Get-AzKeyVaultSecret -VaultName..... | Name or service not known - powershell

I have a pipeline in which i calling a power-shell script which copy the azure keyvault secrets from one key-vault to another keyvault.
Here's the powershell script:
$SecretNames = "api-gateway--jwt-public-key",
"authentication-service--jwt-private-key",
"user-management--pen-password",
"user-management--stripe-secret-key"
$sourceVaultName="fdevcuskv03"
$destVaultName="fdevcuskv04"
for (($i = 0); $i -lt $SecretNames.Count; $i++)
{
$sourceSecretName = "$($SecretNames[$i])"
$destSecretName = "$($SecretNames[$i])"
$Getvalue=(Get-AzKeyVaultSecret -VaultName $sourceVaultName -Name $sourceSecretName).SecretValue
Write-Host "Copying $sourceSecretName Value To $destSecretName"
Set-AzKeyVaultSecret -VaultName $destVaultName -Name $destSecretName `
-SecretValue $Getvalue
}
When I run the pipeline, I got this error but this works fine locally.
Here's the error:
Get-AzKeyVaultSecret: /home/vsts/work/1/s/Terraform/Terraform-Scripts/main.ps1:351
Line |
351 | … $Getvalue=(Get-AzKeyVaultSecret -VaultName $sourceVaultName -Name $s …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Name or service not known
I'm bit confused, what i'm doing wrong.


Along with checking that please check also if the case maybe dns resolution issue or invalid dns cache causing the error .
For that please try to give it sleep time and repeat the step.(Also check by dns flush )
Place check azure-powershell issues(github) comment by #placidseven ang set azure keyvault by first checking if dns Is resolved.
foreach(($i = 0); $i -lt $SecretNames.Count; $i++)
{
$sourceSecretName = "$($SecretNames[$i])"
$destSecretName = $sourceSecretName
$Getvalue=(Get-AzKeyVaultSecret -VaultName $sourceVaultName -Name $sourceSecretName).SecretValue
Write-Host "Copying $sourceSecretName Value To $destSecretName"
setSecret
function setSecret{
while (!$secret) {
$DnsCheck = Resolve-DnsName $VaultURI -ErrorAction SilentlyContinue
if (!$DnsCheck) {
write-host "Resolve-DnsName taking time to resolve $vaultName. Keep trying!"
Start-Sleep -Seconds 30
Set-AzKeyVaultSecret -VaultName $destVaultName -Name $destSecretName `
-SecretValue $Getvalue -ErrorAction SilentlyContinue
}
}
$secret = Set-AzKeyVaultSecret -VaultName $destVaultName -Name $destSecretName `
-SecretValue $Getvalue -ErrorAction SilentlyContinue
setSecret
}
}
Reference: Set-AzureKeyVaultSecret does not recognize vaultName · GitHub

