I can create a virtual machine with the UI :
via Azure marketplace with Flexify.io, however, I want to use the command since I want the VM to be created when it's secured (SSL).
These are the image for Flexify.io :
https://hub.docker.com/r/flexifyio/ce/tags
So I tried to use the command below :
az vm create --resource-group myresourcegroups --name staging-images --image flexifyio/ce:latest --admin-username azureuser --generate-ssh-keys --custom-data ~/Documents/cloud-init-web-server.txt --secrets "$vm_secret"
This is the flexify.io image flexifyio/ce:latest, but am getting this error :
Invalid image "flexifyio/ce:latest". Use a valid image URN, custom image name, custom image id, VHD blob URI, or pick an image from ['CentOS', 'Debian', 'Flatcar', 'openSUSE-Leap', 'RHEL', 'SLES', 'UbuntuLTS', 'Win2022Datacenter', 'Win2022AzureEditionCore', 'Win2019Datacenter', 'Win2016Datacenter', 'Win2012R2Datacenter', 'Win2012Datacenter', 'Win2008R2SP1'].
See VM create -h for more information on specifying an image.
How best can I do this?
The --image argument for az vm commands can be used to reference an image available on the Azure Marketplace, not Docker Hub (or any other repository, for that matter). Azure Marketplace is also the source of the images you see in the VM creation flow in the Azure Portal.
To find the identifier for the image you want to create your VM with, use az vm image list --all --publisher Flexify, which yields some results:
[
{
"architecture": "x64",
"offer": "migration-vm",
"publisher": "flexify-io",
"sku": "migration-vm-ce",
"urn": "flexify-io:migration-vm:migration-vm-ce:2.12.10",
"version": "2.12.10"
},
{
"architecture": "x64",
"offer": "multi-cloud",
"publisher": "flexify-io",
"sku": "multi-cloud-vm-ce",
"urn": "flexify-io:multi-cloud:multi-cloud-vm-ce:2.12.0",
"version": "2.12.0"
},
{
"architecture": "x64",
"offer": "multi-cloud",
"publisher": "flexify-io",
"sku": "multi-cloud-vm-ce",
"urn": "flexify-io:multi-cloud:multi-cloud-vm-ce:2.12.2",
"version": "2.12.2"
},
{
"architecture": "x64",
"offer": "single-vm",
"publisher": "flexify-io",
"sku": "single-vm-ce",
"urn": "flexify-io:single-vm:single-vm-ce:2.12.10",
"version": "2.12.10"
}
]
Then pass the urn value of the image you want to deploy to your VM like so:
az vm create --resource-group myresourcegroups --name staging-images --image flexify-io:single-vm:single-vm-ce:2.12.10 --admin-username azureuser --generate-ssh-keys --custom-data ~/Documents/cloud-init-web-server.txt --secrets "$vm_secret"
Related
I've created a command using the Azure CLI like this, that I want to use to pull docker logs from a container running in an Azure Virtual Machine ScaleSet (VMSS):
az vmss run-command create --resource-group "my-resource-group" --instance-id "0" --location "[azure_location_here]" --async-execution false --run-as-user "su" --script "docker logs ab5" --timeout-in-seconds 3600 --run-command-name "myCommandName" --vmss-name "aks-myservice-1234567-vmss" --output-blob-uri "https://myfileshare.blob.core.windows.net/my-azure-storage-container/log.txt"
I can see the command listed when I use:
az vmss run-command list --subscription "[my_subscription_id]" -g my-resource-group --vmss-name "aks-myservice-1234567-vmss" --instance-id 0
This gives me the following:
[
{
"asyncExecution": false,
"errorBlobUri": null,
"id": "/subscriptions/[my_subscription_id]/resourceGroups/my_resource_group/providers/Microsoft.Compute/virtualMachineScaleSets/aks-myservice-1234567-vmss/virtualMachines/0/runCommands/myCommandName",
"instanceView": null,
"location": "[azure_location_here]",
"name": "myCommandName",
"outputBlobUri": "https://myfileshare.blob.core.windows.net/my-azure-storage-container/log.txt",
"parameters": null,
"protectedParameters": null,
"provisioningState": "Succeeded",
"resourceGroup": "my_resource_group",
"runAsPassword": null,
"runAsUser": "su",
"source": {
"commandId": null,
"script": "docker logs ab5",
"scriptUri": null
},
"tags": null,
"timeoutInSeconds": 3600,
"type": "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands"
}
]
I'm trying to invoke the command using the following:
az vmss run-command invoke -g my-resource-group -n aks-myservice-1234567-vmss --instance-id 0 --command-id myCommandName
This gives me the error:
(NotFound) The entity was not found in this Azure location.
