How to get FQDN of Azure VM in ARM template output - azure

Following is my template to create Public IP address. Now I want to get the output of fqdn for PublicIPAddress.
"name": "[variables('publicIPAddressName')]",
"type": "Microsoft.Network/publicIpAddresses",
"apiVersion": "2018-06-01",
"location": "eastus",
"properties": {
"publicIpAllocationMethod": "Static",
"dnsSettings": {
"domainNameLabel": "mycompany"
}
}
"outputs": {
"fqdn": {
"type": "string",
"value": "[if(equals(parameters('serverName'), 'app'), reference(resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))).dnsSettings.fqdn, json(null))]"
}
}
When I deploy the above template, I see the following error
"message": "{\r\n \"error\": {\r\n \"code\": \"InvalidTemplate\",\r\n \"message\": \"Deployment template validation failed: 'The template output 'fqdn' at line '259' and column '13' is not valid: Unable to parse language expression 'if(equals(parameters('serverName'), 'paxata'), reference(variables('publicIPAddressName')).dnsSettings.fqdn, json(null))': expected token 'LeftParenthesis' and actual 'RightParenthesis'.. Please see https://aka.ms/arm-template-expressions for usage details.'.\"\r\n }\r\n}"

I am able to solve this issue by updating the else condition in fqdn outputs section and it works well.
"fqdn": {
"type": "string",
"value": "[if(equals(parameters('server'), 'app'), reference(resourceId('Microsoft.Network/publicIPAddresses', 'publicip3')).dnsSettings.fqdn, 'FQDN not available')]"
}

Related

Microsoft.ApiManagement/service/diagnostics/loggers in Azure API Manager ARM template

This is how the chunk of the ARM template looks:
{
"type": "Microsoft.ApiManagement/service/diagnostics/loggers",
"apiVersion": "2018-01-01",
"name": "[concat(variables('gatewayName'), '/applicationinsights/', variables('gatewayName'))]",
"dependsOn": [
"[resourceId('Microsoft.ApiManagement/service/diagnostics', variables('gatewayName'), 'applicationinsights')]",
"[resourceId('Microsoft.ApiManagement/service', variables('gatewayName'))]"
],
"properties": {
"loggerType": "applicationInsights",
"credentials": {
"instrumentationKey": "[reference(resourceId('Microsoft.Insights/components', variables('appInsights')), '2014-04-01').InstrumentationKey]"
},
"isBuffered": true,
"resourceId": "[variables('appInsights')]"
}
},
For two days our ARM template deployment is failing with the error:
{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"error\": {\r\n \"code\": \"MethodNotAllowedInPricingTier\",\r\n \"message\": \"Method not allowed in this pricing tier\",\r\n \"details\": null\r\n }\r\n}"}]}}
Although the error states the pricing tier, there were no changes in the template.
Verbatim google search result shows that the resource existed before as the first result item.
The documentation does not mention it anymore in the diagnostics section.
GitHub, though, remembers the resource but mentions different properties within the object:
"service_diagnostics_loggers": {
"type": "object",
"properties": {
"apiVersion": {
"type": "string",
"enum": [
"2018-01-01"
]
},
"name": {
"oneOf": [
{
"type": "string",
"pattern": "(^[\\w]+$)|(^[\\w][\\w\\-]+[\\w]$)",
"maxLength": 80
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "Logger identifier. Must be unique in the API Management service instance."
},
"type": {
"type": "string",
"enum": [
"Microsoft.ApiManagement/service/diagnostics/loggers"
]
}
},
"required": [
"apiVersion",
"name",
"type"
],
"description": "Microsoft.ApiManagement/service/diagnostics/loggers"
}
It looks like the resource was removed from the ARM template infrastructure silently. What is wrong my analysis?
diagnostics/loggers resource does exist in 2018-01-01 API version: https://github.com/Azure/azure-rest-api-specs/blob/main/specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2018-01-01/apimdiagnostics.json
After that though it was removed and replaced by loggerId property on diagnostic entity itself: https://github.com/Azure/azure-rest-api-specs/blob/main/specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2019-01-01/definitions.json#L1771
We'll check why older API version doesn't seem to work, meanwhile you could try migrating to a newer API version.

