Powershell + Azure App Service + Azure Container Registry - azure

I am using powershell to handle various CI/CD functions.
=============================================
Here is what I have done so far.
Build NodeJS App
Package NodeJS App in Container
Publish Container to Private Azure Container Registry
=============================================
Here is what I am trying to figure out.
Create App Service Plan on the Fly
Create Web App (Container) on the Fly
Pull in Container from ACR into App Service
Here is my code. It doesn't seem to be working.
$azureContainerCredential = Get-AzContainerRegistryCredential -ResourceGroupName $env:AZURE_CONTAINER_REGISTRY_RESOURCE_GROUP -Name $env:AZURE_CONTAINER_REGISTRY_NAME
$azureSecuredPassword = ConvertTo-SecureString $azureContainerCredential.Password -AsPlainText -Force
$azureContainerRegistry = Get-AzContainerRegistry -ResourceGroupName $env:AZURE_CONTAINER_REGISTRY_RESOURCE_GROUP
$azureAppServicePlan = Get-AzAppServicePlan -ResourceGroupName "amlihelloworld" -Name "amlihelloworld-app-service-plan"
if($null -eq $azureAppServicePlan)
{
"==============================================================================="
Write-Output "CREATING HELLO WORLD WEB APPLICATION"
$azureAppServicePlan = New-AzAppServicePlan -Name "amlihelloworld-app-service-plan" -Location "Central
US" -ResourceGroupName "amlihelloworld" -Tier Standard
$azureApp = New-AzWebApp -ResourceGroupName "amlihelloworld" -Name "amlihelloworld2" -AppServicePlan
$azureAppServicePlan.Name -ContainerImageName "amlihelloworld:20200422.7" -ContainerRegistryPassword
$azureSecuredPassword -ContainerRegistryUrl $azureContainerRegistry.LoginServer -
ContainerRegistryUser $azureContainerCredential.Username
$azureAppSlot = New-AzWebAppSlot -Name $azureApp.Name -ResourceGroupName "amlihelloworld" -Slot
"development"
}
$azureApp1 = Get-AzWebApp -ResourceGroupName "amlihelloworld" -Name "amlihelloworld"
=============================================
Here is whats happening
When I switch the slots to my app for production.
It doesn't seem to be showing my app at all.
How can I tell if it uploaded my app or not?

Actually, I don't think there is a logic problem in the code, but a problem for the commands itself.
First, if you want to cut the PowerShell command into multiple lines, you need to add the character ` append each line except the last one. And you'd better use the same web app name if you want to get it. So you'd like to make a little change in your code:
$azureContainerCredential = Get-AzContainerRegistryCredential -ResourceGroupName $env:AZURE_CONTAINER_REGISTRY_RESOURCE_GROUP -Name $env:AZURE_CONTAINER_REGISTRY_NAME
$azureSecuredPassword = ConvertTo-SecureString $azureContainerCredential.Password -AsPlainText -Force
$azureContainerRegistry = Get-AzContainerRegistry -ResourceGroupName $env:AZURE_CONTAINER_REGISTRY_RESOURCE_GROUP
$azureAppServicePlan = Get-AzAppServicePlan -ResourceGroupName "amlihelloworld" -Name "amlihelloworld-app-service-plan"
if($null -eq $azureAppServicePlan)
{
"==============================================================================="
Write-Output "CREATING HELLO WORLD WEB APPLICATION"
$azureAppServicePlan = New-AzAppServicePlan -Name "amlihelloworld-app-service-plan" -Location "Central
US" -ResourceGroupName "amlihelloworld" -Tier Standard
$azureApp = New-AzWebApp -ResourceGroupName "amlihelloworld" -Name "amlihelloworld2" `
-AppServicePlan $azureAppServicePlan.Name `
-ContainerImageName "amlihelloworld:20200422.7" `
-ContainerRegistryPassword $azureSecuredPassword `
-ContainerRegistryUrl $azureContainerRegistry.LoginServer `
-ContainerRegistryUser $azureContainerCredential.Username
$azureAppSlot = New-AzWebAppSlot -Name $azureApp.Name -ResourceGroupName "amlihelloworld" -Slot
"development"
}
$azureApp1 = Get-AzWebApp -ResourceGroupName "amlihelloworld" -Name "amlihelloworld2"
You also need to check carefully if your environment variables exist as normal.

Apparently it's a bug on Microsoft side and it's not possible to publish containers through powershell scripts.
Please read here:
https://github.com/Azure/azure-powershell/issues/10645

Related

Why are write-host statements are not appearing when calling a script with an azure commandlet in it?