How can I invoke (run) the command that I created in the first step, so that the script docker logs ab5 is run on the VMSS instance? I know how to directly run this script using az vmss run-command invoke, but the output is limited to the first 4096 bytes of the docker log. I'm trying to use az vmss run-command create to set up the script, as that allows me to use the parameter --output-blob-uri, which I'm hoping will allow me to capture the entire Docker log in a file within Azure storage once I invoke the script.
The documentation for az vmss run-command invoke isn't really clear on how a command can be invoked that was created using az vmss run-command create.
"networkRuleSet":{
"defaultAction": "[if(equals(parameters('networkRuleSetStatus'), 'Enabled'), 'Deny', 'Allow')]",
"virtualNetworkRules":[{
"action": "Allow",
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('existingVnetName'), parameters('existingSubnetName'))]"
}],
"copy":[{
"name":"ipRules",
"count":"[length(parameters('ip'))]",
"input":{
"action": "Allow",
"value": "[parameters('ip') [copyIndex('ipRules')]]"
}
}]
},
The above lines are part of the ARM to pass the vnetid in the network section.
It's possible to integrate a vnet to the Azure container registry and what you did is right. But there is one thing you may miss. The thing is when you want to allow a subnet to access the container registry, you need to enable the private endpoint for the container registry in that subnet. The example CLI command here:
az network vnet subnet update \
--name myDockerVMSubnet \
--vnet-name myDockerVMVNET \
--resource-group myResourceGroup \
--service-endpoints Microsoft.ContainerRegistry
After this action, then you can add the network rule through the template as you showed.
I have an resource group ARM template that I use to create an application gateway that is configured for url routing. It sends traffic to different Web Apps in that resource group based on url path rules. I deploy the base resource group ARM template, and then each web app has its own ARM template that setups a Web App on an App Service Plan. I am trying to figure out how to add a rule to an existing Url Path Map on an Application Gateway without defining the whole application gateway in every template. This way, I can simply add web apps and have them "register" on to the application gateway with a particular path rule.
I considered doing a linked template where my base template would have all of the shared resources (databases, app service plan, and app gateway), but even with a linked template, I don't think I can add a rule to the application gateway.
Update
So I modified my template by adding a reference to the existing application gateway, and then adding variables for the new BackEndPoolAddress and new Path Rule. It ends up like this (abbreviated to only relevant parts):
"variables": {
"appGateway": "[reference(concat('Microsoft.Network/applicationGateways/', 'appGateWay-', uniqueString(resourceGroup().id)), '2017-06-01')]",
"pathRule": {
"name": "[concat(parameters('websiteName'), '- RoutingRule')]",
"properties": {
"paths": [
"[parameters('routingRule')]"
],
"backendAddressPool": {
"id": "[concat(variables('appGateway').id, '/backendAddressPools/',parameters('websiteName'), 'BackEndPool')]"
},
"backendHttpSettings": {
"id": "[variables('appGateway').backendHttpSettingsCollection[0]]"
}
}
},
"backendPool": {
"name": "[concat(parameters('websiteName'), 'BackEndPool')]",
"properties": {
"IpAddress": "[reference(variables('webSiteName')).defaultHostName]"
}
}
},
"resources": [
...
{
"apiVersion": "2017-06-01",
"name": "[variables('appGateway').name]",
"type": "Microsoft.Network/applicationGateways",
"location": "[resourceGroup().location]",
"properties": {
"backendAddressPools": "[concat(variables('appGateway').backendAddressPools, variables('backendPool'))]",
"urlPathMaps": [
{
"name": "[variables('appGateway').urlPathMaps[0]]",
"pathRules": "[concat(variables('appGateway').urlPathMaps[0].pathRules, variables('pathRule'))]"
}
]
}
}
],
However I get a template validation error saying I can't use the Reference function in the Variables section. If I don't add it in the variables section, how can I build the correct paths for the pool and pathRule in my variables section?
you can achieve this using the reference() function, array manipulation and nested templates (might work even without those, worst case you will need them). example:
"outputs": {
"httpListeners": {
"type": "array",
"value": "[reference('application_gateway_id', '2018-08-01', 'Full').properties.httpListeners]"
}
}
Will return you array or httpListeners. you can get all the relevant application gateway properties and add new (additional) properties with the concat() and assign the result to the property (properties):
"httpListeners": "[concat(reference('application_gateway_id', '2018-08-01', 'Full').properties.httpListeners, variables('newListener'))]"
you just need to make sure 2 deployments dont start at the same time, one might overwrite the other
Here is the solution I finally ended up with using the Azure CLI. This script is idempotent and runs during my release process.
