wip

mrlockstar · mrlockstar · commit a4bbeb16e6de · 2026-01-20T15:04:32.000Z
diff --git a/docs/infrastructure/create-environment.md b/docs/infrastructure/create-environment.md
@@ -6,6 +6,11 @@ This is the initial manual process to create a new environment like review, dev,
 
 The environment requires a shared Azure front door profile created in the hub. The service name must be declared in [the hub configuration](https://github.com/NHSDigital/dtos-hub/tree/main/infrastructure/environments). And run the Azure devops pipeline for the corresponding hub (non-live or live).
 
+## Image Gallary
+
+- create a new gallerie in the Azure compute galleries with name nonlive_lungcs_compute_gallery
+- create a resource group with name rg_hub_nonlive_lungcs_compute_gallery
+
 ## Code
 
 - Create the configuration files in `infrastructure/environments/[environment]`
diff --git a/infrastructure/bootstrap/hub.bicep b/infrastructure/bootstrap/hub.bicep
@@ -45,6 +45,7 @@ var privateDNSZoneRGName = 'rg-hub-${hubType}-${regionShortName}-private-dns-zon
 var keyVaultName = 'kv-${appShortName}-${hubType}-inf'
 var privateEndpointSubnetName = 'sn-hub-${hubType}-${regionShortName}-private-endpoint'
 var storageAccountName = 'sa${appShortName}${regionShortName}state'
+var computeGalleryName = '${appShortName}_hub_compute_gallery'
 
 var miADOtoAZname = 'mi-${appShortName}-${hubType}-adotoaz-${regionShortName}'
 var miGHtoADOname = 'mi-${appShortName}-${hubType}-ghtoado-${regionShortName}'
@@ -248,3 +249,12 @@ module keyVaultPrivateDNSZone 'modules/dns.bicep' = {
     location: region
   }
 }
+
+
+module computeGallery 'modules/computeGallery.bicep' = {
+  scope: resourceGroup(resourceGroupName)
+  params: {
+    galleryName: computeGalleryName
+    location: region
+  }
+}
diff --git a/infrastructure/bootstrap/modules/computeGallery.bicep b/infrastructure/bootstrap/modules/computeGallery.bicep
@@ -0,0 +1,18 @@
+targetScope = 'resourceGroup'
+
+@description('Name of the Azure Compute Gallery')
+param galleryName string
+
+@description('Location for the gallery')
+param location string
+
+resource computeGallery 'Microsoft.Compute/galleries@2023-07-03' = {
+  name: galleryName
+  location: location
+  properties: {
+    description: ''
+    softDeletePolicy: {
+      isSoftDeleteEnabled: false
+    }
+  }
+}
diff --git a/infrastructure/bootstrap/modules/managedDevopsPool.bicep b/infrastructure/bootstrap/modules/managedDevopsPool.bicep
@@ -48,57 +48,57 @@ resource devCenterProject 'Microsoft.DevCenter/projects@2025-02-01' = {
   }
 }
 
