Azure ARM Template add second disk - json

I would like to add in my template option for second disk based from "userImageStorageAccountName" My template was wrking until ii try to add second disk then when I try to deploy Vm i receive:
Blockquote {"code":"StorageAccountAlreadyExists","message":"The storage account named TEST already exists under the subscription."}}
But my target is to create in that storage account i don't want to create new storage account
BTW do you have maybe a nice documentation to create template for dummies :D
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "0.0.4.0",
"parameters": {
"VM_name": {
"type": "string",
"minLength": 11,
"maxLength": 12,
"defaultValue": "testxxx0021",
"metadata": {
"description": "Hostnem+dns name"
}
},
"VM_Class": {
"type": "string",
"allowedValues": [
"Standard_A1",
"Standard_A2",
"Standard_A3"
],
"defaultValue": "Standard_A2",
"metadata": {
"description": "type VM"
}
},
"sizeOfEachDataDiskInGB": {
"type": "string",
"defaultValue": "20",
"metadata": {
"description": "Size of each data disk in GB"
}
},
"userImageStorageAccountName": {
"type": "string",
"defaultValue": "TEST",
"metadata": {
"description": "Storage account for machine"
}
},
"Windows_template": {
"type": "string",
"allowedValues": [
"https://TEST.blob.core.windows.net/system/Microsoft.Compute/Images/xxxxxxxx/template-dddosDisk.vhd",
"https://TEST.blob.core.windows.net/testtemp/xxxxxxx.vhd",
"https://TEST.blob.core.windows.net/testtemp/template-xxxxx.vhd"
],
"defaultValue": "https://TEST.blob.core.windows.net/TESTtemp/template-xxxxxxxxx.vhd",
"metadata": {
"description": "Uri of the your user image"
}
},
"adminUserName": {
"type": "securestring",
"defaultValue": "testadmin",
"metadata": {
"description": "UserName for the Virtual Machine"
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the Virtual Machine"
}
},
"osType": {
"type": "string",
"allowedValues": [
"Windows",
"Linux"
],
"defaultValue": "Windows",
"metadata": {
"description": "This is the OS that your VM will be running"
}
}
},
"variables": {
"location": "[resourceGroup().location]",
"vmName": "[parameters('VM_name')]",
"virtualNetworkName": "xx.xxx.xxx.0-xx-vnet",
"nicName": "[parameters('VM_name')]",
"addressPrefix": "xx.xxx.xxx.0/22",
"subnet1Name": "xx.xxx.xxx.0-xx-vnet",
"subnet1Prefix": "xx.xxx.xxx.0/24",
"vmStorageAccountContainerName": "vhds",
"storageAccountType": "Standard_LRS",
"storageAccountName": "[parameters('userImageStorageAccountName')]",
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
"subnet1Ref": "[concat(variables('vnetID'),'/subnets/',variables('subnet1Name'))]",
"osDiskVhdName": "[concat('http://',parameters('userImageStorageAccountName'),'.blob.core.windows.net/vhds/',variables('vmName'),'osDisk.vhd')]",
"apiVersion": "2015-06-15",
"dataDisk1VhdName": "[concat('http://',variables('storageAccountName'),'.blob.core.windows.net/',variables('vmStorageAccountContainerName'),'/',variables('vmName'),'dataDisk1.vhd')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "[variables('apiVersion')]",
"location": "[variables('location')]",
"properties": {
"accountType": "[variables('storageAccountType')]"
}
},
{
"apiVersion": "[variables('apiVersion')]",
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"location": "[variables('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnet1Name')]",
"properties": {
"addressPrefix": "[variables('subnet1Prefix')]"
}
}
]
}
},
{
"apiVersion": "[variables('apiVersion')]",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName')]",
"location": "[variables('location')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('subnet1Ref')]"
}
}
}
]
}
},
{
"apiVersion": "[variables('apiVersion')]",
"type": "Microsoft.Compute/virtualMachines",
"name": "[variables('vmName')]",
"location": "[variables('location')]",
"dependsOn": [
"[concat('Microsoft.Network/networkInterfaces/', variables('nicName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('VM_Class')]"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"osDisk": {
"name": "[concat(variables('vmName'),'-osDisk')]",
"osType": "[parameters('osType')]",
"caching": "ReadWrite",
"createOption": "FromImage",
"image": {
"uri": "[parameters('Windows_template')]"
},
"vhd": {
"uri": "[variables('osDiskVhdName')]"
}
}
},
"dataDisks": [
{
"name": "datadisk1",
"diskSizeGB": "[parameters('sizeOfEachDataDiskInGB')]",
"lun": 0,
"vhd": {
"Uri": "[variables('dataDisk1VhdName')]"
},
"createOption": "Empty"
}
],
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": "true",
"storageUri": "[concat('http://',parameters('userImageStorageAccountName'),'.blob.core.windows.net')]"
}
}
}
}
]
}
thx for Help

Looking over the JSON, you are requesting platform to ask user to provide a new storage account. To use exiting storage account you can refer existing parameter to you have already provided .
