Azure resource can't find dependancy when deploying - azure

I'm trying to deploy an Azure Windows VM using templates and keep running into the error code: InvalidResourceReference Resource X referenced by Resource Y was not found. Resource X is Microsoft.Network/networkSecurityGroups (named 'FBI') and resource Y is Microsoft.Network/networkInterfaces (named vInterface).
All my required resources are created during this deployment with their dependencies set in the template. The first thing I did was confirm that my FBI resource exists, which it did:
Next I ensured that my FBI security group was listed as a dependency in vInterface to ensure that FBI does get created first before vInterface is created, which it is:
{
"name": "[parameters('networkInterfaceName')]",
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2018-04-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIpAddressName'))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"privateIPAllocationMethod": "Dynamic",
"publicIpAddress": {
"id": "[resourceId('VMGroup','Microsoft.Network/publicIpAddresses', parameters('publicIpAddressName'))]"
}
}
}
],
"networkSecurityGroup": {
"id": "[resourceId('VMGroup', 'Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]"
}
}
}
I can confirm that the location is the same for both of these resources. Everything looks ok but I can't figure out why my vInterface can't find/see my FBI security group.
For reference here's the full error message:
"error": {
"code": "InvalidResourceReference",
"message": "Resource /subscriptions/---/resourceGroups/VMGroup/providers/Microsoft.Network/networkSecurityGroups/FBI referenced by resource /subscriptions/---/resourceGroups/VMDeployment/providers/Microsoft.Network/networkInterfaces/vInterface was not found. Please make sure that the referenced resource exists, and that both resources are in the same region.",
"details": []

You are probably deploying to a resource group not called vmgroup hence this error.
your resource id's are hardcoded to vmgroup resource group, not to the resource group you are deploying to; change your resourceId() input to:
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]"
ps. you have it in 2 places.

Related

ARM Create nested Management Group

I try to create an ARM Template for building the ground structure with ManagementGroups
and Subscriptions. My current problem is that I can't create nested Management Groups,
did somebody already something similiar?
I already have seen this Doc Article:
https://learn.microsoft.com/en-us/azure/templates/microsoft.management/managementgroups?tabs=json
See https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-to-management-group?tabs=azure-cli#management-group
You need to specify properties.details.parent.id:
"resources": [
{
"name": "[parameters('mgName')]",
"type": "Microsoft.Management/managementGroups",
"apiVersion": "2020-05-01",
"scope": "/",
"location": "eastus",
"properties": {
"details": {
"parent": {
"id": "[tenantResourceId('Microsoft.Management/managementGroups', parameters('parentMG'))]"
}
}
}
}
],

ARM Template - Creating a template for VirtualnetworkGateway combined in a single template

I have created a template which is meant to deploy a complete network solution, which includes 2-subnets, vnet, vnetgw and pubip. I am looking for a way to programmatically reference some of the resource id's such that it makes the template more dynamic and can be used as many times as possible. secondly, the templates generates an error on deployment which obviously is as a result of the the references i mentioned earlier. Pls see error below;
New-AzResourceGroupDeployment: Line | 3 |
New-AzResourceGroupDeployment -ResourceGroupName rg-vnet-dev -Templat
…
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 19:05:58 - Resource Microsoft.Network/virtualNetworkGateways 'rgvnetdev-vnetgw' failed with message '{ "error": {
"code": "InvalidTemplate",
"message": "Unable to process template language expressions for resource
'/subscriptions/77dd2569-6341-4c72-880d-ef59413db99e/resourceGroups/rg-vnet-dev/providers/Microsoft.Network/virtualNetworkGateways/rgvnetdev-vnetgw'
at line '279' and column '9'. 'Unable to evaluate template language
function 'resourceId': the type
'Microsoft.Network/virtualNetworks/subnets' requires '2' resource name
argument(s). Please see
https://aka.ms/arm-template-expressions/#resourceid for usage
details.'",
"additionalInfo": [
{
"type": "TemplateViolation",
"info": {
"lineNumber": 279,
"linePosition": 9,
"path": ""
}
}
] } }
I will be happy to share the code, if this would assist in resolving my issue. The error relates to referencing the vnet dependson for creating vnetgw.
From the error message, it seems that referenced subnet id is invalid. This function resourceId format is
resourceId([subscriptionId], [resourceGroupName], resourceType, resourceName1, [resourceName2], ...)
In this case, you probably lacks the VNet name at line '279', the referenced subnet id should be like this:
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet1Name'))]"
},
{
"type": "Microsoft.Network/virtualNetworkGateways",
"apiVersion": "2019-12-01",
"name": "[variables('vnetgwname')]",
"location": "[parameters('Location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses',variables('pubIp'))]",
"[resourceId('Microsoft.Network/virtualNetworks',variables('VNetName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "vnetgatewayconfig",
"properties": {
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('pubIp'))]"
},
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets',variables('VNetName'),variables('Uniquegwsubnet'))]"
},
"privateIPAllocationMethod": "[parameters('publicIPAllocationMethod')]"
}
}
],
"sku": {
"name": "[parameters('sku')]",
"tier": "[parameters('sku')]"
},
"gatewayType": "[parameters('gatewayType')]",
"vpnType": "[parameters('VpnType')]",
"activeActive": false,
"enableBgp": false,
"vpnGatewayGeneration": "[parameters('vpnGatewayGeneration')]"
}
},

