Get VirtualMachineScaleSet instanceview for a ResourceGroup - azure

I am trying to get instanceview objects(VirtualMachineScaleSetInstanceViewInner) of all Azure's VirtualMachineScaleSets under a Subscription and this requires both ResourceGroup Name and Vmss name together.
azureResourceManager.virtualMachines().manager().serviceClient().getVirtualMachineScaleSets().getInstanceView(resourceGroupName, virtualMachineScaleSet.name(), Context.NONE);
How do I get specific VirtualMachineScaleSets under a ResourceGroup? I only see AzureResourceManager.ResourceGroups() and AzureResourceManager.virtualMachineScaleSets(), but nothing that gets virtualMachineScaleSets under a ResourceGroup.
Thanks

I have tried to get the VMSS instance in a Resource group by using the below RestApi:
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachineScaleSets/{vmScaleSetName}?api-version=2022-08-01
output:
Body:
{
"name": "rajtestVMSS",
"id": "/subscriptions/*********/resourceGroups/abcaaaa/providers/Microsoft.Compute/virtualMachineScaleSets/rajtestVMSS",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"location": "westus2",
"tags": {
"azsecpack": "nonprod",
"platformsettings.host_environment.service.platform_optedin_for_rootcerts": "true"
},
"sku": {
"name": "Standard_D2s_v3",
"tier": "Standard",
"capacity": 2
},
"properties": {
"singlePlacementGroup": false,
"upgradePolicy": {
"mode": "Manual"
},
"scaleInPolicy": {
"rules": [
"Default"
]
},
"virtualMachineProfile": {
"osProfile": {
"computerNamePrefix": "rajtestvm",
"adminUsername": "rajtest",
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true,
"enableVMAgentPlatformUpdates": false
------------------
------------------
------------------
You can use the below java code to get the VirtualMachine ScaleSet instanceview for a ResourceGroup.
import com.azure.core.util.Context;
public final class Main {
public static void getAVirtualMachineScaleSet(com.azure.resourcemanager.AzureResourceManager azure) {
azure
.virtualMachines()
.manager()
.serviceClient()
.getVirtualMachineScaleSets()
.getByResourceGroupWithResponse("myResourceGroup", "myVirtualMachineScaleSet", null, Context.NONE);
}
}
Thanks to #XiaofeiCao for the github link to know more about Azure Resource Manager client library for Java.

