Saturday, January 25, 2020

Cheat Sheet for ARM Templates in Azure


Cheat Sheet for ARM Templates in Azure

In the recent time I’ve been working on ARM templates and each time I need to automate some stuff or provision some resources. So decided to create a cheat sheet for such purpose rather than jumping each time for Microsoft document.
 This blog post serves as a little cheat sheet for common ARM deployment stuff.
ARM Templates Parameters
Parameters are passed as an input to your ARM template. In general we take an inputs from customer or user as well.
This is most frequent technique we use while create arm template.

"parameters":{
       "actionGroupName":{
          "type":"string",
           "defaultValue":"hm-incident-create",
          "metadata":{
             "description":"Unique name (within the Resource Group) for the Action group."
          }
       },      
       "logicAppName":{
          "type":"string",
          "defaultValue":"hm-alert-splunk",
          "metadata":{
             "description":"Logic app name."
          }
      
       }
    }
Variables
There are various name of resource that  are often used more than once in the ARM template. For that purpose we should create variables . Variables can be used in scope of entire template.  Some examples:
"variables": {
"pingTestName": "[concat('Test-','toLower(parameters('appServiceName')))]"

 "WorkspaceId": "[concat('workspaceId-', toLower(parameters('appName')))]"
 "storageAccountName": "[concat('dotnet', parameters('storageName'), 'storage')]"

Complex objects with parameters
Many times we are not only dependent string , int and bool parameters .Though we have an option to create a complex object and can be use with simple syntax. I’ll be mentioning how to write that with in arm templates
To achieve this, I use nested variables that declare that in such way.
{
   "dotnetpiperspoke":{
      "type":"object",
      "defaultValue":{
         "vnet":{
            "name":"Spoke",
            "addressPrefixes":[
               "10.0.0.0/16"
            ]
         }
      },
      "metadata":{
         "description":"This is an example of using object type in ARM templates"
      }
   }
}

How to access these within template is show here:

{
   "resources":[
      {
         "name":"[parameters('spoke').vnet.name]",
         "type":"Microsoft.Network/virtualNetworks",
         "apiVersion":"2017-10-01",
         "location":"[resourceGroup().location]",
         "properties":{
            "addressSpace":{
               "addressPrefixes":"[parameters(dotnetpiperspoke).vnet.addressPrefixes]"
            }
         }
      }
   ]
}
ARM Template Resource Functions
There are many ARM template functions available, of which the resource functions are quite powerful and often required.  Here you can find some functions I often use.  They can serve as a starting point to be used in other scenarios.

·        Get the location of the resource group you’re deploying to
[resourceGroup().location]

·        Get the subscription id
[subscription().subscriptionId] or "[subscription().id]"

NOTE: Many times while deploying templates I use "[subscription().id]" and it works as anticipated
·        Get the tenant id
[subscription().tenantId]

·        Get the vault URI of a just created KeyVault instance
[reference(resourceId('Microsoft.KeyVault/vaults/', variables('keyVaultName'))).vaultUri]
ResourceId  function

"resourceId":"[resourceId('Microsoft.Logic/workflows', parameters('logicAppName'))]",                 
"callbackUrl": [listCallbackUrl(resourceId(parameters('logicAppRG'),'Microsoft.Logic/workflows/triggers',  parameters('logicAppName'), 'manual'), '2016-06-01').value]"

  • Get the access key of a just created Storage account
[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]
Conditional deployments
Another requirement is having conditions within your deployment.  For example, you only want to validate array length must be greater than 0 Or you want to add resource locks on certain condition like bool is true or not.
One way to achieve this, is by adding a condition to your Azure resource.  These conditions can use a comparison function.  This is demonstrated in the next sample:

{
   "resources":[
      {
        "name":"[concat(variables('storageAccountName'), ‘Microsoft.Authorization/CriticalStorageLock')]",
         "type":"Microsoft.Storage/storageAccounts/providers/locks",
         "apiVersion":"2015-01-01",
    "condition": "[greater(length(variables('productsJArray')), 0)]",
         "dependsOn":[
            "[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]"
         ],
         "properties":{
            "level":"CannotDelete",
            "notes":"Prevent accidental deletion of the storage account."
         }
      }
   ]
}

I believe an above shared cheat sheet concepts would help you while deploying  ARM templates.


Thursday, January 23, 2020


Restore Virtual Machines using Recovery Service Vault (AZ-103)

Azure Recovery Service Vault



After taking backup of virtual machine its time to restore this from existing restore point.

