I have a working ARM Template to deploy an Application Gateway with WAF Enabled, this is currently always enabling the Firewall and setting the Firewall Mode based on parameters.
We want to parameterize enabling the WAF so that an AGW can be deployed without WAF
The object in the properties looks like:
"webApplicationFirewallConfiguration": {
"enabled": "[parameters('applicationGateway').firewallEnabled]",
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
}
The parameter file has these set:
"firewallEnabled": false,
"Tier": "Standard",
"skuSize": "Standard_Medium",
However on deployment it errors out trying to enable the Firewall
New-AzResourceGroupDeployment : 11:28:27 AM - Error:
Code=ApplicationGatewayFirewallCannotBeEnabledForSelectedSku;
Message=Application Gateway
/subscriptions//providers/Microsoft.Network/applicationGatewa
ys/EXAMPLE-AGW does not support WebApplicationFirewall with the
selected SKU tier Standard
It looks like it's still trying to enable the firewall even though the "enabled:" property would be false, I would assume it would ignore the rest of the properties in the object but obviously not. Can anyone see what I'm doing wrong here?
Reason for Failure: As WebApplicationFirewall is not supported for Standard Tier AppGateway, the template VALIDATION will fail even if enabled is set to false as validation sees "webApplicationFirewallConfiguration" key itself as invalid for Standard Tier.
Fix: Use Nested Templates to create a child deployment of an Application Gateway template without "webApplicationFirewallConfiguration" if firewall is disabled, else the one with "webApplicationFirewallConfiguration" if firewall is enabled along with firewall mode value in the parameters file.
Working Sample: Please find below the root template for deployment along with two templates with firewall enabled and disabled as well. Then, it has two parameters file - one for firewall enabled and other for disabled one.
To try out this sample, follow the below steps:
Upload the two Child templates in a Blob Storage.
Make this Blob Container, where templates are uploaded, Public accessible or use SAS token while creating the template's url.
Update the variables "appGatewaysTemplateWaffalse" and "appGatewaysTemplateWaftrue" in root template with urls of uploaded child templates.
Go https://portal.azure.com/#create/Microsoft.Template -> "Build your own template in the editor".
Use this updated root template with urls and the parameter file (enabled or disabled) as desired.
Root Template (VNet + Child Deployment):
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "virtual network name"
}
},
"vnetAddressPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/16",
"metadata": {
"description": "virtual network address range"
}
},
"subnetName": {
"type": "string",
"defaultValue": "subnet1",
"metadata": {
"description": "Subnet Name"
}
},
"subnetPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/24",
"metadata": {
"description": "Subnet prefix"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName'))]",
"appGatewaysTemplateWaffalse": "https://da2.blob.core.windows.net/templates/app-gateway-waf-false.json",
"appGatewaysTemplateWaftrue": "https://da2.blob.core.windows.net/templates/app-gateway-waf-true.json"
},
"resources": [
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix')]"
}
}
]
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2015-01-01",
"name": "azure-appGateways-non-waf-deployment",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables(concat('appGatewaysTemplateWaf',string(parameters('applicationGateway').firewallEnabled)))]"
},
"parameters": {
"applicationGateway": {
"value": "[parameters('applicationGateway')]"
},
"location": {
"value": "[parameters('location')]"
},
"subnetRef": {
"value": "[variables('subnetRef')]"
}
}
}
}
]
}
Child Template without webApplicationFirewallConfiguration:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"subnetRef": {
"type": "string",
"defaultValue": "subnet id",
"metadata": {
"description": "Subnet Id"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2017-06-01",
"name": "[parameters('applicationGateway').applicationGatewayName]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"sku": {
"name": "[parameters('applicationGateway').applicationGatewaySize]",
"tier": "[parameters('applicationGateway').skuTier]",
"capacity": "[parameters('applicationGateway').applicationGatewayInstanceCount]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": "[parameters('applicationGateway').frontendPort]"
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"BackendAddresses": "[parameters('applicationGateway').backendIPAddresses]"
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": "[parameters('applicationGateway').backendPort]",
"Protocol": "Http",
"CookieBasedAffinity": "[parameters('applicationGateway').cookieBasedAffinity]"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIpConfiguration": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendIPConfigurations/appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendPorts/appGatewayFrontendPort')]"
},
"Protocol": "Http",
"SslCertificate": null
}
}
],
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/httpListeners/appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendAddressPools/appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
