I tried to create VM from another VM via Azure CLI with this command :
az vm create \
--resource-group my_resource \
--name newVMfromImage \
--image firstMachine-image \
--admin-username user_name \
--data-disk-sizes-gb 150 20 --size Standard_B1ms \
--verbose \
----ssh-key-value /path/to/publick/key/azure.pub
But I get this error :
az: error: unrecognized arguments: ----ssh-key-value
/path/to/publick/key/azure.pub
----ssh-key-value /path/to/publick/key/azure.pub
should only be:
--ssh-key-value /path/to/publick/key/azure.pub
Remove the 2 additional dashes.
Correct, the 4 dashes (----) indicates a wrong transmission while uploading the .PUB file.
Remove the 2 additional dashes.
Related
I was able to create a azure acr task using the below command:
az acr task create --registry myregistry \
--name demo_task \
--image demo_app:{{.Run.ID}} \
--file demo.Dockerfile \
--context https://github.com/hm-group/repo.git#branch \
--git-access-token your_token --debug
But, I don't want to provide git repository. Just want to use --file and tried build this task using below command:
az acr task create --registry productionai \
--name demo_task \
--image demo_app:{{.Run.ID}} \
--file demo.Dockerfile
Error:
If the task is not a System Task, --context-path must be provided.
We can provide --context as /dev/null if we want to use only file without providing context.
Command:
az acr task create --registry myregistry \
--name demo_task \
--image demo_app:{{.Run.ID}} \
--file demo.Dockerfile \
--context /dev/null
I am creating my disk as follows:
az disk create -g ML-Resource-Group -n myDataDisk --size-gb 256 --location eastus --max-shares 2 --sku Premium_LRS
And I am creating my first VM as follows:
az vm create --resource-group ML-Resource-Group --name PVM --image microsoft-dsvm:ubuntu-1804:1804-gen2:20.11.04 --generate-ssh-keys --location eastus
And I am creating my second VM as follows:
az vm create \
--resource-group ML-Resource-Group \
--name VMTest \
--image microsoft-dsvm:ubuntu-1804:1804-gen2:20.11.04 \
--generate-ssh-keys \
--priority Spot \
--max-price -1 \
--location eastus \
--eviction-policy Deallocate \
--output json \
--verbose \
--size "Standard_ND12s"
I attach myDataDisk to PVM as:
diskId=$(az disk show -g ML-Resource-Group -n myDataDisk --query 'id' -o tsv)
az vm disk attach -g ML-Resource-Group --vm-name PVM --name $diskId
This step is performed successfully. But when I try attaching the disk to VMTest in the same way as above, I get the following error:
Deployment failed. Correlation ID:
140afdfe-8b92-4c4d-a9a9-521d8bf3a497. Cannot change network spine of
shared disk myDataDisk while it is attached to running VM(s)
/subscriptions/39472272-11a1-4c87-9de5-92aaeac6f7cf/resourceGroups/ML-Resource-Group/providers/Microsoft.Compute/virtualMachines/PVM.
Target: 'VM:
'/subscriptions/39472272-11a1-4c87-9de5-92aaeac6f7cf/resourceGroups/ML-Resource-Group/providers/Microsoft.Compute/virtualMachines/VMTest',
disk:
'/subscriptions/39472272-11a1-4c87-9de5-92aaeac6f7cf/resourceGroups/ML-Resource-Group/providers/Microsoft.Compute/disks/myDataDisk''.
Figured out the solution! A Proximity Placement Group is to be made as follows:
az ppg create \
-n myPPG \
-g ML-Resource-Group \
-l eastus \
-t standard
And then passed as a parameter in --ppg while creating VMs such as:
az vm create -n PVM -g ML-Resource-Group --image microsoft-dsvm:ubuntu-1804:1804-gen2:20.11.04 --generate-ssh-keys --ppg myPPG --location eastus --verbose
I want to run a container instance (OrientDB database). I created an Azure file share and attached it to the instance (had to use Azure CLI command-line interface since Web GUI doesn't support it). The problem is that I need to give in the run parameters to map internal folder to external one. I am searching for days and simply cannot find how to give in the parameters. I am sure I am not the only one doing this but everything I found was not satisfactory. Help anyone?
I am so far using this command.
az container create -g ProjectX --name orientdb --image orientdb:3.0.32 `
--cpu 1 `
--memory 1.5 `
--environment-variables ORIENTDB_ROOT_PASSWORD=*** `
--os-type Linux `
--ports 80 2424 2480 `
--protocol TCP `
--ip-address public `
--dns-name-label *** `
--azure-file-volume-share-name *** `
--azure-file-volume-account-name *** `
--azure-file-volume-account-key *** `
--azure-file-volume-mount-path /mnt/azurevolume `
--restart-policy OnFailure
I don't know if "azure-file-volume-xxx" parameters are enough. I think not since I think these only attach the external volume to the container but performs no mapping.
