ARM Template with KeyVault - SQL vs. VM - azure

I have an Azure ARM template which creates a SQL Server and a VM. Both refer to the KeyVault to get the Admin-Password:
"resources": [
{
"type": "Microsoft.Sql/servers",
"kind": "v12.0",
"name": "[variables('vSqlServerName')]",
"tags": {
"Environment": "[parameters('pEnvironment')]",
"DisplayName": "SQL Server",
"UDID": "SQLServer" // Unique Deployment ID (for later reference)
},
"apiVersion": "[variables('vSqlAPIVersion')]",
"location": "[resourceGroup().location]",
"properties": {
"administratorLogin": "[variables('vSqlAdminUser')]",
"administratorLoginPassword":{
"reference": {
"keyVault": {
"id": "[concat(resourceGroup().id, '/providers/Microsoft.KeyVault/vaults/', variables('vKeyVaultName'))]"
},
"secretName": "SQLDW-AdminPassword"
}
},
"version": "12.0"
},
},
{
"type": "Microsoft.Compute/virtualMachines",
"name": "[concat(variables('vSqlVMName'), variables('vSuffixVM'))]",
"apiVersion": "2015-06-15",
"location": "[resourceGroup().location]",
"properties": {
"hardwareProfile": {
"vmSize": "Standard_DS5_v2"
}
"osProfile": {
"computerName": "[variables('vSqlVMName')]",
"adminUsername": "[variables('vWinAdminUser')]",
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
},
"secrets": [],
"adminPassword": {
"reference": {
"keyVault": {
"id": "[concat(resourceGroup().id, '/providers/Microsoft.KeyVault/vaults/', variables('vKeyVaultName'))]"
},
"secretName": "VM-LocalAdminPassword"
}
}
}
}
]
this works just fine for SQL, but not for the VM
the error i get is this:
{
11:16:27 - [ERROR] "target": "vm.properties.osProfile.adminPassword",
11:16:27 - [ERROR] "message": "Unexpected character encountered while parsing value: {.
11:16:27 - [ERROR] Path 'properties.osProfile.adminPassword', line 1, position 785."
11:16:27 - [ERROR] },

You cannot use Key Vault reference directly in the template with VM's for sure. So you have to use a parameter file for that.
So in your parameter file you would have:
...
"adminPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.KeyVault/vaults/{}"
},
"secretName": "secretName"
}
},
...
and in the template:
"osProfile": {
"computerName": "[variables('vSqlVMName')]",
"adminUsername": "[variables('vWinAdminUser')]",
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
},
"secrets": [],
"adminPassword": "[parameters('adminPassword')]"
}
And you would use the parameters file to supply parameters to the deploment, or, alternatively, you can convert VM deployment to a nested template deployment, that way you can pass parameters directly from your parent template, without parameters file.
Refer to this example. It doesn't deal with VM's but the idea is the same.

Related

ARM Template for creating VM in azure using existing VHD Uri (osDiskVHDUri) & join to domain

