Is there a powershell command to add ipRules to CosmosDB in azure? - azure

I'm trying to add an ip to the network rules of CosmosDb (firewall) in azure, using powershell.
A lot of other resources seem to have a command available to do this (eg. keyvault Add-AzKeyVaultNetworkRule -VaultName myvault -IpAddressRange "10.0.1.0/24"), but I can't find any for CosmosDb. Does anyone know if it actually exist? Thanks!


Yes, Update-AzCosmosDBAccount
$resourceGroupName = "myResourceGroup"
$accountName = "my-cosmos-account"
$ipFilter = #("10.0.0.0/8", "11.0.1.0/24")
$allowAzureAccess = $true
if ($true -eq $allowAzureAccess) {
$ipFilter += "0.0.0.0"
}
Update-AzCosmosDBAccount -ResourceGroupName $resourceGroupName `
-Name $accountName -IpRangeFilter $ipFilter

Related

New automation variable by cli or ansible

After create a runbook and edit content, I want to create variable and set value for them. How can I do it by ansible or azure cli ?
Please help me

Azure Automation stores each encrypted variable securely. When you create a variable, you can specify its encryption and storage by Azure Automation as a secure asset.
You must set the value with the Set-AzAutomationVariable cmdlet or the internal Set-AutomationVariable cmdlet. You use the Set-AutomationVariable in your runbooks that are intended to run in the Azure sandbox environment, or on a Windows Hybrid Runbook Worker.
You can create variables and set value for them using PowerShell script.
$rgName = "ResourceGroup01"
$accountName = "MyAutomationAccount"
$vm = Get-AzVM -ResourceGroupName "ResourceGroup01" -Name "VM01" | Select Name, Location,Extensions
New-AzAutomationVariable -ResourceGroupName "ResourceGroup01" -AutomationAccountName "MyAutomationAccount" -Name "MyComplexVariable" -Encrypted $false -Value $vm
$vmValue = Get-AzAutomationVariable -ResourceGroupName "ResourceGroup01" -AutomationAccountName "MyAutomationAccount" -Name "MyComplexVariable"
$vmName = $vmValue.Value.Name
$vmTags = $vmValue.Value.Tags
Reference: Manage variables in Azure Automation | Microsoft Docs

Get Cosmodb container throughput with powershell Get-AzCosmosDBSqlContainerthroughput

It doesn't give the correct Provisioned throughput value which is of 500 but shows as "0"
PS C:\windows\system32> Get-AzCosmosDBSqlContainerThroughput -ResourceGroupName $resourceGroupName -AccountName $accountName -DatabaseName $databaseName -Name $containerName | select throughput
Throughput
----------
0
Full output:
PS C:\windows\system32> $container = Get-AzCosmosDBSqlContainerthroughput `
-ResourceGroupName $resourceGroupName `
-AccountName $accountName -DatabaseName $databaseName `
-Name $containerName
PS C:\windows\system32> $container
Name : ECvc
Id : /subscriptions/dxxxxx/resourceGroups/RG-01/providers/Microsoft.DocumentDB/databaseAccounts/xxxxx
01/sqlDatabases/xxxx/containers/cosmosscaleupordowntest/throughputSettings/default
Throughput : 0
MinimumThroughput :
OfferReplacePending :
Reference:
https://learn.microsoft.com/en-us/powershell/module/az.cosmosdb/get-azcosmosdbsqlcontainerthroughput?view=azps-3.7.0

Your script is correct and I am unable to repro this cmdlet returning zero. This is also not a scenario with shared database throughput as this cmdlet is designed to throw an exception if throughput is not set on a resource. My only suggestion is to try the latest version of this module, Az.CosmosDB 0.1.3. We just updated it 5 days ago. It may have a bug fix.
If this issue persists for you, please file an issue on the PowerShell Issues List. This will get routed to the engineers working on these cmdlets.
Thanks.

I didn't use (az) Powershell script but I'm able to read and update Cosmos DB RU using powershell.
$databasePrimaryKey = "************"
$cosmosDbAccountName = "************"
$databaseName = "************"
$primaryKey = ConvertTo-SecureString -String $databasePrimaryKey -AsPlainText –Force
Get the list of all container and configure RU (Collection name will not display)
Get-CosmosDbOffer -Context $cosmosDbContext
Update desire RU
Get-CosmosDbOffer -Context $cosmosDbContext -Id $collectionId |
Set-CosmosDbOffer -Context $cosmosDbContext -OfferThroughput 400 -
OfferIsRUPerMinuteThroughputEnabled $true
Hope it will help

How to add Azure Scaleset to Log Analytics

How do I add Azure Scale Set to Log analytics. From log analytics I am able to see the VM but unlike VMs the connect button is not enabled. What do I need to do. to enable this connection.

