I install hardening feature on my Azure VM with DSC. With this script: https://luke.geek.nz/Using-dsc-for-windows-hardening
How do I know it worked.
the answer is: it depends on how you "installed" the dsc script to the VM, but generally you can just do Test-DSCconfiguration -Verbose on the node. It will run through resources in the configuration and tell you which ones are compliant and which arent.
Another option would be to look at the output of how you applied the dsc script. say, if its an arm template it would return "ok" if everything worked, etc
Related
Basically for an application, we're planning to mount a Azure fileshare to directly write the logs to. However we want to create a health check to notify the team if the fileshare mount fails. Can someone help me how I can implement this functionality? Its a RHEL VM in Azure
• Yes, there is a way through which you can check whether the Azure file share has been mounted successfully or not in the Linux VM or not. You can run a script in your Linux VM through custom script extension and check its output whether the azure file share has mounted successfully or not.
Run the script in the below github link named ‘AzFileDiagnostics.sh’ in your RHEL Linux VM through the commands as below: -
Github link : - https://github.com/Azure-Samples/azure-files-samples/tree/master/AzFileDiagnostics/Linux
Commands for the script to run: - ‘sudo bash AzFileDiagnostics.sh’ or ‘sudo bash AzFileDiagnostics.sh -u //storageaccountname.file.core.windows.net/sharename’
Output: -
• This script when run will check all the prerequisites for connecting to Azure File share like checking port 445 TCP, SMB 3.3 for encryption purposes, cifs-utils package is installed or not, etc., and when all these requirements are met, it will mount the azure file share through the commands as stated above. Also, you can check the diagnostics logs through monitoring section by enabling them and collecting logs regarding this script for connection details.
Please find the below link for more reference: -
https://learn.microsoft.com/en-us/azure/storage/files/storage-troubleshoot-linux-file-connection-problems#solution
I wrote infrastructure as code using terraform, and apply it successfully on azure cloud, now i created another 3 vm's using the same networking file and variable file that already used in the pervious IAAC, how can i run only these 3 vm's without generating new error, or "already exists" to create them on the same subscription and same variable/networking configuration.
Thanks
if you understand correctly, you can use
terraform -target
Be notice that -target attribute respects dependencies
I want to install an azure agent onto my VM and have it appear as an Environment resource as described here: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/environments-virtual-machines?view=azure-devops .
This works if you run the script interactively, however when I use --unattended (as described here: https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops#unattended-config ) there is no longer a way to specify tags. The --addDeploymentGroupTags option doesn't work with Environment agents.
How do I automate the adding of a VM as an environment resource with tags?
I had a look at the source code and figured out there is an undocumented way to do this. Just use the following commands:
--addvirtualmachineresourcetags --virtualmachineresourcetags "<tag>"
According to the official doc , the “interactive PS registration script” supports to add the environments tags. This document doesn’t mention adding tags in “Unattended config” mode.
You can add tags to the VM as part of the interactive PS registration script. You can also add or remove tags from the resource view by clicking on ... at the end of each VM resource on the Resources tab.
We could simply run .\config.cmd --help to check the help info of this command in PowerShell.
It only mentions how to add a “deploygroup tag” through an option. Not any info related to tag of VM resource in environment.
I'm afraid this is not available to add tags to Environment VM resource in “Unattended config” mode.
I have a problem on my build/release pipeline with Azure Container Reigstry.
I use a Azure Resource Group Deployment task to deploy Azure Container Registry (and other stuff) and it works perfectly.
I have the loginServer, username and password in output variables to reuse it.
Then I want to build and push image to ACR but I can't set the name of the registry (that I get from output variable) with a variable. I have to choose the registry when I setup the definition, but it is not created at this moment.
Is there a way to do this ?
As a workaround, I use the Azure Resource Group Deployment the create the registry and then I send output variables to a powershell script which build, tag and push my images to the registry.
If nobody has a better way, I think I will post a uservoice to change that.
When you say you use an Azure Resource Group Deployment task, are you referring to VSTS?
If you could provide more specific repro steps, I might be more helpful.
I'd also suggest you might take a look at https://aka.ms/acr/build as easy way to natively docker build images with your registry. ACR Build is now available in all regions and simplifies may of the experiences you may be hitting.
Daniel just made this post that helps with the VSTS integration: https://www.danielstechblog.io/building-arm-based-container-images-with-vsts-and-azure-container-registry-build/
Steve
Sorry for the delay, I was off the office.
I just retry to fix my problem and it seems that I can now enter a free text (and so, a release variable) to the VSTS docker task to specify the ACR I just created before with a Azure Resource Group Deployment task.
So no problem anymore.
Thank you for your response, I will take a look to ACR build :)
Bastien
I'm trying to create an Azure VM and then copy an install file to the VM and then silently installing it. I have created a basic Azure Resource Group project, and can create and deploy the VM, but I can't figure out how to do everything from the powershell script.
It sounds like you could use a custom script extension to do what you want. In your ARM template, you can specify the url for a file and the command to run; Azure will handle getting the file onto your VM and running it based on your command. Here is an example from the Azure Quickstart Templates: https://github.com/Azure/azure-quickstart-templates/tree/master/windows-vm-custom-script
Hope this helps! :)