Archive | Azure

My Azure ASM to ARM script

This is the “script” I used to move our older classic environment VMs to the new Azure Resource Manager.
It it is not a function – I wanted to step through the process and make sure all was well at the different points in the script.
The script assumes that there is only one Data disk (or none), and that you have created your availability set before hand.
I based most of the script off this.

I hope this helps some one.

Add-AzureAccount 
Login-AzureRmAccount 
$VMName="ASMVM01"
$ServiceName="ASMVM01_Service"
$SourceVMSize="Standard_A3"
$DestinationAvailabilitySet="AvailabilitySet01"
$PrivateIpAddress="192.168.1.10"
$ResourceGroupName="ResourceGroup01"
$DestinationNetworkName="Network01"
$DestinationNetworkSubnet="SubeNet01"
$Location="East US"
$OSType="Windows"
#$OSType="Linux"
[switch]$DataDisk=$false
$DatDiskSize=100
$SourceStorageAccountName="srcstorageaccount"
$DestinationStorageAccountName="dststorageaccount"

# ---- Edit above
#region Get Source Storage
$SourceStorageAccountKey=(Get-AzureStorageKey -StorageAccountName $SourceStorageAccountName).Primary
$SourceContext = New-AzureStorageContext -StorageAccountName $SourceStorageAccountName -StorageAccountKey $SourceStorageAccountKey
#endregion

#region Get Destination Storage
$DestinationAccountKey=(Get-AzureRmStorageAccountKey -ResourceGroupName $ResourceGroupName -Name $DestinationStorageAccountName).Key1
$DestinationContext = New-AzureStorageContext -StorageAccountName $DestinationStorageAccountName -StorageAccountKey $DestinationAccountKey
#endregion

#region Get SourceVM
$SourceVM = Get-AzureVm  -ServiceName $ServiceName -Name $VMName
if (! $SourceVM.Status -eq "StoppedDeallocated"){
"You need to sopt $SourceVM first"
return;
}
#endregion

#region Copy SystemDisk
$SourceSystemDisk=Get-AzureDisk | Where-Object { $_.AttachedTo.RoleName -eq "$VMName" } | where {$_.OS -eq $OSType}
$DestinationSystemDiskName="$($VMNAME)_SYSTEM.vhd"
write-host "Copying System Disk"
Write-Host "Start-AzureStorageBlobCopy -Context $SourceContext -AbsoluteUri $($SourceSystemDisk.MediaLink.AbsoluteUri) -DestContainer ""vhds"" -DestBlob $DestinationSystemDiskName -DestContext $DestinationContext -Verbose"
$SystemBlob = Start-AzureStorageBlobCopy -Context $SourceContext -AbsoluteUri $($SourceSystemDisk.MediaLink.AbsoluteUri) -DestContainer "vhds" -DestBlob $DestinationSystemDiskName -DestContext $DestinationContext -Verbose 
$SystemBlob | Get-AzureStorageBlobCopyState
While ($($SystemBlob | Get-AzureStorageBlobCopyState).Status -ne "Success"){
sleep 5
$BlobCopyStatus=$SystemBlob | Get-AzureStorageBlobCopyState
"$($($BlobCopyStatus).Status) ($($BlobCopyStatus).BytesCopied) of $($($BlobCopyStatus).TotalBytes) bytes)"
}
#endregion

#region Copy Data Disk
if ($DataDisk){
$SourceDataDisk=Get-AzureDisk | Where-Object { $_.AttachedTo.RoleName -eq "$VMName" } | where {! $_.OS}
$DestinationDataDiskName="$($VMNAME)_DATA01.vhd"
write-host "Copying Data disk"
Write-Host "Start-AzureStorageBlobCopy -Context $SourceContext -AbsoluteUri $($SourceDataDisk.MediaLink.AbsoluteUri) -DestContainer ""vhds"" -DestBlob $DestinationDataDiskName -DestContext $DestinationContext -Verbose"
$DataDiskBlob = Start-AzureStorageBlobCopy -Context $SourceContext -AbsoluteUri $($SourceDataDisk.MediaLink.AbsoluteUri) -DestContainer "vhds" -DestBlob $DestinationDataDiskName -DestContext $DestinationContext -Verbose 
$DataDiskBlob | Get-AzureStorageBlobCopyState
While ($($DataDiskBlob | Get-AzureStorageBlobCopyState).Status -ne "Success"){
sleep 5
$BlobCopyStatus=$DataDiskBlob | Get-AzureStorageBlobCopyState
"$($($BlobCopyStatus).Status) ($($BlobCopyStatus).BytesCopied) of $($($BlobCopyStatus).TotalBytes) bytes)"
}
}
#endregion