There is a MSDN post regarding this issue:
https://blogs.msdn.microsoft.com/timomta/2018/04/09/how-to-add-the-oms-client-to-a-vm-scale-set/
As mentioned in the post, we explain how to do this for VMs but not for VMSS. You can accomplish this via PowerShell and the linked blog above describes how to achieve it.
I will add the script below for users who don't want to follow the link
select-azurermsubscription -subscriptionid ‘your subscription id’
$PublicSettings = #{"workspaceId" = "your oms workspace id"}
$ProtectedSettings = #{"workspaceKey" = "your big base64 oms key"}
# Get information about the scale set
$vmss = Get-AzureRmVmss -ResourceGroupName 'VMSSRESOURCEGROUP' `
-VMScaleSetName 'VMSSNAME'
Add-AzureRmVmssExtension `
-VirtualMachineScaleSet $vmss `
-Name "Microsoft.EnterpriseCloud.Monitoring" `
-Publisher "Microsoft.EnterpriseCloud.Monitoring" `
-Type "MicrosoftMonitoringAgent" `
-TypeHandlerVersion 1.0 `
-AutoUpgradeMinorVersion $true `
-Setting $PublicSettings `
-ProtectedSetting $ProtectedSettings
# Update the scale set and apply the Custom Script Extension to the VM instances
Update-AzureRmVmss `
-ResourceGroupName $vmss.ResourceGroupName `
-Name $vmss.Name `
-VirtualMachineScaleSet $vmss
# Only needed for manual update VMSS – warning tells them all to update, so modify to suit
$jobs=#()
Get-AzureRmVmssVM -ResourceGroupName $vmss.ResourceGroupName -VMScaleSetName $vmss.Name | foreach {
$jobs+=Update-AzureRmVmssInstance -ResourceGroupName $vmss.ResourceGroupName -Name $vmss.Name -InstanceId $_.InstanceId -AsJob
}
$jobs | Wait-Job
$jobs | Receive-Job
Kudos to the author https://social.msdn.microsoft.com/profile/Tim+Omta

How do I change 'always-on' for an Azure Function App using Powershell?

I'm using a 'Basic' plan. I want to create a script which can switch 'always-on' to false, then change the service plan to the free tier. When I need the function again I can reverse the settings. Why am I doing this? So I can ensure the App service plan keeps the same outbound IP addresses. I don't want to be paying for a Basic plan all the time so a simple script to do this is required.
I am using the latest 'AZ' modules.
$site = Get-AzWebApp -ResourceGroupName $ResourceGroupName -Name $SiteName
$site.SiteConfig.AlwaysOn = $false
Set-AzWebApp -ResourceGroupName $ResourceGroupName -Name $SiteName ???
Thanks

Setting App Service Plan
Set-AzAppServicePlan -ResourceGroupName "myrgname" -Name "my app service plan name" -Tier Basic -WorkerSize Small
For Free, you can change the Tier name to Free
Setting Always On
Connect-AzAccount
$webApp = Get-AzResource -ResourceType 'microsoft.web/sites' -ResourceGroupName 'myrgname' -ResourceName 'my function app name'
$webApp | Set-AzResource -PropertyObject #{"siteConfig" = #{"AlwaysOn" = $false}}
Here are two other similar SO posts.. difference is they don't tackle App Service Plan tier changes or make use of the latest Az modules Post1 and Post2

You can simply pipe the modified application to Set-AzWebApp.
$app = Get-AzWebApp -ResourceGroupName $ResourceGroupName -Name $ApplicationName
$app.SiteConfig.AlwaysOn = $false
$app | Set-AzWebApp

How do I clone an Azure Managed Disk into a different subscription?

Using Azure VMs and managed disks (using the ARM deployment model), I have recently run into the following problem I would like to solve: In order to get production data out from a managed disk for testing purposes, I would like to clone a production data disk from the "Production Subscription" into a managed disk in the "Development Subscription", where I can play around with the data in a safe way.
We are talking quite a lot of data (200 GB+), so that an actual "copying" process would take far too much time. I want to be able to automate things and provision new environments in - let's say, under half an hour.
Cloning a managed disk within a subscription (given it's in the same region) is very simple and fast, I just have to specify a --source to the az disk create command. This does not work across subscriptions obviously, at least because the logged in user/service principal for the development subscription does not have access to the production subscription resources.
What I have tried so far:
Using az disk grant-access to retrieve an SAS URI for the managed disk; this thing is not accepted as a --source for az disk create though (it says VHD SAS links would work though...)
Any ideas?

