I use Azure Backup Policy to Configure the Azure VMs with Azure Backup.
I use the Tag "backup" with the Value for the Azure Backup Policy. For Example, "default/longtimearchive/ etc."...
Now when I deploy this Policy on the Subscription, I only found 2 VMs.
But I have more than 6 VMs with this Tag.
I have checked the Follow:
Subscription = Correct
The location from The Vault and the VM is the same.
The Tag is set. I have checked it with Powershell.
I have tried to use an other Tag+Value, but it doesn't work.
Why found I only 2 of these 6 VMs?
When I used the Policy "Azure Backup should be enabled for Virtual Machines," I found all of the VMs.
Thanks a lot.
Best Regards,
Phil
Few things to check:
Make sure that the VMs are within the scope of the policy. The scope of the policy can be defined by resource group, subscription, or individual VMs. If the VMs are not within the scope of the policy, they will not be included in the policy.
For VM's with unmanaged disks; If the VMs are in a "stopped" or "deallocated" state, they will not be included in the policy. Check if the ones not being backed up are unmanaged?
Check the tags on the VMs. Make sure that the tags on the VMs match the tags defined in the policy. If the tags do not match, the VMs will not be included in the policy.
Related
what is the difference between "resource group" and "container group" in ms azure?
I tried ms docs but could not find a clear distinction, seems like resource group is a single container while container group is a collection of containers but I am not sure if I got it right.
thank you!
The top-level resource in Azure Container Instances is the container group. It's a collection of containers (Docker containers) that get scheduled on the same host machine. The containers in a container group share a lifecycle, resources, local network, and storage volumes. It's similar in concept to a pod in Kubernetes.
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups
A resource group is a logical folder (not a Docker container), that groups resources (other Azure services) for an Azure solution.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal
Resource group
A resource group is a container that holds related resources for an Azure solution.
The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.
You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization.
Generally, add resources that share the same lifecycle to the same resource group so you can easily deploy, update, and delete them as a group.
The resource group stores metadata about the resources. Therefore, when you specify a location for the resource group, you are specifying where that metadata is stored.
For compliance reasons, you may need to ensure that your data is stored in a particular region.
Resource: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal
Container group
A set of containers that all run on the same host computer is known to be as a container group in Microsoft azure.
A container group's lifespan, resources, local network, and storage volumes are all shared by the containers in the group.
It's similar to a Kubernetes pod in terms of idea.
A Microsoft's Azure resource's network configuration template is a network profile.
This network profile is the one which provides the resource's network attributes, such as the subnet into which it should be deployed.
If we are going to deploy the container group into a subnet and then to a virtual network, then the azure produces a network profile for us when we use the az container create command.
Resource: https://www.javatpoint.com/what-is-a-container-group-in-microsoft-azure
We recently created an Azure policy that enforces a certain set of Tags to be present on all resources. This policy blocks deployments that don't contain the required tags in the deployment. However, certain taggable resources, such as Vnets, don't have an option to add Tags during deployment unless you use an ARM template. It looks like Terraform also attempts to deploy the Vnet as a separate step before adding tags, which causes Terraform-deployed Vnets to fail even if the proper tags are provided. With Terraform, if a ARM template is provided, it will bypass this issue.
How can I get Terraform deploy resources such as Vnets without using an ARM template and without having to ditch the azure policy? Ideally, I'd like to be able to exclude Terraform-initiated resource deployments from the Azure Policy, but I can't find a way to differentiate Terraform deployments from normal Azure Web Portal deployments in Azure policy.
Some other Ideas:
Use Terraform to create a temporary Tag on the Resource Group Specifying 'Exempt these resources'. Remove this tag once the Terraform script is done. Reference this tag in the Azure Policy and make deployments exempt if the Tag exists. This solution is OK but I'd prefer a more elegant one
Use Terraform to add the Resource Group as an exemption to the Policy while executing, then revert after
Update the policy to not require Tags on resources that do not support Tagging on initial deployment without ARM templates
Is there a more elegant solution other than the options mentioned above?
Azure Policy doesn't have any way to differentiate between how an ARM operation was performed, it only sees the resultant set of properties that are going to be applied to the resource.
What about using the inherit resource group tag policy (https://github.com/Azure/azure-policy/tree/master/samples/Tags/inherit-resourcegroup-tag)? Terraform could add the tag to the resource group, then deploy the vnet, at which point Policy will apply the tags from the resource group to the vnet.
I am moving a VM and its related resouces to another subscription and getting an error.
{"code":"MissingRegistrationsForTypes","message":"The subscription 'xxx' is not registered for resource types 'Microsoft.Compute/disks (eastus),Microsoft.Compute/virtualMachines (eastus)'."}
When I view the Resource Provider status in Azure portal I can see that Microsoft.Compute provider is Registred.
Any ideas on how to solve this? Thanks.
Update
I managed to solve this by creating a sample VM in East US region under that subscription, which I am guessing registered the provider.
For moving resources to another subscription, there are some limitations to that.
The source and destination subscriptions must be in the same tenant.
The resource provider must be registered in both subscriptions.
The account which you use to move the resources must have enough permission.
The service must enable the ability to move resources.
The four points above are the most important. For more details, see Checklist before moving resources.
We have an Azure Service Fabric cluster set up and I'm attempting to use Azure Automation to stop the virtual machine scale set and restart on a schedule. The scale set is assigned to a resource group as follows
My Exteral_Start_ResourceGroupNames and External_Stop_ResourceGroupNames, which the ScheduledStartStop_Parent runbook uses is as follows:
You can see the resource group name matches the resource group name for my VM scaleset. My understanding is that when the runbook fires, all VMs in this resource group, and, therefore, the VM set, should be stopped. However, when the runbook fires, it's not finding any VMs to stop.
Can anyone see what's wrong?
Although they are both VMs, "Virtual Machines" and "Virtual Machine Scalesets" are different resource types in Azure. The underlying nodes of a scaleset are not exposed as 'normal' VMs. You could probably modify your start/stop script to find scalesets in those resource groups instead of normal VMs.
To get you started: The powershell command for finding ScaleSets is Get-AzureRmVmss. That page also details how to shut them down.
Some times we had deleted the 'resource group' accidentally on azure cloud, its fine that if our/your resource group does not have any deployments on it and we can create immediately newer one and will proceed our stuff, but if we had deployments on it, then its becomes major problem/task.
So can we recover Resource Group? like a recovery of Virtual machine in Azure.
You can export service configurations that belong to a resource group as JSON. Within the portal, there is an option "Export Template" under the Resource Management Navigation Group.
So can we recover Resource Group? like a recovery of Virtual machine in Azure.
Unfortunately, we have no way to recovery it, if the resource group is deleted . We could get the warning if we try to delete resource group from the azure portal. Connect to Azure support team for help maybe a way, but I don't think it could be easy for restoring.
Note : based on my understanding even if we could re-create the resource with ARM template(If we have exported the ARM template before delete), it seems that just with the same resource names with deleted resource that is not equal recovery action.