Use-case description:
I've a use case wherein, we need to create a VM in azure using the existing VHD Uri available in storage account & the same ARM template should have the feasibility to join to domain. At the present currently tried working & executing the ARM template which has only flexibility of using the existing VHD Uri and creating a VM (this Uri will act as "OsDiskVhdUri") & another template has only the ability to create new VM and join to domain these are working on standalone basis.
Key highlighters:-
Need a template which has both "OsDiskVhdUri" & domain join parameters.
Template reference should be "OsDiskVhdUri", because when i tried integrating both templates & troubleshooting - Image reference related errors are there on while deployment.
The very important point, was - the ARM template while blueprint assignment asks for OsDiskVhdUri parameter and although I give the Uri for creating the VM, with the below template, it doesn't seems to take that Uri" instead it creates a NEW VM every time and attaches to domain.
Deployment method is blueprint in Azure.
Error:-
type 'Template' failed to deploy due to the following error: Template deployment failed with error [ { "message": "Could not find member 'osDiskVhdUri' on object of type 'ImageReference'. Path 'properties.storageProfile.imageReference.osDiskVhdUri', line 1, position 237." }
Exhausted all methods finding still deeper dive into it & any guidance on this will be highly appreciated!!
Code for reference:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"existingVNETName": {
"type": "string",
"metadata": {
"description": "Existing VNET that contains the domain controller"
}
},
"osDiskVhdUri": {
"type": "string",
"metadata": {
"description": "Uri of the existing VHD in ARM standard or premium storage"
}
},
"osType": {
"type": "string",
"defaultValue": "2019-Datacenter",
"allowedValues": [
"2019-Datacenter"
],
"metadata": {
"description": "The Windows version for the VMs. Allowed values: 2008-R2-SP1, 2012-Datacenter, 2012-R2-Datacenter."
}
},
"existingSubnetName": {
"type": "string",
"metadata": {
"description": "Existing subnet that contains the domain controller"
}
},
"vmname": {
"type": "string",
"metadata": {
"description": "Unique public DNS prefix for the deployment. The fqdn will look something like '<dnsname>.westus.cloudapp.azure.com'. Up to 62 chars, digits or dashes, lowercase, should start with a letter: must conform to '^[a-z][a-z0-9-]{1,61}[a-z0-9]$'."
}
},
"vmSize": {
"type": "string",
"defaultValue": "Standard_D2_v2",
"metadata": {
"description": "The size of the virtual machines"
}
},
"domainToJoin": {
"type": "string",
"metadata": {
"description": "The FQDN of the AD domain"
}
},
"domainUsername": {
"type": "string",
"metadata": {
"description": "Username of the account on the domain"
}
},
"domainPassword": {
"type": "string",
"metadata": {
"description": "Password of the account on the domain"
}
},
"ouPath": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies an organizational unit (OU) for the domain account. Enter the full distinguished name of the OU in quotation marks. Example: \"OU=testOU; DC=domain; DC=Domain; DC=com\""
}
},
"domainJoinOptions": {
"type": "int",
"defaultValue": 3,
"metadata": {
"description": "Set of bit flags that define the join options. Default value of 3 is a combination of NETSETUP_JOIN_DOMAIN (0x00000001) & NETSETUP_ACCT_CREATE (0x00000002) i.e. will join the domain and create the account on the domain. For more information see https://msdn.microsoft.com/en-us/library/aa392154(v=vs.85).aspx"
}
},
"vmAdminUsername": {
"type": "string",
"metadata": {
"description": "The name of the administrator of the new VM and the domain. Exclusion list: 'admin','administrator"
}
},
"vmAdminPassword": {
"type": "string",
"metadata": {
"description": "The password for the administrator account of the new VM and the domain"
}
},
"location": {
"type": "string",
"defaultValue": "East US",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"storageAccountName": "[concat('diags', uniquestring(resourceGroup().id))]",
"diskName": "[concat('diags', uniquestring(resourceGroup().id))]",
"osDiskVhdUri": "[concat(parameters('osDiskVhdUri'), '-image')]",
"nicName": "[concat(parameters('vmname'),'Nic')]",
"publicIPName": "[concat(parameters('vmname'),'Pip')]",
"subnetId": "[resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('existingVNETName'), parameters('existingSubnetName'))]"
},
"resources": [
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPName')]",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "[parameters('vmname')]"
}
}
},
{
"type": "Microsoft.Compute/disks",
"apiVersion": "2018-09-30",
"name": "[variables('diskName')]",
"location": "[parameters('location')]",
"properties": {
"creationData": {
"createOption": "Import",
"sourceUri": "[parameters('osDiskVhdUri')]"
}
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"location": "[parameters('location')]",
"properties": {
"accountType": "Standard_LRS"
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPName'))]"
},
"subnet": {
"id": "[variables('subnetId')]"
}
}
}
]
}
},
{
"type": "Microsoft.Compute/images",
"apiVersion": "2020-06-01",
"name": "[variables('imageName')]",
"location": "[parameters('location')]",
"properties": {
"hyperVGeneration": "V2",
"storageProfile": {
"osDisk": {
"osType": "[parameters('osType')]",
"osState": "Generalized",
"blobUri": "[parameters('osDiskVhdUri')]",
"caching": "ReadWrite",
"storageAccountType": "Standard_LRS"
}
}
}
},
{
"apiVersion": "2020-06-01",
"type": "Microsoft.Compute/virtualMachines",
"name": "[parameters('vmName')]",
"location": "[parameters('location')]",
"tags": {
"displayName": "VirtualMachine"
},
"dependsOn": [
"[variables('nicName')]",
"[variables('imageName')]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[parameters('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPasswordOrKey')]",
"linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), json('null'), variables('linuxConfiguration'))]"
},
"storageProfile": {
"imageReference": {
"id": "[resourceId('Microsoft.Compute/images', variables('imageName'))]"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(variables('diagStorageAccountName')).primaryEndpoints.blob]"
}
}
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vmname'),'/joindomain')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmname'))]"
],
"properties": {
"publisher": "Microsoft.Compute",
"type": "JsonADDomainExtension",
"typeHandlerVersion": "1.3",
"autoUpgradeMinorVersion": true,
"settings": {
"Name": "[parameters('domainToJoin')]",
"OUPath": "[parameters('ouPath')]",
"User": "[concat(parameters('domainToJoin'), '\\', parameters('domainUsername'))]",
"Restart": "true",
"Options": "[parameters('domainJoinOptions')]"
},
"protectedSettings": {
"Password": "[parameters('domainPassword')]"
}
}
}
]
}
If you want to create Azure VM with vhd file, please update your template as below
{
"type": "Microsoft.Compute/images",
"apiVersion": "2020-06-01",
"name": "[variables('imageName')]",
"location": "[parameters('location')]",
"properties": {
"hyperVGeneration": "V2",
"storageProfile": {
"osDisk": {
"osType": "[parameters('osType')]",
"osState": "Generalized",
"blobUri": "[parameters('osDiskVhdUri')]",
"caching": "ReadWrite",
"storageAccountType": "Standard_LRS"
}
}
}
},
{
"apiVersion": "2020-06-01",
"type": "Microsoft.Compute/virtualMachines",
"name": "[parameters('vmName')]",
"location": "[parameters('location')]",
"tags": {
"displayName": "VirtualMachine"
},
"dependsOn": [
"[variables('nicName')]",
"[variables('imageName')]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[parameters('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPasswordOrKey')]",
"linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), json('null'), variables('linuxConfiguration'))]"
},
"storageProfile": {
"imageReference": {
"id": "[resourceId('Microsoft.Compute/images', variables('imageName'))]"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(variables('diagStorageAccountName')).primaryEndpoints.blob]"
}
}
}
}

