I have two subscription plans QA-##### and Prod-########. First is used for QA environment and second one is used for the production environment. I am able to connect the Azure database on QA-###### subscription after adding my client IP in the server firewall list.
But I am not able to connect Azure SQL Database on Prod-######## subscription. When I am going to add my client IP in a server firewall rule, It's showing a success message but not listed there.
I also submitted a support ticket on azure help and support section but no response.
Sometimes there are issues with Azure portal that affect a small set of Azure customers. My suggestion is to use PowerShell to add the firewall rule needed while you wait for the issue to be fixed by Azure Support.
# Connect-AzAccount
# The SubscriptionId in which to create these objects
$SubscriptionId = ''
# Set the resource group name and location for your server
$resourceGroupName = "myResourceGroup-$(Get-Random)"
$location = "westus2"
# Set an admin login and password for your server
$adminSqlLogin = "SqlAdmin"
$password = "ChangeYourAdminPassword1"
# Set server name - the logical server name has to be unique in the system
$serverName = "server-$(Get-Random)"
$startIp = "0.0.0.0"
$endIp = "0.0.0.0"
# Set subscription
Set-AzContext -SubscriptionId $subscriptionId
# Create a resource group
$resourceGroup = New-AzResourceGroup -Name $resourceGroupName -Location $location
# Create a server with a system wide unique server name
$server = New-AzSqlServer -ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-Location $location `
-SqlAdministratorCredentials $(New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $adminSqlLogin, $(ConvertTo-SecureString -String $password -AsPlainText -Force))
# Create a server firewall rule that allows access from the specified IP range
$serverFirewallRule = New-AzSqlServerFirewallRule -ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-FirewallRuleName "AllowedIPs" -StartIpAddress $startIp -EndIpAddress $endIp
Related
we have a problem with a Microsoft bot hosted in Azure.
As long as we haven't resolved it, we want to periodically restart it.
We found 3 sets of powershell commands and spent the full day on it without making it work.
Solution 1:
we found the cmdlets : Get-AzCloudService Restart-AzCloudService.
We didn't understand from the documentation what module to install.
It returns : The term 'Restart-AzCloudService' is not recognized as the name of a cmdlet.
They talk about an obscure "extended support" to have access to it.
Solution 2:
We are able to list the cloud service using:
Connect-AzAccount
get-azresource -name $serviceName -resourcetype
"Microsoft.BotService/botServices"
But we do not find the cmdlet to restart the resource.
Solution 3:
Reset-AzureRoleInstance -serviceName $serviceName -Slot "production" -InstanceName $serviceName
Error : No default subscription has been designated. Use Select-AzureSubscription -Default
We are using MFA. Login-AzureRmAccount systematically fails , evenly saying that our account is disabled.
We did no manager to run the sequence:
Login-AzureRmAccount
Select-AzureSubscription -Default
Reset-AzureRoleInstance -serviceName $serviceName -Slot "production" -InstanceName $serviceName
The idea is to run this script twice a day, either from a VM or from an Azure Runbook.
We managed to run this code using an automation Account but we are still missing the last command that would restart the bot (that we consider a cloud service).
Param()
$automationAccount = "xxx"
$resourceGroup = "xxx"
$serviceName = "xxx"
$subscriptionname ="xxx"
$subscriptionid ="xxx"
# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process | Out-Null
# Connect using a Managed Service Identity
try {
$AzureContext = (Connect-AzAccount -Identity).context
}
catch{
Write-Output "There is no system-assigned user identity. Aborting.";
exit
}
#Set-AzureSubscription -SubscriptionId $subscriptionid
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription `
-DefaultProfile $AzureContext
get-azresource -name $serviceName -resourcetype "Microsoft.BotService/botServices"
I'm trying to link new application insights to existing Azure web app through Powershell with the below script. I'm able to create a new app insight but unable to link the new app insight to the existing Azure web app.
