Azure ARM templates – Example use of Outputs

The Outputs part of an ARM template allow data to be retrieved as part of that templates creation.

Given a simple example of creating an vNet, here’s what we get.
Defining 3 outputs of differing types,
– Virtual Network [Object]
– Virtual Network Addresses [Array]
– Virtual Network Address Prefix [String] (first string in the array)

We get this output.

Powershell script for deploying and retrieving values.

Taking a more practical example, retrieving the StaticIP’s from APIM after creation;

Template

Powershell Output

External monitoring of Azure web apps with Statuscake

The problem with monitoring from within the platform your app lives in, is that you’re unaware of any connectivity problems that exists outside of your environment. True, you’re not wanting to be monitor Internet weather either but in reality having both monitoring systems is a must.

Statuscake, is an endpoint monitoring service that offers a bunch of features around web endpoint monitoring – but i’ll just be looking at the most basic http check which will look for a 200 response.
*There are many other services available that perform this function – including Pingdom which I’ve used for years (and actually monitors this blog).*
When I first found Statuscake, years ago – it offered more monitoring servers in the UK than any other provider so provided the USP. What I liked about it was the API and the service it provides as part of its free tier.

statuscake monitoring

I’ve written several automation scripts against it’s API and have one blog post here.

Now that we’re happy with Endpoint monitoring through Statuscake, here’s the powershell functions I’ve written to perform a bunch of standard tasks.

So how can we get some monitoring action happening from Azure? Let’s stick to powershell and start using the Azure cmdlets to query all the Web App endpoints. Once we have the list of Azure addresses, we can then query Statuscake to see which one’s do not yet have a monitor set up – then add it. In this way we can host the powershell in Azure Automation to run on a scheduled basis.

What this will give you for free, is a record of availability and performance metrics. It can be extended to alert you upon detected downtime. In short, you’ve got nothing to lose by monitoring all your Azure App Services automatically. In fact a side benefit of the monitoring will be that in the event your Web Application app pools go to sleep, monitoring will keep them alive.

Powershell scripts available on GitHub.

Azure Powershell on linux on windows

In the Windows 10 Anniversary update you’re able to install the “Windows Subsystem for Linux”, see the Bash on Ubuntu on Windows blog.

Then in August we announced that Powershell had been opensourced and available on linux : https://azure.microsoft.com/en-us/blog/powershell-is-open-sourced-and-is-available-on-linux/.

The version of Ubuntu that gets installed is 14.04 – which is supported by Powershell. So obviously the first thing you’ll want to do on your Windows 10 OS, is install Bash then Powershell and then the Azure module for Powershell. If only for a change of scenery and a bit of script-inception.

Installing Azure Powershell on Linux, in Windows

Upload Azure AAD B2C Premium Policy with Powershell

If you like all of your interactions with Azure to be through Powershell (who doesn’t like to automate), then you’ll want to do the same thing for B2C Policies.

Don’t try this before you have your b2c directory whitelisted to work with the B2C Policy Upload feature. You’ll know if this is possible, if in the Azure Portal you’re able to upload a policy.

Cascading Resource Group Tags in Azure

Resource Manager Policies in Azure are the way to define and enforce a tagging system.
You can define in a json format rules that must be adhered to for new resources that are deployed.
eg.

For resources that you’ve already created, you’ll need to decide on the appropriate strategy. One that I’ve recently put together is a script that cascades the tags you define at the Resource Group level down to the individual resources (VM’s, vNETs, etc etc).

It doesn’t override any of the existing tags that a resource has, simply ensuring that each of the resources has at a minimum the tags that are defined at the Resource Group level.

This version isn’t optimised for running on a schedule in Azure Automation as it’s not a powershell workflow so doesn’t parallelise the foreach loops.

For the latest version, use the GitHub link.
https://github.com/Gordonby/PowershellSnippets/blob/master/Add-ResourceGroupTagsToResources.ps1

Resetting a users Azure AD Multi factor (MFA) requirement

If you find yourself needing to prompt one of your AAD users to re-set up their MFA method, then the following script should serve that purpose.

Linux Mint on Azure

Azure’s got a nice set of supported Linux distros.
The Azure Marketplace also has a pretty comprehensive list of where you can get started quickly with various Linux distros.
There’s even a couple of nice templates in the Quickstart templates GitHub where you can have Gnome or Xfce desktops installed, and RDP enabled.