I have a very simplistic 2 scripts and I'm trying to call the powershell script from another powershell run script
run script (run.ps1)
.\NewRG.ps1 -rgName "singleVM12" -location "Canada Central" -tags #{dept="Marketing"}
called script (newRG.ps1)
[CmdletBinding()]
param (
[string]$rgName = "Test1-rg",
[string]$location = "Canada Central",
[Parameter(Mandatory)]
[hashtable]$tags)
$newRG = New-AzResourceGroup -name $rgName -location $location -tags #{dept="marketing"}
write-output "test"
I would expect that I should get test in the console but I get the properties of the Resource group
ResourceGroupName : singleVM12
Location : canadacentral
ProvisioningState : Succeeded
The issue is I have more complex scripts with multiple write-host entries that I want shown but none of it appears when I run the "run.ps1" file, it works fine if I just call the called script by itself. I tried using write-output and same thing happens. I noticed that hello world works, so I'm guessing something about the Azure commandlets are maybe causing this. Any way around this?
I am using Write-Output to print the values in prompt. I have followed the same way you did.
Follow the workaround:
testout.ps1
# I am getting resource information
[CmdletBinding()]
param (
[string]$rgName = "test")
#$newRG = New-AzResourceGroup -name $rgName -location $location -tags #{dept="marketing"}
$getResource = Get-AzResource -ResourceGroupName $rgName
write-output "azure resoure get successfully- " $rgName
$getResource = Get-AzResource -ResourceGroupName $rgName
write-output "test2- " $rgName
$getResource = Get-AzResource -ResourceGroupName $rgName
write-output "test3 - " $rgName
$getResource = Get-AzResource
write-output "test4- " $rgName
# you can use return to send the the required data to promt as well. But you can use end of your script otherwise it will skip after the return statement.
return $getResource.ResourceGroupName
test2.ps1
Calling testout.ps1 in test2.ps1 script.
# Connect Azure Account using specific Subscription Id if you are using more subscription in single account
Connect-AzAccount -SubscriptionId '<Your subscription Id>'
# calling test.ps1 script
.\testout.ps1 -rgName "<Your Resourcegroup Name>"
Result

Setup and deploy Azure function using PowerShell

I try to setup and deploy Azure Function by using PowerShell script based on this topic: Setup Azure Function from PowerShell
My script looks like this:
#=============Defining All Variables=========
$location = 'Central US'
$resourceGroupName = 'MyResourceGroup'
$subscriptionId = 'MysubscriptionId'
$functionAppName = 'MyfunctionAppName'
$appServicePlanName = 'ASP-test-8b50'
$tier = 'Dynamic'
$archivePath = 'd:\TestAzureFunc.zip'
Connect-AzAccount
#========Creating Azure Resource Group========
$resourceGroup = Get-AzResourceGroup | Where-Object { $_.ResourceGroupName -eq $resourceGroupName }
if ($resourceGroup -eq $null)
{
New-AzResourceGroup -Name $resourceGroupName -Location $location -force
}
#selecting default azure subscription by name
Select-AzSubscription -SubscriptionID $subscriptionId
Set-AzContext $subscriptionId
#========Creating App Service Plan============
New-AzAppServicePlan -ResourceGroupName $resourceGroupName -Name $appServicePlanName -Location $location -Tier $tier
$functionAppSettings = #{
ServerFarmId="/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Web/serverfarms/$appServicePlanName";
alwaysOn=$True;
}
#========Creating Azure Function========
$functionAppResource = Get-AzResource | Where-Object { $_.ResourceName -eq $functionAppName -And $_.ResourceType -eq "Microsoft.Web/Sites" }
if ($functionAppResource -eq $null)
{
New-AzResource -ResourceType 'Microsoft.Web/Sites' -ResourceName $functionAppName -kind 'functionapp' -Location $location -ResourceGroupName $resourceGroupName -Properties $functionAppSettings -force
}
#========Defining Azure Function Settings========
$AppSettings =#{}
$AppSettings =#{'FUNCTIONS_EXTENSION_VERSION' = '~2';
'FUNCTIONS_WORKER_RUNTIME' = 'dotnet';}
Set-AzWebApp -Name $functionAppName -ResourceGroupName $resourceGroupName -AppSettings $AppSettings
#========Deploy Azure Function from zip========
Publish-AzWebapp -ResourceGroupName $resourceGroupName -Name $functionAppName -ArchivePath $archivePath
The script works without errors. Resource group and Function App created as needed. But the list of functions of the Function App is empty.
Function details here:
My intuition tells me that I've forgotten something. But I don't know what.
Could you advise me on how to deploy my Azure function properly?
One of the workaround you can follow ,
Looking at your script we need to ensure that we are providing function app configuration as below cmdlts the link you followed:-
$AzFunctionAppSettings = #{
APPINSIGHTS_INSTRUMENTATIONKEY = $AppInsightsKey;
AzureWebJobsDashboard = $AzFunctionAppStorageAccountConnectionString;
AzureWebJobsStorage = $AzFunctionAppStorageAccountConnectionString;
FUNCTIONS_EXTENSION_VERSION = "~4";
FUNCTIONS_WORKER_RUNTIME = "dotnet";
}
And also make sure that the storage account connection string you provided in the function is same as here providing.
And then you can navigate to Kudu API to check the wwwroot folder is exist or not.
For more information please refer the below links:-
SO THREAD|Powershell command Publish-AzWebApp not publishing apllication
BLOG|How to Deploy Azure Function Apps With Powershell.

