I have been given the responsibility for managing an Azure application gateway. The gateway is complex with 16 sites each with different SSL certificates, httplisteners, etc. The previous admin kept NO documentation. The short question is there a way I can use powershell to query and parse the existing configuration to a new script that I could use to rebuild the gateway if something breaks? I dont want to be messing with json and would prefer using powershell cmdlets, (Get-AzureRmApplicationGateway..., Set-AzureRmApplicationGateway, etc).
Any sample scripts would be great.
To load the whole gateway configuration via Powershell use:
Get-AzureRmApplicationGateway -Name MyAppGw -ResourceGroupName MyAppGwRG
Source
You can also edit this XML template file to record all the app gateway settings.
Related
I am currently working on automating the setting of retention policies of databases within an Azure managed instance. At the moment I am using the Azure Set-AzSqlInstanceDatabaseBackupShortTermRetentionPolicy PowerShell Cmdlet. It would be preferable to use REST API for my automation workflow, is there an equivalent?
The retention policy is not part of the Managed Instanced - Update API. There is an equivalent API for single instance databases.
Any help in pointing me to an API would be appreciated.
this would be the api call:
/subscriptions/xxx/resourceGroups/yyy/providers/Microsoft.Sql/managedInstances/zzz/databases/uuu/backupShortTermRetentionPolicies/default?api-version=2017-03-01-preview
somehow I dont see this in the API reference. But you can always do something like this to figure it out:
Set-AzSqlInstanceDatabaseBackupShortTermRetentionPolicy -ResourceGroupName resourcegroup01 -InstanceName server01 -DatabaseName database01 -RetentionDays 35 -Debug
and just at the debug output, it will contain REST call url
I'm trying to come up with a combination of Custom Role and PowerShell script that will constrain an AD members capabilities to the following (for a particular web app):
1) Require an interactive login to an AD account
2) Perform a download of a Publish Profile, but only in Filezilla format
The purpose is to provide a "deployer" role with the ability to upload code changes, but not see connection strings, which are visible in Web Deploy publish settings.
I see the necessary level of control in Powershell for downloading only the FileZilla3 FTP Publishing data, and I got that to work, example:
Get-AzureRmWebAppPublishingProfile -Name test-app -ResourceGroupName test_Group -Format FileZilla3 -OutputFile S:\test.xml
I understand the pattern for creating a Custom Role, and for adding actions to it. These look like the actions I might need:
Microsoft.Web/sites/publishxml/Action
microsoft.web/sites/publishxml/read
However, I don't see another level of detail within those actions for constraining the action to only Filezilla3 format.
Question: is there a way to create a Custom Role specification that would allow an AD member to download publish settings, but only in FileZilla3 format?
From the official docs, there is no ways to create a Custom Role you want. For the details, please read here.
I'm trying to build a small program to change the autoscale settings for our Azure WebApps, using the Microsoft.WindowsAzure.Management.Monitoring and Microsoft.WindowsAzure.Management.WebSites NuGet packages.
I have been roughly following the guide here.
However, we are interested in scaling WebApps / App Services rather than Cloud Services, so I am trying to use the same code to read the autoscale settings but providing a resource ID for our WebApp. I have already got the credentials required for making a connection (using a browser window popup for Active Directory authentication, but I understand we can use X.509 management certificates for non-interactive programs).
This is the request I'm trying to make. Credentials already established, and an exception is thrown earlier if they're not valid.
AutoscaleClient autoscaleClient = new AutoscaleClient(credentials);
var resourceId = AutoscaleResourceIdBuilder.BuildWebSiteResourceId(webspaceName: WebSpaceNames.NorthEuropeWebSpace, serverFarmName: "Default2");
AutoscaleSettingGetResponse get = autoscaleClient.Settings.Get(resourceId); // exception here
The WebApp (let's call it "MyWebApp") is part of an App Service Plan called "Default2" (Standard: 1 small), in a Resource Group called "WebDevResources", in the North Europe region. I expect that my problem is that I am using the wrong names to build the resourceId in the code - the naming conventions in the library don't map well onto what I can see in the Azure Portal.
I'm assuming that BuildWebSiteResourceId is the correct method to call, see MSDN documentation here.
However the two parameters it takes are webspaceName and serverFarmName, neither of which match anything in the Azure portal (or Google). I found another example which seemed to be using the WebApp's geo region for webSpaceName, so I've used the predefined value for North Europe where our app is hosted.
While trying to find the correct value for serverFarmName in the Azure Portal, I found the Resource ID for the App Service Plan, which looks like this:
/subscriptions/{subscription-guid}/resourceGroups/WebDevResources/providers/Microsoft.Web/serverfarms/Default2
That resource ID isn't valid for the call I'm trying to make, but it does support the idea that a 'serverfarm' is the same as an App Service Plan.
When I run the code, regardless of whether the resourceId parameters seem to be correct or garbage, I get this error response:
<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">
{"Code":"SettingNotFound","Message":"Could not find the autoscale settings."}
</string>
So, how can I construct the correct resource ID for my WebApp or App Service Plan? Or alternatively, is there a different tree I should be barking up to programatially manage WebApp scaling?