$appInsights = New-AzResource -ResourceName 'MyWebsite09' -ResourceGroupName 'Test' `
-Tag #{ applicationType = 'web'; applicationName = 'sample1'} `
-ResourceType 'Microsoft.Insights/components' -Location 'North Central US' `
-PropertyObject #{'Application_Type'='web'} -Force
$appSetting = #{'APPINSIGHTS_INSTRUMENTATIONKEY'= $appInsights.Properties.InstrumentationKey}
Set-AzWebApp -Name 'sample1' -ResourceGroupName 'Test' -AppSettings $appSetting
Here is the Powershell commands to link application insights with exisiting azure web app . As your code will not enable the application insights , Follow the below code
$app = Get-AzWebApp -ResourceGroupName "AppMonitoredRG" -Name "AppMonitoredSite" -ErrorAction Stop
$newAppSettings = #{} # case-insensitive hash map
$app.SiteConfig.AppSettings | %{$newAppSettings[$_.Name] = $_.Value} # preserve non Application Insights application settings.
$newAppSettings["APPINSIGHTS_INSTRUMENTATIONKEY"] = "012345678-abcd-ef01-2345-6789abcd"; # set the Application Insights instrumentation key
$newAppSettings["APPLICATIONINSIGHTS_CONNECTION_STRING"] = "InstrumentationKey=012345678-abcd-ef01-2345-6789abcd"; # set the Application Insights connection string
$newAppSettings["ApplicationInsightsAgent_EXTENSION_VERSION"] = "~2"; # enable the ApplicationInsightsAgent
$app = Set-AzWebApp -AppSettings $newAppSettings -ResourceGroupName $app.ResourceGroup -Name $app.Name -ErrorAction Stop
You can Refer to this MS DOC for linking application insights to azure web-app fully.
or, You can even refer the SO thread for more details .
The below commands work for me in Azure portal CloudShell. After implementing the below code we were able to link New Application insight for existing webapp.
Code:
$resourceGroupName = "****"
$resourceName = "***"
$appInsightsInstrumentationKey = "***"
$app = Get-AzWebApp -ResourceGroupName $resourceGroupName -Name $resourceName -ErrorAction Stop
$newAppSettings = #{} # case-insensitive hash map
$app.SiteConfig.AppSettings | %{$newAppSettings[$.Name] = $.Value} # preserve non Application Insights application settings.
$newAppSettings["APPINSIGHTS_INSTRUMENTATIONKEY"] = $appInsightsInstrumentationKey; # set the Application Insights instrumentation key
$newAppSettings["APPLICATIONINSIGHTS_CONNECTION_STRING"] = "InstrumentationKey=$appInsightsInstrumentationKey"; # set the Application Insights connection string
$newAppSettings["ApplicationInsightsAgent_EXTENSION_VERSION"] = "~2"; # enable the ApplicationInsightsAgent
$app = Set-AzWebApp -AppSettings $newAppSettings -ResourceGroupName $app.ResourceGroup -Name $app.Name -ErrorAction Stop
Restart-AzWebApp -ResourceGroupName "*** " -Name "***"
Please update the values and try this code in Azure Portal CloudShell.
Note: The code is not working for me in Windows Powershell ISE application.
What is the equivalient of this code using New-AzAppServicePlan?
az appservice plan create --resource-group $ServerFarmResourceGroupName `
--name $AppServicePlanName `
--is-linux `
--location $ResourceGroupLocation `
--sku $AppServicePlanTier `
--number-of-workers $NumberOfWorkers
Is there really no way to create an App Service Plan using Az Powershell? Why can it only be done via Azure CLI or ARM?
I only found this answer, which basically uses ARM directly: How do I use Powershell to create an Azure Web App that runs on Linux?
There are some issues about this, suppose for now this is not supported for New-AzureRmAppServicePlan, however you could use New-AzureRmResource to create a linux plan. You could try the below command.
New-AzureRmResource -ResourceGroupName <>group name -Location "Central US" -ResourceType microsoft.web/serverfarms -ResourceName <plan name> -kind linux -Properties #{reserved="true"} -Sku #{name="S1";tier="Standard"; size="S1"; family="S"; capacity="1"} -Force
I originally used my script to create a ConsumptionPlan (Y1) through PowerShell and AzureCLI because I don't like when Azure put a generated name when creating a ConsumptionPlan.
