Assign static outbound ip address to azure container instance - azure-resource-manager

I need to make a setup where I can read and write to an external sql db from a python script residing in a azure container instance. I order to make this work I need to assign a static ip to the container.
As I cannot associate a container instance with a dedicated ip I have had to make a setup that use the following resources: a vnet, a gateway and a public IP.
I have partially borrowed the setup from https://godatadriven.com/blog/azure-container-instance-example/ where the setup is drawn as follows:
I have made a dev-ops build and release pipeline. I use an ARM template to create the release (the resources of the template are below):
"resources": [
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"apiVersion": "2019-07-01",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnet2Name')]",
"properties": {
"addressPrefix": "[parameters('subnet2AddressPrefix')]",
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
},
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetAddressPrefix')]",
"delegations": [
{
"name": "DelegationService",
"properties": {
"serviceName": "Microsoft.ContainerInstance/containerGroups"
}
}
],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
}
]
}
},
{
"apiVersion": "2018-07-01",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard",
"tier": "Regional"
},
"properties": {
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"idleTimeoutInMinutes": 4,
"dnsSettings": {
"domainNameLabel": "[parameters('dnsName')]"
}
}
},
{
"apiVersion": "2019-08-01",
"name": "[variables('applicationGatewayName')]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks/', parameters('vnetName'))]",
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.ContainerInstance/containerGroups/', parameters('containerInstanceName'))]"
],
"properties": {
"sku": {
"name": "[parameters('skuName')]",
"tier": "Standard_v2",
"capacity": "[variables('capacity')]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"PublicIPAddress": {
"id": "[variables('publicIPRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": 80
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"backendAddresses": [
{
"IpAddress": "[parameters('backendIP')]"
}
]
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": 80,
"Protocol": "Http",
"CookieBasedAffinity": "Disabled"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIPConfiguration": {
"Id": "[resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', variables('applicationGatewayName'), 'appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[resourceId('Microsoft.Network/applicationGateways/frontendPorts', variables('applicationGatewayName'), 'appGatewayFrontendPort')]"
},
"Protocol": "Http",
"SslCertificate": null
}
}
],
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[resourceId('Microsoft.Network/applicationGateways/httpListeners', variables('applicationGatewayName'), 'appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', variables('applicationGatewayName'), 'appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', variables('applicationGatewayName'), 'appGatewayBackendHttpSettings')]"
}
}
}
]
}
},
{
"name": "[parameters('networkProfileName')]",
"type": "Microsoft.Network/networkProfiles",
"apiVersion": "2018-07-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]"
],
"properties": {
"containerNetworkInterfaceConfigurations": [
{
"name": "[variables('interfaceConfigName')]",
"properties": {
"ipConfigurations": [
{
"name": "[variables('interfaceIpConfig')]",
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]"
}
}
}
]
}
}
]
}
},
{
"name": "[parameters('containerInstanceName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2018-10-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkProfiles', parameters('networkProfileName'))]"
],
"properties": {
"containers": [
{
"name": "[parameters('containerName')]",
"properties": {
"image": "[parameters('registryImageUri')]",
"ports": [{
"port": "[variables('port')]"
}],
"resources": {
"requests": {
"cpu": "[variables('cpuCores')]",
"memoryInGb": "[variables('memoryInGb')]"
}
}
}
}
],
"imageRegistryCredentials": [
{
"server": "[parameters('registryLoginServer')]",
"username": "[parameters('registryUserName')]",
"password": "[parameters('registryPassword')]"
}
],
"diagnostics": {
"logAnalytics": {
"workspaceId": "[parameters('LogAnalyticsID')]",
"workspaceKey": "[parameters('LogAnalyticsKEY')]"
}
},
"networkProfile": {
"Id": "[resourceId('Microsoft.Network/networkProfiles', parameters('networkProfileName'))]"
},
"osType": "Linux",
"ipAddress": {
"ports": [{
"protocol": "tcp",
"port": 80
}],
"type": "private",
"ip": "[parameters('backendIP')]"
},
"restartPolicy": "[parameters('restartPolicy')]"
}
}
]
The release works, but when I run I try to run the container instance, it use a different ip each time.
What am I doing wrong?

Since you are using an Azure provided SQL, I would recommend to leverage the private VNET offering that Azure provides.
you should look at configuring your ACI with a private subnet
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-vnet
and also setup a vnet rule for your SQL server
https://learn.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview
Virtual network rules are one firewall security feature that controls whether the database server for your single databases and elastic pool in Azure SQL Database or for your databases in Azure Synapse Analytics accepts communications that are sent from particular subnets in virtual networks.
it's important that you enable the SQL service endpoint for SQL on the ACI subnet as well.
This will avoid you having to manage outbound IP whitelisting in your SQL firewall.

From the things you did, I think you misunderstanding the network of the Azure Container Instance. The Public or the Private type for the ACI is only available for the inbound traffic, not for the outbound. Even when you use the private type, the instance also can access the Internet without any other resource, but in this type, you cannot access it from the Internet.
Unfortunately, when you use the public type, the public IP address for the inbound and outbound may be even no the same. And for Azure Container Instance, we cannot control the IP address which we can use. So when you want to use a static public IP address to access the SQL DB, the Azure Container Instance is not suitable, I would recommend the VM, it's more controllable and appropriate.

