I am developing an ARM template for Azure Data Factory with managed private endpoints to SQL Server and Azure Datalake. However, when the ARM template completes execution, the managed private endpoints are in "Pending" state. How can I provision the managed private endpoint so that it gets provisioned as "Approved" once ADF is completely provisioned using ARM Template. Following is my template.json file:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"environment": {
"type": "string",
"metadata": {
"description": "name of environment for deployment"
}
},
"project": {
"type": "string",
"metadata": {
"description": "name of the project for building the name of resources"
}
},
"location": {
"defaultValue": "eastus",
"type": "string"
},
"adfFactoryName": {
"type": "string"
},
"adfVersion": {
"type": "string"
},
"tags": {
"type": "object",
"metadata": {
"description": "tags to add to resources"
}
},
"adfVNetEnabled": {
"type": "bool"
},
"adfPublicNetworkAccess": {
"type": "bool"
},
"adfAzureDatabricksDomain": {
"type": "string",
"metadata": "Azure Databricks existing cluster Id"
},
"adfAzureDatabricksExistingClusterId": {
"type": "string",
"metadata": "Azure Databricks existing cluster Id"
},
"adfDataLakeConnectionString": {
"type": "string",
"metadata": "Azure Data Lake connection string"
},
"adfDataFactoryIdentity": {
"type": "string",
"metadata": "Identity type for data factory"
},
"adfLSASDBConnectionString": {
"type": "string",
"metadata": "SQL DB connection string"
},
"adfKVBaseURL": {
"type": "string",
"metadata": "Keyvault connection string"
},
"adfDataLakeStorageName": {
"type": "string",
"metadata": "Azure Data lake Storage Name"
},
"adfDataLakeStorageGroupId": {
"type": "string",
"metadata": "Azure Data lake Storage Group ID"
},
"adfSqlServerName": {
"type": "string",
"metadata": "Azure SQL Server name"
},
"adfSqlServerGroupId": {
"type": "string",
"metadata": "Azure SQL Server Group ID"
}
},
"variables": {
"factoryId": "[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'))]",
"managedVirtualNetworkName": "[concat(parameters('adfFactoryName'), '/default')]"
},
"resources": [
{
"condition": "[equals(parameters('adfVersion'), 'V2')]",
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"name": "[parameters('adfFactoryName')]",
"location": "[parameters('location')]",
"identity": {
"type": "[parameters('adfDataFactoryIdentity')]"
},
"properties": {
"publicNetworkAccess": "[if(bool(parameters('adfPublicNetworkAccess')), 'Enabled', 'Disabled')]"
},
"tags": "[parameters('tags')]",
"resources": [
{
"condition": "[and(equals(parameters('adfVersion'), 'V2'), parameters('adfVNetEnabled'))]",
"name": "[concat(parameters('adfFactoryName'), '/default')]",
"type": "Microsoft.DataFactory/factories/managedVirtualNetworks",
"apiVersion": "2018-06-01",
"properties": {},
"dependsOn": [
"[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'))]"
]
},
{
"condition": "[and(equals(parameters('adfVersion'), 'V2'), parameters('adfVNetEnabled'))]",
"name": "[concat(parameters('adfFactoryName'), '/DDIR')]",
"type": "Microsoft.DataFactory/factories/integrationRuntimes",
"apiVersion": "2018-06-01",
"properties": {
"type": "Managed",
"managedVirtualNetwork": {
"referenceName": "default",
"type": "ManagedVirtualNetworkReference"
},
"typeProperties": {
"computeProperties": {
"location": "[parameters('location')]"
}
}
},
"dependsOn": [
"[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'))]",
"[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'), '/managedVirtualNetworks/default')]"
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/AzureKeyVault')]",
"type": "Microsoft.DataFactory/factories/linkedServices",
"apiVersion": "2018-06-01",
"properties": {
"annotations": [],
"type": "AzureKeyVault",
"typeProperties": {
"baseUrl": "[parameters('adfKVBaseURL')]"
}
},
"dependsOn": [
"[parameters('adfFactoryName')]"
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/AzureDatabricks_LinkedService')]",
"type": "Microsoft.DataFactory/factories/linkedServices",
"apiVersion": "2018-06-01",
"properties": {
"annotations": [],
"type": "AzureDatabricks",
"typeProperties": {
"domain": "[parameters('adfAzureDatabricksDomain')]",
"accessToken": {
"type": "AzureKeyVaultSecret",
"store": {
"referenceName": "AzureKeyVault",
"type": "LinkedServiceReference"
},
"secretName": "[concat('kvs-databricks-',parameters('environment'), 'aue', parameters('project'))]"
},
"existingClusterId": "[parameters('adfAzureDatabricksExistingClusterId')]"
},
"connectVia": {
"referenceName": "DDIR",
"type": "IntegrationRuntimeReference"
}
},
"dependsOn": [
"[parameters('adfFactoryName')]",
"[concat(variables('factoryId'), '/integrationRuntimes/DDIR')]",
"[concat(variables('factoryId'), '/linkedServices/AzureKeyVault')]"
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/AzureDatalake_DDIR')]",
"type": "Microsoft.DataFactory/factories/linkedServices",
"apiVersion": "2018-06-01",
"properties": {
"annotations": [],
"type": "AzureBlobFS",
"typeProperties": {
"url": "[parameters('adfDataLakeConnectionString')]"
},
"connectVia": {
"referenceName": "DDIR",
"type": "IntegrationRuntimeReference"
}
},
"dependsOn": [
"[parameters('adfFactoryName')]",
"[concat(variables('factoryId'), '/integrationRuntimes/DDIR')]"
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/LS_ASDB')]",
"type": "Microsoft.DataFactory/factories/linkedServices",
"apiVersion": "2018-06-01",
"properties": {
"annotations": [],
"type": "AzureSqlDatabase",
"typeProperties": {
"connectionString": "[parameters('adfLSASDBConnectionString')]",
"password": {
"type": "AzureKeyVaultSecret",
"store": {
"referenceName": "AzureKeyVault",
"type": "LinkedServiceReference"
},
"secretName": "kvs-synapsepwd-devauegteng"
}
},
"connectVia": {
"referenceName": "DDIR",
"type": "IntegrationRuntimeReference"
}
},
"dependsOn": [
"[parameters('adfFactoryName')]",
"[concat(variables('factoryId'), '/integrationRuntimes/DDIR')]",
"[concat(variables('factoryId'), '/linkedServices/AzureKeyVault')]"
]
}
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/default/',parameters('adfDataLakeStorageName'))]",
"type": "Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints",
"apiVersion": "2018-06-01",
"properties": {
"privateLinkResourceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('adfDataLakeStorageName'))]",
"groupId": "[parameters('adfDataLakeStorageGroupId')]"
},
"dependsOn": [
"[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'), '/managedVirtualNetworks/default')]"
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/default/',parameters('adfSqlServerName'))]",
"type": "Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints",
"apiVersion": "2018-06-01",
"properties": {
"privateLinkResourceId": "[resourceId('Microsoft.Sql/servers', parameters('adfSqlServerName'))]",
"groupId": "[parameters('adfSqlServerGroupId')]"
},
"dependsOn": [
"[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'), '/managedVirtualNetworks/default')]"
]
}
]
}
I ran in the same problem and created a Az Powershell script function to help me out.
function ApprovePrivateEndpointConnections {
param (
[string] $ResourceGroupName,
[string] $ResourceName
)
$Resource = Get-AzResource -Name $ResourceName -ResourceGroupName $ResourceGroup
if ($Resource) {
$ResourcePendingConnection = Get-AzPrivateEndpointConnection -PrivatelinkResourceId $Resource.ResourceId | Where-Object -FilterScript {$_.PrivateLinkServiceConnectionState.Status -EQ 'Pending'}
if ($ResourcePendingConnection) {
foreach ($Connection in $ResourcePendingConnection)
{
Approve-AzPrivateEndpointConnection -ResourceId $Connection.Id
}
}
else
{
Write-Output 'No pending connections for Resource: ' $ResourceName
}
}
else
{
Write-Output 'No resource found with name: ' $ResourceName
}
}
I found Toofle's script an excellent start here, but was slightly nervous about the security risk of simply approving all pending requests.
