I am creating an ARM template that deploys a lot of resources in different resource groups. Actually, the resource groups themselves are part of the deployment. In a simple version, I create only two resource groups (masterRG and dependentRG), and then create two nested (inline) deployments. The first inline deployment puts a storage account (testsadj1604) in masterRG. This deployment is dependent on masterRG.
The second deployment creates a keyvault and tries to store a connectionstring from testsadj1604 in that vault.
In my real case, I have more resourceGroups and I actually try deploy a Function App that has the connectionstring as 'appsetting'. The methodology is the same though.
The error I get is the following:
Deployment failed. Correlation ID: 9c359e8e-8657-4756-a5a3-f9c5698fbb46. {
"error": {
"code": "ResourceNotFound",
"message": "The Resource 'Microsoft.Storage/storageAccounts/testsadj1604' under resource group '<null>' was not found."
}
}
This is my code:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "masterRG",
"location": "West Europe",
"properties": {}
},
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "dependentRG",
"location": "West Europe",
"properties": {}
},
{
"name": "masterRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "masterRG",
"dependsOn": [
"masterRG"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2019-06-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "testsadj1604",
"location": "West Europe",
"sku": {
"name": "Standard_GRS"
},
"kind": "StorageV2",
"properties": {
"supportsHttpsTrafficOnly": true
}
}
]
}
}
},
{
"name": "dependentRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "dependentRG",
"dependsOn": [
"dependentRG",
"masterRgDeployment"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"name": "kvaNameTest1604",
"apiVersion": "2015-06-01",
"location": "West Europe",
"properties": {
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true,
"tenantId": "[subscription().tenantId]",
"accessPolicies": [
{
"objectId": "fc05639d-70eb-4175-a89b-eab7f883c691",
"tenantId": "[subscription().tenantId]",
"permissions": {
"keys": [
"get",
"list",
"update"
],
"secrets": [
"get",
"list",
"update"
]
}
}
],
"sku": {
"name": "Standard",
"family": "A"
},
"networkAcls": {
"defaultAction": "Allow",
"bypass": "AzureServices"
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "kvaNameTest1604/saConnectionString",
"apiVersion": "2018-02-14",
"location": "West Europe",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', 'kvaNameTest1604')]"
],
"properties": {
"value": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', 'testsadj1604'), '2019-06-01').keys[0].value]"
}
}
]
}
}
}
]
}
I am pretty sure the error comes from the listKeys() at the bottom, going on my daylong trial-and-error (and Google frenzy) in my real template. Using listKeys() and nested deployments is a drag, but I really don't see why it shouldn't work. I made sure there is a dependsOn in the second deployment.
This is wrecking my brain, is there any way I can use nested (inline) templates and reference the storage account keys that are in a different resourcegroup (but part of the overall deployment)? I also tried to create an output in the first deployment and reference that in the second but that had no effect. I am at a total loss, any help is welcome!
There are a few things you need to do for this to work in a single template:
on your keyvault secret deployment set this property:
"expressionEvaluationOptions": {
"scope": "inner"
},
That will delay evaluation of the expression until that deployment begins.
when you set #1, you need to define parameters for the values you need (you can no longer use "global" params/vars), you could hardcode all the strings like in your example, but I'm guessing that's not what you do in the "real" deployment. Define the params and pass the values into that deployment.
your listKeys() call needs to include the full resourceId of the storageAccount, since it is in a separate/distinct deployment - so you need to provide the resourceGroup name param - if you cross subscriptions in the deployment (your sample didn't) you need to provide the subscriptionId param.
Below is a working example...
