I have ARM who deploy kubernetes cluster and httptrigger function app. Inside httptrigger func I have client for kubernetes who do some action if I trigger this func manually, its work fine. But I need run this trigger automatically after deploy ARM was finished.
The HTTP request that triggers the Azure Function may be sent either by ARM itself or by whatever orchestrator you use to execute the template (e.g. Azure DevOps pipeline). Terraform can execute scripts directly; unless you really want to use ARM, it might be an option.
If you want to go with ARM, there are at least three options:
Make the Azure Function return an "empty" ARM template and trigger it by a request for a nested deployment template. https://blog.cloudtrooper.net/2017/04/04/run-azure-functions-from-your-quickstart-arm-templates/
Use Azure Container Instances to launch an instance of a container image as a stand-alone container in Azure and execute an arbitrary command inside. https://samcogan.com/run-scripts-in-arm-deployments-with-aci/
Use the deployment scripts resource (Microsoft.Resources/deploymentScripts). It is basically built-in support for the approach using Azure Container Instances. See the official docs or an older article from the time the feature was still in preview that I still like: https://dev.to/omiossec/arm-template-what-s-new-for-2020-4kli#deployementsscripts-resource-provider
In any case, you will need to properly set up the dependsOn references so that the request is sent at the right time. Or better, use Bicep that mostly takes care of the dependencies implicitly, if used right.
Assuming you are using Powershell to deploy your ARM template, you can use Powershell to trigger your azure http trigger function right after you deploy your ARM template:
Invoke-WebRequest -Uri <function_uri> -Method POST
Hope this helps!
Related
I am using Terraform to provision my Azure resources which works great, however, for some resources such as Logic Apps, doing this natively doesn't really work so I am using the Logic Apps ARM template and doing a Terraform "azurerm_resource_group_template_deployment" in order to provision. I know doing an ARM template deployment within Terraform is a bit of a last resort. It works ok though and deploys fine but I have a Service Bus connection defined and that is of type "securestring". By default, these are not saved as part of ARM deployment so everytime Terraform runs in my pipeline, even if the Logic App ARM template has not changed, it still does the deployment as the top level deployment state Terraform knows about previously did not have the value saved so will always see it as new. Is there any way around this other than changing the "securestring" to "string" which I obviously do not want to do given the endpoint contains the SAS key etc?
Hit same issues today - really limits what is viable. Managed to work around my two scenario's.
For things like keys and connection strings you can use the listkeys function inside of the ARM template - some examples here. I had this exact issue trying to get a log analytics workspace key in to the template - https://github.com/Azure/azure-quickstart-templates/blob/master/demos/arm-template-retrieve-azure-storage-access-keys/azuredeploy.json - Get connection strings in ARM
Another scenario I had was wanting to pass a service principal secret from TF to template as securestring, to get around this I ended up getting the secret from keyvault inside of the ARM template instead.
We are provisioning APIM service first(apim.json), Post which we provision multiple function App.
All the ARM templates are separate with their respective parameter file. We are using Azure Pipelines for CI/CD.
Pipeline1 functionapp1.json
Pipeline2 functionapp2.json
Pipeline3 functionapp3.json
Pipeline4 apim.json
We have an requirement of applying Access restriction on Function Apps. We want to add Access Restriction using ARM templates.
How can we get VIP of APIM on run time so that we can white list VIP of APIM in access restriction section of Function app. All the pipeline are separate for each function app and APIM
Using API and get the value on runtime(Powershell) is one of the option. But we want to handle it using ARM templates.
Any inputs would be highly appreciated.
Used the following to whitelist at runtime.
"ipAddress": "[concat(reference(resourceId('Microsoft.ApiManagement/service', parameters('apimName')),'2019-01-01').publicIPAddresses[0], '/32')]"
See "reference" function for ARM templates: https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-resource#reference
I've been trying to find a way to run a simple command against one of my existing Azure VMs using Azure Data Factory V2.
Options so far:
Custom Activity/Azure Batch won't let me add existing VMs to the pool
Azure Functions - I have not played with this but I have not found any documentation on this using AZ Functions.
Azure Cloud Shell - I've tried this using the browser UI and it works, however I cannot find a way of doing this via ADF V2
The use case is the following:
There are a few tasks that are running locally (Azure VM) in task scheduler that I'd like to orchestrate using ADF as everything else is in ADF, these tasks are usually python applications that restore a SQL Backup and or purge some folders.
i.e. sqdb-restore -r myDatabase
where sqldb-restore is a command that is recognized locally after installing my local python library. Unfortunately the python app needs to live locally in the VM.
Any suggestions? Thanks.
Thanks to #martin-esteban-zurita, his answer helped me to get to what I needed and this was a beautiful and fun experiment.
It is important to understand that Azure Automation is used for many things regarding resource orchestration in Azure (VMs, Services, DevOps), this automation can be done with Powershell and/or Python.
In this particular case I did not need to modify/maintain/orchestrate any Azure resource, I needed to actually run a Bash/Powershell command remotely into one of my existing VMs where I have multiple Powershell/Bash commands running recurrently in "Task Scheduler".
"Task Scheduler" was adding unnecessary overhead to my data pipelines because it was unable to talk to ADF.
In addition, Azure Automation natively only runs Powershell/Python commands in Azure Cloud Shell which is very useful to orchestrate resources like turning on/off Azure VMs, adding/removing permissions from other Azure services, running maintenance or purge processes, etc, but I was still unable to run commands locally in an existing VM. This is where the Hybrid Runbook Worker came into to picture. A Hybrid worker group
These are the steps to accomplish this use case.