I have therefore modified the script to take additional parameters relating to the private endpoint I am expecting, and to ignore any endpoints which do not match.
param(
[Parameter(Mandatory)]
[string] $DataFactoryName,
[Parameter(Mandatory)]
[string] $PrivateEndpointName,
[Parameter(Mandatory)]
[string] $TargetResourceId
)
$Resource = Get-AzResource -ResourceId $TargetResourceId
if ($Resource) {
$ResourcePendingConnection = Get-AzPrivateEndpointConnection -PrivatelinkResourceId $Resource.ResourceId `
| Where-Object -FilterScript {$_.PrivateLinkServiceConnectionState.Status -EQ 'Pending'} `
| Where-Object -FilterScript {$_.PrivateEndpoint.Id -like "*/providers/Microsoft.Network/privateEndpoints/$DataFactoryName.$PrivateEndpointName"}
if ($ResourcePendingConnection) {
foreach ($Connection in $ResourcePendingConnection)
{
Approve-AzPrivateEndpointConnection -ResourceId $Connection.Id
}
}
else
{
Write-Output 'No pending connections for Resource: ' $TargetResourceId
}
}
else
{
Write-Output 'No resource found with ID: ' $TargetResourceId
}
Create private endpoint resource using Azure portal or using ARM template with the following JSON template and mention status as Approved in ConnectionState.
Example:
{
"name": "string",
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-07-01",
"location": "string",
"tags": {},
"properties": {
"subnet": {
"id": "string",
"name": "string"
},
"privateLinkServiceConnections": [
{
"id": "string",
"properties": {
"privateLinkServiceId": "string",
"groupIds": [
"string"
],
"requestMessage": "string",
"privateLinkServiceConnectionState": {
"status": "string",
"description": "string",
"actionsRequired": "string"
}
},
"name": "string"
}
],
"manualPrivateLinkServiceConnections": [
{
"id": "string",
"properties": {
"privateLinkServiceId": "string",
"groupIds": [
"string"
],
"requestMessage": "string",
"privateLinkServiceConnectionState": {
"status": "string",
"description": "string",
"actionsRequired": "string"
}
},
"name": "string"
}
],
"customDnsConfigs": [
{
"fqdn": "string",
"ipAddresses": [
"string"
]
}
]
},
"resources": []
}
Refer - privateendpoints for string property values.
I couldn't find a way to get it done in ARM itself. My feeling that if it's possible to do so, you have to be on the receiving side of the link (storage account, database etc.), whether it's ARM, Bicep or CLI.
What we are doing now is:
az network private-endpoint-connection list -g <RESOURCE_GROUP> -n <SA_NAME> --type Microsoft.Storage/storageAccounts --query "[?properties.privateLinkServiceConnectionState.status == 'Pending'].name" > output.json
jq -c '.[]' output.json | xargs -r -L 1 az network private-endpoint-connection approve -g <RESOURCE_GROUP> --resource-name <SA_NAME> --type Microsoft.Storage/storageAccounts --description "Approved" -n
You may put this in an Azure CLI step of the release pipeline.
Approval needs to be automated with a script, there is a good example in the official templates.
Related
Is it only possible to create one on-demand SFPT Server with one Resource group in Azure?
This is a link regards to SFPT on Azure. https://learn.microsoft.com/en-us/samples/azure-samples/sftp-creation-template/sftp-on-azure/
I tried to create a second SFPT in the same Resource group, but previous SFPT got replaced with the new one.
I tried Goolging on this one, but I was not able to find the answer, so I am posting this question here.
Yes we can deploy multiple SFTP server to our Azure resource group.
But the template you are using already they have declare default variables ,Instead of that we need to declare parameters as shown in below template, So that you can use the same template multiple times.
TEMPLATE:-
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.4.63.48766",
"templateHash": "17013458610905703770"
}
},
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"metadata": {
"description": "Storage account type"
},
"allowedValues": [
"Standard_LRS",
"Standard_ZRS",
"Standard_GRS"
]
},
"storageAccountPrefix": {
"type": "string",
"defaultValue": "sftpstg",
"metadata": {
"description": "Prefix for new storage account"
}
},
"fileShareName": {
"type": "string",
"defaultValue": "sftpfileshare",
"metadata": {
"description": "Name of file share to be created"
}
},
"sftpUser": {
"type": "string",
"defaultValue": "sftp",
"metadata": {
"description": "Username to use for SFTP access"
}
},
"sftpPassword": {
"type": "securestring",
"metadata": {
"description": "Password to use for SFTP access"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Primary location for resources"
}
},
"containerGroupDNSLabel": {
"type": "string",
"defaultValue": "[uniqueString(resourceGroup().id, deployment().name)]",
"metadata": {
"description": "DNS label for container group"
}
},
"sftpContainerGroupName": {
"type": "string",
"metadata": {
"description": "cngroup for container group"
}
},
"sftpContainerName": {
"type": "string",
"metadata": {
"description": "container name"
}
}
},
"functions": [],
"variables": {
"sftpContainerImage": "atmoz/sftp:debian",
"sftpEnvVariable": "[format('{0}:{1}:1001', parameters('sftpUser'), parameters('sftpPassword'))]",
"storageAccountName": "[take(toLower(format('{0}{1}', parameters('storageAccountPrefix'), uniqueString(resourceGroup().id))), 24)]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"name": "[variables('storageAccountName')]",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
"name": "[parameters('storageAccountType')]"
}
},
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2019-06-01",
"name": "[toLower(format('{0}/default/{1}', variables('storageAccountName'), parameters('fileShareName')))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
]
},
{
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2019-12-01",
"name": "[parameters('sftpContainerGroupName')]",
"location": "[parameters('location')]",
"properties": {
"containers": [
{
"name": "[parameters('sftpContainerName')]",
"properties": {
"image": "[variables('sftpContainerImage')]",
"environmentVariables": [
{
"name": "SFTP_USERS",
"secureValue": "[variables('sftpEnvVariable')]"
}
],
"resources": {
"requests": {
"cpu": 1,
"memoryInGB": 1
}
},
"ports": [
{
"port": 22,
"protocol": "TCP"
}
],
"volumeMounts": [
{
"mountPath": "[format('/home/{0}/upload', parameters('sftpUser'))]",
"name": "sftpvolume",
"readOnly": false
}
]
}
}
],
"osType": "Linux",
"ipAddress": {
"type": "Public",
"ports": [
{
"port": 22,
"protocol": "TCP"
}
],
"dnsNameLabel": "[parameters('containerGroupDNSLabel')]"
},
"restartPolicy": "OnFailure",
"volumes": [
{
"name": "sftpvolume",
"azureFile": {
"readOnly": false,
"shareName": "[parameters('fileShareName')]",
"storageAccountName": "[variables('storageAccountName')]",
"storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-06-01').keys[0].value]"
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
]
}
],
"outputs": {
"containerDNSLabel": {
"type": "string",
"value": "[format('{0}.{1}.azurecontainer.io', reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('sftpContainerGroupName'))).ipAddress.dnsNameLabel, reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('sftpContainerGroupName')), '2019-12-01', 'full').location)]"
}
}
}
Deployment details:-
I'm running the custom template deployment which includes a Linux VM and a Linux-based VMSS.
