I have an ARM template to deploy/update the full Azure infrastructure for my application.
Our build server should run the template, and add/update/delete resources that are add/changed/deleted. To make this work, I have chosen for the "Complete" deployment mode.
To test the ARM template, I have to following power shell script:
param(
$tenantId = "",
$subscriptionId = ""
)
Clear-Host
Login-AzureRmAccount -TenantId $tenantId -SubscriptionId $subscriptionId
New-AzureRmResourceGroupDeployment `
-Name "x" `
-ResourceGroupName "rg-test" `
-TemplateFile $PSScriptRoot/resource-template.json `
-TemplateParameterFile $PSScriptRoot/parameters-test.json `
-Mode Complete
This powershell script is only used to test the template, because a vsts release step will be responsible for the execution of the ARM template into the resource group.
We want to use 1 template to deploy everything (to keep it simple, just a Web Service plan and a web app service), but we have resources that doesn't need to be deployed in some environments. Different environments will use different pricing plans, and some of them will need a Deployment Slot, others won't (to save costs).
I have read about the nested templates, and at first it seemed to solve my problem... but it doesn't.
I cannot use the nested templates in a "Complete deployment".
Does anyone know another way, to flag if a resource needs to be deployed or not, is not the "nested-template"-approach and works for the full deployment type?
We could create different parameter files for different environments (dev, test, or production), and then we could customize the deployment by providing values that are tailored for a particular environment. Besides, as we know, we could use nested templates for conditional deployment, but only the root-level template is allowed Complete for the deployment mode. If you have to use Complete mode, you may need to write script to dynamically generate your templates for different environments based on your requirements and business logic.
Related
I am creating a StorageAccount & Containers using ARM script
I use New-AzDeployment to create the resources. The resources are created properly. I want to remove the deployment
When I run Remove-AzDeployment -Name ; the deployment is removed, however the resources are not deleted.
How do I ensure that the resources are also deleted. I am using the new Az Module in powershell instead of the old Azure Module
The Remove-AzDeployment cmdlet is used to remove a deployment from the deployment history. It won't remove resources deployed in this particular deployment.
You can remove resources from the resource group using Remove-AzResource, like this:
Get-AzResource -ResourceGroupName $ResourceGroupName | Remove-AzResource -Force
I have a ARM template that I use to create a keyvault.
For a very specific reason, I need to manually set access policies on my keyvault once it's created.
If I run my ARM template again (to change some settings), the access policies I manually set are deleted.
What function or trick can I use to have an ARM template that combines access policies in the ARM template with the access policies that were set manually?
It is not possible; if you are using access policies, then you must specify them as you deploy the Microsoft.KeyVault/vaults resource.
The ARM reference says
access policies are required
There is a workaround, but it is not simple. Instead of using access policies, you need to use the RBAC model to define access to your key vault.
That is what is recommended by Microsoft in response to a feature request ARM Template for KeyVault to have AccessPolicies non-mandatory:
For anyone who opens this feedback item:
Use RBAC permission model: https://docs.microsoft.com/en-us/azure/key-vault/general/rbac-migration
That could be because you might be deploying the ARM template in Complete mode. Verify the command being used to deploy the template and check for any -Mode parameter being passed.
To elaborate, there are two modes in which ARM templates can be deployed:
Incremental: In incremental mode, Resource Manager leaves unchanged resources that exist in the resource group but aren't specified in the template. Resources in the template are added to the resource group.
Complete: In complete mode, Resource Manager deletes resources that exist in the resource group but aren't specified in the template.
The default mode of deployment is always incremental, although you can override it by passing the -Mode parameter explicitly.
To set the deployment mode to Complete or Incremental explicitly when deploying with PowerShell, use the Mode parameter as follows:
New-AzResourceGroupDeployment `
-Mode Incremental `
-Name ExampleDeployment `
-ResourceGroupName ExampleResourceGroup `
-TemplateFile c:\MyTemplates\storage.json
Skipping the -Mode parameter completely is also as good as deploying in Incremental mode.
Tip: Always use the what-if operation before deploying a template
in complete mode. What-if shows you which resources will be created,
deleted, or modified. Use what-if to avoid unintentionally deleting
resources.
I have a classic Compute resource. I need to move some old deployment code that used Azure.Service module to Az and I was wondering, is there a way to manage that with Az or something up to date?
I have to upload some .cspkg and some .cscfg files. There is more to it, but basically, this was done using this cmdlet and the related ones, Set, Get etc.
I used Az.Resources' cmdlet New-AzResource to create it:
New-AzResource `
-Location 'location' `
-ResourceGroupName 'rgName' `
-ResourceType 'Microsoft.ClassicCompute/domainNames' `
-ResourceName 'rName' `
-ApiVersion '2018-06-01'
What cmdlets could I use to manage this resource?
