I got this API Management ARM template
{
"apiVersion": "2017-03-01",
"name": "[variables('am-apimanagement-service-name')]",
"type": "Microsoft.ApiManagement/service",
"location": "North Europe",
"sku": {
"name": "[parameters('am-sku')]",
"capacity": "[parameters('am-skuCount')]"
},
"properties": {
"publisherEmail": "[parameters('am-publisher-email-p')]",
"publisherName": "[parameters('am-publisher-name-p')]"
},
"resources": [
{
"type": "apis",
"apiVersion": "2017-03-01",
"name": "test",
"dependsOn": [
"[concat('Microsoft.ApiManagement/service/',variables('am-apimanagement-service-name'))]"
],
"properties": {
"displayName": "test",
"description": "",
"serviceUrl": "[concat('https://test-',parameters('environment'),'.azurewebsites.net')]",
"path": "test",
"protocols": [
"https"
],
"isCurrent": true
},
"resources": [
{
"apiVersion": "2017-03-01",
"type": "operations",
"name": "GetTEst",
"dependsOn": [
"[concat('Microsoft.ApiManagement/service/', variables('am-apimanagement-service-name'), '/apis/test')]"
],
"properties": {
"displayName": "GET",
"method": "GET",
"urlTemplate": "/api/sites",
"description": "Get"
}
}
]
}
]
}
And this Web API ARM template
{
"apiVersion": "2016-03-01",
"name": "[variables('swa-name')]",
"type": "Microsoft.Web/sites",
"properties": {
"name": "[variables('swa-name')]",
"serverFarmId": "[variables('swa-hosting-plan-name')]",
"hostingEnvironment": "[parameters('swa-hosting-environment')]",
"siteConfig": {
"appSettings": [
{
"name": "Test:ConnectionString",
"value": "[concat('Server=tcp:', reference(resourceId('Microsoft.Sql/servers/', variables('db-serverName'))).fullyQualifiedDomainName, ',1433;Initial Catalog=', variables('db-databaseName'), ';Persist Security Info=False;User ID=', parameters('db-administratorLogin'), ';Password=', parameters('db-administratorLoginPassword'), ';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;')]"
}
],
"ipSecurityRestrictions": [
{
"ipAddress": "[variables('test-ip-address')]",
"subnetMask": "255.255.255.255"
}
]
}
},
"location": "[parameters('swa-location')]",
"tags": {
},
"kind": "api",
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', variables('swa-hosting-plan-name'))]"
]
}
How do I use the reference function to get IP address of the API Management resource from the Web API ? I want to put the API Management IP address in the ipSecurityRestrictions. I can not figure it out, and it is frustrating me quite a bit.
I have tried this from the web api resource resource section of the ARM template:
"ipSecurityRestrictions": [
{
"ipAddress": "[variables('test-ip-address')]",
"subnetMask": "255.255.255.255"
},
{
"ipAddress": "[reference(variables('am-apimanagement-service-name')).publicIPAddresses[0]]",
"subnetMask": "255.255.255.255"
}
]
But it doesnt work. Maybe I am not able to get the IP address in this step of the process? I am reading about outputs and linked templates. Maybe this is the solution?
The crazy thing here is that I need two things:
apiVersion to the reference
I need to reference the staticIp property
The thing is that a free tier API Management resource is actually not assigned a static IP, but a dynamic ip. Still the static ip address is assigned to the staticIp property of the referenced object:
"ipAddress": "[reference(variables('am-apimanagement-service-name'),'2017-03-01').staticIps[0]]"
This will reference the IP correctly.