Both operations (VM creation and VMSS creation) involves the CustomScriptExtension.
The scripts used for post-configuration are the same for VM and VMSS.
They have the same reference inside the template.
However, the deployment for VM is completed succesfully but for VMSS is ended with an error.
When checking resource group in Azure portal, VMSS is created successfully and shows activity (CPU, memory etc).
In "Extensions" blade I can see my predefined extension:
However the state is "Failed". When clicking on "Failed" to see the details the following error is shown:
Message: VM has reported a failure when processing extension 'filesextension'. Error message: "Enable failed: processing file downloads failed: failed to download file[1]: failed to download file: unexpected status code: actual=404 expected=200" More information on troubleshooting is available at https://aka.ms/VMExtensionCSELinuxTroubleshoot
Azure portal deployment error:
{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'filesextension'. Error message: \"Enable failed: processing file downloads failed: failed to download file[1]: failed to download file: unexpected status code: actual=404 expected=200\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSELinuxTroubleshoot "
}
]
}
}
The same error is when deploying via CLI:
Deployment failed. Correlation ID: f077af77-405b-49fe-9f95-bf42a722c7ec. {
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'filesextension'. Error message: \"Enable failed: processing file downloads failed: failed to download file[0]: failed to download file: unexpected status code: actual=404 expected=200\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSELinuxTroubleshoot "
}
ARM template itself:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"defaultValue": "[resourceGroup().location]",
"type": "String",
"metadata": {
"description": "Location for all resources"
}
},
"dnsNameForJumpBox": {
"type": "String",
"metadata": {
"description": "Unique DNS Name for the Public IP used to access the Docker Virtual Machine (master node)."
}
},
"vmImageReference": {
"defaultValue": {
"publisher": "Canonical",
"offer": "UbuntuServer",
"sku": "16.04-LTS",
"version": "latest"
},
"type": "Object",
"metadata": {
"description": "The image to use for VMs created. This can be marketplace or custom image",
"link": "https://learn.microsoft.com/en-us/nodejs/api/azure-arm-compute/imagereference?view=azure-node-2.2.0"
}
},
"vmNodeSku": {
"defaultValue": "Standard_F8s_v2",
"type": "String",
"metadata": {
"description": "Size of VMs in the VM Scale Set."
}
},
"vmMasterSku": {
"defaultValue": "Standard_F16s_v2",
"type": "String",
"metadata": {
"description": "Size of the master node."
}
},
"vmMasterDiskType": {
"defaultValue": "Premium_LRS",
"allowedValues": [
"Premium_LRS",
"Standard_LRS"
],
"type": "String",
"metadata": {
"description": "Choose between a standard disk for and SSD disk for the master node's NFS fileshare"
}
},
"vmMasterDiskSize": {
"defaultValue": 256,
"allowedValues": [
32,
64,
128,
256,
512,
1000,
2000,
4000,
10000
],
"type": "Int",
"metadata": {
"description": "The SSD Size to be used for the NFS file share. For pricing details see https://azure.microsoft.com/en-us/pricing/details/managed-disks/"
}
},
"vmAdditionalInstallScriptUrl": {
"defaultValue": "",
"type": "String",
"metadata": {
"description": "An additional installs script (bash run as root) to be run after nodes/master are configured. Can be used to mount additional storage or do additional setup"
}
},
"vmAdditionalInstallScriptArgument": {
"defaultValue": "",
"type": "String",
"metadata": {
"description": "An argument to be passed to the additional install script"
}
},
"nextflowInstallUrl": {
"defaultValue": "https://get.nextflow.io",
"type": "String",
"metadata": {
"description": "The install URL for nextflow, this can be used to pin nextflow versions"
}
},
"instanceCount": {
"defaultValue": 2,
"maxValue": 100,
"type": "Int",
"metadata": {
"description": "Number of cluster VM instances (100 or less)."
}
},
"adminUsername": {
"type": "String",
"metadata": {
"description": "Admin username on all VMs."
}
},
"vnetName": {
"defaultValue": "nfvnet",
"type": "String",
"metadata": {
"description": "Name of the virtual network to deploy the scale set into."
}
},
"subnetName": {
"defaultValue": "nfsubnet",
"type": "String",
"metadata": {
"description": "Name of the subnet to deploy the scale set into."
}
},
"shareName": {
"defaultValue": "sharedstorage",
"type": "String",
"metadata": {
"description": "Azure file share name."
}
},
"mountpointPath": {
"defaultValue": "/datadisks/disk1",
"type": "String",
"metadata": {
"description": "Path on VM to mount file shares. '/datadisks/disk1/' is a Premium Managed disk with high iops, this will suit most uses."
}
},
"nodeMaxCpus": {
"defaultValue": 2,
"type": "Int",
"metadata": {
"description": "Sets the cluster.maxCpus setting on all cluster nodes"
}
},
"_artifactsLocation": {
"defaultValue": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master",
"type": "String",
"metadata": {
"description": "*Advanced* This is best left as default unless you are an advanced user. The base URI where artifacts required by this template are located."
}
},
"_artifactsLocationSasToken": {
"defaultValue": "",
"type": "SecureString",
"metadata": {
"description": "*Advanced* This should be left as default unless you are an advanced user. The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated."
}
},
"_artifactsSharedFolder": {
"defaultValue": "shared_scripts/ubuntu",
"type": "String",
"metadata": {
"description": "*Advanced* This should be left as default unless you are an advanced user. The folder in the artifacts location were shared scripts are stored."
}
},
"_artifactsNextflowFolder": {
"defaultValue": "nextflow-genomics-cluster-ubuntu/scripts",
"type": "String",
"metadata": {
"description": "*Advanced* This should be left as default unless you are an advanced user. The folder in the artifacts location were nextflow scripts are stored."
}
},
"authenticationType": {
"defaultValue": "sshPublicKey",
"allowedValues": [
"sshPublicKey",
"password"
],
"type": "String",
"metadata": {
"description": "Type of authentication to use on the Virtual Machine. SSH key is recommended."
}
},
"adminPasswordOrKey": {
"type": "SecureString",
"metadata": {
"description": "SSH Key or password for the Virtual Machine. SSH key is recommended."