Related

502 bad gateway error after installing WordPress and MySQL database on azure container instance in a virtual network

Following ARM template successfully deployed WordPress and MySQL database on the azure container instance in a virtual network but I'm facing 502 bad gateway error while updating WordPress. Also I'm get link expired when uploading theme of 30MB size.
azuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vnetName": {
"type": "string",
"defaultValue": "aci-vnet",
"metadata": {
"description": "VNet name"
}
},
"vnetAddressPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/16",
"metadata": {
"description": "Address prefix"
}
},
"subnet1AddressPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/24",
"metadata": {
"description": "Subnet prefix for ACI"
}
},
"subnet1Name": {
"type": "string",
"defaultValue": "aci-subnet",
"metadata": {
"description": "Subnet name for ACI"
}
},
"subnet2AddressPrefix": {
"type": "string",
"defaultValue": "10.0.1.0/24",
"metadata": {
"description": "Subnet prefix for application gateway"
}
},
"subnet2Name": {
"type": "string",
"defaultValue": "ag-subnet",
"metadata": {
"description": "Subnet name for application gateway"
}
},
"mysqlPassword": {
"type": "securestring",
"metadata": {
"description": "MySQL database password"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"storageAccountName": "[uniquestring(resourceGroup().id)]",
"storageAccountType": "Standard_LRS",
"publicIPAddressName": "publicIp1",
"publicIPRef": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]",
"networkProfileName": "aci-networkProfile",
"interfaceConfigName": "eth0",
"interfaceIpConfig": "ipconfigprofile1",
"image": "microsoft/azure-cli",
"shareContainerGroupName": "createshare-containerinstance",
"wordpressContainerGroupName": "wordpress-containerinstance",
"mysqlContainerGroupName": "mysql-containerinstance",
"wordpressShareName": "wordpress-share",
"mysqlShareName": "mysql-share",
"cpuCores": "1.0",
"memoryInGb": "1.5",
"skuName": "Standard_Medium",
"capacity": "2",
"applicationGatewayName": "applicationGateway1",
"subnet2Ref": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnet2Name'))]",
"wordpressContainerGroupRef": "[resourceId('Microsoft.ContainerInstance/containerGroups/', variables('wordpresscontainerGroupName'))]",
"mysqlContainerGroupRef": "[resourceId('Microsoft.ContainerInstance/containerGroups/', variables('mysqlContainerGroupName'))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2019-06-01",
"location": "[parameters('location')]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "Storage",
"properties": {}
},
{
"apiVersion": "2020-05-01",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "[concat('acisite', uniqueString(resourceGroup().id))]"
}
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"apiVersion": "2020-05-01",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnet1Name')]",
"properties": {
"addressPrefix": "[parameters('subnet1AddressPrefix')]",
"serviceEndpoints": [
{
"service": "Microsoft.Storage",
"locations": [
"[parameters('location')]"
]
}
],
"delegations": [
{
"name": "DelegationService",
"properties": {
"serviceName": "Microsoft.ContainerInstance/containerGroups"
}
}
]
}
},
{
"name": "[parameters('subnet2Name')]",
"properties": {
"addressPrefix": "[parameters('subnet2AddressPrefix')]"
}
}
]
}
},
{
"name": "[variables('networkProfileName')]",
"type": "Microsoft.Network/networkProfiles",
"apiVersion": "2020-05-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]"
],
"properties": {
"containerNetworkInterfaceConfigurations": [
{
"name": "[variables('interfaceConfigName')]",
"properties": {
"ipConfigurations": [
{
"name": "[variables('interfaceIpConfig')]",
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnet1Name'))]"
}
}
}
]
}
}
]
}
},
{
"name": "[variables('shareContainerGroupName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2019-12-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]"
],
"properties": {
"containers": [
{
"name": "[variables('wordpressShareName')]",
"properties": {
"image": "[variables('image')]",
"command": [
"az",
"storage",
"share",
"create",
"--name",
"[variables('wordpressShareName')]"
],
"environmentVariables": [
{
"name": "AZURE_STORAGE_KEY",
"value": "[listKeys(variables('storageAccountName'),'2017-10-01').keys[0].value]"
},
{
"name": "AZURE_STORAGE_ACCOUNT",
"value": "[variables('storageAccountName')]"
}
],
"resources": {
"requests": {
"cpu": "[variables('cpuCores')]",
"memoryInGb": "[variables('memoryInGb')]"
}
}
}
},
{
"name": "[variables('mysqlShareName')]",
"properties": {
"image": "[variables('image')]",
"command": [
"az",
"storage",
"share",
"create",
"--name",
"[variables('mysqlShareName')]"
],
"environmentVariables": [
{
"name": "AZURE_STORAGE_KEY",
"value": "[listKeys(variables('storageAccountName'),'2017-10-01').keys[0].value]"
},
{
"name": "AZURE_STORAGE_ACCOUNT",
"value": "[variables('storageAccountName')]"
}
],
"resources": {
"requests": {
"cpu": "[variables('cpuCores')]",
"memoryInGb": "[variables('memoryInGb')]"
}
}
}
}
],
"restartPolicy": "OnFailure",
"osType": "Linux"
}
},
{
