Update WadCfg "only" of existing Azure Service Fabric cluster? - azure

I want to monitor Perfomance metrics of a existing Service Fabric Cluster.
Here is the link of Performance metrics -
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-diagnostics-event-generation-perf
I went through this Microsoft documentation -
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-diagnostics-perf-wad
My problem is, The ARM template I downloaded during Service Fabric creation time is quite big and contains lot of params and I don't have the template-params file. I think it is possible to build the params file but it will be time consuming.
Is it possible to download template and template-params file of
existing service fabric cluster ?
If no, Is it possible to just update the "WadCfg" section to add new
performance counters ?

Your can export your entire resource group with all definitions and parameters, there you can find all parameters(as default parameters) for the resources deployed in the resource group. I've never done for SF cluster, but a quick look to an existing resource group I have I could see the cluster definition included.
This link explain how: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template
In Summary:
Find the resource group where your cluster is deployed
Open the resource group and navigate to 'Automation Scripts'
Click 'Download' on top bar
Open the ARM template with all definitions
Make the modifications and save
Publish the updates
1:
2:
You could also add it to a library and deploy from there, as guided in the link above.
From the docs: Not all resource types support the export template function. To resolve this issue, manually add the missing resources back into your template.
To be honest, I've never deployed this way other than test environments, so I am not sure if it is safe for production.

Related

Migrate a data block to resource block in Terraform

Initially resources in our authentication provider were created manually through the provider web console. It worked and things went to production this way. The problem is that the configuration is increasing in complexity and I'd like to manage it through terraform files instead of continuing through the provider Web console (no backup, no way to recreate everything easily , etc.)
I initially thought of modelling my configuration with data block for the existing resources and use new resources block for the new resources we need to create. Then I wanted to migrate from the data blocks to terraform managed resources (aka resource block). Is it possible through moved block or something else? Is it possible to do it without having to recreate a new managed resource and destroy the data resource which is most likely to cause down time or disruption to the end-user?
In order to manage the resources which were initially created manually or out of terraform scope by any means, Terraform cli offers import as a native solution by Hashicorp.
Every resource has its own way of importing syntax (starting with terraform import ) which you can find at the bottom of any terraform resource definition.
As an example:
Azurerm windows_virtual_machine Import
terraform import azurerm_windows_virtual_machine.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Compute/virtualMachines/machine1
Downside of Native import: You have to import all resources one by one and sometimes just for one resource(solution) you have to make multiple import calls
as an example for a windows virtual machine, you might import
azurerm_virtual_machine_extension
azurerm_managed_disk
azurerm_virtual_machine_data_disk_attachment
as separate. It strongly depends on how would you like them to manage them at the end.
BUT
There are few open-source tools available that help If you have lots of resources that you want to bring under terraform management in a lot easier and faster way.
If you working with Azure resources then aztfy is the recommended tool as it is natively from Azure.
It does generate the terraform code, additionally, it has a feature where you can import the azure resource group, it automatically imports and generates config for the resources that the resource group is holding. Not to mention but the tool gives you a nice terminal-based-UI experience.
For other hyperscalers, there are two choices.
terracognita: can generate modules too as per their docs.
terraformer: Developed by Google people but not an official product.

Apply NSG/ASG by default on new subnets (Azure)

We manage an Azure subscription operated by several countries. Each of them is quite independant about they can do (create/edit/remove resources). A guide of good practices has been sent to them, but we (security team) would like to ensure a set of NSG is systematically applied for every new subnet/vnet created.
Giving a look to Azure Triggers, I am not sure that subnet creation belongs to the auditable events. I also was told to give a look to Azure policy, but once again I am not sure this will match our expectations which are : For every new vnet/subnet, automatically apply a set of predefined NSG.
Do you have any idea about a solution for our need ?
I have done work like this in the past (not this exact issue) and the way I solved it was with an Azure Function that walked the subscription and looked for these kinds of issues. You could have the code run as a Managed Identity with Reader rights on the subscription to report issues, or as a Contributor to update the setting. Here's some code that shows how you could do this with PowerShell https://github.com/Azure/azure-policy/tree/master/samples/Network/enforce-nsg-on-subnet
You could consider using a Policy that has a DeployIfNotExists Action, to deploy an ARM template that contains all the data for the NSG. https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-deploy-resources
You can get the ARM template by creating the NSG and getting the template:
GettingNSGTemplate
Note also that creating a subnet is audited, you can see it in the Activity Log for the VNet. See the screen shot.
AddingASubnet