}
}
},
"variables": {
"nextflowInitScript": "[uri(parameters('_artifactsLocation'), concat(parameters('_artifactsNextflowFolder'), '/init.sh', parameters('_artifactsLocationSasToken')))]",
"diskInitScript": "[uri(parameters('_artifactsLocation'), concat(parameters('_artifactsSharedFolder'), '/vm-disk-utils-0.1.sh', parameters('_artifactsLocationSasToken')))]",
"jumpboxNICName": "jumpboxNIC",
"addressPrefix": "10.0.0.0/16",
"subnetPrefix": "10.0.0.0/24",
"vmssName": "[concat('cluster', uniqueString(parameters('dnsNameForJumpBox')))]",
"storageAccountType": "Standard_LRS",
"storageAccountName": "[concat('nfstorage', uniqueString(resourceGroup().id))]",
"publicIPAddressName": "jumpboxPublicIP",
"publicIPAddressType": "Dynamic",
"jumpboxVMName": "jumpboxVM",
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[concat('/home/', parameters('adminUsername'), '/.ssh/authorized_keys')]",
"keyData": "[parameters('adminPasswordOrKey')]"
}
]
}
},
"networkSecurityGroupName": "default-NSG"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2016-01-01",
"name": "[variables('storageAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "Storage"
},
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2017-06-01",
"name": "[variables('publicIPAddressName')]",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsNameForJumpBox')]"
}
}
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2019-08-01",
"name": "[variables('networkSecurityGroupName')]",
"location": "[parameters('location')]",
"properties": {
"securityRules": [
{
"name": "default-allow-22",
"properties": {
"priority": 1000,
"access": "Allow",
"direction": "Inbound",
"destinationPortRange": "22",
"protocol": "Tcp",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "*"
}
}
]
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2017-06-01",
"name": "[parameters('vnetName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
],
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
}
}
}
]
}
},
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2017-06-01",
"name": "[variables('jumpboxNICName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[concat('Microsoft.Network/virtualNetworks/', parameters('vnetName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
]
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2017-03-30",
"name": "[variables('jumpboxVMName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"[concat('Microsoft.Network/networkInterfaces/', variables('jumpboxNICName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmMasterSKU')]"
},
"osProfile": {
"computerName": "[variables('jumpboxVMName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPasswordOrKey')]",
"linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), json('null'), variables('linuxConfiguration'))]"
},
"storageProfile": {
"imageReference": "[parameters('vmImageReference')]",
"osDisk": {
"createOption": "FromImage"
},
"dataDisks": [
{
"lun": 0,
"name": "jumpboxdatadisk",
"diskSizeGB": "[parameters('vmMasterDiskSize')]",
"caching": "None",
"createOption": "Empty",
"managedDisk": {
"storageAccountType": "[parameters('vmMasterDiskType')]"
}
}
]
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('jumpboxNICName'))]"
}
]
}
}
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2017-03-30",
"name": "[concat(variables('jumpboxVMName'),'/nfinit')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('jumpboxVMName'))]"
],
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"typeHandlerVersion": "2.0",
"autoUpgradeMinorVersion": true,
"forceUpdateTag": "rerunnow",
"settings": {
"fileUris": [
"[variables('nextflowInitScript')]",
"[variables('diskInitScript')]"
]
},
"protectedSettings": {
"commandToExecute": "[concat('bash init.sh ', variables('storageAccountName'), ' ', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2016-01-01').keys[0].value, ' ', parameters('shareName'), ' ', parameters('mountpointPath'), ' false ', parameters('adminUsername'), ' 0 ', parameters('nextflowInstallUrl'), ' ', parameters('vmAdditionalInstallScriptUrl'), ' ', parameters('vmAdditionalInstallScriptArgument'))]"
}
}
},
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "2017-03-30",
"name": "[variables('vmssName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', parameters('vnetName'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]"
],
"sku": {
"name": "[parameters('vmNodeSKU')]",
"capacity": "[parameters('instanceCount')]"
},
"properties": {
"overprovision": true,
"upgradePolicy": {
"mode": "Manual"
},
"virtualMachineProfile": {
"storageProfile": {
"osDisk": {
"createOption": "FromImage",
"caching": "ReadWrite"
},
"imageReference": "[parameters('vmImageReference')]"
},
"osProfile": {
"computerNamePrefix": "[variables('vmssName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPasswordOrKey')]",
"linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), json('null'), variables('linuxConfiguration'))]"
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "nic",
"properties": {
"primary": true,
"ipConfigurations": [
{
"name": "ipconfig",
"properties": {
"subnet": {
"id": "[resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]"
}
}
}
]
}
}
]
},
"extensionProfile": {
"extensions": [
{
"name": "filesextension",
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"typeHandlerVersion": "2.0",
"autoUpgradeMinorVersion": true,
"forceUpdateTag": "rerunnow",
"settings": {
"fileUris": [
"[variables('nextflowInitScript')]",
"[variables('diskInitScript')]"
]
},
"protectedSettings": {
"commandToExecute": "[concat('bash init.sh ', variables('storageAccountName'), ' ', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2016-01-01').keys[0].value, ' ', parameters('shareName'), ' ', parameters('mountpointPath'), ' true ', parameters('adminUsername'), ' ', parameters('nodeMaxCpus'), ' ', parameters('nextflowInstallUrl'), ' ', parameters('vmAdditionalInstallScriptUrl'), ' ', parameters('vmAdditionalInstallScriptArgument'))]"
}
}
}
]
}
}
}
}
],
"outputs": {
"JumpboxConnectionString": {
"type": "String",
"value": "[concat('ssh ', parameters('adminUsername'), '#', reference(variables('publicIPAddressName')).dnsSettings.fqdn)]"
},
"ExampleNextflowCommand": {
"type": "String",
"value": "[concat('nextflow run hello -process.executor ignite -cluster.join path:', parameters('mountpointPath'), '/cifs/cluster', ' -with-timeline runtimeline.html -with-trace -cluster.maxCpus 0')]"
},
"ExampleNextflowCommandWithDocker": {
"type": "String",
"value": "[concat('nextflow run nextflow-io/rnatoy -with-docker -process.executor ignite -cluster.join path:', parameters('mountpointPath'), '/cifs/cluster', ' -with-timeline runtimeline.html -with-trace -cluster.maxCpus 0')]"
}
}
}
I have only one suggestion that the extensionProfile part of the template isn't working as expected however was unable to find any proofs.
"extensionProfile": {
"extensions": [
{
"name": "filesextension",
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"typeHandlerVersion": "2.0",
"autoUpgradeMinorVersion": true,
"forceUpdateTag": "rerunnow",
"settings": {
"fileUris": [
"[variables('nextflowInitScript')]",
"[variables('diskInitScript')]"
]
},
"protectedSettings": {
"commandToExecute": "[concat('bash init.sh ', variables('storageAccountName'), ' ', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2016-01-01').keys[0].value, ' ', parameters('shareName'), ' ', parameters('mountpointPath'), ' true ', parameters('adminUsername'), ' ', parameters('nodeMaxCpus'), ' ', parameters('nextflowInstallUrl'), ' ', parameters('vmAdditionalInstallScriptUrl'), ' ', parameters('vmAdditionalInstallScriptArgument'))]"
}
}
}
]
}
}
Has the url with sas token worked at all? Check it by attempting to download the script in a browser after you have created the sas token.
If it works and then doesn't work later - this could be down to the sas token expiring after a set period. You can attempt to log the full url out after deploying of your vmss. Then try again and download the script from a browser.
I'm rewriting an ARM template because we no longer use Linked Templates. The Linked templates give us versioning headaches. I'm using a subscription level deployment to deploy a resource group, with nested a deletion lock, storage account, keyvault, 2 functionapps, user assigned managed identity and a keyvault access policy.
ARM Template I use:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"deplocation": {
"type": "string",
"allowedValues": [
"West Europe",
"North Europe"
],
"defaultValue": "West Europe",
"metadata": {
"description": "Location for all resources."
}
},
"tags": {
"type": "object"
},
"rgName": {
"type": "string"
},
"saName": {
"type": "string",
"metadata": {
"description": "The name of the resource."