#region Build New VM
$DestinationVM = New-AzureRmVMConfig -vmName $vmName -vmSize $SourceVMSize -AvailabilitySetId $(Get-AzureRmAvailabilitySet -ResourceGroupName $ResourceGroupName -Name $DestinationAvailabilitySet).Id
$nicName="$($VMName)_NIC01"
$vnet = Get-AzureRmVirtualNetwork -Name $DestinationNetworkName -ResourceGroupName $ResourceGroupName 
$subnet = $vnet.Subnets | where {$_.Name -eq $DestinationNetworkSubnet}
$nic = New-AzureRmNetworkInterface -Name $nicName -ResourceGroupName $ResourceGroupName -Location $Location -SubnetId $Subnet.Id -PrivateIpAddress $PrivateIpAddress
$DestinationVM = Add-AzureRmVMNetworkInterface -VM $DestinationVM -Id $nic.Id 
$DestinationSystemDiskUri = "$($DestinationContext.BlobEndPoint)vhds/$DestinationSystemDiskName"
$DestinationDataDiskUri = "$($DestinationContext.BlobEndPoint)vhds/$DestinationDataDiskName"

If ($OSType -eq "Windows"){
$DestinationVM = Set-AzureRmVMOSDisk -VM $DestinationVM -Name $DestinationSystemDiskName -VhdUri $DestinationSystemDiskUri -Windows -CreateOption attach
if ($DataDisk){
$DestinationVM = Add-AzureRmVMDataDisk -VM $DestinationVM -Name $DestinationDataDiskName -VhdUri $DestinationDataDiskUri -CreateOption attach -DiskSizeInGB $DatDiskSize
}
}
If ($OSType -eq "Linux"){
$DestinationVM = Set-AzureRmVMOSDisk -VM $DestinationVM -Name $SourceSystemDisk -VhdUri $DestinationOSDiskUri -Linux -CreateOption attach
if ($DataDisk){
$DestinationVM = Add-AzureRmVMDataDisk -VM $DestinationVM -Name $DestinationDataDiskName -VhdUri $DestinationDataDiskUri -CreateOption attach -DiskSizeInGB $DatDiskSize
}
}
 
New-AzureRmVM -ResourceGroupName $resourceGroupName -Location $Location -VM $DestinationVM
#endregion

Azure: Failed to save configuration changes to local network gateway

Seems you can’t remove a subnet from a local network with the Azure portal. Error: “Failed to save configuration changes to local network gateway”

To get around this, I had to delete and recreate the local network via PowerShell. Obviously leave out the subnet you don’t want!

Get-AzureRmLocalNetworkGateway -Name "HomeOffice" -ResourceGroupName "WestUS"
$localNetworkGw=Get-AzureRmLocalNetworkGateway -Name "HomeOffice" -ResourceGroupName "WestUS"
$addressPrefixes ="192.168.0.0/24","192.168.1.0/24","192.168.2.0/24","192.168.4.0/24"
Set-AzureRmLocalNetworkGateway -LocalNetworkGateway $localNetworkGw -AddressPrefix $addressPrefixes -Verbose

PowerShell to download and install most recent Azure PowerShell cmdlets

This script will pull down the most recent Azure PowerShell cmdlets from github. This script assumes that Microsoft has not renamed the installer file, and the most recent is at the top.