Deploying multiple scripts with CustomScriptExtension on an Azure Windows VM

I'm trying to deploy multiple PowerShell scripts to an Azure Windows VM by using the CustomScriptExtension.
The scripts are independent from each other so the order of their deployment doesn't matter. Also the scripts are in same blob container.
I have already a working template as below for installing one script at the moment:
$resourceGroup = "myResourceGroup"
$vmName = "myVM"
$location = "easteurope"
$storageAcctName = "myStorageAcct"
$storageKey = $env:ARM_ACCESS_KEY
$fileUri = #("https://xxxxx.blob.core.windows.net/xxxx/01-installTools.ps1")
$protectedSettings = #{"storageAccountName" = $storageAcctName; "storageAccountKey" = $storageKey};
$settings = #{"fileUris" = $fileUri;"commandToExecute" ="powershell -ExecutionPolicy Unrestricted -File 01-installTools.ps1"};
#run command
Set-AzVMExtension -ResourceGroupName $resourceGroup `
-Location $location `
-ExtensionName "IIS" `
-VMName $vmName `
-Publisher "Microsoft.Compute" `
-ExtensionType "CustomScriptExtension" `
-TypeHandlerVersion "1.8" `
-Settings $settings `
-ProtectedSettings $protectedSettings;
Also is it possible to use 2 CustomScriptExtensions?
I get a TypeHandlerVersion error if i try to do that.

How to Create App Service with a subType of api

In powershell and using the new-azwebapp to create a website in our app service plan. But it only ever seems to create a type of app
I'm trying to create it with the type of api like you can when you select from the Azure Portal UI, but I can't see a setting in the configuration to do this.
After creating I set the AppSettings and then try to update the Type, but it doesn't seem to matter.
Hoping that I'm missing something simple.
$siteName = "namegoeshere"
$sitePlan = "myplanname"
$siteLocation = "Australia East"
$siteResourceGroup = "resourcegroupname"
$createdSite = new-azWebApp -Name $siteName -ResourceGroupName $siteResourceGroup -AppServicePlan $sitePlan -Location $siteLocation
$newAppSettings = #{ "name"="value"}
Set-AzWebApp -Name $siteName -ResourceGroupName $siteResourceGroup -AppSettings $newAppSettings -AppServicePlan Grower #-PhpVersion 0
$p = #{ 'type' = "api" }
$r = Set-AzResource -Name $siteName -ResourceGroupName $siteResourceGroup -ResourceType Microsoft.Web/sites -PropertyObject $p -ApiVersion 2016-03-01 -Kind "app"
echo $r.Properties
The type api is not set with type, in the New-AzureRmResource parameters there is a parameter to set it, it's [-Kind <String>]. You could check it here.
Here is an example.
# CREATE "just-an-api" API App
$ResourceLocation = "West US"
$ResourceName = "just-an-api"
$ResourceGroupName = "demo"
$PropertiesObject = #{
# serverFarmId points to the App Service Plan resource id
serverFarmId = "/subscriptions/SUBSCRIPTION-GUID/resourceGroups/demo/providers/Microsoft.Web/serverfarms/plan1"
}
New-AzureRmResource -Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName $ResourceGroupName `
-ResourceType Microsoft.Web/sites `
-ResourceName "just-an-api/$ResourceName" `
-Kind 'api' `
-ApiVersion 2016-08-01 -Force