Related

Invalid reference in Terraform using Powershell

Getting an error on my Terraform deployment for the following. I think it's because it's using a mixture of Terraform variables and Powershell I may have confused myself on the syntax.
Here is the Code:
data "template_file" "ad-join-template" {
template = <<EOF
<powershell>
# Set-DefaultAWSRegion -Region eu-west-2
# Set-Variable -name instance_id -value (Invoke-Restmethod -uri http://169.254.169.254/latest/meta-data/instance-id)
# # New-SSMAssociation -target key=InstanceIds,Values=$instance_id -Name "${aws_ssm_document.ad-join-domain.name}"
# New-SSMAssociation `
# -Name ad-join-domain `
# -Target #{
# "Key"="InstanceIds"
# "Values"="$($instance_id)"
# }
$apiurl = "${var.API}"
$tajdns = #("${taj_dns_server[0]}","[${taj_dns_server[1]}")
$count = 0
foreach ($dns in $tajdns){
$returnedRecords = (Resolve-DnsName -Name $apiurl -Server $dns).IPAddress
New-Variable -Name "dnsRecords$count" -Value $returnedRecords -Force
$count++
}
$allDNSrecords += $dnsRecords0
$allDNSrecords += $dnsRecords1
$allDNSrecords = $allDNSrecords | Select-Object -Unique
Add-Content C:\windows\system32\drivers\etc\hosts "`n***.**.*.* ssm.eu-west-2.amazonaws.com `
`n***.**.*.* ssm.eu-west-2.amazonaws.com `
`n***.**.*.* ssm.eu-west-2.amazonaws.com `
`n***.**.*.* ssmmessages.eu-west-2.amazonaws.com `
`n***.**.*.* ssmmessages.eu-west-2.amazonaws.com `
`n***.**.*.* ssmmessages.eu-west-2.amazonaws.com `
`n$allDNSrecords[0] ${var.API}`
`n$allDNSrecords[1] ${var.API}"
$nicDetails = Get-NetAdapter
Set-DnsClientServerAddress -InterfaceIndex $nicDetails.ifIndex -ServerAddresses (${local.concat_dns_servers_join})
$domain = "${aws_directory_service_directory.ad.name}"
$password = "${aws_directory_service_directory.ad.password}" | ConvertTo-SecureString -asPlainText -Force
$username = "admin#$($domain)"
$credential = New-Object System.Management.Automation.PSCredential($username,$password)
Add-Computer -DomainName $domain -Credential $credential
Restart-Computer -Force
</powershell>
EOF
}
In the [${taj_dns_server[0]}]" this is pulling a Terraform variable out of list and populating it in to the script. Can you see if my syntax is correct?
Here is the Error:
│ Error: Invalid reference
136│
137│ on asg.tf line 19, in data "template_file" "ad-join-template":
138│ 19: $tajdns = #("[${taj_dns_server[0]}]","[${taj_dns_server[1]}]")
139│
140│ A reference to a resource type must be followed by at least one attribute
141│ access, specifying the resource name.
142╵
143╷
144│ Error: Invalid reference
145│
146│ on asg.tf line 19, in data "template_file" "ad-join-template":
147│ 19: $tajdns = #("[${taj_dns_server[0]}]","[${taj_dns_server[1]}]")
148│
149│ A reference to a resource type must be followed by at least one attribute
150│ access, specifying the resource name.
151╵

Creating AutoShutdown Policy with Azure VM with Powershell

I am trying to create an auto shutdown policy with Powershell for my Azure VM, but keep running into this error:
New-AzureRmResource : MissingRequiredProperty : Missing required property TargetResourceId.
At C:\Users\home\Documents\CreateAzureVM.ps1:167 char:1
+ New-AzureRmResource -Location $Loc -ResourceId $ScheduledShutdownReso ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureRmResource], ErrorResponseMessageException
+ FullyQualifiedErrorId : MissingRequiredProperty,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceCmdlet
I am at a lost on how to fix this error, this is my script piece so far:
$SubscriptionId = $AzContext.Context.Subscription.Id;
$VMResourceId = (Get-AzureRmVM).id
$ScheduledShutdownResourceId = "/subscriptions/$SubscriptionId/resourceGroups/$RSGName/providers/microsoft.devtestlab/schedules/shutdown-computevm-$VMName"
$Properties = #{}
$Properties.Add('status', 'Enabled')
$Properties.Add('taskType', 'ComputeVmShutdownTask')
$Properties.Add('dailyRecurrence', #{'time'= 1159})
$Properties.Add('timeZoneId', "Eastern Standard Time")
$Properties.Add('notificationSettings', #{status='Disabled'; timeInMinutes=15})
$Properties.Add('targetResourceId', $VMResourceId)
#Error
New-AzureRmResource -Location $Loc -ResourceId $ScheduledShutdownResourceId -Properties $Properties -Force

