In a previous article, we went over the structure of a runbook that we created to assign diagnostic settings to assets in Microsoft Azure. This Azure infrastructure answer might be summarized within the screenshot under, the place tags on the useful resource group degree would power the diagnostic setting on all assets inside. But when the useful resource itself has the identical tags however totally different values, then it could override the guardian setting. Our focus within the earlier article was across the functionalities and the structure of the answer. (You could find the unique script here.) On this article, we are going to cowl some key factors of the script accountable to execute the deliberate answer.
The concept behind this script got here from a script that I created in 2016 to assign mailbox profiles in Alternate Server 2016. The purpose was to create a script that doesn’t require all of the cmdlets to be throughout the script. As an alternative, the script would learn an reply file and use that data in opposition to the mailbox/assets.
On this new cloud model of the script, we are going to use a JSON file to maintain all cmdlets and world settings which may be required throughout execution time in a Storage Account. The JSON file has a management model on its identify, and the primary model is named operationflag.guidelines.v1.json.
All world variables are outlined within the first of the JSON. For now, we’re protecting data reminiscent of QueryResources (which is the question to search out the assets that now we have on this file) and all different data that may be shared on this space.
For any given useful resource, we have to begin by defining the ResourceType, and the first one is Microsoft.Compute/virtualMachines (aka VMs), after which now we have instructions for each bit for that useful resource, and so they have a prefix S<Integer>, the place Integer is the bit place. Our script has to verify for the characteristic, add or take away based mostly on the bit outlined on the useful resource group or useful resource. Thus, we have to have all potential actions documented in our JSON file.
For instance, the primary bit after we are speaking about VMs is answerable for managing diagnostic settings, thus the Set-AZVMDiagnosticsExtension cmdlet. When the script needs to verify if that characteristic is enabled, it’ll devour the S0Check. If the characteristic must be activated, then S0Deploy will probably be used, and the identical applies to S0Remove when the characteristic must be eliminated.
The script was created to be dynamic, and it is going to be utilized to any given variety of VMs. We used <String> to get replaced in the course of the execution time. If we have to specify a boot diagnostic Storage Account identify, we are going to use the merchandise from the World setting. Thus we must always reference that as <BootDiagName>.
A perform within the script will discover these particular place-holders (<>) and change them for the execution time assets and world variables.
The second file is used only for digital machines, and it has a JSON file to configure the diagnostic settings in a VM. There’s a trick right here. The file ought to be distinctive for each single VM that we wish to allow as a result of it requires the ResourceID of the given VM throughout the configuration file.
We overcome this problem utilizing PLACEHOLDER-resourceId string within the configuration file, in the course of the script execution time, it’ll change that string for the precise ResourceId after which allow diagnostic settings accordingly.
Understanding the features within the script
The primary perform that’s value mentioning is fLoadVMDiagSettings. This perform will hook up with a Storage Account and a particular container to download the JSON recordsdata (guidelines and VM diagnostics) to the native machine that’s operating the script. All the foundations are loaded into the $World:Guidelines variable.
We will see the usage of the World Guidelines in motion on the primary traces of the script the place we’re going to fetch all useful resource sorts, and so they come from the QueryResources merchandise within the JSON file, as listed within the code under.
$Sources = Invoke-Expression ("Get-AzResource -ResourceGroupName RG-MSLab " + $Guidelines.QueryResources)
The perform fCreatecmdlet is the one which creates all cmdlets that will probably be executed throughout runtime. First, it receives the motion (verify, deploy or take away), the useful resource in query data, and the place of the little bit of the OperationFlag.
The primary block of the script will concatenate a whole lot of data to retrieve the cmdlet that we have to execute, however take into account that they are going to include <ExpressionName> from the JSON file. We resolve the difficulty by changing these placeholders by the precise worth, most of them come from the JSON recordsdata (all of people who have $Guidelines.one thing are coming from the World part of our JSON file).
Be aware: Should you introduce new placeholders, this perform have to be up to date accordingly.
The perform fTagAssessment is answerable for creating the Tags when they don’t exist, or retrieve the tags from the useful resource group (if required), and carry out some validation. It can return the present OperationFlag of any given useful resource.
The perform fQuickCheck is important for the efficiency of the script. It can consider if the present OperationFlag is being enforced on the useful resource degree. If any given characteristic have to be eliminated, it’ll stamp a quantity 6, if it requires deployment, then a quantity 1 will probably be stamped, and if it doesn’t apply, then an x will probably be used.
The perform Phase1 is answerable for consuming the present OperationFlag. The OperationFlag being utilized by this perform is the comparability between the configuration at Useful resource Group/Useful resource and the precise worth configured on the useful resource degree. (By the way in which, I agree the identify is horrible! The explanation for this identify is that originally, the script was deliberate to run a perform for every bit within the OperationFlag.)
The logic behind this Azure infrastructure code
The concept of introducing the explanations behind the code of the script is to assist the cloud directors who wish to maintain reusing the code of this text and add new capabilities. The purpose is to work as little as potential within the code and rely extra on the JSON recordsdata to supply the cmdlets required in the course of the execution time. The logic behind this code can be utilized in a number of areas, and OperationFlag is simply an concept of tips on how to reap the benefits of code utilizing JSON and Storage Accounts to create a dynamic surroundings. In case you are excited as I’m about Azure DevOps, you would set off a storage copy of the file after it’s dedicated to a repo.
Featured picture: Shutterstock