ARM Template - Creating a template for VirtualnetworkGateway combined in a single template

I have created a template which is meant to deploy a complete network solution, which includes 2-subnets, vnet, vnetgw and pubip. I am looking for a way to programmatically reference some of the resource id's such that it makes the template more dynamic and can be used as many times as possible. secondly, the templates generates an error on deployment which obviously is as a result of the the references i mentioned earlier. Pls see error below;
New-AzResourceGroupDeployment: Line | 3 |
New-AzResourceGroupDeployment -ResourceGroupName rg-vnet-dev -Templat
…
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 19:05:58 - Resource Microsoft.Network/virtualNetworkGateways 'rgvnetdev-vnetgw' failed with message '{ "error": {
"code": "InvalidTemplate",
"message": "Unable to process template language expressions for resource
'/subscriptions/77dd2569-6341-4c72-880d-ef59413db99e/resourceGroups/rg-vnet-dev/providers/Microsoft.Network/virtualNetworkGateways/rgvnetdev-vnetgw'
at line '279' and column '9'. 'Unable to evaluate template language
function 'resourceId': the type
'Microsoft.Network/virtualNetworks/subnets' requires '2' resource name
argument(s). Please see
https://aka.ms/arm-template-expressions/#resourceid for usage
details.'",
"additionalInfo": [
{
"type": "TemplateViolation",
"info": {
"lineNumber": 279,
"linePosition": 9,
"path": ""
}
}
] } }
I will be happy to share the code, if this would assist in resolving my issue. The error relates to referencing the vnet dependson for creating vnetgw.
From the error message, it seems that referenced subnet id is invalid. This function resourceId format is
resourceId([subscriptionId], [resourceGroupName], resourceType, resourceName1, [resourceName2], ...)
In this case, you probably lacks the VNet name at line '279', the referenced subnet id should be like this:
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet1Name'))]"
},
{
"type": "Microsoft.Network/virtualNetworkGateways",
"apiVersion": "2019-12-01",
"name": "[variables('vnetgwname')]",
"location": "[parameters('Location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses',variables('pubIp'))]",
"[resourceId('Microsoft.Network/virtualNetworks',variables('VNetName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "vnetgatewayconfig",
"properties": {
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('pubIp'))]"
},
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets',variables('VNetName'),variables('Uniquegwsubnet'))]"
},
"privateIPAllocationMethod": "[parameters('publicIPAllocationMethod')]"
}
}
],
"sku": {
"name": "[parameters('sku')]",
"tier": "[parameters('sku')]"
},
"gatewayType": "[parameters('gatewayType')]",
"vpnType": "[parameters('VpnType')]",
"activeActive": false,
"enableBgp": false,
"vpnGatewayGeneration": "[parameters('vpnGatewayGeneration')]"
}
},

I want to create a runbook on an automation account with a shedule already connected to it through arm