I did this:
$RG = "youresourcegroup"
$Location = "West US 2"
$StorageAccName = "yourstorage"
$SkuName = "Standard_LRS"
$Containername = "images"
$Destdiskname = “yorblob.vhd”
$SourceSASurl = "https://yoursaasurl"
Login-AzureRmAccount
New-AzureRmResourceGroup -Name $RG -Location $Location
New-AzureRmStorageAccount -ResourceGroupName $RG -Name $StorageAccName -SkuName $SkuName -kind Storage -Location $Location
$Storageacccountkey = Get-AzureRmStorageAccountKey -ResourceGroupName $RG -Name $StorageAccName
$Storagectx = New-AzureStorageContext -StorageAccountName $StorageAccName -StorageAccountKey $Storageacccountkey[0].Value
$Targetcontainer = New-AzureStorageContainer -Name $Containername -Context $storagectx -Permission Blob
$sourceSASurl = $mdiskURL.AccessSAS
$ops = Start-AzureStorageBlobCopy -AbsoluteUri $SourceSASurl -DestBlob $Destdiskname -DestContainer $Containername -DestContext $Storagectx
Get-AzureStorageBlobCopyState -Container $Containername -Blob $Destdiskname -Context $Storagectx -WaitForComplete
After this you will have a copy of managed disk in your subscription stored as a regular blob.
Be careful, you should obtain SAS URL from Production subscription, but in the script you should login to a Development subscription.
Next you can go to the Azure Portal and convert the blob to managed disk.
Go to Azure portal --> More Services --> Disks or directly browse this URL https://portal.azure.com/#create/Microsoft.ManagedDisk-ARM
Click +Add
Select source as storage blob
Select your vhd using source blob field.

Here's the script I wrote to migrate all managed disks for each VM from one subscription to another. I hope this helps you.
# This script will get ALL VMs in a subscription and then migrate the disks
if the VM has managed disks
# Created by Joey Brakefield -- #kfprugger & https://www.linkedin.com/in/joeybrakefield/
#set global variables
$sourceSubscriptionId='6a1b5e5e-df06-4608-a7a2-6984f7abacd8'
select-azurermsubscription -subscriptionid $sourceSubscriptionId
$vms = get-azurermvm
$targetSubscriptionId='929e0340-bf36-45a2-8347-47f86b4715de'
#looping logic for each of the VMs that have managed disks
foreach ($vm in $vms) {
select-azurermsubscription -subscriptionid $sourceSubscriptionId
$vmrg = get-azurermresourcegroup -name $vm.ResourceGroupName
$vmname = $vm.name
Write-Host = "Working with: " $vmname " in " $vmrg -foregroundcolor Green
Write-Host ""
#This command will only target managed disks because unmanaged use the storage account locations rather than the /disks provider URIs
if (Get-AzureRmDisk | ? {$_.OwnerId -like "/subscriptions/"+$sourceSubscriptionId +"/resourceGroups/"+$vmrg.resourcegroupname+"/providers/Microsoft.Compute/virtualMachines/"+$vm.name})
{
#Sanity Check
#Read-host "Look correct? If not, CTRL-C to Break"
$manageddisk = Get-AzureRmDisk | ? {$_.OwnerId -like "/subscriptions/"+$sourceSubscriptionId +"/resourceGroups/"+$vmrg.resourcegroupname+"/providers/Microsoft.Compute/virtualMachines/"+$vm.name}
Select-AzureRmSubscription -SubscriptionId $targetSubscriptionId
#check to see if RG exists in the new CSP/Subscription
Get-AzureRmResourceGroup -Name $vmrg.resourcegroupname -ev notPresent -ea 0
write-host "Checking to see if"$vmrg.resourcegroupname"exists in subscriptionid"$targetSubscriptionId -foregroundcolor Cyan
Write-Host ""
if ($notPresent)
{
new-azurermresourcegroup -name $vmrg.resourcegroupname -location $vmrg.location
"Resource Group " + $vmrg.resourcegroupname + " has been created"
} else {"Resource Group " + $vmrg.resourcegroupname + " already exists"}
# Move the disks after all checks are done
foreach ($disk in $managedDisk){
$managedDiskName = $disk.Name
$targetResourceGroupName = $vmrg.resourcegroupname
$diskConfig = New-AzureRmDiskConfig -SourceResourceId $disk.Id -Location $disk.Location -CreateOption Copy
New-AzureRmDisk -Disk $diskConfig -DiskName $Disk.Name -ResourceGroupName $targetResourceGroupName}
}
}

You can use the following commands in Azure CLI -
# Source storage account name
STORAGE1=sourcestorage
#Security key of the source storage account
STORAGEKEY1= SampleKey0qNzttE/EX3hHfcFIzkQQmqXklRU2Z2uANICw==
#Container containing the source VHD
CONTAINER1=sourcevhds
# Name of VHD to be copied (name only, not full url)
DISK=DiskToBeCopied.vhd
#Specify the above properties for target
STORAGE2=targetstorage
STORAGEKEY2= SampleKeyAb6FYP3EqFVEcN2cc5wO QHzXvdc7Gzh1qRt0FXKq6w==
CONTAINER2= targetvhds
After setting the above parameters, execute the following command in Azure CLI -
azure storage blob copy start --account-name $STORAGE1 --account-key $STORAGEKEY1 --source-container $CONTAINER1 --source-blob $Disk --dest-account-name $STORAGE2 --dest-account-key $STORAGEKEY2 --dest-container $CONTAINER2

Resources