I have a Powershell script using Azure Powershell to update an Virtual Machine Scale Set (under Azure Service Fabric) to add/remove the certificates that are used by the associated service fabric virtual machines. This script works as intended and I have the following commands (I've removed some of the other logic to focus on the issue):
# This gets the Virtual Machine Scale Set object
$virtualMachineScaleSet = Get-Azvmss -ResourceGroupName $myResourceGroupName -VMScaleSetName $myVMScaleSetName
# Example of removing items from certificate items from the VMSS object.
$virtualMachineScaleSet.VirtualMachineProfile.osProfile.Secrets[$mySecretIndex].VaultCertificates.RemoveAt($myCertificateIndexThatIWantToRemove)
# Example of creating new certificate config
$newCertificateUrl = (Get-AzKeyVaultCertificate -VaultName $myKeyvaultName -Name $myCertificateName).SecretId
$newCertificateConfig = New-AzvmssVaultCertificateConfig -CertificateUrl $newCertificateUrl -CertificateStore "My"
# Example of adding new certificate to the VMSS object
$virtualMachineScaleSet.VirtualMachineProfile.OsProfile.Secrets[$mySecretIndex].VaultCertificates.Add($newCertificateConfig)
# Committing the update to VMSS
Update-Azvmss -ResourceGroupName $myResourceGroupName -VirtualMachineScaleSet $virtualMachineScaleSet -VMScaleSetName $myVMScaleSetName
The above script works fine. However, I'm now trying to convert each of the above commands to Azure CLI. The way the script will invoke means that I cannot mix and match Azure Powershell and Azure CLI commands in the same script. The commands I have so far are causing problems:
# This gets me the Virtual Machine Scale Set object
$virtualMachineScaleSet = az vmss show --name $myVMScaleSetName --resource-group $myResourceGroupName | ConvertFrom-Json
# Trying to RemoveAt gives the error: MethodInvocationException: Exception calling "RemoveAt" with "1" argument(s): "Collection was of a fixed size."
$virtualMachineScaleSet.VirtualMachineProfile.osProfile.Secrets[$mySecretIndex].VaultCertificates.RemoveAt($myCertificateIndexThatIWantToRemove)
# Not sure the CLI equivalent commands of this
$newCertificateUrl = (Get-AzKeyVaultCertificate -VaultName $myKeyvaultName -Name $myCertificateName).SecretId
$newCertificateConfig = New-AzvmssVaultCertificateConfig -CertificateUrl $newCertificateUrl -CertificateStore "My"
# Trying to Add gives the error: MethodInvocationException: Exception calling "RemoveAt" with "1" argument(s): "Collection was of a fixed size."
$virtualMachineScaleSet.VirtualMachineProfile.OsProfile.Secrets[$mySecretIndex].VaultCertificates.Add($newCertificateConfig)
So my questions are.
What are the CLI equivalent commands for the Azure Powershell script?
Why doesn't the VMSS object in the Azure CLI script seem to be the same? (At least in that I cannot change the VaultCertificates array)
Thank you in advance
All the PowerShell you used can change into two equivalent CLI commands.
One for remove:
az vmss update --resource-group $myResourceGroupName --name $myVMScaleSetName --remove virtualMachineProfile.osProfile.secrets index
One for add:
az vmss update --resource-group $myResourceGroupName --name $myVMScaleSetName --add virtualMachineProfile.osProfile.secrets '{"sourceVault": {"id": "resourceId"},"vaultCertificates": [{"certificateStore": null,"certificateUrl": "certificateUrl"}]}'
Related
I have a number of instance running under my app service in Azure. I need to get back all the id's of these instances.
I am currently using
Get-AzureRmResource -ResourceGroupName $ResourceGroupName -ResourceType
Microsoft.Web/sites/instances -Name $WebAppName -ApiVersion 2016-03-01
But is there an equivalent command using the az cmdlets ?
I've tried the exact PowerShell command that you executed in Azure PowerShell. I could be able to get the expected results as shown:
I've tried to get the desired outcome with AZ cmdlet(Bash) and received the expected results using:
az webapp list-instances
To get the instances running info with their respective ID's on app service in Azure:
az configure --defaults group=xxxxResourceGroupName
az configure --defaults web=xxxxwebapp
az webapp list-instances --name xxxxwebappp --resource-group xxxxResourceGroupName
If you want to retrieve "default hostname, EnabledHostName as well as state" of WebApp, Use below command as shown:
Refer MSDoc az.webapp cmdlets
It is always recommended to use latest Az PowerShell module cmdlets instead of AzureRM since AzureRm is going to retire soon.
In the above answer shared by #jahanvi replace Get-AzureRMResource with Get-AzResource which is a relevant Az module cmdlet.
Alternatively, you can use the Azure Management RestAPI to get the list of instances running under a particular webapp using Invoke-RequestMethod you call the rest api from powershell as well.
Here is the sample script:
Connect-AzAccount
$context=Set-AzContext -Subscription "<subscriptionId>"
$token = Get-AzAccessToken
$authHeader=#{
'Content-Type'='application/json'
'Authorization'='Bearer '+ $token.Token
}
$instances=Invoke-RestMethod -Uri https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Web/sites/<WebAppName>/instances?api-version=2022-03-01 -Method GET -Headers $authHeader
$instances.value.id
Here is the sample screenshot for reference:
While creating webapps using Az cli in Azure, the command line have no option to mention the location parameter. However while creating from azure portal,there is a option where in we can select the region .