Original JSON :
"dataDisk1VhdName": "[concat('http://',variables('storageAccountName'),'.blob.core.windows.net/',variables('vmStorageAccountContainerName'),'/',variables('vmName'),'dataDisk1.vhd')]"
Suggested JSON
"dataDisk1VhdName": "[concat('http://',parameters('userImageStorageAccountName'),'.blob.core.windows.net/',variables('vmStorageAccountContainerName'),'/',variables('vmName'),'dataDisk1.vhd')]"
Hope this helps.

Check if the storage account tags have been changed through the Azure/PowerShell portal by somebody else, and are different than the ones specified on the ARM template.
Sounds like a bug on the ARM deployment system, tags should be able to be updated but it is currently failing for storage account resources.
For more info see http://davidjrh.intelequia.com/2016/07/the-storage-account-already-exists.html

Related

I am trying to deploy an Azure SQL VM with ARM template. I am getting error as The template reference 'ion5eddb999' is ambiguous

The full error is below.
New-AzResourceGroupDeployment : 23:35:36 - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The template reference 'ion5eddb999' is ambiguous: there are multiple template
resources '/subscriptions/d2143d4c-a258-4a38-8fbf-de0e42756e22/resourceGroups/sumantest/providers/Microsoft.Compute/virtualMachines/ion5eddb999,/subscriptions/d2143d4c-a258-4a38-8fbf-de0e42756e22/resou
rceGroups/sumantest/providers/Microsoft.SqlVirtualMachine/SqlVirtualMachines/ion5eddb999' defined with this name. Please use fully qualified resource identity instead. Please see
https://aka.ms/arm-template-expressions/#reference for usage details.'.
Below is the ARM template. I have tried using hard coded sqlserver name as well, but same error.
Please let me know what is wrong I am doing here. Any help is appreciated.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualMachineName": {
"type": "String",
"defaultValue": "ion5eddb999",
"metadata": {
"description": "The name of the VM"
}
},
"virtualMachineSize": {
"type": "String",
"defaultValue": "Standard_B4ms",
"metadata": {
"description": "The virtual machine size."
}
},
"ipAddress":{
"type":"string",
"defaultValue": "172.31.172.99",
"metadata": {
"description": "The virtual machine ip address"
}
},
"existingVirtualNetworkName": {
"type": "String",
"defaultValue": "ion5ed-vnet",
"metadata": {
"description": "Specify the name of an existing VNet in the same resource group"
}
},
"existingVnetResourceGroup": {
"type": "String",
"defaultValue": "ion5ed-gateway",
"metadata": {
"description": "Specify the resrouce group of the existing VNet"
}
},
"existingSubnetName": {
"type": "String",
"defaultValue": "ion5ed-sub-devtest",
"metadata": {
"description": "Specify the name of the Subnet Name"
}
},
"imageOffer": {
"type": "String",
"defaultValue": "sql2019-ws2019",
"allowedValues": [
"sql2019-ws2019",
"sql2017-ws2019",
"SQL2017-WS2016",
"SQL2016SP1-WS2016",
"SQL2016SP2-WS2016",
"SQL2014SP3-WS2012R2",
"SQL2014SP2-WS2012R2"
],
"metadata": {
"description": "Windows Server and SQL Offer"
}
},
"sqlSku": {
"type": "String",
"defaultValue": "Standard",
"allowedValues": [
"Standard",
"Enterprise",
"SQLDEV",
"Web",
"Express"
],
"metadata": {
"description": "SQL Server Sku"
}
},
"adminUsername": {
"type": "String",
"metadata": {
"description": "The admin user name of the VM"
}
},
"adminPassword": {
"type": "SecureString",
"metadata": {
"description": "The admin password of the VM"
}
},
"storageWorkloadType": {
"type": "String",
"defaultValue": "General",
"allowedValues": [
"General",
"OLTP",
"DW"
],
"metadata": {
"description": "SQL Server Workload Type"
}
},
"sqlVirtualMachineName": {
"type": "string",
"defaultValue": "ion5eddb999"
},
"sqlDataDisksCount": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"maxValue": 8,
"metadata": {
"description": "Amount of data disks (1TB each) for SQL Data files"
}
},
"dataPath": {
"type": "String",
"defaultValue": "F:\\SQLData",
"metadata": {
"description": "Path for SQL Data files. Please choose drive letter from F to Z, and other drives from A to E are reserved for system"
}
},
"sqlLogDisksCount": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"maxValue": 8,
"metadata": {