With my ARM template I want to create an automation account with a runbook and a shedule , so far so good. But if i want to connect my shedule to my runbook through the template I can't seem to find the working way to do this.
First try (working) : create automation account with a runbook and a shedule
"variables": {
"name": "StartAllVM",
"url": "https://gallery.technet.microsoft.com/scriptcenter/Start-Azure-V2-VMs-6352312e/file/147007/1/Start-AzureV2VMs.ps1",
"version": "1.0.0.0",
"type": "PowerShell",
"description": "This PowerShell script runbook connects to Azure and starts all VMs in an Azure subscription or cloud service"
},
"resources": [
{
"name": "AutomationDev",
"type": "Microsoft.Automation/automationAccounts",
"apiVersion": "2015-10-31",
"properties": {
"sku": {
"name": "Free"
}
},
"location": "[parameters('location')]",
"tags": {},
"resources": [
{
"name": "[variables('name')]",
"type": "runbooks",
"apiVersion": "2015-01-01-preview",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev')]"
],
"properties": {
"runbookType": "PowerShell",
"logProgress": false,
"logVerbose": true,
"publishContentLink": {
"uri": "[variables('url')]",
"version": "[variables('version')]"
}
}
},
{
"comments": "",
"type": "schedules",
"name": "shedule1",
"apiVersion": "2015-10-31",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev')]",
"[variables('name')]"
],
"properties": {
"description": "VM Patch Automation Schedule",
"startTime": "06:00PM",
"expiryTime": "",
"isEnabled": true,
"interval": 1,
"frequency": "Week",
"timeZone": "UTC",
"advancedSchedule": {
"weekDays": [
"Monday"
]
}
}
}
]
}
]
Second try here i don't get errors but the shedule is not connected to the runbook
- I added "runbook": "variables('name')", to the shedule properties
third try (here i get errors that my dependes on is not right configured
i tried to add the shedule block inside a resource value of the runbook like this
{
"name": "[variables('name')]",
"type": "runbooks",
"apiVersion": "2015-01-01-preview",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev')]"
],
"properties": {
"runbookType": "PowerShell",
"logProgress": false,
"logVerbose": true,
"publishContentLink": {
"uri": "[variables('url')]",
"version": "[variables('version')]"
}
},
"resources": [
{
"comments": "",
"type": "schedules",
"name": "shedule1",
"apiVersion": "2015-10-31",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev' , variables('name'))]",
],
"properties": {
"description": "VM Patch Automation Schedule",
"runbook": "variables('name')",
"startTime": "06:00PM",
"expiryTime": "",
"isEnabled": true,
"interval": 1,
"frequency": "Week",
"timeZone": "UTC",
"advancedSchedule": {
"weekDays": [
"Monday"
]
}
}
}
]
}
The error i got is as followed:
New-AzureRmResourceGroupDeployment : 16:43:44 - Error: Code=InvalidTemplate; Message=Deployment template validation fai
led: 'The resource '/subscriptions/xxxxxxxx/resourceGroups/xxxx/providers/Microsoft.Automa
tion/automationAccounts/AutomationDev/runbooks/StartAllVM/schedules/shedule1' at line '54' and column '17' doesn't depe
nd on parent resource '/subscriptions/xxxxxxxx/resourceGroups/xxx/providers/Microsoft.Aut
omation/automationAccounts/AutomationDev/runbooks/StartAllVM'. Please add dependency explicitly using the 'dependsOn' s
yntax. Please see https://aka.ms/arm-template/#resources for usage details.'.
I have no clue which option is the right one, i think my third try is the right way to add a shedule to a runbook but i can't seem to find the right way to use the right depends on
[Edit]
Like the answers mentioned my depends on structure was not good , after I changed this I keep getting following error. And I am looking some time now for a solution but can't seem to find which resource they are mentioning that is missing
I used following depends on :
"[resourceId('Microsoft.Automation/automationAccounts/runbooks', 'AutomationDev' , variables('name'))]"
And got this error.
New-AzureRmResourceGroupDeployment : 9:03:47 - Resource Microsoft.Automation/automationAccounts/runbooks/schedules 'AutomationDev/StartAllVM/shedule1' failed with message '{
"error": {
"code": "BadRequest",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\
r\n<title>404 - File or directory not found.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:
#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#cont
ent{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"con
tent-container\"><fieldset>\r\n <h2>404 - File or directory not found.</h2>\r\n <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n"
}
I know this question was asked a while ago, but I just worked out how to do this for myself and thought I'd post in case it can help anyone else:
Adding a schedule block inside the template will create the schedule but not connect it to the runbook. To connect the two together, you have to create a job schedule as well.
The steps I took to fix this are as follows:
1. Add the runbook block as a child resource of the Automation Account
2. Add the schedule block as a child resource of the Automation Account (not as a child of the runbook - this is what threw the last error)
3. Add a job schedule block as a child resource of the Automation Account, and pass in the name of the runbook and the name of the schedule:
{
"name": "string",
"type": "Microsoft.Automation/automationAccounts/jobSchedules",
"apiVersion": "2015-10-31",
"properties": {
"schedule": {
"name": "string"
},
"runbook": {
"name": "string"
}
}
}
Obviously you might need to mess around a bit more to get yours working properly but these are the general steps I took :)
-NOTE- don't forget to add dependencies where necessary (e.g. job schedule will depend on the runbook and the schedule already existing)
References:
jobSchedules
Dependencies
Your depends on should be:
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev/runbooks/' , variables('name'))]",
],
Alternatively, you can use resourceId() function, which gives a more readable result:
"dependsOn": [
"[resourceId('Microsoft.Automation/automationAccounts/runbooks', 'AutomationDev' , variables('name'))]",
]
with resourceId you can, also, construct resourceId for resources in other subscriptions \ resourcegroups easily.
resourceId([subscriptionId], [resourceGroupName], resourceType, resourceName1, [resourceName2]...)
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions-resource#resourceid
Using Bicep this is a lot simpler.
Create a schedules.bicep file with the following content:
param guidValue string = newGuid()
var aaName = 'your-automation-account-name'
var runbookName = 'your-runbook-name'
var scheduleName = 'the-desired-schedule-name'
var scheduleFullName = '${aaName}/${scheduleName}'
var scheduleAssignment = '${aaName}/${guidValue}'
resource schedule 'Microsoft.Automation/automationAccounts/schedules#2020-01-13-preview' = {
name: scheduleFullName
properties: {
frequency: 'Day'
interval: any(6)
startTime: '2021-10-10'
}
}
resource jobSchedule 'Microsoft.Automation/automationAccounts/jobSchedules#2020-01-13-preview' = {
name: scheduleAssignment
properties: {
runbook: {
name: runbookName
}
schedule: {
name: scheduleName
}
}
}
Then using Azure CLI just run az deployment group create -f schedules.bicep -g your-resourcegroup-name.
Note: I was referencing an existing Automation Account and Runbook but you could add those resources to the template as well. Also to generate the classic JSON ARM Templates you could run az bicep build -f schedules.bicep.