"name": "[variables('mysqlContainerGroupName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2019-12-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.ContainerInstance/containerGroups/', variables('shareContainerGroupName'))]",
"[resourceId('Microsoft.Network/networkProfiles/', variables('networkProfileName'))]"
],
"properties": {
"containers": [
{
"name": "mysql",
"properties": {
"image": "mysql:5.6",
"ports": [
{
"protocol": "Tcp",
"port": 3306
}
],
"environmentVariables": [
{
"name": "MYSQL_ROOT_PASSWORD",
"value": "[parameters('mysqlPassword')]"
}
],
"volumeMounts": [
{
"mountPath": "/var/lib/mysql",
"name": "mysqlfile"
}
],
"resources": {
"requests": {
"cpu": "[variables('cpuCores')]",
"memoryInGb": "[variables('memoryInGb')]"
}
}
}
}
],
"volumes": [
{
"azureFile": {
"shareName": "[variables('mysqlShareName')]",
"storageAccountKey": "[listKeys(variables('storageAccountName'),'2017-10-01').keys[0].value]",
"storageAccountName": "[variables('storageAccountName')]"
},
"name": "mysqlfile"
}
],
"networkProfile": {
"Id": "[resourceId('Microsoft.Network/networkProfiles', variables('networkProfileName'))]"
},
"osType": "Linux"
}
},
{
"name": "[variables('wordpressContainerGroupName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2019-12-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.ContainerInstance/containerGroups/', variables('shareContainerGroupName'))]",
"[resourceId('Microsoft.ContainerInstance/containerGroups/', variables('mysqlContainerGroupName'))]"
],
"properties": {
"containers": [
{
"name": "wordpress",
"properties": {
"image": "wordpress:4.9-apache",
"ports": [
{
"protocol": "Tcp",
"port": 80
}
],
"environmentVariables": [
{
"name": "WORDPRESS_DB_HOST",
"value": "[concat(reference(variables('mysqlContainerGroupRef')).ipAddress.ip, ':3306')]"
},
{
"name": "WORDPRESS_DB_PASSWORD",
"value": "[parameters('mysqlPassword')]"
}
],
"volumeMounts": [
{
"mountPath": "/var/www/html",
"name": "wordpressfile"
}
],
"resources": {
"requests": {
"cpu": "[variables('cpuCores')]",
"memoryInGb": "[variables('memoryInGb')]"
}
}
}
}
],
"volumes": [
{
"azureFile": {
"shareName": "[variables('wordpressShareName')]",
"storageAccountKey": "[listKeys(variables('storageAccountName'),'2017-10-01').keys[0].value]",
"storageAccountName": "[variables('storageAccountName')]"
},
"name": "wordpressfile"
}
],
"networkProfile": {
"Id": "[resourceId('Microsoft.Network/networkProfiles', variables('networkProfileName'))]"
},
"osType": "Linux"
}
},
{
"apiVersion": "2020-05-01",
"name": "[variables('applicationGatewayName')]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks/', parameters('vnetName'))]",
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.ContainerInstance/containerGroups/', variables('wordpressContainerGroupName'))]"
],
"properties": {
"sku": {
"name": "[variables('skuName')]",
"tier": "Standard",
"capacity": "[variables('capacity')]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[variables('subnet2Ref')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"PublicIPAddress": {
"id": "[variables('publicIPRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": 80
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"BackendAddresses": [
{
"IpAddress": "[reference(variables('wordpressContainerGroupRef')).ipAddress.ip]"
}
]
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": 80,
"Protocol": "Http",
"CookieBasedAffinity": "Disabled"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIPConfiguration": {
"Id": "[resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', variables('applicationGatewayName'), 'appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[resourceId('Microsoft.Network/applicationGateways/frontendPorts', variables('applicationGatewayName'), 'appGatewayFrontendPort')]"
},
"Protocol": "Http"
}
}
],
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[resourceId('Microsoft.Network/applicationGateways/httpListeners', variables('applicationGatewayName'), 'appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', variables('applicationGatewayName'), 'appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', variables('applicationGatewayName'), 'appGatewayBackendHttpSettings')]"
}
}
}
]
}
}
],
"outputs": {
"SiteFQDN": {
"type": "string",
"value": "[reference(variables('publicIPRef')).dnsSettings.fqdn]"
}
}
}
azuredeploy.parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"mysqlPassword": {
"value": "GEN-PASSWORD"
}
}
}
Solution overview and deployed resources
The following resources are deployed as part of the solution
Azure Container Instance: Azure Container Instance to host the WordPress site.
Azure Container Instance: Azure Container Instance to host the MySQL database.
Azure Container Instance: A run-once Azure Container Instance, where the az-cli is executed to create the file shares
Storage Account: Storage account for the file shares to store the WordPress site content and MySQL database.
File share: Azure File shares to store WordPress site content and MySQL database.
Application gateway: Application gateway for WordPress site. It exposes public network access to WordPress site in VNet.
Virtual network: Virtual network for WordPress site, MySQL database, Application gateway.
One click deploy to Azure
Click here to deploy to Azure

