How to force Azure Storage Account as classic - powershell

We recently built a infrastructure and application deployment framework using the Azure Resource Manager and templates. In order to deploy a Cloud Service, it is required to first setup an Azure Storage Account. As of recently, this was accomplished by running:
Switch-AzureMode AzureResourceManager
New-AzureStorageAccount -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -Location $locationName -Type Standard_LRS
This would create a storage account that the New-AzureDeployment cmdlet could use for the deployment. As far as I can remember, the storage account created would be one that the now labeled as "classic" in the UI. However, with recent changes, the storage account that is now created using the script above is non-classic (V2). This V2 storage account is not recognized by the New-AzureDeployment, and it throws this in the Powershell script:
New-AzureDeployment : ResourceNotFound: The storage account 'teststorage' was not found.
If I manually create the classic storage account in the UI, I can use it for my deployment, and it works just fine.
So is it possible to do one of the following:
Force the storage account to be created as classic via Powershell?
Instruct the New-AzureDeployment cmdlet to use the V2 storage account via Powershell?

Switch back to asm mode (the v1 api) and create the storage account from there:
switch-azuremode -Name AzureServiceManagement

Because someone else may find this helpful with the later versions of Azure resource manager (my version was 1.0.4)....
In the latest versions of AzureRM for PSVersion 5.0.10514.6, this can be done through a powershell cmdlet.
Assuming you have:
a) Authenticated to Azure RM: Login-AzureRMAccount
b) Already have created the resource group: New-AzureRmResourceGroup -Name $resourceGroupName -Location "South Central US"
You can then do something like this to get a classic storage account:
New-AzureRmResource -ResourceName "" -ResourceGroupName $resourceGroupName -ResourceType "Microsoft.ClassicStorage/StorageAccounts" -Location "South Central US" -Properties #{ AccountType = "Standard_LRS" } -ApiVersion "2015-06-01"

You can actually use ARM (Azure Resource Manager) to create a "Classic" (i.e. old portal) storage account. To do this, add the below json into your "Resources", adjusting the params as you require. The advantage this has over #Trondh answer is that this will be provisioned as part of your resource group. When you switch back to the ASM your classic storage account will just be added to a random resource group that you cannot move.
{
"name": "[concat(parameters('BuildStorageName'), 'classic')]",
"type": "Microsoft.ClassicStorage/storageAccounts",
"location": "[parameters('BuildStorageLocation')]",
"apiVersion": "2015-06-01",
"dependsOn": [ ],
"properties": {
"accountType": "[parameters('BuildStorageType')]"
}
}

Jason's answer is definitively the best solution..
$resourceGroupName= "myrsgroupp"
$classicStorageName = "myclassicstoragename"
$location = "North Europe"
New-AzureRmResource -ResourceGroupName $resourceGroupName -ResourceName $classicStorageName -ResourceType "Microsoft.ClassicStorage/StorageAccounts" -Location $location -Properties #{AccountType="Standard_LRS"} -ApiVersion "2015-06-01" -Force

Related

Azure App Service ApiApp

I am trying to create an API App in Azure App Service with PowerShell.
The cmdlet I am calling always create a Web App by default. If it is possible, I would like to know how I can specify the type/kind to be Api App instead of Web App?
New-AzureRmWebApp -Name $name -Location $location -AppServicePlan $plan -ResourceGroupName $resourceGroup
From my reading there is not much different between both except the icon, is it worth it to set the type to "Api App" if it's what my app is all about?
I am using version 5.4.0 of AzureRM PowerShell module.
> Get-Module "AzureRM"
ModuleType Version Name
---------- ------- ----
Script 5.4.0 AzureRM
Just call New-AzureRmResource instead and pass in -Kind 'api':
# CREATE "just-an-api" API App
$ResourceLocation = "West US"
$ResourceName = "just-an-api"
$ResourceGroupName = "demo"
$PropertiesObject = #{
# serverFarmId points to the App Service Plan resource id
serverFarmId = "/subscriptions/SUBSCRIPTION-GUID/resourceGroups/demo/providers/Microsoft.Web/serverfarms/plan1"
}
New-AzureRmResource -Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName $ResourceGroupName `
-ResourceType Microsoft.Web/sites `
-ResourceName "just-an-api/$ResourceName" `
-Kind 'api' `
-ApiVersion 2016-08-01 -Force
..which produces an API App, a Microsoft.Web/sites resource type of the api kind:
Hold on.. How did you come up with this stuff?
Visit https://resources.azure.com and navigate to an existing API App, build the PowerShell syntax by combining the PowerShell tab with the desired values from the JSON resource definition.
There is not a parameter in New-AzureRmWebApp supported to explicitly indicate whether API App or Web App. The resource provider is still Microsoft.Web. And there is no parameter which indicates the type in ARM template.
These two types technically still work in the same way. The difference would be the purpose, icon, OS running choice and debugging capability (refer here What is the difference between an API App and a Web App?).
You may want to classify between the two types by tagging it, which would help manage in case your resource groups have many web resources.
You can create API App via Azure Portal, or Visual Studio.
Also, look at Azure API Management for more flexibility of API wrapping instead of Azure App Service.