Update:
The solution below got the info I wanted. I also found the Azure resource explorer at resources.azure.com extremely useful to browse existing resources and find the correct names. For example, the name for my autoscale settings is actually "Default2-WebDevResources", i.e. "{AppServicePlan}-{ResourceGroup}" which I wouldn't have expected.
There is a preview service https://resources.azure.com/ where you can inspect all your resources easily. If you search for autoscale in the UI you will easily find the settings for your resource. It will also show you how to call the relevant REST Api endpoint to read or update that resorce.
It's a great tool for revealing a lot of details for your deployed resources and it will actually give you an ARM template stub for the resource you are looking at.
And to answer your question, you could programmatically call the REST API from a client with updated settings for autoscale. The REST API is one way of doing this, the SDK another and PowerShell a third.
The guide which you're following is based on the Azure Service Management model, aka Classic mode, which is deprecated and only exists mainly for backward compatibility support.
You should use the latest
Microsoft.Azure.Insights nuget package for getting the autoscale settings.
Sample code using the nuget above is as below:
using Microsoft.Azure.Management.Insights;
using Microsoft.Rest;
//... Get necessary values for the required parameters
var client = new InsightsManagementClient(new TokenCredentials(token));
client.AutoscaleSettings.Get(resourceGroupName, autoScaleSettingName);
Besides, the autoscalesettings is a resource under the "Microsoft.Insights" provider and not under the "Microsoft.Web" provider, which explains why you are not able to find it with your serverfarm resourceId.
See the REST API Reference below for getting the autoscale settings.
GET
https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/microsoft.insights/autoscaleSettings/{autoscale-setting-name}?api-version={api-version}
We wish to implement CI using a TFS / Visual Studio Online-hosted build server. To run our unit/integration tests the build server needs to connect to a SQL Azure DB.
We've hit a stumbling block here because SQL Azure DBs use an IP address whitelist.
My understanding is that the hosted build agent is a VM which is spun-up on demand, which almost certainly means that we can't determine its IP address beforehand, or guarantee that it will be the same for each build agent.
So how can we have our hosted build agent run tests which connect to our IP-address-whitelisted SQL DB? Is it possible to programmatically add an IP to the whitelist and then remove it at the end of testing?
After little research found this (sample uses PowerShell):
Login to your azure account
Select relevant subscription
Then:
New-AzureRmSqlServerFirewallRule -EndIpAddress 1.0.0.1 -FirewallRuleName test1 -ResourceGroupName testrg-11 -ServerName mytestserver111 -StartIpAddress 1.0.0.0
To remove it:
Remove-AzureRmSqlServerFirewallRule -FirewallRuleName test1 -ServerName mytestserver111 -ResourceGroupName testrg-11 -Force
Found in Powershell ISE for windows. Alternatively there should be something similar using cross platform cli if not running on windows machine
There is the task/step of Azure PowerShell that you can call azure powershell (e.g. New-AzureRmSqlServerFirewallRule)
On the other hand, you can manage server-level firewall rules through REST API, so you can custom build/release task to get necessary information (e.g. authentication) of selected Azure Service Endpoint, then send the REST API to add new or remove firewall rules.
The SqlAzureDacpacDeployment task has the source code to add firewall rules through REST API that you can refer to. Part SqlAzureDacpacDeployment source code, VstsAzureRestHelpers_.psm1 source code.
There now is a "Azure SQL InlineSqlTask" build task which u can use to automatically set firewall rules on the Azure server. Just make sure "Delete Rule After Task Ends" is not checked. And just add some dummy query like "select top 1 * from...." as "Inline SQL Script"
Trying to Create a Virtual Machine Deployment in Azure via Service Management API.
But getting the 404 http error code , though the uri is correct.I am correctly setting the values in the below format,
https://management.core.windows.net//services/hostedservices//deployments/
Anything else is missing ? Also am setting the certificates for SSL authentication.All other services seems to work but this alone is throwing a 404 http error
you mentioned you are using this url:
https://management.core.windows.net//services/hostedservices//deployments/
are you inputing your subscription-id and hosted service on which you wish to deploy?
the url should look like this:
https://management.core.windows.net/<subscription-id>/services/hostedservices/<service-name>/deployments/
taken from http://msdn.microsoft.com/en-us/library/windowsazure/jj157194
though when using the above URL i was also getting 404 responses, i needed to remove the trailing slash at the end. (".../deployments" , not ".../deployments/")
after this i started getting BadRequest Responses but this is probably just because of the XML body not being generated properly.
hope it helps
I think you are asking about Windows Azure Virtual Machines. In that case you might not be using the correct newer Powershell cmdlets to create Azure Virtual Machines because when you make new Virtual Machine cmdlets you don't need to use the management URL. It is all done during very first call when you configure connection using PublishSettings file and then set your subscription. The steps to create a new Azure Virtual Machine using Powershell cmdlets are as below:
Get-AzurePublishSettingsFile (documentation is here)
Import-AzurePublishSettingsFile azuresettings.publishsettings
New-AzureVM ** (documentation/sample script is here)
If you are using PaaS Windows Azure Web/Worker Role then you will use:
New-AzureDeployment (documented here)
A list of all new Windows Azure Powershell CMDlets is documented here.
Finally it worked.There are some errors in MSDN documentation.
uri:https://management.core.windows.net/subscriptionID/services/hostedservices/servicename/deployments
No slash at the end, but MSDN documentation gives a slash at the end.