Azure ReservedIP endpoints - powershell

I'm trying to provision a new Azure VM from an image via PowerShell and I need to use ReservedIP (which is why I'm using PowerShell - ReservedIP functionality isn't available from the management portal).
I'm running the following command:
New-AzureVMConfig -Name "myName" -InstanceSize Small -ImageName "imageName" | New-AzureVM -ServiceName "serviceName" -ReservedIPName "IP Name" -AffinityGroup "myAffinityGroup"
But I get the following error:
New-AzureVM : BadRequest: Deployment serviceName uses ReservedIP IP Name but does not contain any endpoints. Deployment must contain at least one endpoint in order to use a ReservedIP.
I can see that the cloud instance gets created, but it doesn't have any VM instance in it. Other Stack Overflow posts seem to imply that the above pshell commands should just work. None of the documentation addresses the need to add an endpoint and the VM doesn't even get created, so I don't know where I'd be able to add one.
Any help would be much appreciated. Thanks!

Figured it out!
You need to add an Add-AzureEndpoint call after New-AzureVMConfig instead of after New-AzureVM.

I wanted to move a machine to a cloud service with a static ip, so I deleted the VM (keeping the disk), then once the disk showed up for use I ran the code below. I know it will have a bogus endpoint that I will have to remove and re-create later. I just wanted it to be created.
New-AzureVMConfig -Name "test" -InstanceSize Large -DiskName "test-test-0-201409031948580187" |Add-AzureEndpoint -Name "test" -Protocol "tcp" -PublicPort 80 -LocalPort 80 -LBSetName "test" -ProbePort 888 -ProbeProtocol "TCP"| New-AzureVM -ServiceName "test" –ReservedIPName "SQL-UAT-USEast" -VNetName "East-1" -Location "East US"

Related

How to Get MAC Address of VMs with Azure PowerShell

Does anyone know how to get Mac address of vms in Azure through Azure PowerShell?
i know i can get it with WMI or something else inside the VM, but i don't know how can i do that without logging on the VM.
Use the Get-AzureRmNetworkInterface command and the MacAddress property the resulting object has:
(Get-AzureRmNetworkInterface -ResourceGroupName %rgName%).MacAddress
this will list all the macs of the network interfaces in a resource group, to be more specific you could add the -Name parameter.
(Get-AzureRmNetworkInterface -ResourceGroupName %rgName% -Name %nicName%).MacAddress

Installing Microsoft Anti-Malware or Symmantec endpoint protection on Service Fabric VM's

Anyone installed either Microsoft Malware Protection or Symmantec End Point Protection on the Service Fabric VM's. The Azure Security Center says it's possible, but I haven't been able to get it to work.
When you create the cluster, there is no extension option to add malware protection (that I could find). After you create the cluster, when you RDP into the servers, PowerShell Get-AzureRmVm can't find the ServiceName to use PowerShell to install the anti-malware. (I can get both those options to work on standalone VM's)
I'm thinking I'm missing something really simple, but I'm not seeing it.
Generally this is VM level config and so is usually managed via a custom VM image that already has things set up or via a VM extension. There's guidance around setting up antimalware in a cluster here.
# Script to add Microsoft Antimalware extension to VM Scale Set(VMSS) and Service Fabric Cluster(in turn it used VMSS)
# Login to your Azure Resource Manager Account and select the Subscription to use
Login-AzureRmAccount
# Specify your subscription ID
#$subscriptionId="SUBSCRIPTION ID HERE"
Select-AzureRmSubscription -SubscriptionId $subscriptionId
# Specify location, resource group, and VM Scaleset for the extension
#$location = "LOCATION HERE" # eg., “West US or Southeast Asia” or “Central US”
#$resourceGroupName = "RESOURCE GROUP NAME HERE"
#$vmScaleSetName = "YOUR VM SCALE SET NAME"
# Configuration.JSON configuration file can be customized as per MSDN documentation: https://msdn.microsoft.com/en-us/library/dn771716.aspx
#$settingString = ‘{"AntimalwareEnabled": true}’;
# retrieve the most recent version number of the extension
$allVersions= (Get-AzureRmVMExtensionImage -Location $location -PublisherName “Microsoft.Azure.Security” -Type “IaaSAntimalware”).Version
$versionString = $allVersions[($allVersions.count)-1].Split(“.”)[0] + “.” + $allVersions[($allVersions.count)-1].Split(“.”)[1]
$VMSS = Get-AzureRmVmss -ResourceGroupName $resourceGroupName -VMScaleSetName $vmScaleSetName
Add-AzureRmVmssExtension -VirtualMachineScaleSet $VMSS -Name “IaaSAntimalware” -Publisher “Microsoft.Azure.Security” -Type “IaaSAntimalware” -TypeHandlerVersion $versionString
Update-AzureRmVmss -ResourceGroupName $resourceGroupName -Name $vmScaleSetName -VirtualMachineScaleSet $VMSS
The Service Fabric team does have guidance on how to configure your environment that includes the information about the exclusions you'd want to add. Those include:
Antivirus Excluded directories
Program Files\Microsoft Service Fabric
FabricDataRoot (from cluster configuration)
FabricLogRoot (from cluster configuration)
Antivirus Excluded processes
Fabric.exe
FabricHost.exe
FabricInstallerService.exe
FabricSetup.exe
FabricDeployer.exe
ImageBuilder.exe
FabricGateway.exe
FabricDCA.exe
FabricFAS.exe
FabricUOS.exe
FabricRM.exe
FileStoreService.exe