Setting adminPassword not effective; linux deployed in Azure Resource Manager

I'm using ARM templates to deploy linux machines. Inside of my Microsoft.Compute/virtualMachines deployment, I have properties including this (following the docs)
"osProfile": {
"computerName": "computer-name-here",
"adminUsername": "[parameters('AdminUserName')]",
"adminPassword": "password following rules here",
"linuxConfiguration": {
"disablePasswordAuthentication": false
}
"secrets": []
},
The problem is that login with that username and password doesn't work with the VM.
When the machine spins, then ssh user#host fails, saying public key authentication failed. When I use special flags to force asking for a password, same result.
When I check the automation script for the VM, I see that my properties came through, but adminPassword is missing. I assume they're removing that from the console for security, but the SSH client sure makes it look like it's ignoring my configured parameters and enabling ssh key only access.
Is username/password login possible using Azure, or have I missed something?
EDIT More details:
The way my osProfile is generated is via a template that does this: (note I'm prepending "password" to the username to make ultra sure the substitutions are correct)
"authConfig-sshpublickey": {
"adminUsername": "[concat('pubkey-',parameters('AdminUserName'))]",
"adminPassword": "",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[concat('/home/', parameters('AdminUserName'),'/.ssh/authorized_keys')]",
"keyData": "[parameters('AdminCredential')]"
}
]
}
}
},
"authConfig-password": {
"adminUsername": "[concat('password-',parameters('AdminUserName'))]",
"linuxConfiguration": null,
"adminPassword": "[parameters('AdminCredential')]"
},
"authConfig": "[variables(concat('authConfig-',parameters('AdminAuthType')))]"
Then I'm setting it in the VM like this:
"osProfile": {
"computerName": "[concat(variables('namePrefixes').vm, '-', copyIndex())]",
"adminUsername": "[variables('authConfig').adminUsername]",
"adminPassword": "[variables('authConfig').adminPassword]",
"linuxConfiguration": "[variables('authConfig').linuxConfiguration]"
},
Because at runtime I'm using AdminAuthType=password, it's taking that substitution.
I run the template, it sets up all of my infrastructure correctly, then I go into the Azure console, check the automation script for the resulting VMs, and I see this:
"osProfile": {
"computerName": "[parameters('extra stuff here')]",
"adminUsername": "password-myuser",
"linuxConfiguration": {
"disablePasswordAuthentication": false
},
"secrets": []
},
So, conclusions:
It is substituting on the basis of password auth
It's plugging in linuxConfiguration when I told it explicitly not to.
adminPassword isn't showing up in the automation script, but as said before I'm not sure if this is for security reasons, or it's never actually making it through.
The exact answer is yes, it's possible to log in via username/password on Azure. With the template you posted, you can just ignore the property "linuxConfiguration" and "secrets". The simple template can be just this:
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
Without the property "linuxConfiguration" so that the ssh key will not be configured. And the whole template example below:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUsername": {
"type": "string",
"metadata": {
"description": "User name for the Virtual Machine."
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the Virtual Machine."
}
},
"dnsLabelPrefix": {
"type": "string",
"metadata": {
"description": "Unique DNS Name for the Public IP used to access the Virtual Machine."
}
},
"ubuntuOSVersion": {
"type": "string",
"defaultValue": "16.04.0-LTS",
"allowedValues": [
"12.04.5-LTS",
"14.04.5-LTS",
"15.10",
"16.04.0-LTS"
],
"metadata": {
"description": "The Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'salinuxvm')]",
"imagePublisher": "Canonical",
"imageOffer": "UbuntuServer",
"nicName": "myVMNic",
"addressPrefix": "10.0.0.0/16",
"subnetName": "Subnet",
"subnetPrefix": "10.0.0.0/24",
"storageAccountType": "Standard_LRS",
"publicIPAddressName": "myPublicIP",
"publicIPAddressType": "Dynamic",
"vmName": "MyUbuntuVM",
"vmSize": "Standard_A1",
"virtualNetworkName": "MyVNET",
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2017-06-01",
"location": "[parameters('location')]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "Storage",
"properties": {}
},
{
"apiVersion": "2017-04-01",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsLabelPrefix')]"
}
}
},
{
"apiVersion": "2017-04-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]"
}
}
]
}
},
{
"apiVersion": "2017-04-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
]
}
},
{
"apiVersion": "2017-03-30",
"type": "Microsoft.Compute/virtualMachines",
"name": "[variables('vmName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"[resourceId('Microsoft.Network/networkInterfaces/', variables('nicName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[variables('vmSize')]"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "[variables('imagePublisher')]",
"offer": "[variables('imageOffer')]",
"sku": "[parameters('ubuntuOSVersion')]",
"version": "latest"
},
"osDisk": {
"createOption": "FromImage"
},
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2016-01-01').primaryEndpoints.blob)]"
}
}
}
}
],
"outputs": {
"hostname": {
"type": "string",
"value": "[reference(variables('publicIPAddressName')).dnsSettings.fqdn]"
},
"sshCommand": {
"type": "string",
"value": "[concat('ssh ', parameters('adminUsername'), '#', reference(variables('publicIPAddressName')).dnsSettings.fqdn)]"
}
}
}
Also, the NSG rules will be check if it allows the traffic. Hope this will help you.
Update
When you create the VM with a password, the configuration of the password in the template after creating the VM will like below and you cannot see the password because of the security:
If you create the VM with the public ssh key, it will like this:
You set both authentication ways in the template you posted that you use to create VM. Please select one to set. If you choose the password please follow the template I have posted above.

