- Modify Existing ARM Templates – Part 1
So in this section of the course, we’re going to be talking about the automation of the deployment of virtues. Now, within Microsoft Azure, the automation of virtual machines is usually done using Arm templates. As you know, Arm is the Azure Resource Manager model, which is the modern way of organizing and deploying resources in Azure. The Office Arm, of course, is the ASM model, which is the classic deployment model that we don’t use anymore. So when you do a deployment of a virtual machine, you usually get a screen. Your deployment is complete. Now we can see if I actually go back to this particular resource group.
We can see that I’ve done many different deployments to this resource group, but we’re going to focus on the virtual machine one. Now, one of the options we get when we’re in deployments is to look at the template. The template consists of two items: the template and the parameter file. We could download the template, which I’ll do, and we’re going to also want to download the parameter file. Now, the scripts that are being presented—the cli PowerShell in Ruby—only exist so that we can execute this template. These are not the PowerShell equivalents of the template. They don’t replace the template.
They basically require the template. Let’s look at what has been downloaded. So I’ll click it to open it, and if I bring it back into focus, you can see that it has the template, the parameter file, and it uses PowerShell, a CLI, Ruby, and some C code to deploy it. So there are four different methods to deploy built into this zip file. We’re going to open up these files, look into them, and try to explain how an armour plate is organised and the requirements of the exam. How do you modify the ARM template? So here we can see inside the template JSON file. Remember, I have both a template and a parameters file. Now, the template JSON file is a JSON file. Of course, the first property is the dollar sign schema property. The schema field refers to the deployment template JSONURL, which is a required field.
Now, the version number is a version number that you control. As you can see, Microsoft provides us with version 1.0.0. If you wanted to check this into a source repository, if you wanted to use this template as the baseline for your environment and then make changes to it, you could increment this version number so that you’d know which file was the most recent, et cetera. There are also parameters. There appear to be about 20 or so parameters being passed, and we’ll review them when we get the parameters. JSON variables are similar to parameters, but you can see that these are the computed fields. So the deployment template actually takes a resource group function and the resource group name. This is void, and constructing a virtual network ID based off of that is basically an area where variables are constructed; they’re not inputs. Fernando, the key section here is the resources section.
Now this is where all of the resources within this deployment get defined. We’re going to look into that in a little bit more detail in the next video. I’m going to scroll down here. The outputs are presented in the final section. Once everything has been created, this template is going to be able to return the admin username as its output, even though that’s a parameter that’s being passed as input. But this is the proof that this works. So, this is a basic overview of how an Arm template looks. If we flip over to the parameters file, we can see that there would be one parameter for each of the parameters defined by the template.
The template has a location parameter that is a string. And in the parameters file, the loop is being sent to the Central US. Now the way that it’s got these values is because we created this resource within the Azure Portal. We chose the country’s heart as the location. Azure Portal created a new virtual network interface name for us, and we accepted it. We could have changed it, and that got set in here as well. So all of the values in here are derived from our choices in creating the resource in the portal. That’s a high-level overview of the Arm template. In the next video, we’re going to look at editing this and then being able to do deployments based on our edit.
2. Modify Existing ARM Templates – Part 2
So let’s look a little bit deeper into the resources section of the Arm template. Like I said in the last video, this is really where a lot of the work is done. Let’s break out. There are multiple resources inside this template. Let us divide this into sections. So I’m going to select the first resource. This first resource says type “Microsoft Network Network Interfaces.” So this is a network interface card. It takes the name of the interface card from the parameters file. It has a reasonably robust API version.
The location is the same as the region that we passed in the parameters. Remember, we actually have the tags. When we were creating this in the portal, we assigned a tag to it, and that tag is part of the deployment. Now a network interface card has an IP address, and so the IP address is being set up in the next property, IP configuration, where the IP address is created. Okay, I’m going down. It’s giving the network secure access and an MSG ID.
