I was recently trying to configure reverse dns for my mail server (which is hosted on Azure). But everytime I try this command:
Set-AzureService –ServiceName “MyVMName” -Description "VM with reverse dns" –ReverseDnsFqdn “myvmname.cloudapp.net."
It can't find the resource:
(Set-AzureService : ResourceNotFound: The hosted service does not
exist.)
And when I type in Get-AzureRmResource, I have all my resources, including my VM. So I don't understand, I really hope you guys can help me, because it's almost like I can't send mail without the reverse dns record.
From what I see, your Virtual Machine is created with Azure Resource Manager, while you try to set the reverse DNS entry using the Azure Service Management. This will not work.
Here is an article describing what is the difference between Azure Resource Manager and Azure Service Management and why that matters.
And here is an article on how to set Reverse DNS for your VM using Resource Manager.
AzureService will only show ASM (classic) service:
Set-AzureService
When you type:
Get-AzureRmResource
It will display all the ARM (resource manager). Therefore this will not work because you are looking at two different things.
Related
We have a release pipeline that is failing with following message:
resource ID for resource type 'Microsoft.Web/Sites' and resource name
'appservicename'. Error: Could not fetch access token for Managed
Service Principal. Please configure Managed Service Identity (MSI) for
virtual machine 'https://aka.ms/azure-msi-docs'. Status code: 400,
status message: Bad Request
We have 2 different service connections:
Azure Resource Manager using service principal authentication
Azure Resource Manager using managed identity authentication
The first one works like a charm. However, because the developer wanted to limit admin access on the Azure AD, he tried creating a managed identity authentication service connection which at first glance, since it allowed us to select the App Service, appeared to indicate it's working, until an actual deployment was triggered and it failed per the error message above.
After numerous searches online, I think this answer may be the clue to why this is failing with the managed identity authentication service connection yet succeeding with the service principal connection just fine.
I just want to confirm, is this truly the case? that a hosted agent doesn't support MSI based authentication, which is what we are using… or has that changed?
We are indeed using Microsoft agent pool.
It doesn't make sense for our app service to use a VM at this time. The use case just isn't applicable for the dashboards we have.
As it is written in the docs:
You are required to use a self-hosted agent on an Azure VM in order to use managed service identity
I assume that it was alway like that. Here we are talking abut MSI assigned to VM which serves as build agent. Not MSI which is identity of App Service. Why? Service Connection is an abstraction which makes easy authentication to your Azure Subscription. So it gives identity to VM and then when your perform some action against your Azure thanks to MSI Azure know that can perform that action. Another aption is authentication via Service Principal, but thi can be done from any VM (inlcuding MS Hosted) because it relies on Client Id and Client secret which is kept in service connections. And MSI have to be assigned to particular VM which cannot be done with MS Hosted agents.
I am able to create VM from a custom image using Azure resource management sdk for .net. Now, I want to download the RDP file for virtual machine programmatically. I have searched and able to find Rest API for azure 'Classic' deployments which contains an api call to download RDP file but i can't find the same in Rest API for 'ARM' deployment. Also, I can't find any such Method in .net sdk for azure.
Does there any way exist to achieve that? Please guide..
I don't know of a way to get the RDP file, but you can get all the information you need from the deployment itself. On the deployment, you can set outputs for the values you need like the publicIp dns. See this:
https://github.com/bmoore-msft/AzureRM-Samples/blob/master/VMCSEInstallFilePS/azuredeploy.json#L213-215
If your environment is more complex (load balancers, network security groups) you need to account for port numbers, etc.
The service I wish to upgrade is in a resource group and my user account is configured as an owner of that resource group. The user account is limited to only access the one resource group.
I can successfully update the cloud service using the new management portal by uploading a cspkg and a cscfg file.
I'm trying to automate this process using Azure Powershell.