}
}
}
]
}
}
]
}
Child Template with webApplicationFirewallConfiguration:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"subnetRef": {
"type": "string",
"defaultValue": "subnet id",
"metadata": {
"description": "Subnet Id"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2017-06-01",
"name": "[parameters('applicationGateway').applicationGatewayName]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"sku": {
"name": "[parameters('applicationGateway').applicationGatewaySize]",
"tier": "[parameters('applicationGateway').skuTier]",
"capacity": "[parameters('applicationGateway').applicationGatewayInstanceCount]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": "[parameters('applicationGateway').frontendPort]"
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"BackendAddresses": "[parameters('applicationGateway').backendIPAddresses]"
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": "[parameters('applicationGateway').backendPort]",
"Protocol": "Http",
"CookieBasedAffinity": "[parameters('applicationGateway').cookieBasedAffinity]"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIpConfiguration": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendIPConfigurations/appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendPorts/appGatewayFrontendPort')]"
},
"Protocol": "Http",
"SslCertificate": null
}
}
],
"webApplicationFirewallConfiguration": {
"enabled": "[parameters('applicationGateway').firewallEnabled]",
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
},
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/httpListeners/appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendAddressPools/appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
}
}
}
]
}
}
]
}
Parameters with firewall disabled:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"value": {
"firewallEnabled": "false",
"skuTier": "Standard",
"applicationGatewayName": "yourappgateway",
"applicationGatewaySize": "Standard_Small",
"applicationGatewayInstanceCount": 1,
"frontendPort": 80,
"backendPort": 80,
"backendIPAddresses": [
{
"IpAddress": "10.0.0.7"
},
{
"IpAddress": "10.0.0.8"
},
{
"IpAddress": "10.0.0.9"
}
],
"cookieBasedAffinity": "Disabled"
}
},
"virtualNetworkName": {
"value": "yourvnetname"
},
"vnetAddressPrefix": {
"value": "10.0.0.0/16"
},
"subnetName": {
"value": "yoursubnet"
},
"subnetPrefix": {
"value": "10.0.0.0/24"
}
}
}
Parameters with firewall enabled:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"value": {
"firewallEnabled": "true",
"firewallMode": "Detection",
"skuTier": "WAF",
"applicationGatewayName": "yourappgateway",
"applicationGatewaySize": "WAF_Medium",
"applicationGatewayInstanceCount": 1,
"frontendPort": 80,
"backendPort": 80,
"backendIPAddresses": [
{
"IpAddress": "10.0.0.7"
},
{
"IpAddress": "10.0.0.8"
},
{
"IpAddress": "10.0.0.9"
}
],
"cookieBasedAffinity": "Disabled"
}
},
"virtualNetworkName": {
"value": "yourvnetname"
},
"vnetAddressPrefix": {
"value": "10.0.0.0/16"
},
"subnetName": {
"value": "yoursubnet"
},
"subnetPrefix": {
"value": "10.0.0.0/24"
}
}
}
Not sure why this is happening, but you can always do this:
"variables": {
"waffalse": {
"enabled": false
},
"waftrue": {
"enabled": true,
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
}
}
...
"webApplicationFirewallConfiguration": "[variables(concat('waf', string(parameters('applicationGateway').firewallEnabled)))]"
so use one variable or the other depending on condition
Related
I am trying to change dynamic private ip allocated VM to Static IP via ARM template.
It works for a single vm. But facing issue for multiple VM's deployment. I am trying nested deployment.
The error I am facing is: The template reference "nic-"somevmname"-01" is
not valid: could not find template resource or resource copy with this name.
I am not able to figure out what is wrong with the nested resource
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"VnetResourceGroup": {
"type": "string"
},
"VnetName": {
"type": "string"
},
"SubnetName": {
"type": "string"
},
"adminusername": {
"type": "string",
"metadata": {
"description": "Admin username for VM"
}
},
"adminpassword": {
"type": "string"
},
"vm-name": {
"type": "string",
"metadata": {
"description": ""
}
},
"virtualMachineCount": {
"type": "int",
"metadata": {
"description": "Number of Virtual machines to be deployed"
}
},
"vmSize": {
"type": "string",
"metadata": {
"description": "description"
}
},
"vm-image-name": {
"type": "string",
"metadata": {
"description": "description"
}
},
"vm-image-rg": {
"type": "string",
"metadata": {
"description": "description"
}
},
"dataDisksize": {
"type": "int"
},
"datadisks-count": {
"type": "int"
},
"osDiskType": {
"type": "string"
},
"osDiskSize": {
"type": "int",
"metadata": {
"description": "description"
}
},
"maxAvailabilityzones": {
"type": "int",
"metadata": {
"description": "description"
}
}
},
"variables": {
"ImageReferenceId": "[concat(subscription().id, '/resourceGroups/', parameters('vm-image-rg'), '/providers/Microsoft.Compute/images/', parameters('vm-image-name'))]",
"vnetId": "[concat(subscription().id, '/resourceGroups/', parameters('VnetResourceGroup'), '/providers/Microsoft.Network/virtualNetworks/', parameters('VnetName'))]",
