I was surprised to find out that Azure enforces a slient TCP connection timeout, which is by default set to 4 mintues. I need to change this, as we're running long-running TCP connections and no communication should be sent to conserve power on embedded devices.
There are a couple of guides online (https://azure.microsoft.com/en-us/blog/new-configurable-idle-timeout-for-azure-load-balancer/), but they all cover cases where the VMs are provisioned using the Service manager (Classic). So changing this in Classic is not an issue, but we're already running the VMs provisioned via the Resource Manager.
After running:
Switch-AzureMode AzureResourceManager
Get-AzureVM -Name "MyVM" -ResourceGroup "MyGroup" | Get-AzurePublicIpAddress
I get the configuration printout for the IP, with IdleTimeoutInMinutes set at default 4.
Changing this using:
Get-AzureVM -Name "MyVM" -ResourceGroup "MyGroup" | Get-AzurePublicIpAddress | Set-AzurePublicIpAddress -IdleTimeoutInMinutes 29
fails with: A parameter cannot be found that matches parameter name `IdleTimeoutInMinutes`.
A guide or suggestion how to go forward will be appreciated. Should I remove the IP and create a new one? There surely is a better way.
Try this for the 1.x cmdlets:
$p = Get-AzureRmPublicIpAddress -Name MyIP -ResourceGroupName MyGroup
$p.IdleTimeoutInMinutes = 29
Set-AzureRmPublicIpAddress -PublicIpAddress $p
Or if you're on the older 0.9.x cmdlets:
Switch-AzureMode
$p = Get-AzurePublicIpAddress -Name MyIP -ResourceGroupName MyGroup
$p.IdleTimeoutInMinutes = 29
Set-AzurePublicIpAddress -PublicIpAddress $p
Related
What do you all recommend using as a replacement for dnsmasq on Windows on AppVeyor? Do you have any installation instructions for a replacement or an example job I can look at?
I believe it is pretty easy to script installation (using Install-WindowsFeature) and configuration of standard MS DNS and DHCP on Appveyor VM and configure them with PowerShell.
Here are useful PowerShell commands:
https://technet.microsoft.com/en-us/library/jj590751(v=wps.630).aspx
https://technet.microsoft.com/en-us/library/jj649850.aspx
Here is sample install section for Appveyor.yml:
install:
- ps: |
Install-WindowsFeature -Name DNS -IncludeManagementTools -WarningAction SilentlyContinue
Install-WindowsFeature -Name DHCP -IncludeManagementTools -WarningAction SilentlyContinue
Add-DnsServerPrimaryZone -Name foo.bar -ZoneFile foo.bar.dns
Add-DhcpServerv4Scope -Name TestScope -StartRange 192.168.1.100 -EndRange 192.168.1.110 -SubnetMask 255.255.255.0
$ip = (Get-NetIPAddress -AddressFamily IPv4 | Where-Object {$_.InterfaceAlias -like '*ethernet*'}).IPAddress
Set-DHCPServerv4OptionValue -DnsDomain foo.bar -DnsServer $ip
However, I am not sure I fully understand the scenario. What machines are going to be clients of those services? Appveyor build is being executed on the single VM, which is behind the NAT and it is not accessible from public Internet. Or it will be some pieces of your software who will connect to local machine’s DNS/DHCP server, acquire private IP and register some name?
Also please note that you can configure hosts file, which may be simpler solution for your problem.
Thank you,
Ilya.
Anyone installed either Microsoft Malware Protection or Symmantec End Point Protection on the Service Fabric VM's. The Azure Security Center says it's possible, but I haven't been able to get it to work.
When you create the cluster, there is no extension option to add malware protection (that I could find). After you create the cluster, when you RDP into the servers, PowerShell Get-AzureRmVm can't find the ServiceName to use PowerShell to install the anti-malware. (I can get both those options to work on standalone VM's)
I'm thinking I'm missing something really simple, but I'm not seeing it.
Generally this is VM level config and so is usually managed via a custom VM image that already has things set up or via a VM extension. There's guidance around setting up antimalware in a cluster here.