Following is the link to the command and the command itsel
https://learn.microsoft.com/en-us/cli/azure/webapp?view=azure-cli-latest
az webapp create --name
--plan
--resource-group
[--assign-identity]
[--deployment-container-image-name]
[--deployment-local-git]
[--deployment-source-branch]
[--deployment-source-url]
[--docker-registry-server-password]
[--docker-registry-server-user]
[--https-only {false, true}]
[--multicontainer-config-file]
[--multicontainer-config-type {COMPOSE, KUBE}]
[--role]
[--runtime]
[--scope]
[--startup-file]
[--subnet]
[--tags]
[--vnet]
You can use az webapp up CLI command which has a location switch like
az webapp up -n MyUniqueAppName --runtime "java:11:Java SE:11" -l locationName
BTW, if you even don't specify the location while using az webapp create it will be default to the region of "Resource Group" or if you are specifying app service plan then that region would be in use
You can use this cmdlet for specifying the location while creating the web app in Azure:
New-AzwebApp [[-ResourceGroupName] <String>] [-Name] <String> [[-Location] <String>] ...
Of course, the next question will be some parameters like specifying runtime environment missing in the New-AzWebApp cmdlet, we need to use different combination of cmdlets for our requirement.
Please refer to one of these workarounds that shows how to choose the runtime environment when using the New-AzWebApp cmdlet.
Refer here for more information on New-AzWebApp cmdlet parameters.
I want to use azure cli command to change the reference image of vmss and update the vm running under the vmss.
I used to use UI to update the reference image as shown below.
I tried following https://learn.microsoft.com/en-US/cli/azure/vmss?view=azure-cli-latest#az_vmss_update
but not getting exact command, am I going in wrong direction?
I have tested in my environment to change the reference images of VMSS but it seems not possible using below cmd.
Update-AzVmss ` -ResourceGroupName "myResourceGroup" ` -VMScaleSetName "myScaleSet" ` -ImageReferenceId /subscriptions/{subscriptionID}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/myNewImage
If you want to update the version of reference image you can change with the below command.
Update-AzVmss -ResourceGroupName "myResourceGroup" -VMScaleSetName "myScaleSet" -ImageReferenceVersion 16.04.201801090
This is the CLI command I have used
az vmss update --name MyScaleSet --resource-group MyResourceGroup --set virtualMachineProfile.storageProfile.imageReference.id=imageID
I'm trying to run the sample script found here: https://learn.microsoft.com/en-au/azure/service-fabric/service-fabric-quickstart-containers-linux#create-a-service-fabric-cluster
#!/bin/bash
# Variables
ResourceGroupName='containertestcluster'
ClusterName='containertestcluster'
Location='eastus'
Password='q6D7nN%6ck#6'
Subject='containertestcluster.eastus.cloudapp.azure.com'
VaultName='containertestvault'
VmPassword='Mypa$$word!321'
VmUserName='sfadminuser'
# Login to Azure and set the subscription
az login
az account set --subscription <mySubscriptionID>
# Create resource group
az group create --name $ResourceGroupName --location $Location
# Create secure five node Linux cluster. Creates a key vault in a resource group
# and creates a certficate in the key vault. The certificate's subject name must match
# the domain that you use to access the Service Fabric cluster. The certificate is downloaded locally.
az sf cluster create --resource-group $ResourceGroupName --location $Location --certificate-output-folder . --certificate-password $Password --certificate-subject-name $Subject --cluster-name $ClusterName --cluster-size 5 --os UbuntuServer1604 --vault-name $VaultName --vault-resource-group $ResourceGroupName --vm-password $VmPassword --vm-user-name $VmUserName
From the command prompt or PowerShell, I run "az login" and login, then I copy & paste this script into the console but get errors when it comes to the variables.
I see you use the Shell script, it's more appropriate to run in Linux. For Windows, the PowerShell script is more suitable. And in Windows, the variables need to be set like this:
$varName = 'xxxx'
So you need to change all the variables like above. And I suggest you change the script into a PowerShell script.
My deployment script uses PowerShell with the AzureRM module. I am trying to find the equivalent of the following Azure CLI call. That call creates an Azure Function based on a Docker image.
az functionapp create --name <app_name> --storage-account <storage_name> --resource-group myResourceGroup --plan myPremiumPlan --deployment-container-image-name <docker-id>/mydockerimage:v1.0.0
Anybody has an idea what is the PowerShell/AzureRM equivalent of "az functionapp create"?
If your ideal goal is to deploy a function app, there are multiple ways to create one.
You can use the below AzureRm command to provision / create a new Function App
New-AzureRmResource -ResourceType ‘Microsoft.Web/Sites’ -ResourceName $functionAppName -kind ‘functionapp’ -Location $location -ResourceGroupName $resourceGroupName -Properties #{} -force
Or You can use a ARM Template to deploy a function app - Details
Or you can use Zip Deploy to deploy your function app. -
As HariHaran said, there are several ways to create new function app. But if you want to create function based on docker image, it may be difficult to implement if use "New-AzureRmResource". So I think you can install az module in powershell, you can continue use "az functionapp create" commmand, you can refer to this tutorial to install it. But az module will not be compatible with AzureRM, so we'd better uninstall AzureRM before that, you can refer to this page about the compatible of az module and AzureRM.
You can use the New-AzFunctionApp cmdlet which is part of the Az.Functions module. This module is currently in Preview.
# First install PowerShell 6 or 7 from https://github.com/PowerShell/PowerShell/releases
# To install the Az.Functions module, Open PowerShell and run:
Install-Module -Name Az.Functions -AllowPrerelease
Alternatively, you can download it from https://www.powershellgallery.com/packages/Az.Functions/0.0.1-preview
For feedback and requests, please file an issue at https://github.com/Azure/azure-powershell/issues. Make sure you include in the title [Az.Functions]. Thanks!