Not able to connect through Rasdial in azure ARM VPN connection

I am not able connect to VPN using powershell cmdlet. I use 'rasdial' from a build agent to connect to vpn, so that we can trigger automated tests. The whole process is automated.
Earlier same rasdial command - Rasdial "VPNName" was working perfectly fine with classic model (ASM) of vpn. But, after I migrated to ARM, I am facing this issue. However through UI i.e. clicking on buttons to connect to vpn is working fine but our need is to connect through script.
I am getting a message-
This function is not supported on this system.
NB: I am following this post- https://dzone.com/articles/deconstructing-azure-point
The same workaround worked in ASM but not woking in ARM. What can be another workaround or fix for this ?
I am using below script to create and download the VPN package. I am not sure I am missing something in my script which is causing this issue-
$VNetName = "MYVPN"
$SubName = "Subnet-1"
$GWSubName = "GatewaySubnet"
$VNetPrefix1 = "15.3.0.0/16"
$SubPrefix = "15.3.1.0/24"
$GWSubPrefix = "15.3.200.0/26"
$VPNClientAddressPool = "158.17.201.0/24"
$RG = "VMsRG"
$Location = "West Europe"
$DNS = "15.3.0.0"
$GWName = "GateWay"
$GWIPName = "GateWayIP"
$GWIPconfName = "GateWayIPConfig"
$P2SRootCertName = "XXXXX.cer"
$DeployUserName = "atf#hotmail.com"
$DeployUserPassword = "XXXXX"
$Azurepwd = ConvertTo-SecureString $DeployUserPassword -AsPlainText -Force
$AzureCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist $DeployUserName, $Azurepwd
Add-AzureRmAccount -credential $AzureCredential -SubscriptionName Development
New-AzureRmResourceGroup -Name $RG -Location $Location
$fesub = New-AzureRmVirtualNetworkSubnetConfig -Name $SubName -AddressPrefix $SubPrefix
$gwsub = New-AzureRmVirtualNetworkSubnetConfig -Name $GWSubName -AddressPrefix $GWSubPrefix
New-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG -Location $Location -AddressPrefix $VNetPrefix1 -Subnet $fesub, $gwsub -DnsServer $DNS
$vnet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet
$pip = New-AzureRmPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location -AllocationMethod dynamic
$ipconf = New-AzureRmVirtualNetworkGatewayIpConfig -Name $GWIPconfName -Subnet $subnet -PublicIpAddress $pip
$MyP2SRootCertPubKeyBase64 = "XXXXX"
$p2srootcert = New-AzureRmVpnClientRootCertificate -Name "P2SVNETRootCertName" -PublicCertData $MyP2SRootCertPubKeyBase64
New-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG -Location $Location -IpConfigurations $ipconf -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -GatewaySku Standard -VpnClientAddressPool $VPNClientAddressPool -VpnClientRootCertificates $p2srootcert
Get-AzureRmVpnClientPackage -ResourceGroupName $RG -VirtualNetworkGatewayName $GWName -ProcessorArchitecture Amd64
As I am able to connect using GUI. I hope script is doing it's job.
After 4 Months I got a reply from MS (as I raised a ticket for the same).
They told Rasdial is not supported by Azure VPN Client Package till date. Also, Even after deconstructing-the-azure-point-to-site-vpn lacks addition of route which should be taken care by adding the route explicitly.
So as an workaround I did the steps provided in the blog - http://www.diaryofaninja.com/blog/2013/11/27/deconstructing-the-azure-point-to-site-vpn-for-command-line-usage
However the last part of adding the route is a bit complex. So, for adding route I have created my own PS script-
$Subnet = #("10.0.1.0", "10.0.2.0","10.0.3.0")
$VPNClientAddressPool = "x.x.x"
$Mask = "255.255.0.0"
$azureIpAddress = ""
$VPNCmd = "MYVPNName"
Here x.x.x are the 3 octet that can be found in "GateWay - Point-to-site configuration" of the VPN-
$routeExists = route print | findstr $VPNClientAddressPool
if($routeExists)
{
route delete $Subnet
}
rasdial $VPNCmd > $null
$azureIPAddress = ipconfig | findstr $VPNClientAddressPool
if($azureIPAddress -ne $null)
{
$azureIpAddress = $azureIpAddress.Split(": ")
$azureIpAddress = $azureIpAddress[$azureIpAddress.Length-1]
$azureIpAddress = $azureIpAddress.Trim()
route add $Subnet MASK $Mask $azureIPAddress
}
This solved the purpose for me. Basically You just need to take care of the route add part.
Your PowerShell script seems fine (I didn't try the login and resource group pieces, but everything else works from $fesub on.) except for the third line from the bottom. The -Name tag which you currently have as "P2SVNETRootCertName" needs to be the same as your $P2SRootCertName. For more information, refer to Azure documentation: https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-howto-point-to-site-rm-ps/
As for Rasdial, another StackOverflow post has answered this: Azure Virtual Network Point-to-Site (ex. Azure Connect) autoconnect
-Bridget [MSFT]

Resources