This is what I've tried so far:
Set-AzureDeployment -Upgrade -ServiceName test-service -Configuration C:\temp\test-service.cscfg -Package "https://test-service.blob.core.windows.net/azurepowershelldeploy/test-package.cspkg" -Slot Production -Mode Auto -Label test-2015-07-28T00:33:04
ForbiddenError: The server failed to authenticate the request.
Verify that the certificate is valid and is associated with this subscription.
Having a look in fiddler, it's making a request to this endpoint, and getting back a 403 forbidden.
POST /xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/services/hostedservices/test-service/deploymentslots/Production/?comp=upgrade HTTP/1.1
I believe the ASM API's don't work properly with resource groups. Is there a method to update a cloud service using the new ARM API's?
You can deploy, update or delete all of the resources for your application in a single, coordinated operation using ARM.
You would redeploy your ARM template to an existing RG using:New-AzureResourceGroupDeployment
The New-AzureResourceGroupDeployment cmdlet adds a deployment to an existing resource group, including the resources that the deployment needs. This cmdlet is similar to the New-AzureResourceGroup cmdlet, but it works on existing resource groups, instead of new ones. To add a single resource to a resource group, use the New-AzureResource cmdlet.
A good walk through for your scenario (with a few changes) is at: Provision and deploy microservices predictably in Azure
This tutorial shows how to provision and deploy an application composed of microservices in Azure App Service as a single unit and in a predictable manner using JSON resource group templates and PowerShell scripting.
Instead of using an app service resource in the RG template, use the types of resources you'd need. Then call the above New-AzureResourceGroupDeployment cmdlet instead of New-AzureResourceGroup cmdlet.
I'm working with Virtual Machines on Windows Azure and according to the following link:
http://www.windowsazure.com/en-us/manage/windows/how-to-guides/connect-to-a-cloud-service/
it is possible to link various Virtual Machines to the same cloud service. The provided link clearly explains how to do it by means of the Windows Azure Management Portal. Nevertheless, in my case, I want to do the same using the REST API. Anyone knows how can it be done?
Thank you so much in advance,
Abel.
I believe you need to "add role" to add a new VM to an existing IaaS Cloud service: http://msdn.microsoft.com/en-us/library/windowsazure/jj157186.aspx
I am currently attempting to get a list of all of the Virtual Machines that I have running under a Windows Azure subscription programmatically. For this, I am attempting to use the Azure REST API (https://management.core.windows.net), and not use the power-shell cmdlets.
Using the cmdlets I can run 'Get-AzureVM' and get a listing of all of the VM's with ServiceName, Name, and Status without any modifications. The problem is that I cannot find anywhere in the documentation of how to list out the VMs via the API.
I have looked through the various Azure REST API's but have not been able to find anything. The documentation for VM REST API does not show or provide a list function.
Am I missing the fundamentals somewhere?
// Create the request.
// https://management.core.windows.net/<subscription-id>/services/hostedservices
requestUri = new Uri("https://management.core.windows.net/"
+ subscriptionId
+ "/services/"
+ operation);
This is what I am using for the base of the request. I can get a list of hosted services but not the Virtual Machines.
You would need to get a list all the Cloud Services (Hosted Services), and then the deployment properties for each. Look for the deployment in the Production environment/slot. Then check for a role type of "PersistentVMRole".
VMs are really just a type of Cloud Service, along with Web and Worker roles. The Windows Azure management portal and PowerShell cmdlets abstracts this away to make things a little easier to understand and view.
Follow these steps for listing VMs:
List HostedServices using the following ListHostedServices
For each service in from the above,
a)GetDeployment by Environment(production or staging).
OR
b) Get Deployment By Name.
In either case, get the value for Deployment.getRoleInstanceList().getRoleInstance().getInstanceName().
You can use Azure node SDK to list out all VMs in your subscription
computeClient.virtualMachines.listAll(function (err, result))
More details on Azure Node SDK here: https://github.com/Azure-Samples/compute-node-manage-vm