And the command to run orientdb container locally is:
docker run -d --name orientdb -p 2424:2424 -p 2480:2480 \
-v <config_path>:/orientdb/config \
-v <databases_path>:/orientdb/databases \
-v <backup_path>:/orientdb/backup \
-e ORIENTDB_ROOT_PASSWORD=rootpwd \
orientdb
Thanks
Tomaz
I think you need to work with these parameters:
--azure-file-volume-account-name
--azure-file-volume-account-key
--azure-file-volume-share-name
--azure-file-volume-mount-path
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files
az container create \
--resource-group $ACI_PERS_RESOURCE_GROUP \
--name hellofiles \
--image mcr.microsoft.com/azuredocs/aci-hellofiles \
--dns-name-label aci-demo \
--ports 80 \
--azure-file-volume-account-name $ACI_PERS_STORAGE_ACCOUNT_NAME \
--azure-file-volume-account-key $STORAGE_KEY \
--azure-file-volume-share-name $ACI_PERS_SHARE_NAME \
--azure-file-volume-mount-path /aci/logs/
PREVIOUS ANSWER (where I was guessing about the docker image and command line prameters the OP was using)
In a nutshell:
Non "secret" aka sensitive values. You use ENVIRONMENT variables to "inject" configuration values.
Note the "--environment-variables"
az container create \
--resource-group myResourceGroup \
--name mycontainer2 \
--image mcr.microsoft.com/azuredocs/aci-wordcount:latest \
--restart-policy OnFailure \
--environment-variables 'NumWords'='5' 'MinLength'='8'
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables
Philosophically, you do NOT bake these values into your container. You container "reaches out" to get them...the simplest way your container can "reach out" is to read an environment variable.
..
For secrets, you use Azure KeyVault. This is outside the scope of your question, but I mention it so you avoid the bad security practice of using ENV variables for secrets.
Secrets would be "database passwords", "client_secret" for Oauth2, etc, etc.
Breadcrumbs:
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-managed-identity
https://thorsten-hans.com/integrating-azure-keyvault-with-azure-container-services
so i'm trying to follow a tutorial on creating an Azure VM and the entire tutorial is from the CLI. It is specifically using bash. I know next to nothing about using CLI so it is pretty intimdating. Anyways all the commands look like this in the tutorial:
az vm create \
--resource-group myResourceGroup \
--name myVM \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keys
But when I try to make a new line and go to that new line to enter in the argument/parameter it keeps trying to execute the command and i cant execute anything since obviously what im typing in is missing parameters:
az vm create \ --resource-group ShahVMAzureUB \ --name ShahVM \ --imageUbuntuLTS \ --admin-username shahjacob \ --generate-ssh-keysaz vm create
: error: the following arguments are required: --name/-n, --resource-group/-g
Quoteth the bash man page
If a \<newline> pair appears, and the backslash is not itself
quoted, the \<newline> is treated as a line continuation (that is, it is removed from the input stream and effectively ignored).
So, you literally need a newline (press ENTER) after you type the \ to tell the shell you want to enter more parameters but on a separate line.
Generally this is used for print (or even Stackoverflow answers) so you don't have one mega-line that's hard to grok. If you want it all on one line, remove the \ between the parameters.
To expand on SiegeX's answer (since I don't have enough rep to comment...)
az vm create \
--resource-group myResourceGroup \
--name myVM \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keys
is functionally equivalent to
az vm create --resource-group myResourceGroup --name myVM --image UbuntuLTS --admin-username azureuser --generate-ssh-keys
For printing the ENTER in cmd we have to use the echo. command instead of echo "\n" or echo '\n'
Use backtick -(key to the left of q ~ (tilde) and )
and not the '- Apostrophe or single quote.
Just need to use a backtick ` instead of the \
Your code should look like this:
az vm create `
--resource-group myResourceGroup `
--name myVM `
--image UbuntuLTS `
--admin-username azureuser `
--generate-ssh-keys
I'm starting to write a bash script to provision a VM in a new or existing resource group so that we can enforce naming convention and configuration.
In a bash script how can I check that a resource already exists so I don't try to create it again?