How do I use Azure Key Vault secret in linked template

I'm trying to create automation variable off KeyVault secret. I assume I can probably do the same thing what is currently done in main template for retrieving windows password but it fails with non-descriptive error below. Not sure what shall be done next to troubleshoot.
Error
{
"code": "BadRequest",
"message": "{\"Message\":\"The request is invalid.\",\"ModelState\":{\"variable.properties.value\":[\"An error has occurred.\"]}}"
}
Template
{
"name": "mystring",
"type": "variables",
"apiVersion": "2015-10-31",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', parameters('AutomationAccountName'))]"
],
"properties": {
"value": {
"reference": {
"keyVault": {
"id": "[resourceId(subscription().subscriptionId, 'Utility-RG', 'Microsoft.KeyVault/vaults', 'MyKeyVault')]"
},
"secretName": "WindowsPasswordSecret"
}
},
"description": "test var",
"isEncrypted": false
}
}
That error is indeed helpful, while I have no idea what went wrong there, I can tell you how to work around that, you need to pass the data from the KV to the template (as input parameter) not to the resource. And in the template use parameter to assign value to the object in question.
Reference: https://github.com/4c74356b41/bbbb-is-the-word/blob/master/_arm/parent.json#L151

ARM deployment fails with incorrect DSC extension template error

I have ARM deployment template, which contains VM resource with DSC extension
"resources": [
{
"name": "Microsoft.Powershell.DSC",
"type": "extensions",
"location": "[resourceGroup().location]",
"apiVersion": "2015-06-15",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines', parameters('appVMName'))]"
],
"tags": {
"displayName": "appDSC"
},
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.9",
"autoUpgradeMinorVersion": true,
"forceUpdateTag": "[parameters('appDSCUpdateTagVersion')]",
"settings": {
"configuration": {
"url": "[parameters('dscArchiveUrl')]",
"script": "appDSC.ps1",
"function": "Main"
},
"configurationArguments": {
"nodeName": "[parameters('appVMName')]",
"webDeployPackage": "[parameters('appWebPackage')]",
"backgroundServicePackage": "[parameters('backgroundServicePackage')]"
}
}
}
}
]
I managed to make this work for the first time I executed it, but now it responds with error:
15:37:17 - Resource Microsoft.Compute/virtualMachines 'Unique-InApp' failed with message '{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'Microsoft.Powershell.DSC'. Error message: \"The
DSC Extension received an incorrect input: Configuration.url requires that configuration.script is specified.\nPlease c
orrect the input and retry executing the extension.\"."
}
]
}
}'
As you can see, I obviously put script to configuration, but for some reason it is not recognized by ARM deployment script.
I suppose, this is just wrong error message and I have different problem, but without proper diagnostic information I am not able to understand it.
So what is the problem and how to fix it?
Looking at this example and at the schema seems like you are doing it wrong.
I don't see script or function properties for DSC extension, instead I see configurationFunction property, which supposedly takes a value similar to this:
ContosoWebsite.ps1\\ContosoWebsite
Second slash is used to escape the first one ;)

Resources