We have an Azure Service Fabric cluster set up and I'm attempting to use Azure Automation to stop the virtual machine scale set and restart on a schedule. The scale set is assigned to a resource group as follows
My Exteral_Start_ResourceGroupNames and External_Stop_ResourceGroupNames, which the ScheduledStartStop_Parent runbook uses is as follows:
You can see the resource group name matches the resource group name for my VM scaleset. My understanding is that when the runbook fires, all VMs in this resource group, and, therefore, the VM set, should be stopped. However, when the runbook fires, it's not finding any VMs to stop.
Can anyone see what's wrong?
Although they are both VMs, "Virtual Machines" and "Virtual Machine Scalesets" are different resource types in Azure. The underlying nodes of a scaleset are not exposed as 'normal' VMs. You could probably modify your start/stop script to find scalesets in those resource groups instead of normal VMs.
To get you started: The powershell command for finding ScaleSets is Get-AzureRmVmss. That page also details how to shut them down.
Related
I use Azure Backup Policy to Configure the Azure VMs with Azure Backup.
I use the Tag "backup" with the Value for the Azure Backup Policy. For Example, "default/longtimearchive/ etc."...
Now when I deploy this Policy on the Subscription, I only found 2 VMs.
But I have more than 6 VMs with this Tag.
I have checked the Follow:
Subscription = Correct
The location from The Vault and the VM is the same.
The Tag is set. I have checked it with Powershell.
I have tried to use an other Tag+Value, but it doesn't work.
Why found I only 2 of these 6 VMs?
When I used the Policy "Azure Backup should be enabled for Virtual Machines," I found all of the VMs.
Thanks a lot.
Best Regards,
Phil
Few things to check:
Make sure that the VMs are within the scope of the policy. The scope of the policy can be defined by resource group, subscription, or individual VMs. If the VMs are not within the scope of the policy, they will not be included in the policy.
For VM's with unmanaged disks; If the VMs are in a "stopped" or "deallocated" state, they will not be included in the policy. Check if the ones not being backed up are unmanaged?
Check the tags on the VMs. Make sure that the tags on the VMs match the tags defined in the policy. If the tags do not match, the VMs will not be included in the policy.
what is the difference between "resource group" and "container group" in ms azure?
I tried ms docs but could not find a clear distinction, seems like resource group is a single container while container group is a collection of containers but I am not sure if I got it right.
thank you!
The top-level resource in Azure Container Instances is the container group. It's a collection of containers (Docker containers) that get scheduled on the same host machine. The containers in a container group share a lifecycle, resources, local network, and storage volumes. It's similar in concept to a pod in Kubernetes.
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups
A resource group is a logical folder (not a Docker container), that groups resources (other Azure services) for an Azure solution.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal
Resource group
A resource group is a container that holds related resources for an Azure solution.
The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.
You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization.
Generally, add resources that share the same lifecycle to the same resource group so you can easily deploy, update, and delete them as a group.
The resource group stores metadata about the resources. Therefore, when you specify a location for the resource group, you are specifying where that metadata is stored.
For compliance reasons, you may need to ensure that your data is stored in a particular region.
Resource: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal
Container group
A set of containers that all run on the same host computer is known to be as a container group in Microsoft azure.
A container group's lifespan, resources, local network, and storage volumes are all shared by the containers in the group.
It's similar to a Kubernetes pod in terms of idea.
A Microsoft's Azure resource's network configuration template is a network profile.
This network profile is the one which provides the resource's network attributes, such as the subnet into which it should be deployed.
If we are going to deploy the container group into a subnet and then to a virtual network, then the azure produces a network profile for us when we use the az container create command.
Resource: https://www.javatpoint.com/what-is-a-container-group-in-microsoft-azure
I'm using the Start/Stop VMs during off-hours solution and I need to configure it in a way that it would only start specific VMs but stop all of them.
I've seen there's a variable for excluding VMs (External_ExcludeVMNames) but when adding VM names to this variable it excludes them from both starting and stopping which is not what I want.
Is there a way to separate the usage of this variable and have perhaps two variables, one to exclude from starting and one from stopping or something else that can separate that?
The built in Start/Stop functionality does not support this.
You could solve it as follows:
Create a resource group "ToBeStoppedOnly"
Create a resource group "ToBeStoppedAndStarted"
Place your VM's in the respective groups
Create a runbook that stops VM's. Use this runbook for both resource groups
Create a runbook that starts VM's. Use this runbook to start VM's in ToBeStoppedAndStarted
Some times we had deleted the 'resource group' accidentally on azure cloud, its fine that if our/your resource group does not have any deployments on it and we can create immediately newer one and will proceed our stuff, but if we had deployments on it, then its becomes major problem/task.
So can we recover Resource Group? like a recovery of Virtual machine in Azure.
You can export service configurations that belong to a resource group as JSON. Within the portal, there is an option "Export Template" under the Resource Management Navigation Group.
So can we recover Resource Group? like a recovery of Virtual machine in Azure.
Unfortunately, we have no way to recovery it, if the resource group is deleted . We could get the warning if we try to delete resource group from the azure portal. Connect to Azure support team for help maybe a way, but I don't think it could be easy for restoring.
Note : based on my understanding even if we could re-create the resource with ARM template(If we have exported the ARM template before delete), it seems that just with the same resource names with deleted resource that is not equal recovery action.
I'm looking to create endpoints (if that's what its still being called) using the Resource Management deployment mode (arm mode). I am currently using Resource Management deployment mode to create virtual machines in Azure since every article practically recommends that as the preferred way. I created an Ubuntu Linux VM in Azure in hopes to really use Azure as a cloud platform for Linux VMs. Despite the new azure portal constantly evolving (with documentations that could surely improve), I managed to create endpoints via Network Security Group (NSG) resource using the new azure portal. However, I am still unable to create endpoints (if that's what its even called anymore) via the Azure CLI... I just get "error: 'endpoint' is not an azure command. See 'azure help'." message. I've read the Azure docs enough to know that I need to execute azure login command and also execute azure config mode arm command since I used the Resource Management deployment mode to create my vm. when I enter the command azure vm --help, I don't see information regarding vm create endpoint, which leads me to believe this command is not supported for Resource Management mode.
How would I create endpoints, or more specifically Inbound security rules, using Azure CLI if I created an Ubuntu Linux VM using Resource Management deployment mode?
In ARM mode, endpoint is not available for VM. Instead, you can add a inbound rule to your ARM Network Security Group. Here is how it looks like.
azure network nsg rule create --protocol tcp --direction inbound --priority 1000 \
--destination-port-range 22 --access allow -g TestRG -a TestNSG -n SSHRule
The above command add a rule to the NSQ named TestNSG in resource group TestRG. The rule is named SSHRule which allows TCP inbound traffic through the port 22 with priority 1000.
For more information, see the "Manage rules" of "Manage NSGs using the Azure CLI"