Related

Azure IoT Hub - create policy with supplied keys

I'm looking for a way to create access policy in Azure IoT hub but I'd like to supply my own keys.
I can see there is a command in Azure CLI:
az iot hub policy create --hub-name
--name
--permissions
[--resource-group]
[--subscription]
but it does not allow to provide my own keys.
I couldn't find anything interesting on PowerShell as well - seems like there is no command for creating shared access policy at all using PowerShell.
There is a way to use ARM template (seems like it is possible to provide primary and secondary key (https://learn.microsoft.com/en-us/azure/templates/microsoft.devices/iothubs?tabs=json#iothubproperties):
...
"properties": {
"allowedFqdnList": [ "string" ],
"authorizationPolicies": [
{
"keyName": "string",
"primaryKey": "string",
"rights": "string",
"secondaryKey": "string"
}
],
...
but it brings some hassle in terms how to provide the keys and I'm looking for something simple and preety much one-timer.
You can use the below sample arm template which create a basic iot hub & a shared access policy with our own keys. You need to create two files parameters.json & template.json.
template.json file contains the code which resources are going to deploy.
parameters.json file contains the value of those parameters that you have used in the template.json.
Template.json file:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"IotHubs_IotHub_connectionString": {
"type": "SecureString"
},
"IotHubs_IotHub_containerName": {
"type": "SecureString"
},
"IotHubs_IotHub_name": {
"defaultValue": "vedodIotHub",
"type": "String"
},
"IotHubs_Key_Name" : {
"defaultValue" : "newkeyname",
"type": "string"
},
"IotHubs_Key_Primary_value" : {
"type": "string"
},
"IotHubs_Key_Secondary_value":{
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Devices/IotHubs",
"apiVersion": "2021-07-02",
"name": "[parameters('IotHubs_IotHub_name')]",
"location": "eastus",
"sku": {
"name": "S1",
"tier": "Standard",
"capacity": 2
},
"identity": {
"type": "None"
},
"properties": {
"ipFilterRules": [],
"authorizationPolicies": [
{
"keyName": "[parameters('IotHubs_Key_Name')]",
"primaryKey": "[parameters('IotHubs_Key_Primary_value')]",
"secondaryKey" : "[parameters('IotHubs_Key_Secondary_value')]",
"rights": "RegistryRead, RegistryWrite, DeviceConnect"
}
],
"eventHubEndpoints": {
"events": {
"retentionTimeInDays": 1,
"partitionCount": 4
}
},
"routing": {
"endpoints": {
"serviceBusQueues": [],
"serviceBusTopics": [],
"eventHubs": [],
"storageContainers": []
},
"routes": [],
"fallbackRoute": {
"name": "$fallback",
"source": "DeviceMessages",
"condition": "true",
"endpointNames": [
"events"
],
"isEnabled": true
}
},
"storageEndpoints": {
"$default": {
"sasTtlAsIso8601": "PT1H",
"connectionString": "[parameters('IotHubs_IotHub_connectionString')]",
"containerName": "[parameters('IotHubs_IotHub_containerName')]"
}
},
"messagingEndpoints": {
"fileNotifications": {
"lockDurationAsIso8601": "PT1M",
"ttlAsIso8601": "PT1H",
"maxDeliveryCount": 10
}
},
"enableFileUploadNotifications": false,
"cloudToDevice": {
"maxDeliveryCount": 10,
"defaultTtlAsIso8601": "PT1H",
"feedback": {
"lockDurationAsIso8601": "PT1M",
"ttlAsIso8601": "PT1H",
"maxDeliveryCount": 10
}
},
"features": "None"
}
}
]
}
parameters.json file :
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"IotHubs_IotHub_connectionString": {
"value": ""
},
"IotHubs_IotHub_containerName": {
"value": ""
},
"IotHubs_IotHub_name": {
"value": "<IotHubName>"
},
"IotHubs_Key_Name":{
"value" : "<sharedaccesspolicyKeyName>"
},
"IotHubs_Key_Primary_value": {
"value" : "<accesspolicyPrimaryKeyValue>"
},
"IotHubs_Key_Secondary_value":{
"value" : "<accesspolicySecondaryKeyValue>"
}
}
}
Using the below Powershell cmdlets to deploy the create a Iot hub & passing the above template.json & parameters.json file as parameters :
New-AzResourceGroupDeployment -ResourceGroupName <resourcegroupName> -TemplateFile '<pathfortemplate.jsonfile>' -TemplateParameterFile '<Pathforparameters.jsonfile>'
Here is the sample output screenshot for reference:

Cannot create azure private dns A record with its ip by using ARM template

I am trying to create an A record in an Azure private DNS Zone with an ARM template. The creation of the record is successful but without its IP, neither TTL.
My template is below:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"DNSZoneName": {
"type": "string",
"defaultValue": "privatelink.database.windows.net",
"metadata": {
"description": "The name of the DNS zone. Must have at least 2 segements, e.g. hostname.org"
}
},
"newRecordName": {
"type": "string",
"defaultValue": "pe-sql3",
"metadata": {
"description": "The name of the DNS record to be created. The name is relative to the zone, not the FQDN."
}
}
},
"resources": [
{
"type": "Microsoft.Network/privateDnsZones/A",
"apiVersion": "2018-09-01",
"name": "[concat(parameters('DNSZoneName'), '/', parameters('newRecordName'))]",
"location": "global",
"properties": {
"TTL": 3600,
"ARecords": [
{
"ipv4Address": "10.0.0.1"
}
]
}
}
]
}
My command is New-AzResourceGroupDeployment -ResourceGroupName myRg -TemplateFile deploy.json
Here is the screenshot of the A record from the portal:
Any idea?
I think you have a race condition. Add a dpendsOn.
"dependsOn": [
"[parameters('DNSZoneName')]"
],
Like this:
[EDIT: specify the DNS Zone resource as well]
"resources": [
{
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2018-05-01",
"name": "[parameters('DNSZoneName')]",
"location": "global"
},
{
"type": "Microsoft.Network/privateDnsZones/A",
"apiVersion": "2018-09-01",
"name": "[concat(parameters('DNSZoneName'), '/', parameters('newRecordName'))]",
"location": "global",
"dependsOn": [
"[parameters('DNSZoneName')]"
],
"properties": {
"TTL": 3600,
"ARecords": [
{
"ipv4Address": "10.0.0.1"
}
]
}
}
]
I was writing TTL and ARecords in capital letter. That should have been with ttl and aRecords:
"properties": {
"ttl": 3600,
"aRecords": [
{
"ipv4Address": "1.2.3.4"
}
]
}
}
But the thing is that when it is written with capital letters, the REST API doesn’t throw error and accept the request. Normally, it should return http 400 error.
Anyway, my problem is solved.

