The following script runs okay, I can see it doing the designed task (deploying 500 virtual machines) but I get a warning from New-AzVM that tells me that it's using the most sane storage account that it can reach. I've been having a lot of problems with the virtual machines that it spins up, and they are spinning up very slowly (at a speed of about 10 per hour) and I was wondering if the problem might be that I'm unable to designate a storage account as part of the configuration.
I've done quite a few google searches, looking through the microsoft documentation on these scripts, and haven't found a way to specify the configuration I want.
The script I'm using is this:
$rgn = "VolumetricTest"
$passwd = ConvertTo-SecureString "password" -AsPlainText -Force
$logincred = New-Object System.Management.Automation.PSCredential("xadminx",$passwd)
$vnet = Get-AzVirtualNetwork -Name volumetric-vnet -ResourceGroupName VolumetricTest
$loc = "East US"
$nsg_rdp_in = New-AzNetworkSecurityRuleConfig -name "RDP_in" -Protocol Tcp -Direction Inbound -Priority 300 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 -Access Allow
$nsg_rdp_out = New-AzNetworkSecurityRuleConfig -name "RDP_out" -Protocol Tcp -Direction Outbound -Priority 301 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 -Access Allow
$suffixes = #()
1..500 | ForEach-Object { $nm = $_.ToString("000"); $suffixes += #("$nm") }
Foreach ( $suffix in $suffixes) {
Write-Host $suffix
$vmname = "SCLD-VT-W$suffix"
Write-Host $vmname
$nsg = New-AzNetworkSecurityGroup -Name "nsgW$suffix" -ResourceGroupName VolumetricTest -Location 'East US' -SecurityRules $nsg_rdp_in
Write-Host $nsg.Id
$net = New-AzNetworkInterfaceIpConfig -name "WNetAddr$suffix" -Subnet $( Get-AzVirtualNetworkSubnetConfig -Name default -VirtualNetwork $vnet ) -Primary
$nic = New-AzNetworkInterface -Name "WNetif$suffix" -ResourceGroupName VolumetricTest -Location 'East US' -IpConfiguration $net -NetworkSecurityGroupId $nsg.Id
Write-Host $nic.Id
$vmconfig = New-AzVMConfig -VMName $vmname -VMSize "Standard_B2s" | Set-AzVMOperatingSystem -Windows -ComputerName $vmname -Credential $logincred | Set-AzVMSourceImage -PublisherName "microsoftwindowsdesktop" -Offer "Windows-10" -skus 'rs1-enterprise' -Version latest | Add-AzVMNetworkInterface -Id $nic.Id
New-AzVM -ResourceGroupName $rgn -Location "East US" -VM $vmconfig
}
(details replaced with filler of course)
results like:
014
SCLD-VT-W014
/subscriptions/00000000-0000-0000-0000-00000000/resourceGroups/VolumetricTest/providers/Microsoft.Network/networkSecurityGroups/nsgW014
/subscriptions/00000000-0000-0000-0000-00000000/resourceGroups/VolumetricTest/providers/Microsoft.Network/networkInterfaces/WNetif014
WARNING: Since the VM is created using premium storage or managed disk, existing standard storage account, volumetrictestbootdiag, is used for boot diagnostics.
This machine was created in about 2 minutes.
Some machines seem to take less than a minute to spin up, while others take upwards of 10.
It selects the proper storage account I want to use, at least.
When you create a VM if you enable diagnostics you have to specify a storage account. In this case if you doesn't specify a SA it will create a storage account for you or select any existing storage account.
You could use Set-AzureRmVMBootDiagnostics to modifies boot diagnostics properties of a virtual machine to specify the storage configuration.
Set-AzureRmVMBootDiagnostics -VM $VM -Enable -ResourceGroupName "ResourceGroup11" -StorageAccountName "DiagnosticStorage"
Related
I have setup a Shared Image Gallery and added a VM image to it. I can provision a new VM in my subscription from it. A friend wants to use that same image to provision the same VM in his subscription, a totally different Azure account. He has added me temporarily as an owner to his subscription and I can change directory from my azure portal to access and work with it no problem.
When I try to create a VM, I can't find the gallery in my subscription/account from his subscription (a totally different Azure account).
I have tried making an application registration and even added permissions for the application in his subscription too (contributor). Still can't see it.