In your case, you could use Az.CloudService module commands, to upload some .cspkg and some .cscfg files, use New-AzCloudService with parameters -PackageUrl and -ConfigurationUrl(or -Configuration).
The command New-AzCloudService can Create or update a cloud service, i.e. New, Set operations, to do Get operation, use Get-AzCloudService command.
Anyway, see here for all the commands to manage Microsoft.ClassicCompute/domainNames i.e. Cloud service, use them depends on your requirement.
Update:
In this case, looks you could not migrate your commands to Az module, Az.CloudService is for the new Cloud Service(extended support) which is ARM(Azure Resource Manager) based, and it is in the preview version, see Deploy a Cloud Service (extended support) using Azure PowerShell, some features might not be supported, I think the error was caused by this.
What you are using is Cloud Service(classic), it is ASM(Azure Service Management) based, the new Az module is just for ARM resources.
So in your case, you may need to continue to use Azure.Service module, or you can migrate the ASM to ARM i.e. Cloud Service(classic) to Cloud Service(extended support), see Migration to Azure Resource Manager, but not recommend you to use it in the production environment as it is in preview.
I have created a relatively complex IaaS environment in one of my resource groups. The environment is working very well. Now I need to re-build the same environment in another RG for testing and validation.
What would be the easiest way to re-create the same environment in another Resource Group in the same subscription? I tried to export the resource group and downloaded it. The problem is that the file “parameters.json” includes hard coded references to the original resource group name.
Is there an easy way to copy all contents of a RG to another RG in the same environment?
Thank you,
Two approaches can be used here. You can remove the resource group reference from the template and parameter files and then simply specify the resource group when you deploy from the template using PowerShell, the portal, Azure CLI, etc.
To deploy using this method in PowerShell
New-AzureRmResourceGroupDeployment -Name ExampleDeployment -ResourceGroupName ExampleResourceGroup -TemplateFile <PathToTemplate> -TemplateParameterFile <PathToParameterFile>
Or
You can change the resource group to the new resource group in the parameters file and deploy.
You can read more about deploying using templates here.
Edit:
Just a note but you don't have to use a separate file for parameters. You can easily include the parameters in the template file as well.
I'm working on provisioning new Azure environment using ARM templates.
In order to deploy I use the Azure PowerShell New-AzureRmResourceGroupDeployment command, where I specify DeploymentName , ResourceGroupName etc.
However, when I want to remove the deployed resources by running
Remove-AzureRmResourceGroupDeployment -Name DeploymentName -ResourceGroupName RGname -Force
it does not remove resources. It just deletes a tag in deployment tab in Azure portal. Is there a way to rollback or remove deployment with related resources? I don't want to delete whole Resource group.
The general guidance from Microsoft is that a Resource Group contains zero or more resources that share a common lifecycle. Hence, they would probably tell you to separate different deployments into different Resource Groups.
I have actually tried the same thing you have before, but deleting a deployment only deletes the deployment metadata, not the actual resources that were provisioned by the deployment. It would be a great feature request to be able to "slice and dice" resources, based on the most recent deployment that they were a member of.
Here is the supporting documentation:
All of the resources in your group should share the same lifecycle. You will deploy, update and delete them together. If one resource, such as a database server, needs to exist on a different deployment cycle it should be in another resource group.
https://azure.microsoft.com/en-us/documentation/articles/resource-group-overview/#resource-groups
You can do this if you want to roll up your sleeves and write a bit more code... Though Trevor Sullivan has the best suggestion for overall management of resources.
Take a look at this cmdlet:
(Get-AzureRmResourceGroupDeploymentOperation -DeploymentName $DeploymentName -ResourceGroupName $RGName).Properties.ProvisioningOperation
(Get-AzureRmResourceGroupDeploymentOperation -DeploymentName $DeploymentName -ResourceGroupName $RGName).Properties.TargetResource.id
The first will tell you if the operation was a create operation on the resource, the second will give you the resourceId which you can then use to delete with:
Remove-AzureRMResource
But if you organize your resource groups by life cycle then removing the entire group is easier.
The other thing to watch out for here is resources that have dependencies on one another. I'm not sure what will happen in those cases (fail to delete, etc). I can't think of a specific problem to watch out for, just that I haven't spent much time looking at "clean up" this way...
To remove all the deployed resources under a specific resource group,
you should use the Azure PowerShell command:
Remove-AzureRmResourceGroup [-Name] <ResourceGroupName> [-Force <SwitchParameter>]
The Remove-AzureRmResourceGroupDeployment only removed the specific deployment by name and resource group name but not the resources.
Hope this helps!