I would like to keep each VM in separate resource group for ease for lifecycle management. I have a cluster containing n VLMs.
So I create one resource group for common things like public IP, load balancer and put availabilitySet declaration into it because is also must be shared between VMs.
Then I create VM in separate resource group and reference to availabilitySet with
"availabilitySet": {
"id": "[resourceId('Microsoft.Compute/availabilitySets',variables('availabilitySetName'))]"
},
Of cause 'availabilitySetName' is defined.
When I deploy my template I get an error saying
{"error":{"code":"BadRequest","message":"Entity resourceGroupName in resource reference id /subscriptions/a719381f-1fa0-4b06-8e29-ad6ea7d3c90b/resourceGroups/TB_PIP_OPSRV_UAT/providers/Microsoft.Compute/availabilitySets/tb_avlbs_opsrv_uat is invalid."}}
I double checked that resource and availability set name are specified correctly.
Does it mean that I can't put a set in separate resource group from VM?
Unfortunately, having a VM use an availabilitySet in a different resource group is not supported :(.
First of all, let me ask you why you want different resource groups? I strongly believe that you're overthinking it with multiple resource groups. A resource group is basically your "Entire System" and within the boundaries of one solution, you should only have one resource group for production, one for beta/staging etc, but never mix.
If you're selling SaaS to your customers it would make sense to have one resource group for each of your customers.
And as you know, a Resource group is simply a way for you to link together and manage all of the assets in your solution; vm's, storage, databases etc under one common name. I am very doubtful as to why one would want to consider multiple resource groups in a single solution, however, I am always willing to learn :)
Availability groups
Now, Availability groups are a different thing. This has to do with "Update Domains" and "Fault Domains" for your VM instances. Because Azure does not keep 3 separate VM's for you, as it does with most of it's PaaS services, you have to manage these yourself to ensure full uptime. Basically, when you're adding two or more VM's in an Availability Set, you're ensured that planned or unplanned events, at least one of the VM's will be available to meet the SLA.
Trying to combine the two in an effort of preventing downtime may sound like a good idea, but it is not solving any problems that I'm aware of. Like the old saying goes: if it aint broke, don't fix it :)
Related
To create a VNET and subnets in Azure, we use:
resource symbolicname 'Microsoft.Network/virtualNetworks#2021-05-01'
We can also defined subnets at the same time as we creating VNETs using the parameters in the above resource group.
There is another way to define subnets in Azure, using
Microsoft.Network/virtualNetworks/subnets
However Azure advises us that it is not a best practice to use this method, as they should be defined using the first method.
“Avoid defining subnets as child resources. This approach can result in downtime for your resources during subsequent deployments, or failed deployments.”
When creating security groups, similar to the above, we can create rules at the same time we are creating the security group as per:
Microsoft.Network networkSecurityGroups
However, we can also create them separately using
networkSecurityGroups/securityRules
Similar to the VNET Scenario above, is it a best practice to create a SG + rules at the same time, or create them independently?
If this question doesn't make sense apologies - new to this.
Similar to the VNET Scenario above, is it a best practice to create a
SG + rules at the same time, or create them independently
AFAIK, Network Security Groups should be deployed in the same way that VMs and other services are. It has to be happening at the same moment. Keeping everything in order.
To do that you can refer Microsoft.Network networkSecurityGroups/securityRules & this blog
I have one resource group that I set up with the portal and another that I tried to configure the same way using Terraform.
Each group contains
Application Gateway with Web App Firewall
Virtual networks and subnets
VMs and associated storage
Public IPs, NSGs, NIC etc
Is there a way for me to compare the two sets of configurations?
For you, I assume you want to create the same resources with the same configurations in another group through Terraform. On my side, there are not many things you need to care about. Just according to the configuration of the resources to create the terraform script.
each resource region
the public IP and the NIC allocation method
NSG rules
vnet and the subnet address prefix
application gateway properties and the rules
The above points are that I think you need to care about. And the properties of the resources in Terraform also need to according to. I think there is no other way to compare two sets of configurations. If you really want, you can compare the template of each group when you create them. The group template shows below:
No, i dont think there is a reasonable straight forward way of doing this, you can create a powershell script that would get resources in each resource group and then try and compare properties, but its hard to give some sort of estimation how accurate it would be, there is a Compare-Object cmdlet in powershell, which might help you with that.
Is there any way to disable or stop a particular resource group temporarily? I know we can delete the resource group or we can stop certain services under the resource group but I am unable to find a way where I can just shut down the resource group or all of it's resources at once, temporarily.
Please let me know if I can provide few more details about this.
Thanks.
This does not seem to be possible at the moment but a request has been made here, however, no response from Microsoft on what it's status.
In general, if there are features that are not available in e.g. Azure, use the feedback site to suggest and vote on new features.
However, if you only got some specific type of resources in your resource group, like e.g. virtual machines, then you can stop them all in one PowerShell command like this:
Get-AzureRmResourceGroup <group name> | Stop-AzureRmVM -Force
Note: this approach is highly dependent on the type of resource and not a generic solutions like requested
A resource group is just a bounding-box, serving as a grouping mechanism and a security boundary. You cannot "stop" a resource group, as a resource group is never running. Yes, you can delete a resource group (along with everything in it), but that's a one-shot operation. It's not a fine-grained resource-management operation.