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string",
"defaultValue": "[concat('scratch', uniqueString(newGuid()))]"
}
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "masterRG",
"location": "West Europe",
"properties": {
}
},
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "dependentRG",
"location": "West Europe",
"properties": {
}
},
{
"name": "masterRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "masterRG",
"dependsOn": [
"masterRG"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2019-06-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"location": "West Europe",
"sku": {
"name": "Standard_GRS"
},
"kind": "StorageV2",
"properties": {
"supportsHttpsTrafficOnly": true
}
}
]
}
}
},
{
"name": "dependentRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "dependentRG",
"dependsOn": [
"dependentRG",
"masterRgDeployment"
],
"properties": {
"mode": "Incremental",
"expressionEvaluationOptions": {
"scope": "inner"
},
"parameters":{
"storageAccountName": {
"value": "[parameters('storageAccountName')]"
},
"storageAccountResourceGroupName": {
"value": "masterRG"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
},
"storageAccountResourceGroupName": {
"type": "string"
}
},
"variables": {
"vaultName": "[concat('kv-', parameters('storageAccountName'))]"
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"name": "[variables('vaultName')]",
"apiVersion": "2019-09-01",
"location": "West Europe",
"properties": {
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true,
"tenantId": "[subscription().tenantId]",
"accessPolicies": [ ],
"sku": {
"name": "Standard",
"family": "A"
},
"networkAcls": {
"defaultAction": "Allow",
"bypass": "AzureServices"
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('vaultName'), '/saConnectionString')]",
"apiVersion": "2019-09-01",
"location": "West Europe",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', variables('vaultName'))]"
],
"properties": {
"value": "[listKeys(resourceId(parameters('storageAccountResourceGroupName'),'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2019-06-01').keys[0].value]"
}
}
]
}
}
}
]
}
Related
I have a parent arm template that uses various linked component templates. The webApp I am creating requires a dependency on a service plan but after adding a dependency like the one in the dependencies section of the documentation I keep getting an error: 'The resource 'Microsoft.Resources/deployments/NovaArmTestDev' is not defined in the template.
The parent template: (top two deployments are the ones causing issue)
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourcegroupName": {
"type": "string",
"metadata": {
"description": "The name given to the group and all resources it contains by default"
}
},
"templateFolderUri": {
"type": "string",
"metadata": {
"description": "The URI of the template component folder"
}
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[parameters('resourceGroupName')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/servicePlanCreator.json')]",
"contentVersion": "1.0.0.0"
}
}
},
{
"name": "[concat(parameters('resourceGroupName'), 'App')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/dualSlotWebApp.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', parameters('resourceGroupName'))]"
]
},
{
"name": "[concat(parameters('resourceGroupName'), 'Storage')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/storageAccountTemplate.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
}
},
{
"name": "[concat(parameters('resourceGroupName'), 'Vault')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/keyVaultCreator.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
}
}
],
"outputs": {}
}
servicePlanCreator:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"servicePlanName": {
"defaultValue": "[resourceGroup().name]",
"type": "string",
"metadata": {
"description": "The name of the newly created resource"
}
},
"operatingSystem": {
"type": "string",
"defaultValue": "windows",
"metadata": {
"description": "The Operating system the the newly created resource will use"
}
},
"sku": {
"type": "string",
"defaultValue": "S1",
"metadata": {
"description": "The sku (pricing tier) the resource group the service plan will use"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().Location]",
"metadata": {
"description": "(Optional) The location og the resource. Will default to the location of the resource group if not set."
}
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[parameters('servicePlanName')]",
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2020-12-01",
"location": "[parameters('location')]",
"kind": "[parameters('operatingSystem')]",
"sku": {
"name": "[parameters('sku')]"
},
"tags": {},
"properties": {
"name": "[parameters('servicePlanName')]"
}
}
],
"outputs": {}
}
dualSlotWebApp template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"webAppName": {
"type": "string",
"defaultValue": "[concat(resourceGroup().name)]",
"metadata": {
"description": "(Optional) Web App name. Defaults to '<ResourceGroupName>Plane' if not supplied"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "(Optional) Web App name. Defaults to Resource group location if not supplied"
}
},
"appServicePlan": {
"type": "string",
"defaultValue": "[resourceGroup().name]",
"metadata": {
"description": "name of the Service plan the app will be assigned to"
}
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[parameters('webAppName')]",
"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"location": "[parameters('location')]",
"properties": {
"name": "[parameters('webAppName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlan'))]"
},
"resources": [
{
"name": "[concat(parameters('webAppName'), '/Slot1')]",
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2021-03-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('webAppName'))]"
],
"tags": {
"displayName": "Web Deploy for webApp1"
},
"properties": {
"packageUri": "[concat('artifactsLocation', '/WebPackages/webApp1.zip', 'artifactsLocationSasToken')]",
"dbType": "None",
"connectionString": "",
"setParameters": {
"IIS Web Application Name": "webApp1"
}
}
}
]
}
],
"outputs": {}
}
Referencing the templates from your earlier question, it appeared that the dependsOn was not configured correctly.
Originally, it was setup incorrectly with:
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]"
I updated in two places to use the same deployment name:
"[concat(parameters('resourceGroupName'), 'ServicePlan')]"
The two sections look like:
"resources": [
...
{
"name": "[concat(parameters('resourceGroupName'), 'ServicePlan')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/servicePlanCreator.json')]",
"contentVersion": "1.0.0.0"
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]"
]
},
...
