i am working on azure to monitor appservices and while a Continous deployments i am trying to build an automation task to disable/enable alert during deployments
For disabling alerts it is working
Get-AzMetricAlertRuleV2 -ResourceGroupName "<resource group name>" -Name "<alert name>" | Add-AzMetricAlertRuleV2 -DisableRule
For enabling the alerts after the deployments
Get-AzMetricAlertRuleV2 -ResourceGroupName "<resource group name>" -Name "<alert name>" | Add-AzMetricAlertRuleV2 -TargetResourceRegion "westeurope"
I get the following error:
Add-AzMetricAlertRuleV2: Exception type: ErrorResponseException, Message: Alert update failed. Updating from StaticThresholdCriteria and odata.type SingleResourceMultipleMetricCriteria to StaticThresholdCriteria and odata.type MultipleResourceMultipleMetricCriteria is not supported. Activity ID: ec818831-0516-44a7-92ff-cbddaa82b634., Code: BadRequest, Status code:BadRequest, Reason phrase: BadRequest
You should not change the region by passing -TargetResourceRegion param while enabling. Add-AzMetricAlertRuleV2 is trying add a new rule thinking that it's a new rule and failing because of the shown error message (Updating from StaticThresholdCriteria and odata.type SingleResourceMultipleMetricCriteria to StaticThresholdCriteria and odata.type MultipleResourceMultipleMetricCriteria is not supported). So just enable by without passing any other params like below.
Get-AzMetricAlertRuleV2 -ResourceGroupName "<resource group name>" -Name "<alert name>" | Add-AzMetricAlertRuleV2
Related
I created a Service principal in azure and assigned my service principal to the custom role which I have created with set of permission in that particular subscription.
With the service principal, I am able to create a key vault, Storage account, and function app and so on.
But when I execute this particular command
Set-AzDiagnosticSetting -Name $diagnosticLogsSettingsName -ResourceId $resource.ResourceId -StorageAccountId $diagnosticLogStorageAccount.Id -Enabled $true -Category $Categories -MetricCategory AllMetrics -RetentionEnabled $true -RetentionInDays 90
I am getting the following error
Set-AzDiagnosticSetting : Exception type: ErrorResponseException, Message: Null/Empty, Code: Null, Status
03:24:52 Error message: Set-AzDiagnosticSetting : Exception type: ErrorResponseException, Message: Null/Empty, Code: Null, Status
03:24:52 code:Forbidden, Reason phrase: Forbidden
Not sure why I am getting forbidden error
Could anyone Please help me to resolve the issue. Thanks in advance
Able to resolve the issue By adding the following permission to my custom role.
Microsoft.Insights/diagnosticSettings/write
I came to know to add this permission by executing the following command in "-Debug" mode which will give a clear error with the missing permission
Set-AzDiagnosticSetting -Name $diagnosticLogsSettingsName -ResourceId $resource.ResourceId -StorageAccountId $diagnosticLogStorageAccount.Id -Enabled $true -Category $Categories -MetricCategory AllMetrics -RetentionEnabled $true -RetentionInDays 90 -Debug
So just need to add -Debug flag at the end of command
One of the workaround you can follow to resolve the above issue;
Based on this GitHub Blog
For example to enable all available metrics and logs for a particular
resource (i.e,Resource01).
Set-AzDiagnosticSetting -ResourceId "Resource01" -Enabled $True
Alternatively, please find this SO THREAD| Enabling diagnostic settings for Azure Storage Account using PowerShell as suggested by ,#Joy Wang .
We have tried with the suggested PowerShell script and it works fine
NOTE:- Please make sure that we are providing the correct workspace ID(Log analytics workspace ID) and resource ID(Storage account resource ID) .
OUTPUT DETAILS FOR REFERENCE:-
I have a powershell task that is used to run a script which involves creating azure resources (Example: Resource group, Azure Key Vault, Function App...). When the pipeline is being run and it arrives to the powershell task in the deploy stage, it shows the following message:
The problem here, it says Finishing:Powershell but it didn't execute the script and did not create any azure resource.
Here is a sample of the powershell script:
$vaultName = "key vault name"
$blobstorageName = "blob storage name"
$Location = "Location Name"
$resourceGroupName = "Resource Group Name"
try {
#Creation of Resource Group
$resourceGroup = Get-AzResourceGroup -ResourceGroupName $resourceGroupName -ErrorAction SilentlyContinue
if($null -eq $resourceGroup)
{
New-AzResourceGroup -Name $resourceGroupName -Location $Location
}
else
{
Write-Host "The ResourceGroup with the name: $resourceGroupName already exists."
