Please help me understand what is wrong with my Azure ARM template here, Which is very basic, takes some input arguments and prints out resourceId.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualNetworkName": {
"type": "string"
},
"virtualNetworkResourceGroupName": {
"type": "string"
},
"subnetName": {
"type": "string"
},
"location": {
"type": "string",
"metadata": {
"description": "Location to Deploy Azure Resources"
}
}
},
"resources": [],
"outputs": {
"subnetRef": {
"type": "string",
"value": "[resourceId(parameters('virtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName'))]"
}
}
}
Providing the required parameters, it fails with the following Error Message.
Parameter File
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualNetworkName": {
"value": "core-services-vnet"
},
"virtualNetworkResourceGroupName": {
"value": "core-networking-rg"
},
"subnetName": {
"value": "private"
},
"location": {
"value": "westus"
}
}
}
$ az deployment create -n core-deploy --template-file azuredeploy.json --parameters #params.json --location westus
Deployment failed. Correlation ID: b97a7544-2814-40c0-88c9-fbaaea2bf645. The template output 'subnetRef' is not valid: The provided value 'core-networking-rg' is not valid subscription identifier. Please see https://aka.ms/arm-template-expressions/#resourceid for usage details.
What Am I missing here ?
Thanks, Nag
The problem is the deployment scope. You can target your deployment to either an Azure subscription or a resource group within a subscription.
In your template, the $schema https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json# is used for resource group deployments, while the commands az deployment create you use is for subscription-level deployments. The schema https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json# for subscription-level deployments is different than the schema for resource group deployments. You could get references from creating resource groups and resources at the subscription level.
In this case, you can use the commands az group deployment create -n core-deploy --template-file azuredeploy.json --parameters #params.json --location westus instead of az deployment create xxx to fix this issue.
Related
I'm trying to create a private endpoint through an ARM template for a storage account if the storage account SKU is Standard_GRS or Standard_RAGRS, or Standard_GZRS. How to include this in the conditional statement in the ARM template.
We have tested this in our local environment, below statements are based on our analysis.
In our local environment, we have created an ARM template to deploy storage account a condition the SKU of the storage account should be either of the below :
"Standard_GRS", "Standard_RAGRS", "Standard_GZRS"
To achieve this we have used the below condition in our ARM template :
"condition":"[or(equals(parameters('sku'),'Standard_RAGRS'),equals(parameters('sku'),'Standard_GZRS'),equals(parameters('sku'),'Standard_GRS'))]",
Here is the ARM template that we have used:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sku": {
"type": "string"
}
},
"functions": [],
"variables": {
},
"resources": [
{
"condition":"[or(equals(parameters('sku'),'Standard_RAGRS'),equals(parameters('sku'),'Standard_GZRS'),equals(parameters('sku'),'Standard_GRS'))]",
"name": "<strgaccount>",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-04-01",
"tags": {
"displayName": "storageaccount1"
},
"location": "[resourceGroup().location]",
"kind": "StorageV2",
"sku": {
"name": "[parameters('sku')]"
}
}
],
"outputs": {}
}
Here is the sample output for reference:
In the below Output we have passed the SKU value "Standard_GZRS" the condition got succeeded and Resource got deployed.
In the below Output we have passed the SKU value "Standard_LRS" the condition got failed & the resource didn't get deployed.
When I deploy this template via Terraform and Azure Devops, I get an Invalid template error while the template deploys normally on the portal. This is the error:
'The template resource '' of type 'microsoft.insights/workbooks' at
line '1' and column '1512' is not valid. The name property cannot be
null or empty. Please see https://aka.ms/arm-template/#resources for
usage details.'."
AdditionalInfo=[{"info":{"lineNumber":1,"linePosition":1512,"path":"properties.template.resources[0]"},"type":"TemplateViolation"}]
What modification should I make to deploy via Terraform?
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
"defaultValue": "Azure Firewall Workbook",
"metadata": {
"description": "The friendly name for the workbook that is used in the Gallery or Saved List. This name must be unique within a resource group."