Restore point : Restore point  backup means a recovery point has all required data to restore the backup copy. Azure Backup has a limit of 9999 recovery points per protected instance.
Restore point states about the various backup point taken in past so that virtual machine or file recovery could be done.
Go to Recovery Service vault - > backup Items -> choose the virtual machine from there to restore -> click on the Restore VM
Kindly follow the below screenshot for reference mutil-step.jpg



Restore VM 🔺









 Click on the backup , it open a following window with the following information.
1.       Choose backup policy : Backup policy specifies frequency and time at which vm  will be backed up   and for how long it will be retained .You can create new policy or use default policy. In my case I     have opted default policy
2.       Backup Frequency: Daily at  11:00 PM UTC.
3.       Instant restore : Retain instant recovery snapshot for 2 days.
4.       Retention Range: Retain backup taken every day at 11:00 PM for 30 Day(s).

You can also refer an image backup-policy.jpg  shown below and click on ok .

Backup Policy


Once you click on Ok with default policy it takes you to next level to take items to backup. You should be able to see the list of Virtual  machines which exist in same region as service vault to take backup further. 

As soon as you click on ok, it starts taking backup generally it takes few mins to take backup of virtual machine and after successful deployment it updates the table in backup items in Service recovery vault as shown in image backup-items.jpg

Backup management type
Backup Items


Click on Azure virtual machine , It opens a new screen and shows a last backup status  with pending You have to click again on the Virtual machine record to take backup right now.



Image : backup-now.jpg
An given below image is self explanatory like backup pre-check as passed however  with initial status pending. Click on backup and provide the date till you want to keep backup

Backup Now


After successful backup  of virtual machine it shows and update last backup status as successful. It also states you about consistency level while taking backup
In general these are described as follows

Application Consistency : This is one of the potential and consistent if you have Microsoft workload and it also ensures following parameters

1 . No data loss
2. No Corruption
3. Ensure VM boots
4. The data is consistent to the application that uses the data, by involving the application at the time of backup--using VSS.

Crash consistency: This  snapshots generally occurs when VM shuts down while taking backup  and only keeps the data that already exists on the disk at the time of backup is captured and backup.

For more details you can take a look of these links



 Refer following screenshot for reference last-backup-status.jpg
 
last-backup-status.jpg

Yes, You are done. Virtual machine should have restored.
#Azure #AzureBackup #AzureRecoveryServiceVaulr












Saturday, January 18, 2020

             Alert scope is invalid in WebTests under Azure AppService availability  



Hi Folks,

While  working on Azure ARM for WebTests in AppInsights i confronted an error states "Alert scope is invalid"

Use Case: I created ARM template to deploy WebTests for verify an availability of a AppService.
Special thing is ARM also contains inner template for Alert .
When i push through Deployment centre in Azure portal or through powershell i received below error.

New-AzureRmResourceGroupDeployment : 13:26:47 - Resource microsoft.insights/metricalerts 'xxx' failed with message '{
  "Code": "BadRequest",
  "Message": "Alert scope is invalid."
}'

After struggling a lot i found a solution here ,You just require add  componentId,failedLocationCount and webTestId.


 "criteria":{
                     "odata.type":"Microsoft.Azure.Monitor.WebtestLocationAvailabilityCriteria",
                     "componentId":"[resourceId('microsoft.insights/components'variables('applicationInsightName'))]",
                     "failedLocationCount":2,
                     "webTestId":"[resourceId('microsoft.insights/webtests'variables('appAvailability'))]"
                  }

As soon as you add an above content you should be able to resolve an error.


Happy Coding,

#Azure #ARMTemplate #AzureAlerts



Friday, January 17, 2020



How to Take backup of Virtual Machines using Recovery Service Vault in Azure - AZ-103


What is Azure Backup Recovery Services in Azure - AZ-103


Wednesday, January 1, 2020

Virtual Machine Scale Set

Understand Virtual Machine Scale Set

There are some key points which should remember while you work on VM Scale Set. Few of them are listed below and i believe that will be essential to remember of consider AZ-103 certification in mind.

1.All the virtual machine behind the VM Scale Set loadbalancer doesn't have network interface card
attached to them so this is the reason they don't have Public  IP address.
2. IN case of virtual machine you have to decide which virtual machine you want to provision and delete though in case of VMSS it manages by its own.
It means it creates automatically and deleted automatically.

NOTE: Each time when you provision a new VM under VM scale set it allocates a new instanceId to each virtual machine. for e.g.
There are 3 virtual machines VM1 ,VM2 and VM 3 than it may have instanceId like ID1,ID2 and
ID3 respectively. Now if any virtual machine deletes in VMSS than the last provisioned instance will be deleted first , in our example its VM3.