Azure ARM - DSC VM configuration

I would like to configure my VMs using ARM template and DSC. I prepared simple DCS script in powershell, base on that using powershell command created .zip file. mentioned .zip file uploaded to storage account container. Now I want to use this .zip file to made configuration changes on my test VMs, below my ARM template. I am receiving error message New-AzResourceGroupDeployment : 10:12:09 AM - VM has reported a failure when processing extension 'dscExtension'. Error message: "The DSC Extension failed to execute: Error downloading
https://storageAccountName.blob.core.windows.net/containerName/test.zip after 2 attempts: <?xml version="1.0" encoding="utf-8"?><Error><Code>ResourceNotFound</Code><Message>The specified resource
does not exist.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of virtual machines to be reconfigured, if using multiple VMs, make their names comma separate. E.g. VM01, VM02, VM03."
},
"defaultValue": "VM1,VM2"
},
"Location": {
"type": "string",
"metadata": {
"description": "Location of the VM"
},
"defaultvalue": "WestEurope"
},
"functionName": {
"type": "string",
"metadata": {
"description": "Specify the function name"
},
"defaultvalue": "test.ps1\\testConfigurationName"
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "Specify the Storage Account name, Storage Account where DCS .zip module is located"
}
},
"setupScriptContainerName": {
"type": "string",
"metadata": {
"description": "Specify the Storage Account container name, container where DCS .zip module is located"
}
},
"DSCSetupArchiveFileName": {
"type": "string",
"metadata": {
"description": "Specify the Storage Account container name, container where DCS .zip module is located"
},
"defaultvalue": "test.zip"
},
"nodeConfigurationName": {
"type": "string",
"metadata": {
"description": "The name of the node configuration, on the Azure Automation DSC pull server, that this node will be configured as"
},
"defaultValue": "testConfigurationName.localhost"
},
"registrationKey": {
"type": "securestring",
"metadata": {
"description": "Registration key to use to onboard to the Azure Automation DSC pull/reporting server"
},
"defaultValue": "AutomationAccountPrimaryKey"
},
"registrationUrl": {
"type": "string",
"metadata": {
"description": "Registration url of the Azure Automation DSC pull/reporting server"
},
"defaultValue": AutomationAccountRegistrationURL"
}
},
"variables": {
"vmListArray": "[split(parameters('vmName'),',')]"
},
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2015-06-15",
"name": "[concat(trim(variables('vmListArray')[copyIndex()]),'/dscExtension')]",
"copy": {
"name": "ExtentionLooptoAllVMs",
"count": "[length(variables('vmListArray'))]"
},
"location": "[parameters('Location')]",
"properties": {
"autoUpgradeMinorVersion": true,
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.19",
"protectedSettings": {
"Items": {
"registrationKeyPrivate": "[parameters('registrationKey')]"
}
},
"settings": {
"ModulesUrl": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net/',parameters('setupScriptContainerName'),'/',parameters('DSCSetupArchiveFileName'))]",
"ConfigurationFunction": "[parameters('functionName')]",
"Properties": [
{
"Name": "RegistrationKey",
"Value": {
"UserName": "PLACEHOLDER_DONOTUSE",
"Password": "PrivateSettingsRef:registrationKeyPrivate"
},
"TypeName": "System.Management.Automation.PSCredential"
},
{
"Name": "RegistrationUrl",
"Value": "[parameters('registrationUrl')]",
"TypeName": "System.String"
},
{
"Name": "NodeConfigurationName",
"Value": "[parameters('nodeConfigurationName')]",
"TypeName": "System.String"
}
]
}
}
}
]
}
Updated version:
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2018-10-01",
"name": "[concat(trim(variables('vmListArray')[copyIndex()]),'/dscExtension')]",
"copy": {
"name": "ExtentionLooptoAllVMs",
"count": "[length(variables('vmListArray'))]"
},
"location": "[parameters('Location')]",
"properties": {
"autoUpgradeMinorVersion": true,
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.9",
"protectedSettings": {
"Items": {
"registrationKeyPrivate": "[parameters('registrationKey')]"
}
},
"settings": {
"configuration": {
"url": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net/',parameters('setupScriptContainerName'),'/',parameters('DSCSetupArchiveFileName'))]",
"script": "[parameters('scriptName')]",
"function": "[parameters('functionName')]"
},
"Properties": [
{
"Name": "RegistrationKey",
"Value": {
"UserName": "PLACEHOLDER_DONOTUSE",
"Password": "PrivateSettingsRef:registrationKeyPrivate"
},
"TypeName": "System.Management.Automation.PSCredential"
},
{
"Name": "RegistrationUrl",
"Value": "[parameters('registrationUrl')]",
"TypeName": "System.String"
},
{
"Name": "NodeConfigurationName",
"Value": "[parameters('nodeConfigurationName')]",
"TypeName": "System.String"
},
{
"Name": "ConfigurationMode",
"Value": "[parameters('configurationMode')]",
"TypeName": "System.String"
},
{
"Name": "ConfigurationModeFrequencyMins",
"Value": "[parameters('configurationModeFrequencyMins')]",
"TypeName": "System.Int32"
},
{
"Name": "RefreshFrequencyMins",
"Value": "[parameters('refreshFrequencyMins')]",
"TypeName": "System.Int32"
},
{
"Name": "RebootNodeIfNeeded",
"Value": "[parameters('rebootNodeIfNeeded')]",
"TypeName": "System.Boolean"
},
{
"Name": "ActionAfterReboot",
"Value": "[parameters('actionAfterReboot')]",
"TypeName": "System.String"
},
{
"Name": "AllowModuleOverwrite",
"Value": "[parameters('allowModuleOverwrite')]",
"TypeName": "System.Boolean"
}
]
}
}
}
]
DSC part:
Configuration SetRegistryxxx {
Node 'localhost' {
Registry configxxx {
Ensure = "Present"
Key = "HKLM:\xx"
ValueName = "xx"
ValueData = "http://0.0.0.0:xxx
ValueType = "String"
}
Registry configxxx {
Ensure = "Present"
Key = "HKLM:\xx"
ValueName = "xx"
ValueData = "http://0.0.0.0:xx"
ValueType = "String"
}
}
}
According to the error, you can not download the zip file from the Azure blob storage account you use. Please create a sas token for the blob or set the blob access level to Public.
For example
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vmName'),'/Microsoft.Powershell.DSC')]",
"apiVersion": "2015-06-15",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.19",
"autoUpgradeMinorVersion": true,
"protectedSettings": {
"Items": {
"registrationKeyPrivate": "[parameters('registrationKey')]"
}
},
"settings": {
"ModulesUrl": "<the url of you azure blob>",
"SasToken": "<the sas token for the blob>",
"ConfigurationFunction": "[parameters('configurationFunction')]",
...
}
]
For more details, please refer to the document and the template