}
},
"saType": {
"type": "string",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS",
"Premium_LRS"
],
"defaultValue": "Standard_LRS",
"metadata": {
"description": "Gets or sets the SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType. - Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_LRS, Premium_ZRS, Standard_GZRS, Standard_RAGZRS"
}
},
"saKind": {
"type": "string",
"allowedValues": [
"StorageV2",
"BlobStorage",
"FileStorage",
"BlockBlobStorage"
],
"defaultValue": "StorageV2",
"metadata": {
"description": "Indicates the type of storage account. - Storage, StorageV2, BlobStorage, FileStorage, BlockBlobStorage"
}
},
"saAccessTier": {
"type": "string"
},
"saSupportsHttpsTrafficOnly": {
"type": "bool"
},
"kvName": {
"type": "string"
},
"kvSkuName": {
"type": "string"
},
"kvSkuFamily": {
"type": "string"
},
"kvSecretsPermissions": {
"type": "array"
},
"uamiName": {
"type": "string"
},
"fa1Name": {
"type": "string"
},
"fa2Name": {
"type": "string"
},
"aspName": {
"type": "string"
},
"aspRg": {
"type": "string"
},
"appInsightsName": {
"type": "string"
},
"appInsightsRg": {
"type": "string"
}
},
"variables": {
"tenantId": "[subscription().tenantId]",
"subscriptionId": "[subscription().subscriptionId]"
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('depLocation')]",
"name": "[parameters('rgName')]",
"tags": "[parameters('tags')]",
"properties": {
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "resourceDeployment",
"resourceGroup": "[parameters('rgName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "DeletionLock",
"type": "Microsoft.Authorization/locks",
"apiVersion": "2017-04-01",
"properties": {
"level": "CanNotDelete",
"notes": "[parameters('rgName')]"
}
},
{
"name": "[parameters('saName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-04-01",
"sku": {
"name": "[parameters('saType')]"
},
"kind": "[parameters('saKind')]",
"location": "[parameters('deplocation')]",
"tags": "[parameters('tags')]",
"properties": {
"accessTier": "[parameters('saAccessTier')]",
"supportsHttpsTrafficOnly": "[parameters('saSupportsHttpsTrafficOnly')]"
}
},
{
"name": "[concat(parameters('saName'), '/default')]",
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2019-04-01",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('saName'))]"
],
"properties": {
"cors": {
"corsRules": [
]
},
"deleteRetentionPolicy": {
"enabled": false
}
}
},
{
"name": "[parameters('kvName')]",
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2018-02-14",
"location": "[parameters('deplocation')]",
"tags": "[parameters('tags')]",
"properties": {
"tenantId": "[variables('tenantId')]",
"accessPolicies": [
],
"sku": {
"name": "[parameters('kvSkuName')]",
"family": "[parameters('kvSkuFamily')]"
}
}
},
{
"name": "[parameters('uamiName')]",
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"apiVersion": "2018-11-30",
"location": "[parameters('deplocation')]",
"tags": "[parameters('tags')]",
"properties": {
}
},
{
"name": "[parameters('fa1Name')]",
"type": "Microsoft.Web/sites",
"apiVersion": "2019-08-01",
"kind": "functionapp",
"location": "[parameters('deplocation')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('uamiName'))]",
"[resourceId('Microsoft.Storage/storageAccounts/', parameters('saName'))]"
],
"identity": {
"type": "SystemAssigned, UserAssigned",
"userAssignedIdentities": {
"[concat('/subscriptions/', variables('subscriptionId'), '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('uamiName'))]": {
}
}
},
"properties": {
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "dotnet"
},
{
"name": "WEBSITE_TIME_ZONE",
"value": "W. Europe Standard Time"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('saName'),';AccountKey=',listKeys(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Storage/storageAccounts/',parameters('saName')),providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value,';')]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "WEBSITE_RUN_FROM_PACKAGE",
"value": "1"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('appInsightsRg'),'/providers/microsoft.insights/components/',parameters('appInsightsName')),providers('microsoft.insights', 'components').apiVersions[0]).InstrumentationKey]"
}
],
"alwaysOn": true
},
"serverFarmId": "[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('aspRg'),'/providers/Microsoft.Web/serverfarms/',parameters('aspName'))]",
"httpsOnly": true
}
},
{
"name": "[parameters('fa2Name')]",
"type": "Microsoft.Web/sites",
"apiVersion": "2019-08-01",
"kind": "functionapp",
"location": "[parameters('deplocation')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities/',parameters('uamiName'))]",
"[resourceId('Microsoft.Storage/storageAccounts/', parameters('saName'))]"
],
"identity": {
"type": "SystemAssigned, UserAssigned",
"userAssignedIdentities": {
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.ManagedIdentity/userAssignedIdentities/',parameters('uamiName'))]": {
}
}
},
"properties": {
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "dotnet"
},
{
"name": "WEBSITE_TIME_ZONE",
"value": "W. Europe Standard Time"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('saName'),';AccountKey=',listKeys(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Storage/storageAccounts/',parameters('saName')),providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value,';')]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "WEBSITE_RUN_FROM_PACKAGE",
"value": "1"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('appInsightsRg'),'/providers/microsoft.insights/components/',parameters('appInsightsName')),providers('microsoft.insights', 'components').apiVersions[0]).InstrumentationKey]"
}
],
"alwaysOn": true
},
"serverFarmId": "[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('aspRg'),'/providers/Microsoft.Web/serverfarms/',parameters('aspName'))]",
"httpsOnly": true
}
},
{
"name": "[concat(parameters('kvName'), '/add')]",
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"apiVersion": "2018-02-14",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('kvName'))]",
"[resourceId('Microsoft.Web/sites', parameters('fa1Name'))]",
"[resourceId('Microsoft.Web/sites', parameters('fa2Name'))]"
],
"properties": {
"accessPolicies": [
{
"tenantId": "[variables('tenantId')]",
"objectId": "[reference(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Web/sites/', parameters('fa1Name'), '/providers/Microsoft.ManagedIdentity/Identities/default'),providers('Microsoft.ManagedIdentity', 'Identities').apiVersions[0]).principalId]",
"permissions": {
"secrets": "[parameters('kvSecretsPermissions')]"
}
}
,
{
"tenantId": "[variables('tenantId')]",
"objectId": "[reference(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Web/sites/', parameters('fa2Name'), '/providers/Microsoft.ManagedIdentity/Identities/default'),providers('Microsoft.ManagedIdentity', 'Identities').apiVersions[0]).principalId]",
"permissions": {
"secrets": "[parameters('kvSecretsPermissions')]"
}
}
]
}
}
]
}
}
}
],
"outputs": {
// "uamiPrincipalId": {
// "value": "[reference(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('uamiName')), providers('Microsoft.ManagedIdentity', 'userAssignedIdentities').apiVersions[0]).principalId]",
// "type": "string"
// }
}
}
Powershell code to deploy the template.
