I have a Problem with Packer and the Azure Stack, I am trying to build an Image in azure stack, but it looks like packer don't try to use my custom-url.
{
"builders": [{
"type": "azure-arm",
"client_id": "client_id",
"client_secret": "client_secret",
"tenant_id": "tenant_id",
"subscription_id": "subscription_id",
"managed_image_resource_group_name": "resource_group_name",
"managed_image_name": "random_name",
"os_type": "Linux",
"image_publisher": "Canonical",
"image_offer": "UbuntuServer",
"image_sku": "18.04-LTS",
"azure_tags": {
"dept": "Engineering",
"task": "Image deployment"
},
"location": "custom_location",
"vm_size": "Standard_DS2_v2"
}],
"provisioners": [{
"execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'",
"inline": [
"apt-get update",
"apt-get upgrade -y",
"apt-get -y install nginx",
"/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"
],
"inline_shebang": "/bin/sh -x",
"type": "shell"
}]
}
Error
azure-arm: output will be in this color.
==> azure-arm: Running builder ...
==> azure-arm: Getting tokens using client secret
==> azure-arm: Getting tokens using client secret
azure-arm: Creating Azure Resource Manager (ARM) client ...
Build 'azure-arm' errored: Cannot locate the managed image resource group resource_group_name.
==> Some builds didn't complete successfully and had errors:
--> azure-arm: Cannot locate the managed image resource group olaf.
==> Builds finished but no artifacts were created.
But the creds are right, I can login with the ServiceAccount/App credentials and list all resource groups. Seems everything is working.
Do someone have an idea how to get Packer working with azure stack? Is there a way to give the stack domain instead of the original azure domain or something like that?
Thank you! =)
I know this question is old and you likely figured it out, but I encountered the same issue today and thought it might be helpful to add my solution for anyone else that comes across this:
Make sure your service principal is added as a contributor to the resource group.
In Azure Portal, navigate to the target resource group
Click "Access (IAM)" on the left hand side.
Click "Add" at the top and search for the service principal
Related
I can create a virtual machine with the UI :
via Azure marketplace with Flexify.io, however, I want to use the command since I want the VM to be created when it's secured (SSL).
These are the image for Flexify.io :
https://hub.docker.com/r/flexifyio/ce/tags
So I tried to use the command below :
az vm create --resource-group myresourcegroups --name staging-images --image flexifyio/ce:latest --admin-username azureuser --generate-ssh-keys --custom-data ~/Documents/cloud-init-web-server.txt --secrets "$vm_secret"
This is the flexify.io image flexifyio/ce:latest, but am getting this error :
Invalid image "flexifyio/ce:latest". Use a valid image URN, custom image name, custom image id, VHD blob URI, or pick an image from ['CentOS', 'Debian', 'Flatcar', 'openSUSE-Leap', 'RHEL', 'SLES', 'UbuntuLTS', 'Win2022Datacenter', 'Win2022AzureEditionCore', 'Win2019Datacenter', 'Win2016Datacenter', 'Win2012R2Datacenter', 'Win2012Datacenter', 'Win2008R2SP1'].
See VM create -h for more information on specifying an image.
How best can I do this?
The --image argument for az vm commands can be used to reference an image available on the Azure Marketplace, not Docker Hub (or any other repository, for that matter). Azure Marketplace is also the source of the images you see in the VM creation flow in the Azure Portal.
To find the identifier for the image you want to create your VM with, use az vm image list --all --publisher Flexify, which yields some results:
[
{
"architecture": "x64",
"offer": "migration-vm",
"publisher": "flexify-io",
"sku": "migration-vm-ce",
"urn": "flexify-io:migration-vm:migration-vm-ce:2.12.10",
"version": "2.12.10"
},
{
"architecture": "x64",
"offer": "multi-cloud",
"publisher": "flexify-io",
"sku": "multi-cloud-vm-ce",
"urn": "flexify-io:multi-cloud:multi-cloud-vm-ce:2.12.0",
"version": "2.12.0"
},
{
"architecture": "x64",
"offer": "multi-cloud",
"publisher": "flexify-io",
"sku": "multi-cloud-vm-ce",
"urn": "flexify-io:multi-cloud:multi-cloud-vm-ce:2.12.2",
"version": "2.12.2"
},
{
"architecture": "x64",
"offer": "single-vm",
"publisher": "flexify-io",
"sku": "single-vm-ce",
"urn": "flexify-io:single-vm:single-vm-ce:2.12.10",
"version": "2.12.10"
}
]
Then pass the urn value of the image you want to deploy to your VM like so:
az vm create --resource-group myresourcegroups --name staging-images --image flexify-io:single-vm:single-vm-ce:2.12.10 --admin-username azureuser --generate-ssh-keys --custom-data ~/Documents/cloud-init-web-server.txt --secrets "$vm_secret"
I am attempting to setup and install this reference app from Azure, created by the Microsoft patterns & practices team: https://github.com/mspnp/serverless-reference-implementation - the setup is via Azure CLI not the UI.