"description": "Amount of data disks (1TB each) for SQL Log files"
}
},
"logPath": {
"type": "String",
"defaultValue": "G:\\SQLLog",
"metadata": {
"description": "Path for SQL Log files. Please choose drive letter from F to Z and different than the one used for SQL data. Drive letter from A to E are reserved for system"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"networkInterfaceName": "[concat(parameters('virtualMachineName'), '-nic')]",
//"networkSecurityGroupName": "[concat(parameters('virtualMachineName'), '-nsg')]",
"diskConfigurationType": "NEW",
"subnetRef": "[resourceID(parameters('existingVNetResourceGroup'), 'Microsoft.Network/virtualNetWorks/subnets', parameters('existingVirtualNetworkName'), parameters('existingSubNetName'))]",
"dataDisksLuns": "[array(range(0 ,parameters('sqlDataDisksCount')))]",
"logDisksLuns": "[array(range(parameters('sqlDataDisksCount'), parameters('sqlLogDisksCount')))]",
"dataDisks": {
"createOption": "empty",
"caching": "ReadOnly",
"writeAcceleratorEnabled": false,
"storageAccountType": "StandardSSD_LRS",
"diskSizeGB": 100
},
"tempDbPath": "D:\\SQLTemp"
},
"resources": [
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2020-06-01",
"name": "[variables('networkInterfaceName')]",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"privateIPAllocationMethod": "Static",
"privateIPAddress": "[parameters('ipAddress')]",
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2020-06-01",
"name": "[parameters('virtualMachineName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkInterfaces/', variables('networkInterfaceName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('virtualMachineSize')]"
},
"storageProfile": {
"osDisk": {
"createOption": "fromImage",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS"
}
},
"imageReference": {
"publisher": "MicrosoftSQLServer",
"offer": "[parameters('imageOffer')]",
"sku": "[parameters('sqlSku')]",
"version": "latest"
},
"copy": [
{
"name": "dataDisks",
"count": "[add(parameters('sqlDataDisksCount'), parameters('sqlLogDisksCount'))]",
"input": {
"lun": "[copyIndex('dataDisks')]",
"createOption": "[variables('dataDisks').createOption]",
"caching": "[if(greaterOrEquals(copyIndex('dataDisks'), parameters('sqlDataDisksCount')) ,'None', variables('dataDisks').caching )]",
"writeAcceleratorEnabled": "[variables('dataDisks').writeAcceleratorEnabled]",
"diskSizeGB": "[variables('dataDisks').diskSizeGB]",
"managedDisk": {
"storageAccountType": "[variables('dataDisks').storageAccountType]"
}
}
}
]
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]"
}
]
},
"osProfile": {
"computerName": "[parameters('virtualMachineName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]",
"windowsConfiguration": {
"enableAutomaticUpdates": true,
"provisionVmAgent": true
}
}
}
},
{
"type": "Microsoft.SqlVirtualMachine/SqlVirtualMachines",
"apiVersion": "2017-03-01-preview",
"name": "[last(split(resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName')),'/'))]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]"
],
"properties": {
"virtualMachineResourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]",
"sqlManagement": "Full",
"SqlServerLicenseType": "PAYG",
"StorageConfigurationSettings": {
"DiskConfigurationType": "[variables('diskConfigurationType')]",
"StorageWorkloadType": "[parameters('storageWorkloadType')]",
"SQLDataSettings": {
"LUNs": "[variables('dataDisksLUNs')]",
"DefaultFilePath": "[parameters('dataPath')]"
},
"SQLLogSettings": {
"Luns": "[variables('logDisksLUNs')]",
"DefaultFilePath": "[parameters('logPath')]"
},
"SQLTempDbSettings": {
"DefaultFilePath": "[variables('tempDbPath')]"
}
}
}
}
],
"outputs": {
"virtualMachine": {
"type": "object",
"value": "[reference(parameters('virtualMachineName'))]"
}
}
}
For your output use:
"outputs": {
"virtualMachine": {
"type": "object",
"value": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName')))]"
},
"sqlVirtualMachine": {
"type": "object",
"value": "[reference(resourceId('Microsoft.SqlVirtualMachine/SqlVirtualMachines', parameters('virtualMachineName')))]"
}
}
Depending on what you're after... You can name them the same, but any reference to them (dependsOn, reference()) needs to be unambiguous.