Function MSDeploy and Event Grid Subscription Race Condition in ARM Template

I am deploying a function using MSDeploy extensions and then deploying event grid subscription with this function as endpoint. Event grid deployment fails with message -
"details": [
{
"code": "Endpoint validation",
"message": "The attempt to validate the provided azure endpoint resource:/subscriptions/XXXXX/resourceGroups/ResourceGroupName/providers/Microsoft.Web/sites/FunctionAppName/functions/EndpointName failed."
}
]
I believe this is because event grid subscription tried to get created before the function endpoint deployed with MSDeploy is up and running.
How can i avoid this race condition?
Note: Deploying the same template again creates the event grid fine.
Template being used-
//function app
{
"apiVersion": "2018-11-01",
"type": "Microsoft.Web/sites",
"name": "[parameters('functionAppName')]",
"location": "[resourceGroup().location]",
"kind": "functionapp",
"dependsOn": [
"[variables('azureFunction_serverFarmResourceId')]"
],
"properties": {
"serverFarmId": "[variables('azureFunction_serverFarmResourceId')]",
"siteConfig": {
"appSettings": [
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountResourceId'),variables('storageAccountApiVersion')).keys[0].value)]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountResourceId'),variables('storageAccountApiVersion')).keys[0].value)]"//"[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower(parameters('functionAppName'))]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~3"
},
{
"name": "WEBSITE_NODE_DEFAULT_VERSION",
"value": "~10"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(resourceId('microsoft.insights/components/', parameters('functionApp_applicationInsightsName')), '2015-05-01').InstrumentationKey]"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "dotnet"
}
]
}
},
"resources": [
{
"apiVersion": "2018-11-01",
"name": "MSDeploy",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('functionAppName'))]"
],
"properties": {
"packageUri": "[parameters('functionAppDeployPackageUri')]"
},
"type": "extensions"
}
]
},
//event grid
{
"type": "Microsoft.Storage/storageAccounts/providers/eventSubscriptions",
"name": "[concat(parameters('storageAccountName'), '/Microsoft.EventGrid/', parameters('blobcreate_eventsubscription_name'))]",
"apiVersion": "2020-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Web/sites/', parameters('functionAppName'), '/extensions/MSDeploy')]",
"[resourceId('Microsoft.Web/sites', parameters('functionAppName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
],
"properties": {
"destination": {
"endpointType": "AzureFunction",
"properties": {
"resourceId": "[concat(resourceId('Microsoft.Web/sites', parameters('functionAppName')), '/functions/', variables('egressDataProcessorFunctionName'))]"
}
},
"filter": {
"subjectBeginsWith": "[concat('/blobServices/default/containers/', parameters('storageAccounts_mainblob_name'))]",
"subjectEndsWith": ".xml",
"includedEventTypes": [
"Microsoft.Storage.BlobCreated"
],
"advancedFilters": []
},
"retryPolicy": {
"maxDeliveryAttempts": "[parameters('eventgrid_maxDeliveryAttemps')]",
"eventTimeToLiveInMinutes": "[parameters('eventgrid_eventTimeToLiveInMinutes')]"
},
"deadLetterDestination": {
"endpointType": "StorageBlob",
"properties": {
"resourceId": "[variables('storageAccountResourceId')]",
"blobContainerName": "[parameters('storageAccounts_deadletterblob_name')]"
}
}
}
}
One way is to deploy your function app as a linked template, and then have your root template:
Deploy the function app template with the function url as an output.
Deploy an Event Grid subscription that depends on the function app deployment and references its output.
Another possibility is to spit appsettings into a childresource, and have that depend on your MSDeploy resource, then the Event Grid depend on appsettings.

Creating Policy for AAS (Azure Analysis Services)

Does anyone have experience in writing Azure Policy for Analysis Services? I am stuck on getting one completed. I am attempting to create policy that enforces what IPs can be added to the public IP side. So far I have this and it does work:
{
"parameters": {
"allowedAddressRanges": {
"type": "Array",
"metadata": {
"displayName": "Address Range",
"description": "The list of allowed external IP address ranges"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.AnalysisServices/servers"
},
{
"not": {
"field": "Microsoft.AnalysisServices/servers/ipV4FirewallSettings.firewallRules[*]",
"in": "[parameters('allowedAddressRanges')]"
}
}
]
},
"then": {
"effect": "audit"
}
}
}
Do I need to go further down the alias path to something like:
"Microsoft.AnalysisServices/servers/ipV4FirewallSettings.firewallRules[*].rangeStart"
This is an old thread but since it hasn't been answered yet, perhaps someone can benefit from my findings. Looking at the aliases available for Azure Analysis Services we can notice the following :
Microsoft.AnalysisServices/servers/ipV4FirewallSettings.firewallRules
Microsoft.AnalysisServices/servers/ipV4FirewallSettings.firewallRules[*]
Microsoft.AnalysisServices/servers/ipV4FirewallSettings.firewallRules[*].firewallRuleName
Microsoft.AnalysisServices/servers/ipV4FirewallSettings.firewallRules[*].rangeStart
Microsoft.AnalysisServices/servers/ipV4FirewallSettings.firewallRules[*].rangeEnd
Based on the notation above, I had to go down until "rangeStart" and "rangeEnd". This is what works for me:
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.AnalysisServices/servers"
},
{
"not": {
"anyOf": [
{
"field": "Microsoft.AnalysisServices/servers/ipV4FirewallSettings.firewallRules[*].rangeStart",
"in": "[parameters('allowedAddressRanges')]"
},
{
"field": "Microsoft.AnalysisServices/servers/ipV4FirewallSettings.firewallRules[*].rangeEnd",
"in": "[parameters('allowedAddressRanges')]"
}
]
}
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "The effect determines what happens when the policy rule is evaluated to match"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Deny"
},
"allowedAddressRanges": {
"type": "Array",
"metadata": {
"displayName": "Address Range",
"description": "The list of allowed IP address ranges"
},
"allowedValues": [
"0.0.0.0",
"0.0.0.0",
"0.0.0.0",
"0.0.0.0",
"0.0.0.0"
],
"defaultValue": [
"0.0.0.0",
"0.0.0.0",
"0.0.0.0",
"0.0.0.0",
"0.0.0.0"
]
}
}
}
reference: https://learn.microsoft.com/en-us/azure/templates/microsoft.analysisservices/servers#IPv4FirewallRule

How do I get private IP address of VM in nested ARM template?