#region variableDeclaration
$ErrorActionPreference = "Stop"
$subscriptionId = "subscription id here"
$location = "West Europe"
#endregion variableDeclaration
Set-location -path $PSScriptRoot
#region connectToSubscription
Connect-AzAccount -ErrorAction Stop
Set-AzContext -Subscription $subscriptionId
#endregion connectToSubscription
#region createAzureResources
$workloadInputResources = #{
depLocation = $location
tags = #{
dienst = "-"
kostenplaats = "-"
omgeving = "-"
contactpersoon = "-"
eigenaar = "-"
referentie = "-"
omschrijving = "-"
}
rgName = "resources-dev-rg"
saName = "resourcesdevsa"
saType = "Standard_LRS"
saKind = "StorageV2"
saAccessTier = "Hot"
saSupportsHttpsTrafficOnly = $true
kvName = "resourcesdevkv"
kvSkuName = "Standard"
kvSkuFamily = "A"
kvSecretsPermissions = #("get", "list" )
uamiName = "resources-dev-uami"
fa1Name = "resources-dev-fa1"
fa2Name = "resources-dev-fa2"
aspName = "resources-dev-asp"
aspRg = "resources-asp-dev-rg"
appInsightsName = "resources-dev-appins"
appInsightsRg = "resources-appins-dev-rg"
}
New-AzDeployment -Name "deployResources" -Location $location -TemplateFile .\deploy.json #workloadInputResources
#endregion createAzureResources
Problems:
When deploying the arm template as-is I get the following error:
Resource Microsoft.Storage/storageAccounts 'resourcesdevsa' failed with message '{
"error": {
"code": "ResourceGroupNotFound",
"message": "Resource group 'resources-dev-rg' could not be found."
}
}'
But the creation of the resource group is successful.
When rerunning the script I get the following error:
Resource Microsoft.Storage/storageAccounts 'resourcesdevsa' failed with message '{
"error": {
"code": "ResourceNotFound",
"message": "The Resource 'Microsoft.Storage/storageAccounts/saName' under resource group 'resources-dev-rg' was not found."
}
}'
The second problem disappears when I comment out the deployment fa1, fa2 and the access policy
I was under the impression that using dependsOn solves the dependency issues but apparently I'm either wrong, using it incorrectly or missing a dependsOn somewhere.
Have been staring at this problem for hours now and I can't seem to find the problem.
Any help is appreciated.
Small update because parts of it are solved. Still a couple of issues though.
I have rewritten the ARM Template file as shown below
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"deplocation": {
"type": "string",
"allowedValues": [
"West Europe",
"North Europe"
],
"defaultValue": "West Europe",
"metadata": {
"description": "Location for all resources."
}
},
"tags": {
"type": "object"
},
"rgName": {
"type": "string"
},
"saName": {
"type": "string",
"metadata": {
"description": "The name of the resource."
}
},
"saType": {
"type": "string",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS",
"Premium_LRS"
],
"defaultValue": "Standard_LRS",
"metadata": {
"description": "Gets or sets the SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType. - Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_LRS, Premium_ZRS, Standard_GZRS, Standard_RAGZRS"
}
},
"saKind": {
"type": "string",
"allowedValues": [
"StorageV2",
"BlobStorage",
"FileStorage",
"BlockBlobStorage"
],
"defaultValue": "StorageV2",
"metadata": {
"description": "Indicates the type of storage account. - Storage, StorageV2, BlobStorage, FileStorage, BlockBlobStorage"
}
},
"saAccessTier": {
"type": "string"
},
"saSupportsHttpsTrafficOnly": {
"type": "bool"
},
"kvName": {
"type": "string"
},
"kvSkuName": {
"type": "string"
},
"kvSkuFamily": {
"type": "string"
},
"kvSecretsPermissions": {
"type": "array"
},
"uamiName": {
"type": "string"
},
"fa1Name": {
"type": "string"
},
"fa2Name": {
"type": "string"
},
"aspName": {
"type": "string"
},
"aspRg": {
"type": "string"
},
"appInsightsName": {
"type": "string"
},
"appInsightsRg": {
"type": "string"
}
},
"variables": {
"tenantId": "[subscription().tenantId]",
"subscriptionId": "[subscription().subscriptionId]"
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('depLocation')]",
"name": "[parameters('rgName')]",
"tags": "[parameters('tags')]",
"properties": {
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "resourceDeployment",
"resourceGroup": "[parameters('rgName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "DeletionLock",
"type": "Microsoft.Authorization/locks",
"apiVersion": "2017-04-01",
"properties": {
"level": "CanNotDelete",
"notes": "[parameters('rgName')]"
}
},
{
"name": "[parameters('saName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-04-01",
"sku": {
"name": "[parameters('saType')]"
},
"kind": "[parameters('saKind')]",
"location": "[parameters('deplocation')]",
"tags": "[parameters('tags')]",
"properties": {
"accessTier": "[parameters('saAccessTier')]",
"supportsHttpsTrafficOnly": "[parameters('saSupportsHttpsTrafficOnly')]"
},
"resources": [
]
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2019-04-01",
"name": "[concat(parameters('saName'), '/default')]",
"dependsOn": [
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Storage/storageAccounts/',parameters('saName'))]"
],
"properties": {
"cors": {
"corsRules": [
]
},
"deleteRetentionPolicy": {
"enabled": false
}
}
},
{
"name": "[parameters('uamiName')]",
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"apiVersion": "2018-11-30",
"location": "[parameters('deplocation')]",
"tags": "[parameters('tags')]",
"properties": {
}
},
{
"name": "[parameters('fa1Name')]",
"type": "Microsoft.Web/sites",
"apiVersion": "2019-08-01",
"kind": "functionapp",
"location": "[parameters('deplocation')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.ManagedIdentity/userAssignedIdentities/',parameters('uamiName'))]",
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Storage/storageAccounts/',parameters('saName'))]"
],
"identity": {
"type": "SystemAssigned, UserAssigned",
"userAssignedIdentities": {
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.ManagedIdentity/userAssignedIdentities/',parameters('uamiName'))]": {
}
}
},
"properties": {
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "dotnet"
},
{
"name": "WEBSITE_TIME_ZONE",
"value": "W. Europe Standard Time"
},
// {
// "name": "AzureWebJobsStorage",
// "value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('saName'),';AccountKey=',listKeys(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Storage/storageAccounts/',parameters('saName')),providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value,';')]"
// },
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "WEBSITE_RUN_FROM_PACKAGE",
"value": "0"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('appInsightsRg'),'/providers/microsoft.insights/components/',parameters('appInsightsName')),providers('microsoft.insights', 'components').apiVersions[0]).InstrumentationKey]"
}
],
"alwaysOn": true
},
"serverFarmId": "[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('aspRg'),'/providers/Microsoft.Web/serverfarms/',parameters('aspName'))]",
"httpsOnly": true
}
},
{
"name": "[parameters('fa2Name')]",
"type": "Microsoft.Web/sites",
"apiVersion": "2019-08-01",
"kind": "functionapp",
"location": "[parameters('deplocation')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.ManagedIdentity/userAssignedIdentities/',parameters('uamiName'))]",
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Storage/storageAccounts/',parameters('saName'))]"
],
"identity": {
"type": "SystemAssigned, UserAssigned",
"userAssignedIdentities": {
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.ManagedIdentity/userAssignedIdentities/',parameters('uamiName'))]": {
}
}
},
"properties": {
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "dotnet"
},
{
"name": "WEBSITE_TIME_ZONE",
"value": "W. Europe Standard Time"
},
// {
// "name": "AzureWebJobsStorage",
// "value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('saName'),';AccountKey=',listKeys(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Storage/storageAccounts/',parameters('saName')),providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value,';')]"
// },
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "WEBSITE_RUN_FROM_PACKAGE",
"value": "0"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('appInsightsRg'),'/providers/microsoft.insights/components/',parameters('appInsightsName')),providers('microsoft.insights', 'components').apiVersions[0]).InstrumentationKey]"
}
],
"alwaysOn": true
},
"serverFarmId": "[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('aspRg'),'/providers/Microsoft.Web/serverfarms/',parameters('aspName'))]",
"httpsOnly": true
}
},
{
"name": "[parameters('kvName')]",
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2018-02-14",
"location": "[parameters('deplocation')]",
"tags": "[parameters('tags')]",
"dependsOn": [
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Web/sites/',parameters('fa1Name'))]",
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Web/sites/',parameters('fa2Name'))]"
],
"properties": {
"tenantId": "[variables('tenantId')]",
"accessPolicies": [
// {
// "tenantId": "[variables('tenantId')]",
// "objectId": "[reference(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Web/sites/', parameters('fa1Name'), '/providers/Microsoft.ManagedIdentity/Identities/default'),providers('Microsoft.ManagedIdentity', 'Identities').apiVersions[0]).principalId]",
// "permissions": {
// "secrets": "[parameters('kvSecretsPermissions')]"
// }
// },
// {
// "tenantId": "[variables('tenantId')]",
// "objectId": "[reference(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Web/sites/', parameters('fa2Name'), '/providers/Microsoft.ManagedIdentity/Identities/default'),providers('Microsoft.ManagedIdentity', 'Identities').apiVersions[0]).principalId]",
// "permissions": {
// "secrets": "[parameters('kvSecretsPermissions')]"
// }
// }
],
"sku": {
"name": "[parameters('kvSkuName')]",
"family": "[parameters('kvSkuFamily')]"
}
}
}
]
}
}
}
],
"outputs": {
// "uamiPrincipalId": {
// "value": "[reference(concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('uamiName')), providers('Microsoft.ManagedIdentity', 'userAssignedIdentities').apiVersions[0]).principalId]",
// "type": "string"
// }
}
}
This work flawlessly very time, but as you can see I have 3 sections commented out. This is the problem area now. They are all dependsOn issues. When I uncomment the AzureWebJobsStorage part in the function app deployments the deployment fails with this message:
12:00:18 - Resource Microsoft.Storage/storageAccounts 'resourcesdevsa' failed with message '{
"error": {
"code": "ResourceGroupNotFound",
"message": "Resource group 'resources-dev-rg' could not be found."