getting error ##[error]One of the deployment parameters has an empty key. when running pipeline to deploy AKS cluster

I'm trying to deploy one AKS cluster using json file in Azure Devops and whwn running the pipeline I get the error: ##[error]One of the deployment parameters has an empty key.
I checked the json file but I have no idea what the problem could be?
Any ideas how to check ?
This is my json file:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"parameters": {
"clusterName": {
"type": "string",
"defaultValue":"aks101cluster",
"metadata": {
"description": "The name of the Managed Cluster resource."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "The location of the Managed Cluster resource."
}
},
"dnsPrefix": {
"type": "string",
"metadata": {
"description": "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
}
},
"osDiskSizeGB": {
"type": "int",
"defaultValue": 0,
"metadata": {
"description": "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize."
},
"minValue": 0,
"maxValue": 1023
},
"agentCount": {
"type": "int",
"defaultValue": 3,
"metadata": {
"description": "The number of nodes for the cluster."
},
"minValue": 1,
"maxValue": 50
},
"agentVMSize": {
"type": "string",
"defaultValue": "Standard_DS2_v2",
"metadata": {
"description": "The size of the Virtual Machine."
}
},
"linuxAdminUsername": {
"type": "string",
"defaultValue": "sysadmin"
"metadata": {
"description": "User name for the Linux Virtual Machines."
}
},
"sshRSAPublicKey": {
"type": "string",
"metadata": {
"description": "Configure all linux machines with the SSH RSA public key string. Your key should include three parts, for example 'ssh-rsa AAAAB...snip...UcyupgH azureuser#linuxvm'"
}
},
"servicePrincipalClientId": {
"metadata": {
"description": "Client ID (used by cloudprovider)"
},
"type": "securestring"
},
"servicePrincipalClientSecret": {
"metadata": {
"description": "The Service Principal Client Secret."
},
"type": "securestring"
},
"osType": {
"type": "string",
"defaultValue": "Linux",
"allowedValues": [
"Linux"
],
"metadata": {
"description": "The type of operating system."
}
}
},
"resources": [
{
"apiVersion": "2020-03-01",
"type": "Microsoft.ContainerService/managedClusters",
"location": "[parameters('location')]",
"name": "[parameters('clusterName')]",
"properties": {
"dnsPrefix": "[parameters('dnsPrefix')]",
"agentPoolProfiles": [
{
"name": "agentpool",
"osDiskSizeGB": "[parameters('osDiskSizeGB')]",
"count": "[parameters('agentCount')]",
"vmSize": "[parameters('agentVMSize')]",
"osType": "[parameters('osType')]",
"storageProfile": "ManagedDisks"
}
],
"linuxProfile": {
"adminUsername": "[parameters('linuxAdminUsername')]",
"ssh": {
"publicKeys": [
{
"keyData": "[parameters('sshRSAPublicKey')]"
}
]
}
},
"servicePrincipalProfile": {
"clientId": "[parameters('servicePrincipalClientId')]",
"Secret": "[parameters('servicePrincipalClientSecret')]"
}
}
}
],
"outputs": {
"controlPlaneFQDN": {
"type": "string",
"value": "[reference(parameters('clusterName')).fqdn]"
}
}
}
Thanks in advance.
You are missing a comma (,) after "defaultValue": "sysadmin".
This is the right json:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"parameters": {
"clusterName": {
"type": "string",
"defaultValue":"aks101cluster",
"metadata": {
"description": "The name of the Managed Cluster resource."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "The location of the Managed Cluster resource."
}
},
"dnsPrefix": {
"type": "string",
"metadata": {
"description": "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
}
},
"osDiskSizeGB": {
"type": "int",
"defaultValue": 0,
"metadata": {
"description": "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize."
},
"minValue": 0,
"maxValue": 1023
},
"agentCount": {
"type": "int",
"defaultValue": 3,
"metadata": {
"description": "The number of nodes for the cluster."
},
"minValue": 1,
"maxValue": 50
},
"agentVMSize": {
"type": "string",
"defaultValue": "Standard_DS2_v2",
"metadata": {
"description": "The size of the Virtual Machine."
}
},
"linuxAdminUsername": {
"type": "string",
"defaultValue": "sysadmin",
"metadata": {
"description": "User name for the Linux Virtual Machines."
}
},
"sshRSAPublicKey": {
"type": "string",
"metadata": {
"description": "Configure all linux machines with the SSH RSA public key string. Your key should include three parts, for example 'ssh-rsa AAAAB...snip...UcyupgH azureuser#linuxvm'"
}
},
"servicePrincipalClientId": {
"metadata": {
"description": "Client ID (used by cloudprovider)"
},
"type": "securestring"
},
"servicePrincipalClientSecret": {
"metadata": {
"description": "The Service Principal Client Secret."