"subnetRef": "[concat(variables('vnetId'), '/subnets/', parameters('subnetName'))]"
},
"resources": [
{
"type": "Microsoft.Network/networkInterfaces",
"name": "[concat('nic-',parameters('vm-name'),'-0', copyIndex(1))]",
"apiVersion": "2018-11-01",
"location": "[resourceGroup().location]",
"copy": {
"name": "nicLoop",
"count": "[parameters('virtualMachineCount')]"
},
"properties": {
"enableAcceleratedNetworking": true,
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
]
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"name": "[concat(parameters('vm-name'),'-0', copyIndex(1))]",
"apiVersion": "2020-06-01",
"location": "[resourceGroup().location]",
"zones": [
"[string(add(mod(copyIndex(0), parameters('maxAvailabilityzones')), 1))]"
],
"copy": {
"name": "virtualMachineLoop",
"count": "[parameters('virtualMachineCount')]"
},
"dependsOn": [
"nicLoop"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[concat(parameters('vm-name'),'-0', copyIndex(1))]",
"adminusername": "[parameters('adminusername')]",
"adminPassword": "[parameters('adminpassword')]"
},
"storageProfile": {
"copy": [
{
"name": "dataDisks",
"count": "[parameters('datadisks-count')]",
"input": {
"lun": "[copyIndex('dataDisks')]",
"name": "[concat('dataDisk',copyIndex('dataDisks',1),'-',parameters('vm-name'),'-0',copyIndex(1))]",
"createOption": "Empty",
"diskSizeGB": "[parameters('dataDisksize')]"
}
}
],
"imageReference": { "id": "[variables('ImageReferenceId')]" },
"osDisk": {
"name": "[concat('osdisk-',parameters('vm-name'),'-0', copyIndex(1))]",
"createOption": "FromImage",
"caching": "ReadWrite",
"diskSizeGB": "[parameters('osDiskSize')]",
"managedDisk": {
"storageAccountType": "[parameters('osDiskType')]"
}
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat('nic-',parameters('vm-name'),'-0', copyIndex(1)))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"name": "StaticIP",
"apiVersion": "2020-06-01",
"dependsOn": [
"nicLoop",
"virtualMachineLoop"
],
"properties": {
"mode": "Incremental",
"expressionEvaluationOptions": {
"scope": "inner"
},
"parameters": {
"SubnetRef": {
"value": "[variables('SubnetRef')]"
},
"virtualMachineCount": {
"value": "[parameters('virtualMachineCount')]"
},
"vm-name": {
"value": "[parameters('vm-name')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"subnetRef": {
"type": "string"
},
"virtualMachineCount": {
"type": "int",
"metadata": {
"description": "Number of Virtual machines to be deployed"
}
},
"vm-name": {
"type": "string",
"metadata": {
"description": "description"
}
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Network/networkInterfaces",
"name": "[concat('assignstaticip',copyIndex(1))]",
"apiVersion": "2020-05-01",
"location": "[resourceGroup().location]",
"copy": {
"name": "nicStaticIpLoop",
"count": "[parameters('virtualMachineCount')]"
},
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Static",
"privateIPAddress": "[reference(concat('nic-',parameters('vm-name'),'-0', copyIndex('nicStaticIpLoop',1))).ipConfigurations[0].properties.privateIPAddress]",
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
]
}
}
]
}
}
}
],
"outputs": {
"vm-ipaddress": {
"type": "array",
"copy": {
"count": "[parameters('virtualMachineCount')]",
"input": "[reference(concat('nic-',parameters('vm-name'),'-0', copyIndex(1))).ipConfigurations[0].properties.privateIPAddress]"
}
},
"vm-name": {
"type": "array",
"copy": {
"count": "[parameters('virtualMachineCount')]",
"input": "[concat(parameters('vm-name'),'-0', copyIndex(1))]"
}
}
}
}
Thank you #Anonymouus, for sharing the update . And bring the question for how to change dynamic private ip allocated VM to Static IP via ARM template, It will be really helpful for the SO community for similar issue who encounter the same so that they can find & fix their problem by posting it as an answer .
As stated in the given Blog which is Author by #Praveen.
To change the dynamic IP to static IP through ARM TEMPLATE we can use the below example of template,
ARM TEMPLATE:-
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "[concat('StaticIp', copyIndex())]",
"dependsOn": [
"nicLoop"
],
"copy": {
"name": "ipLoop",
"count": "[parameters('ServerInstanceCount')]"
},
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/networkInterfaces",
"name": "[concat(parameters('ServerNamePrefix'),padLeft(copyIndex(),3,'0'),'-NIC')]",
"apiVersion": "2018-03-01",
"location": "[resourceGroup().location]",
"tags": "[parameters('tagValues')]",
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Static",
"privateIPAddress": "[reference(concat(parameters('ServerNamePrefix'),padLeft(copyIndex(),3,'0'),'-NIC')).ipConfigurations[0].properties.privateIPAddress]",
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"enableAcceleratedNetworking": true
}
}
]
}
}
}
For more information please refer the below links:-
SO THREAD| Static ip addresses on Azure & Nested Copy loop using ARM Template.
Is it only possible to create one on-demand SFPT Server with one Resource group in Azure?
This is a link regards to SFPT on Azure. https://learn.microsoft.com/en-us/samples/azure-samples/sftp-creation-template/sftp-on-azure/
I tried to create a second SFPT in the same Resource group, but previous SFPT got replaced with the new one.