}
}'
I have added the StorageAccount to the dependsOn section
"dependsOn": [
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.ManagedIdentity/userAssignedIdentities/',parameters('uamiName'))]",
"[concat('/subscriptions/',variables('subscriptionId'),'/resourceGroups/',parameters('rgName'),'/providers/Microsoft.Storage/storageAccounts/',parameters('saName'))]"
],
But that doesn't seem to do the trick.
Any ideas?
Update 28/11/2019
Oke. I'm getting slightly frustrated. I now have a fully functional resourcegroup level deployment. I'm creating the resourcegroup and resourcegroup deletionlock in powershell and after that a New-AzResourceGroupDeployment. When I try to rewrite this into a subscription level deployment I keep getting dependency issues. For instance; creating the KeyVault Access Policies results in an error that the function app couldn't be found. And a similar error for setting the AzureWebJobsStorage setting for the function app. But than offcourse a reference to the storageaccount.
Currently I am working on to deploy the Azure SQL Database into exisiting virtual network using Azure ARM templates.
azuredeploy.json
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sqlServerName": {
"type": "string",
"metadata": {
"description": "The SQL Servername."
}
},
"databaseName": {
"type": "string",
"metadata": {
"description": "The SQL Database."
}
},
"collation": {
"type": "string",
"metadata": {
"description": "The Collation of SQL Database and SQL Server."
}
},
"edition": {
"type": "string",
"metadata": {
"description": "The edition of SQL Database."
}
},
"maxSizeBytes": {
"type": "string",
"metadata": {
"description": "The maxsize of SQL Database."
}
},
"sqlAdministratorLogin": {
"type": "string",
"metadata": {
"description": "The administrator username of the SQL Server."
}
},
"sqlAdministratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The administrator password of the SQL Server."
}
},
"transparentDataEncryption": {
"type": "string",
"allowedValues": [
"Enabled",
"Disabled"
],
"defaultValue": "Enabled",
"metadata": {
"description": "Enable or disable Transparent Data Encryption (TDE) for the database."
}
},
"zoneRedundant": {
"type": "bool",
"defaultValue": false
},
"startIpAddress": {
"type": "string",
"metadata": {
"description": "The start IpAddress"
}
},
"endIpAddress": {
"type": "string",
"metadata": {
"description": "The end IpAddress."
}
},
"sampleName": {
"type": "string",
"metadata": {
"description": "The sampleName."
}
},
"existingVnetName": {
"type": "string",
"metadata": {
"description": "The name of the existing virtual netwok."
}
},
"vnetRuleName": {
"type": "string",
"metadata": {
"description": "The name of the virtual netwrok rule."
}
},
"existingVirtualNetworkResourceGroup": {
"type": "string",
"metadata": {
"description": "The name of the exisitng VNET resource group."
}
},
"subscriptionID": {
"type": "string",
"metadata": {
"description": "The ID of the exisitng azure subscription."
}
}
},
"variables": {
"sqlServerName": "[parameters('sqlServerName')]",
"databaseName": "[parameters('databaseName')]",
"databaseEdition": "[parameters('edition')]",
"databaseCollation": "[parameters('collation')]",
"databaseServiceObjectiveName": "Basic",
"vnetID": "[concat('/subscriptions/', parameters('subscriptionID'), '/resourceGroups/',parameters('existingVirtualNetworkResourceGroup'),'/','Microsoft.Network/virtualNetworks', parameters('existingVnetName'))]",
//"vnetID": "[resourceId(parameters('resourceGroupName'), 'Microsoft.Network/virtualNetworks', parameters('existingVnetName'))]"
},
"resources": [
{
"name": "[variables('sqlServerName')]",
"type": "Microsoft.Sql/servers",
"apiVersion": "2014-04-01-preview",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "SqlServer"
},
"properties": {
"administratorLogin": "[parameters('sqlAdministratorLogin')]",
"administratorLoginPassword": "[parameters('sqlAdministratorLoginPassword')]",
"version": "12.0"
},
"resources": [
{
"name": "[variables('databaseName')]",
"type": "databases",
"apiVersion": "2015-01-01",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "Database"
},
"properties": {
"edition": "[variables('databaseEdition')]",
"collation": "[variables('databaseCollation')]",
"requestedServiceObjectiveName": "[variables('databaseServiceObjectiveName')]",
"maxSizeBytes": "[parameters('maxSizeBytes')]",
"sampleName": "[parameters('sampleName')]",
"zoneRedundant": "[parameters('zoneRedundant')]"
},
"dependsOn": [
"[variables('sqlServerName')]"
],
"resources": [
{
"comments": "Transparent Data Encryption",
"name": "current",
"type": "transparentDataEncryption",
"apiVersion": "2014-04-01-preview",
"properties": {
"status": "[parameters('transparentDataEncryption')]"
},
"dependsOn": [
"[variables('databaseName')]"
]
}
]
},
{
"name": "AllowAllMicrosoftAzureIps",
"type": "firewallrules",
"apiVersion": "2014-04-01",
"location": "[resourceGroup().location]",
"properties": {
"startIpAddress": "[parameters('startIpAddress')]",
"endIpAddress": "[parameters('endIpAddress')]"
},
"dependsOn": [
"[variables('sqlServerName')]"
]
},
{
"comments": "Adding existing VNET to the SQL Server",
"type": "Microsoft.Sql/servers/virtualNetworkRules",
"name": "[concat(parameters('sqlServerName'), '/', parameters('vnetRuleName'))]",
"apiVersion": "2015-05-01-preview",
"scale": null,
"properties": {
"virtualNetworkSubnetId": "[variables('vnetID')]"
},
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('sqlServerName'))]"
]
}
]
}
],
"outputs": {
"sqlServerFqdn": {
"type": "string",
"value": "[reference(concat('Microsoft.Sql/servers/', variables('sqlServerName'))).fullyQualifiedDomainName]"
},
"databaseName": {
"type": "string",
"value": "[variables('databaseName')]"
}
}
}
Before I added this Microsoft.Sql/servers/virtualNetworkRules section into azuredeploy.json file at that time I am able to create the new SQL database into azure.