},
"type": "securestring"
},
"osType": {
"type": "string",
"defaultValue": "Linux",
"allowedValues": [
"Linux"
],
"metadata": {
"description": "The type of operating system."
}
}
},
"resources": [
{
"apiVersion": "2020-03-01",
"type": "Microsoft.ContainerService/managedClusters",
"location": "[parameters('location')]",
"name": "[parameters('clusterName')]",
"properties": {
"dnsPrefix": "[parameters('dnsPrefix')]",
"agentPoolProfiles": [
{
"name": "agentpool",
"osDiskSizeGB": "[parameters('osDiskSizeGB')]",
"count": "[parameters('agentCount')]",
"vmSize": "[parameters('agentVMSize')]",
"osType": "[parameters('osType')]",
"storageProfile": "ManagedDisks"
}
],
"linuxProfile": {
"adminUsername": "[parameters('linuxAdminUsername')]",
"ssh": {
"publicKeys": [
{
"keyData": "[parameters('sshRSAPublicKey')]"
}
]
}
},
"servicePrincipalProfile": {
"clientId": "[parameters('servicePrincipalClientId')]",
"Secret": "[parameters('servicePrincipalClientSecret')]"
}
}
}
],
"outputs": {
"controlPlaneFQDN": {
"type": "string",
"value": "[reference(parameters('clusterName')).fqdn]"
}
}
}

Install McAfee paid agent on existing Azure VMs using ARM templates

I am looking for a way to onboard already existing Azure windows VMs by adding VM extension with McAfee paid agent using "ARM templates". I am unable to find the proper way to do it .
Here a default quick start template for adding a VM with McAfee trial version, You can utilize this to do the further processing
Template file
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"newStorageAccountName": {
"type": "string",
"metadata": {
"description": "Storage Account Name"
}
},
"publicIPAddressName": {
"type": "string",
"metadata": {
"description": "Public IP Address Name"
}
},
"publicIPAddressType": {
"type": "string",
"defaultValue": "Dynamic",
"allowedValues": [
"Dynamic"
],
"metadata": {
"description": "Public IP Address Type"
}
},
"vmName": {
"type": "string",
"metadata": {
"description": "Name of the VM"
}
},
"vmSize": {
"type": "string",
"defaultValue": "Standard_D3",
"metadata": {
"description": "Size of the VM"
}
},
"imagePublisher": {
"type": "string",
"defaultValue": "MicrosoftWindowsServer",
"metadata": {
"description": "Image Publisher"
}
},
"imageOffer": {
"type": "string",
"defaultValue": "WindowsServer",
"metadata": {
"description": "Image Offer"
}
},
"imageSKU": {
"type": "string",
"defaultValue": "2012-R2-Datacenter",
"metadata": {
"description": "Image SKU"
}
},
"adminUsername": {
"type": "string",
"metadata": {
"description": "Admin username"
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Admin password"
}
},
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "VNET Name"
}
},
"addressPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/16",
"metadata": {
"description": "VNET address space"
}
},
"subnet1Name": {
"type": "string",
"defaultValue": "Subnet-1",
"metadata": {
"description": "Subnet 1 name"
}
},
"subnet1Prefix": {
"type": "string",
"defaultValue": "10.0.0.0/24",
"metadata": {
"description": "Subnet 1 address space"
}
},
"nicName": {
"type": "string",
"metadata": {
"description": "Name of the NIC"
}
},
"vmExtensionName": {
"type": "string",
"metadata": {
"description": "Extension name"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]",
"subnet1Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet1Name'))]",
"storageAccountType": "Standard_LRS"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('newStorageAccountName')]",
"apiVersion": "2015-05-01-preview",
"location": "[parameters('location')]",
"properties": {
"accountType": "[variables('storageAccountType')]"
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[parameters('publicIPAddressName')]",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "[parameters('publicIPAddressType')]"
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('addressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnet1Name')]",
"properties": {
"addressPrefix": "[parameters('subnet1Prefix')]"
}
}
]
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Network/networkInterfaces",
"name": "[parameters('nicName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', parameters('publicIPAddressName'))]",
"[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnet1Ref')]"
}
}
}
]
}
},
{
"apiVersion": "2017-03-30",
"type": "Microsoft.Compute/virtualMachines",
"name": "[parameters('vmName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', parameters('newStorageAccountName'))]",
"[concat('Microsoft.Network/networkInterfaces/', parameters('nicName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[parameters('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "[parameters('imagePublisher')]",
"offer": "[parameters('imageOffer')]",
"sku": "[parameters('imageSKU')]",
"version": "latest"
},
"osDisk": {
"name": "[concat(parameters('vmName'),'_OSDisk')]",
"caching": "ReadWrite",
"createOption": "FromImage"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',parameters('nicName'))]"
}
]
}
}
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vmName'),'/', parameters('vmExtensionName'))]",
"apiVersion": "2015-05-01-preview",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"properties": {
"publisher": "McAfee.EndpointSecurity",
"type": "McAfeeEndpointSecurity",
"typeHandlerVersion": "6.0",
"settings": {
"featureVS": "true",
"featureBP": "true",
"featureFW": "true",
"relayServer": "false"
},
"protectedSettings": null
}
}
]
}
You will be able to see the VM extension node in the bottom of the template.
