0

HOW TO MANAGE YOUR AZURE INFRASTRUCTURE STANDARDS

We went over the design of a runbook that we created to assign diagnostic settings to resources in Microsoft Azure. This Azure infrastructure resolution may be summarized within the screenshot below, wherever tags at the resource cluster level would force the diagnostic setting on all resources inside. however if the resource itself has a similar tags however totally different values, then it’d override the parent setting. Our focus within the previous article was round the functionalities and also the design of the answer. (You will notice the first script here.) during this article, we are going to cowl some key points of the script accountable to execute the planned resolution.

Supporting files:

The idea behind this script came from a script that I created in 2016 to assign mailbox profiles in Exchange Server 2016. The goal was to make a script that doesn’t need all the cmdlets to be inside the script. Instead, the script would scan a solution file and use that info against the mailbox/resources.

In this new cloud version of the script, we are going to use a JSON file to stay all cmdlets and world settings which will be needed throughout execution time during a Storage Account. The JSON file includes a management version on its name, and also the initial version is termed operationflag.rules.v1.json.

All world variables ar outlined within the initial of the JSON. For now, we tend to ar keeping info like QueryResources (which is that the question to search out the resources that we’ve got on this file) and every one different info that may be shared during this space.

For any given resource, we’d like to start out by process the ResourceType, and also the initial one is Microsoft. Compute/virtual Machines (aka VMs), and so we’ve got commands for each bit for that resource, and that they have a prefix S, wherever number is that the bit position. Our script needs to check for the feature, add or take away supported the bit outlined on the resource cluster or resource. Thus, we’d like to own all doable actions documented in our JSON file.

For example, the primary bit once we are talking regarding VMs is chargeable for managing diagnostic settings, therefore the Set-AZVMDiagnosticsExtension cmdlet. Once the script desires to envision if that feature is enabled, it’ll consume the S0Check. If the feature needs to be activated, then S0Deploy are going to be used, and also the same applies to S0Remove once the feature needs to be removed.


The script was created to be dynamic, and it’ll be applied to any given variety of VMs. we tend to used to get replaced throughout the execution time. If we’d like to specify a boot diagnostic Storage Account name, we are going to use the item from the world setting. Therefore we should always reference that as .

A operate within the script can notice those special place-holders (<>) and replace them for the execution time resources and world variables.

The second file is employed only for virtual machines, and it’s a JSON file to assemble the diagnostic settings during a VM. there’s a trick here. The file ought to be distinctive for each single VM that we would like to modify as a result of it needs the Resourced of the given VM inside the configuration file.

We overcome this issue victimization PLACEHOLDER-resourced string within the configuration file, throughout the script execution time, it’ll replace that string for the particular Resourced and so modify diagnostic settings consequently.

Understanding the functions within the script
The first operate that’s price mentioning is fLoadVMDiagSettings. This operate can connect with a Storage Account and a particular instrumentation to transfer the JSON files (rules and VM diagnostics) to the native machine that’s running the script. All the foundations ar loaded into the $Global: Rules variable.

We can see the utilization of the world Rules in action on the primary lines of the script wherever we tend to ar progressing to fetch all resource varieties, and that they return from the Query Resources item within the JSON file, as listed within the code below.

 $Resources = Invoke-Expression ("Get-AzResource -ResourceGroupName RG-MSLab " + $Rules[0].QueryResources)

The operate Create is that the one that makes all cmdlets that may be dead throughout runtime. First, it receives the action (check, deploy or remove), the resource in question info, and also the position of the little bit of the Operation Flag.

The first block of the script can concatenate loads of knowledge to retrieve the cmdlet that we’d like to execute, however confine mind that they’ll go along with from the JSON file. We tend to solve the problem by exchange those placeholders by the particular worth, most of them return from the JSON files (all of these that have $Rules[0].something are returning from the world section of our JSON file).

Note: If you introduce new placeholders,

this operates should be updated consequently.
The operate fTagAssessment is chargeable for making the Tags once they don’t exist, or retrieve the tags from the resource cluster (if required), and perform some validation. It’ll come back this Operation Flag of any given resource.

The operate fQuickCheck is important for the performance of the script. It’ll judge if this Operation Flag is being implemented at the resource level. If any given feature should be removed, it’ll stamp variety six, if it needs readying, then variety one are going to be sealed, and if it doesn’t apply, then AN x are going to be used.

The operate Phase1 is chargeable for intense this Operation Flag. The Operation Flag getting used by this operates is that the comparison between the configuration at Resource Group/Resource and also the actual worth organized at the resource level. (By the approach, I agree the name is horrible! the explanation for this name is that originally, the script was planned to run a operate for every bit within the Operation Flag.)

The logic behind this Azure infrastructure code:

The idea of introducing the explanations behind the code of the script is to assist the cloud directors United Nations agency need to stay reusing the code of this text and add new capabilities. The goal is to figure as very little as doable within the code and bank additional on the JSON files to supply the cmdlets needed throughout the execution time. The logic behind this code may be utilized in many areas, and Operation Flag is simply a thought of a way to benefit of code victimization JSON and Storage Accounts to make a dynamic surroundings. If you’re excited as I’m regarding Azure DevOps, you may trigger a storage copy of the file when it’s committed to a repo.

Asad Mukhtar

Leave a Reply

Your email address will not be published. Required fields are marked *