I think you should add the api version to your reference, as the API management is not deployed in the same template as where you're refering to it.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions-resource#reference
Something like this
{
"ipAddress": "[reference(variables('am-apimanagement-service-name'), '2017-03-01').publicIPAddresses[0]]",
"subnetMask": "255.255.255.255"
}
Related
I am trying to create a serverless account with Cosmosdb sql api and i have not found any samples given here
I have tried with the following ARM template and it's not creating a serverless account
"resources" : [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2020-04-01",
"kind": "Serverless",
"name": "[parameters('accountName')]",
"location": "[parameters('location')]",
"properties": {
"enableFreeTier": false,
"databaseAccountOfferType": "Standard",
"consistencyPolicy": {
"defaultConsistencyLevel": "Session"
},
"locations": [
{
"locationName": "[parameters('location')]"
}
]
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2020-04-01",
"name": "[format('{0}/{1}', parameters('accountName'), parameters('databaseName'))]",
"properties": {
"resource": {
"id": "[parameters('databaseName')]"
},
"options": {}
},
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('accountName'))]"
]
}
]
throwing an error "
"message": "Resource kind Serverless is unknown\r\nActivityId: 0c86f162-3386-49e1-b354-57ba309bb44f, Microsoft.Azure.Documents.Common/2.14.0""
The error is valid, below are the possible values available for the databaseAccount kind
'GlobalDocumentDB'
'MongoDB'
'Parse'
To create a serverless account, you need to pass the capabilities parameter as below under properties
"properties": {
"enableFreeTier": false,
"capabilities": [
{
"name": "EnableServerless"
}
],
"databaseAccountOfferType": "Standard",
"consistencyPolicy": {
"defaultConsistencyLevel": "Session"
},
"locations": [
{
"locationName": "[parameters('location')]"
}
]
}
I am trying to deploy app services but I keep getting deployment failure Microsoft.Web/sites/hostNameBindings
Message: Cannot modify this site because another operation is in progress. OperationName: RegisterTrafficManagerProfile, CreatedTime: 5/14/2021 12:03:05 AM, , EntityType: 1.
I get this error intermittently.
I read one of the stack overflow answers that it seems Traffic Manager causes a problem with the asynchronous hostNameBindings iteration operation.
Which can be resolved by specifying a synchronous copy using "mode": "serial" mode with "batchsize": 1,
I tried this solution but I still get this conflict error, not sure why? anyone ran into same issue where after synchronising the copy getting above error?
Recently we had changes to our template to deploy traffic manager endpoints as separate resource which caused the process to take longer, Does increase in process time can cause conflict? what can be other reasons for this failure?
Any insights into this will be helpful. I am quite new to working on app service arm template
EDIT My current arm template I am just showing hostname bindings and traffic manager profiles
{
"type": "Microsoft.Web/sites/hostNameBindings",
"apiVersion": "2016-03-01",
"copy": {
"name": "hostNameBindingLoop",
"mode": "serial",
"batchSize": 1,
"count": "[length(variables('appServicePlanLocations'))]"
},
"name": "[concat(variables('websiteName') [copyIndex()], '/', parameters('cName'))]",
"location": "[vaiables('appServicePlanLocations')[copyIndex()]]",
"properties": {
"sslState": "SniEnabled",
"thumbprint": "[reference(resourceId('Microsoft.Web/certificates', variables('xyzCertName')[copyIndex()])).Thumbprint]"
},
"dependsOn": [
"[concat('Microsoft.Web/certificates/',variables('xyzCertName'[copyIndex()])]",
],
},
{
"type": "Microsoft.Network/trafficManagerProfiles",
"apiVersion": "2018-08-01",
"name": "[parameters('trafficManagerName')]",
"location": "global",
"properties": {
"profileStatus": "Enabled",
"trafficRoutingMethod": "Performance",
"dnsConfig": {
"relativeName": "[parameters('uniqueDnsName')]",
"ttl": 300
},
"monitorConfig": {
"protocol": "HTTPS",
"port": 443,
"path": "/"
}
"endpoints": [],
"trafficViewEnrollmentStatus": "Disabled
}
},
{
"type": "Microsoft.Network/trafficManagerProfiles/azureEndpoints",
"apiVersion": "2018-08-01",
"name": "[concat(variables('trafficManager'),'/',variables('websiteName'), copyIndex(1))]",
"location": "global",
"dependsOn": [
"[concat('Microsoft.Network/trafficManagerProfiles/', variables('trafficManager'))]"
],
"properties": {
"targetResourceId": "[concat('Microsoft.Web/sites/',variables('websiteName')[copyIndex()])]",'
"endpointStatus": "Enabled",
"endpointLocation": "[vaiables('appServicePlanLocations')[copyIndex()]]"
},
"copy": {
"name": "trafficManagerEndPointLoop",
"mode": "serial",
"batchSize": 1,
"count": "[length(variables('appServicePlanLocations'))]"
}
}
I assume that you would like to create an Azure Traffic Manager profile with an App Service Behind It. Here is a template for your reference. This automatically provisions a custom domain xxxx.trafficmanager.net in the custom domains settings of your Azure app service.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"uniqueDnsName": {
"type": "string",
"metadata": {
"description": "Relative DNS name for the traffic manager profile, resulting FQDN will be <uniqueDnsName>.trafficmanager.net, must be globally unique."