The cause:
This script $VMResourceId = (Get-AzureRmVM).id is not for a specific VM. You should get a specific VM.
Try to use following Powershell scripts:
$SubscriptionId = $AzContext.Context.Subscription.Id
$VM = Get-AzureRmVM -ResourceGroupName $RGName -Name VMName
$VMResourceId = $VM.Id
$ScheduledShutdownResourceId = "/subscriptions/$SubscriptionId/resourceGroups/wayneVMRG/providers/microsoft.devtestlab/schedules/shutdown-computevm-$VMName"
$Properties = #{}
$Properties.Add('status', 'Enabled')
$Properties.Add('taskType', 'ComputeVmShutdownTask')
$Properties.Add('dailyRecurrence', #{'time'= 1159})
$Properties.Add('timeZoneId', "Eastern Standard Time")
$Properties.Add('notificationSettings', #{status='Disabled'; timeInMinutes=15})
$Properties.Add('targetResourceId', $VMResourceId)
#Error
New-AzureRmResource -Location eastus -ResourceId $ScheduledShutdownResourceId -Properties $Properties -Force
Here is the result:

here a loop to read the current configured value for Auto-shutdown of AZ vms (can easy add update/change/set based on Wayne Yang example above)
Example will loop thru many subscription.
:
###################
##:List all subs which are enabled
#$AllSubID = (Get-AzureRmSubscription | Where {$_.State -eq "enabled"}).SubscriptionId
### above might not work depends on account, just get all below.
$AllSubID = (Get-AzureRmSubscription).SubscriptionId
Write-Output "$(Get-Date -format s) :: List of Subscription below"
$AllSubID
$AllVMList = #()
Foreach ($SubID in $AllSubID) {
Select-AzureRmSubscription -Subscriptionid "$SubID"
##list all VMs
$VMs = Get-AzureRmVM
Foreach ($VM in $VMs) {
$VM = New-Object psobject -Property #{`
"Subscriptionid" = $SubID;
"ResourceGroupName" = $VM.ResourceGroupName;
"VMName" = $VM.Name}
$AllVMList += $VM | select Subscriptionid,ResourceGroupName,VMName
}
}
$AllVMList
## Get AutoShutdown info
Foreach ($VM in $AllVMList) {
Write-Output "$(Get-Date -format s) :: VM: $($VM.VMName) :: $($VM.ResourceGroupName) :: $($VM.Subscriptionid)"
$ScheduledShutdownResourceId = "/subscriptions/$($VM.Subscriptionid)/resourceGroups/$($VM.ResourceGroupName)/providers/microsoft.devtestlab/schedules/shutdown-computevm-$($VM.VMName)"
## Write-Output "$ScheduledShutdownResourceId"
$VMShutdownInfo = get-AzureRmResource -ResourceId $ScheduledShutdownResourceId
Write-Output "$(Get-Date -format s) :: VM: $($VM.VMName) :: status: $($VMShutdownInfo.properties.status) ; taskType: $($VMShutdownInfo.properties.taskType) ; timeZoneId: $($VMShutdownInfo.properties.timeZoneId) ; dailyRecurrence: $($VMShutdownInfo.properties.dailyRecurrence) ; "
}
###Done