I tried Goolging on this one, but I was not able to find the answer, so I am posting this question here.
Yes we can deploy multiple SFTP server to our Azure resource group.
But the template you are using already they have declare default variables ,Instead of that we need to declare parameters as shown in below template, So that you can use the same template multiple times.
TEMPLATE:-
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.4.63.48766",
"templateHash": "17013458610905703770"
}
},
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"metadata": {
"description": "Storage account type"
},
"allowedValues": [
"Standard_LRS",
"Standard_ZRS",
"Standard_GRS"
]
},
"storageAccountPrefix": {
"type": "string",
"defaultValue": "sftpstg",
"metadata": {
"description": "Prefix for new storage account"
}
},
"fileShareName": {
"type": "string",
"defaultValue": "sftpfileshare",
"metadata": {
"description": "Name of file share to be created"
}
},
"sftpUser": {
"type": "string",
"defaultValue": "sftp",
"metadata": {
"description": "Username to use for SFTP access"
}
},
"sftpPassword": {
"type": "securestring",
"metadata": {
"description": "Password to use for SFTP access"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Primary location for resources"
}
},
"containerGroupDNSLabel": {
"type": "string",
"defaultValue": "[uniqueString(resourceGroup().id, deployment().name)]",
"metadata": {
"description": "DNS label for container group"
}
},
"sftpContainerGroupName": {
"type": "string",
"metadata": {
"description": "cngroup for container group"
}
},
"sftpContainerName": {
"type": "string",
"metadata": {
"description": "container name"
}
}
},
"functions": [],
"variables": {
"sftpContainerImage": "atmoz/sftp:debian",
"sftpEnvVariable": "[format('{0}:{1}:1001', parameters('sftpUser'), parameters('sftpPassword'))]",
"storageAccountName": "[take(toLower(format('{0}{1}', parameters('storageAccountPrefix'), uniqueString(resourceGroup().id))), 24)]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"name": "[variables('storageAccountName')]",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
"name": "[parameters('storageAccountType')]"
}
},
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2019-06-01",
"name": "[toLower(format('{0}/default/{1}', variables('storageAccountName'), parameters('fileShareName')))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
]
},
{
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2019-12-01",
"name": "[parameters('sftpContainerGroupName')]",
"location": "[parameters('location')]",
"properties": {
"containers": [
{
"name": "[parameters('sftpContainerName')]",
"properties": {
"image": "[variables('sftpContainerImage')]",
"environmentVariables": [
{
"name": "SFTP_USERS",
"secureValue": "[variables('sftpEnvVariable')]"
}
],
"resources": {
"requests": {
"cpu": 1,
"memoryInGB": 1
}
},
"ports": [
{
"port": 22,
"protocol": "TCP"
}
],
"volumeMounts": [
{
"mountPath": "[format('/home/{0}/upload', parameters('sftpUser'))]",
"name": "sftpvolume",
"readOnly": false
}
]
}
}
],
"osType": "Linux",
"ipAddress": {
"type": "Public",
"ports": [
{
"port": 22,
"protocol": "TCP"
}
],
"dnsNameLabel": "[parameters('containerGroupDNSLabel')]"
},
"restartPolicy": "OnFailure",
"volumes": [
{
"name": "sftpvolume",
"azureFile": {
"readOnly": false,
"shareName": "[parameters('fileShareName')]",
"storageAccountName": "[variables('storageAccountName')]",
"storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-06-01').keys[0].value]"
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
]
}
],
"outputs": {
"containerDNSLabel": {
"type": "string",
"value": "[format('{0}.{1}.azurecontainer.io', reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('sftpContainerGroupName'))).ipAddress.dnsNameLabel, reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('sftpContainerGroupName')), '2019-12-01', 'full').location)]"
}
}
}
Deployment details:-
I need to create 8 database and couple of collections though ARM template.I was going through the user defined function here https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-user-defined-functions to make the template simpler, Is that something I can achieve instead of copy paste the same scripts? right now, its throwing an error
Template validation failed: Unexpected initial token 'String' when
populating object.
My current Function:
"functions": [
{
"namespace": "contoso",
"members": {
"uniqueName": {
"parameters": [
{
"name": "databaseName",
"type": "string"
}
],
"output": {
"type": "object",
"value": {
"type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases",
"name": "['test', '/', parameters('databaseName'))]",
"apiVersion": "2020-04-01",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/', 'test')]" ],
"properties": {
"resource": {
"id": "[parameters('databaseName')]"
}
}
}
}
}
}
}
],
Is that something we can achieve?