Azure ARM Template

Need you Help on something really quick :
How to set storage account "soft delete" option enabled using arm template?
2.What's the property that I should be using in arm template. Tried browsing through this site but couldn't get muchinformation - https://learn.microsoft.com/en-us/rest/api/storagerp/storageaccounts/getproperties
Any help is Much Appreciated.
Rocky
It seems that with the release of the 2018-11-01 version of the storage template it's now possible to enable soft delete in your ARM template.
Below you can find the template I've used:
{
"parameters": {
"NameForResources": {
"type": "string",
},
"ResourceLocation": {
"type": "string",
"defaultValue": "westeurope"
},
"Storage_Type": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS"
],
"metadata": {
"description": "Storage Account type"
}
}
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"sku": {
"name": "[parameters('Storage_Type')]"
},
"kind": "Storage",
"name": "[parameters('NameForResources')]",
"apiVersion": "2018-11-01",
"location": "[parameters('ResourceLocation')]",
"properties": {
"encryption": {
"services": {
"blob": {
"enabled": true
},
"file": {
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"supportsHttpsTrafficOnly": true
},
"resources": [
{
"name": "[concat(parameters('NameForResources'),'/','default')]",
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2018-11-01",
"properties": {
"deleteRetentionPolicy": {
"enabled": true,
"days": 30
}
},
"dependsOn": ["[concat('Microsoft.Storage/storageAccounts/', parameters('NameForResources'))]"]
}
]
}
],
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0"
}
I do not think it is currently possible to configure soft delete using ARM. Soft delete is a blob service property, not a property of the storage account.
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete#powershell
For keyvaults, use "enableSoftDelete": true.
For storage accounts, add a blob service with 1) the following properties and 2) a dependsOn condition on the storage account:
{
"name": "[concat(parameters('storageAccountName'), '/default')]",
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2018-07-01",
"properties": {
"deleteRetentionPolicy": {
"enabled": true,
"days": 30
}
},
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
]
}

