I can use the azure portal to add a web app to a virtual network for communications between various services hosted on it. However I have everything else in the environment scripted via Powershell and would like to automate the WebApp/VNET integration too.
I have read the following article so far:
https://azure.microsoft.com/en-gb/documentation/articles/web-sites-integrate-with-vnet/
However that is just how to do it via the portal. I am thinking that the Set-AzureRMWebApp cmdlet is the right thing to use, but i can't see any parameters that might help.
https://msdn.microsoft.com/en-us/library/mt652487.aspx
I had the same issue and couldn't find a way to do this using a PS modules. However functionality has now been added to azure CLI. So you can just involke this from a script.
az webapp vnet-integration add -g "resource group name" -n "app service name" --vnet "vnet name" --subnet "subnet name"
First you need an existing VNet with P2S configured as per my post at http://www.techdiction.com/2016/01/12/creating-a-point-to-site-vpn-connection-on-an-azure-resource-manager-virtual-network/
Then use the below PowerShell to connect the AppService to the VNet using P2S VPN:
$subscription_id = "<Subscription_ID>"
$NetworkName = "<Network_Name>"
$location = "<Region>"
$netrgname = "<Resource_Group_VNet_is_in>"
$AppServiceName = "<AppService_Name>"
$props = #{
"vnetResourceId" = "/subscriptions/$subscription_id/resourcegroups/$netrgname/providers/Microsoft.ClassicNetwork/virtualNetworks/$NetworkName";
"certThumbprint"= "<Client_cert_thumbprint>";
"certBlob"= "<Base64_Cert_Data>";
"routes" = $null;
}
New-AzureRMResource -ResourceName "$AppServiceName/$AppServiceName-to-$NetworkName" -Location $location -ResourceGroupName MarcusWebsites -ResourceType Microsoft.Web/sites/virtualNetworkConnections -PropertyObject $props -ApiVersion "2015-08-01" -force
You can configure custom routes if you require by modifying the routes property. Let me know how you get on and if it resolves the situation please mark this post as the answer.
Marcus
This is currently not supported, we have it on our to-do list, unfortunately I don't have an eta right now
Related
Few days ago I moved my service from Azure Cloud Services classic to Cloud Services extended support. The latest doesn't have Production/Staging slots. There is a new swap mechanism that is activated if during a deploy we configured the "swappable cloud service". I can do it using Visual Studio publish magic and it works fine.
Now I want to make a deploy using powershell script. The code below just creates a new deploy without activated swap. It works fine.
New-AzCloudService -Name $stagingName `
-ResourceGroupName $resourceGroupName `
-Location $location `
-ConfigurationFile $cscfgFilePath `
-DefinitionFile $csdefFilePath `
-PackageFile $cspkgFilePath `
-StorageAccount $storageAccount `
-KeyVaultName $keyVaultName
I didn't find any samples or clues of how to add the "swappable cloud service" to the New-AzCloudService. I figured out there is such settings in
NetworkProfile.SwappableCloudService.Id but I can't understand how to set it up properly. For example, if I add:
$production= Get-AzCloudService -ResourceGroup $resourceGroupName -CloudServiceName $productionName
$production.NetworkProfile.SwappableCloudService.Id = $production.Name # just to reuse the object
$loadBalancerConfig = CreateLoadBalancerConfig
$networkProfile = #{loadBalancerConfiguration = $loadBalancerConfig; swappableCloudService = $production.NetworkProfile.SwappableCloudService }
New-AzCloudService -Name $stagingName `
...
-NetworkProfile $networkProfile `
I got the error:
New-AzCloudService : Parameter set cannot be resolved using the specified named parameters
Is it possible to set the "swappable cloud service" for New-AzCloudService? How to do it?
Is it possible to set the "swappable cloud service" after the deploy (in any way, Azure portal, API, powershell, etc.)?
I suspect the issue relates to the -NetworkProfile not being supported when -ConfigurationFile, -DefinitionFile, and -PackageFile are used.
In the documentation, -NetworkProfile is used with -PackageUrl and -Configuration instead.
I've asked Microsoft about this as I am having the same issue.
Try $production.Id instead of $production.Name. Or $production.id (I am not sure if the case is important).
Facing a problem about VNET and Azure Web Apps I don't understand.
My issue
This is my setting:
Two web apps on the same service plan SP1 (SP1 (P1v2: 1)) and a VNET, VNET1:
Both subnets have Microsoft.Web/serverFarms delegation.
I want to add network config on my webapps webapps1 and webapps4.
