I have OS data in a managed azure data disk. I want to create a VM from this data disk. I tried using
az vm create --resource-group myResourceGroup --location eastus --name myVM \ --os-type linux --attach-os-disk myManagedDisk
The issue that I am facing is that the newly created vm is up and running, however when I try to connect to it via ssh using the IP address, I am unable to do so.
Also how do I give an username and password to this newly created VM? It says the --admin-username and --admin-password options are unavailable for this type of command?
It seems you can't login the new VM with original passwrod, please Reset Password via Azure portal, then use new Password to login it.
It says the --admin-username and --admin-password options are
unavailable for this type of command?
Yes, Azure does not support reset username and password for an existing OS disk.
If you want to reset username and password, maybe you should create a new image from this VM. Create new image will general this VM, and remove user settings, then you can't login that original VM, if you want create new VM image, backup that os disk first.
Update:
Please follow those steps to copy managed disk and create new VM:
1.Stop original VM, then create snapshot of that OS disk via Azure portal.
2.Use the snapshot to create an new disk.
3.Use New OS disk to create Azure VM.
#Provide the subscription Id of the subscription where managed disk exists
$sourceSubscriptionId='yourSourceSubscriptionId'
#Provide the name of your resource group where managed disk exists
$sourceResourceGroupName='mySourceResourceGroupName'
#Provide the name of the managed disk
$managedDiskName='myDiskName'
#Set the context to the subscription Id where Managed Disk exists
Select-AzureRmSubscription -SubscriptionId $sourceSubscriptionId
#Get the source managed disk
$managedDisk= Get-AzureRMDisk -ResourceGroupName $sourceResourceGroupName -DiskName $managedDiskName
#Provide the subscription Id of the subscription where managed disk will be copied to
#If managed disk is copied to the same subscription then you can skip this step
$targetSubscriptionId='yourTargetSubscriptionId'
#Name of the resource group where snapshot will be copied to
$targetResourceGroupName='myTargetResourceGroupName'
#Set the context to the subscription Id where managed disk will be copied to
#If snapshot is copied to the same subscription then you can skip this step
Select-AzureRmSubscription -SubscriptionId $targetSubscriptionId
$diskConfig = New-AzureRmDiskConfig -SourceResourceId $managedDisk.Id -Location $managedDisk.Location -CreateOption Copy
#Create a new managed disk in the target subscription and resource group
New-AzureRmDisk -Disk $diskConfig -DiskName $managedDiskName -ResourceGroupName $targetResourceGroupName
Related
When I try to encrypt an Azure VM(Windows Server 2016) disk using a key in the key vault, I receive the below error. Can someone suggest what I am missing?
[{"code":"VMExtensionProvisioningError","message":"VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "[2.2.0.45] Failed to enable Azure Disk Encryption on the VM with the following exception details:\n Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerFailedToSendEncryptionSettingsException: Unable to find additional details in disk encryption response\r\n at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.WireProtocol.WireProtocolMessage.SendEncryptionSettingsToHost() in C:\__w\1\s\src\BitLocker\BitlockerIaasVMExtension\WireProtocol\WireProtocolMessage.cs:line 210\r\n at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.SendEncryptionSettingsToHostV3(VmEncryptionSettings vmSettings) in C:\__w\1\s\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line
I tried to reproduce the same in my environment to encrypt the Azure VM Disks using PowerShell:
Make sure that Connect-AzAccount with contributor role or owner role to create resources and modify in resource group, and also check if drive is already encrypted with Bitlocker and Azure Disk Encryption, Kindly decrypt the drivers before ran the script.
PowerShell Script to encrypt Azure VM:
#Connect to Azure Account with Contributor role or Admin role.