Microsoft.Compute/virtualMachines/extensions' has incorrect segment lengths

I'm unable to deploy this NESTED template because of an Custom Script Extension (CompDesc) that I've added to it. I am prompted with the following error when trying to deploy:
Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The template resource 'CompDesc' for type 'Microsoft.Compute/virtualMachines/extensions' at line '207' and column '6' has incorrect segment lengths. A nested resource type must have identical number of segments as its resource name. A root resource type must have segment length one greater than its resource name. Please see https://aka.ms/arm-template/#resources for usage details.'.
As you can see it already has a DSC extension which I have tested and deployed perfectly fine, but I also need to add this CSE for a small .ps1 script.
I have checked out:
Azure website resource template error
and Set ARM Template Web appSetting
I have tried:
changing the name to 1 word
changing the type to 1 word
changing the name to [concat(parameters('vmName'),'/extension')]
changing the type to Microsoft.Compute/virtualMachines/extensions
nested the resource inside the VM resource, and then changed the name and type to one of the varieties I've tried
removed the CSE from the VM resource and placed it on its own (as it is now shown), and then changed the name and type to one of the varieties I've tried
I know it has something to do with the naming convention, but I'm unsure on how to fix it. Bear in mind, that this is a nested template. From what I read and understand from the error, nested templates must have identical segments as its resource name, which I've tried.
Please, any ideas?
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the Virtual Machine."
}
},
"adminUsername": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Username for the Virtual Machine."
}
},
"computerDescription": {
"type": "string",
"metadata": {
"description": "The description name of the VM."
}
},
"nicName": {
"type": "string",
"metadata": {
"description": "The name of the VM nic"
}
},
"nodeConfigurationName": {
"type": "string",
"metadata": {
"description": "The name of the node configuration, on the Azure Automation DSC pull server, that this node will be configured as"
}
},
"projectTag": {
"type": "string",
"metadata": {
"description": "name of the Project"
}
},
"registrationKey": {
"type": "securestring",
"metadata": {
"description": "Registration key to use to onboard to the Azure Automation DSC pull/reporting server"
}
},
"registrationUrl": {
"type": "string",
"metadata": {
"description": "The URL to register against the DSC automation server"
}
},
"sasToken": {
"type": "securestring",
"metadata": {
"description": "Generated SAS token to be used."
}
},
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "name of the vNet"
}
},
"vmName": {
"type": "string",
"defaultValue": "myVM",
"metadata": {
"description": "The name of the VM resource"
}
},
"windowsOSVersion": {
"type": "string",
"metadata": {
"description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version. Allowed values: 2008-R2-SP1, 2012-Datacenter, 2012-R2-Datacenter."
}
}
},
"variables": {
// Configuration for the VM
"imagePublisher": "MicrosoftWindowsServer",
"imageOffer": "WindowsServer",
"vmSize": "Standard_A2",
"vhdStorageAccountName": "[concat('vhdstorage', uniqueString(resourceGroup().id))]",
"vhdStorageContainerName": "vhds",
"vhdStorageType": "Standard_LRS",
// Configuration for network
"publicIPAddressName": "myPublicIP",
"publicIPAddressType": "Dynamic",
"subnetRef": "[concat(variables('vnetId'), '/subnets/', variables('subnetName'))]",
"subnetName": "default",
"vnetId": "[resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]",
// Configuration of the DSC
"allowModuleOverwrite": false,
"actionAfterReboot": "ContinueConfiguration",
"configurationFunction": "UpdateLCMforAAPull.ps1\\ConfigureLCMforAAPull",
"configurationMode": "ApplyAndAutoCorrect",
"configurationModeFrequencyMins": 15,
"modulesUrl": "[concat('REDACTED', parameters('sasToken'))]",
"refreshFrequencyMins": 30,
"rebootNodeIfNeeded": true,