However it uses Azure AD Graph, which has just very recently been deprecated and replaced by Microsoft.Graph as documented here: https://learn.microsoft.com/en-gb/cli/azure/microsoft-graph-migration
This breaks the installation instructions in the app, specifically the az ad app create command:
export API_APP_ID=$(az ad app create --display-name $API_APP_NAME --oauth2-allow-implicit-flow true \
--native-app false --reply-urls http://localhost --identifier-uris "http://$API_APP_NAME" \
--app-roles ' [ { "allowedMemberTypes": [ "User" ], "description":"Access to device status", "displayName":"Get Device Status", "isEnabled":true, "value":"GetStatus" }]' \
--required-resource-accesses ' [ { "resourceAppId": "00000003-0000-0000-c000-000000000000", "resourceAccess": [ { "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", "type": "Scope" } ] }]' \
--query appId --output tsv)
Fails with: ERROR: unrecognized arguments: --native-app false
If I try to update the command with the new parameters for Microsoft.Graph as per the migration guide above:
export API_APP_ID=$(az ad app create --display-name $API_APP_NAME --enable-access-token-issuance true \
--is-fallback-public-client false --web-redirect-uris http://localhost --identifier-uris "http://$TENANT_NAME.onmicrosoft.com/$API_APP_NAME" \
--app-roles ' [ { "allowedMemberTypes": [ "User" ], "description":"Access to device status", "displayName":"Get Device Status", "isEnabled":true, "value":"GetStatus" }]' \
--required-resource-accesses ' [ { "resourceAppId": "00000003-0000-0000-c000-000000000000", "resourceAccess": [ { "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", "type": "Scope" } ] }]' \
--query appId --output tsv)
The create command works - but the app's manifest does not have the expected data:
export API_IMPERSONATION_PERMISSION=$(az ad app show --id $API_APP_ID --query "oauth2Permissions[?value == 'user_impersonation'].id" --output tsv)
This returns NULL - the new Microsoft.Graph API does not even create this field in the app's manifest. I manually confirmed this by looking at the manifest in the Azure UI. This means the following commands that rely on this field existing are unusable.
How can I fix this so I can install this reference app given that the install instructions refer to the no longer available Azure AD Graph API? What is the correct az ad app create command that lets Microsoft.Graph API create the API app with oauth?
I am using a custom script extension for VM in ARM Template:
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vm-Name'),'-0',copyIndex(1),'/script')]",
"apiVersion": "2015-05-01-preview",
"location": "[resourceGroup().location]",
"copy": {
"name": "storagepoolloop",
"count": "[parameters('virtualMachineCount')]"
},
"dependsOn": [
"virtualMachineLoop",
"nicLoop"
],
"properties": {
"publisher": "Microsoft.Compute",
"type": "CustomScriptExtension",
"typeHandlerVersion": "1.4",
"settings": {
"fileUris": [
],
"commandToExecute": "[parameters('commandToExecute')]"
}
}
}
where parameters = "powershell.exe $(Agent.TempDirectory)/$(script.secureFilePath)"
I am using azure devops secure files to store my script. I have Download a secure file task before deploying the vm.
I have also tried directly referencing script file name
"powershell.exe $(Agent.TempDirectory)/puscript.ps1"
I am using classic Release pipeline, if this is not the right way please guide how to use powershell script stored in secure files.
Any help is appreciated. Thanks in advance.