And the last section might be what signifies how this gets created. Because this network interface card actually relies on other resources being there. First, the virtual network has to exist before the NIC card. The public IP address has to exist, as does the network security group. So all three are dependencies, and those three have to be created before the Nicard can be created. In fact, if we go to the very next resource, which is a smaller one, it’s the network security group. One of them is network-based card dependencies.
The network security group is a lot simpler. It just requires the location, it passes things, and it has rules that are basically passed in with the RDP. I think we have RDP HTTP and HTTPS open as well. The VNet is also part of the Microsoft Network’s virtual networks. Okay, so this is basically just in JSON format. All of the checks that we made in the portal actually get translated into the song statements, and this is what gets executed even within the portal. So really, what we’re seeing is a reflection of what we created. Now, what Microsoft wants us to do, you’ll notice on the test that Arm templates play a significant role.
They were unquestionably a part of 75.3. There’s no reason why Microsoft continues to talk about Arm templates because they really think that’s the backbone of managing resorts in Azure: understanding this language and being able to edit it. So it is in your best interest to begin creating these Arm templates for all of the resources.
So when you’re in the Azure Portal creating resources as a learning exercise, go grab the Arm template, which shows you how to do that by downloading the deployment. The deployment has been made, and what’s happening here should make logical sense what’s being happening here.So this public IP address—why the tags are there, why it’s in the location it is, why the IP address name, and which of the IPaddress SKUs is being created—these are all parameters that are being passed into creating the IP address.
Now, creating a virtual machine is actually quite complex, because even if you did it with PowerShell, you would have to make multiple PowerShell statements in order to gather all of the resources needed to create a virtual machine. So the virtual machine I’m going to scroll down here. The dependency is on the network interface, and the network interface had three other dependencies. If you recall, we also have the schedule. Remember, we set this up with a shutdown time. We wanted to shut down and see what was in the parameters. So if I go into the parameters of the network security rules, I bet you we can find that. We said it was like 5:00 p.m.
So here’s a shutdown time: 1700 hours Eastern Standard Time. Okay, we don’t want to be notified, and we want it, yeah. Vacation, if it were, would be in English. So you can see here six parameters or five parameters having to do with the auto shutdown specifically, which we defined when we had this virtual machine. And so the auto shutdown is a whole resource that we created as well. So definitely, we want you to go through Arm template samples. I’m going to link you to the actual next video. I’m going to show you the armouries that are available on GitHub. That’s also a good place to start. And again, we need to get into actually making changes to this, and then we can deploy this. Let’s say we do this in a different region with our changes, and it should work. So let’s do that.
3. Modify Existing ARM Templates – Part 3
So let’s start with the minimum required changes to this file. In order to create a new virtual machine, go over the parameters file, and you’re going to leave it in the same region. But the Azure network interface card needs a new name. So I’m going to call it a z. New Nick. I’m going to keep the same network security group. The network security rules aren’t changing. We’ll launch it on the same virtual network. So we’re not going to change the virtual network name or the subnet name; it’s going to get a new public IP address.
So we’ll change the public IP address slightly while keeping the other settings the same. We’re going to give the virtual machine itself a new name. So the virtual machine will have a new name, the public IP address will be new, and the network interface card will be new. Okay, so those are the three things that are required for this VM to be launched side-by-side in the same resource group, in the same region as its Brother, leave the same user; you’re going to have to specify a password here because Azure doesn’t give it to us when we download the template. But we’re going to put something in here, and I’ll leave the other settings the same. I’m going to hit save on this. We will not change the template right now.
You might ask yourself, “Well, what’s going to happen?” The network interface card will be the same, and the security group is not actually changing; the network security group name is the same. The other thing that’s the same is the schedule, for instance. And so, although the schedule itself is a dynamically generated thing, anyway, what’s going to happen with this virtual network, the virtual network, and the network security group, those two things?This is the wonderful thing about the way Arm templates work. If you are specifying a resource that already exists, let’s say this name has already existed all that Azure, when you deploy it again, is just going to validate that the properties of that resource match what you have now specified. So you can deploy the same virtual machine again and again, every hour if you wish, with the same properties.
