Resource Group Clean-up in Azure Stack

If you are like me, you end up creating a ton of resource groups in Azure Stack when testing things out. I needed a way to delete them without having to click one each one via the portal. The best option of course is to leverage PowerShell. I threw together some PowerShell to handle this. I came up with two options #1 can be used to delete a bunch of RG’s that have a common name. For example, I had a bunch of VM00* resource groups. I use the script to go loop through and delete all resource groups with VMO in the name. Option #2 pop’s up a GUI window so I could select the RG’s I wanted to delete. It put them in an array and then looped through to delete them in one shot.

This is great because I can kick this off and go do something else. I will share both below in this blog post along with some screenshots. I won’t have a download for the PowerShell syntax so just copy from this post if you want to use it. Be sure to use AzureStack.Connect.psm1 for connecting to your Azure Stack environment before running any of the following code.

Code:
#1

#Create Variable of RG’s with common name
$Resourcegroups = Get-AzureRmResourceGroup | where {$_.ResourceGroupName -like (‘*VM0*’)}

#Create array of RG’s
$RGLIST = $Resourcegroups.ResourceGroupName

#Loop to remove each resource group in the array
ForEach(
$rg in $RGLIST
)
{
Get-AzureRmResourceGroup -Name $rg -ErrorAction SilentlyContinue | Remove-AzureRmResourceGroup -Force -Verbose
}

This image shows the array of RG’s that will be looped through. I highlighted vm003rg in the array and in the PowerShell status message.

rgcleanup-1

The following screenshot shows VM003RG being deleted in the Azure Stack portal.

rgcleanup-2

#2

#Create Variable of RG’s from GUI selection
$selectedrgs = (Get-AzureRmResourceGroup | Out-GridView ` -Title “Select ResouceGroups you want to remove.”` -PassThru).ResourceGroupName

#Loop to remove each resource group in the array
ForEach(
$rg in $selectedrgs
)
{
Get-AzureRmResourceGroup -Name $rg -ErrorAction SilentlyContinue | Remove-AzureRmResourceGroup -Force -Verbose
}

After running the Create Variable of RG’s from GUI selection part of the code a window as shown in the following screenshot will pop up. Select the RG’s you want to remove, click Ok and they will be placed into an array.

rgcleanup-3

Below if the output of the array. Run the Loop to remove each resource group in the array part of the code and each of the RG’s will be removed.

rgcleanup-4

I have also used this when a resource group would not delete from the portal. On some stubborn resource groups I have had to run this a couple of times. This is a short post. I hope this helps someone out!

Read More

Azure & RRAS Site to Site VPN Setup (Azure Resource Manager)

Background

I have not seen a lot of posts out there on setting up Azure Site to Site VPN Setup Azure Resource Manager. The ones I did follow had some missing steps. Setting up the AS2S is a pretty detailed process so I wanted to put the steps I had to follow in a blog post.

What you will need:

On-Premises

  • RRAS installed on an on-premises server.
  • At least 1 NIC on your RRAS server.
  • Your public IP. This will not work with dynamic DNS. You have to have a public IP. If you don’t own a public IP you can still use the dynamic public IP your ISP has assigned to you. You will need to just watch it and manually update it in Azure when it changes.
  • UDP Ports 500, 4500, and 1701 forwarded to your RRAS server. This is if your RRAS server is behind a NAT device.
  • Either your servers pointed to RRAS for their gateway or static routes setup on the VM’s you want to be able to communicate with Azure.

Azure:

Addressing:

For on-premises you can use whatever you want. I use 192.168.0.x/24.

For Azure we will use 10.121.0.x/16 and 10.121.0.0/24 and 10.121.1.0/24.

Steps:

~ AZURE CONFIGURATION FIRST! ~

First we will start off with configuring the network components we need up in Azure. Start by going to the Azure portal at https://portal.azure.com.

STEP 1: I would setup a resource group. You will put all of your resources for the site to site VPN in here for better tracking and management. As an example I named mine: “S2SVPN-Buchatech-LabRG“.

as2svpn-29

NOTE: Our resource group is empty at this point.

STEP 2:  Let’s start off by creating a virtual network. Go to:

Virtual networks>Create virtual network and click on Add. Let’s name this “S2SVPN-RRAS-Vnet“.

Give it “10.121.0.0/16” for the address space. This has to have enough room to place two subnets into it.

For the first subnet make the Subnet Name “Azure-VMs“. Make the Subnet address range “10.121.0.0/24“. Set it to the resource group you created in the previous step.

NOTE: I recommend placing all resources that will be a part of your site to site VPN in the same region. I used North Central US.

as2svpn-1

STEP 3:

We will be creating a virtual network gateway. This network gateway will contain the second subnet.

Go to Virtual networks>S2SVPN-RRAS-Vnet>Settings>Subnets.

Click on + Gateway subnet. For the Address Range use “10.121.1.0/24“. This address range is the IP range for your RRAS server to use.

So in your virtual network you should now have the two following Subnets:

as2svpn-2

STEP 4:

Now navigate to Virtual network gateways and click on Add. Name the gateway “S2SVPN-RRAS-VnetGW“. For the virtual network select our existing one named S2SVPN-RRAS-Vnet. Leave the gateway type to VPN, and leave VPN type to Route-based. For the public IP we don’t have one so we will need to create one here. Click on Choose a public IP address and a blade will fly out. Click on Create New.

as2svpn-3

I give it a name of “S2SVPN-RRAS-VnetGW-IP“. Your settings should look like this:

as2svpn-4

After the Virtual network gateways is created go and get the public IP addresses. We will need to plug this into RRAS later. You can get this by going here: Virtual network gateways>S2SVPN-RRAS-VnetGW>S2SVPN-RRAS-VnetGW-IP>Settings.

as2svpn-5

NOTE: It may take some time to provision the public IP so be patient here.

STEP 5:

Next up we need to configure a Local network gateway. Go to:

Local network gateways and click on +Add.  On Create local network gateway name it

S2SVPN-RRAS-LocalNetGW“, enter the public IP of your RRAS server, In the address space enter an IP range or ranges for your on-premises network , and select your RG.

as2svpn-6

NOTE: If you do not know what the public IP is on your RRAS server’s network just visit http://ipchicken.com and it will display it.

Now we need to create a connection in our local gateway. To do this navigate to the settings>connections and click on + Add. Name this “S2SVPN-RRAS-LocalNetGW-Connection“.

The Connection type will default to Site-to-site (IPsec). Leave this. Set the Virtual network gateway to “S2SVPN-RRAS-VnetGW“. Set a Shared key (PSK) to be used and remember this will also be used on the RRAS server so document this somewhere.

as2svpn-7

That’s it for the network configuration up in Azure. As long as everything was followed in these steps you should now have the following in your resource group.

as2svpn-8

~ RRAS CONFIGURATION! ~

Read More

Write once, deploy anywhere (Azure or Azure Stack)

This blog post is a follow up to the MMS 2016 session I recently delivered together with Microsoft Azure Stack PM Daniel Savage. The session title is “Future-proof your Career with Azure Stack in the New Hybrid Cloud World!” link here: http://www.buchatech.com/2016/04/presenting-at-mms-2016-azure-stack-backup-oms.

My demo is this session was titled “Write once, deploy anywhere“. The purpose of this demo was to show using a single ARM template (JSON file) and a single PowerShell script to deploy a VM regardless of deploying to Azure or Azure Stack. The demo was a success so yes this is really possible. In this post I will break down the JSON file, the PowerShell script, how it works and the download link for the files.

Getting the JSON file and the PowerShell script just right was a challenge as there are still some slight differences between the settings of Azure and Azure Stack. Note that this is the case with Azure Stack TP1 and I fully expect that this will change when it GA’s. In any case it is good to look at this stuff now to start to learn the ins and outs. In the end it was the combined Power of the ARM template and PowerShell to overcome any challenges. Let’s start off by taking a look at the differences in ARM between Azure and Azure Stack in the following table:

Property

Azure

Azure Stack

Location

Azure region (example: CentralUS)

local

blobStorageEndpoint

blob.core.windows.net

blob.azurestack.local

vmSize

Standard_D1

Standard_A1

vmName apiVersion

2015-06-15

2015-06-15

StorageAccountName apiVersion

2015-06-15

2015-06-15

nicName apiVersion

2015-06-15

2015-05-01-preview

vrtualNetworkName apiVersion

2015-06-15

2015-05-01-preview

networkSecurityGroupName apiVersion

2015-06-15

2015-05-01-preview

dnsNameForPublicIP apiVersion

2015-06-15

2015-05-01-preview

torageAccountName apiVersion

2015-06-15

2015-05-01-preview

NOTE: For the apiVersion on the resources Azure Stack requires 2015-05-01-preview. Resources in Azure ARM templates default to apiVersion 2015-06-15. So if we left the resources in the ARM template at apiVersion 2015-06-15 the deployment would fail on Azure Stack. However we are in luck as Azure will accept apiVersion 2015-05-01-preview. So I set vmName and StorageAccountName to apiVersion 2015-06-15 and the rest of the resources apiVersion to 2015-05-01-preview.

vmName and StorageAccountName use the same apiVersion for both Azure and Azure Stack. So Azure Stack accepts 2015-06-15 for both. Even those these are not different across Azure and Azure Stack I still wanted to list it anyway in the table.

If you have multiple subscriptions you will need to input the subscription ID. In my case my Azure has multiple subscriptions but my Azure Stack does not in this lab. In my script for Azure you need the subscription ID. In Azure Stack you do not. You may need to modify this behavior in the script if your scenario is different.

For the deployment it consists of two files. These files are:

Writeonceblog (1) AzureandAzureStack.json

CreateVMAzureorAzureStack.ps1

Here is what we have if we crack open the JSON file.

Writeonceblog (2)

A few things to note about the PowerShell script is that

  1. We prompt to identify if it is an Azure or Azure Stack deployment. We then run the appropriate block of code.
  2. In each of the deployment types (Azure or Azure Stack) we have some things hard coded in (for example blobStorageEndpoint and vmSize) and somethings pulled in dynamically by prompting for them during the script execution (for example subscriptionId and adminPassword).
  3. We are pulling in the parameter and variable values when using New-AzureRmResourceGroup and New-AzureRmResourceGroupDeployment.

NOTE: I am not a PowerShell expert. I am sure there are better more efficient ways to accomplish what I am doing here in the PowerShell script. Nothing was available to accomplish the write once, deploy anywhere goal so I put something together. Feel free to enhance the script and release back to the community.

Here is an example of the location parameter and variable in the JSON file.

The parameter:

Writeonceblog (3)

The variable:

Writeonceblog (4)

Referenced in the vmName resource:

Writeonceblog (5)

Here is an example of how we are leveraging this in the PowerShell script.

For Azure:

Writeonceblog (6)

For Azure Stack:

Writeonceblog (7)

Writeonceblog (8)

Writeonceblog (9)

Note that you can deploy VM’s to Azure or Azure Stack in many ways (Visual Studio, the portal etc..). I decided to leverage PowerShell to do the deployment’s as it gives me a great amount of flexibility. For the official article on using PowerShell to deploy VM’s to Azure Stack visit:

https://azure.microsoft.com/en-us/documentation/articles/azure-stack-deploy-template-powershell

Now let’s look at deploying a VM to both Azure and Azure Stack using a single PowerShell script and a single ARM template.

— AZURE —

Run the script and you are prompted for some of the VM info.

Writeonceblog (10)

Then you are prompted to log into your Azure account.

Writeonceblog (11)

Read More