Possibility to create and delete databricks resources via Azure CLI deployments - azure

Normally when you create resources using ARM templates and the azure CLI you can create using:
az deployment group create --resource-group $resourceGroupName --template-file "infra/template.json" --parameters "infra/parameters.json"
Then when I want to delete the resources I can:
az group delete --name $resourceGroupName
However, with Databricks this will create other resource groups as well. Even if you delete the DB resource group, you've still got these other lingering resource groups. I'd like to be able to delete the databricks AND all of the other resources that were created, without having to do extra manual steps.
Any idea of a clean way to do this?

The managed resource group created by Databricks cannot be deleted manually since it was created by the Databricks resource itself. The deny assignment prevents deletion of the managed resource group.
One way to remove resource is to delete the existing workspace following is the example using azure cli
Through AZURE CLI
I have created resource group tvs and databricks tvs for the demo purpose
Delete resource
Use following command in AzureCLI to delete a resource.
Azure CLICopy
az resource delete \
--resource-group tvs\
--name tvs\
--ids *****\
(NOTE : ids is the id of the resource that can be picked from JSON view)
Before deletion
After deletion
Delete resource group
Use following command in AzureCLI to delete the resource group.
Azure CLICopy
az group delete --name tvs
Azure doesn’t currently provide a way to delete multiple resource groups at the same time.
Here’s a method that works for me.
Open Azure Portal
Click on Resource Groups
Select the Resource Groups that you want to delete
Click “Assign tags”
Assign a new tag called “disposable-service”(can be named anything) and tag value to be true
Open Azure Cloud Shell https://shell.azure.com or click on the Azure Shell icon in the Azure Portal toolbar.
the following script into Cloud Shell and hit enter.
az group list --tag disposable-service=true --query "[].[id]" --output tsv

Related

Can't delete resource group from Azure Container App

I recently created inside one of my resource groups an Azure Container App (with an environment & the rest) just for learning reasons (at the West Europe region). After I played with that, I decided to delete it. I tried to delete it without any success from the portal.
Looking around in the portal I found out that a new resource group had been created with name MC_braverock-518cbd83-rg_braverock-518cbd83_westeurope. This resource group was never generated by me. It appears that inside it there are a public IP address, a NSG & 2 Kubernetes Load Balancers.
I tried then to delete that auto-generated (somehow) resource group but again with no success. I literarily can't even touch it. I tried to delete all resources one by one. Nothing again. I even issued the command az group delete --resource-group "MC_braverock-518cbd83-rg_braverock-518cbd83_westeurope" from inside the Azure Cloud Shell and it seems that the cli gets stuck in Running.... When I had issued the command from the portal it was still running for a whole hour. So, obviously something is going wrong.
I visited the page https://resources.azure.com/, then I visited that resource group and the Json in the resource group that returned is having the following:
"provisioningState": "Deleting".
Do you know how I can delete the resources & the resource group?
I am almost confident that this is not being deleted... :(
EDIT:
Trying to delete manually one of the Load Balancers in that resource group I get a message that the Load Balancer in that subscription can not be deleted as it is in use by a virtual machine scale set that it is on a totally different subscription (a subscription that I am not aware off).
To delete the resources and the resource group, you can try using Resource Explorer (azure.com) portal as there might be some dependencies to delete the resource group/resources.
You can try deleting the resources like below:
Go to Resource Explorer (azure.com) portal -> Click on your subscription -> Expand Resource groups -> Select your Resource Group
Expand Providers -> Microsoft.Network -> networkSecurityGroups -> Select your NSG -> Action(POST,DELETE) -> Delete
In my environment testnsg networkSecurityGroup deleted successfully in the Azure Portal.
You can try deleting the required Azure Resources by following the same process. If still, you are not able to delete the Azure resource Group try checking the child resources associated to that resource group.
I tried to reproduce the same in my environment and got the same error like below:
az network lb delete -g ResourceGroupName -n LoadBalancerName
The error "LoadBalancerUseByVirtualMachineScaleSet" usually occurs if backendpool is being used by any other resource.
To resolve the error, try executing below commands in CloudShell like below:
Delete the load balancer associated with the VMSS:
az vmss update --resource-group ResourceGroupName1 --name VmssName --remove virtualMachineProfile.networkProfile.networkInterfaceConfigurations[0].ipConfigurations[0].loadBalancerBackendAddressPools 0
Update the VMSS instance:
az vmss update-instances --instance-ids "*" -n VmssName -g ResourceGroupName1
Now, delete load balancer and it will be deleted successfully like below:
az network lb delete -g ResourceGroupName -n LoadBalancerName
Reference:
Update or delete an existing load balancer used by virtual machine scale sets - Azure Load Balancer
This is a side artifact of Container app managedEnvironment resource. You need to first delete the environment in order to get artifacts to get automatically removed.
As JJ mentioned, the MC_* resource group is created when you create ACAs with the internal configuration. You try to find whether you have any container app environments in your subscription. Could be that you created your test app in a wrong resource group and can't find it now. :)
Try deleting all container app envs this resource group will automatically be gone.