{
"name": "[concat(parameters('resourceGroupName'), 'App')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('resourcegroupName')]",
"apiVersion": "2021-04-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateFolderUri'), '/dualSlotWebApp.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {}
},
"dependsOn": [
"[concat(parameters('resourceGroupName'), 'ServicePlan')]"
]
}
],
Setting the dependency as I have ensures that the service plan completes deployment before the app begins deployment.
I am creating NSGs with copy function and it works fine. However, I would like to apply the NSGs similar way to the subnets but I get the copyindex not expected.
{
"apiVersion": "2017-08-01",
"name": "apply-nsg-to-subnet",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "#{BuildNumber}#",
"resources": [
{
"apiVersion": "2018-06-01",
"type": "Microsoft.Network/virtualNetworks/subnets",
"name": "[concat(parameters('vnetName') , '/' , parameters('subnets').settings[copyIndex()].name)]",
"location": "[variables('location')]",
"copy":{
"name": "subnetLoop",
"count": "[variables('subnetcount')]",
"mode": "Serial"
},
"properties": {
"addressPrefix": "[parameters('subnets').settings[copyIndex()].addressPrefix]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat(parameters('nsgNameAffix'), parameters('subnets').settings[copyIndex()].name, variables('nsgNameSuffix')))]"
}
}
}
]
}
}
}
What is wrong with my copyIndex use and how it should be used in this case?
This is due to the nested inline template you are using, I was able to repro and I was able to work around with this sample template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"subnets": {
"type": "array",
"defaultValue": [
{
"name": "testo",
"addressPrefix": "10.0.0.0/24"
},
{
"name": "testo1",
"addressPrefix": "10.0.1.0/24"
}
]
}
},
"resources": [
{
"apiVersion": "2018-08-01",
"name": "vnet-testo",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/16"
]
}
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[parameters('subnets')[copyIndex()].name]",
"location": "[resourceGroup().location]",
"copy": {
"name": "nsg",
"count": "[length(parameters('subnets'))]"
},
"properties": {
"securityRules": []
}
},
{
"name": "NestedDeployment1",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2015-01-01",
"dependsOn": [
"nsg",
"vnet-testo"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "https://paste.ee/d/iCWEu/0",
"contentVersion": "1.0.0.0"
},
"parameters": {
"subnets": {
"value": "[parameters('subnets')]"
}
}
}
}
]
}
Basically, I've just converted your template to a nested template (not inline).
ps. checkout my copy definition, its a bit better then yours.
I am trying to set up some tags within an ARM template in accordance with this article: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-templates-resources#apply-an-object-to-the-tag-element
I wanted to be able to set up a couple of generic tags in the TagValues parameter, but then append others for specific resources. Is this possible, and if so how? I've tried using [concat()] but it's not happy dealing with objects, and fails validation.
Here's an example of what I'm trying to do:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"tagValues": {
"type": "object",
"defaultValue": {
"Dept": "Finance",
"Environment": "Production"
}
}
},
"resources": [
{
"apiVersion": "2016-01-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[concat('storage', uniqueString(resourceGroup().id))]",
"location": "[resourceGroup().location]",
"tags": "[parameters('tagValues')]", // want to concatenate another tag here, so that the following is returned: "Dept": "Finance", "Environment": "Production", "myExtraTag": "myTagValue"
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
}
{
"apiVersion": "2016-01-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "mySecondResource",
"location": "[resourceGroup().location]",
"tags": "[parameters('tagValues')]", // want to concatenate a DIFFERENT tag here, so that the following is returned: "Dept": "Finance", "Environment": "Production", "myExtraDifferentTag": "myDifferentTagValue"
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
}
]
}
It's possible with union function. You can find more documentation about it here
Below solution might work for you. I have given 2 approaches. One with inline string converted to object with json function. Other approach is to create an object in variables and using union to concatenate both objects.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"tagValues": {
"type": "object",
"defaultValue": {
"Dept": "Finance",
"Environment": "Production"
}
}
},
"variables" : {
"customTag" : {"myExtraDifferentTag": "myDifferentTagValue", "myAnotherExtraDifferentTag": "myAnotherDifferentTagValue"}
},
"resources": [
{
"apiVersion": "2016-01-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[concat('storage', uniqueString(resourceGroup().id))]",
"location": "[resourceGroup().location]",
"tags": "[union(parameters('tagValues'),json('{\"myExtraTag\":\"myTagValue \"}'))]", //Concatenates `tagValues` object to inline object
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
}
{
"apiVersion": "2016-01-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "mySecondResource",
"location": "[resourceGroup().location]",
"tags": "[union(parameters('tagValues'),variables('customTag'))]", // Concatenates `tagValues` object to `customTag` object
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
}
]
}
Good question Greg!