I run this PowerShell script:
properties = #{
subnetResourceId = "/subscriptions/XXX/resourceGroups/RG1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/sub01"
}
$vNetParams = #{
ResourceName = "mywebapps1/VirtualNetwork"
Location = "West Europe"
ResourceGroupName = "RG1"
ResourceType = "Microsoft.Web/sites/networkConfig"
PropertyObject = $properties
}
$result = New-AzResource #vNetParams -Force
$properties = #{
subnetResourceId = "/subscriptions/XXX/resourceGroups/RG1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/sub02"
}
$vNetParams = #{
ResourceName = "mywebapps4/VirtualNetwork"
Location = "West Europe"
ResourceGroupName = "RG1"
ResourceType = "Microsoft.Web/sites/networkConfig"
PropertyObject = $properties
}
$result = New-AzResource #vNetParams -Force
First new-azresource works fine:
But the second one throw this error message:
New-AzResource : {"Code":"Conflict","Message":"Adding this VNET would
exceed the App Service Plan VNET limit of 1
What I did
I search for this error message. But found only one situation that did not help me or maybe I did not understand.
What I need
Understand what it means.
How I should do
Thank you
Regional virtual integration can use One virtual interface per worker means one regional virtual network integration per App Service plan. All the apps in the same App Service plan can only use the same virtual network integration to a specific subnet.
Gate-way required virtual network integration Enables an app to connect to only one virtual network at a time.
This can Enables up to five virtual networks to be integrated within an App Service plan.
Refer to this documentation for more information about different virtual network integrations and their limitations as well.
For more information you can refer to these similar threads:
https://social.msdn.microsoft.com/Forums/en-US/a8b51183-d94b-48c9-9b6c-e6a4dbec9919/vnet-integration-limit-of-1?forum=azureappconfiguration
As per my understanding you're getting desired output. Please note that you are using New-AzResource which basically creates resources instead you should use Set-AzResource command.
Suggestion
Use Set-AzResource instead of New-AzResource
Configure VNet Integration
$subnetResourceId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Network/virtualNetworks/$vNetName/subnets/$integrationSubnetName"
$webApp = Get-AzResource -ResourceType Microsoft.Web/sites -ResourceGroupName $resourceGroupName -ResourceName $siteName
$webApp.Properties.virtualNetworkSubnetId = $subnetResourceId
$webApp | Set-AzResource -Force
Regional VNet integration feature basically creates association or link between Microsoft.Network/VirtualNetwork and Microsoft.Web/Serverfarm resources using Rest API call.
In this scenario you're using New-AzResoruce which invoke REST API for creation of service association which is already existed hence its throwing error. If you try to do it from portal you shouldn't get that as portal validation takes care of type of REST API call.
We’re creating a VMSS and we use a custom DNS with extending AD from on-premises, but we are not sure how to register the VMs as the scale set scales out, in azure DNS we can create a private zone and use auto registration but not with our custom DNS.
• Considering that you have registered your custom DNS in Azure successfully, and now you want to replicate your on-premises infrastructure in Azure given the options of continuous availability and scalability, you are deploying VMSS (Virtual Machine Scale Set) for that purpose. Thus, to service your applications deployed on them and better security, I would suggest you deploy AADDS (Azure Active Directory Domain Services) in your tenant in Azure and synchronize the domain data from on-premises to the AADDS by extending it in here.
Hence, once the ADDS service and its roles are setup successfully using the custom DNS that you have setup in Azure, you should be able to Azure AD domain join the VMSS deployed. Thus, after domain joining the VMSS, its DNS records will be automatically managed by the AADDS role internally in your Azure AD tenant.
To enable domain joining for the VMSS successfully, you will have to add an extension like a normal VM through powershell as below. You will have to replace the ‘user, domain, ou path and password’ and it should work fine: -
$Settings = #{
"Name" = "yourdomain.onmicrosoft.com";
"User" = "DOMAIN\USERNAME";
"Restart" = "true";
"Options" = 3;
"OUPath" = "OU=TEST,OU=My Computers,DC=yourdomain,DC=onmicrosoft,DC=com"
}
$password = 'SomeReallyComplexPassword'
$ProtectedSettings = #{
"Password" = $password
}
$rgName = "yourgname"
$scaleSetName = "yourvmssname"
$vmss = Get-AzureRmVmss -ResourceGroupName $rgName -VMScaleSetName $scaleSetName
$vmss = Add-AzureRmVmssExtension -VirtualMachineScaleSet $vmss -Publisher "Microsoft.Compute" -Type "JsonADDomainExtension" -TypeHandlerVersion 1.3 -Name "vmssjoindomain" -Setting $Settings -ProtectedSetting $ProtectedSettings -AutoUpgradeMinorVersion $true
Update-AzureRmVmss -ResourceGroupName $rgName -Verbose -Name $scaleSetName -VirtualMachineScaleSet $vmss
After adding this extension, any existing servers deployed in the VMSS will have to upgrade their model to use this extension while the new ones will use it when they are deployed with it. You will need to execute the below powershell command to ensure that further extensions can be added to the VMSS: -
az vmss update-instances --resource-group yourrgname --name yourvmssname --instance-ids *
Thus, in this way, you can ensure that your VMs in the VMSS get registered with the custom DNS that you have setup in your Azure tenant.