JBM-INSTALL-AzurePowerShell{
((Invoke-WebRequest https://github.com/Azure/azure-powershell/releases).Links).href | where {$_ -like "https*azure-powershell*msi*"} | Select-Object -first 1| foreach {
Invoke-WebRequest $_ -OutFile "./$([System.IO.Path]::GetFileName($_))"
start-process "./$([System.IO.Path]::GetFileName($_))"
}
}

hope that helps someone.

PowerShell script to recreate Azure Network Security Groups (NSGs)

I developed a habit when I was working with ACLs on a Cisco ASA firewall. I would keep a master list for each ACL, and when I needed to make a change, I would remove the entire ACL from the device and then recreate it each time I made a modification. For example I would run the following, and keep adding new rules when needed.

clear configure access-list dmz_acl
access-list dmz_acl extended permit tcp host 1.1.1.1 object-group DCs eq 389
. . . .

Add one line, look at the logs and if traffic is still being blocked then modify and try again.

I wanted the ability to do the same thing with Azure Network Security Groups. I wrote a PowerShell script that would look at the NSGs, dump the settings, and would display the commands to recreate them. here is the script I wrote. I hope it helps some one.

function JBM-AZURE-GetNetworkSecurityGroupRules{
 param(
    [String]$Name ,
    [Switch]$ShowCommands
    )
$Groups=$(Get-AzureNetworkSecurityGroup -Detailed)
If(!$Name){
  Write-Host
  Write-host "Select the number of the NSG"
  $NSGNumb = $(Read-Host -prompt "$($(for($i=0;$i-le $Groups.Count-1;$i++){$AllGroups=$AllGroups+"$i $($Groups[$i].Name)`n"});$AllGroups)" )
  $Name=$Groups[$NSGNumb].Name
}

$NSG=$Groups | where {$_.Name -eq $Name}
If ($NSG){
    $InboundRules=$NSG.Rules | where {$_.Type -eq "Inbound"}
    $OutBoundRules=$NSG.Rules | where {$_.Type -eq "Outbound"}
    Write-Output ""
    Write-Output "Inbound Rules"
    Write-Output $InboundRules | FT
    Write-Output "Outbound Rules"
    Write-Output $OutBoundRules | FT
    if ($ShowCommands){
    Write-Output "New-AzureNetworkSecurityGroup -Name ""$($NSG.Name)"" -Location ""$($NSG.Location)"""
    Write-Output ""
    foreach ($Rule in $($InboundRules | where {$_.Priority -lt 65000})){
        write-Output "Get-AzureNetworkSecurityGroup -Name ""$($NSG.Name)"" | Set-AzureNetworkSecurityRule -Name ""$($Rule.Name)"" -Type ""$($Rule.Type)"" -Priority ""$($Rule.Priority)"" -Action ""$($Rule.Action)"" -SourceAddressPrefix ""$($Rule.SourceAddressPrefix)"" -SourcePortRange ""$($Rule.SourcePortRange)"" -DestinationAddressPrefix ""$($Rule.DestinationAddressPrefix)"" -DestinationPortRange ""$($Rule.DestinationPortRange)"" -Protocol ""$($Rule.Protocol)"""
        Write-Output ""
    }
    foreach ($Rule in $($OutBoundRules | where {$_.Priority -lt 65000})){
        write-Output "Get-AzureNetworkSecurityGroup -Name ""$($NSG.Name)"" | Set-AzureNetworkSecurityRule -Name ""$($Rule.Name)"" -Type ""$($Rule.Type)"" -Priority ""$($Rule.Priority)"" -Action ""$($Rule.Action)"" -SourceAddressPrefix ""$($Rule.SourceAddressPrefix)"" -SourcePortRange ""$($Rule.SourcePortRange)"" -DestinationAddressPrefix ""$($Rule.DestinationAddressPrefix)"" -DestinationPortRange ""$($Rule.DestinationPortRange)"" -Protocol ""$($Rule.Protocol)"""
        Write-Output ""
    }
    }
}
Else {
Write-Host "Can't find a NSG with that name"
}
}

Powered by WordPress. Designed by WooThemes