I’ve had the issue of needing to get a desktop build of Linux Mint (17.3 Rosa) running in Azure. I’m writing this post to help avoid some of the pitfalls that I have experienced and worked around. I’ve also got a handy script file that makes the process a lot quicker.

The first thing to point out is that i’m using Hyper-V 10 (on my x64 Windows 10 build) to create the disk images locally before uploading them to Azure. You can use Virtualbox or other workstation hypervisors to build your disk image.

Which ISO?

The first choice you need to make is the right image iso to use.I wasted a lot of time with x86 images. Don’t. They don’t work correctly in Azure. My Azure boot diagnostics showed that it wouldn’t progress past "Waiting for Network".
My Linux Mint testing (Ubuntu derived distro) didn’t even show this message.

You need to download x64 ISO images only

Hyper-V settings

Before creating a VM, you should create the hard disk.

  • VHD, not VHDx
  • Fixed size

Next, create the VM.

  • Make sure you have your Virtual Switch created first as you’ll need network connectivity.
  • Generation 1 VM as Azure cannot accept a Generation 2 VM
  • Choose a small disk as this will speed up the upload later. I tend to go for 10GB.
  • Opt for 2048mb of allocated memory (not dynamic)

Mint installation settingsChoose your own partition/disk config. The default setup will include a Swap partition – which you don’t need.OS ConfigurationAs soon as the Ubuntu has installed and the VM has rebooted, you’re ready to get it configured for Azure. There’s a good guide on the Azure site, but I’ve shortened it down to a single script file, with various little tweaks that make the process a little easier. It’s structured that you can run in blocks by copy and pasting into terminal.

Here’s my script file. https://gordonscustomimages.blob.core.windows.net/scripts/mintrosa.txt – Inside your VM Navigate to it and download for easy reference.Each script block has a comment.

Sending the VHD to Azure

Once the VM is off, we’ll want to do the final preparation before uploading into Azure storage. Since my host environment is Windows, I use Powershell. First step is to make the disk static is size (so the vhd file takes up the full 10GB of disk space). Then we can upload into Azure Storage.

Testing the VM Image

By far the quickest way to test the creation of a VM from a VHD is by using DevTest labs. They have their own storage account, so if you need to copy it into the lab storage account

Shutting down Azure VMs based on Resource Group tags

Shutting down your non-production VM’s when you’re not using them in a great way to save money. There’s a couple of good Powershell scripts that make this easy to do by Resource Group – but when you want to be a little more granular, and actually automate across resource groups you need a smarter script – this is where Resource tagging comes in.

This script in basically my v1, simple powershell script designed to be run on demand manually. I’ll be publishing the more fully featured version in the Azure Automation Runbook Gallery shortly. That script has had to have a few workarounds put in to deal with issues arising from being a Powershell Workflow and running in Parallel, so I thought it worthwhile to share the simpler version here.

Azure AD B2C – Using the graph API

There’s a really good guide for getting started with CRUD operations in a AAD B2C tenant on the Azure documentation site;
https://azure.microsoft.com/en-gb/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/

As per usual, I’ve ended up putting some powershell together to make it a bit more repeatable when I have to do this for multiple AAD tenants.

This particular script creates the application in the AAD tenant. I’ll be posting further scripts that show off doing some clever stuff when I’ve finished testing and polishing them.

Azure ARM Reserved Public Ip Addresses via Powershell

I’ve had the situation where the full allocation of IP addresses are needed up front for firewall configuration. This isn’t so bad when you only need a few, but if you’re going for your full allocation of 20 (or more if you’ve spoken to Microsoft Support) then it can get a little tedious using the Azure Portal UI.

The typical output from this should be something like;

My_IPBag_1 13.79.152.42 Succeeded
My_IPBag_2 13.79.159.10 Succeeded
My_IPBag_3 52.169.176.221 Succeeded
My_IPBag_4 13.79.156.94 Succeeded
My_IPBag_5 13.79.157.129 Succeeded
My_IPBag_6 13.79.153.147 Succeeded
My_IPBag_7 13.79.157.117 Succeeded
My_IPBag_8 13.79.153.183 Succeeded
My_IPBag_9 13.79.154.248 Succeeded
My_IPBag_10 13.79.157.10 Succeeded
My_IPBag_11 13.79.155.174 Succeeded

Note that the assigned IP addresses are not in a continuous range 🙂

If you do try to obtain more than 20 Public IP Addresses in your subscription then you’ll get this friendly error message.

New-AzureRmPublicIpAddress : Cannot create more than 20 public IP addresses with static allocation method for this subscription in this region.