And Azure is just going to review this, verify that this network exists, verify all the properties are still the same, and then it’s going to end up doing nothing. That is called DSC, right? That’s the desired state configuration. So you could take the baseline of your environment and run it in automation, and every 20 minutes or every hour, you could re-redeploy, re-redeploy, redeploy your environment. And not using the desired state configuration will just ensure that there are no properties that are changing, that no one’s logged into the portal, and that it’s changing things that are not in the file. OK, that’s sort of a separate topic, but I’ll just point out that Arm templates can be deployed again and again, and it doesn’t actually affect the resource as long as the property says so, so we’re going to take these parameters. We’ll take this template as is and deploy it, allowing it to create a brand new VM for us with a brand new public IP address and a brand new network interface card.
4. Modify Existing ARM Templates – Part 4
Alright, so we’re going to rerun this deployment script one more time. Now before I do that, let’s just review that very quickly. As you can see, the first step in carrying out this deployment is to sign in to your Azure account. So we expect Azure will pop up with a modal dialogue box, and we’ll have to enter our username and password. It will run some commands like “select Azure subscription” to choose our subscription.
It checks to see if the resource group already exists, and if it doesn’t, then it creates a new resource group. So the resource group creation is part of this deployment script, and then it does the deployment. So it’s a new hyphenated Azure RM resource group deployment. That’s what kickstarts the deployment: the template file, the parameter file, and the resource group. One thing that I added to this was the parameter name, “domain name.” This is a funny script because it requires us to go back up here. Deployment name is a required parameter, but it’s never used. So I decided to name the deployment after myself. All right, pause this. I’m going to start up PowerShell, and then we’re going to continue running Windows PowerShell.
The first thing we’ll do is navigate to the directory where our script is stored. And so I’m going to burn a CD to that directory. Unfortunately, the referendum is really long, and it’s going to wrap around some of these commands. Now before we can edit the script, you might be tempted to just say “deploy.” You might be tempted to do that, but then that will give you an error. Actually, I can show that to you. This will not work because there’s this cool thing called action policies, and this PS file is an unsigned file, and we have restrictions by default within PowerShell. So I’ve got a command here that’s called set execution policy, and we’re going to copy this command, paste it into the PowerShell window, and it’s basically saying, “Do we want to turn off execution policy protection?” And yes, we do.
So I’m going to say yes. And now we can run the deployment file. But even then, the deployment does require some parameters. So besides one, we have to pass in our subscription ID, we have to give it a resource name, and we have to give it a deployment. These are mandatory parameters in that script. Okay, I’m going to copy that. So what this will do is create a brand new resource group, and then we’ll deploy those changes that we made. So I’m going to actually just let her rip. Now it’s going to ask me to log in. So I’m going to have to enter my user ID here. And now, after registering all of the resource providers and indicating that a resource group already exists, it will check to see if our resource group already exists.
So we actually have to create this resource group. I’m going to put that in the Central US. Region. It’s asking me which region. So I put “Central U.S.” And it’s going to create a source group; it says it succeeded. So we saw this in the script. It is now referring to the new Azure RM deployment. Azure RM Resource Group deployment command and it’s going to basically create those resources for us. Now if I flip over to the portal, we can actually see that in action. You see, the resource group was just created, and now I’m starting to see resources showing up. network NSG, a virtual network IP address We can go into the deployments folder, and we can see the deployment is underway and the virtual machine is in program. Okay, there’s a little thing. So our resources are being deployed, and we can actually be created.
Going back to PowerShell, it’s still running. So I’m going to let that run. You can see how that worked. All right, so the PowerShell script is complete. Remember, the JSON template had an output, and that output was the admin user name. This signifies that the template was successfully deployed, minimized, and returned to the portal. We can see that. It also confirms that the deployment is complete. So if I go back to the AZone, I can see that we have network security group MS disk, network interface virtual. So everything that we had in our template is there. So you see that you can do a deployment of the portal, download the JSON templates, modify them, modify the parameters, even modify the deployment script, run it, and then you’ll get resources created automatically.