The script will need to be downloaded on to the VM you're creating, not downloaded onto the machine that is deploying the ARM. That command does not actually get executed until the VM starts the extension, so the variable $(Agent.TempDirectory) refers to the directory on the machine executing the pipeline and won't exist when the VM starts up.
I did the same thing for a VM custom extension by including the script in the image that I was using to create the VM. If you're not using a custom image, you can add the storage account information to download it in the protectedSettings like this:
"protectedSettings": {
"commandToExecute": "powershell.exe puscript.ps1",
"storageAccountName": "yourstorageaccount",
"storageAccountKey": "<account key>",
"fileUris": [
"https://yourstorageaccount.blob.core.windows.net/container/puscript.ps1"
]
}
ref: https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows#extension-schema
You can try like as below steps:
Use the Download Secure File task to download the PowerShell script file. On the task, set a Reference name for use.
Use the PowerShell task (or Azure PowerShell task) to execute the PowerShell script.
Consider you want execute the PowerShell script to run ARM Template deployment, you could use the Azure PowerShell task.
For web deployment using FTP;I came across a situation, where i'm using Azure CLI command to create an app service plan in FREE tier to deploy the web app in it.
Here is how i am approaching:
used command:
az login --allow-no-subscriptions
sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code xxxxxxx to authenticate. Working fine with below result.
[
{
"cloudName": "AzureCloud",
"id": "1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx",
"isDefault": true,
"name": "N/A(tenant level account)",
"state": "Enabled",
"tenantId": "1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx",
"user": {
"name": "email#gmail.com",
"type": "user"
}
}
]
Then, create basic app service plan using :
"az appservice plan create -g MyResourceGroup -n MyPlan"
This gives me error saying "The subscription 1fdacf7a-xxxxx-xxxx-xxxx-
xxxxxxxxxxxxx could not be found.
How to resolve this problem? Thanks.
I can reproduce your issue, to fix the issue, please don't use the --allow-no-subscriptions parameter.
You just need to login with:
az login
or
az login --use-device-code
Then use the command below to set the subscription:
az account set --subscription 1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx
Run az appservice plan create -g MyResourceGroup -n MyPlan:
So I'm following this guide in order tosuse Azure 2.0 CLI to create an app service to deploy.
https://learn.microsoft.com/en-us/azure/app-service-web/app-service-web-get-started
I have set up the resource group, the app service plan and the app but instead of setting up the deployment with a Git repository like this
az appservice web source-control config-local-git --name <app_name> --resource-group my-first-app-group
I would like to put all my files into a folder in DropBox.
This step can be done by using the Azure web site but I would like to know if it is possible to using the Azure 2.0 CLI? If so, what is the command?
I would like to put all my files into a folder in DropBox.
This step can be done by using the Azure web site but I would like to
know if it is possible to using the Azure 2.0 CLI?
We can use CLI 2.0 command like this:
C:\Users>az appservice web source-control config --repo-url https://www.dropbox.com/sh/ar7n31ozqgchnb2/AABxdZN4v4pklk3USCnFBWdVa?dl=0 --repository-type mercurial --name jasonapp2 --resource ubuntu
Here is my result:
C:\Users>az appservice web source-control config --repo-url https://www.dropbox.com/sh/ar7n31ozqgchnb2/AABxdZN4v4pklk3USCnFBWdVa?dl=0 --repository-type mercurial --name jasonapp2 --resource ubuntu
{
"branch": null,
"deploymentRollbackEnabled": false,
"id": "/subscriptions/5384xxxx-xxxx-xxxx-xxxx-0361e29a7b15/resourceGroups/ubuntu/providers/Microsoft.Web/sites/jasonapp2/sourcecontrols/web",
"isManualIntegration": false,
"isMercurial": false,
"kind": null,
"location": "Central US",
"name": "jasonapp2",
"repoUrl": "https://www.dropbox.com/sh/ar7n31ozqgchnb2/AABxdZN4v4pklk3USCnFBWdVa?dl=0",
"resourceGroup": "ubuntu",
"tags": {
"hidden-related:/subscriptions/5384xxxx-xxxx-xxxx-xxxx-0361e29a7b15/resourcegroups/AppResource/providers/Microsoft.Web/serverfarms/palian160919": "empty"
},
"type": "Microsoft.Web/sites/sourcecontrols"
}