"timestamp": "MM/dd/yyyy H:mm:ss tt"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('vhdStorageAccountName')]",
"apiVersion": "2016-01-01",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "StorageAccount"
},
"sku": {
"name": "[variables('vhdStorageType')]"
},
"kind": "Storage"
},
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "PublicIPAddress"
},
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]"
}
},
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Network/networkInterfaces",
"name": "[parameters('nicName')]",
"location": "[resourceGroup().location]",
"properties": {
"ipConfigurations": [
{
"name": "ipconfig",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
]
}
},
{
"apiVersion": "2017-03-30",
"type": "Microsoft.Compute/virtualMachines",
"name": "[parameters('vmName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "[concat(parameters('vmName'), parameters('projectTag'))]"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', variables('vhdStorageAccountName'))]",
"[resourceId('Microsoft.Network/networkInterfaces/', parameters('nicName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[variables('vmSize')]"
},
"osProfile": {
"computerName": "[parameters('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "[variables('imagePublisher')]",
"offer": "[variables('imageOffer')]",
"sku": "[parameters('windowsOSVersion')]",
"version": "latest"
},
"osDisk": {
"createOption": "FromImage"
},
"dataDisks": [
{
"diskSizeGB": 1023,
"lun": 0,
"createOption": "Empty"
}
]
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('vhdStorageAccountName')), '2016-01-01').primaryEndpoints.blob]"
}
}
}
},
{
"name": "CompDesc",
"type": "extensions",
"location": "[resourceGroup().location]",
"apiVersion": "2016-03-30",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
],
"tags": {
"displayName": "CompDesc"
},
"properties": {
"publisher": "Microsoft.Compute",
"type": "CustomScriptExtension",
"typeHandlerVersion": "1.4",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": [
"[concat('REDACTED', parameters('sasToken'))]"
],
"commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File compdesc.ps1', ' ', '\"', parameters('computerDescription'), '\"')]"
}
}
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vmName'),'/Microsoft.Powershell.DSC')]",
"apiVersion": "2015-06-15",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
],
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.19",
"autoUpgradeMinorVersion": true,
"protectedSettings": {
"Items": {
"registrationKeyPrivate": "[parameters('registrationKey')]"
}
},
"settings": {
"ModulesUrl": "[variables('modulesUrl')]",
"SasToken": "",
"ConfigurationFunction": "[variables('configurationFunction')]",
"Properties": [
{
"Name": "RegistrationKey",
"Value": {
"UserName": "PLACEHOLDER_DONOTUSE",
"Password": "PrivateSettingsRef:registrationKeyPrivate"
},
"TypeName": "System.Management.Automation.PSCredential"
},
{
"Name": "RegistrationUrl",
"Value": "[parameters('registrationUrl')]",
"TypeName": "System.String"
},
{
"Name": "NodeConfigurationName",
"Value": "[parameters('nodeConfigurationName')]",
"TypeName": "System.String"
},
{
"Name": "ConfigurationMode",
"Value": "[variables('configurationMode')]",
"TypeName": "System.String"
},
{
"Name": "ConfigurationModeFrequencyMins",
"Value": "[variables('configurationModeFrequencyMins')]",
"TypeName": "System.Int32"
},
{
"Name": "RefreshFrequencyMins",
"Value": "[variables('refreshFrequencyMins')]",
"TypeName": "System.Int32"
},
{
"Name": "RebootNodeIfNeeded",
"Value": "[variables('rebootNodeIfNeeded')]",
"TypeName": "System.Boolean"
},
{
"Name": "ActionAfterReboot",
"Value": "[variables('actionAfterReboot')]",
"TypeName": "System.String"
},
{
"Name": "AllowModuleOverwrite",
"Value": "[variables('allowModuleOverwrite')]",
"TypeName": "System.Boolean"
},
{
"Name": "Timestamp",
"Value": "[variables('timestamp')]",
"TypeName": "System.String"
}
]
}
}
}
]
}
My god, an oversight by myself. I forgot to re-upload the nested template to blob storage once I made my changes. So dumb.
Anyway, for those that want to know;
https://github.com/blumu/azure-content/blob/master/articles/resource-manager-common-deployment-errors.md