}
},
"uniqueDnsNameForWebApp": {
"type": "string",
"metadata": {
"description": "Relative DNS name for the WebApps, must be globally unique. An index will be appended for each Web App."
}
},
"webServerName": {
"type": "string",
"metadata": {
"description": "Name of the App Service Plan that is being created"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]"
},
"trafficManagerName": {
"type": "string",
"metadata": {
"description": "Name of the trafficManager being created"
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2019-08-01",
"name": "[parameters('webServerName')]",
"location": "[parameters('location')]",
"sku": {
"name": "S1",
"tier": "Standard"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2019-08-01",
"name": "[parameters('uniqueDnsNameForWebApp')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms/',parameters('webServerName'))]"
],
"properties": {
"serverFarmId": "[parameters('webServerName')]"
}
},
{
"type": "Microsoft.Network/trafficManagerProfiles",
"apiVersion": "2018-08-01",
"name": "[parameters('trafficManagerName')]",
"location": "global",
"properties": {
"profileStatus": "Enabled",
"trafficRoutingMethod": "Priority",
"dnsConfig": {
"relativeName": "[parameters('uniqueDnsName')]",
"ttl": 30
},
"monitorConfig": {
"protocol": "HTTPS",
"port": 443,
"path": "/"
}
}
},
{
"type": "Microsoft.Network/trafficManagerProfiles/azureEndpoints",
"apiVersion": "2018-08-01",
"name": "[concat(parameters('trafficManagerName'),'/',parameters('uniqueDnsNameForWebApp'))]",
"location": "global",
"dependsOn": [
"[resourceId('Microsoft.Network/trafficManagerProfiles/',parameters('trafficManagerName'))]",
"[resourceId('Microsoft.Web/sites/',parameters('uniqueDnsNameForWebApp'))]"
],
"properties": {
"targetResourceId": "[resourceId('Microsoft.Web/sites/', parameters('uniqueDnsNameForWebApp'))]",
"endpointStatus": "Enabled"
}
}
]
}
I have a site with custom hostnames configured with hostnameBindings in the ARM template. This deploys fine.
I have also the SSL certificate created and verified from Azure, with the corresponding thumbprint.
In the Azure site I am also able to bind the certificate to the app service.
But when I use the ARM template to assign the SSL from the template in the hostnameBindings it gives an error that the certificate was not found...
I don't understand what goes wrong...
My guesses:
the certificate is in a different resource group so it cannot be
found, but in the template settings I cannot set the group.
in the Azure website before I can use the SSL I have to import, so maybe I am missing this step in the ARM template?
using wrong thumbprint?
In the hostnameBindings I am defining only the thumbprint and the sslState
Any idea which step I am missing?
thank you
UPDATE
My parameter json file:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.5.0.8",
"parameters": {
"baseResourceName": {
"value": "base-name"
},
"environments": {
"value": [
"preview"
]
},
"hostNames": {
"value": [
{
"name": "myhostname.example.com",
"sslState": "SniEnabled",
"thumbprint": "9897LKJL88KHKJH8888KLJLJLJLKJLJLKL4545"
},
{
"name": "myhostname2.example.com"
}
]
},
"ipSecurityRestrictions": {
"value": []
}
}
}
My template json file:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.5.0.8",
"parameters": {
"hostName": {
"defaultValue": [],
"type": "array",
"metadata": {
"description": "The custom hostnames of sites"
}
}
},
"variables": {
"standardPlanMaxAdditionalSlots": 4,
"appName": "[concat(parameters('baseResourceName'), '-private')]",
"appServicePlanName": "[concat(parameters('baseResourceName'), '-appServicePlan')]",
"appInsightName": "[concat(parameters('baseResourceName'), '-appInsight')]",
"ipSecurityRestrictions": "[parameters('ipSecurityRestrictions')]"
},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"comments": "AppPlan for app.",
"sku": {
"name": "[if(lessOrEquals(length(parameters('environments')), variables('standardPlanMaxAdditionalSlots')), 'S1', 'P1')]"
},
"tags": {
"displayName": "AppServicePlan-Private"
},
"name": "[variables('appServicePlanName')]",
"kind": "app",
"apiVersion": "2016-09-01",
"location": "[resourceGroup().location]",
"properties": {},