I want to create a runbook on an automation account with a shedule already connected to it through arm

With my ARM template I want to create an automation account with a runbook and a shedule , so far so good. But if i want to connect my shedule to my runbook through the template I can't seem to find the working way to do this.
First try (working) : create automation account with a runbook and a shedule
"variables": {
"name": "StartAllVM",
"url": "https://gallery.technet.microsoft.com/scriptcenter/Start-Azure-V2-VMs-6352312e/file/147007/1/Start-AzureV2VMs.ps1",
"version": "1.0.0.0",
"type": "PowerShell",
"description": "This PowerShell script runbook connects to Azure and starts all VMs in an Azure subscription or cloud service"
},
"resources": [
{
"name": "AutomationDev",
"type": "Microsoft.Automation/automationAccounts",
"apiVersion": "2015-10-31",
"properties": {
"sku": {
"name": "Free"
}
},
"location": "[parameters('location')]",
"tags": {},
"resources": [
{
"name": "[variables('name')]",
"type": "runbooks",
"apiVersion": "2015-01-01-preview",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev')]"
],
"properties": {
"runbookType": "PowerShell",
"logProgress": false,
"logVerbose": true,
"publishContentLink": {
"uri": "[variables('url')]",
"version": "[variables('version')]"
}
}
},
{
"comments": "",
"type": "schedules",
"name": "shedule1",
"apiVersion": "2015-10-31",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev')]",
"[variables('name')]"
],
"properties": {
"description": "VM Patch Automation Schedule",
"startTime": "06:00PM",
"expiryTime": "",
"isEnabled": true,
"interval": 1,
"frequency": "Week",
"timeZone": "UTC",
"advancedSchedule": {
"weekDays": [
"Monday"
]
}
}
}
]
}
]
Second try here i don't get errors but the shedule is not connected to the runbook
- I added "runbook": "variables('name')", to the shedule properties
third try (here i get errors that my dependes on is not right configured
i tried to add the shedule block inside a resource value of the runbook like this
{
"name": "[variables('name')]",
"type": "runbooks",
"apiVersion": "2015-01-01-preview",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev')]"
],
"properties": {
"runbookType": "PowerShell",
"logProgress": false,
"logVerbose": true,
"publishContentLink": {
"uri": "[variables('url')]",
"version": "[variables('version')]"
}
},
"resources": [
{
"comments": "",
"type": "schedules",
"name": "shedule1",
"apiVersion": "2015-10-31",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev' , variables('name'))]",
],
"properties": {
"description": "VM Patch Automation Schedule",
"runbook": "variables('name')",
"startTime": "06:00PM",
"expiryTime": "",
"isEnabled": true,
"interval": 1,
"frequency": "Week",
"timeZone": "UTC",
"advancedSchedule": {
"weekDays": [
"Monday"
]
}
}
}
]
}
The error i got is as followed:
New-AzureRmResourceGroupDeployment : 16:43:44 - Error: Code=InvalidTemplate; Message=Deployment template validation fai
led: 'The resource '/subscriptions/xxxxxxxx/resourceGroups/xxxx/providers/Microsoft.Automa
tion/automationAccounts/AutomationDev/runbooks/StartAllVM/schedules/shedule1' at line '54' and column '17' doesn't depe
nd on parent resource '/subscriptions/xxxxxxxx/resourceGroups/xxx/providers/Microsoft.Aut
omation/automationAccounts/AutomationDev/runbooks/StartAllVM'. Please add dependency explicitly using the 'dependsOn' s
yntax. Please see https://aka.ms/arm-template/#resources for usage details.'.
I have no clue which option is the right one, i think my third try is the right way to add a shedule to a runbook but i can't seem to find the right way to use the right depends on
[Edit]
Like the answers mentioned my depends on structure was not good , after I changed this I keep getting following error. And I am looking some time now for a solution but can't seem to find which resource they are mentioning that is missing
I used following depends on :
"[resourceId('Microsoft.Automation/automationAccounts/runbooks', 'AutomationDev' , variables('name'))]"
And got this error.
New-AzureRmResourceGroupDeployment : 9:03:47 - Resource Microsoft.Automation/automationAccounts/runbooks/schedules 'AutomationDev/StartAllVM/shedule1' failed with message '{
"error": {
"code": "BadRequest",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\
r\n<title>404 - File or directory not found.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:
#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#cont
ent{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"con
tent-container\"><fieldset>\r\n <h2>404 - File or directory not found.</h2>\r\n <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n"
}
I know this question was asked a while ago, but I just worked out how to do this for myself and thought I'd post in case it can help anyone else:
Adding a schedule block inside the template will create the schedule but not connect it to the runbook. To connect the two together, you have to create a job schedule as well.
The steps I took to fix this are as follows:
1. Add the runbook block as a child resource of the Automation Account
2. Add the schedule block as a child resource of the Automation Account (not as a child of the runbook - this is what threw the last error)
3. Add a job schedule block as a child resource of the Automation Account, and pass in the name of the runbook and the name of the schedule:
{
"name": "string",
"type": "Microsoft.Automation/automationAccounts/jobSchedules",
"apiVersion": "2015-10-31",
"properties": {
"schedule": {
"name": "string"
},
"runbook": {
"name": "string"
}
}
}
Obviously you might need to mess around a bit more to get yours working properly but these are the general steps I took :)
-NOTE- don't forget to add dependencies where necessary (e.g. job schedule will depend on the runbook and the schedule already existing)
References:
jobSchedules
Dependencies
Your depends on should be:
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', 'AutomationDev/runbooks/' , variables('name'))]",
],
Alternatively, you can use resourceId() function, which gives a more readable result:
"dependsOn": [
"[resourceId('Microsoft.Automation/automationAccounts/runbooks', 'AutomationDev' , variables('name'))]",
]
with resourceId you can, also, construct resourceId for resources in other subscriptions \ resourcegroups easily.
resourceId([subscriptionId], [resourceGroupName], resourceType, resourceName1, [resourceName2]...)
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions-resource#resourceid
Using Bicep this is a lot simpler.
Create a schedules.bicep file with the following content:
param guidValue string = newGuid()
var aaName = 'your-automation-account-name'
var runbookName = 'your-runbook-name'
var scheduleName = 'the-desired-schedule-name'
var scheduleFullName = '${aaName}/${scheduleName}'
var scheduleAssignment = '${aaName}/${guidValue}'
resource schedule 'Microsoft.Automation/automationAccounts/schedules#2020-01-13-preview' = {
name: scheduleFullName
properties: {
frequency: 'Day'
interval: any(6)
startTime: '2021-10-10'
}
}
resource jobSchedule 'Microsoft.Automation/automationAccounts/jobSchedules#2020-01-13-preview' = {
name: scheduleAssignment
properties: {
runbook: {
name: runbookName
}
schedule: {
name: scheduleName
}
}
}
Then using Azure CLI just run az deployment group create -f schedules.bicep -g your-resourcegroup-name.
Note: I was referencing an existing Automation Account and Runbook but you could add those resources to the template as well. Also to generate the classic JSON ARM Templates you could run az bicep build -f schedules.bicep.