How to get VM's private IP from the virtual machine scale set using the ARM template?

I created an ARM template with a virtual machine scale set, Now I am stuck in my ARM template development because I couldn't get private IPs of the virtual machine created inside the scale set. Private IPs are required to update Cassandra seeds using extension scripts.
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "2020-06-01",
"name": "[parameters('vmName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]",
"Microsoft.Compute/images/myCustomImage"
],
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "[parameters('vmSku')]",
"tier": "Standard",
"capacity": "[parameters('instanceCount')]"
},
"properties": {
"overprovision": "false",
"upgradePolicy": {
"mode": "Manual"
},
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"id": "[resourceId('Microsoft.Compute/images', 'myCustomImage')]"
}
},
"osProfile": {
"computerNamePrefix": "[parameters('vmName')]",
"customdata": "1",
"adminUsername": "centos",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "/home/centos/.ssh/authorized_keys",
"keyData": "xxxx"
}
]
}
}
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "[parameters('nicName')]",
"properties": {
"primary": true,
"ipConfigurations": [
{
"name": "[variables('ipConfigName')]",
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), 'cassandra')]"
}
}
}
]
}
}
]
}
}
}
}
How to get private IPs of VMs created within the scale set?
You can use the function reference to get the NIC resource of the VMSS instances. And the resource id of the instance NICs, look like this:
/subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Compute/virtualMachineScaleSets/{vmssName}/virtualMachines/{instanceId}/networkInterfaces/{nicName}
So you can set the variables for each instance id and then get the private IP addresses, the part of the template looks like this:
"variables": {
"instanceNic-0": "[concat('/subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Compute/virtualMachineScaleSets/{vmssName}/virtualMachines/0/networkInterfaces/', parameters('nicName'))]"
},
"outputs": {
"instanceNic-0-IP": {
"type": "string",
"value": "[reference(variables('instanceNic-0'), '2016-09-01').ipConfigurations[0].properties.privateIPAddress]"
}
}

Passing credential to DSC from arm template

I am trying to pass a user credential to my DSC script via arm template.Its seem template is not passing credential correctly to the dsc.
DSC and MOF
Thanks
Here's whats working for me. Powershell:
Param(
[System.Management.Automation.PSCredential]$Admincreds,
xxx
)
xxx
Arm template:
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.20",
"autoUpgradeMinorVersion": true,
"settings": {
"configuration": {
"url": "https://url.zip",
"script": "file.ps1",
"function": "configuration"
},
"configurationArguments": {
"param": "something"
}
},
"protectedSettings": {
"configurationArguments": {
"adminCreds": {
"userName": "actualusername",
"password": "actualpassword"
}
}
}
}

Join VMSS VM's to domain

It says here: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq
That I can join a virtual machine scale set to an Azure AD domain, but I dont understand how you implement the JSON extension they state to use, I cant work out where I put it.
I have created the VMSS but cannot see an Extensions bit on it.
You can use script\dsc extensión as you normally would on a regular VM.
Sample DSC extensión:
{
"name": "Microsoft.Powershell.DSC",
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.19",
"autoUpgradeMinorVersion": true,
"settings": {
"configuration": {
"url": "url_goes_here.ps1",
"script": "script.ps1",
"function": "function"
},
"configurationArguments": {
"domainName": "domain.name"
}
},
"protectedSettings": {
"configurationArguments": {
"adminCreds": {
"userName": "User",
"password": "Password"
}
}
}
}
}

Resources