Invoke Sync with Powershell

Normally, I integrate the deployment source to webapp, and then run the 'Sync' button found in the webapp dashboard as and when required to sync the Azure webapp with my onedrive folder.
But, if I want to give a non-Azure user, I mean , who need not be logged in to Azure portal itself, rather could invoke with a demo credential or sort, what should I do? Or, If I want to run it myself from shell, how to approach?
Would it be possible to run the sync from power-shell with service principal or similar ways ( runbooks, http trigger with azure functions for sync ) without actually giving the user a login credential itself?
Update:
1. I read this blog on Kudu but not sure whether it is what I am actually looking for. Please suggest. https://dzimchuk.net/post/azure-web-apps-continuous-deployment
Update 31/Aug:
My workflow got 3 slots dev/stage/mirror. I aim to integrate dev with source repo. So, Sync is enabled at lowest environment.
SiteName : YourWebApp(dev)
State : Running
DefaultHostName : YourWebApp-dev.azurewebsites.net
Id : /subscriptions/1234567890-{my}-{subscription}_{id}/resourceGroups/Default-Web/providers/Microsoft.Web/sites/YourWebApp/slots/dev
Name : YourWebApp/dev
Location : East US
Type : Microsoft.Web/sites/slots
If you install the latest Azure PowerShell, you can run this command to trigger a sync:
Invoke-AzureRmResourceAction -ResourceGroupName {YourResourceGroup} -ResourceType Microsoft.Web/sites -ResourceName YourWebApp -Action sync -ApiVersion 2015-08-01 -Force
Or if you're dealing with a slot, it will look like this:
Invoke-AzureRmResourceAction -ResourceGroupName {YourResourceGroup} -ResourceType Microsoft.Web/sites/slots -ResourceName YourWebApp/YourSlot -Action sync -ApiVersion 2015-08-01 -Force
As far as letting some other user authenticate, you have a couple options:
You can make them a Contributor on that Web App (using RBAC - Role Based Access Control)
You can set up a Service Principal

Installing Microsoft Anti-Malware or Symmantec endpoint protection on Service Fabric VM's

Anyone installed either Microsoft Malware Protection or Symmantec End Point Protection on the Service Fabric VM's. The Azure Security Center says it's possible, but I haven't been able to get it to work.
When you create the cluster, there is no extension option to add malware protection (that I could find). After you create the cluster, when you RDP into the servers, PowerShell Get-AzureRmVm can't find the ServiceName to use PowerShell to install the anti-malware. (I can get both those options to work on standalone VM's)
I'm thinking I'm missing something really simple, but I'm not seeing it.
Generally this is VM level config and so is usually managed via a custom VM image that already has things set up or via a VM extension. There's guidance around setting up antimalware in a cluster here.
# Script to add Microsoft Antimalware extension to VM Scale Set(VMSS) and Service Fabric Cluster(in turn it used VMSS)
# Login to your Azure Resource Manager Account and select the Subscription to use
Login-AzureRmAccount
# Specify your subscription ID
#$subscriptionId="SUBSCRIPTION ID HERE"
Select-AzureRmSubscription -SubscriptionId $subscriptionId
# Specify location, resource group, and VM Scaleset for the extension
#$location = "LOCATION HERE" # eg., “West US or Southeast Asia” or “Central US”
#$resourceGroupName = "RESOURCE GROUP NAME HERE"
#$vmScaleSetName = "YOUR VM SCALE SET NAME"
# Configuration.JSON configuration file can be customized as per MSDN documentation: https://msdn.microsoft.com/en-us/library/dn771716.aspx
#$settingString = ‘{"AntimalwareEnabled": true}’;
# retrieve the most recent version number of the extension
$allVersions= (Get-AzureRmVMExtensionImage -Location $location -PublisherName “Microsoft.Azure.Security” -Type “IaaSAntimalware”).Version
$versionString = $allVersions[($allVersions.count)-1].Split(“.”)[0] + “.” + $allVersions[($allVersions.count)-1].Split(“.”)[1]
$VMSS = Get-AzureRmVmss -ResourceGroupName $resourceGroupName -VMScaleSetName $vmScaleSetName
Add-AzureRmVmssExtension -VirtualMachineScaleSet $VMSS -Name “IaaSAntimalware” -Publisher “Microsoft.Azure.Security” -Type “IaaSAntimalware” -TypeHandlerVersion $versionString
Update-AzureRmVmss -ResourceGroupName $resourceGroupName -Name $vmScaleSetName -VirtualMachineScaleSet $VMSS
The Service Fabric team does have guidance on how to configure your environment that includes the information about the exclusions you'd want to add. Those include:
Antivirus Excluded directories
Program Files\Microsoft Service Fabric
FabricDataRoot (from cluster configuration)
FabricLogRoot (from cluster configuration)
Antivirus Excluded processes
Fabric.exe
FabricHost.exe
FabricInstallerService.exe
FabricSetup.exe
FabricDeployer.exe
ImageBuilder.exe
FabricGateway.exe
FabricDCA.exe
FabricFAS.exe
FabricUOS.exe
FabricRM.exe
FileStoreService.exe

