguration{
+			EnableAutomaticUpdates: to.BoolPtr(false),
+		}
+	default:
+		osProfile.LinuxConfiguration = &compute.LinuxConfiguration{
+			DisablePasswordAuthentication: to.BoolPtr(true),
+			SSH: &compute.SSHConfiguration{
+				PublicKeys: &[]compute.SSHPublicKey{
+					{
+						Path:    to.StringPtr(fmt.Sprintf("/home/%s/.ssh/authorized_keys", azure.DefaultUserName)),
+						KeyData: to.StringPtr(string(sshKey)),
+					},
+				},
+			},
+		}
+	}
+
+	return osProfile, nil
+}
+
 func getVMSSUpdateFromVMSS(vmss compute.VirtualMachineScaleSet) (compute.VirtualMachineScaleSetUpdate, error) {
 	json, err := vmss.MarshalJSON()
 	if err != nil {

cloud/services/scalesets/scalesets_test.go

@@ -383,6 +383,80 @@ func TestReconcileVMSS(t *testing.T) {
 				}))
 			},
 		},
+		{
+			name:          "can create a vmss with a Windows node",
+			expectedError: "",
+			expect: func(g *gomega.WithT, s *mock_scalesets.MockScaleSetScopeMockRecorder, m *mock_scalesets.MockClientMockRecorder) {
+				s.ScaleSetSpec().Return(azure.ScaleSetSpec{
+					Name:       "my-vmss",
+					Size:       "VM_SIZE_EAH",
+					Capacity:   2,
+					SSHKeyData: "ZmFrZXNzaGtleQo=",
+					OSDisk: infrav1.OSDisk{
+						OSType:     "Windows",
+						DiskSizeGB: 120,
+						ManagedDisk: infrav1.ManagedDisk{
+							StorageAccountType: "Premium_LRS",
+						},
+					},
+					SubnetName:                   "my-subnet",
+					VNetName:                     "my-vnet",
+					VNetResourceGroup:            "my-rg",
+					PublicLBName:                 "capz-lb",
+					PublicLBAddressPoolName:      "backendPool",
+					AcceleratedNetworking:        nil,
+					TerminateNotificationTimeout: to.IntPtr(7),
+				})
+				s.SubscriptionID().AnyTimes().Return("123")
+				s.ResourceGroup().AnyTimes().Return("my-rg")
+				s.V(gomock.AssignableToTypeOf(2)).AnyTimes().Return(klogr.New())
+				s.AdditionalTags()
+				s.Location().Return("test-location")
+				s.ClusterName().Return("my-cluster")
+				m.Get(gomockinternal.AContext(), "my-rg", "my-vmss").
+					Return(compute.VirtualMachineScaleSet{}, autorest.NewErrorWithResponse("", "", &http.Response{StatusCode: 404}, "Not found"))
+				s.GetVMImage().Return(&infrav1.Image{
+					Marketplace: &infrav1.AzureMarketplaceImage{
+						Publisher: "fake-publisher",
+						Offer:     "my-offer",
+						SKU:       "sku-id",
+						Version:   "1.0",
+					},
+				}, nil)
+				s.GetBootstrapData(gomockinternal.AContext()).Return("fake-bootstrap-data", nil)
+				m.CreateOrUpdate(gomockinternal.AContext(), "my-rg", "my-vmss", gomock.AssignableToTypeOf(compute.VirtualMachineScaleSet{})).Do(
+					func(_, _, _ interface{}, vmss compute.VirtualMachineScaleSet) {
+						g.Expect(vmss.VirtualMachineScaleSetProperties.VirtualMachineProfile.StorageProfile.OsDisk.OsType).To(Equal(compute.Windows))
+						g.Expect(*vmss.VirtualMachineScaleSetProperties.VirtualMachineProfile.OsProfile.AdminPassword).Should(HaveLen(123))
+						g.Expect(*vmss.VirtualMachineScaleSetProperties.VirtualMachineProfile.OsProfile.AdminUsername).Should(Equal("capi"))
+						g.Expect(*vmss.VirtualMachineScaleSetProperties.VirtualMachineProfile.OsProfile.WindowsConfiguration.EnableAutomaticUpdates).Should(Equal(false))
+					})
+				m.Get(gomockinternal.AContext(), "my-rg", "my-vmss").
+					Return(compute.VirtualMachineScaleSet{
+						ID:   to.StringPtr("vmss-id"),
+						Name: to.StringPtr("my-vmss"),
+						VirtualMachineScaleSetProperties: &compute.VirtualMachineScaleSetProperties{
+							ProvisioningState: to.StringPtr("Succeeded"),
+						},
+					}, nil)
+				m.ListInstances(gomockinternal.AContext(), "my-rg", "my-vmss").Return([]compute.VirtualMachineScaleSetVM{
+					{
+						InstanceID: to.StringPtr("id-2"),
+						VirtualMachineScaleSetVMProperties: &compute.VirtualMachineScaleSetVMProperties{
+							ProvisioningState: to.StringPtr("Succeeded"),
+						},
+						ID:   to.StringPtr("id-1"),
+						Name: to.StringPtr("instance-0"),
+					},
+				}, nil)
+				s.SaveK8sVersion()
+				s.NeedsK8sVersionUpdate()
+				s.UpdateInstanceStatuses(gomock.Any(), gomock.Len(1)).Return(nil)
+				s.SetProviderID("azure://vmss-id")
+				s.SetAnnotation("cluster-api-provider-azure", "true")
+				s.SetProvisioningState(infrav1.VMStateSucceeded)
+			},
+		},
 		{
 			name:          "with accelerated networking enabled",
 			expectedError: "",

cloud/services/virtualmachines/virtualmachines.go

@@ -433,7 +433,7 @@ func (s *Service) generateOSProfile(ctx context.Context, vmSpec azure.VMSpec) (*
 	}
 
 	switch vmSpec.OSDisk.OSType {
-	case azure.WindowsOS:
+	case string(compute.Windows):
 		// Cloudbase-init is used to generate a password.
 		// https://cloudbase-init.readthedocs.io/en/latest/plugins.html#setting-password-main
 		//