# Script to add Microsoft Antimalware extension to VM Scale Set(VMSS) and Service Fabric Cluster(in turn it used VMSS)
# Login to your Azure Resource Manager Account and select the Subscription to use
Login-AzureRmAccount
# Specify your subscription ID
#$subscriptionId="SUBSCRIPTION ID HERE"
Select-AzureRmSubscription -SubscriptionId $subscriptionId
# Specify location, resource group, and VM Scaleset for the extension
#$location = "LOCATION HERE" # eg., “West US or Southeast Asia” or “Central US”
#$resourceGroupName = "RESOURCE GROUP NAME HERE"
#$vmScaleSetName = "YOUR VM SCALE SET NAME"
# Configuration.JSON configuration file can be customized as per MSDN documentation: https://msdn.microsoft.com/en-us/library/dn771716.aspx
#$settingString = ‘{"AntimalwareEnabled": true}’;
# retrieve the most recent version number of the extension
$allVersions= (Get-AzureRmVMExtensionImage -Location $location -PublisherName “Microsoft.Azure.Security” -Type “IaaSAntimalware”).Version
$versionString = $allVersions[($allVersions.count)-1].Split(“.”)[0] + “.” + $allVersions[($allVersions.count)-1].Split(“.”)[1]
$VMSS = Get-AzureRmVmss -ResourceGroupName $resourceGroupName -VMScaleSetName $vmScaleSetName
Add-AzureRmVmssExtension -VirtualMachineScaleSet $VMSS -Name “IaaSAntimalware” -Publisher “Microsoft.Azure.Security” -Type “IaaSAntimalware” -TypeHandlerVersion $versionString
Update-AzureRmVmss -ResourceGroupName $resourceGroupName -Name $vmScaleSetName -VirtualMachineScaleSet $VMSS
The Service Fabric team does have guidance on how to configure your environment that includes the information about the exclusions you'd want to add. Those include:
Antivirus Excluded directories
Program Files\Microsoft Service Fabric
FabricDataRoot (from cluster configuration)
FabricLogRoot (from cluster configuration)
Antivirus Excluded processes
Fabric.exe
FabricHost.exe
FabricInstallerService.exe
FabricSetup.exe
FabricDeployer.exe
ImageBuilder.exe
FabricGateway.exe
FabricDCA.exe
FabricFAS.exe
FabricUOS.exe
FabricRM.exe
FileStoreService.exe
I need to make changes to a Azure Resource Manager Virtual Machine that are not allowed on an existing machine, such as changing the availability group. So I have to delete and recreate the machine, attaching the existing disks, network adapters, etc. to the new VM. I have a PowerShell script to do this, but I'm running into a problem with Virtual Machine extensions.
Here's my code:
$NewVMConfig = New-AzureRmVMConfig -VMName $VM.Name -VMSize $VM.HardwareProfile.VmSize
$NewVMConfig = Set-AzureRmVMOSDisk -VM $NewVMConfig -Name $VM.StorageProfile.OSDisk.Name -VhdUri $VM.StorageProfile.OSDisk.VHD.Uri -CreateOption attach -Windows
foreach ($disk in $vm.StorageProfile.DataDisks) {
$NewVMConfig = Add-AzureRmVMDataDisk -VM $NewVMConfig -Name $disk.Name -VhdUri $disk.Vhd.Uri -Caching $disk.Caching -DiskSizeInGB $disk.DiskSizeGB -CreateOption attach -Lun $disk.Lun
}
$NewVMConfig.AvailabilitySetReference = $VM.AvailabilitySetReference
$NewVMConfig.DiagnosticsProfile = $VM.DiagnosticsProfile
$NewVMConfig.Extensions = $VM.Extensions
$NewVMConfig.NetworkProfile = $VM.NetworkProfile
$location = $VM.Location
$resourceGroupName = $VM.ResourceGroupName
# Delete machine.
Remove-AzureRmVM -ResourceGroupName $VM.ResourceGroupName -Name $VM.Name
# Recreate machine
New-AzureRmVM -ResourceGroupName $resourceGroupName -Location $location -VM $NewVMConfig
Notice the line:
$NewVMConfig.Extensions = $VM.Extensions
The script runs without any error, but the new VM doesn't have the same extensions as the original. The diagnostics extension is gone and it now has the BGInfo extension which wasn't on the original machine.
I can use the Remove-AzureRmVMExtension command to remove the BGInfo extension, but I have been unsuccessful at recreating the diagnostics extensions. I've tried both Set-AzureRmVMExtension and Set-AzureRmVMDiagnosticsExtension to no avail.
Those VM extension commands do not support ARM yet. Hence, I suggest you to use ARM template instead. There is a quick-start template specifically for Windows VM with diagnostics extension on GitHub. You can download it and modify it to meet your needs, like specifying a VHD for your VM. And, use New-AzureRmResourceGroupDeployment to deploy your vm.
For your case, combining the above template with 201-specialized-vm-in-existing-vnet template would meet your needs.
Note: the 201-vm-diagnostics-extension-windows template deploys a Windows VM with diagnostics extension, while the 201-specialized-vm-in-existing-vnet template deploys a VM with existing VNet and VHD
For more information about this, see Create a Windows Virtual machine with monitoring and diagnostics using Azure Resource Manager Template.
For more information about authoring ARM template, see Authoring Azure Resource Manager templates.
For more information about deploying ARM template, see Deploy a Resource Group with Azure Resource Manager template.
Jack Zeng's answer with the virtual machine template showed me what was missing in my attempts to reconfigure the Azure diagnostics extension.
The key is that when you get a VM and look at the Extensions property (or the ExtensionsText property) it doesn't include the protected settings of the extension. (That's one way in which they are protected.) Thus you don't have all the information you need to recreate the extension. You have to rebuild the protected settings, which would vary from extension to extension, so you need to know what the specific extension requires. The virtual machine template to which Jack provide a link shows what information is needed for the protected settings of the Azure diagnostics extension, namely the storage account name, key, and endpoint.
Running the following code after recreating the virtual machine successfully reconfigured the diagnostics. In this code $VM is the original virtual machine object we got from calling Get-AzureRmVM before recreating the machine.