Also please find the param list for the same.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"newStorageAccountName": {
"value": "GEN-UNIQUE-8"
},
"publicIPAddressName": {
"value": "GEN-UNIQUE-8"
},
"publicIPAddressType": {
"value": "Dynamic"
},
"vmName": {
"value": "GEN-UNIQUE-8"
},
"vmSize": {
"value": "Standard_D3"
},
"adminUsername": {
"value": "GEN-UNIQUE"
},
"adminPassword": {
"value": "GEN-PASSWORD"
},
"virtualNetworkName": {
"value": "GEN-VNET-NAME"
},
"nicName": {
"value": "GEN-UNIQUE-8"
},
"vmExtensionName": {
"value": "GEN-UNIQUE-8"
}
}
}
You can visualize it from here :
http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmcafee-extension-windows-vm%2Fazuredeploy.json
Hope it helps.

Azure GovCloud Template Error

I am using this template enter link description here and I been working through it to convert it from stock to something I can use in the Azure Government Cloud. I am almost complete but I keep getting this last error that I do not know how to rectify. Maybe someone here with more json experience than I do can find this fix simply.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"uniquePrefix": {
"type": "string",
"metadata": {
"description": "This unique prefix will be used on all the objects created as part of this template."
}
},
"transferVMSize": {
"type": "string",
"defaultValue": "Standard_D4",
"allowedValues": [
"Standard_A4",
"Standard_A7",
"Standard_D4",
"Standard_D14",
"Standard_D2s_v3"
],
"metadata": {
"description": "Size of the VM used to transfer the VM image to various storage accounts."
}
},
"computeVMSize": {
"type": "string",
"defaultValue": "Standard_A1",
"allowedValues": [
"Standard_A1",
"Standard_A2",
"Standard_A3",
"Standard_A4",
"Standard_A5",
"Standard_A6",
"Standard_A7",
"Standard_A8",
"Standard_A9",
"Standard_A10",
"Standard_A11",
"Standard_D1",
"Standard_D2",
"Standard_D3",
"Standard_D3_v2",
"Standard_D4",
"Standard_D4_v2",
"Standard_D5_v2",
"Standard_D11",
"Standard_D12",
"Standard_D12_v2",
"Standard_D13",
"Standard_D13_v2",
"Standard_D14",
"Standard_D14_v2",
"Standard_DS3",
"Standard_DS4",
"Standard_DS12",
"Standard_DS13",
"Standard_DS14",
"Standard_G2",
"Standard_G3",
"Standard_G4",
"Standard_G5",
"Standard_GS2",
"Standard_GS3",
"Standard_GS4",
"Standard_GS5",
"Standard_D2s_v3"
],
"metadata": {
"description": "Size of the VMs to be used for actual computation."
}
},
"computeOSType": {
"type": "string",
"defaultValue": "Linux",
"allowedValues": [
"Linux",
"Windows"
],
"metadata": {
"description": "Compute OS Type"
}
},
"deploymentType": {
"type": "string",
"defaultValue": "VMSS",
"allowedValues": [
"VMSS",
"Single",
"SingleAV"
],
"metadata": {
"description": "This determines whether the VMs will be deployed using scale sets, as individual VMs, or individual VMs in an availability set (maximum 100 for the last option)."
}
},
"numberOfSAs": {
"type": "int",
"metadata": {
"description": "Number of Storage Accounts to upload the custom image to."
}
},
"instanceCountPerSA": {
"type": "int",
"maxValue": 40,
"metadata": {
"description": "Number of VMs per Storage Account."
}
},
"imageLocation": {
"type": "string",
"metadata": {
"description": "URL of the base custom image, in the format of https://accountname.blob.core.windows.net/container/image.vhd."
}
},
"storageAccountKey": {
"type": "securestring",
"metadata": {
"description": "Storage Account key for accessing the base custom image."