Clears Tags in Set-AzureRmTag using Automation Account

I'm tying to change a value on a tag, using an automation script. The users will have a startup script, which will change the shutdown tag key from true to false.
When I set the tags individually using the script below it sets the tag value to false. The current setting is true.
When I use the automation script it wipes all the tags, however If I specify the vm in the script the automaton account works and changes the key value from false to true.
I can't see what I'm missing. This is from a webhook and is running as a powershell script, not a workflow.
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[object]$WebhookData
)
Write-Output "------------------------------------------------"
Write-Output "`nConnecting to Azure Automation"
$Connection = Get-AutomationConnection -Name AzureRunAsConnection
Add-AzureRMAccount -ServicePrincipal -Tenant $Connection.TenantID `
-ApplicationId $Connection.ApplicationID -CertificateThumbprint $Connection.CertificateThumbprint
$RunbookVersion = "0.0.17"
$timeStartUTC = (Get-Date).ToUniversalTime()
Write-Output "Workflow started: Runbook Version is $RunbookVersion"
Write-Output "System time is: $(Get-Date)"
Write-Output "`nGetting tagged resources"
Write-Output "------------------------------------------------"
$ResourceGroupFilter = ""
$SupportedEnvironments = "DEV, Test, PREProd, Prod"
$isWebhookDataNull = $WebhookData -eq $null
Write-Output "Is webhook data null ? : $($isWebhookDataNull)"
# If runbook was called from Webhook, WebhookData will not be null.
If ($WebhookData -ne $null) {
# Collect properties of WebhookData
$WebhookName = $WebhookData.WebhookName
$WebhookHeaders = $WebhookData.RequestHeader
$WebhookBody = $WebhookData.RequestBody
$body = $WebhookBody | ConvertFrom-Json
$UserEmail = $body.user.email
Write-Output "Runbook started from webhook '$WebhookName' by '$($body.user.email)' for environment '$($body.environment)'"
Write-Output "Message body: " $WebhookBody
}
else {
Write-Error "Runbook mean to be started only from webhook."
}
If ($body.environment.ToUpper() -eq 'DEV') {
$ResourceGroupFilter = 'The-DEV-RG'
}
if ($ResourceGroupFilter -eq "") {
Exit 1
}
if($VMRG -eq ''){
Write-Output "No resource groups matched for selected environment. Webhook cant progress further, exiting.."
Write-Error "No resource groups matched for selected environment. Webhook cant progress further, exiting.."
Exit 1
}
$rgs = Get-AzureRmResourceGroup | Where-Object {$_.ResourceGroupName -like "*$rg*"}
foreach ($rg in $rgs)
{
$vms = Get-AzureRmVm -ResourceGroupName $rg.ResourceGroupName
$vms.ForEach({
$tags = $_.Tags
$tags['ShutdownSchedule_AllowStop'] = "$False";
Set-AzureRmResource -ResourceId $_.Id -Tag $tags -Force -Verbose
})
}
ForEach ($vm in $vms) {
Start-AzureRmVM -Name $vm.Name -ResourceGroupName $vm.ResourceGroupName -Verbose
}
Thanks in advance :)

The root reason is your local Azure Power Shell is latest version, but in Azure automation account, it is not latest version. I test in my lab, older version does not support this.
You need upgrade Azure Power Shell version. More information about this please see this answer.

Powershell script while writing to AWS Cloudwatch throws error - Write-CWMetricData :