$diagnosticsExtension = $VM.Extensions | Where { $_.Name -eq 'Microsoft.Insights.VMDiagnosticsSettings' }
# The $VM.Extensions.Settings property does not correctly return the values of the different settings.
# Instead, use the $VM.ExtensionsText property to get the old settings.
$oldSettings = $VM.ExtensionsText | ConvertFrom-Json | Where { $_.Name -eq 'Microsoft.Insights.VMDiagnosticsSettings' } | foreach {$_.'properties.settings'}
# Need settings in a hash table.
$settings = #{
xmlCfg = $oldSettings.xmlCfg;
StorageAccount = $oldSettings.StorageAccount
}
$storageAccounts = Get-AzureRmStorageAccount
$storageAccount = $storageAccounts | Where { $_.StorageAccountName -eq $settings.StorageAccount }
$storageAccountKeys = $storageAccount | Get-AzureRmStorageAccountKey
$protectedSettings = #{
storageAccountName = $settings.StorageAccount;
storageAccountKey = $storageAccountKeys.Key1;
storageAccountEndPoint = "https://core.windows.net/"
}
Write-Host "Reconfiguring Azure diagnostics extension on $Name..."
$result = Set-AzureRmVMExtension -ResourceGroupName $newVM.ResourceGroupName -VMName $newVM.Name -Name $diagnosticsExtension.name -Publisher $diagnosticsExtension.Publisher -ExtensionType $diagnosticsExtension.VirtualMachineExtensionType -TypeHandlerVersion $diagnosticsExtension.TypeHandlerVersion -Settings $settings -ProtectedSettings $protectedSettings -Location $diagnosticsExtension.Location
Note that I am running version 1.2.1 of the Azure PowerShell extensions. In this release, Set-AzureRmVMDiagnosticsExtension appears to be broken, so I did not use it.
In my script there are 10 endpoint configuring operations for 10 endpoints in a row like this: (please note: I am completely new to Azure PoweShell, started using yesterday, however I am experienced developer)
Get-AzureVM –ServiceName myservice –Name myvm |
Add-AzureEndpoint –Name SqlEndpoint –Protocol tcp –LocalPort 1433 `
–PublicPort 1433 –ACL $acl |
Update-AzureVM
Unfortunatelly one takes 10-15 seconds to be completed, and they are executed in a serialized way: the next one only starts when the previous finished, so the 10 operation takes 2 minutes.
I would be happy if I can it speed up things in some way. I Suppose this serialized way is not coming from the deep Azure nature (architecture) as we can imagine 10 clients connecting and issuing the 10 operations in the very same time to the server. (I strongly hope Azure will not queue them internally and executes them 10x15 seconds...)
Q: Can I just issue an operation with Azure PowerShell in async way, ( as a side effect losing the ability to check result?
Q': If there is no such a generic async way, could I do this specific 10 endpoint configuring operation as one operation?
Yes, you just call the Add-AzureEndpoint (or Set-AzureEndpoint) multiple times and invoke the Update-AzureVM cmdlet only once (at the end):
$vm = Get-AzureVM –ServiceName myservice –Name myvm
Add-AzureEndpoint –Name SqlEndpoint –Protocol tcp –LocalPort 1433 –PublicPort 1433 –ACL $acl -vm $vm
Add-AzureEndpoint –Name Endpoint2 ...
Add-AzureEndpoint –Name Endpoint3 ...
...
$vm | Update-AzureVM
I'm trying to provision a new Azure VM from an image via PowerShell and I need to use ReservedIP (which is why I'm using PowerShell - ReservedIP functionality isn't available from the management portal).
I'm running the following command:
New-AzureVMConfig -Name "myName" -InstanceSize Small -ImageName "imageName" | New-AzureVM -ServiceName "serviceName" -ReservedIPName "IP Name" -AffinityGroup "myAffinityGroup"
But I get the following error:
New-AzureVM : BadRequest: Deployment serviceName uses ReservedIP IP Name but does not contain any endpoints. Deployment must contain at least one endpoint in order to use a ReservedIP.
I can see that the cloud instance gets created, but it doesn't have any VM instance in it. Other Stack Overflow posts seem to imply that the above pshell commands should just work. None of the documentation addresses the need to add an endpoint and the VM doesn't even get created, so I don't know where I'd be able to add one.
Any help would be much appreciated. Thanks!
Figured it out!
You need to add an Add-AzureEndpoint call after New-AzureVMConfig instead of after New-AzureVM.
I wanted to move a machine to a cloud service with a static ip, so I deleted the VM (keeping the disk), then once the disk showed up for use I ran the code below. I know it will have a bogus endpoint that I will have to remove and re-create later. I just wanted it to be created.
New-AzureVMConfig -Name "test" -InstanceSize Large -DiskName "test-test-0-201409031948580187" |Add-AzureEndpoint -Name "test" -Protocol "tcp" -PublicPort 80 -LocalPort 80 -LBSetName "test" -ProbePort 888 -ProbeProtocol "TCP"| New-AzureVM -ServiceName "test" –ReservedIPName "SQL-UAT-USEast" -VNetName "East-1" -Location "East US"