}
},
"workbookType": {
"type": "string",
"allowedValues": [
"workbook",
"sentinel"
],
"defaultValue": "workbook",
"metadata": {
"description": "The gallery that the workbook will been shown under. Supported values include workbook, tsg, etc. Usually, this is 'workbook'"
}
},
"DiagnosticsWorkspaceName": {
"type": "string",
"defaultValue": "WorkspaceName",
"metadata": {
"description": "Provide the workspace name for your Network Diagnostic logs"
}
},
"DiagnosticsWorkspaceSubscription": {
"type": "string",
"defaultValue": "WorkspaceSubscriptionID",
"metadata": {
"description": "Provide the workspace subscription GUID for your Network Diagnostic logs"
}
},
"DiagnosticsWorkspaceResourceGroup": {
"type": "string",
"defaultValue": "ResourceGroupName",
"metadata": {
"description": "Provide the workspace resourcegroupname for your Network Diagnostic logs"
}
},
"workbookId": {
"type": "string",
"defaultValue": "[newGuid()]",
"metadata": {
"description": "The unique guid for this workbook instance"
}
}
},
"variables": {
"workbookSourceId": "[concat('/subscriptions/',parameters('DiagnosticsWorkspaceSubscription'),'/resourcegroups/', parameters('DiagnosticsWorkspaceResourceGroup'), '/providers/Microsoft.OperationalInsights/workspaces/',parameters('DiagnosticsWorkspaceName'))]"
},
"resources": [
{
"name": "[parameters('workbookId')]",
"type": "microsoft.insights/workbooks",
"location": "[resourceGroup().location]",
"apiVersion": "2018-06-17-preview",
"dependsOn": [],
"kind": "shared",
"properties": {
"displayName": "[parameters('workbookDisplayName')]"}",
"version": "1.0",
"sourceId": "[variables('workbookSourceId')]",
"category": "[parameters('workbookType')]"
}
}
],
"outputs": {
"workbookId": {
"type": "string",
"value": "[resourceId( 'microsoft.insights/workbooks', parameters('workbookId'))]"
}
},
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#"
}
I don't know ARM templates but I have really good experience on Terraform AWS & Terraform Azure providers.
First of all, you better take a look Terraform resource page which is here. That would be helpful in understanding resource needs and outcomes.
I might be wrong, because your Terraform script is not visible in the question section. Nevertheless, I guess you might have an issue in Terraform side. As I understood, you are getting error from ARM templates. It is complaining about missing name parameter which is mandatory. You may forget passing parameter names from Terraform to ARM template. I might be wrong, this is just a suggestion, the correct way would be reviewing Terraform azurerm_template_deployment resource.
// ARM Template part
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS"
],
"metadata": {
"description": "Storage Account type"
}
}
},
// Terraform resource provisioning
parameters = {
"storageAccountType" = "Standard_GRS"
}
I have a solution consisting of different services I need to deploy in my Azure account:
global_params.json:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"globalParam1": {
"value": "v1"
},
"globalParam2": {
"value": "v2"
}
}
}
myservice_params.json:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"svcParam1": {
"value": "v1"
},
"svcParam2": {
"value": "v2"
},
"svcParam3": {
"value": "v3"
}
}
}
In my ARM template azuredeploy.json I need to get both groups of parameters:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"globalParam1": {...}
},
"globalParam2": {...}
},
"svcParam1": {...}
},
"svcParam2": {...}
},
"svcParam3": {...}
}
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2020-08-01",
"name": "[parameters('storageAccountName')]",
"location": "[parameters('globalParam1')]",
"sku": {
"name": "[parameters('svcParam1')]",
"tier": "[parameters('svcParam2')]"
},
"kind": "[parameters('svcParam3')]",
"properties": {
"accessTier": "[parameters('globalParam2')]"
}
}
]
}
How do I use the Azure CLI to make sure I pass parameters merged from both parameters file? I know one parameter file can be passed as follow (see doc):
az deployment group create ... --template-file ./azuredeploy.json --parameters #myservice_params.json
But how to specify two parameters files and get them merged?
The CLI (nor Azure itself) support this - you would have to do the merge yourself prior to calling into Azure.