"dependsOn": []
},
{
"type": "Microsoft.Web/sites",
"comments": "This is the private web app.",
"kind": "app",
"apiVersion": "2016-03-01",
"name": "[variables('appName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "WebApp"
},
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"siteConfig": {
"appSettings": [],
"phpVersion": "",
"ipSecurityRestrictions": "[variables('ipSecurityRestrictions')]",
"http20Enabled": true,
"minTlsVersion": "1.2"
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"[resourceId('microsoft.insights/components/', variables('appInsightName'))]"
]
},
{
"type": "Microsoft.Web/sites/hostnameBindings",
"name": "[concat(variables('appName'), '/', parameters('hostName')[copyIndex()].Name)]",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": "[parameters('hostName')[copyIndex()]]",
"condition": "[greater(length(parameters('hostName')), 0)]",
"copy": {
"name": "hostnameCopy",
"count": "[length(parameters('hostName'))]",
"mode": "Serial"
},
"dependsOn": [
"[concat('Microsoft.Web/sites/',variables('appName'))]"
]
}
]
}
completely unrelated, did you test your condition greater(..., 0) with zero length array? pretty sure it will blow up.
on the subject. i think you can maybe make it work if you link your certificate resource to the app service plan. so this is an operation that is performed on the certificate resource. this is totally possible if you use keyvault to store the certificate
{
"apiVersion": "2016-03-01",
"name": "[variables('certificateName')]",
"location": "[resourceGroup().location]",
"type": "Microsoft.Web/certificates",
"dependsOn": [
"[parameters('appServicePlan')]"
],
"properties": {
"keyVaultId": "kvResourceId",
"keyVaultSecretName": "secretName",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlan'))]"
}
}
I'm trying to turn WebSockets On for an Azure WebApp from an Azure ARM json template that deploys my whole infrastructure.
Here is an extract with regards to the Azure Web App. It doesn't work, i.e the WebSockets are still Off. I unsuccessfully tried different spelling: webSocketsEnabled or WebSockets.
"resources":[
{
"name": "[variables('MyApp')]",
"type": "Microsoft.Web/sites",
"location": "Brazil South",
"apiVersion": "2016-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('MyAppPlanBrazil'))]"
],
"tags": {
"[concat('hidden-related:', resourceId('Microsoft.Web/serverfarms', variables('MyAppPlanBrazil')))]": "Resource",
"displayName": "MyAppAppBrazil"
},
"properties": {
"name": "[variables('MyAppPlanBrazil')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('MyAppPlanBrazil'))]",
"siteConfig": {
"AlwaysOn": true,
"webSocketsEnabled": true,
"connectionStrings": [
{
...
},
{
...
},
]
}
}
]
UPDATE
As suggested in answer below I updated the apiVersion to "2016-08-01" but this still doesn't work.
Also note that while my schema is the one described here, apiVersion is squiggled in VS and it says the authorized value is "2015-08-01" only.
UPDATE2
I tried the solutions below. They work for their authors but not for me. I guess the problem is elsewhere. My infrastructure is already deployed and I try to update it with webSocketsEnabled. Whereas in the solution below I imagine the authors directly create the web app with webSocketsEnabled.
Also, I coupled webSocketsEnabled with alwaysOn whereas the pricing tier of my webapp doesn't allow "AlwaysOn" (as it says in the portal I need to upgrade to use that feature) so I'll try without alwaysOn.
UPDATE3
At the end, the above template worked when I removed AlwaysOn.
Thank you to those who tried to help me.
Set your api version to this: "2016-08-01"
Use
"webSocketsEnabled": true
This is from the Microsoft.Web/sites template reference:
https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites
The api version you are using (2015-08-01) from:
https://github.com/Azure/azure-resource-manager-schemas/blob/master/schemas/2015-08-01/Microsoft.Web.json
Doesn't have web sockets in it, but the later one:
https://github.com/Azure/azure-resource-manager-schemas/blob/master/schemas/2016-08-01/Microsoft.Web.json
Does have webSocketsEnabled.
Please have a try to use the following code. It works correctly on my side.