Is this possible at all or am I doing something wrong?
thank you much
At the moment, we have no way to use the portal to deploy a VM from an image in another azure tenant. To create a VM from an image shared between tenants, you must use the Azure CLI or Powershell. For more details, please refer to here
For example
create a service principal in the tenant 1
Give Tenant 2 access
a. Register the sp into tenant 2
we can implement it by requesting a sign-in using a browser
https://login.microsoftonline.com/<Tenant 2 ID>/oauth2/authorize?client_id=<Application (client) ID>&response_type=code&redirect_uri=https%3A%2F%2Fwww.microsoft.com%2F
b. Assign Azure RABC role Contributor to the sp
Create VM
a. Log into both tenants using the application ID, secret and tenant ID.
$applicationId = '<App ID>'
$secret = <Secret> | ConvertTo-SecureString -AsPlainText -Force
$tenant1 = "<Tenant 1 ID>"
$tenant2 = "<Tenant 2 ID>"
$cred = New-Object -TypeName PSCredential -ArgumentList $applicationId, $secret
Clear-AzContext
Connect-AzAccount -ServicePrincipal -Credential $cred -Tenant $tenant1
Connect-AzAccount -ServicePrincipal -Credential $cred -Tenant $tenant2
b. Create VM
$resourceGroup = ""
$location = ""
$vmName = ""
# Set a variable for the image version in Tenant 1 using the full image ID of the shared image version
$image = "/subscriptions/<Tenant 1 subscription>/resourceGroups/<Resource group>/providers/Microsoft.Compute/galleries/<Gallery>/images/<Image definition>/versions/<version>"
# Create user object
$cred = Get-Credential -Message "Enter a username and password for the virtual machine."
# Create a resource group
New-AzResourceGroup -Name $resourceGroup -Location $location
# Networking pieces
$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name mySubnet -AddressPrefix 192.168.1.0/24
$vnet = New-AzVirtualNetwork -ResourceGroupName $resourceGroup -Location $location `
-Name MYvNET -AddressPrefix 192.168.0.0/16 -Subnet $subnetConfig
$pip = New-AzPublicIpAddress -ResourceGroupName $resourceGroup -Location $location `
-Name "mypublicdns$(Get-Random)" -AllocationMethod Static -IdleTimeoutInMinutes 4
$nsgRuleRDP = New-AzNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleRDP -Protocol Tcp `
-Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `
-DestinationPortRange 3389 -Access Allow
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName $resourceGroup -Location $location `
-Name myNetworkSecurityGroup -SecurityRules $nsgRuleRDP
$nic = New-AzNetworkInterface -Name myNic -ResourceGroupName $resourceGroup -Location $location `
-SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id
# Create a virtual machine configuration using the $image variable to specify the shared image
$vmConfig = New-AzVMConfig -VMName $vmName -VMSize Standard_D1_v2 | `
Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred | `
Set-AzVMSourceImage -Id $image | `
Add-AzVMNetworkInterface -Id $nic.Id
# Create a virtual machine
New-AzVM -ResourceGroupName $resourceGroup -Location $location -VM $vmConfig
I have a Datacenter 2016 server with unmanaged disk. I need to be able to replicate this VM and continue using an unmanaged disk.
Do I need to provision the VM i want to replicate? Or can I just use the VHD in storage to create a new VM?
Here is my powershell script so far. Note that I tried to provision a VM
New-AzVm `
-ResourceGroupName "myResource" `
-Name "myVM" `
-ImageName "" ` //IS THIS WHERE YOU WOULD PUT A VHD?
-Location "West US 2" `
-VirtualNetworkName "my-vnet" `
-SubnetName "default" `
-SecurityGroupName "myvmNSG" `
-OpenPorts 3389, 80, 443
If you want to create an unmanaged VM from the VHD file, you can use the VM config. Here is an example using the existing NIC and VNet, you can also create the new one for it:
$NIC = Get-AzNetworkInterface -ResourceGroupName charlesUnmanaged -Name azurevm938
$VirtualMachine = New-AzVMConfig -VMName "azurevm" -VMSize "Standard_DS3"
$VirtualMachine = Add-AzVMNetworkInterface -VM $VirtualMachine -Id $NIC.Id
$VirtualMachine = Set-AzVMOSDisk -VM $VirtualMachine -Name "unmanagedos" -VhdUri $OSDiskUri -CreateOption Attach -Linux
New-AzVM -ResourceGroupName "charlesUnmanaged" -Location "East US" -VM $VirtualMachine -Verbose
Is it true, that even for Virtual Machine's created in the latest platform (ARM), that if you initially created the machine with 1 NIC, that there is no way to add additional NICs to the VM?