New Azure Resources Show Up in Portal but not CLI

After running a DevOps pipeline that created several resources, only two (a new resource group and a Functions app) show up in Azure CLI using az ... list --subscription ....
Other resources, like Static Web Apps and a SQL Server don't show up in that list or when running az staticwebapp list --subscription ... or az sql server list --subscription ... with the subscription argument specified. I have confirmed that these resources DO show up in the portal, and my account is listed as an owner (inherited from subscription) for them in the portal.
I have deployed Azure Static WebApp using Azure Devops.
Followed this MSDoc to publish the static web app.
By using,
az staticwebapp list --resource-group YourRGName
and
az staticwebapp list --subscription YourSubscriptionID
,Iam able to get the StaticWeb App list
For anyone else running into this:
I have not found a solution to getting the az staticwebapp list command to work for my use case, as the results that show up immediately after creating a resource are just inconsistent. However, as a workaround that should satisfy most use cases, using this API (using az rest command) to find all resources associated with the group created by the pipeline, then filtering those down to find the Static Web App I want, seems to work.
Then, when using other APIs that reference that app before it shows up in the normal list, fully specifying subscription and resource group alongside the app's name seems to make things more reliable too.
As far as I can tell, this is probably just a limitation with the inconsistency of how long information about newly deployed resources takes to propagate that shows up when trying to find a resource immediately after creating it.

az vmss list command returns empty value

I have two resource groups in Azure, each contains one VMSS (Virtual Machine Scale Sets) and the resources are visible in Azure Portal. The problem is, the following commands return empty output:
az resource list --subscription MySubscription -g vmss-rg
az vmss list --subscription MySubscription -g vmss-rg
az vmss list
However, running az resource list with different resource groups which doesn't have VMSS works fine. I also tested it with different Azure account and subscription, it also worked.
We have tested the same command in our local as suggested by #VenkateshDodda-MT and it works fine. Posting it as an answer to help other community members for the similar issue so that they can find and fix their problem.
To achieve the above requirement we need to install the az powershell module in our local .
Post that run the command in powershell to get the vmss list under our subscription or resource groups:-
az resource list --resource-type "Microsoft.Compute/virtualMachineScaleSets"
OUTPUT:-
To get the VMSS list under particular resource group run the below cmd:
az resource list --resource-type "Microsoft.Compute/virtualMachineScaleSets" -g '<rgName>'
OUTPUT:-
For more information please refer this SO THREAD:Azure PS command returns empty list as suggested by #Olga Osinskaya - MSFT

Delete resources created from template file by Azure az cli?

With az deployment group create --template-file vm.bicep -g "Something", I can create just fine things which are defined in the file vm.bicep (or ARM template vm.json for that matter).
But how do I actually get rid of EXACTLY just the resources that had been created by running create with a template file? az deployment group delete doesn't support a --template-file parameter.
Edit: Clarification: I only want to get rid of what has been created by the template. Not everything in a Resource Group.

Moving Resources between subcriptions with AzureDevops

Currently im trying to create dynamic environments via AzureDevops.
One of these steps to achieve this is to take a copy of our production databases and place them in a temp resource group (Production Subscription) and then move the sql server and associated databases to our non-production subscription. From here we then create the web apps and deploy code.
When i run this via Az Cli i am able to move the resources with the following
SQLSERVERID=$(az resource show -g $RSGNAMETEMP -n $SQLSERVERNAME --resource-type "Microsoft.Sql/servers" --query id --output tsv)
az resource move --destination-group $RSGNAME --ids $SQLSERVERID --destination-subscription-id $SANDBOXSUBSCRIPTIONID
However when i run this via AzureDevops i get the following error
ERROR: The client (...) with object id (...) has permission to perform action on scope however, it does not have permission to perform action (...) on the linked scope(s).
I believe this problem is happening when you configure the AZ Cli step in AzureDevops you select the Subscription from the drop down list. The account / service principal only has access rights to that specific subscription and not to multiple. Is it possible to configure a service principal (that can be used in AzureDevops) that can connect to multiple subscriptions?
Yes, just go to Azure portal, navigate to the desired subscription blade, go to Access Control, press + sigh at the top and add your principal as a contributor to the subscription.
to find service principal name use this:
Click Manage link in the Azure Subscription field in your VSTS job, it will navigate you to a new blade. Click Manage Service Principal there. It will take you to the application page in Azure AD. After that you can copy name under Managed application in local directory field and use that name to grant it Key Vault permissions.

Resources