I have a nested template which creates VM which works fine but I need to return private IP address of that machine to main template and as output. I create following output in my nested template but it fails with error message
Deployment template validation failed: 'The template reference 'swarmmanager1NetworkInterface' is not valid: could not find template resource or resource copy with this name. Please see https://aka.ms/arm-template-expressions/#reference for usage details.'.
Here is entire template
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01-preview/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"vmSku": {
"type": "string",
"defaultValue": "Standard_A1",
"metadata": {
"description": "Size of VMs in the VM Scale Set."
}
},
"windowsOSVersion": {
"type": "string",
"defaultValue": "2016-Datacenter-with-Containers",
"allowedValues": [
"2008-R2-SP1",
"2012-Datacenter",
"2012-R2-Datacenter",
"2016-Datacenter-with-Containers"
],
"metadata": {
"description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version. Allowed values: 2008-R2-SP1, 2012-Datacenter, 2012-R2-Datacenter."
}
},
"registrationKey": {
"type": "securestring",
"metadata": {
"description": "Registration key to use to onboard to the Azure Automation DSC pull/reporting server"
}
},
"registrationUrl": {
"type": "string",
"metadata": {
"description": "Registration url of the Azure Automation DSC pull/reporting server"
}
},
"DSCExtensionTagVersion": {
"type": "string",
"metadata": {
"description": "Change this to redeploy DSC"
}
},
"nodeConfigurationName": {
"type": "string",
"defaultValue": "MyService.webServer",
"metadata": {
"description": "The name of the node configuration, on the Azure Automation DSC pull server, that this node will be configured as"
}
},
"configurationMode": {
"type": "string",
"defaultValue": "ApplyAndAutoCorrect",
"allowedValues": [
"ApplyOnly",
"ApplyAndMonitor",
"ApplyAndAutoCorrect"
],
"metadata": {
"description": "DSC agent (LCM) configuration mode setting. ApplyOnly, ApplyAndMonitor, or ApplyAndAutoCorrect"
}
},
"configurationModeFrequencyMins": {
"type": "int",
"defaultValue": 15,
"metadata": {
"description": "DSC agent (LCM) configuration mode frequency setting, in minutes"
}
},
"refreshFrequencyMins": {
"type": "int",
"defaultValue": 30,
"metadata": {
"description": "DSC agent (LCM) refresh frequency setting, in minutes"
}
},
"rebootNodeIfNeeded": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "DSC agent (LCM) rebootNodeIfNeeded setting"
}
},
"actionAfterReboot": {
"type": "string",
"defaultValue": "ContinueConfiguration",
"allowedValues": [
"ContinueConfiguration",
"StopConfiguration"
],
"metadata": {
"description": "DSC agent (LCM) actionAfterReboot setting. ContinueConfiguration or StopConfiguration"
}
},
"allowModuleOverwrite": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "DSC agent (LCM) allowModuleOverwrite setting"
}
},
"automationAccountName": {
"type": "string",
"defaultValue": "myAutomationAccount",
"metadata": {
"description": "The name of the Automation account to use. Check the SKU and tags to make sure they match the existing account."
}
},
"automationRegionId": {
"type": "string",
"defaultValue": "East US 2",
"allowedValues": [
"Japan East",
"East US 2",
"West Europe",
"Southeast Asia",
"South Central US",
"Central India"
],
"metadata": {
"description": "The region the Automation account is located in."
}
},
"vmssName": {
"type": "string",
"metadata": {
"description": "String used as a base for naming resources. Must be 3-57 characters in length and globally unique across Azure. A hash is prepended to this string for some resources, and resource-specific information is appended."
},
"maxLength": 57
},
"instanceCount": {
"type": "int",
"metadata": {
"description": "Number of VM instances (100 or less)."
},
"maxValue": 100
},
"adminUsername": {
"type": "string",
"metadata": {
"description": "Admin username on all VMs."
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Admin password on all VMs."
}
},
"_artifactsLocation": {
"type": "string",
"metadata": {
"description": "Auto-generated container in staging storage account to receive post-build staging folder upload"
}
},
"_artifactsLocationSasToken": {
"type": "securestring",
"metadata": {
"description": "Auto-generated token to access _artifactsLocation"
}
},
"dockerswarmstorageaccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_ZRS",
"Standard_GRS",
"Standard_RAGRS",
"Premium_LRS"
]
},
"swarmmanager1Name": {
"type": "string",
"minLength": 1,
"defaultValue": "swarmmanager1"
},
"swarmmanagerpublicIPDnsName": {
"type": "string",
"defaultValue": "[uniqueString(subscription().subscriptionId)]",
"minLength": 1
}
},
"variables": {
"namingInfix": "[toLower(substring(concat(parameters('vmssName'), uniqueString(resourceGroup().id)), 0, 9))]",
"longNamingInfix": "[toLower(parameters('vmssName'))]",
"addressPrefix": "10.0.0.0/16",
"subnetPrefix": "10.0.8.0/21",
"virtualNetworkName": "[concat(variables('namingInfix'), 'vnet')]",
"natPoolName": "[concat(variables('namingInfix'), 'natpool')]",
"publicIPAddressName": "[concat(variables('namingInfix'), 'pip')]",
"subnetName": "[concat(variables('namingInfix'), 'subnet')]",
"nicName": "[concat(variables('namingInfix'), 'nic')]",
"ipConfigName": "[concat(variables('namingInfix'), 'ipconfig')]",
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "[parameters('windowsOSVersion')]",
"version": "latest"
},
"virtualNetworkID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
"appGwPublicIPAddressName": "[concat(variables('namingInfix'), 'appGwPip')]",
"bePoolName": "[concat(variables('namingInfix'), 'bepool')]",
"frontEndIPConfigID": "[concat(variables('lbID'),'/frontendIPConfigurations/loadBalancerFrontEnd')]",
"appGwName": "[concat(variables('namingInfix'), 'appGw')]",
"loadBalancerName": "[concat(variables('namingInfix'), 'lb')]",
"publicIPAddressID": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]",
"lbID": "[resourceId('Microsoft.Network/loadBalancers',variables('loadBalancerName'))]",