I found a few random (non-Microsoft) articles that seem to indicate this is the case, which if so... is kind of retarded.
So I wanted to make sure that I'm understanding this correctly.
If I have to start all over and build a new machine just to add a NIC, I might consider just using Amazon AWS as I can't imagine this being a limitation over there.
that if you initially created the machine with 1 NIC, that there is no
way to add additional NICs to the VM
It is true, there is no way to add a NIC to an existing VM, and we can't via portal to create a VM with multiple NICs. But we can create/recreate the VM via powershell and add another NIC to it. Here is the powershell script:
$rg = "jason-newgroup"
$loc = "japan east"
$nic01 = "nic01"
$nic02 = "nic02"
$vnet = Get-AzureRmVirtualNetwork -Name ‘jason-newgroup-vnet’ -ResourceGroupName ‘jason-newgroup’
$sub01id = (Get-AzureRmVirtualNetworkSubnetConfig -Name ‘sub01’ -VirtualNetwork $vnet).Id
$sub02id = (Get-AzureRmVirtualNetworkSubnetConfig -Name ‘sub02’ -VirtualNetwork $vnet).Id
$ip1 = '10.1.0.5'
$ip2 = '10.1.1.5'
$nic1 = New-AzureRmNetworkInterface -Name $nic01 -ResourceGroupName $rg -Location $loc -SubnetId $sub01id -PrivateIpAddress $ip1
$nic2 = New-AzureRmNetworkInterface -Name $nic02 -ResourceGroupName $rg -Location $loc -SubnetId $sub02id -PrivateIpAddress $ip2
$vmsize = "Standard_DS4_v2"
$vmname = "jason-windows"
$vm = New-AzureRmVMConfig -VMName $vmname -VMSize $vmsize
$VM = Add-AzureRmVMNetworkInterface -VM $VM -Id $nic1.Id -Primary
$VM = Add-AzureRmVMNetworkInterface -VM $VM -Id $nic2.Id
$osDiskName = "jason-newtest"
$osDiskVhdUri = "https://jasonnewgroupdisks717.blob.core.windows.net/vhds/jason-windows2016920165635.vhd"
$vm = Set-AzureRmVMOSDisk -VM $vm -VhdUri $osDiskVhdUri -name $osDiskName -CreateOption attach -windows
New-AzureRmVM -ResourceGroupName $rg -Location $loc -VM $vm
Notice:
The VM size determines the number of NICS that you can create for a VM. More information about how many NICS each VM size supports, please refer to the link below:
https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-sizes/
There is an update to this. You can now add nics to existing Azure VMs. See the documentation here for tutorial - https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-vm
I need to launch an IPv6 DNS query from my Azure VM. I need to control all the parameters of this query. I can do it via network calls or via the dig command. Can I do this with Azure? This probably: can the load balancer support an outbound IPv6 DNS query?
We needed to confirm that our DNS servers handled queries coming in over IPv6, and Azure was one of the cloud providers we could use. It wasn't easy, but I eventually got it to work.
In order to get outgoing IPv6 service from an Azure VM, the VM needs to be created in an availability set with a load balancer that has public dynamic IPv6 addresses, inbound NAT rules for both IPv4 and IPv6, and load balancing rules for same. Existing VMs can't be reconfigured to support this. Azure seems to create some some of tunnel between the configured load balancer and the VMs you put in the same availability set. This isn't obvious from the VM's perspective, except in that you can only communicate over IPv6 with the outside Internet and not with the other VMs in your Azure submit.
IPv6 support isn't currently possible to configure through the Azure portal. I made heavy use of the following two links to get this working:
https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-overview
https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-internet-ps
You'll need a Windows VM to run much of the above; PowerShell for Linux and AzureRM.NetCore.Preview does not have feature parity with PowerShell in Windows.
I had to hack at the above example for some time before coming up with the following ... you may need to hack it some more to work in your environment.
Note that I ran this script from within Powershell ISE so I could pre-configure the environment with $mySecureCredentials and Login-AzureRMAccount as necessary.
The below will create a Centos 7.3 VM that can initiate IPv6 DNS queries against the Internet. Note that you'll have to enable your IPv6 interfaces in the guest after rebooting. Unfortunately my rep is too low to post more than 2 links, so search for 'azure linux dhcp ipv6' to see how enable DHCPv6 client configuration on your VM.