# 1. If a new resource group is desired, create it now. Microsoft Docs
az group create --name $RESOURCEGROUPNAME --location $LOCATION
# 2. Create a virtual network and subnet if one has not already been created. Microsoft Docs
# Consider a separate VNet for each resource group.
# az network vnet list -output table
az network vnet create \
--resource-group $RESOURCEGROUPNAME \
--name $RESOURCEGROUPNAME-vnet \
--address-prefix 10.0.x.0/24 \
--subnet-name default \
--subnet-prefix 10.0.x.0/24
# x is the next available 3rd octet value
# 3. Create a public IP Address. Microsoft Docs
az network public-ip create \
--resource-group $RESOURCEGROUPNAME \
--name $VMNAME-ip \
--dns-name $DNSNAME
# 4. Create a network security group. Microsoft Docs
az network nsg create \
--resource-group $RESOURCEGROUPNAME \
--name $VMNAME-nsg
# 5. Create a rule to allow SSH to the machine. Microsoft Docs
az network nsg rule create \
--resource-group $RESOURCEGROUPNAME \
--nsg-name $VMNAME-nsg \
--name allow-ssh \
--protocol tcp \
--priority 1000 \
--destination-port-range 22 \
--access allow
# 6. Create a virtual NIC. Microsoft Docs
az network nic create \
--resource-group $RESOURCEGROUPNAME \
--name $VMNAME-nic \
--vnet-name $RESOURCEGROUPNAME-vnet \
--subnet default \
--public-ip-address $VMNAME-ip \
--network-security-group $VMNAME-nsg
# 7. Create an availability set, if redundancy is required. Microsoft Docs
az vm availability-set create \
--resource-group $RESOURCEGROUPNAME \
--name $AVSETNAME-as
# 8. Create the VM. Microsoft Docs
az vm create \
--resource-group $RESOURCEGROUPNAME \
--location $LOCATION \
--name $VMNAME \
--image UbuntuLTS \
--size $VMSIZE \
--availability-set $AVSETNAME-as \
--nics $VMNAME-nic \
--admin-username $ADMINUSERNAME \
--authentication-type ssh
--ssh-key-value #$SSHPUBLICKEYFILE \
--os-disk-name $VMNAME-osdisk
This should work in bash script:
if [ $(az group exists --name $RESOURCEGROUPNAME) = false ]; then
az group create --name $RESOURCEGROUPNAME --location $LOCATION
fi
In a bash script how can I check that a resource already exists so I
don't try to create it again?
We can use CLI 2.0 command az group exists to test the resource group exist or not, like this:
C:\Users\user>az group exists -n jasontest
false
In this way, before we create it, we can test the name available or not. In new resource group, we can create new Vnet and other resources.
For now, there is no CLI 2.0 command to test other resource exist or not. If you want to create resource in an existing resource group, maybe we should use CLI 2.0 command to list the resources, and use bash to make sure the resource exist or not.
You can use JMESPath queries to do this. All resource types support this, AFAIK.
For example, for VMs:
az vm list --resource-group $RESOURCEGROUPNAME --query "[?name=='$VMNAME'] | length(#)"
This will output the number of matching VMs - either 1 or 0.
You can use this to create if/else logic in bash as follows.
if [[ $(az vm list --resource-group $RESOURCEGROUPNAME --query "[?name=='$VMNAME'] | length(#)") > 0 ]]
then
echo "VM exists"
else
echo "VM doesn't exist"
fi
If a resource show command returns an empty string and a success status code (0), then the resource does not exist.
Edit: ChrisWue pointed out that this is no longer true. It must have changed since I left the Azure CLI team (it used to be a requirement that all commands worked like this). Or it may be that there is a bug for the key vault commands he mentioned below.
this work for my batch commands
call az webapp show --subscription <yoursubs> --resource-group <yourrg> --name <yourappname> -query name
if %errorlevel% == 1 (
az webapp create ...
)
As mentioned in another answer - there is no generic "exists" command. One line of reasoning I've found was that "create" is meant to be idem potent - therefor if you have a script that creates resources (for example as part of a build pipeline) it doesn't matter how often you execute it since "it will do the right thing".
If you still need to do this you can do it in shell like this (the example is for keyvault but it should work for all resource types that have a show command)
if az keyvault show -n my-keyvault -o none; then
echo "keyvault exists"
else
echo "keyvault doesn't exist"
fi
It should be noted that az will output an error message to stderr if the resource doesn't exists - this doesn't affect the check but if it bothers you then you can redirect stderr to /dev/null
In our case we needed this because we don't run the infra scripts if the setup hasn't changed (cuts our build time in half). We dectect this by creating a hash of the infra-scripts and store it in a keyvault. When the script runs it creates the keyvault (to make sure it exists) and then tries to check the secret that contains the hash. If the hash is still the same then don't run the rest of the script.
Catch is that keyvault create nukes the access policies which also includes the web-app managed identity access policy which won't get added if the rest of the script doesn't run ... so the fix is to check if the keyvault exists first and to not create it if it does.