"appGwPublicIPAddressID": "[resourceId('Microsoft.Network/publicIPAddresses',variables('appGwPublicIPAddressName'))]",
"appGwID": "[resourceId('Microsoft.Network/applicationGateways',variables('appGwName'))]",
"appGwSubnetName": "[concat(variables('namingInfix'),'appGwSubnet')]",
"appGwSubnetPrefix": "10.0.1.0/24",
"appGwSubnetID": "[concat(variables('virtualNetworkID'),'/subnets/',variables('appGwSubnetName'))]",
"appGwFrontendPort": 80,
"appGwBackendPort": 80,
"appGwBePoolName": "[concat(variables('namingInfix'), 'appGwBepool')]",
"computeApiVersion": "2016-04-30-preview",
"networkApiVersion": "2016-03-30",
"natStartPort": 50000,
"natEndPort": 50119,
"natBackendPort": 3389,
"DSCArchiveFolder": "DSC",
"DSCArchiveFileName": "DSC.zip",
"dockerswarmstorageaccountName": "[concat('sa', uniqueString(resourceGroup().id))]",
"swarmmanager1ImagePublisher": "MicrosoftWindowsServer",
"swarmmanager1ImageOffer": "WindowsServer",
"swarmmanager1OSDiskName": "swarmmanager1OSDisk",
"swarmmanager1VmSize": "Standard_D2_v2",
"swarmmanager1VnetID": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]",
"swarmmanager1SubnetRef": "[concat(variables('swarmmanager1VnetID'), '/subnets/', variables('subnetName'))]",
"swarmmanager1StorageAccountContainerName": "vhds",
"swarmmanager1NicName": "[concat(parameters('swarmmanager1Name'), 'NetworkInterface')]",
"swarmmanagerpublicIPName": "swarmmanagerpublicIP",
"swarmmanagerdeploymentTemplateFolder": "nestedtemplates",
"swarmmanagerdeploymentTemplateFileName": "swarmmanagerdeployment.json",
"swarmmanagerdeploymentTemplateParametersFileName": "swarmmanagerdeployment.parameters.json"
},
"resources": [
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"location": "[resourceGroup().location]",
"apiVersion": "[variables('networkApiVersion')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]"
}
},
{
"name": "[variables('appGwSubnetName')]",
"properties": {
"addressPrefix": "[variables('appGwSubnetPrefix')]"
}
}
]
}
},
{
"type": "Microsoft.Network/loadBalancers",
"name": "[variables('loadBalancerName')]",
"location": "[resourceGroup().location]",
"apiVersion": "2017-04-01",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]"
],
"properties": {
"frontendIPConfigurations": [
{
"name": "LoadBalancerFrontEnd",
"properties": {
"publicIPAddress": {
"id": "[variables('publicIPAddressID')]"
}
}
}
],
"backendAddressPools": [
{
"name": "[variables('bePoolName')]"
}
],
"inboundNatPools": [
{
"name": "[variables('natPoolName')]",
"properties": {
"frontendIPConfiguration": {
"id": "[variables('frontEndIPConfigID')]"
},
"protocol": "tcp",
"frontendPortRangeStart": "[variables('natStartPort')]",
"frontendPortRangeEnd": "[variables('natEndPort')]",
"backendPort": "[variables('natBackendPort')]"
}
}
]
}
},
{
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('appGwPublicIPAddressName')]",
"location": "[resourceGroup().location]",
"apiVersion": "[variables('networkApiVersion')]",
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "appgwvip"
}
}
},
{
"apiVersion": "[variables('networkApiVersion')]",
"location": "[resourceGroup().location]",
"name": "[variables('publicIPAddressName')]",
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "rdpvip"
}
},
"type": "Microsoft.Network/publicIPAddresses"
},
{
"type": "Microsoft.Network/applicationGateways",
"name": "[variables('appGwName')]",
"location": "[resourceGroup().location]",
"apiVersion": "[variables('networkApiVersion')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('appGwPublicIPAddressName'))]"
],
"properties": {
"sku": {
"name": "Standard_Small",
"tier": "Standard",
"capacity": "1"
},
"gatewayIPConfigurations": [
{
"name": "appGwIpConfig",
"properties": {
"subnet": {
"id": "[variables('appGwSubnetID')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGwFrontendIP",
"properties": {
"PublicIPAddress": {
"id": "[variables('appGwPublicIPAddressID')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGwFrontendPort",
"properties": {
"Port": "[variables('appGwFrontendPort')]"
}
}
],
"backendAddressPools": [
{
"name": "[variables('appGwBePoolName')]"
}
],
"backendHttpSettingsCollection": [
{
"name": "appGwBackendHttpSettings",
"properties": {
"Port": "[variables('appGwBackendPort')]",
"Protocol": "Http",
"CookieBasedAffinity": "Disabled"
}
}
],
"httpListeners": [
{
"name": "appGwHttpListener",
"properties": {
"FrontendIPConfiguration": {
"Id": "[concat(variables('appGwID'), '/frontendIPConfigurations/appGwFrontendIP')]"
},
"FrontendPort": {
"Id": "[concat(variables('appGwID'), '/frontendPorts/appGwFrontendPort')]"
},
"Protocol": "Http",
"SslCertificate": null
}
}
],
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(variables('appGwID'), '/httpListeners/appGwHttpListener')]"
},
"backendAddressPool": {
"id": "[concat(variables('appGwID'), '/backendAddressPools/', variables('appGwBePoolName'))]"
},
"backendHttpSettings": {
"id": "[concat(variables('appGwID'), '/backendHttpSettingsCollection/appGwBackendHttpSettings')]"
}
}
}
]
}
},
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"name": "[variables('namingInfix')]",
"location": "[resourceGroup().location]",
"apiVersion": "[variables('computeApiVersion')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[concat('Microsoft.Network/applicationGateways/', variables('appGwName'))]",
"[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]"
],
"sku": {
"name": "[parameters('vmSku')]",
"tier": "Standard",
"capacity": "[parameters('instanceCount')]"
},
"properties": {
"overprovision": "false",
"singlePlacementGroup": "true",
"upgradePolicy": {
"mode": "Automatic"
},
"virtualMachineProfile": {
"storageProfile": {
"osDisk": {
"caching": "ReadWrite",
"createOption": "FromImage"
},
"dataDisks": [],
"imageReference": "[variables('imageReference')]"
},
"osProfile": {
"computerNamePrefix": "[variables('namingInfix')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "[variables('nicName')]",
"properties": {
"primary": "true",
"ipConfigurations": [
{
"name": "[variables('ipConfigName')]",
"properties": {
"subnet": {