As for the services inside a resource group: some can be stopped, some cannot. For instance, you cannot stop a storage account. Others have very different behaviors when stopped: A VM simply sleeps/hibernates until restarted with everything preserved, while an HDInsight cluster, when stopped, deletes everything.
TL;DR there is currently no way to point to a resource group and have it stop all of its services, given the variability of behavior (and the fact there's no such supported API). You'll need to manage your resource starts/stops.
I just had a new "MSDN account" hit its budget limit and that made me realize this SHOULD be achievable!
When this happened Microsoft "disabled" my subscription.
In my case, I'm actually fine with having to "fence the resources" within a subscription if I had to. But at the moment, I haven't found a way to easily stop/start it in this manor. Anyone a guru with the Azure budgets? It looks like they can be applied at a Resource Group level as well.
Can you "enable/disable" resource groups or subscriptions this way?
Simply want to create something. Pay for it, of course. Pay for storage, sure. But 'disable' it, until I need to run it. Then, Enable it. Simple. :)
I've been upvoting and watching this "Feature Request" thread for some time:
https://feedback.azure.com/forums/217313-networking/suggestions/17670613-hibernate-pause-a-resource-group-or-subscription
I have an interesting issue in Azure where somehow I've had some resources assign themselves to "Default-Web-NorthEurope" and some to "Default-Web-northeurope". (Note capitalisation)
Lets say I have Website1 and Website2. I'd like both of these to belong to the same App Service Plan. If I create a new one for "Website1" named "WebsitesServicePlan" The UI won't show me that plan when trying to change the plan for "Website2".
Has anyone else come across this issue and have any idea of a solution?
First of all, Azure Resource Group naming is not case sensitive. So I've no idea how you created two resource groups with the name Default-Web-NorthEurope and Default-Web-northeurope successfully. I suggest you double check the names in the portal.
Assume that the Default-Web-NorthEurope and Default-Web-northeurope are different groups and as you descriped Website1 is in Default-Web-NorthEurope, Website2 in Default-Web-northeurope, UI will definitely not show you the App Service Plan you created for "Websites1" when trying to change the plan for "Website2". Because both apps and plans are contained in a resource group. Apps can be moved between plans as long as the plans are in the same resource group and geographical region. In other words, when you want to change plans for app, the plans must be in the same resource group and geographical region.
Check azure-web-sites-web-hosting-plans-in-depth-overview for details.
After the new model was implemented, all of my websites now belong to individual Resource Groups called "Default-Web-East" and all of my SQL databases belong to individual Resource Groups called "Default-SQL-East".
This is confusing to say the least.
I would like to rename the groups to have some semantic meaning. I would also like to group the associated SQL database and Web Site in the same Resource Group.
However, I do not see anyway to do either. Is this possible?
1) Rename the Resource Group?
2) Combine an existing SQL DB and Website together into one Resource Group?
Edit: You can't rename an Azure Resource Group.
What you can do is move your resources to a new Resource Group instead. Moving all resources in Resource Group A to Resource Group B is the poor man's rename.
Unfortunately not all resource providers let you move resources between resource groups, and some that do might have strings attached that only let you move resources under certain conditions.
For Azure Web Apps (previously called Azure Websites) you can currently only move all the websites related resources in a single invocation. That "all websites related resources" means all resource under the provider "Microsoft.Web". This includes all websites, app hosting platforms, and certificates that are in the source resource group.
Via the portal
When viewing a group's resources, you can use the "Move" tab
Clicking the "Move" tab will show something this, allowing you to choose or create a new group:
Via Azure Powershell
The easiest way to do this is to use the Move-AzureRmResource powershell cmdlet.
The command would look like this:
Get-AzureRmResource -ResourceGroupName <sourceResourceGroupName> | Move-AzureRmResource -DestinationResourceGroupName <destResourceGroupName>
source: https://azure.microsoft.com/en-us/documentation/articles/resource-group-move-resources/
Via Rest API
The other way to do this is to use the MoveResource Rest API or with the ArmClient.
Here's the API call you'll want to make:
POST https://<endpoint>/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/moveResources?api-version={api-version}
Where {resourceGroupName} is the source resource group.
I'm pretty sure the endpoint should be "https://management.azure.com", but if you use the ArmClient the tool will just take care of the endpoint for you.
Request Body:
{
"targetResourceGroup": "/subscriptions/{subscriptionId}/resourceGroups/{targetResourceGroupNameName}",
"resources":
[
"/subscriptions/{id}/resourceGroups/{source}/providers/{namespace}/{type}/{name}",
"/subscriptions/{id}/resourceGroups/{source}/providers/{namespace}/{type}/{name}"
]
}
In addition to the main answer, Azure Portal has a feature of moving the Resources that is allowed to be moved to a new Resource group.
Go to your Resource Group that has Resources you want to move to an existing or a new created Resource Group.
Select the one, multiple or all (1) Resources you want to move and click on the Move (2) bottom as shown in image. (you can select moving to Resources with in the same subscription or to another subscription) A third option if you need just to change the Region) see the the figure at the end.
It will ask you to chose which Resource Group to move to.
Note: This process might take some time, be patient. When done, you
will see that the resource disappear from the old one and will be
found in the new one. That said some resources might be restricted
from been moved to other resources.
Move (Fixing) only region