We are using Microsoft HPC (High performance computing). When a job is running, I want to see various HPC metrics and publish them onto AWS Cloudwatch. Below is the script that was on AWS site. Entire script runs fine but the last line which tries to write to Cloudwatch fails.
Did anyone get this error?
Write-CWMetricData : A WebException with status NameResolutionFailure was thrown.
At D:\temp\HPCMetricstest.ps1:81 char:1
+ Write-CWMetricData -Namespace "HPC Cluster Metrics" -MetricData $m1,
$m2, $m3, $ ...
+ CategoryInfo : InvalidOperation:
(Amazon.PowerShe...etricDataCmdlet:WriteCWMetricDataCmdlet) [Write-CWM
etricData], InvalidOperationException
+ FullyQualifiedErrorId :mazon.Runtime.AmazonServiceException,Amazon.PowerShell.Cmdlets.CW.WriteCWMetricDataCmdl
et
#
# This PowerShell script computes metrics on the head node of an HPC
Pack cluster and publishes them to Amazon CloudWatch
#
# It must be called with the current region and stack name
# Properties of HPC Nod: NetBiosName, HealthState, State, Groups
[CmdletBinding()]
param(
[Parameter(Mandatory=$True,Position=1)]
[string]$Region,
[Parameter(Mandatory=$True,Position=2)]
[string]$Stack
)
Add-PSSnapIn Microsoft.HPC
Import-Module AWSPowerShell
$jobs = (Get-HpcJob -State Queued, Running -ErrorAction SilentlyContinue)
$tasks = ($jobs | Get-HpcTask -State Running, Queued -ErrorAction SilentlyContinue)
$nodes = (Get-HpcNode -GroupName ComputeNodes -State Online)
$jobCount = $jobs.Count
$taskCount = $task.Count
$coreHours = ($tasks | % { $_.Runtime.TotalHours * $_.MinCores } |
Measure-Object -Sum | Select-Object -ExpandProperty Sum)
$nodeCount = $nodes.Count
$coresPerMachine = ($nodes | Measure-Object -Property SubscribedCores -Average | Select-Object -ExpandProperty Average)
Write-Host "Cores per machine basam " $coresPerMachine
$machineHours = [System.Math]::Ceiling($coreHours / $coresPerMachine)
$globalHours = [System.Math]::Ceiling($machineHours / $nodeCount)
Function CreateMetric
{
param([string]$Name, [string]$Unit="Count", [string]$Value="0",
[string]$StackId, [System.DateTime]$When = (Get-
Date).ToUniversalTime())
$dim = New-Object Amazon.CloudWatch.Model.Dimension
$dim.Name = "StackId"
$dim.Value = $StackId
$dat = New-Object Amazon.CloudWatch.Model.MetricDatum
$dat.Timestamp = $When
$dat.MetricName = $Name
$dat.Unit = $Unit
$dat.Value = $Value
#Write-Host $dat.MetricName $dat.Value $dat.Unit $dat.Timestamp
$dat.Dimensions = New-Object -TypeName System.Collections.Generic.List[Amazon.CloudWatch.Model.Dimension]
$dat.Dimensions.Add($dim)
$dat
}
$now = (Get-Date).ToUniversalTime()
$m1 = (CreateMetric -Name "Job Count" -Value "$jobCount" -StackId
$Stack -When $now)
$m2 = (CreateMetric -Name "Task Count" -Value "$taskCount" -StackId
$Stack -When $now)
$m3 = (CreateMetric -Name "Core Hours" -Value "$coreHours" -StackId
$Stack -When $now)
$m4 = (CreateMetric -Name "Node Count" -Value "$nodeCount" -StackId
$Stack -When $now)
$m5 = (CreateMetric -Name "Cores Per Machine" -Value
"$coresPerMachine" -StackId $Stack -When $now)
$m6 = (CreateMetric -Name "Machine Hours" -Value "$machineHours" -
StackId $Stack -When $now)
$m7 = (CreateMetric -Name "Global Hours" -Value "$globalHours" -
StackId $Stack -When $now)
#Next line I am getting issue
Write-CWMetricData -Namespace "HPC Cluster Metrics" -MetricData
$m1, $m2, $m3, $m4, $m5, $m6, $m7 -Region $Region

In the AWS Tools for PowerShell, "A WebException with status NameResolutionFailure was thrown." often means that you've specified the region incorrectly. This is because the region is used to resolve DNS for the backing web service you're trying to hit, in this case the CloudWatch service for your given region.
See the documentation for a list of valid regions, or comment here with the region you attempted to use and we can help you pick the right one.
Further Reading
AWS PowerShell Documentation - Specifying AWS Regions