$resgroupName = 'YourResourceGroup'
$location = 'east US' # of course, select your preferred location
# you will need some secure credentials. run something like:
# $mySecureCredentials = Get-Credential -Message "Type the username and password of the local administrator account."
# you will also need to log into azure (Login-AzureRMAccount)
# IP addresses, load balancer config
$publicIPv4= New-AzureRmPublicIpAddress -name 'lb-pub-ipv4' -ResourceGroupName $resgroupName -location $location `
-Allocationmethod Static -IpAddressVersion IPv4 -domainnamelabel my-lbnrpipv4
$publicIPv6 = New-AzureRmPublicIpAddress -name 'lb-pub-ipv6' -ResourceGroupName $resgroupName -location $location `
-AllocationMethod Dynamic -IpAddressVersion IPv6 -DomainNameLabel my-lbnrpipv6
$FEIPConfigv4 = New-AzureRmLoadBalancerFrontendIpConfig -name "LB-Frontendv4" -PublicIpAddress $publicIPv4
$FEIPConfigv6 = New-AzureRmLoadBalancerFrontendIpConfig -name "LB-Frontendv6" -PublicIpAddress $publicIPv6
$backendpoolipv4 = New-AzureRmLoadBalancerBackendAddressPoolConfig -name "BackendPoolIPv4"
$backendpoolipv6 = New-AzureRmLoadBalancerBackendAddressPoolConfig -name "BackendPoolIPv6"
# This script assumes you already have a virtual network defined - replace myRG-vnet with the name of the virtual network you want to use.
$vnet = Get-AzureRmVirtualNetwork -name myRG-vnet -ResourceGroupName $resgroupName
# I assume you want to use the default subnet.
$backendSubnet = Get-AzureRmVirtualNetworkSubnetConfig -name default -virtualnetwork $vnet
# Create NAT rules for load balancer
# Even if you don't actually need any inbound rules, some rules appear to be necessary to make outbound IPv6 work.
# Inbound SSH
$inboundNATRule1v4 = New-AzureRmLoadBalancerInboundNatRuleConfig -name "NicNatRulev4" -FrontendIpConfiguration $FEIPConfigv4 -Protocol TCP -FrontendPort 22 -BackendPort 22
$inboundNATRule1v6 = New-AzureRmLoadBalancerInboundNatRuleConfig -name "NicNatRulev6" -FrontendIpConfiguration $FEIPConfigv6 -Protocol TCP -FrontendPort 22 -BackendPort 22
$lbrule1v4 = New-AzureRmLoadBalancerRuleConfig -name "HTTPv4" -FrontendIpConfiguration $FEIPConfigv4 -BackendAddressPool $backendpoolipv4 -Protocol TCP -FrontendPort 80 -BackendPort 80
$lbrule1v6 = New-AzureRmLoadBalancerRuleConfig -name "HTTPv6" -FrontendIpConfiguration $FEIPConfigv6 -BackendAddressPool $backendpoolipv6 -Protocol TCP -FrontendPort 80 -BackendPort 80
$NRPLB = New-AzureRmLoadBalancer -ResourceGroupName $resgroupName -name 'myNrpIPv6LB' -location $location `
-FrontendIpConfiguration $FEIPConfigv4,$FEIPConfigv6 -BackendAddressPool $backendpoolipv4,$backendpoolipv6 `
-LoadBalancingRule $lbrule1v4,$lbrule1v6 -inboundNatRule $inboundNATRule1v4,$inboundNATRule1v6
$nic1IPv4 = New-AzureRmNetworkInterfaceIpConfig -name "IPv4IPConfig" -PrivateIpAddressVersion "IPv4" -subnet $backendSubnet -LoadBalancerBackendAddressPool $backendpoolipv4 -LoadBalancerInboundNatRule $inboundNATRule1v4
$nic1IPv6 = New-AzureRmNetworkInterfaceIpConfig -name "IPv6IPConfig" -PrivateIpAddressVersion "IPv6" -LoadBalancerBackendAddressPool $backendpoolipv6 -LoadBalancerInboundNatRule $inboundNATRule1v6
$nic1 = New-AzureRmNetworkInterface -Name 'myNrpIPv6Nic0' -IpConfiguration $nic1IPv4,$nic1IPv6 `
-resourceGroupName $resgroupName -location $location
New-AzureRmAvailabilitySet -name "myNrpIPv6AvSet" -resourcegroupname $resgroupName -location $location
$avset1 = Get-AzureRmAvailabilitySet -resourcegroupname $resgroupName -name 'myNrpIPv6AvSet'
try {
New-AzureRmStorageAccount -ResourceGroupName $resgroupName -name 'mynrpipv6stacct' -location $location -skuname `
"Standard_LRS" -erroraction stop
} catch {
echo "new storage account failed, let's just hope it was a dup and gets found anyway"