Update: Here is the simplified version
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"accountName": {
"type": "string",
"defaultValue": "test",
"metadata": {
"description": "Cosmos DB account name"
}
},
"databaseName": {
"type": "string",
"metadata": {
"description": "Cosmos DB database name"
}
}
},
"functions": [
{
"namespace": "contoso",
"members": {
"uniqueName": {
"parameters": [
{
"name": "databaseName",
"type": "string"
}
],
"output": {
"type": "object",
"value": {
"type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases",
"name": "[concat('/test', '/', parameters('databaseName'))]",
"apiVersion": "2020-04-01",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/', 'test')]" ],
"properties": {
"resource": {
"id": "[parameters('databaseName')]"
}
}
}
}
}
}
}
],
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"name": "[parameters('accountName')]",
"apiVersion": "2020-04-01",
"location": "central us",
"kind": "MongoDB",
"properties": {
"isVirtualNetworkFilterEnabled": false,
"databaseAccountOfferType": "Standard",
"apiProperties": {
"serverVersion": "3.6"
}
}
},
"[contoso.uniqueName(parameters('databaseName'))]"
]
}
Looks like you're trying to create several mongodbDatabases within the databaseAccounts resource.
I recommend looking at the ARM copy element.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/copy-resources#resource-iteration
It would look roughly like:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"accountName": {
"type": "string",
"defaultValue": "test",
"metadata": {
"description": "Cosmos DB account name"
}
},
"databaseNames": {
"type": "array",
"defaultValue": [
"contoso",
"fabrikam",
"coho"
],
"metadata": {
"description": "Cosmos DB database names array"
}
}
},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"name": "[parameters('accountName')]",
"apiVersion": "2020-04-01",
"location": "central us",
"kind": "MongoDB",
"properties": {
"isVirtualNetworkFilterEnabled": false,
"databaseAccountOfferType": "Standard",
"apiProperties": {
"serverVersion": "3.6"
}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases",
"name": "[concat('/test', '/', parameters('databaseNames')[copyIndex()])]",
"apiVersion": "2020-04-01",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/', 'test')]" ],
"properties": {
"resource": {
"id": "[parameters('databaseNames')[copyIndex()]]"
}
},
"copy": {
"name": "databaseCopy",
"count": "[length(parameters('databaseNames'))]"
}
}
]
}
Here is my template1.json which is used to create cluster with virtual machine scale set. I want to add extensions to it using the same arm template1. I tried including script of extensions in the properties section of managed clusters ( template2.json) but it is throwing error of parent resource vnetName not found.
I tried adding extensionProfile in the properties section of managed clusters but that also didn't work.
can anyone help me out how can I set custom script extension using same arm template?
template1.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vnetName": {
"type": "string",
"metadata": {
"description": "VNet name"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Azure resource location"
}
},
"vnetAddressPrefix": {
"type": "string",
"metadata": {
"description": "Virtual network address range"
}
},
"subnetName": {
"type": "string",
"metadata": {
"description": "Azure subnet Name"
}
},
"subnetPrefix": {
"type": "string",
"metadata": {
"description": "Azure subnet prefix"
}
},
"kubernetesVersion": {
"type": "string",
"metadata": {
"description": "kubernetesVersion"
}
},
"enableRBAC": {
"defaultValue": false,
"type": "bool",
"metadata": {
"description": "boolean flag to turn on and off of RBAC"
}
},
"dnsPrefix": {
"type": "string",
"metadata": {
"description": "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
}
},
"enableHttpApplicationRouting": {
"defaultValue": false,
"type": "bool",
"metadata": {
"description": "boolean flag to turn on and off of http application routing"
}
},
"osDiskSizeGB": {
"defaultValue": 0,
"minValue": 0,
"maxValue": 1023,
"type": "int",
"metadata": {
"description": "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize."
}
},
"agentCount": {
"minValue": 1,
"maxValue": 50,
"type": "int",
"metadata": {
"description": "The number of agent nodes for the cluster. Production workloads have a recommended minimum of 3."
}
},
"agentVMSize": {
"type": "string",
"metadata": {
"description": "The size of the Virtual Machine."
}
},
"masterCount": {
"type": "int",
"allowedValues": [
1
],
"metadata": {
"description": "The number of Kubernetes masters for the cluster."
}
},
"adminUsername": {
"type": "string",
"defaultValue": "azureuser",
"metadata": {
"description": "User name for the Linux Virtual Machines."
}
},
"osType": {
"defaultValue": "Linux",
"allowedValues": [
"Linux"
],
"type": "string",
"metadata": {
"description": "The type of operating system."
}
},
"maxPods": {
"defaultValue": 30,
"type": "int",
"metadata": {
"description": "Maximum number of pods that can run on a node."
}
},
"ServicePrincipalClientId": {
"type": "string",
"metadata": {
"description": "ServicePrincipalClientId"
}
},
"ServicePrincipalClientSecret": {
"type": "string",
"metadata": {
"description": "ServicePrincipalClientId"
}
},
"ServicePrincipalObjectId": {
"type": "string",
"metadata": {
"description": "ServicePrincipalClientId"
}
},
"sshRSAPublicKey": {
"type": "securestring",
"metadata": {
"description": "Configure all linux machines with the SSH RSA public key string"
}
},
"networkPlugin": {
"allowedValues": [
"azure",
"kubenet"
],
"defaultValue": "kubenet",
"type": "string",
"metadata": {
"description": "Network plugin used for building Kubernetes network."