Updated: add whole test arm template and you could have a try to use the following code with your service plan name and resource group name
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serverFarmName": {
"type": "string",
"defaultValue": "YourPlan"
},
"serverFarmResourceGroup": {
"type": "string",
"defaultValue": "ResourceGroupName"
}},
"variables": {
"ARMtemplateTestName": "[concat('ARMtemplateTest', uniqueString(resourceGroup().id))]"},
"resources": [
{
"name": "[variables('ARMtemplateTestName')]",
"type": "Microsoft.Web/sites",
"location": "southcentralus",
"apiVersion": "2015-08-01",
"dependsOn": [ ],
"tags": {
"[concat('hidden-related:', resourceId(parameters('serverFarmResourceGroup'), 'Microsoft.Web/serverFarms', parameters('serverFarmName')))]": "Resource",
"displayName": "ARMtemplateTest"
},
"properties": {
"name": "[variables('ARMtemplateTestName')]",
"serverFarmId": "[resourceId(parameters('serverFarmResourceGroup'), 'Microsoft.Web/serverFarms', parameters('serverFarmName'))]"
},
"resources": [
{
"name": "web",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('ARMtemplateTestName'))]"
],
"tags": {
"displayName": "enableWebSocket"
},
"properties": {
"webSocketsEnabled": true,
"alwaysOn": true
}
},
{
"apiVersion": "2015-08-01",
"name": "connectionstrings",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('ARMtemplateTestName'))]"
],
"properties": {
"ConnString1": {
"value": "My custom connection string",
"type": "custom"
},
"ConnString2": {
"value": "My SQL connection string",
"type": "SQLAzure"
}
}
},
{
"name": "appsettings",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('ARMtemplateTestName'))]"
],
"tags": {
"displayName": "Appsetting"
},
"properties": {
"key1": "value1",
"key2": "value2"
}
}
]
}],
"outputs": {}
}
Test Result:
All the above solution should work.
My initial snippet worked as well ... as soon as I removed alwaysOn.
Indeed, I was using a free tiers App Service Plan for which alwaysOn is not available. While there was no errors or anything else indicating something wrong, I could not set webSocketEnabled and alwaysOn at the same time in that case.
I have created below ARM template for creating "BizTalk Transform Service "(API APP) which is using in Logic Apps.
{
"type": "Microsoft.Web/sites",
"apiVersion": "2015-08-01",
"name": "[parameters('apiapps_customertransformation_name')]",
"location": "[resourceGroup().location]",
"kind": "apiApp",
"tags": {
"packageId": "TransformService"
},
"properties": {
"name": "[parameters('apiapps_customertransformation_name')]",
"gatewaySiteName": "[parameters('gatewayName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('svcPlanName'))]",
"siteConfig": {
"appSettings": [
{
"name": "EMA_MicroserviceId",
"value": "[parameters('apiapps_customertransformation_name')]"
},
{
"name": "EMA_Secret",
"value": "[parameters('gatewayToAPIappSecret')]"
},
{
"name": "EMA_RuntimeUrl",
"value": "[concat('https://', parameters('gatewayName'), '.azurewebsites.net')]"
},
{
"name": "WEBSITE_START_SCM_ON_SITE_CREATION",
"value": "1"
}
]
}
}
},
{
"type": "Microsoft.AppService/apiapps",
"apiVersion": "2015-03-01-preview",
"name": "[parameters('apiapps_customertransformation_name')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "APIApp"
},
"properties": {
"package": {
"id": "TransformService"
},
"updatePolicy": "Auto",
"accessLevel": "PublicAnonymous",
"host": {
"resourceName": "[parameters('apiapps_customertransformation_name')]",
"resourceType": "Microsoft.Web/sites"
},
"gateway": {
"resourceName": "[parameters('gatewayName')]",
"resourceType": "Microsoft.AppService/gateways"
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('apiapps_customertransformation_name'))]"
]
}
I am able to successfully created the API in Azure Portal, but when I try to add the Map component in Transform API. It says not found.
Can you please let me know how to enable map component?
Or is there any way to directly create a Map component while deploying ARM Template?
Seem that you are trying to use the preview_V1 transform, i would suggest not to use that as it will be deprecated soon.
Try the preview_V2 "Xml Transform" function in LogicApp itself.
Checkout this documentation to get startedXml Transform in LogicApps
LogicApp Documentation https://azure.microsoft.com/en-us/documentation/articles/app-service-logic-what-are-logic-apps/