Creating snapshot of VM in Azure

Having followed this article(http://www.coreazure.com/snapshot-vms-in-azure-2/) I am trying to create a snapshot of VM using powershell(PS) from Azure portal. This is the PS script which I have created to take a snapshot
workflow snapshot1
{
$subName = 'XYZ'
$cred = Get-AutomationPSCredential -Name "xyz#xyzgmail.onmicrosoft.com"
Add-AzureAccount -Credential $cred
Set-AzureSubscription -SubscriptionName $subName -CurrentStorageAccount 'storagename'
$serviceName = "a1smallvm"
$vm = Get-AzureVM –ServiceName $serviceName –Name "a1smallvm"
$storageContainer = "backups"
InlineScript {
# Create a storage for putting the backups of OSDisk & DataDisks
New-AzureStorageContainer -Name $Using:storageContainer -Permission off
# Stop VM if running
$Using:vm | Stop-AzureVM -StayProvisioned
$vm = Get-AzureVM –ServiceName $Using:serviceName –Name "a1smallvm"
$vmOSDisk = $vm | Get-AzureOSDisk
$vmDataDisks = $vm | Get-AzureDataDisk
Write-output "OSDisk: $vmOSDisk"
$storageAccountName = $vmOSDisk.MediaLink.Host.Split(‘.’)[0]
Write-output "Data Disk: $vmDataDisks"
Write-output "StorageAccountName: $storageAccountName"
$vmOSBlobName = $vmOSDisk.MediaLink.Segments[-1]
$vmOSContainerName = $vmOSDisk.MediaLink.Segments[-1].Split(‘/’)[0]
Write-output "vmOSBlobName: $vmOSBlobName"
Write-output "vmOSContainerName: $vmOSContainerName"
# Backup the osblob and oscontainer
Start-AzureStorageBlobCopy -SrcContainer $vmOSContainerName -SrcBlob $vmOSBlobName -DestContainer $Using:storageContainer
Get-AzureStorageBlobCopyState -Container $Using:storageContainer -Blob $vmOSBlobName -WaitForComplete
# Backup the dataBlob and dataContainer
ForEach ($vmDataDisk in $vmDataDisks) {
$vmDataBlobName = $vmDataDisk.MediaLink.Segments[-1]
$vmDataContainerName = $vmDataDisk.MediaLink.Segments[-2].Split(‘/’)[0]
Start-AzureStorageBlobCopy -SrcContainer $vmDataContainerName -SrcBlob $vmDataBlobName -DestContainer backups -Force
Get-AzureStorageBlobCopyState -Container backups -Blob $vmDataBlobName -WaitForComplete
}
}
}
The cmdlet
Start-AzureStorageBlobCopy -SrcContainer $vmOSContainerName -SrcBlob $vmOSBlobName -DestContainer $Using:storageContainer
throws an error:
Error: Start-AzureStorageBlobCopy : Container name 'a1smallvm-a1smallvm-2015-08-11.vhd' is invalid. Valid names start and end with a lower case letter or a number and has in between a lower case letter, number or dash with no consecutive dashes and is 3 through 63 characters long.
The container name 'a1smallvm-a1smallvm-2015-08-11.vhd' which I am getting follows the correct naming format but still why it's giving an error saying the name is invalid.
The VM was created from the portal, it's an A1 type of VM, OS is CentOS "OpenLogic 6.5".
Any clue what's wrong?
The following are the outputs from Write-output's
OSDisk: Microsoft.WindowsAzure.Commands.ServiceManagement.Model.OSVirtualHardDisk
Data Disk:
StorageAccountName: portalvhds14510n2y65vnh
vmOSBlobName: a1smallvm-a1smallvm-2015-08-11.vhd
vmOSContainerName: a1smallvm-a1smallvm-2015-08-11.vhd
Correct script:
The storage account name has to be same or we will have to add the context of destination storage account.
$storageAccountName = $vmOSDisk.MediaLink.Host.Split(‘.’)[0]
Set-AzureSubscription -SubscriptionName $subName -CurrentStorageAccount '$storagenameAccountName'
And index for Segments should be -2 not -1
$vmOSContainerName = $vmOSDisk.MediaLink.Segments[-2].Split(‘/’)[0]

I'm no PowerShell expert (and I am sure there are better ways of doing it) but you could do the following:
$vmOSContainerName = $vmOSDisk.MediaLink.AbsolutePath.Split('/')[1]
This will output vhds which is the name of your blob container.