}
# Creation of Storage Account
$checkBlobStorage = (Get-AzStorageAccountNameAvailability -Name $blobstorageName) | Select-Object NameAvailable
if ($checkBlobStorage.NameAvailable)
{
New-AzStorageAccount -ResourceGroupName $resourceGroupName -AccountName $blobstorageName -Location $Location -SkuName Standard_LRS -Kind StorageV2 -AccessTier Hot
}
else
{
Write-Host "The name $blobStorageName is not available. Suggest a new globally unique name!"
}
catch
{
}
Does anyone have a clue what is wrong ? Am I missing something in the powershell script (Maybe I don't have direct access to the azure portal from azure devops) or maybe something is missing in
the Yaml file ?
Two major issues:
you seem to be using the Powershell Task, which is not designed for communication with Azure. You should use the Azure Powershell task for this kind of script, because it already has the right modules loaded and the authentication prepared.
your script is swallowing the error so it is hiding what went wrong. It's usually more useful not to catch exceptions; if your script is erroring then let it error, and let the pipeline show you in its log what has happened.
So, I'm told if you import your Azure Subscription Publish Setting file into PowerShell...you can use the certificate in the Publish Setting file to create objects in your Azure Subscription.
However, I am getting the following exception trying to create a Resource Group:
New-AzureRmResourceGroup : Run Connect-AzureRmAccount to login.
+ CategoryInfo : CloseError: (:) [New-AzureRmResourceGroup], PSInvalidOperationException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupCmdlet
I Do The Following In My Script:
"Import" the Subscription
"Select" the Subscription
"Get" the Subscription (to view it)
...the subscription is both "Default & Current" (see attached image).
...and yet I still get that message.
SAMPLE CODE:
This code is edited so as not to "give away the farm"...
#Set Subscription
$Subscription_Id = "<not shown>"
Select-AzureSubscription -SubscriptionId $Subscription_Id
Get-AzureSubscription
# CHECK EXISTS: ResourceGroup
$RegionFullName = "South Central US"
$RegionShortName = "scus"
$EnvironmentShortName = "dev"
$ApplicationShortName = "<not shown>"
$ObjectTypeShortName = "rg"
$ResourceGroupFullName = "$($RegionShortName)-$($EnvironmentShortName)-$($ApplicationShortName)-$($ObjectTypeShortName)"
$ResourceGroup = Get-AzureRmResourceGroup -Name $ResourceGroupFullName -ErrorVariable NotPresent -ErrorAction SilentlyContinue
if ($ResourceGroup -eq $Null) {
#CREATE: ResourceGroup
$ResourceGroup = New-AzureRmResourceGroup -Name $ResourceGroupFullName -Location $RegionFullName -Confirm
}
I suppose you are using Import-PublishSettingsFile, but Azure Management Certificates and Publishing Setting files are only intended (for) and (are) limited to managing Azure Service Management (ASM) resources, which are being retired.
In your script, you mixed the ASM and AzureRm powershell modules together. Select-AzureSubscription and Get-AzureSubscription belong to ASM, Get-AzureRmResourceGroup and New-AzureRmResourceGroup belong to AzureRm.
So if you need to use AzureRm command, you need to run Connect-AzureRmAccount to login your account.
I was executing this command:
$obj = Get-AzDataFactory -ResourceGroupName $rgName -Name $adfName
I get this error but the ADF exists.
HTTP Status Code: NotFound Error Code: ResourceNotFound
Error Message: The Resource 'Microsoft.DataFactory/dataFactories/*******'
under resource group 'DEV*****RG' was not found.
When this command runs, the ADF is listed!
Get-AzResource -ResourceGroupName "DEV*****RG"
'Get-AzDataFactoryV2' is the correct command
I am trying to run Set-AzWebApp command to set web application properties
Set-AzWebApp -AppSettings $settings -ResourceGroupName $resourceGroupName -Name $appServiceName
$settings is a Hashtable.
I get this message back with no additional details
Set-AzWebApp : Operation returned an invalid status code 'Conflict'
Any ideas?
Solved: As it turns out I had a space that crept into my keyname within the $settings hashtable. This cause Azure app service to throw a 409 Conflict
I also encountered this issue when creating an Azure App Service Plan using Azure Powershell.
When I run the command below:
New-AzAppServicePlan -ResourceGroupName 'MyResourceGroup' -Name 'MyServicePlan' -Location 'northeurope' -Linux -Tier 'Premium V2' -NumberofWorkers 2 -WorkerSize Medium
I get the error:
New-AzAppServicePlan: Operation returned an invalid status code 'Conflict'
Here's how I solved it:
The issue was that I was specifying the Tier as 'Premium V2' instead of 'PremiumV2'. That is there should be no space between the word Premium and V2. They should be together.
So this worked for me after then:
New-AzAppServicePlan -ResourceGroupName 'MyResourceGroup' -Name 'MyServicePlan' -Location 'northeurope' -Linux -Tier 'PremiumV2' -NumberofWorkers 2 -WorkerSize Medium