Please find my solution to create a Linux App Service Plan (B1) using New-AzResource:
$fullObject = #{
location = "West Europe"
sku = #{
name = "B1"
tier = "Basic"
}
kind = "linux"
properties = #{
reserved = $true
}
}
$resourceGroupName = "rg-AppServicePlanLinux"
$serverFarmName = "aspl-test"
Write-Host "Step 1: CREATING APP SERVICE PLAN B1:Basic named [$serverFarmName]"
# Create a server farm which will host the function app in the resource group specified
New-AzResource -ResourceGroupName $resourceGroupName -ResourceType "Microsoft.Web/serverfarms" -Name $serverFarmName -IsFullObject -PropertyObject $fullObject -Force
So I used the ARM template to understand which information you need to provide on the -PropertyObject parameter
It also now seems possible to do an App Service Plan Linux with New-AzAppServicePlan command since Az PowerShell 4.3.0 (June 2020) with the parameter -Linux
Az.Websites
Added safeguard to delete created webapp if restore failed in 'Restore-AzDeletedWebApp'
Added 'SourceWebApp.Location' for 'New-AzWebApp' and 'New-AzWebAppSlot'
Fixed bug that prevented changing Container settings in 'Set-AzWebApp' and 'Set-AzWebAppSlot'
Fixed bug to get SiteConfig when -Name is not given for Get-AzWebApp
Added a support to create ASP for Linux Apps
Added exceptions for clone across resource groups
Release Note: https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps?view=azps-5.6.0&viewFallbackFrom=azps-4.3.0#azwebsites-7
New-AzAppServicePlan: https://learn.microsoft.com/en-us/powershell/module/az.websites/new-azappserviceplan?view=azps-5.6.0
If you get "The Service is unavailable" after deploying your new Function app (Consumption Plan) with Azure CLI, please make sure the following statement from Microsoft:
https://github.com/Azure/Azure-Functions/wiki/Creating-Function-Apps-in-an-existing-Resource-Group
I waste the whole day because I got another Function App (Premium Plan) in the same resource group I used to deploy the Consumption one.
This worked for me:
Adding -Linux as a parameter to my command
New-AzAppServicePlan -ResourceGroupName $RESOURCE_GROUP_NAME -Name $APP_SERVICE_PLAN_NAME -Location $RESOURCE_LOCATION -Linux -Tier $APP_SERVICE_PLAN_TIER -NumberofWorkers $APP_SERVICE_PLAN_WORKERS -WorkerSize $APP_SERVICE_PLAN_WORKER_SIZE
Example:
New-AzAppServicePlan -ResourceGroupName 'MyResourceGroup' -Name 'MyServicePlan' -Location 'northeurope' -Linux -Tier 'PremiumV2' -NumberofWorkers 2 -WorkerSize Medium
That's all.
I hope this helps
I'm currently running into difficulty in creating an Azure VM from a custom VM image. I am following the guide from Azure from here: https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-linux-capture-image/
I've used Waagent and deprovisioned the machine as instructed, and deallocated, generalized, and captured my machine image (I have made some modifications to the core Ubuntu 16.04LTS image available from Azure software wise). I have successfully created the template.json file (Can provide it if needed). I then completed all the tasks below in the powershell script as outlined in the article, just extracting the parameters to variables to make things a bit easier.