Connect-AzAccount
Create a resource group:
New-AzResourceGroup -Name "myResourceGroup" -Location "EastUS"
Create a Key vault:
New-AzKeyvault -name thejaKVtest -ResourceGroupName myResourceGroup -Location EastUS -EnabledForDiskEncryption
#Store the value in Keyvault
$KeyVault = Get-AzKeyVault -VaultName thejaKVtest -ResourceGroupName MyResourceGroup
Encrypt Azure VM:
Set-AzVMDiskEncryptionExtension -ResourceGroupName MyResourceGroup -VMName <YourVM Name> -DiskEncryptionKeyVaultUrl $KeyVault.VaultUri -DiskEncryptionKeyVaultId $KeyVault.ResourceId
Get Azure vm encryption status:
Get-AzVmDiskEncryptionStatus -VMName MyVm -ResourceGroupName MyResourceGroup
If still same error, kindly check the below settings in key vault , like below.
Azure Portal > Key Vault > Select your Key Vault > Access Configuration > Enable Azure Disk Encryption for volume encryption
Reference: Create and encrypt a Windows virtual machine in Azure with PowerShell
I have created vm from snapshot using azure cli command
Below is the script for the creation of vm from snapshot
az disk create -g $RD_OPTION_RESOURCEGROUP -n $RD_OPTION_DISKNAME --source $RD_OPTION_SNAPSHOTNAME
az vm create -g $RD_OPTION_RESOURCEGROUP -n $RD_OPTION_VMNAME --attach-os-disk $RD_OPTION_DISKNAME --os-type windows
This code will create the vm from snapshot in which snapshot is in one resource group say abc then the newly creating vm should also in same resource group abc
now i need to find the way like i want to create a vm from snapshot like the snapshot and newly creating vm will be in different resource groups... like if snapshot is in abc resource group then the newly creating vm have to be allocated in the other resource group say xyz
Please help me out in this
To create a VM from Snapshot which is in different resource group, copy the snapshot using below CLI script:
Define a variable as sourceSubscriptionId where you have to provide the subscription ID in which your snapshot resides.
sourceSubscriptionId="<subscriptionId>"
Define a variable as sourceResourceGroupName where you have to provide the resource group name in which your snapshot resides.
sourceResourceGroupName=yourSourceResourceGroupName
Define a variable where you have to provide snapshot name.
snapshotName=mySnapshotName
Set the context to the subscription Id where snapshot exists.
az account set --subscription $sourceSubscriptionId
Use the below cmdlet to get the snapshot ID.
snapshotId=$(az snapshot show --name $snapshotName --resource-group $sourceResourceGroupName --query [id] -o tsv)
Define a variable targetResourceGroupName where snapshot will be copied to:
targetResourceGroupName=mytargetResourceGroupName
To copy the snapshot to different resource group try using the below cmdlet:
az snapshot create --resource-group $targetResourceGroupName --name $snapshotName --source $snapshotId --sku Standard_LRS
Reference : azure-cli-samples/copy-snapshot-to-same-or-different-subscription.sh at master · Azure-Samples/azure-cli-samples · GitHub.
I have a list of Disk Snapshots in resource group. I Need a way to get the vm associated with the respective snapshot.
I tried using the Get-AzSnapshot but does not share the vm name to the snapshots. Is there a way I can get the associated vmnames to list of snapshots.
Try this :
foreach($snapshot in Get-AzSnapshot){
#get sourceDisk by snapshot SourceResourceId
$sourceDisk = Get-AzResource -ResourceId $snapshot.CreationData.SourceResourceId
#get sourceDisk instance to check the VM it that this disk managed by
$vmResourceID = $sourceDisk.ManagedBy
#if this disk is attached to a vm, get this vm by vm resource ID
if(![String]::IsNullOrEmpty($vmResourceID)){
$vm = Get-AzResource -ResourceId $vmResourceID
echo $vm.Name
}
}
I am trying to copy a managed disk snapshot to different region using the Azure command line and it fails with the following error - "The entity was not found"
Here is the command I am using
az snapshot create --resource-group test-azstdsouthcentral --name testcopy3 --location WestUS2 --source /subscriptions/xxx/resourceG
roups/test-azstdsouthcentral/providers/Microsoft.Compute/snapshots/testcopy
Is it supported to copy a managed disk snapshot to a separate region?
Is it supported to copy a managed disk snapshot to a separate region?
You can't create snapshot to different region.
But you can create snapshot to the same region, then copy the snapshot as VHD to a storage account in different region, then create a managed disk from a VHD.