}
},
"dockerBridgeCidr": {
"type": "string",
"metadata": {
"description": "A CIDR notation IP for Docker bridge."
}
},
"dnsServiceIP": {
"type": "string",
"metadata": {
"description": "Containers DNS server IP address."
}
},
"serviceCidr": {
"type": "string",
"metadata": {
"description": "A CIDR notation IP range from which to assign service cluster IPs."
}
},
"resourceGroup": {
"type": "string",
"defaultValue": "[resourceGroup().name]",
"metadata": {
"description": "Azure resource group."
}
},
"autoscalingEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Flag to enable autoscaling."
}
},
"nodesMinimum": {
"type": "int",
"defaultValue": 2,
"metadata": {
"description": "Minimum number of nodes for autoscaling."
}
},
"nodesMaximum": {
"type": "int",
"defaultValue": 4,
"metadata": {
"description": "Maximum number of nodes for autoscaling."
}
}
},
"variables": {
"mastersEndpointDNSNamePrefix":"[concat(parameters('dnsPrefix'),'mgmt')]"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-08-01",
"name": "nestedTemplate",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2019-06-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix')]"
}
}
]
}
},
{
"type": "Microsoft.ContainerService/managedClusters",
"name":"[concat('Kluster-',resourceGroup().name)]",
"apiVersion": "2019-08-01",
"location": "[parameters('location')]",
"tags": {},
"dependsOn": [
"[concat('Microsoft.Resources/deployments/', 'ClusterSubnetRoleAssignmentDeployment')]"
],
"properties": {
"kubernetesVersion": "[parameters('kubernetesVersion')]",
"enableRBAC": "[parameters('enableRBAC')]",
"dnsPrefix": "[parameters('dnsPrefix')]",
"addonProfiles": {
"httpApplicationRouting": {
"enabled": "[parameters('enableHttpApplicationRouting')]"
}
},
"masterProfile": {
"count": "[parameters('masterCount')]",
"vmSize": "[parameters('agentVMSize')]",
"dnsPrefix": "[variables('mastersEndpointDNSNamePrefix')]"
},
"agentPoolProfiles": [
{
"name": "agentpool",
"osDiskSizeGB": "[parameters('osDiskSizeGB')]",
"count": "[parameters('agentCount')]",
"vmSize": "[parameters('agentVMSize')]",
"osType": "[parameters('osType')]",
"storageProfile": "ManagedDisks",
"vnetSubnetID": "[concat(resourceGroup().id,'/providers/Microsoft.Network/virtualNetworks/',parameters('vnetName'),'/subnets/',parameters('subnetName'))]",
"maxPods": "[parameters('maxPods')]",
"enableAutoScaling": "[parameters('autoscalingEnabled')]",
"minCount": "[parameters('nodesMinimum')]",
"maxCount": "[parameters('nodesMaximum')]",
"type": "VirtualMachineScaleSets"
}
],
"linuxProfile": {
"adminUsername": "[parameters('adminUsername')]",
"ssh": {
"publicKeys": [
{
"keyData": "[parameters('sshRSAPublicKey')]"
}
]
}
},
"servicePrincipalProfile": {
"clientId": "[parameters('ServicePrincipalClientId')]",
"secret": "[parameters('ServicePrincipalClientSecret')]"
},
"networkProfile": {
"networkPlugin": "[parameters('networkPlugin')]",
"serviceCidr": "[parameters('serviceCidr')]",
"dnsServiceIP": "[parameters('dnsServiceIP')]",
"dockerBridgeCidr": "[parameters('dockerBridgeCidr')]"
}
}
},
{
"type": "Microsoft.Resources/deployments",
"name": "ClusterSubnetRoleAssignmentDeployment",
"apiVersion": "2019-08-01",
"subscriptionId": "[subscription().subscriptionId]",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', parameters('vnetName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments",
"apiVersion": "2019-04-01-preview",
"name": "[concat(parameters('vnetName'), '/', parameters('subnetName'), '/Microsoft.Authorization/', guid(resourceGroup().id, deployment().name))]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
"principalId": "[parameters('ServicePrincipalObjectId')]",
"scope": "[concat(resourceGroup().id,'/providers/Microsoft.Network/virtualNetworks/',parameters('vnetName'),'/subnets/',parameters('subnetName'))]"
}
}
]
}
}
}
]
}
}
}
]
}
template2.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
Please copy from template1.json (due to characters limit I have removed)
},
"variables": {
"mastersEndpointDNSNamePrefix":"[concat(parameters('dnsPrefix'),'mgmt')]",
"vmssName":"aks-agentpool-43678249-vmss"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-08-01",
"name": "nestedTemplate",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2019-06-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix')]"
}
}
]
}
},
{
"type": "Microsoft.ContainerService/managedClusters",