You could use defaultValues on the parameters in the template to come close to replicating.
Although article is few months old, I tested it by adding second parameters file using #.
So command will be:
az deployment group create -g resourceGroup --template-file template.json --parameters #parameters1.json #parameters2.json
I am trying to deploy azure resources using Linked ARM template, for which i places the parameters file and template file on blob storage. Link for parameter file and blob storage i need to pass as parameter while executing the azure command from CLI. Below is my sample masterazuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {
"templateBaseUrl": "[parameters('templateBaseUrl')]",
"parameterBaseUrl": "[parameters('parameterBaseUrl')]",
"keyVaultDeployTemplateUrl": "[uri(variables('templateBaseUrl'), 'keyvaultdeploy.json')]"
},
"resources": [
{
"apiVersion": "[variables('apiVersionResourceDeployment')]",
"name": "keyVaultDeployment",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('keyVaultDeployTemplateUrl')]"
},
"parametersLink": {
"uri": "[variables('keyVaultparameterFileUrl')]"
}
}
}
]
}
To execute this i am giving following CLI command:
az group deployment create --resource-group abc-devops-test --template-file .\masterazuredeploy.json --parameters templateBaseUrl="https://test.blob.core
.windows.net/azurestackautomationtest/resourcetemplates/" parameterBaseUrl="https://test.blob.core.windows.net/azurestackautomationtest/parameters/dev/" --verbose
While executing i am getting following error:
unrecognized template parameter 'templateBaseUrl'. Allowed parameters:
command ran in 1.918 seconds.
I tried parameter values without inverted quotes, with single quotes. Still not working. Where exactly i am missing.
Also tried the another approach, placed both parameters in global.parameters.json as below,
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"templateBaseUrl": {
"value": "https://test.blob.core.windows.net/azurestackautomation/resourcetemplates/"
},
"parameterBaseUrl": {
"value": "https://test.blob.core.windows.net/azurestackautomation/parameters/dev/"
}
}
}
and uploaded this file to blob storage, and given path of blob storage as parameter
az group deployment create --resource-group abc-devops-test --template-file .\masterazuredeploy.json --parameters https://test.blob.core.windows.net/azur
estackautomationtest/parameters/dev/global.parameters.json --verbose
But getting below error:
400 Client Error: Bad Request for url: https://management.azure.com/subscriptions/XXXX-xx-x-x-x--x-x/resourcegroups/abc-devops-test/providers/Microsoft.Resources/deployments/masterazuredeploy?api-version=2018-05-01
command ran in 5.646 seconds.
As I see in your template, you miss setting the parameters, what you did is to input the parameter values to the parameters in the template, no matter the both CLI command you have provided. But you did not set parameters so that no parameters you can use. I suggest you change the template into below:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"templateBaseUrl": {
"type": "string"
},
"parameterBaseUrl": {
"type": "string"
}
},
"variables": {
"keyVaultDeployTemplateUrl": "[uri(parameters('templateBaseUrl'), 'keyvaultdeploy.json')]"
},
"resources": [
{
"apiVersion": "[variables('apiVersionResourceDeployment')]", #1
"name": "keyVaultDeployment",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('keyVaultDeployTemplateUrl')]"
},
"parametersLink": {
"uri": "[variables('keyVaultparameterFileUrl')]" #2
}
}
}
]
}
And you also miss setting the variables apiVersionResourceDeployment and keyVaultparameterFileUrl. You can use both parameter and variable as you like.
Is it possible to add storage to a resource groups?
IIRC my storage group was created automatically when I used the 'old' version of the portal.
I can see my domain and VM in the group, but no storage. How do I add it?
You can create the storage account with in a resource group by using following template via ARM API or Powershell as well:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"accountType": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2014-06-01",
"name": "[parameters('name')]",
"type": "Microsoft.ClassicStorage/StorageAccounts",
"location": "[parameters('location')]",
"properties": {
"accountType": "[parameters('accountType')]"
}
}
]}
Assuming you mean storage account, you can create a storage account within a resource group in the preview portal. You cannot yet do it via the ARM API or Powershell though (see this question).