You can achieve what you are after with the below:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"variables": {
"testvar": "customtagfromvar"
},
"parameters": {
},
"resources": [
{
"apiVersion": "2016-01-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[concat('storage', uniqueString(resourceGroup().id))]",
"location": "[resourceGroup().location]",
"tags": {
"department": "Finance",
"customTag": "[concat(variables('testvar'), '-concatedtext')]"
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
}
]
}
Hope this helps!
I'm trying to use the Recovery Services where I can automatically add a VM to Azure Backup via ARM template. I have successfully done this on a single machine deploy, but I'm trying to import it for when multiple VMs are deployed.
Here is where I had help from:
https://www.francoisdelport.com/2017/03/automating-azure-vm-backups-using-arm-templates/
and
Azure ARM JSON template - Add VM to Recovery Services Vault in different Resource Group
Here is a snippet from a single deploy I had working
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "Env1",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"apiVersion": "2016-06-01",
"name": "[concat( parameters('recoveryVault'), '/Azure/', 'iaasvmcontainer;iaasvmcontainerv2;', parameters('vmRsg') , ';', parameters('vmPrefix'), '/vm;iaasvmcontainerv2;', parameters('vmRsg'),';', parameters('vmPrefix'))]",
"location": "[resourceGroup().location]",
"type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems",
"properties": {
"protectedItemType": "Microsoft.Compute/virtualMachines",
"policyId": "[resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', parameters('recoveryVault'), parameters('recoveryPolicy'))]",
"sourceResourceId": "[resourceId(subscription().subscriptionId, parameters('vmRsg'), 'Microsoft.Compute/virtualMachines', parameters('vmPrefix'))]"
}
}
]
}
}
}
Now I'm trying to use that in a copyIndex form for VM deploy, and here is the code I've been testing with:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUsername": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Username for the Virtual Machine."
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the Virtual Machine."
}
},
"dnsNameForPublicIP": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Globally unique DNS Name for the Public IP used to access the Virtual Machine."
}
},
"windowsOSVersion": {
"type": "string",
"defaultValue": "2012-R2-Datacenter",
"allowedValues": [
"2008-R2-SP1",
"2012-Datacenter",
"2012-R2-Datacenter"
],
"metadata": {
"description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version. Allowed values: 2008-R2-SP1, 2012-Datacenter, 2012-R2-Datacenter."
}
},
"vmCount": {
"type": "int",
"defaultValue": 1
},
"virtualNetworkName": {
"type": "string"
},
"dataDiskCount": {
"type": "int",
"defaultValue": 1
},
"recoveryVault": {
"type": "string",
"metadata": {
"description": "Backup vault name"
}
},
"recoveryPolicy": {
"type": "string",
"metadata": {
"description": "Backcup policy name"
}
},
"vmPrefix": {
"type": "string",
"metadata": {
"description": "Prefix for VM names, used with vmCount to build the VM names"
}
},
"vmRsg": {
"type": "string",
"metadata": {
"description": "Resource group where VMs reside"
}
}
},
"variables": {
"imagePublisher": "MicrosoftWindowsServer",
"imageOffer": "WindowsServer",
"OSDiskName": "osdiskforwindowssimple",
"nicName": "myVMNic",
"subnetName": "Subnet",
"vhdStorageType": "Standard_LRS",
"publicIPAddressName": "myPublicIP",
"publicIPAddressType": "Dynamic",
"vhdStorageContainerName": "vhds",
"vmName": "MWindowsVM",
"vmSize": "Standard_A2",
"virtualNetworkName": "MyVNET",
"vnetId": "[resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]",
"subnetRef": "[concat(variables('vnetId'), '/subnets/', variables('subnetName'))]"
},
"resources": [
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[concat(variables('publicIPAddressName'), copyIndex(1))]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "PublicIPAddress"
},
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]",
"dnsSettings": {
"domainNameLabel": "[concat(parameters('dnsNameForPublicIP'), copyIndex(1))]"
}
},
"copy": {
"name": "publicIpCopy",
"count": "[parameters('vmCount')]"
}
},
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Network/networkInterfaces",
"name": "[concat(variables('nicName'), copyIndex(1))]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "NetworkInterface"
},
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', concat(variables('publicIPAddressName'), copyIndex(1)))]"
],
"properties": {
"ipConfigurations": [
{
"name": "[concat('ipconfig', copyIndex(1))]",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('publicIPAddressName'), copyIndex(1)))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
]
},
"copy": {
"name": "nicCopy",
"count": "[parameters('vmCount')]"
}
},
{
"apiVersion": "2017-03-30",
"copy": {
"name": "nodeCopy",
"count": "[parameters('vmCount')]"
},
"type": "Microsoft.Compute/virtualMachines",
"name": "[concat(variables('vmName'), copyIndex(1))]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "VirtualMachine"