5. Deploy Linux VM using ARM Templates
Now, Windows is not the only operating system available. Obviously, Microsoft does provide Linux variants. So I went into Cloud Shell, into the CLIbash Cloud Shell, and I discovered the Manda AZ VM image list, which I output to a table so we could see the options for operating systems. We have four different versions. We have canonical SUSE, Red Hat, Core, OS, et cetera. So we’re going to modify our AR template. Let’s deploy Red Hat Linux. Okay, so we have the RHEL red hat, Skew 7.3. So let me go into the deployment here. Now, this is the Arm template that we just deployed. I found the section of virtual machines, and the inventory is one of them. Remember, Red Hat is the publisher, and the skew is, I believe, 7.3. Let’s verify that our EHL RedHat is 7.3 and is capitalised.
Okay? So if we pass in a Linux variant, then we’re going to be able to deploy the same type of VM but with a different operating system. So deploying Linux or Windows is just as easy as updating this image reference. So let’s start this off in PowerShell. Deploy this template and see the Linux distribution that’s been deployed. It’s running and says my deployment is underway; everything’s been deployed except the virtual machine. If we go into the virtual machine, we can see that it is a Linux operating system. It’s in the process of being created. So deploying a Linux virtual machine is not that much different than deploying a Windows virtual machine. Of course, we haven’t really dealt with Linux and Windows. You connected them differently; you know, SSH is done through security as opposed to user ID and password, but let’s get over that for now. But basically, it’s very easy to deploy either Linux or Windows VMs using Arm templates.
6. ARM Custom Script Extensions
One of the difficulties in deploying virtual machines rather than Azure web apps instances is getting your code installed and running on the virtual machine. And so let’s say you’re using the Arm template to deploy a brand new Windows or Linux virtual machine. Once that deployment is leaked, you’ve basically got a fresh install of a Windows or Linux server. Then you have to do further configuration to install your software, deploy your code, or whatever it is that you need to do as a post-deployment action. So there’s a thing called “custom script actions” that you can deploy using Arm that will execute a script after the VM has been created.
To demonstrate, I’m looking at the Azure Quick Start templates, which are available on GitHub. Under the Azure account on GitHub, there is a custom script extension for Ubuntu. As a result, what we have here is a basic Arm template. Let me take a brief detour to the resources section. We can see there’s a public IP address, a virtual network, and there’s the network interface card. Now again, if we were just to deploy this as is, you would end up with this happens to be a Linux virtual machine.
You would end up with a basically fresh install of what makes this actually useful. Is this a custom script extension, or a Microsoft compute virtual machine extension? What you do is pass it the location of a script. This could be a public GitHub repository or a public Blogger account that you pass into this. This happens to be a bash script, and it will execute inside of Ubuntu, and if that needs to create directories, use GitHub code compilation to set up some custom things to get the virtual machine ready for usage. So a custom script extension can be included in your Arm template to get your virtual machine into an efficient running state once it’s been deployed.
7. ARM Use Existing VHD
So instead of using a custom script extension, the other alternative to having a VM ready to go as soon as you instantiate it is to use an existing VHD. So here’s an Arm template again from the Azure Cert template that says “specialised VH.” And if we scroll down and enter all of the variables into the resources section, we’ll get the usual results: a storage account, an IP address, and a network interface. The relevant bit here is the disks, where you are basically passing in the Uri of existing VHDs. And so you’re basically creating a disc that is an import of an existing VHD, and then you’re reusing that disc as the startup drive. Okay? So you don’t have an image; there’s no Windows or Linux image from the marketplace. You’re actually attaching the disc based on the VHD Uri. So that’s another way to have a VM that is ready to go as soon as you start it up: you basically copy the VHD and create a VM from that.