{
"comments": "Adding existing VNET to the SQL Server",
"type": "Microsoft.Sql/servers/virtualNetworkRules",
"name": "[concat(parameters('sqlServerName'), '/', parameters('vnetRuleName'))]",
"apiVersion": "2015-05-01-preview",
"scale": null,
"properties": {
"virtualNetworkSubnetId": "[variables('vnetID')]"
},
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('sqlServerName'))]"
]
}
But whenever I added this Microsoft.Sql/servers/virtualNetworkRules section into azuredeploy.json file at that time I am not able to create database into existing virtual network and also it doesn’t give any response.
Can anyone please tell me where I did the mistake in the above azuredeploy.json file?
Finally I resolved the above issue by replacing this section of code with Microsoft.Sql/servers/virtualNetworkRules the below lines of code:
{
"comments": "Adding existing VNET to the SQL Server",
"type": "Microsoft.Sql/servers/virtualNetworkRules",
"name": "[concat(parameters('sqlServerName'), '/', parameters('vnetRuleName'))]",
"apiVersion": "2015-05-01-preview",
"scale": null,
"properties": {
"virtualNetworkSubnetId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('existingVnetName'), parameters('subnets_default_name'))]",
"ignoreMissingVnetServiceEndpoint": "[parameters('ignoreMissingVnetServiceEndpoint')]"
},
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('sqlServerName'))]"
]
}
I've been using the Azure Classic portal for a while and I'm able to create VMs from my custom images w/o a problem.
Now I'm trying to use the new portal, when I go to create a new VM I don't see the option to use my images. How do I create a VM from one of my images?
Here is how to do it...
Assuming your Resource group is created and my infra config are follows-
custom template uri path- https://myvmstore.blob.core.windows.net/vhds/CustomVHD.vhd
RG Name - myVMsRG
VNet Name - myVNET
VmName = mytestvm
userImageStorageAccountName = myvmstore
adminUsername = adminuser
adminPassword = PassWord123#
osDiskVhdUri = https://myvmstore.blob.core.windows.net/vhds/CustomVHD.vhd
dnsLabelPrefix = mytestvm
osType = Windows
vmSize = Standard_D2
newOrExistingVnet = existing
newOrExistingVnetName = myVNET
newOrExistingSubnetName = mySubnet
First you need json template. I have configured for myself in this format. You can copy the same code and save with name deployvm.json in your D drive. Note: If your VNET name is different from myVNET please hard code the same in the template at the same position.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"customVmName": {
"type": "string",
"metadata": {
"description": "This is the name of the your VM"
}
},
"userImageStorageAccountName": {
"type": "string",
"metadata": {
"description": "This is the name of the your storage account"
}
},
"osDiskVhdUri": {
"type": "string",
"metadata": {
"description": "Uri of the your user image"
}
},
"dnsLabelPrefix": {
"type": "string",
"metadata": {
"description": "DNS Label for the Public IP. Must be lowercase. It should match with the following regular expression: ^[a-z][a-z0-9-]{1,61}[a-z0-9]$ or it will raise an error."
}
},
"adminUserName": {
"type": "string",
"metadata": {
"description": "User Name for the Virtual Machine"
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the Virtual Machine"
}
},
"osType": {
"type": "string",
"allowedValues": [
"Windows",
"Linux"
],
"metadata": {
"description": "This is the OS that your VM will be running"
}
},
"vmSize": {
"type": "string",
"metadata": {
"description": "This is the size of your VM"
}
},
"newOrExistingVnet": {
"allowedValues": [ "new", "existing" ],
"type": "string",
"metadata": {
"description": "Select if this template needs a new VNet or will reference an existing VNet"
}
},
"newOrExistingVnetName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "New or Existing VNet Name"
}
},
"newOrExistingSubnetName": {
"type": "string",
"defaultValue": "Subnet1",
"metadata": {
"description": "Subnet Name"
}
}
},
"variables": {
"publicIPAddressName": "[parameters('customVmName')]",
"vmName": "[parameters('customVmName')]",
"nicName": "[parameters('customVmName')]",
"publicIPAddressType": "Dynamic",
"apiVersion": "2015-06-15",
"vnetID": "[resourceId('myVNET', 'Microsoft.Network/virtualNetworks', parameters('newOrExistingVnetName'))]",
"subnetRef": "[concat(variables('vnetID'),'/subnets/', parameters('newOrExistingSubnetName'))]",
},
"resources": [
{
"apiVersion": "[variables('apiVersion')]",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[resourceGroup().location]",
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsLabelPrefix')]"
}
}
},
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
]
}
},
{
"apiVersion": "[variables('apiVersion')]",
"type": "Microsoft.Compute/virtualMachines",
"name": "[variables('vmName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/networkInterfaces/', variables('nicName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"osDisk": {
"name": "[concat(variables('vmName'),'-osDisk')]",
"osType": "[parameters('osType')]",
"caching": "ReadWrite",
"createOption": "FromImage",
"image": {
"uri": "[parameters('osDiskVhdUri')]"
},
"vhd": {
"uri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', parameters('userImageStorageAccountName')), variables('apiVersion')).primaryEndpoints.blob, 'vhds/',variables('vmName'), uniquestring(resourceGroup().id), 'osDisk.vhd')]"
}
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": "true",
"storageUri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', parameters('userImageStorageAccountName')), variables('apiVersion')).primaryEndpoints.blob)]"
}
}
}
}
]
}
Now use below powershell code to create your VM-
$paramList =
#{
"Params1" = #{ customVmName = "mytestvm" ; userImageStorageAccountName = "myvmstore" ; adminUsername = "adminuser" ; adminPassword = "PassWord123#" ; osDiskVhdUri = "https://myvmstore.blob.core.windows.net/vhds/CustomVHD.vhd" ; dnsLabelPrefix = "mytestvm" ; osType ="Windows" ; vmSize = "Standard_D2" ; newOrExistingVnet = "existing" ; newOrExistingVnetName = "myVPN" ; newOrExistingSubnetName = "mySubnet"}
}
foreach ($keys in $paramList.Keys)
{
$paramvalues = $paramList.$keys
New-AzureRmResourceGroupDeployment -ResourceGroupName "myVMsRG" -TemplateFile "D:\deployvm.json" -TemplateParameterObject $paramValues
}
Reference- https://github.com/Azure/azure-quickstart-templates/tree/master/101-vm-from-user-image
You could use Powershell for that or an ARM Template. There is really too much code to paste here, but even if the links I post will change, its easily searchable.
Copy your Custom Images from Azure Classic portal to new Portal ( Here everything is stored under a Resource Group) Storage Account.
Now you will be able to Create new VM using your Custom images through Azure CLI or PowerShell or ARM Template.