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkInterfaces/', concat(variables('nicName'), copyIndex(1)))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[variables('vmSize')]"
},
"osProfile": {
"computerName": "[concat(variables('vmName'), copyIndex(1))]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "[variables('imagePublisher')]",
"offer": "[variables('imageOffer')]",
"sku": "[parameters('windowsOSVersion')]",
"version": "latest"
},
"osDisk": {
"createOption": "FromImage"
},
"copy": [
{
"name": "dataDisks",
"count": "[parameters('dataDiskCount')]",
"input": {
"diskSizeGB": 1023,
"lun": "[copyIndex('dataDisks')]",
"createOption": "Empty"
}
}
]
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('nicName'), copyIndex(1)))]"
}
]
}
}
},
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "Env1",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', concat(variables('vmName'), copyIndex(1)))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"copy": {
"name": "protectedItemsCopy",
"count": "[parameters('vmCount')]"
},
"apiVersion": "2017-03-30",
"name": "[concat( parameters('recoveryVault'), '/Azure/', 'iaasvmcontainer;iaasvmcontainerv2;', parameters('vmRsg') , ';', parameters('vmPrefix'), copyIndex(1), '/vm;iaasvmcontainerv2;', parameters('vmRsg'),';', parameters('vmPrefix'), copyIndex(1))]",
"location": "[resourceGroup().location]",
"type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems",
"properties": {
"protectedItemType": "Microsoft.Compute/virtualMachines",
"policyId": "[resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', parameters('recoveryVault'), parameters('recoveryPolicy'))]",
"sourceResourceId": "[resourceId(subscription().subscriptionId ,parameters('vmRsg'),'Microsoft.Compute/virtualMachines', concat(parameters('vmPrefix'), copyIndex(1)) )]"
}
}
]
}
}
}
]
}
Sadly it reports an error when trying to deploy, which I can't figure out why because it seems to be correct.
Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The template resource 'nestedTemplate' at line '198' and column '10' is not valid: The template function 'copyIndex' is not expected at this location. The function can only be used in a resource with copy specified. Please see https://aka.ms/arm-copy for usage details.. Please see https://aka.ms/arm-template-expressions for usage details.'.
The deployment validation failed
FYI, line 198 is "name": "nestedTemplate",
Any ideas, please?
To expand upon #4c74356b41 answer I was missing the all important "index":{ "value": "[copyIndex()]" within "Microsoft.Resources/deployments" on the parent template.
For those wanting to know more, have a look at: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-multiple
Ensure you have the ('index') parameter next to those items which need to be duplicated, such as "[concat(parameters('WHATEVER'), parameters('index'))]"
I also ended up having a nested source within my linked template for the overall design I was looking for.
So my parent template had a linked (child) template (to another file) with:
name": "[concat('nestings', copyIndex(1))]",
"type": "Microsoft.Resources/deployments", ...
My child template had all the usual buildings of a VM with the parameters ('index') to ensure the items which are duplicated are named correctly.
And finally at the bottom of the child template I had a nested template source so I could back the VM up to another resource group (had to be nested, otherwise you can't do multiple resource groups), which looked like this:
{
"apiVersion": "2017-05-10",
"name": "[concat('nestedTemplate', parameters('index'))]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "Env1",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', concat(variables('vmName'), parameters('index')))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"apiVersion": "2016-06-01",
"name": "[concat( parameters('recoveryVault'), '/Azure/', 'iaasvmcontainer;iaasvmcontainerv2;', parameters('vmRsg') , ';', concat(parameters('vmPrefix'), parameters('index')), '/vm;iaasvmcontainerv2;', parameters('vmRsg'),';', concat(parameters('vmPrefix'), parameters('index')))]",
"location": "[resourceGroup().location]",
"type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems",
"properties": {
"protectedItemType": "Microsoft.Compute/virtualMachines",
"policyId": "[resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', parameters('recoveryVault'), parameters('recoveryPolicy'))]",
"sourceResourceId": "[resourceId(subscription().subscriptionId, parameters('vmRsg'), 'Microsoft.Compute/virtualMachines', concat(parameters('vmPrefix'), parameters('index')))]"
}
}
]
}
}
}
So what its telling you that you are not supposed to use copyIndex() function in that place. Now why exactly this is happening I don't know, but I do know that inline templates are a mess (for instance they use parent template paremeters, not nested template), I'm pretty sure if you convert that template to a real nested template (so a linked template, completely separate file) the above syntax will work.