Tag a Managed Resource Group for Azure Databricks

Given that managed resource groups are mandatory for creating an Azure Databricks cluster, is there any way that I can tag the resource group in order to comply with the tagging policy on my subscription?
I am using the template here to deploy my resources.
Based on the post I found:,
Since Feb 10 2020, the Databricks resource will propagate any tags applied to the Databricks resource to the managed resources it created.
I think the solution is more simpler now by tagging Databricks resource directly.
Hope this answer (by others) works for everyone seeing this post.
Any tags that you use when creating the Databricks workspace will be used for the managed resource group as well so just make sure you add the needed tags to the workspace when creating it. I know this works when creating the workspace from the Azure Portal but I can't see any reason this wouldn't work when using ARM templates (or Terraform for that matter).
Also, I'm also pretty sure that future changes will be propagated to said resource group.

Cloning an Azure resource group using Deployment Details?

I am trying to replicate an existing Azure resource group using arm templates from the automation script section but running into a warning message about 10 resources types cannot be exported yet. One being Azure data factory. After searching online I found that templates for some resource types are not yet available. While looking at the Deployment section in my resource group, I am able to see a deployment details download link for each resource.
Can those be used to recreate each resource into a new resource group? Or is my best bet downloading the template from the automation script section and manually adding the resources for which the template are not yet available?
Any help would be appreciated.
Some of the warnings I got:
ResourceTypeSchemaNotFound:
***The schema of resource type 'Microsoft.DataFactory/dataFactories' is not available. Resources of this type will not be exported to the
template. (Code: ResourceTypeSchemaNotFound, Target:
Microsoft.DataFactory/dataFactories
ExportTemplateProviderError: all related to sql server
***Could not get resources of the type 'Microsoft.Sql/servers/connectionPolicies'. Resources of this type
will not be exported. (Code: ExportTemplateProviderError, Target:
Microsoft.Sql/servers/connectionPolicies)
***Could not get resources of the type 'Microsoft.Sql/servers/backupLongTermRetentionVaults'
***Could not get resources of the type 'Microsoft.Sql/servers/extendedAuditingSettings'.
The Azure resource group ARM templates from the automation script section are not as comprehensive as they should probably be. For example, it is quite possible to deploy a Data Factory instance from ARM. It provides a reasonable starting point but you will find resources that don't deploy as well as a lot of superfluous cruft.
The approach I take is to start from a clean template in Visual Studio and then construct a project from a blank template or quick-start, then refer to the template documentation and build up from scratch, using your exported ARM template from your resource group to help work out how it should look. This results in a nice clean reusable template project.
Unfortunately I have not found an better way yet.

Azure Resource Manager Template parameters

I am trying my hands on over Azure Resource manager templates.
So for making any new resource I am trying to find out which all parameters are required and if they are mandatory or optional. But couldn't get any documentation for same.
I am looking for documentation which is somewhat similar to AWS. To get better in sites about the resources.
Thanks in advance!!
EDIT
I am not looking for parameters in general which are passed to the template. What I want is the resources parameters. The parameters which are given under the properties tag of every resource
Example-
In the below resource "virtualNetworks" there are resource parameters like addressSpace, subnets.
virtualNetworks
This should help you.
It is the schema for deployment templates. Within it, there are schemas for every type of resource that can be put into an arm template. For example, if we look at the schema for Virtual Machines, it contains all the available properties, profiles, extensions, what is required or not, etc.
However, it shouldn't be necessary for you to really look at this and learn it. When you are creating your arm template in visual studio, intellisense should kick in and show you whether what you are putting in the template is valid or not. For example, here I am editing the properties of a public IP, and it shows me what the available properties to add are.
you are right, there is a lack of documentation for resources and required parameters.
My advice is:
Check the Azure-Quickstart Templates, more than enough examples: Quickstart Templates
Since some days you can export ARM Templates from the Azure Portal. So create your resource in portal and export the Templates & Parameters: Microsoft Blog
Check the resource Explorer: Resource Explorer

Resources