arm template virtualNetworkName creation appendix issue

I am trying to get a arm template running and have hit an issue with the virtualnetwork creation.
azuredeploy.json
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "Name of virtual network to be created"
},
"defaultValue": "autohav2VNET"
},
vnet-net.json
"resources": [
{
"name": "[parameters('virtualNetworkName')]",
"type": "Microsoft.Network/virtualNetworks",
"location": "[parameters('location')]",
"apiVersion": "2015-06-15",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('virtualNetworkAddressRange')]"
]
},
"subnets": "[parameters('subnets')]"
}
}
]
The issue I am getting is that the vnet gets created with an appendix such as this: autohav2VNETl5g
So when this gets used to create a loadblancer, the names doe not match the defined parameter and the creation fails.
..../virtualNetworks/AUTOHAV2VNET referenced by resource .... /Microsoft.Network/loadBalancers/sqlLoadBalancer was not found.
Any suggestions?
with the data given it impossible to be sure why this is happening. you are probably passing in a value to the parameter virtualNetworkName. because if you wouldn't, than the vnet name would be: autohav2VNET.
ARM templates do not append anything anywhere just because they are arm templates. they only do what you designed them to do.
to help with debugging: how you are invoking the template and full template + full parameters file.

Azure Automation DSC compilation job failing with 404 from ARM template

I have created an ARM template which successfully creates an Automation Account in Azure and then creates a module and DSC configuration in that account.
When I add a Microsoft.Automation/automationAccounts/Compilationjobs resource to compile the DSC configuration, the template deployment fails at this step with 404 - File or directory not found.
The Compilationjobs resource exists as a top level resource in the template as follows:
{
"apiVersion": "2015-10-31",
"type": "Microsoft.Automation/automationAccounts/Compilationjobs",
"name": "automationAccountName/jobId123",
"location": "[variables('location')]",
"tags": {
},
"dependsOn": [
"Microsoft.Automation/automationAccounts/automationAccountName",
"modulesResourceLoop"
],
"properties": {
"configuration": {
"name": "DSCConfigurationName"
}
}
}
When I call Start-AzureRmAutomationDscCompilationJob with the same details the compilation job is created and completes successfully.
Compiling the configuration involves creating a compliationJob. Under the hood it's a PUT call to /CompiliationJobs/{guid}. so the trick here is to pass a new guid into the arm template when invoking compilation job.
Something like the following, you will need to define the parameter compilationJobGuid:
{
"name": "[parameters('compilationJobGuid')]",
"apiVersion": "2015-10-31",
"type": "Microsoft.Automation/automationAccounts/Compilationjobs",
"location": "[variables('location')]",
"tags": {
},
"dependsOn": [
"Microsoft.Automation/automationAccounts/automationAccountName",
"modulesResourceLoop"
],
"properties": {
"configuration": {
"name": "DSCConfigurationName"
}
}
}

Resources