I know I can remove extensions for Azure Virtual machines, however how can I do the same for an Azure Scale Set deployed with RM?
You could use Azure CLI 2.0 to remove VMSS's extensions. You could use the following command.
az vmss extension delete --name
--resource-group
--vmss-name
I test in my lab, you could refer to the following examples.
1.List VMSS extesnion.
root#shui:~/.ssh# az vmss extension list --resource-group shuivmss --vmss-name shui
[
{
"autoUpgradeMinorVersion": true,
"id": null,
"name": "customScript",
"protectedSettings": null,
"provisioningState": null,
"publisher": "Microsoft.Compute",
"settings": {
"fileUris": [
"https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-vmss-custom-script-windows/scripts/helloWorld.ps1"
]
},
"type": "CustomScriptExtension",
"typeHandlerVersion": "1.8"
}
]
2.Get extension name and remove it.
az vmss extension delete --name customScript --resource-group shuivmss --vmss-name shui
More information about az vmss extension usage please refer to this link.
I would imagine that using the Remove-AzureRmVmssExtension Powershell cmdlet is the easiest way. I was unable to find any real examples, but I'm pretty sure it shouldn't be very hard.
Reference:
https://learn.microsoft.com/en-us/powershell/module/azurerm.compute/remove-azurermvmssextension?view=azurermps-4.0.0
Related
I can create a virtual machine with the UI :
via Azure marketplace with Flexify.io, however, I want to use the command since I want the VM to be created when it's secured (SSL).
These are the image for Flexify.io :
https://hub.docker.com/r/flexifyio/ce/tags
So I tried to use the command below :
az vm create --resource-group myresourcegroups --name staging-images --image flexifyio/ce:latest --admin-username azureuser --generate-ssh-keys --custom-data ~/Documents/cloud-init-web-server.txt --secrets "$vm_secret"
This is the flexify.io image flexifyio/ce:latest, but am getting this error :
Invalid image "flexifyio/ce:latest". Use a valid image URN, custom image name, custom image id, VHD blob URI, or pick an image from ['CentOS', 'Debian', 'Flatcar', 'openSUSE-Leap', 'RHEL', 'SLES', 'UbuntuLTS', 'Win2022Datacenter', 'Win2022AzureEditionCore', 'Win2019Datacenter', 'Win2016Datacenter', 'Win2012R2Datacenter', 'Win2012Datacenter', 'Win2008R2SP1'].
See VM create -h for more information on specifying an image.
How best can I do this?
The --image argument for az vm commands can be used to reference an image available on the Azure Marketplace, not Docker Hub (or any other repository, for that matter). Azure Marketplace is also the source of the images you see in the VM creation flow in the Azure Portal.
To find the identifier for the image you want to create your VM with, use az vm image list --all --publisher Flexify, which yields some results:
[
{
"architecture": "x64",
"offer": "migration-vm",
"publisher": "flexify-io",
"sku": "migration-vm-ce",
"urn": "flexify-io:migration-vm:migration-vm-ce:2.12.10",
"version": "2.12.10"
},
{
"architecture": "x64",
"offer": "multi-cloud",
"publisher": "flexify-io",
"sku": "multi-cloud-vm-ce",
"urn": "flexify-io:multi-cloud:multi-cloud-vm-ce:2.12.0",
"version": "2.12.0"
},
{
"architecture": "x64",
"offer": "multi-cloud",
"publisher": "flexify-io",
"sku": "multi-cloud-vm-ce",
"urn": "flexify-io:multi-cloud:multi-cloud-vm-ce:2.12.2",
"version": "2.12.2"
},
{
"architecture": "x64",
"offer": "single-vm",
"publisher": "flexify-io",
"sku": "single-vm-ce",
"urn": "flexify-io:single-vm:single-vm-ce:2.12.10",
"version": "2.12.10"
}
]
Then pass the urn value of the image you want to deploy to your VM like so:
az vm create --resource-group myresourcegroups --name staging-images --image flexify-io:single-vm:single-vm-ce:2.12.10 --admin-username azureuser --generate-ssh-keys --custom-data ~/Documents/cloud-init-web-server.txt --secrets "$vm_secret"
I've created a command using the Azure CLI like this, that I want to use to pull docker logs from a container running in an Azure Virtual Machine ScaleSet (VMSS):