Azure: How to change idle timeout for Resource Manager managed VMs/IPs

I was surprised to find out that Azure enforces a slient TCP connection timeout, which is by default set to 4 mintues. I need to change this, as we're running long-running TCP connections and no communication should be sent to conserve power on embedded devices.
There are a couple of guides online (https://azure.microsoft.com/en-us/blog/new-configurable-idle-timeout-for-azure-load-balancer/), but they all cover cases where the VMs are provisioned using the Service manager (Classic). So changing this in Classic is not an issue, but we're already running the VMs provisioned via the Resource Manager.
After running:
Switch-AzureMode AzureResourceManager
Get-AzureVM -Name "MyVM" -ResourceGroup "MyGroup" | Get-AzurePublicIpAddress
I get the configuration printout for the IP, with IdleTimeoutInMinutes set at default 4.
Changing this using:
Get-AzureVM -Name "MyVM" -ResourceGroup "MyGroup" | Get-AzurePublicIpAddress | Set-AzurePublicIpAddress -IdleTimeoutInMinutes 29
fails with: A parameter cannot be found that matches parameter name `IdleTimeoutInMinutes`.
A guide or suggestion how to go forward will be appreciated. Should I remove the IP and create a new one? There surely is a better way.
Try this for the 1.x cmdlets:
$p = Get-AzureRmPublicIpAddress -Name MyIP -ResourceGroupName MyGroup
$p.IdleTimeoutInMinutes = 29
Set-AzureRmPublicIpAddress -PublicIpAddress $p
Or if you're on the older 0.9.x cmdlets:
Switch-AzureMode
$p = Get-AzurePublicIpAddress -Name MyIP -ResourceGroupName MyGroup
$p.IdleTimeoutInMinutes = 29
Set-AzurePublicIpAddress -PublicIpAddress $p

Adding a generic service to cluster from powershell

I'm a newbie in clustering and I'm trying to create a generic service to a cluster using PowerShell. I can add it without any issues using the GUI, but for some reason I cannot add it from PowerShell.
Following the first example from the documentation for Add-ClusterGenericServiceRole, I've tried the following command:
Add-ClusterGenericServiceRole -ServiceName "MyService"
This throws the following error:
Static network was [network range] was not configured. Please use -StaticAddress to use this network or -IgnoreNetwork to ignore it.
What's the connection between the network and my service? And why aren't these details required when creating it from the GUI?
I also tried another approach, creating the resource with:
Add-ClusterResrouce -Name MyService -ResourceType "Generic Serice"
This command succeeded but I noticed in the GUI that the ServiceName is blank, and thus the actual service cannot be started. If I could somehow change the ServiceName property it should do the trick. Again, from PowerShell I tried the following:
$resource = Get-ClusterResrouce "MyService"
$Resource.ServiceName = "Actual name of service" //property ServiceName cannot be found on this object.
I've been struggling for a couple of hours now with no luck. Is there something basic I'm missing? I think this shouldn't be as complicated as it might look.
I had the same problem; I had to add a large amount of services and got stuck with the "ServiceName" as well.
First, a note on the Add-ClusterGenericServiceRole command: this is for creating the service resource and the role at the same time, as opposed to just adding the service resource to an existing role.
Now, the solution is that you have to set the parameter "ServiceName" with the Set-ClusterParameter command. You can do this for an existing service resource like this:
Get-ClusterResource "ServiceDisplayName" | Set-ClusterParameter -Name ServiceName -Value "ServiceName"
However, you probably want to create the resource with everything it needs in one go, like this:
Add-ClusterResource -Name "ServiceDisplayName" -Group "cluster role" -ResourceType "Generic Service" | Set-
ClusterParameter -Name ServiceName -Value "ServiceName"

Azure Powershell Get Public IP of Staging Cloud Service

I am using this answer to look up our cloud service's public ip.
Azure Powershell: Get public virtual IP of service
This only returns the endpoints for the production cloud services. We also need to easily look up our staging cloud service endpoints.
Does anyone know how to look these up with Azure Powershell?
Thanks!
Get-AzureDeployment and System.Net.Dns class will help.
Get-AzureDeployment -ServiceName your_service_name -Slot Staging
You will get lots of properties, including URL
Then you can run following PS command which will give you IP address (where your_url is usually XX.cloudapp.net) for the given domain name:
[System.Net.Dns]::GetHostAddresses("your_url") | foreach {echo $_.IPAddressToString }
I hope that will help.
This is one-liner and uses nothing other then Get-AzureDeployment - and returs directly the VIP, as long as you have at least one InputEndpoint defined - otherwise you can't connect to the service anyway ;) No need of heavy lifting or using DNS client ...
PS C:\> Get-AzureRole -ServiceName "your_service_name" -Slot "staging" -InstanceDetails -RoleName "your_desired_role_name_when_you_have_more_than_one_role" | select {$_.InstanceEndpoints[0].VIP }
And you will get the VIP. The important option here is -InstanceDetails which will get the Endpoints.
Here is the simplest answer I could think of. It returns a string containing the VIP of the service in the slot you specify.
PS C:\> (Get-AzureDeployment -ServiceName 'ServiceName' -Slot Staging).VirtualIPs.Address