Add virtual folder to Azure Web App

I want to automate my deployment to Azure Web App.
I am using Octopus Deploy to deploy my app to a Azure Web App into a sub-folder based on my git-branch.
This works.
The problem is, that I need to add that folder to the list of virtual directories in the Application Settings of the Web App and I also have to mark it as an application.
How can I do this?
I can use anything that is possible with PowerShell.
P.S. I found this old thread: https://social.msdn.microsoft.com/Forums/azure/en-US/990f41fd-f8b6-43a0-b942-cef0308120b2/add-virtual-application-and-directory-to-an-azure-website-using-powershell?forum=windowsazurewebsitespreview, but this no longer seems to be working.
I'd recommend looking into the Azure Resource Manager - https://resources.azure.com - if you drill down to an existing Web App you can view REST & PowerShell commands for managing resources. In the Web App JSON, you'll find a section for Virtual Applications:
"virtualApplications": [
{
"virtualPath": "/",
"physicalPath": "site\\wwwroot",
"preloadEnabled": true,
"virtualDirectories": null
}
],
Since you are using Azure PowerShell, after Get-AzureSubscription, you should be able to do something like:
# PowerShell equivalent script
Switch-AzureMode -Name AzureResourceManager
# GET web
Get-AzureResource -ResourceGroupName yourResourceGroup -ResourceType Microsoft.Web/sites/config -ResourceName yourWebApp/web -OutputObjectFormat New -ApiVersion 2015-08-01
# SET web
$PropertiesObject = #{
#Property = value;
}
Set-AzureResource -PropertyObject $PropertiesObject -ResourceGroupName yourResourceGroup -ResourceType Microsoft.Web/sites/config -ResourceName yourWebApp/web -OutputObjectFormat New -ApiVersion 2015-08-01 -Force

Azure Web App Powershell Resource Manager Mode - Connection String Slot Setting

I'm adding Connection Strings to my Azure Web App using the AzureResourceManager mode in Powershell.
Using the Azure Resource Explorer I've found the correct Powershell to add a connection string to my web app
$PropertiesObject = #{
#Property = value;
MembershipConnection = #{
Value = "Server=tcp:members.database.windows.net,1433;Database=Membership;User ID=User#members;Password=passwordgoeshere;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;";
Type = "2";
}
}
New-AzureResource -PropertyObject $PropertiesObject -ResourceGroupName $resGroup -ResourceType Microsoft.Web/sites/config -ResourceName "$siteName/connectionstrings" -OutputObjectFormat New -ApiVersion "2015-08-01" -Force
However, I can't find a way of marking the Connection String as a Slot Setting, so that it doesn't move when switching between my Staging and Production deployment slots.
In the Portal, it's a simple checkbox alongside the connection string.
Thanks very much for any help!
You might already know that you can do this in the Azure Service Management Mode like this:
> Switch-AzureMode -Name AzureServiceManagement
> Set-AzureWebsite -Name myapp -SlotStickyConnectionStringNames #("my_db")
I appreciate, though, that your question is about using the Azure Resource Manager.