Deploying more than 1 azure vm from base packer image

I have problem deploying more than one azure vms from custom image (aka ami) built using packer.
Here's my packer script to create the base image:
{
"builders": [
{
"type": "azure-arm",
"client_id": "CHANGE_ME",
"client_secret": "CHANGE_ME",
"object_id": "CHANGE_ME",
"subscription_id": "CHANGE_ME",
"tenant_id": "CHANGE_ME",
"resource_group_name": "packerrgvm",
"storage_account": "packerrgvm",
"capture_container_name": "images",
"capture_name_prefix": "packer",
"os_type": "Linux",
"image_publisher": "Canonical",
"image_offer": "UbuntuServer",
"image_sku": "16.04.0-LTS",
"azure_tags": {
"dept": "engineering"
},
"location": "westeurope",
"vm_size": "Standard_A2"
}
],
"provisioners": [
{
"type": "shell",
"inline": ["do sth interesting here"]
},
{
"type": "shell",
"inline": [
"sudo /usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"
]
}
]
}
Now, I'm trying to deploy new vm using ARM templates. My template contains imageName, imageUri and vhdUri provided by packer after successfull build. Vnets, network interfaces etc ommited:
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Compute/virtualMachines",
"name": "[variables('workerVM').machine.name]",
"location": "[resourceGroup().location]",
"properties": {
"hardwareProfile": {
"vmSize": "[variables('workerVM').machine.size]"
},
"storageProfile": {
"osDisk": {
"osType": "Linux",
"name": "[variables('workerVM').machine.imageName]",
"createOption": "FromImage",
"image": {
"uri": "[variables('workerVM').machine.imageUri]"
},
"vhd": {
"uri": "[variables('workerVM').machine.vhdUri]"
},
"caching": "ReadWrite"
}
},
"osProfile": {
"computerName": "[variables('workerVM').machine.name]",
"adminUsername": "[variables('workerVM').machine.adminUsername]",
"adminPassword": "[variables('workerVM').machine.adminPassword]"
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('workerVM').network.nicName)]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": false
}
},
"provisioningState": 0
}
}
When I deploy it for the first time, it works. Hovewer, even if I remove my resource group completely and try to deploy the vm once again, I get the following error:
error: The resource operation completed with terminal provisioning state 'Failed'.
error: Blob https://packerrgvm.blob.core.windows.net/vmcontainera1ba96d3-a593-44b9-8c71-1d345ef67a2d/osDisk.a1ba96d3-a593-44b9-8c71-1d345ef67a2d.vhd already exists. Please provide a different blob URI as target for disk 'packer-osDisk.49359f62-5c49-44c1-aed8-4ea1613ab2e9.vhd'.
Is it possible to use custom ami built by packer this way?
how do i create more than 1 vm from single base image built with backer
You could change the value vhdUri variable before re-deploy the ARM template.
"vhd": {
"uri": "[variables('workerVM').machine.vhdUri]"
}
The vhdUri variable in your ARM template could be like this,
"variables": {
"workerVM": {
"machine": {
"vhdUri": "reset this uri"
}
}
In ARM template add below storage resource which uses image uri generated by packer
{
"type": "Microsoft.Compute/images",
"apiVersion": "2016-04-30-preview",
"name": "[variables('imageName')]",
"location": "[resourceGroup().location]",
"properties": {
"storageProfile": {
"osDisk": {
"osType": "Windows",
"osState": "Generalized",
"blobUri": "[parameters('your_image_uri_generated_by_packer')]",
"storageAccountType": "Standard_LRS"
}
}
}
},
And modify storage profile property in Microsoft.Compute/virtualMachines to use this resource
"storageProfile": {
"imageReference": {
"id": "[resourceId('Microsoft.Compute/images', variables('imageName'))]"
}
},

Resources