"name":"[concat('Kluster-',resourceGroup().name)]",
"apiVersion": "2019-08-01",
"location": "[parameters('location')]",
"tags": {},
"dependsOn": [
"[concat('Microsoft.Resources/deployments/', 'ClusterSubnetRoleAssignmentDeployment')]"
],
"properties": {
"kubernetesVersion": "[parameters('kubernetesVersion')]",
"enableRBAC": "[parameters('enableRBAC')]",
"dnsPrefix": "[parameters('dnsPrefix')]",
"addonProfiles": {
"httpApplicationRouting": {
"enabled": "[parameters('enableHttpApplicationRouting')]"
}
},
"masterProfile": {
"count": "[parameters('masterCount')]",
"vmSize": "[parameters('agentVMSize')]",
"dnsPrefix": "[variables('mastersEndpointDNSNamePrefix')]"
},
"agentPoolProfiles": [
{
"name": "agentpool",
"osDiskSizeGB": "[parameters('osDiskSizeGB')]",
"count": "[parameters('agentCount')]",
"vmSize": "[parameters('agentVMSize')]",
"osType": "[parameters('osType')]",
"storageProfile": "ManagedDisks",
"vnetSubnetID": "[concat(resourceGroup().id,'/providers/Microsoft.Network/virtualNetworks/',parameters('vnetName'),'/subnets/',parameters('subnetName'))]",
"maxPods": "[parameters('maxPods')]",
"enableAutoScaling": "[parameters('autoscalingEnabled')]",
"minCount": "[parameters('nodesMinimum')]",
"maxCount": "[parameters('nodesMaximum')]",
"type": "virtualMachineScaleSets"
}
],
"linuxProfile": {
"adminUsername": "[parameters('adminUsername')]",
"ssh": {
"publicKeys": [
{
"keyData": "[parameters('sshRSAPublicKey')]"
}
]
}
},
"servicePrincipalProfile": {
"clientId": "[parameters('ServicePrincipalClientId')]",
"secret": "[parameters('ServicePrincipalClientSecret')]"
},
"networkProfile": {
"networkPlugin": "[parameters('networkPlugin')]",
"serviceCidr": "[parameters('serviceCidr')]",
"dnsServiceIP": "[parameters('dnsServiceIP')]",
"dockerBridgeCidr": "[parameters('dockerBridgeCidr')]"
}
},
"resources": [
{
"apiVersion": "2019-03-01",
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat('aks-agentpool-43678249-vmss','/', 'Extensions')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', parameters('vnetName'))]",
"[concat('Microsoft.ContainerService/managedClusters/', concat('Kluster-',resourceGroup().name))]"
],
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"typeHandlerVersion": "2.0",
"autoUpgradeMinorVersion":true,
"settings": {
"skipDos2Unix":false,
"fileUris": ["filelink"],
"commandToExecute": "./filename.sh"
}
}
}
]
},
{
"type": "Microsoft.Resources/deployments",
"name": "ClusterSubnetRoleAssignmentDeployment",
"apiVersion": "2019-08-01",
"subscriptionId": "[subscription().subscriptionId]",
"resourceGroup": "[parameters('resourceGroup')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', parameters('vnetName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments",
"apiVersion": "2019-04-01-preview",
"name": "[concat(parameters('vnetName'), '/', parameters('subnetName'), '/Microsoft.Authorization/', guid(resourceGroup().id, deployment().name))]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
"principalId": "[parameters('ServicePrincipalObjectId')]",
"scope": "[concat(resourceGroup().id,'/providers/Microsoft.Network/virtualNetworks/',parameters('vnetName'),'/subnets/',parameters('subnetName'))]"
}
}
]
}
}
}
]
}
}
}
]
}
Error thrown : Parent resource vnetname not found as shown below
template1_params.json
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vnetName": {
"value": "aks-vnet"
},
"vnetAddressPrefix": {
"value": "10.0.0.0/8"
},
"subnetName": {
"value": "aks-subnet"
},
"subnetPrefix": {
"value": "10.240.0.0/16"
},
"kubernetesVersion": {
"value": "1.13.12"
},
"dnsPrefix": {
"value": "test"
},
"agentCount": {
"value": 2
},
"agentVMSize": {
"value": "Standard_E2_v3"
},
"masterCount": {
"value": 1
},
"ServicePrincipalClientId": {
"value": "clientid..."
},
"ServicePrincipalClientSecret": {
"value": "clientsecret..."
},
"ServicePrincipalObjectId": {
"value": "objectid.."
},
"sshRSAPublicKey": {
"value": "sshrsa-...."
},
"dnsServiceIP": {
"value": "10.0.0.10"
},
"serviceCidr": {
"value": "10.0.0.0/16"
},
"dockerBridgeCidr": {
"value": "172.17.0.1/16"
},
"nodesMinimum": {
"value": 2
},
"nodesMaximum": {
"value": 4
}
}
}
For your issue, there are two mistakes in your template as I see, maybe not all.
One is that the resources block in the AKS cluster, it's not for the extensions, only for the agent pools. You can learn its definition in Microsoft.ContainerService/managedClusters object.