## Global
$rgName = "testrg"
$location = "eastus"
## Storage
$storageName = "teststore"
$storageType = "Standard_GRS"
## Network
$nicname = "testnic"
$subnetName = "subnet1"
$vnetName = "testnet"
$vnetAddressPrefix = "10.0.0.0/16"
$vnetSubnetAddressPrefix = "10.0.0.0/24"
$ipName = "TestIP"
## Compute
$vmName = "testvm"
$computerName = "testcomputer"
$vmSize = "Standard_D1_v2"
$osDiskName = $vmName + "osDisk"
#template
$fileTemplate = "C:\AzureTemplate\template.json"
azure group create $rgName -l $location
azure network vnet create $rgName $vnetName -l $location
azure network vnet subnet create --resource-group $rgName --vnet-name $vnetName --name $subnetName --address-prefix $vnetSubnetAddressPrefix
azure network public-ip create $rgName $ipName -l $location
azure network nic create $rgName $nicName -k $subnetName -m $vnetName -p $ipName -l $location
azure network nic show $rgName $nicname
azure group deployment create $rgName $computerName -f $fileTemplate
I am able to successfully run all the commands to create the resource group and the network components, however, when I try to run the deployment command at the bottom of the powershell script, I get the following and it just hangs here indefinitely. Am I using the right approach to create a VM from a custom image? Or is that Azure guide outdated?
azure group deployment create $rgName $computerName -f $fileTemplate
[32minfo[39m: Executing command [1mgroup deployment create[22m
[32minfo[39m: Supply values for the following parameters
EDIT: Link to image showing the issue: http://imgur.com/a/Fgh8K
I believe your understanding is not complete. If you see at the last line it says Supply values for the following parameters
You need to pass the values for VM name, the admin user name and password, and the Id of the NIC you created previously. My be you should re-read the documentation. Here is the screenshot for your reference from https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-linux-capture-image/#deploy-a-new-vm-from-the-captured-image -
Lightly related to How to add an SSL certificate to an azure website using powershell?
I am trying to add a certificate to an Azure RM website via Powershell.
I don't think there is a direct Azure Powershell command, and it will need to be done via New-AzureRmResource
In the latest release of Azure PowerShell v 1.1.0, there is a number of new commands to handle SSL certificates in Azure Web Apps
You can upload the certificate and bind it to hostname using
New-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -CertificateFilePath PathToPfxFile -CertificatePassword PlainTextPwd -Name www.contoso.com
And then remove the binding but without removing the certificate, the app should be able to use it after you add a app setting referencing that cert (this should be done using the portal - the PowerShell command to do so will come soon - No ETA for now)
Remove-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -Name www.contoso.com -DeleteCertificate $false
Looking through the ARM Template the "Microsoft.Web/certificates" template takes a pfxblob and a password.
It seems the easiest way of obtaining a pfxblob is via New-AzureRmApplicationGatewaySslCertificate (thanks to #vigneshaj for the pointer) reading the source, it seems that this is simply a local conversation cmdlet. So it doesn't matter that it is for an application gateway, all we need is the data it passes back.
$pfx = New-AzureRmApplicationGatewaySslCertificate -Name example `
-CertificateFile E:\PS\example.pfx `
-Password "bananas"
Once we have that data, we can simply plug it into New-AzureRmResource and it will create our certificate on Azure.
The small problem with this, is that if you're a cheapskate (like me) and you've obtained a free cert from that Chinese CA that gives sha256 certs, this process will strip off the certificate that signs pages with sha256, and so it falls back to TLS 1.2, which gives errors (on Chrome at least)
$ResourceLocation = "West Europe"
$ResourceName = "Newcertificate"
$PropertiesObject = #{
pfxBlob = $pfx.Data
password = $pfx.Password
}
New-AzureRmResource -Name $ResourceName -Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName examplecomRG `
-ResourceType Microsoft.Web/certificates `
-ApiVersion 2015-08-01 -Force
The next job from there is configuring your Web App to use that cert. Because these properties are child objects of the hostNameSslStates array I created an inner hash table, and then attached that. I'm sure there's a more elegant way, but this worked!
$ResourceName = "ConfuseioWebapp"
$InnerPropertiesObject = #{
name = "www.example.com"
sslState = 1
thumbprint = "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
}
$PropertiesObject = #{
"hostNameSslStates" = [Object[]]$InnerPropertiesObject
}
New-AzureRmResource -Name $ResourceName `
-Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName examplecomRG `
-ResourceType Microsoft.Web/sites `
-ApiVersion 2015-08-01 -Force
And that is pretty much it.
I came across the below article, which configures SSL through powershell, by creating Azure Application Gateway
https://azure.microsoft.com/en-us/documentation/articles/application-gateway-ssl/