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'), '/subnets/', variables('subnetName'))]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('loadBalancerName'), '/backendAddressPools/', variables('bePoolName'))]"
}
],
"loadBalancerInboundNatPools": [
{
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('loadBalancerName'), '/inboundNatPools/', variables('natPoolName'))]"
}
],
"ApplicationGatewayBackendAddressPools": [
{
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationGateways/', variables('appGwName'), '/backendAddressPools/', variables('appGwBePoolName'))]"
}
]
}
}
]
}
}
]
},
"extensionProfile": {
"extensions": [
{
"name": "Microsoft.Powershell.DSC",
"properties": {
"autoUpgradeMinorVersion": true,
"publisher": "Microsoft.Powershell",
"forceUpdateTag": "[parameters('DSCExtensionTagVersion')]",
"settings": {
"configuration": {
"url": "[concat(parameters('_artifactsLocation'), '/', variables('DSCArchiveFolder'), '/', variables('DSCArchiveFileName'), parameters('_artifactsLocationSasToken'))]",
"script": "DSC.ps1",
"function": "Main"
},
"configurationArguments": {
"RegistrationKey": "[parameters('registrationKey')]",
"RegistrationUrl": "[parameters('registrationUrl')]",
"NodeConfigurationName": "[parameters('nodeConfigurationName')]",
"ConfigurationMode": "[parameters('configurationMode')]",
"ConfigurationModeFrequencyMins": "[parameters('configurationModeFrequencyMins')]",
"RefreshFrequencyMins": "[parameters('refreshFrequencyMins')]",
"RebootNodeIfNeeded": "[parameters('rebootNodeIfNeeded')]",
"ActionAfterReboot": "[parameters('actionAfterReboot')]",
"AllowModuleOverwrite": "[parameters('allowModuleOverwrite')]"
}
},
"type": "DSC",
"typeHandlerVersion": "2.26"
}
}
]
}
}
}
},
{
"name": "swarmmanager",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2016-09-01",
"dependsOn": [],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "[parameters('swarmmanager1Name')]",
"type": "Microsoft.Compute/virtualMachines",
"location": "[resourceGroup().location]",
"apiVersion": "2015-06-15",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('dockerswarmstorageaccountName'))]",
"[resourceId('Microsoft.Network/networkInterfaces', variables('swarmmanager1NicName'))]"
],
"tags": {
"displayName": "swarmmanager1"
},
"properties": {
"hardwareProfile": {
"vmSize": "[variables('swarmmanager1VmSize')]"
},
"osProfile": {
"computerName": "[parameters('swarmmanager1Name')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "[variables('swarmmanager1ImagePublisher')]",
"offer": "[variables('swarmmanager1ImageOffer')]",
"sku": "[parameters('windowsOSVersion')]",
"version": "latest"
},
"osDisk": {
"name": "swarmmanager1OSDisk",
"vhd": {
"uri": "[concat(reference(resourceId('Microsoft.Storage/storageAccounts', variables('dockerswarmstorageaccountName')), '2016-01-01').primaryEndpoints.blob, variables('swarmmanager1StorageAccountContainerName'), '/', variables('swarmmanager1OSDiskName'), '.vhd')]"
},
"caching": "ReadWrite",
"createOption": "FromImage"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('swarmmanager1NicName'))]"
}
]
}
}
},
{
"name": "[variables('dockerswarmstorageaccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"location": "[resourceGroup().location]",
"apiVersion": "2016-01-01",
"sku": {
"name": "[parameters('dockerswarmstorageaccountType')]"
},
"dependsOn": [],
"tags": {
"displayName": "dockerswarmstorageaccount"
},
"kind": "Storage"
},
{
"name": "[variables('swarmmanager1NicName')]",
"type": "Microsoft.Network/networkInterfaces",
"location": "[resourceGroup().location]",
"apiVersion": "2016-03-30",
"tags": {
"displayName": "swarmmanager1Nic"
},
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('swarmmanager1SubnetRef')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('swarmmanagerpublicIPName'))]"
}
}
}
]
}
},
{
"name": "[variables('swarmmanagerpublicIPName')]",
"type": "Microsoft.Network/publicIPAddresses",
"location": "[resourceGroup().location]",
"apiVersion": "2016-03-30",
"dependsOn": [],
"tags": {
"displayName": "swarmmanagerpublicIP"
},
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "[parameters('swarmmanagerpublicIPDnsName')]"
}
}
},
{
"outputs": {
"returnedIPAddress": {
"type": "string",
"value": "[reference(variables('swarmmanager1NicName')).ipConfigurations[0].properties.privateIPAddress]"
}
}
}
]
}
}
}
]
}
Ok, a couple things - you have your output in the nested template in the resources array - outputs should be a peer of the resources array. That's not getting flagged because of the inline reference() call fails before this.
First, reference() calls are often made very early in the deployment - sometimes earlier than you want them to be. When the resource being referenced is defined in the same template, it works as expected. When it's not defined in the same template, the GET happens immediately and the resource may not exist. That's a nuance of the reference() function that's a little tangential but important to know as you use it...
Combine that behavior with the inline template deployment. Inline deployments have a number of design quirks that make them pretty hard to use for anything "advanced". You won't be able to do what you're doing with an inline deployment. If you use a templateLink (i.e. another file), you can deploy the nic and output the ipconfig in the same template.
That help?
I have had a similar issue, we were deploying using Azure Pipelines, the approach i took was 1) Deploy Template and pass the RG name and VMSS name as template outputs 2) ARM Outputs - Use this snippet to publish the above results as vars to use downstream 3) Azure Powershell to get the IPs of all VMSS instances and publish them as pipeline variables 4) Write the pipeline vars file to a blob. Hope this helps
$iplist=#()
$i=1
$nicinfo=Get-AzureRmNetworkInterface -ResourceGroupName $(ResourceGroupName) -
VirtualMachineScaleSetName $(VmssName)
foreach($nic in $nicinfo){
$iplist += $nic.IpConfigurations.PrivateIpAddress
}
foreach($ip in $iplist){
Write-host Private ip $i is $ip
Write-Host "##vso[task.setvariable variable=Privateip$i;]$ip"
$i++
}

Resources