az vmss run-command create --resource-group "my-resource-group" --instance-id "0" --location "[azure_location_here]" --async-execution false --run-as-user "su" --script "docker logs ab5" --timeout-in-seconds 3600 --run-command-name "myCommandName" --vmss-name "aks-myservice-1234567-vmss" --output-blob-uri "https://myfileshare.blob.core.windows.net/my-azure-storage-container/log.txt"
I can see the command listed when I use:
az vmss run-command list --subscription "[my_subscription_id]" -g my-resource-group --vmss-name "aks-myservice-1234567-vmss" --instance-id 0
This gives me the following:
[
{
"asyncExecution": false,
"errorBlobUri": null,
"id": "/subscriptions/[my_subscription_id]/resourceGroups/my_resource_group/providers/Microsoft.Compute/virtualMachineScaleSets/aks-myservice-1234567-vmss/virtualMachines/0/runCommands/myCommandName",
"instanceView": null,
"location": "[azure_location_here]",
"name": "myCommandName",
"outputBlobUri": "https://myfileshare.blob.core.windows.net/my-azure-storage-container/log.txt",
"parameters": null,
"protectedParameters": null,
"provisioningState": "Succeeded",
"resourceGroup": "my_resource_group",
"runAsPassword": null,
"runAsUser": "su",
"source": {
"commandId": null,
"script": "docker logs ab5",
"scriptUri": null
},
"tags": null,
"timeoutInSeconds": 3600,
"type": "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands"
}
]
I'm trying to invoke the command using the following:
az vmss run-command invoke -g my-resource-group -n aks-myservice-1234567-vmss --instance-id 0 --command-id myCommandName
This gives me the error:
(NotFound) The entity was not found in this Azure location.
How can I invoke (run) the command that I created in the first step, so that the script docker logs ab5 is run on the VMSS instance? I know how to directly run this script using az vmss run-command invoke, but the output is limited to the first 4096 bytes of the docker log. I'm trying to use az vmss run-command create to set up the script, as that allows me to use the parameter --output-blob-uri, which I'm hoping will allow me to capture the entire Docker log in a file within Azure storage once I invoke the script.
The documentation for az vmss run-command invoke isn't really clear on how a command can be invoked that was created using az vmss run-command create.
"networkRuleSet":{
"defaultAction": "[if(equals(parameters('networkRuleSetStatus'), 'Enabled'), 'Deny', 'Allow')]",
"virtualNetworkRules":[{
"action": "Allow",
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('existingVnetName'), parameters('existingSubnetName'))]"
}],
"copy":[{
"name":"ipRules",
"count":"[length(parameters('ip'))]",
"input":{
"action": "Allow",
"value": "[parameters('ip') [copyIndex('ipRules')]]"
}
}]
},
The above lines are part of the ARM to pass the vnetid in the network section.
It's possible to integrate a vnet to the Azure container registry and what you did is right. But there is one thing you may miss. The thing is when you want to allow a subnet to access the container registry, you need to enable the private endpoint for the container registry in that subnet. The example CLI command here:
az network vnet subnet update \
--name myDockerVMSubnet \
--vnet-name myDockerVMVNET \
--resource-group myResourceGroup \
--service-endpoints Microsoft.ContainerRegistry
After this action, then you can add the network rule through the template as you showed.
My Azure Service Fabric application sometimes requires paths longer than MAX_PATH, especially given the length of the work directory. As such, I'd like to enable long file paths (via the registry's LongPathsEnabled value, via group policy, or via some other mechanism, see https://superuser.com/questions/1119883/windows-10-enable-ntfs-long-paths-policy-option-missing). But I can't figure out how to do that.
The cluster runs on an Azure VMSS, so I can remote into the individual instances and set it manually, but that doesn't scale well of course.