Sample script:
#Provide the subscription Id where snapshot is created
subscriptionId=dd80b94e-0463-4a65-8d04-c94f403879dc
#Provide the name of your resource group where snapshot is created
resourceGroupName=myResourceGroupName
#Provide the snapshot name
snapshotName=mySnapshotName
#Provide Shared Access Signature (SAS) expiry duration in seconds e.g. 3600.
#Know more about SAS here: https://learn.microsoft.com/en-us/azure/storage/storage-dotnet-shared-access-signature-part-1
sasExpiryDuration=3600
#Provide storage account name where you want to copy the snapshot.
storageAccountName=mystorageaccountname
#Name of the storage container where the downloaded snapshot will be stored
storageContainerName=mystoragecontainername
#Provide the key of the storage account where you want to copy snapshot.
storageAccountKey=mystorageaccountkey
#Provide the name of the VHD file to which snapshot will be copied.
destinationVHDFileName=myvhdfilename
az account set --subscription $subscriptionId
sas=$(az snapshot grant-access --resource-group $resourceGroupName --name $snapshotName --duration-in-seconds $sasExpiryDuration --query [accessSas] -o tsv)
az storage blob copy start --destination-blob $destinationVHDFileName --destination-container $storageContainerName --account-name $storageAccountName --account-key $storageAccountKey --source-uri $sas
More information about export/copy managed snapshots as VHD to a storage account in different region, please refer to this link.
More information about create a managed disk from a VHD, please refer to this link.
I ran sysprep artifact on my VM in DevTest lab using az lab vm apply-artifacts
command.
After that, when I run az lab vm show, I get back a computeId, which contains the resource id
compute ID looks like : "computeId": "/subscriptions/#####/resourceGroups/###/providers/Microsoft.Compute/virtualMachines/####".
How do I get the disk path from this. I am more interested in the SAS key, which I can use in AzCopy to download the vhd file associated with this VM.
For now, Azure does not support use Azcopy to download the VHD from devtest lab.
As a workaround, we can create custom image from this VM (create a snapshot), then use PowerShell to copy this snapshot to another storage account via Azure PowerShell.
Then we can use this PowerShell to copy this snapshot, Here are the script:
#Provide the subscription Id of the subscription where snapshot is created
$subscriptionId = "yourSubscriptionId"
#Provide the name of your resource group where snapshot is created
$resourceGroupName ="yourResourceGroupName"
#Provide the snapshot name
$snapshotName = "yourSnapshotName"
#Provide Shared Access Signature (SAS) expiry duration in seconds e.g. 3600.
#Know more about SAS here: https://learn.microsoft.com/en-us/azure/storage/storage-dotnet-shared-access-signature-part-1
$sasExpiryDuration = "3600"
#Provide storage account name where you want to copy the snapshot.
$storageAccountName = "yourstorageaccountName"
#Name of the storage container where the downloaded snapshot will be stored
$storageContainerName = "yourstoragecontainername"
#Provide the key of the storage account where you want to copy snapshot.
$storageAccountKey = 'yourStorageAccountKey'
#Provide the name of the VHD file to which snapshot will be copied.
$destinationVHDFileName = "yourvhdfilename"
# Set the context to the subscription Id where Snapshot is created
Select-AzureRmSubscription -SubscriptionId $SubscriptionId
#Get the snapshot using name and resource group
$snapshot = Get-AzureRmSnapshot -ResourceGroupName $ResourceGroupName -SnapshotName $SnapshotName
#Generate the SAS for the snapshot
$sas = Grant-AzureRmSnapshotAccess -ResourceGroupName $ResourceGroupName -SnapshotName $SnapshotName -DurationInSecond $sasExpiryDuration -Access Read
#Create the context for the storage account which will be used to copy snapshot to the storage account
$destinationContext = New-AzureStorageContext –StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey
#Copy the snapshot to the storage account
Start-AzureStorageBlobCopy -AbsoluteUri $sas.AccessSAS -DestContainer $storageContainerName -DestContext $destinationContext -DestBlob $destinationVHDFileName
More information about this script, please refer to this link.
Update:
We can via Azure portal to create image, like this: