Just so you know,
Assuming one has already
searching and find the image service
adding a vm image
browsing and selecting an intended vhd file to create a vm image
form the Images page, selecting/clicking the target image
creating a vm with the image from the image overview page
Test RDP
From the vm overview page, start and connect to the VM
use RUN command to review and validate the VM RDP settings, as needed
:'
This Azure CLI script is for ad hoc deploying customized Azure vms for testing including
- specified numebrs of vms and
- optionally a Bastion subnet for RDP/SSH over TLS directly with the Azure portal
To deploy,
1. Update the CUSTOMIZATION section, as preferred
2. Start an Azure Cloud Session,
https://docs.microsoft.com/en-us/azure/cloud-shell/overview
3. Set the target subscription, if different form the current one
4. Copy and paste the statements of CUSTOMIZATION and STANDARDIZED ROUTINE to the Azure Cloud Shell session
© 2020 Yung Chou. All Rights Reserved.
'
# Session Start
az login
az account list -o table
subName='mySubscriptionName'
az account set -s $subName
################
# CUSTOMIZATION
################
prefix='da'
totalVMs=1
vmSize='Standard_B2ms'
region='southcentralus'
#az vm list-skus --location $region --output table
bastionSubnet='no'
# osType is a required setting
vmImage='ubuntults'
osType='linux'
#vmImage='win2016datacenter'
#vmImage='win2019datacenter'
#osType='windows'
# For testing
adminID='hendrix'
adminPwd='4testingonly!'
:'
Password must have the 3 of the following:
1 lower case character, 1 upper case character, 1 number and 1 special character
# if to interactively set
read -p "How many VMs to be deployed " totlaVMs
read -p "Enter the admin id for the $totalVMs VMs to be deployed " adminUser
read -sp "Enter the password for the $totalVMs VMs to be deployed " adminPwd
'
ipAllocationMethod='static'
# Use '' if not to open a service port
ssh=22
rdp=3389
http=80
https=443
#################################
# STANDARDIZED ROUTINE FROM HERE
#################################
echo "
Prepping for deploying:
$totalVMs $osType $vmImage vms in $vmSize size
each with $ipAllocationMethod public IP adderss
and port $ssh $rdp $http $https open
"
tag=$prefix$(date +%M%S)
echo "Session tag = $tag"
rgName=$tag
#echo "Creating the resource group, $rgName..."
az group create -n $rgName -l $region -o table
#az group delete -n $rgName --no-wait -y
# VIRTUAL NETWORK
vnetName=$rgName'-net'
subnetName='1' # 0..254
nsgName=$rgName'-vnet-nsg'
nsgRule=$rgName'-TestOnly'
priority=100
#echo "Creating the vnet, $vnetName..."
az network vnet create -g $rgName -n $vnetName -o none \
--address-prefixes 10.10.0.0/16 \
--subnet-name $subnetName --subnet-prefixes "10.10.$subnetName.0/24"
# Bastion subnet
if [ $(echo $bastionSubnet | tr [a-z] [A-Z]) == 'YES' ]
then
#echo "Adding the Bastion subnet..."
az network vnet subnet create --vnet-name $vnetName -g $rgName -o none \
-n AzureBastionSubnet --address-prefixes 10.10.99.0/24
fi
# NSG
#echo "Creating a NSG, $nsgName, associated with the vnet, $vnetName..."
az network nsg create -g $rgName -n $nsgName -o none
#echo "Creating a NSG rule, $nsgRule, associated with the NSG ,$nsgName..."
az network nsg rule create -g $rgName \
--nsg-name $nsgName \
-n $nsgRule \
--protocol Tcp \
--access Allow \
--priority $priority \
--destination-port-ranges $ssh $rdp $http $https \
--description '*** FOR TESTING ONLY, NOT FOR PRODUCTION ***' \
--verbose \
-o table
# VM
time \
for i in `seq 1 $totalVMs`;
do
vmName=$tag'-vm'$i
echo "Prepping deployment for the vm, $vmName..."
osDiskName=$vmName'-OSDisk'
nicName=$vmName'-nic'
vmIP=$vmName'-ip'
az network public-ip create -g $rgName -n $vmIP \
--allocation-method $ipAllocationMethod \
--verbose \
-o none
echo "Allocated the $ipAllocationMethod public IP, $vmIP"
az network nic create -g $rgName \
-n $nicName \
--vnet-name $vnetName \
--subnet $subnetName \
--network-security-group $nsgName \
--public-ip-address $vmIP \
--verbose \
-o table
echo "Created the $nicName with the $ipAllocationMethod public IP, $vmIP"
# CREATE VM AND RETURN THE IP
if [ $(echo $osType | tr [a-z] [A-Z]) == 'LINUX' ]
then
echo "Configuring the Linux vm, $vmName, with password access"
linuxOnly='--generate-ssh-keys --authentication-type all '
else
linuxOnly=''
fi
echo "Creating the vm, $vmName now..."
pubIP=$(
az vm create -g $rgName -n $vmName -l $region --size $vmSize \
--admin-username $adminID --admin-password $adminPwd \
--image $vmImage --os-disk-name $osDiskName \
$linuxOnly \
--nics $nicName \
--query publicIpAddress \
--verbose \
-o tsv
)
#az vm show -d -g $rgName -n $vmName -o table
echo "
Voilà! The VM, $vmName, has been deployed with the $ipAllocationMethod public IP, $pubIP
"
done
# Deployed Resources
#az network vnet show -n $vnetName -g $rgName -o table
#az network vnet subnet list --vnet-name $vnetName -g $rgName -o table
#az network nic list -g $rgName -o table
az vm list -g $rgName -o table -d
# Clean up
:' To clean deployed resources
az group delete -n $rgName --no-wait -y
'
Despite a simple operation, apply the following sample statements to your environment if experiencing an issue in changing an Azure VM’s BootDiagnostic setting.
ISSUE for
HOW-TO
References:
SAMSPLE STATEMENTS
The same process applies to enabling BootDiagnostic by specifying a vm object with the associated resource group and an intended storage account in step 4.
<# Disabling Azure VM BootDiagnostic Using PowerShell The following illustrates the process to disable VM BootDiagnostic. The statements are intended to be executed manually and in sequence. #> # 1. Log in Azure and set the context, as appropriate Connect-AzAccountstep 4 Get-AzContext Set-AzContext -Subscription '????' -Tenant '????' # 2. Specify a target VM $vmName = 'your vm name' $vmRG = 'the resource group name of the vm' # 3. Check the current BootDiagnostics status ($VM = Get-AzVM -ResourceGroupName $vmRG -Name $vmName).DiagnosticsProfile.BootDiagnostics # 4. Disable BootDiagnostic of the VM Set-AzVMBootDiagnostic -VM $VM -Disable # 5. Update the VM settings Update-AzVM -ResourceGroupName $vmRG -VM $VM # 6. Check the current BootDiagnostics status and verify the change made ($VM = Get-AzVM -ResourceGroupName $vmRG -Name $vmName).DiagnosticsProfile.BootDiagnostics # Notice it may take a few minutes for azure portal to reflect # the changes made to BootDiagnostic.
SAMPLE SESSION
<#
The function, azure-vm-image-sku, returns the sku of a user-selected
Azure VM image interactively. It calls the function, pick-one-item,
which accepts an item-list and returns a selected item interactively.
This script is for demonstrating and learning Azure and PowerShell.
The code is not optimized and does not handle all error messages.
Usage:
# Get a sku in the default text mode
azure-vm-image-sku
# Get a sku with GUI
azure-vm-image-sku -gui $true
# Get a sku with optional switches
azure-vm-image-sku `
-region 'targetAzureRegion' `
-publisher 'targetPublisherName' `
-offer 'targetOffer' `
-gui $true
Examples:
azure-vm-image-sku -region 'south central us' -gui $true
azure-vm-image-sku `
-region 'south central us' `
-publisher 'microsoftwindowsserver'
azure-vm-image-sku `
-region 'south central us' `
-publisher 'microsoftwindowsserver' `
-offer 'windowsserver'
© 2020 Yung Chou. All Rights Reserved.
#>
function pick-one-item {
param (
[array ]$thisList = @('East Asia','South Central US', 'West Europe', 'UAE North', 'South Afraica North'),
[string ]$itemDescription ='Azure Region',
[boolean]$gui = $false
)
if ($gui) {
$thisOne = $thisList | Out-GridView -Title "$itemDescription List" -PassThru
} else {
if ($thisList.count -eq 1) { $thisOne = $thisList[0]
} else {
$i=1; $tempList = @()
foreach ( $item in $thisList ) {
$tempList+="`n$i.`t$item"
$i++
}
do {
write-host "`nHere's the $itemDescription list `n$tempList"
$thePick = Read-Host "`nWhich $itemDEscription"
} while(1..$tempList.length -notcontains $thePick)
$thisOne = $thisList[($thePick-1)]
}
}
write-host "$(get-date -f T) - Selecting '$thisOne' from the $itemDescription list " -f green -b black
return $thisOne
}
function azure-vm-image-sku {
param (
[boolean]$gui = $false,
[string]$region = (pick-one-item `
-thisList (Get-AzLocation).DisplayName `
-itemDescription "Azure region" `
-gui $gui ),
[string]$publisher = (pick-one-item `
-thisList (Get-AzVMImagePublisher -Location $region).PublisherName `
-itemDescription "Azure $region publisher" `
-gui $gui ),
[string]$offer = (pick-one-item `
-thisList (Get-AzVMImageOffer -Location $region -PublisherName $publisher).offer `
-itemDescription "Azure $region $publisher's Offer" `
-gui $gui ),
[string]$itemDescription = "Azure $region $publisher $offer Sku"
)
return $sku = (pick-one-item `
-thisList (Get-AzVMImageSku -Location $region -PublisherName $publisher -Offer $offer).skus `
-itemDescription $itemDescription `
-gui $gui )
}
write-host "
This script, based on the original script published in the article,
Report Azure resource usage with PowerShell
https://4sysops.com/archives/report-azure-resource-usage-with-powershell/,
displays interactively the Azure compute, storage,
and network quota and usage of an examined region relevant to
an Azure subscription. It also generates a text file accordingly.
© 2020 Yung Chou. All Rights Reserved.
"
#region [Customization]
$region="uksouth"
#endregion
Connect-AzAccount
#region [Needed only if an account owns multiple subscriptions]
# Set the context for subsequent operations
$context = (Get-AzSubscription | Out-GridView -Title 'Set subscription context' -PassThru)
Set-AzContext -Subscription $context | Out-Null
write-host "Azure context set for the subscription, `n$((Get-AzContext).Name)" -f green
#endregion
#region [DO NOT CHANGE]
($vm = Get-AzVMUsage -Location $region `
| select @{label='ResourceType';expression={$_.name.LocalizedValue}}, currentvalue, limit) `
| Out-GridView -Title "Azure $region Region Compute Quota & Usage"
($storage = Get-AzStorageUsage -Location $region `
| select @{label='ResourceType';expression={$_.name}}, currentvalue, limit) `
| Out-GridView -Title "Azure $region Region Storage Account Quota & Usage"
($network = Get-AzNetworkUsage -Location $region `
| select @{label='ResourceType';expression={$_.resourcetype}}, currentvalue, limit) `
| Out-GridView -Title "Azure $region Network Quota & Usage"
$when=get-date -format 'yyyyMMdd-hhmm'
($usage = @("Azure $region Region Quota and usage, as of $when",$vm,"`n",$storage,"`n",$network) | ft) `
>> "usage-$region-$when.txt"
#endregion [DO NTO CHANGE]
#region [CREATE MANAGED DISK WITH VHD]
write-host "
------------------------------------------------------------
This script is based on the following reference and for
learning Azure and PowerShell. I have made changes to the
original scrtip for clarity and portability.
Ref: Create a managed disk from a VHD file
https://docs.microsoft.com/en-us/azure/virtual-machines/scripts/virtual-machines-windows-powershell-sample-create-managed-disk-from-vhd
Recommend manually running the script statement by
statement in cloud shell.
© 2020 Yung Chou. All Rights Reserved.
------------------------------------------------------------
"
#region [CUSTOMIZATION]
#region [Needed only if an account owns multiple subscriptions]
Get-AzSubscription | Out-GridView # Copy the target subscription name
# Set the context for subsequent operations
$context = (Get-AzSubscription | Out-GridView -Title 'Set subscription context' -PassThru)
Set-AzContext -Subscription $context | Out-Null
write-host "Azure context set for the subscription, `n$((Get-AzContext).Name)" -f green
#endregion
$sourceVhdStorageAccountResourceId = '/subscriptions/…/StorageAccounts/'
$sourceVhdUri = 'https://.../.vhd'
#Get-AzLocation
$sourceVhdLoc = 'centralus'
$mngedDiskRgName ="da-mnged-$(get-date -format 'mmss')"
#$mngedDiskRgName ='dnd-mnged'
#Provide the name of a to-be-created Managed Disk
$mngedDiskName = 'myMngedDisk'
$mngedStorageType = 'Premium_LRS' # Premium_LRS,Standard_LRS,Standard_ZRS
$mngedDiskSize = '128' # In GB greater than the source VHD file size
#endregion
if (($existingRG = (Get-AzResourceGroup | Where {$_.ResourceGroupName -eq $mngedDiskRgName})) -eq $Null) {
write-host "Resource group, $mngedDiskRgName, not found, creating it" -f y
New-AzResourceGroup -Name $mngedDiskRgName -Location $mngedDiskLoc
} else {
write-host "Using this resource group, $mngedDiskRgName, for the managed disk, $mngedDiskName" -f y
}
$diskConfig = New-AzDiskConfig `
-AccountType $mngedStorageType `
-Location $sourceVhdLoc `
-CreateOption Import `
-StorageAccountId $sourceVhdStorageAccountResourceId `
-SourceUri $sourceVhdUri
New-AzDisk `
-Disk $diskConfig `
-ResourceGroupName $mngedDiskRgName `
-DiskName $mngedDiskName `
-Verbose
#endregion [CREATE MANAGED DISK WITH VHD]
#region [CLean up]
# Remove-AzResourceGroup -Name $mngedDiskRgName -Force -AsJob
#endregion
This is a sample script for deploying an Azure VM with Diagnostics Extension and Boot Diagnostics, while each in a different resource group. The intent is to clearly illustrate the process with required operations, while paying minimal effort for code optimization.
Ideally an Azure VM, Diagnostic Extension, and Boot Diagnostics are to be deployed with the same resource group. However in production, it may be necessary to organize them into individual resource groups for standardization, which is what this script demonstrates.
The script can be run as it is. Or simply make changes in customization section and leave the rest in place. For VM Diagnostic Extension, the configuration file should be placed where the script is. Or update the variable, $diagnosticsConfigPath, accordingly. This script uses Storage Account Key for access which allows the storage account with a subscription different from that deploys the VM. A sample configuration file, diagnostics_publicconfig_NoStorageAccount.xml, is available and notice there is no <StorageAccount> element specified in this file.
Here’s the user experience up to finishing the [Deploying] section in the script. By default, an Azure VM is deployed with Boot Diagnostic enabled. The script upon a VM deployment changes and disables the Boot Diagnostic of the VM. For the following sample run, it took 3 minutes and 58 seconds.
Deploying Azure VM and setting Boot Diagnostics as disabled
Now with an Azure VM in place, the script adds VM Diagnostic Extension, followed by enabling Boot Diagnostics. Herr either extension uses a storage account in a resource group different form the VM’s. So this script creates 3 resource groups for: a VM itself, and the Diagnostics Extension and the Boot Diagnostics of the VM.
VM, Diagnostics, and Boot Diagnostics deployed with individual resource groups
write-host "
---------------------------------------------------------
This is a sample script for deploying an Azure VM
with Diagnostics Extension and Boot Diagnostics,
while each in a different resource group.
The intent is to clearly illustrate the process with
required operations, while paying minimal effort for
code optimization.
Ideally an Azure VM, Diagnostic Extension, and Boot Diagnostics
are to be deployed with the same resource group. However
in production, it may be necessary to organize them into
individual resource groups for standardization,
which is what this script demonstrates.
The script can be run as it is. Or simply make changes
in customization section, while leave the rest in place.
For VM Diagnostic Extension, the configuration file should
be placed where thi script is. Or update the variable,
$diagnosticsConfigPath, accordingly. This script uses a
Storage Account Key for access. This configuration allows
the storage account with a subscription different from that
deploys the VM. A sample configuration file,
diagnostics_publicconfig_NoStorageAccount.xml, is available at
https://1drv.ms/u/s!AuraBlxqDFRshVSl0IpWcsjRQkUX?e=3CGcgq
and notice there is no <StorageAccount> element specified in this file.
© 2020 Yung Chou. All Rights Reserved.
---------------------------------------------------------
"
Disconnect-AzAccount; Connect-AzAccount
# If multipel subscription
# Set-AzContext -SubscriptionId "xxxx-xxxx-xxxx-xxxx"
#region [Customization]
$cust=@{
initial='yc'
;region='southcentralus'
}
$diagnosticsConfigPath='diagnostics_publicconfig_NoStorageAccount.xml'
#region [vm admin credentials]
# 1.To hard-code
$cust+=@{
vmAdmin ='changeMe'
;vmAdminPwd='forDemoOnly!'
}
$vmAdmPwd=ConvertTo-SecureString $cust.vmAdminPwd -AsPlainText -Force
$vmAdmCred=New-Object System.Management.Automation.PSCredential ($cust.vmAdmin, $vmAdmPwd);
#>
# 2. Or interactively
#$vmAdminCred = Get-Credential -Message "Enter the VM Admin credentials."
#endregion
$tag=$cust.initial+(get-date -format 'mmss')
Write-host "`nSession ID = $tag" -f y
# Variables for common values
$vmRGName=$tag+'-RG'
$loc=$cust.region
$vmName=$tag+'vm'
$deployment=@{
vmSize='Standard_B2ms'
;dataDiskSzieInGB=5
;publisher='MicrosoftWindowsServer'
;offer='WindowsServer'
;sku='2016-Datacenter'
;version='latest'
;vnetAddSpace='192.168.0.0/16'
;subnetAddSpace='192.168.1.0/24'
}
#endregion
#region [Deployment Preping]
# Create a resource group
New-AzResourceGroup -Name $vmRGName -Location $loc
# Remove-AzResourceGroup -Name $vmRGName -AsJob
# Create a subnet configuration
$subnetConfig = `
New-AzVirtualNetworkSubnetConfig `
-Name 'default' `
-AddressPrefix ($deployment.subnetAddSpace) `
-WarningAction 'SilentlyContinue'
# Create a virtual network
$vnet = `
New-AzVirtualNetwork `
-ResourceGroupName $vmRGName `
-Location $loc `
-Name "$tag-vnet" `
-AddressPrefix $deployment.vnetAddSpace `
-Subnet $subnetConfig
# Create a public IP address and specify a DNS name
$pip = `
New-AzPublicIpAddress `
-ResourceGroupName $vmRGName `
-Location $loc `
-Name "$vmName-pip" `
-AllocationMethod Static `
-IdleTimeoutInMinutes 4
# Create an inbound network security group rule for port 3389
$nsgRuleRDP = `
New-AzNetworkSecurityRuleConfig `
-Name "$vmName-rdp" `
-Protocol Tcp `
-Direction Inbound `
-Priority 1000 `
-SourceAddressPrefix * `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 3389 `
-Access Allow
# Create an inbound network security group rule for port 80,443
$nsgRuleHTTP = `
New-AzNetworkSecurityRuleConfig `
-Name "$vmName-http" -Protocol Tcp `
-Direction Inbound `
-Priority 1010 `
-SourceAddressPrefix * `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 80,443 `
-Access Allow
$nsg= `
New-AzNetworkSecurityGroup `
-ResourceGroupName $vmRGName `
-Location $loc `
-Name "$vmName-nsg" `
-SecurityRules $nsgRuleRDP, $nsgRuleHTTP `
-Force
# Create a virtual network card and associate with public IP address and NSG
$nic = `
New-AzNetworkInterface `
-Name "$vmName-nic" `
-ResourceGroupName $vmRGName `
-Location $loc `
-SubnetId $vnet.Subnets[0].Id `
-PublicIpAddressId $pip.Id `
-NetworkSecurityGroupId $nsg.Id
$vmConfig = `
New-AzVMConfig `
-VMName $vmName `
-VMSize $deployment.vmSize `
| Set-AzVMOperatingSystem `
-Windows `
-ComputerName $vmName `
-Credential $vmAdmCred `
| Set-AzVMSourceImage `
-PublisherName $deployment.publisher `
-Offer $deployment.offer `
-Skus $deployment.sku `
-Version $deployment.version `
| Add-AzVMNetworkInterface `
-Id $nic.Id
#endregion
#region [Deploying]
$StopWatch = New-Object -TypeName System.Diagnostics.Stopwatch; $stopwatch.start()
write-host "`nDeploying the vm, $vmName, to $loc...`n" -f y
$vmStatus = `
New-AzVM `
-ResourceGroupName $vmRGName `
-Location $loc `
-VM $vmConfig `
-WarningAction 'SilentlyContinue' `
-Verbose
Set-AzVMBgInfoExtension `
-ResourceGroupName $vmRGName `
-VMName $vmName `
-Name 'bginfo'
$vm = Get-AzVM -ResourceGroupName $vmRGName -Name $vmName
# Set by default not to enable boot diagnostic
Set-AzVMBootDiagnostic `
-VM $vm `
-Disable `
| Update-AzVM
write-host "`nSet the vm, $vmName, with BootDiagnostic 'Disabled'`n" -f y
write-host '[Deployment Elapsed Time]' -f y
$stopwatch.stop(); $stopwatch.elapsed
#endregion
#region [Set VM Diagnostic Extension]
<# If using a diagnostics storage account name for the VM Diagnostic Extension, the storage account must be in the same subscription as the virtual machine. If the diagnostics storage account is in a different subscription than the virtual machine's, then enable sending diagnostics data to that storage account by explicitly specifying its name and key. #>
$vmDiagRGName=$tag+'vmDiag-RG'
$vmDiagStorageName=$tag+'vmdiagstore'
New-AzResourceGroup -Name $vmDiagRGName -Location $loc
#Remove-AzResourceGroup -Name $vmDiagRGName -AsJob
New-AzStorageAccount `
-ResourceGroupName $vmDiagRGName `
-AccountName $vmDiagStorageName `
-Location $loc `
-SkuName Standard_LRS
Set-AzVMDiagnosticsExtension `
-ResourceGroupName $vmRGName `
-VMName $vmName `
-DiagnosticsConfigurationPath $diagnosticsConfigPath `
-StorageAccountName $vmDiagStorageName `
-StorageAccountKey (
Get-AzStorageAccountKey `
-ResourceGroupName $vmDiagRGName `
-AccountName $vmDiagStorageName
).Value[0] `
-WarningAction 'SilentlyContinue'
$vmExtDiag = Get-AzVMDiagnosticsExtension -ResourceGroupName $vmRGName -VMName $vmName
#endregion
#region [Enable Boot Diagnostic]
# The resource group and the storage account are
# different from the vm's.
$vmBootDiagRGName=$tag+'bootDiag-RG'
$bootDiagStorageName=$tag+'bootdiagstore'
New-AzResourceGroup -Name $vmBootDiagRGName -Location $loc
#Remove-AzResourceGroup -Name $vmBootDiagRGName -AsJob
New-AzStorageAccount `
-ResourceGroupName $vmBootDiagRGName `
-AccountName $bootDiagStorageName `
-Location $loc `
-SkuName Standard_LRS
Set-AzVMBootDiagnostic `
-Enable `
-VM $vm `
-ResourceGroupName $vmBootDiagRGName `
-StorageAccountName $bootDiagStorageName `
| Update-AzVM
#endregion
#region [Session Summary]
($RGs = Get-AzResourceGroup | Where ResourceGroupName -like "$tag*") `
| ft ResourceGroupName, Location
($vms = Get-AzVM| Where ResourceGroupName -like "$tag*") `
| ft ResourceGroupName, Location, Name
($SAs = Get-AzStorageAccount | Where ResourceGroupName -like "$tag*") `
| ft ResourceGroupName, Location, StorageAccountName
#endregion
<# [Clean Up]
Remove-AzResourceGroup -Name $vmRGName -AsJob
Remove-AzResourceGroup -Name $vmDiagRGName -AsJob
Remove-AzResourceGroup -Name $vmBootDiagRGName -AsJob
#>
Four topics I talked about in this presentation :
Here’s my presentation in pdf format.
Witnessing a clear cloudy day every day 