I am running Powershell 5 and trying to manipulate my Azure WebApp object using Set-AzureRmWebApp (and NOT Set-AzureResource) to set the "Always On" property of the web app.
My basic code snippet starts with a running web app named "myWebApp", and looks like this:
$name = "myWebApp"
$resourceGroupName = "myResourceGroup"
$app_settings = #{"WEBSITE_LOAD_CERTIFICATES"="*";"CommonDatabase"="Common";"WEBSITE_NODE_DEFAULT_VERSION"="0.10.32"}
$result1 = Set-AzureRmWebApp -ResourceGroupName $resourceGroupName -AppSettings $app_settings -Name $name
$result2 = Set-AzureRmResource -ResourceGroupName $resourceGroupName -ResourceType Microsoft.Web/sites/config -ResourceName $this.name -PropertyObject $propertiesObject -ApiVersion 2015-08-01 -Force
The first Set-AzureRmWebApp statement works. It sets all the variables in $app_settings, and they become visible in the Azure Portal blade for myWebApp.
I tried using "Always On"= on as a property in $app_settings with Set-AzureRmWebApp, and it appeared in the App Settings sub-list in the properties of "myWebApp" on the Azure portal blade, but the actual property "Always On" in the general settings remained off.
I read on another site that using Set-AzureRmResource would work, so I tried it, but it failed.
What do I need to do in Powershell to set a property in the General Settings of my Azure WebApp, specifically "Always On"?
"Always On" is not supported if WebApp is in a free Service Plan tier. If the WebApp is in a free tier, please scale up the App Service Plan. Please refer to the document for more info about how to scale up the App Service Plan.Please have a try to use the solution that sharbag mentioned. It is worked for me and I also check the run result from the azure portal. Snipped code from the solution is as followings:
$ResourceGroupName = 'Your Group Name'
$WebAppName = 'Your WebApp Name'
$WebAppPropertiesObject = #{"siteConfig" = #{"AlwaysOn" = $true}}
$WebAppResourceType = 'microsoft.web/sites'
$webAppResource = Get-AzureRmResource -ResourceType $WebAppResourceType -ResourceGroupName $ResourceGroupName -ResourceName $WebAppName
$webAppResource | Set-AzureRmResource -PropertyObject $WebAppPropertiesObject -Force
If the WebApp in a free tier service plan, when we try to run the PowerShell command to enable "Always On" then we will get the following error message.
I have a cloud service that has two VMs in it. I'm trying to follow the steps listed in this article to reserve my cloud service's IP address.
Login-AzureRmAccount -TenantId <my tenant id>
Set-AzureRmContext -SubscriptionId <my subscription id>
New-AzureReservedIP -ReservedIPName myname -Location "Central US" -ServiceName mycloudservicename
I always get this error:
New-AzureReservedIP : ResourceNotFound: No deployments were found.
The VMs were created in the new portal but are classic mode. I'm not sure if that is somehow my problem. I've tried other combinations of cmdlets to add accounts or set subscription but nothing helps.
Any ideas?
I was fighting like 30 minutes with this. I'm not very sure why this was happening but I think was an error selecting the subscription. Last time it worked like this:
Close Azure Power Shell and Open it again.
Listed my subscriptions with: "Get-AzureSubscription" (Make sure you are logged in).
Now I can see the exact Subscription ID and use "Select-AzureSubscription -SubscriptionId XXXXXXXX"
After that the command worked.
New-AzureReservedIP -ReservedIPName "myname" -Location "South Central US" -ServiceName "myservice"
Hope it helps.
If your VMs were created in the new portal, you need to switch to the Resource Manager model, New-AzureReservedIP is only used for the classic portal services, so it prompted ResourceNotFound: No deployments were found error.
There is no AzureReservedIP in Azure RM cmdlets. In the new portal, the IP address is associated to network interface.If you want to set your VMip to be static,run the following command:
$nic=Get-AzureRmNetworkInterface -ResourceGroupName JohTest -Name johtestvm250
$nic.IpConfigurations[0].PrivateIpAllocationMethod="Static"
$nic.IpConfigurations[0].PrivateIpAddress = "10.2.0.4"
Set-AzureRmNetworkInterface -NetworkInterface $nic
If you dont know the networkinterface in your RG, run the command to see:
Get-AzureRmNetworkInterface -ResourceGroupName JohTest
More information here