}
# find my existing storage account
$storAcct = Get-AzureRmStorageAccount -resourcegroupname $resgroupName -name 'mynrpipv6stacct'
if ($storAcct -eq $null) {
throw "I could not find a storage accoount"
}
$nic1 = Get-AzureRmNetworkInterface -ResourceGroupName $resgroupName -name 'myNrpIPv6Nic0'
$vm1 = New-AzureRmVMConfig -vmName 'myNrpLinuxIPv6VM1' -vmSize 'Standard_d1' -AvailabilitySetId $avset1.Id
$vm1 = Set-AzureRmVMOperatingSystem -vm $vm1 -Linux -ComputerName 'myNrpLinuxIPv6VM1' -Credential $mySecureCredentials
$vm1 = Set-AzureRmVMSourceImage -VM $vm1 -PublisherName OpenLogic -Offer CentOS -Skus '7.3' -Version "latest"
$vm1 = Add-AzureRmVMNetworkInterface -VM $vm1 -Id $nic1.Id -Primary
$osDisk1Uri = $storAcct.PrimaryEndpoints.Blob.ToString() + "vhds/myNrpLinuxIPv6VM1osdisk.vhd"
$vm1 = Set-AzureRmVMOSDisk -VM $vm1 -Name 'myNrpLinuxIPv6VM1osdisk' -VhdUri $osDisk1Uri -CreateOption FromImage
echo now creating...
new-azurermvm -ResourceGroupName $resgroupName -location $location -VM $vm1
echo done
I don't understand what you mean by launch an IPv6 query. Do you mean query for an AAAA record or do you mean IPv6 network traffic? If you meant he query type then tools like nslookup and dig allow you to control the query but when looking up a hostname in things like browsers they let the OS decide how to resolve the name, that's not Azure specific. If you're talking about IP level traffic, the Azure DNS recursive resolvers are only contactable using IPv4 at present.
I’m have an Azure PowerShell challenge.
I am trying to create a VM with a static IP based on an existing disk.
I have run the following and can see my disk in the list of VM disks
Add-AzureDisk -DiskName $diskname -MediaLocation $medialocation -Label "bootdisk" -OS "Linux"
However when I run the following script:
Set-AzureSubscription -SubscriptionName "my subscrption" -CurrentStorageAccountName "my storage account"
$vmImg = New-AzureVMConfig -Name $vmname -InstanceSize Large -DiskName $diskname -Verbose |
Set-AzureSubnet -SubnetNames "my subnet" |
Set-AzureStaticVNetIP -IPAddress "192.168.58.101"
New-AzureVM -ServiceName $cloudservicename -VMs $vmImg
I get this error
New-AzureVM : CurrentStorageAccountName is not accessible. Ensure the
current storage account is accessible and in the same location or
affinity group as your cloud service
I did some research and found that is an issue when the cloud service already exits. However, I have tried all the workarounds suggested including allowing the New-AzureVM to create the cloud service and to create it manually.
Have you come across this? The reason I need the static IP is that everything in the VM breaks if I allow dynamic IP.
Any suggestions would be greatly appreciated.
Try the following and see if it resolves your issue.
Clean up :-
Clean out %appdata%\Windows Azure Powershell.
Close out all powershell instances
add-azureaccount
Step 1:
Set-AzureSubscription -SubscriptionName "Visual Studio Ultimate with MSDN" -CurrentStorageAccount $storageAccountName
Step 2:
Check if the IPAddress is available.
Test-AzureStaticVNetIP –VNetName $vnetName –IPAddress 10.0.0.9
Step 3:
New-AzureVMConfig -Name "testvmkv21" -InstanceSize Basic_A2 -Label "testvmkv1" -ImageName (Get-AzureVMImage)[88].ImageName | Set-AzureSubnet "subnet-1" | Set-AzureStaticVNetIP -IPAddress 10.0.0.9 | add-azureprovisioningconfig -adminusername "myuser" -windows -password "!!abc039"| Add-AzureEndpoint -LocalPort 80 -Name 'HTTP' -Protocol tcp -PublicPort 80 | Add-AzureEndpoint -LocalPort 443 -Name 'HTTPS' -Protocol tcp -PublicPort 443| New-AzureVM -ServiceName "testvmkv21" -Location "East US" -VNetName "eastusvnet"