Another is that you create the AKS cluster with virtual machine scale sets, so the extension should be the type Microsoft.Compute/virtualMachineScaleSets/extensions.
Maybe you can provide more details about the issue to get an exact solution. But before, you can try to change your template to fix the mistakes I found above.
I'm currently attempting to deploy an Azure Load Balancer instance to provide load balanced access to two firewalls. This is to provide a pseudo-HA configuration.
However, when I try to deploy this template using Jenkins, it gives me the following unhelpful response (even with the --debug command):
DEBUG: attempting to read file Test/deployment/azuredeploy.json as utf-8-sig
DEBUG: attempting to read file Test/parameters/deploymentParameters.json as utf-8-sig
DEBUG: No tty
available.
ERROR:
So it's saying there's an error but can't tell me what the error is.
I have two requests:
Can anybody tell me how I can find out what is causing this error? Any commands or tools I am unaware of?
If anybody is skilled with the Azure Load Balancer syntax for ARM then can you eyeball my deployment template and let me know if it has any immediate flaws. Code is below.
code:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "vnet name"
}
},
"subnet1Name": {
"type": "string",
"metadata": {
"description": "Subnet 1 name"
}
},
"subnet2Name": {
"type": "string",
"metadata": {
"description": "Subnet 2 name"
}
},
"loadBalancerName": {
"type": "string",
"metadata": {
"description": "name of the load balancer instance"
}
},
"nicName1": {
"type": "string",
"metadata": {
"description": "name of NIC 1"
}
},
"nicName2": {
"type": "string",
"metadata": {
"description": "name of NIC 2"
}
},
"nicName3": {
"type": "string",
"metadata": {
"description": "name of NIC 3"
}
},
"nicName4": {
"type": "string",
"metadata": {
"description": "name of NIC 4"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"virtualNetworkName": "[parameters('virtualNetworkName')]",
"subnet1Name": "[parameters('subnet1Name')]",
"subnet2Name": "[parameters('subnet2Name')]",
"loadBalancerName": "[parameters('loadBalancerName')]",
"nicName1": "[parameters('nicName1')]",
"nicName2": "[parameters('nicName2')]",
"nicName3": "[parameters('nicName3')]",
"nicName4": "[parameters('nicName4')]",
"subnetRef1": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet1Name'))]",
"subnetRef2": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet2Name'))]"
},
"resources": [
{
"apiVersion": "2018-08-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig-firewallBE",
"properties": {
"subnet": {
"id": "[variables('subnetRef1')]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')),'/backendAddressPools/firewallBE-subnet-pool')]"
}
]
}
}
]
}
},
{
"apiVersion": "2018-08-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName2')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig-firewallBE",
"properties": {
"subnet": {
"id": "[variables('subnetRef1')]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')),'/backendAddressPools/firewallBE-subnet-pool')]"
}
]
}
}
]
}
},
{
"apiVersion": "2018-08-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName3')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig-firewallFE",
"properties": {
"subnet": {
"id": "[variables('subnetRef2')]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')),'/backendAddressPools/firewallFE-subnet-pool')]"
}
]
}
}
]
}
},
{
"apiVersion": "2018-08-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName4')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig-firewallFE",
"properties": {
"subnet": {
"id": "[variables('subnetRef2')]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')),'/backendAddressPools/firewallFE-subnet-pool')]"
}
]
}
}
]
}
},
{
"apiVersion": "2017-08-01",
"name": "[variables('loadBalancerName')]",
"type": "Microsoft.Network/loadBalancers",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"frontendIPConfigurations": [
{
"name": "firewallBE-FrontEnd",
"properties": {
"subnet": {
"id": "[variables('subnetRef1')]"
}
}
},
{
"name": "firewallFE-FrontEnd",
"properties": {
"subnet": {
"id": "[variables('subnetRef2')]"
}
}
}
],
"backendAddressPools": [
{
"name": "firewallBE-subnet-pool"
},
{
"name": "firewallFE-subnet-pool"
}
],
"loadBalancingRules": [
{
"properties": {
"frontendIPConfiguration": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/frontendIpConfigurations/firewallBE-FrontEnd')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/backendAddressPools/firewallBE-subnet-pool')]"
},
"probe": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/probes/firewall-lb-probe')]"
},
"protocol": "All",
"frontendPort": 0,
"backendPort": 0
},
"name": "firewallBE-subnet-rule"
},
{
"properties": {
"frontendIPConfiguration": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/frontendIpConfigurations/firewallFE-FrontEnd')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/backendAddressPools/firewallFE-subnet-pool')]"
},
"probe": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/probes/firewall-lb-probe')]"
},
"protocol": "All",
"frontendPort": 0,
"backendPort": 0
},
"name": "firewallFE-subnet-rule"
}
],
"probes": [
{
"properties": {
"protocol": "Tcp",
"port": 0,
"intervalInSeconds": 15,
"numberOfProbes": 2
},
"name": "firewall-lb-probe"
}
]
}
}
]
}
in this case the error was due to a missing parameter that needed to be passed to the template