echo "Logging into AKS Cluster"
az aks get-credentials --resource-group $RESOURCEGROUP_NAME --name $AKSNAME
echo "Get the created service's ip address"
SERVICEIP=$(kubectl get service --namespace $AKSNAMESPACE $APPNAME-service -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
echo "Creating backend pool - IP $SERVICEIP"
az network application-gateway address-pool create \
--gateway-name $APPGATEWAYNAME \
--resource-group $RESOURCEGROUP_NAME \
--name "$APPNAME-pool" \
--servers $SERVICEIP
echo "Creating probe"
az network application-gateway probe create \
--gateway-name $APPGATEWAYNAME \
--name "$APPNAME-probe" \
--path $APPPROBE \
--resource-group $RESOURCEGROUP_NAME \
--protocol Http \
--resource-group $RESOURCEGROUP_NAME \
--host-name-from-http-settings true
echo "Creating HTTP Settings"
az network application-gateway http-settings create \
--gateway-name $APPGATEWAYNAME \
--name "$APPNAME-settings" \
--port 80 \
--resource-group $RESOURCEGROUP_NAME \
--host-name-from-backend-pool \
--probe "$APPNAME-probe" \
--protocol Http
echo "Creating URL Path Map"
az network application-gateway url-path-map rule create \
--gateway-name $APPGATEWAYNAME \
--name "$APPNAME-rule" \
--paths $RULEPATH \
--path-map-name $RULENAME \
--resource-group $RESOURCEGROUP_NAME \
--http-settings "$APPNAME-settings" \
--address-pool "$APPNAME-pool"
I need to generalize and capture a linux virtual machine.
I deployed the VM using ARM template. In ARM template, I used the following to get VHD stored in storage account
"storageProfile": {
"imageReference": {
"publisher": "[variables('imagePublisher')]",
"offer": "[variables('imageOffer')]",
"sku": "[variables('imageSku')]",
"version": "latest"
},
"osDisk": {
"name": "[parameters('virtualMachineName')]",
"createOption": "fromImage",
"vhd": {
"uri": "[concat(concat(reference(resourceId(variables('resourceGroupName'), 'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2015-06-15').primaryEndpoints['blob'], 'vhds/'), parameters('virtualMachineName'), concat(uniqueString(resourceGroup().id), '.vhd'))]"
}
},
"dataDisks": []
},
Now I am following this document to create and image and VM.
When I execute the following command, I am getting error
az image create --resource-group myResourceGroup --name myImage --source myVM
The storage account containing blob https://testvmstorage.blob.core.windows.net/vhds/testvmyrg5wfer6xbcg.vhd is or has been encrypted. Copy the blob to an unencrypted storage account before importing.
When your storage account is encryption, you will get the error log. You could check it on Azure Portal.
Now, if you want to the VHD to create a image, you need create a non-encryption account and copy the VHD to it. You could use Azcopy to copy VHDs between containers. Just an example below:
AzCopy /Source:https://shuidisks446.blob.core.windows.net/vhds /Dest:https://shuidiag102.blob.core.windows.net/vhds /SourceKey:sGqtdFHQWQWYyf2tRWGF5jkeAEubTp13AVaeTM25QogxXE+K0Ezq1ulcs18qGVPhCEp6ULdLLbKVa7fMbUvYZg== /DestKey:iCjeS+eegjkSJXHjH2UqCkqXnUPiCGvxaOG0Ad2LoPgUnvBoWl9wQJtC1jc//lOj4CF7khpLQe791P4QeyTY6Q== /Pattern:shui20161222141315.vhd
After the VHD transfers to new storage account, you could use the VHD to create a snapshot, then use the snapshot to create image.
Note: You could not create image with VHD directly.
You could use the following commands.
az snapshot create -g shui2 -n shuisna --source https://shui2.blob.core.windows.net/vhds/shui20170607110945.vhd
az image create -g shui2 -n shuiimage --source shuisna --os-type linux
I know I can remove extensions for Azure Virtual machines, however how can I do the same for an Azure Scale Set deployed with RM?
You could use Azure CLI 2.0 to remove VMSS's extensions. You could use the following command.
az vmss extension delete --name
--resource-group
--vmss-name
I test in my lab, you could refer to the following examples.
1.List VMSS extesnion.
root#shui:~/.ssh# az vmss extension list --resource-group shuivmss --vmss-name shui
[
{
"autoUpgradeMinorVersion": true,
"id": null,
"name": "customScript",
"protectedSettings": null,
"provisioningState": null,
"publisher": "Microsoft.Compute",
"settings": {
"fileUris": [
"https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-vmss-custom-script-windows/scripts/helloWorld.ps1"
]
},
"type": "CustomScriptExtension",
"typeHandlerVersion": "1.8"
}
]
2.Get extension name and remove it.
az vmss extension delete --name customScript --resource-group shuivmss --vmss-name shui
More information about az vmss extension usage please refer to this link.
I would imagine that using the Remove-AzureRmVmssExtension Powershell cmdlet is the easiest way. I was unable to find any real examples, but I'm pretty sure it shouldn't be very hard.
Reference:
https://learn.microsoft.com/en-us/powershell/module/azurerm.compute/remove-azurermvmssextension?view=azurermps-4.0.0