Also, I'm handling this in a separate manner. I'm using 1 single nested deployment for each VM I have, so I'm using copy on the deployment resource, not backup resource.
I'm creating Azure resource manager template with ServiceBus, queue and couple shared access rules. I'm creating the namespace and the queue correctly but when I try to add authorization rule I get:
Resource Microsoft.ServiceBus/namespaces/authorizationRules
'myservicebusnamespace/SendOnlyKey' failed with message 'Request
payload is not in the expected format.
First of all is this possible? There's no samples out there and do documentation either..
Since this is quite generic message I was wondering if anyone else has encountered similar issues using ARM Template for creating Queues?
This is what I have so far:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sbNamespace": {
"type": "string",
"metadata": {
"description": "The service bus namespace"
}
}
},
"variables": {
"location": "[resourceGroup().location]",
"sbVersion": "[providers('Microsoft.ServiceBus', 'namespaces').apiVersions[0]]",
"queueName": "testQueue",
"defaultSASKeyName": "RootManageSharedAccessKey",
"authRuleResourceId": "[resourceId('Microsoft.ServiceBus/namespaces/authorizationRules', parameters('sbNamespace'), variables('defaultSASKeyName'))]",
"sendAuthRuleResourceId": "[resourceId('Microsoft.ServiceBus/namespaces/authorizationRules', parameters('sbNamespace'), 'SendOnlyKey')]",
"keyGeneratorTemplateUri": "https://raw.githubusercontent.com/sjkp/Azure.ARM.ServiceBus/master/Azure.ARM.ServiceBus/Templates/keygenerator.json"
},
"resources": [
{
"apiVersion": "2015-01-01",
"name": "primaryKey",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "incremental",
"templateLink": {
"uri": "[variables('keyGeneratorTemplateUri')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"seed": { "value": "1234a5" }
}
}
},
{
"apiVersion": "2015-01-01",
"name": "secondaryKey",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "incremental",
"templateLink": {
"uri": "[variables('keyGeneratorTemplateUri')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"seed": { "value": "ac34a5" }
}
}
},
{
//namespace
"apiVersion": "[variables('sbVersion')]",
"name": "[parameters('sbNamespace')]",
"type": "Microsoft.ServiceBus/namespaces",
"location": "[variables('location')]",
"properties": {
"messagingSku": 2
},
"resources": [
{
//queue
"apiVersion": "[variables('sbVersion')]",
"name": "[variables('queueName')]",
"type": "Queues",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('sbNamespace'))]"
],
"properties": {
"path": "[variables('queueName')]",
"defaultMessageTimeToLive": "14.0:0:0",
"maxQueueSizeInMegaBytes": "1024",
"maxDeliveryCount": "10"
}
}
,{
//auth rule 1
"apiVersion": "[variables('sbVersion')]",
"name": "[concat(parameters('sbNamespace'),'/SendOnlyKey')]",
"type": "Microsoft.ServiceBus/namespaces/authorizationRules",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('sbNamespace'))]",
"[concat('Microsoft.Resources/deployments/', 'primaryKey')]",
"[concat('Microsoft.Resources/deployments/', 'secondaryKey')]"
],
"location": "[variables('location')]",
"properties": {
"keyName": "SendOnlyKey",
"PrimaryKey": "[reference('primaryKey').outputs.key.value]",
"SecondaryKey": "[reference('secondaryKey').outputs.key.value]"
}
}
]
}
],
"outputs": {
"NamespaceDefaultConnectionString": {
"type": "string",
"value": "[listkeys(variables('authRuleResourceId'), variables('sbVersion')).primaryConnectionString]"
}
}
}
Sounds like something is failing with the sub template that should generate the keys.
Could you try to generate they keys with e.g. powershell instead:
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$key = [System.Convert]::ToBase64String($bytes)
To see if that fixes the error.
Difficult stuff, that's for sure. Have a look at
Service Bus ARM Templates
No Service Bus Provider for ARM yet