}
},
"adminUsername": {
"type": "string",
"metadata": {
"description": "Admin username for the VMs in the deployment."
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Admin password for the VMs in the deployment."
}
}
},
"variables": {
"vnetName": "[concat(parameters('uniquePrefix'), 'vnet')]",
"addressPrefix": "10.0.0.0/16",
"subnetName": "subnet",
"subnetPrefix": "10.0.0.0/21",
"transferImagePublisher": "Canonical",
"transferImageOffer": "UbuntuServer",
"ubuntuOSVersion": "16.04-LTS",
"imagePieces": "[split(parameters('imageLocation'),'/')]",
"blobName": "blob.core.usgovcloudapi.net",
"templateLocation": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/301-custom-images-at-scale/",
"sharedResourcesTemplateUri ": "[concat(variables('templateLocation'), 'shared-resources.json')]",
"finalTemplateUri": "[concat(variables('templateLocation'), 'final_')]",
"downloadTemplateURI": "[concat(variables('templateLocation'), 'download.json')]",
"downloadScriptURI": "[concat(variables('templateLocation'), 'download.sh')]",
"uploadTemplateURI": "[concat(variables('templateLocation'), 'upload.json')]",
"uploadScriptURI": "[concat(variables('templateLocation'), 'upload.sh')]",
"vmStorageAccountContainerName": "transfertestsa",
"OSDiskName": "transfertestvm",
"StorageAccountName": "transfertest"
},
"resources": [{
"name": "[concat(parameters('uniquePrefix'), 'base')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2015-01-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('sharedResourcesTemplateUri ')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"uniquePrefix": {
"value": "[parameters('uniquePrefix')]"
},
"numberOfSAs": {
"value": "[parameters('numberOfSAs')]"
},
"vnetName": {
"value": "[variables('vnetName')]"
},
"addressPrefix": {
"value": "[variables('addressPrefix')]"
},
"subnetName": {
"value": "[variables('subnetName')]"
},
"subnetPrefix": {
"value": "[variables('subnetPrefix')]"
}
}
}
},
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[concat('transfer', parameters('uniquePrefix'), 'sa')]",
"apiVersion": "2015-05-01-preview",
"location": "[resourceGroup().location]",
"properties": {
"accountType": "Standard_LRS"
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[concat('transfer', parameters('uniquePrefix'), 'ip')]",
"location": "[resourceGroup().location]",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Network/networkInterfaces",
"name": "[concat('transfer', parameters('uniquePrefix'), 'nic')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/transfer', parameters('uniquePrefix'), 'ip')]",
"[concat('Microsoft.Resources/deployments/', parameters('uniquePrefix'), 'base')]"
],
"properties": {
"ipConfigurations": [{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', concat('transfer', parameters('uniquePrefix'), 'ip'))]"
},
"subnet": {
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('vnetName'), '/subnets/', variables('subnetName'))]"
}
}
}]
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Compute/virtualMachines",
"name": "[concat('transfer', parameters('uniquePrefix'), 'vm')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/transfer', parameters('uniquePrefix'), 'sa')]",
"[concat('Microsoft.Network/networkInterfaces/transfer', parameters('uniquePrefix'), 'nic')]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('transferVMSize')]"
},
"osProfile": {
"computerName": "[concat('transfer', parameters('uniquePrefix'), 'vm')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "[variables('transferImagePublisher')]",
"offer": "[variables('transferImageOffer')]",
"sku": "[variables('ubuntuOSVersion')]",
"version": "latest"
},
"osDisk": {
"name": "osdisk",
"vhd": {
"uri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/',variables('vmStorageAccountContainerName'),''), '2015-06-15').primaryEndpoints.blob,'vhds/',variables('OSDiskName'),'-osdisk.vhd')]"
},
"caching": "ReadWrite",
"createOption": "FromImage"
}
},
"networkProfile": {
"networkInterfaces": [{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat('transfer', parameters('uniquePrefix'), 'nic'))]"
}]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": "true",
"storageUri": "[concat('http://transfer',parameters('uniquePrefix'),'sa.blob.core.usgovcloudapi.net')]"
}
}
}
},
{
"name": "[concat(parameters('uniquePrefix'), 'script0')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2015-01-01",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/transfer', parameters('uniquePrefix'), 'vm')]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('downloadTemplateURI')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"uniquePrefix": {
"value": "[parameters('uniquePrefix')]"
},
"imageLocation": {
"value": "[parameters('imageLocation')]"
},
"storageAccountKey": {
"value": "[parameters('storageAccountKey')]"
},
"downloadScriptURI": {
"value": "[variables('downloadScriptURI')]"
}
}
}
},
{
"name": "[concat(parameters('uniquePrefix'), 'script', string(add(copyIndex(), 1)))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2015-01-01",