UPDATE:
#4c74356b41's answer got me most of where I needed to be. My VMSS already had a customScript extension installed, so I actually had to modify it to include the PS command, here's my final command:
# Get the existing VMSS configuration
$vmss = Get-AzVmss -ResourceGroupName <resourceGroup> -Name <vmss>
# inspect $vmss to determine which extension is the customScript, in ours it's at index 3. Note the existing commandToExecute blob, you'll need to modify it to add the additional PS command
# modify the existing Settings.commandToExecute blob to add the reg set command
$vmss.VirtualMachineProfile.ExtensionProfile.Extensions[3].Settings.commandToExecute = 'powershell -ExecutionPolicy Unrestricted -File AzureQualysCloudAgentPowerShell_v2.ps1 && powershell -c "Set-ItemProperty -Path HKLM:\System\ControlSet001\Control\FileSystem -Name LongPathsEnabled -Value 1"'
# update the VMSS with the new config
Update-AzVmss -ResourceGroupName $vmss.ResourceGroupName -Name $vmss.Name -VirtualMachineScaleSet $vmss
I'd suggest using script extension and a simple powershell script to set this value. this will automatically get applied to all the instances (including to when you scale).
{
"apiVersion": "2018-06-01",
"type": "Microsoft.Compute/virtualMachineScaleSet/extensions",
"name": "config-app",
"location": "[resourceGroup().location]",
"properties": {
"publisher": "Microsoft.Compute",
"type": "CustomScriptExtension",
"typeHandlerVersion": "1.9",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": []
},
"protectedSettings": {
"commandToExecute": "powershell -c 'Set-Item HKLM:\System\CurrentControlSet\Policies\LongPathsEnabled -Value 1'"
}
}
}
The command itself is probably a bit off, but you can experiment on your local and get it right and then put it into the script extension
https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
I need to generalize and capture a linux virtual machine.
I deployed the VM using ARM template. In ARM template, I used the following to get VHD stored in storage account
"storageProfile": {
"imageReference": {
"publisher": "[variables('imagePublisher')]",
"offer": "[variables('imageOffer')]",
"sku": "[variables('imageSku')]",
"version": "latest"
},
"osDisk": {
"name": "[parameters('virtualMachineName')]",
"createOption": "fromImage",
"vhd": {
"uri": "[concat(concat(reference(resourceId(variables('resourceGroupName'), 'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2015-06-15').primaryEndpoints['blob'], 'vhds/'), parameters('virtualMachineName'), concat(uniqueString(resourceGroup().id), '.vhd'))]"
}
},
"dataDisks": []
},
Now I am following this document to create and image and VM.
When I execute the following command, I am getting error
az image create --resource-group myResourceGroup --name myImage --source myVM
The storage account containing blob https://testvmstorage.blob.core.windows.net/vhds/testvmyrg5wfer6xbcg.vhd is or has been encrypted. Copy the blob to an unencrypted storage account before importing.
When your storage account is encryption, you will get the error log. You could check it on Azure Portal.
Now, if you want to the VHD to create a image, you need create a non-encryption account and copy the VHD to it. You could use Azcopy to copy VHDs between containers. Just an example below:
AzCopy /Source:https://shuidisks446.blob.core.windows.net/vhds /Dest:https://shuidiag102.blob.core.windows.net/vhds /SourceKey:sGqtdFHQWQWYyf2tRWGF5jkeAEubTp13AVaeTM25QogxXE+K0Ezq1ulcs18qGVPhCEp6ULdLLbKVa7fMbUvYZg== /DestKey:iCjeS+eegjkSJXHjH2UqCkqXnUPiCGvxaOG0Ad2LoPgUnvBoWl9wQJtC1jc//lOj4CF7khpLQe791P4QeyTY6Q== /Pattern:shui20161222141315.vhd
After the VHD transfers to new storage account, you could use the VHD to create a snapshot, then use the snapshot to create image.
Note: You could not create image with VHD directly.
You could use the following commands.
az snapshot create -g shui2 -n shuisna --source https://shui2.blob.core.windows.net/vhds/shui20170607110945.vhd
az image create -g shui2 -n shuiimage --source shuisna --os-type linux