1. Create an Azure Automation Account
2. Install the Windows Hybrid Worker in my existing VM . In my case it was tricky because my proxy was giving me some errors. I ended up downloading the Nuget Package and manually installing it.
.\New-OnPremiseHybridWorker.ps1 -AutomationAccountName <NameofAutomationAccount> -AAResourceGroupName <NameofResourceGroup>
-OMSResourceGroupName <NameofOResourceGroup> -HybridGroupName <NameofHRWGroup>
-SubscriptionId <AzureSubscriptionId> -WorkspaceName <NameOfLogAnalyticsWorkspace>
Keep in mind that in the above code, you will need to find your own parameter values, the only parameter that does not have to be found and will be created is HybridGroupName this will define the name of the Hybrid Group
3. Create a PowerShell Runbook
[CmdletBinding()]
Param
([object]$WebhookData) #this parameter name needs to be called WebHookData otherwise the webhook does not work as expected.
$VerbosePreference = 'continue'
#region Verify if Runbook is started from Webhook.
# If runbook was called from Webhook, WebhookData will not be null.
if ($WebHookData){
# Collect properties of WebhookData
$WebhookName = $WebHookData.WebhookName
# $WebhookHeaders = $WebHookData.RequestHeader
$WebhookBody = $WebHookData.RequestBody
# Collect individual headers. Input converted from JSON.
$Input = (ConvertFrom-Json -InputObject $WebhookBody)
# Write-Verbose "WebhookBody: $Input"
#Write-Output -InputObject ('Runbook started from webhook {0} by {1}.' -f $WebhookName, $From)
}
else
{
Write-Error -Message 'Runbook was not started from Webhook' -ErrorAction stop
}
#endregion
# This is where I run the commands that were in task scheduler
$callBackUri = $Input.callBackUri
# This is extremely important for ADF
Invoke-WebRequest -Uri $callBackUri -Method POST
4. Create a Runbook Webhook pointing to the Hybrid Worker's VM
4. Create a webhook activity in ADF where the above PowerShell runbook script will be called via a POST Method
Important Note: When I created the webhook activity it was timing out after 10 minutes (default), so I noticed in the Azure Automation Account that I was actually getting INPUT data (WEBHOOKDATA) that contained a JSON structure with the following elements:
WebhookName
RequestBody (This one contains whatever you add in the Body plus a default element called callBackUri)
All I had to do was to invoke the callBackUri from Azure Automation. And this is why in the PowerShell runbook code I added Invoke-WebRequest -Uri $callBackUri -Method POST. With this, ADF was succeeding/failing instead of timing out.
There are many other details that I struggled with when installing the hybrid worker in my VM but those are more specific to your environment/company.
This looks like a use case that is supported with Azure Automation, using a hybrid worker. Try reading here: https://learn.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker
You can call runbooks with webhooks in ADFv2, using the web activity.
Hope this helped!
I am working in a project that will be deployed at my client's Microsoft Azure. Thus I am currently testing terraform to assist me when the time comes.
create a azure function with terraform that will trigger on blob storage input data
My question is about how to add the azure functions's javascript/c# code into the terraform script so it will be automatically deployed ?
I checked the terraform docs, but it wasn't of much help:
https://www.terraform.io/docs/providers/azurerm/r/function_app.html
Any ideas?
Terraform doesn't handle pushing code to Azure resources, that's usually done in a following step in the pipeline (e.g. 1- execute terraform 2- deploy code).
However, the Azure Function App does have the ability to connect directly to your repo, and the Terraform azurerm_function_app module exposes the source_control property.
Terraform's azurerm_function_app documentation
So with Terraform you can configure the function app to pull the code directly from the repo when a change is detected.
Microsoft's Azure Function Continuous Deployment documentation
I'm creating an ARM Template to deploy both an Azure Search instance and a Function App that depends on the Azure Search instance. As part of that I'm trying to pre-populate the Function Apps app settings with the Search Service's API Key.
I'm doing this by adding the following into the value of one of the app settings of the FunctionAppSite:
[listKeys(variables('searchServiceId'), '2015-08-19').key1]
I get the searchServiceId in the variables sections
[resourceId('Microsoft.Search/searchServices', parameters('SearchServiceName'))]
The FunctionAppSite component lists dependencies on the AppServicePlan, StorageAccount and SearchService.
When I deploy the template the Search Service gets created then an error occurs because listkeys couldn't find the Search Service. This happens about .25s after the service is created.
I'm pretty sure I have the syntax around the listkeys correct and the problem is just the timing, no sure how I can slow it down though. I tried forcing the StorageAccount to depend on the SearchService in my template, hoping the dependency chain would slow things down enough, but the listkeys error happens after the Search Service is created, but before the StorageAccount is created.
The full template can be found here and there is a 'Deploy to Azure' button on the readme.md of that repo if you want to see it in action.
Well, looking at provider operations for Microsoft.Search:
Microsoft.Search/register/action
Microsoft.Search/checkNameAvailability/action
Microsoft.Search/searchServices/write
Microsoft.Search/searchServices/read
Microsoft.Search/searchServices/delete
Microsoft.Search/searchServices/start/action
Microsoft.Search/searchServices/stop/action
Microsoft.Search/searchServices/listAdminKeys/action
Microsoft.Search/searchServices/regenerateAdminKey/action
Microsoft.Search/searchServices/createQueryKey/action
Microsoft.Search/searchServices/queryKey/read
Microsoft.Search/searchServices/queryKey/delete
this is how you do it:
"[listAdminKeys(variables('searchServiceId'), '2015-08-19').PrimaryKey]"
To list provider operations:
$ops = (Get-AzureRmProviderOperation -OperationSearchString */*).Operation