"dependsOn": [
"[concat('Microsoft.Resources/deployments/', parameters('uniquePrefix'), 'script', copyIndex())]"
],
"copy": {
"name": "uploadLoop",
"count": "[parameters('numberOfSAs')]"
},
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('uploadTemplateURI')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"uniquePrefix": {
"value": "[parameters('uniquePrefix')]"
},
"index": {
"value": "[copyIndex()]"
},
"uploadScriptURI": {
"value": "[variables('uploadScriptURI')]"
}
}
}
},
{
"name": "[concat(parameters('uniquePrefix'), 'full')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2015-01-01",
"dependsOn": [
"uploadLoop"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(variables('finalTemplateUri'), parameters('deploymentType'), '.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"uniquePrefix": {
"value": "[parameters('uniquePrefix')]"
},
"numberOfSAs": {
"value": "[parameters('numberOfSAs')]"
},
"instanceCountPerSA": {
"value": "[parameters('instanceCountPerSA')]"
},
"vmSize": {
"value": "[parameters('computeVMSize')]"
},
"OSType": {
"value": "[parameters('computeOSType')]"
},
"blobName": {
"value": "[variables('blobName')]"
},
"vnetName": {
"value": "[variables('vnetName')]"
},
"addressPrefix": {
"value": "[variables('addressPrefix')]"
},
"subnetName": {
"value": "[variables('subnetName')]"
},
"subnetPrefix": {
"value": "[variables('subnetPrefix')]"
},
"templateLocation": {
"value": "[variables('templateLocation')]"
},
"adminUsername": {
"value": "[parameters('adminUsername')]"
},
"adminPassword": {
"value": "[parameters('adminPassword')]"
}
}
}
}
]
}
The above is what I am using to launch my template and attached are the parameters that I am inputting and the error message I receive. enter image description hereenter image description here
I fixed the error by forking the script to my own repo and changing every occurrence of the blob reference to gov cloud in all the files needed for that script.

Create Storage Service Encryption ARM template with Customer managed key

We're trying to create an ARM template which will allow us to specify our own encryption key. I have the script below, this encrypts the storage account, however this doesn't allow us to add our own key.
Is there a way to add it programatically, I know it can be done using the portal.
The script I have is
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageNamePrefix": {
"type": "string",
"metadata": {
"description": "The prefix string to add to a generated name."
}
},
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_RAGRS",
"Standard_ZRS",
"Premium_LRS"
],
"metadata": {
"description": "Storage Account type."
}
},
"blobEncryptionEnabled": {
"type": "bool",
"defaultValue": true,
"allowedValues": [
true,
false
],
"metadata": {
"description": "Enable or disable Blob encryption."
}
}
},
"variables": {
"storageAccountName": "[tolower( concat( parameters('storageNamePrefix'), uniqueString(subscription().id, resourceGroup().id) ))]",
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2016-01-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "Storage",
"properties": {
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {
"enabled": "[parameters('blobEncryptionEnabled')]"
}
}
}
}
}
],
"outputs": {
"storageAccountName": {
"type": "string",
"value": "[variables('storageAccountName')]"
}
}
}
I've seen this on Azure Quickstart Templates, which seems to have the title of what I need, but I can't see where or how to add the key I would like to use..
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_RAGRS",
"Standard_ZRS",
"Premium_LRS"
],
"metadata": {
"description": "Storage Account type."
}
},
"blobEncryptionEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable or disable Blob encryption at Rest."
}
}
},
"variables": {
"storageAccountName": "[tolower( concat('sawithsse', substring(parameters('storageAccountType'), 0, 2), uniqueString(subscription().id, resourceGroup().id) ))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2016-12-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "Storage",
"properties": {
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {
"enabled": "[parameters('blobEncryptionEnabled')]"
}
}
}
}
}
],
"outputs": {
"storageAccountName": {
"type": "string",
"value": "[variables('storageAccountName')]"
}
}
}
The portal way of enabling customer key for encryption is outlined in the below link:
https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption-customer-managed-keys
This link mentions the ability to use Powershell, but I can't find any reference for it.
Hope this makes sense.
Thanks in advance.. :)
Something like this:
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": xxx,
"keyvaulturi": xxx,
"keyversion": xxx
}
}
}
Source: https://learn.microsoft.com/en-us/rest/api/storagerp/storageaccounts/create#keyvaultproperties
another way, do it with powershell, add -debug and capture the rest call, port it to template.