-resource pool 'microsoft.devopsinfrastructure/pools@2025-09-20' = {
-  name: poolName
-  location: location
-  properties: {
-    organizationProfile: {
-      organizations: [
-        {
-          url: 'https://dev.azure.com/${adoOrg}'
-          parallelism: 1
-        }
-      ]
-      permissionProfile: {
-        kind: 'CreatorOnly'
-      }
-      kind: 'AzureDevOps'
-    }
-    devCenterProjectResourceId: devCenterProject.id
-    maximumConcurrency: poolSize
-    agentProfile: {
-      kind: 'Stateful' // or 'Stateless' - VM creation for each job, which tends to be too slow
-      maxAgentLifetime: agentProfileMaxAgentLifetime // Only allowed if kind is Stateful
-      // gracePeriodTimeSpan: '00:30:00' // Only allowed if kind is Stateful
-      resourcePredictionsProfile: {
-        kind: 'Automatic' // 'Manual' or 'Automatic'
-        predictionPreference: 'Balanced'
-      }
-    }
-    fabricProfile: {
-      sku: {
-        name: fabricProfileSkuName
-      }
-      images: [
-        {
-          aliases: [
-            'ubuntu-22.04'
-            'ubuntu-22.04/latest'
-          ]
-          wellKnownImageName: 'ubuntu-22.04'
-        }
-      ]
-      osProfile: {
-        logonType: 'Service' // or Interactive
-      }
-      storageProfile: {
-        osDiskStorageAccountType: 'StandardSSD' // StandardSSD, Standard, or Premium
-      }
-      // Remove if you want to use 'Isolated Virtual Network'
-      networkProfile: {
-        subnetId: devopsSubnet.id
-      }
-      kind: 'Vmss'
-    }
-  }
-}
+// resource pool 'microsoft.devopsinfrastructure/pools@2025-09-20' = {
+//   name: poolName
+//   location: location
+//   properties: {
+//     organizationProfile: {
+//       organizations: [
+//         {
+//           url: 'https://dev.azure.com/${adoOrg}'
+//           parallelism: 1
+//         }
+//       ]
+//       permissionProfile: {
+//         kind: 'CreatorOnly'
+//       }
+//       kind: 'AzureDevOps'
+//     }
+//     devCenterProjectResourceId: devCenterProject.id
+//     maximumConcurrency: poolSize
+//     agentProfile: {
+//       kind: 'Stateful' // or 'Stateless' - VM creation for each job, which tends to be too slow
+//       maxAgentLifetime: agentProfileMaxAgentLifetime // Only allowed if kind is Stateful
+//       // gracePeriodTimeSpan: '00:30:00' // Only allowed if kind is Stateful
+//       resourcePredictionsProfile: {
+//         kind: 'Automatic' // 'Manual' or 'Automatic'
+//         predictionPreference: 'Balanced'
+//       }
+//     }
+//     fabricProfile: {
+//       sku: {
+//         name: fabricProfileSkuName
+//       }
+//       images: [
+//         {
+//           aliases: [
+//             'ubuntu-22.04'
+//             'ubuntu-22.04/latest'
+//           ]
+//           wellKnownImageName: 'ubuntu-22.04'
+//         }
+//       ]
+//       osProfile: {
+//         logonType: 'Service' // or Interactive
+//       }
+//       storageProfile: {
+//         osDiskStorageAccountType: 'StandardSSD' // StandardSSD, Standard, or Premium
+//       }
+//       // Remove if you want to use 'Isolated Virtual Network'
+//       networkProfile: {
+//         subnetId: devopsSubnet.id
+//       }
+//       kind: 'Vmss'
+//     }
+//   }
+// }
diff --git a/infrastructure/environments/nonlive-hub/variables.tfvars b/infrastructure/environments/nonlive-hub/variables.tfvars
@@ -52,8 +52,8 @@ avd_admins_group_name        = "screening-lungcs-nonlive-virtual-desktop-admin-l
 
 avd_source_image_from_gallery = {
   image_name      = "gi_wvd"
-  gallery_name    = "rg_hub_dev_uks_compute_gallery"
-  gallery_rg_name = "rg-hub-dev-uks-hub-virtual-desktop"
+  gallery_name    = "lungcs_hub_compute_gallery"
+  gallery_rg_name = "rg-hub-nonlive-uks-bootstrap"
 }
 
 law = {
diff --git a/infrastructure/terraform/hub/virtual_desktop.tf b/infrastructure/terraform/hub/virtual_desktop.tf
@@ -60,9 +60,15 @@ module "virtual-desktop-blue" {
   resource_group_name       = azurerm_resource_group.avd-blue[each.key].name
   resource_group_id         = azurerm_resource_group.avd-blue[each.key].id
   scaling_plan_name         = module.config[each.key].names.avd-scaling-plan
-  source_image_id           = var.AVD_SOURCE_IMAGE_ID
-  source_image_reference    = var.avd_source_image_reference
-  source_image_from_gallery = var.avd_source_image_from_gallery
+  source_image_reference = {
+    publisher = "MicrosoftWindowsDesktop"
+    offer     = "windows-11"
+    sku       = "win11-23h2-avd"
+    version   = "latest"
+  }
+  # source_image_id           = var.AVD_SOURCE_IMAGE_ID
+  # source_image_reference    = var.avd_source_image_reference
+  # source_image_from_gallery = var.avd_source_image_from_gallery
   subnet_id                 = module.subnets_hub["${module.config[each.key].names.subnet}-virtual-desktop"].id
   vm_count                  = local.blue_avd_primary || local.equal_vm_counts ? var.avd_vm_count : 1
   vm_name_prefix            = module.config[each.key].names.avd-host

Original file line number	Diff line number	Diff line change
`@@ -52,8 +52,8 @@ avd_admins_group_name = "screening-lungcs-nonlive-virtual-desktop-admin-l`
`52`	`52`
`53`	`53`	`avd_source_image_from_gallery = {`
`54`	`54`	`image_name = "gi_wvd"`
`55`		`- gallery_name = "rg_hub_dev_uks_compute_gallery"`
`56`		`- gallery_rg_name = "rg-hub-dev-uks-hub-virtual-desktop"`
	`55`	`+ gallery_name = "lungcs_hub_compute_gallery"`
	`56`	`+ gallery_rg_name = "rg-hub-nonlive-uks-bootstrap"`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`law = {`