Jump to content


Photo

Provisionning Nextgen FW in Azure using powershell in ARM mode

azure

Best Answer ekawka, 04 December 2015 - 04:32 AM

Tobias,

 

Correct, I missed that :wacko: . Thanks!

Go to the full post


This topic has been archived. This means that you cannot reply to this topic.
4 replies to this topic

#1 ekawka

ekawka
  • Members
  • 3 posts

Posted 03 December 2015 - 03:19 PM

Hello,

 

I'm trying to convert the powershell provisionning script provided in the documentation from classic mode to ressource manager mode (ARM). After a few hours, I think I have something that would more or less work, however, I'm still missing an information (what Microsoft call the Plan, which is an hashtable composed of three fields: "name", "publisher" and "product").

 

Azure does not want to provision the VM if Plan is not provided :(

 

I looked for a way to get these informations in Powershell for hours without success. There's nothing too in Azure preview portal.

 

Any idea on how to find these values?

 

Here is my script, I try to fix the values line 45:

  1. $LocationIPR = 'West Europe'
  2. $ResourceGN = 'SecurityTestsRessourceGroup'
  3. $VnetName = 'SecurityTestsVNet'
  4.  
  5. $StorageAccountName = "securtitytestssa1"
  6. $storageAccountResourceGroupName = "SecurityTestVMsResourceGroup"
  7. $imageName = "810d5f35ce8748c686feabed1344911c__BarracudaNGFirewall-6.1.1-075-byol"
  8. $FWName = "BIBFwNode1"
  9. $instanceSize = "Standard_D2"
  10. $availabilitySetName ="BIBFWCluster"
  11. $subnetFrontName = "WebFacing"
  12. $frontIP = "10.221.207.244"
  13. $subnetBackName = "Subnet1"
  14. $backIP = "10.221.207.24"
  15. $serviceName = "WebFrontend"
  16. $reservedIPName = "WebFrontendReservedIP"
  17. $publicNICName = $FWName + $subnetFrontName + "NIC"
  18. $privateNICName = $FWName + $subnetBackName + "NIC"
  19. $FWPublicIPName = $FWName + "PublicIP"
  20. $diskName = $FWName + "OSDisk";
  21.  
  22. # Get latest image (can only be done in Service Mnagement mode !!!)
  23. #Switch-AzureMode -Name AzureServiceManagement
  24.  
  25. #$image = Get-AzureVMImage | where { $_.ImageFamily -Match "Barracuda NextGen Firewall F-Series*"} | sort PublishedDate -Descending | select -ExpandProperty ImageName -First 1
  26. Switch-AzureMode -Name AzureResourceManager
  27.  
  28. # Get Barracuda FW image
  29. $image = Get-AzureVMImage -Location $LocationIPR -PublisherName "barracudanetworks" -Offer "barracuda-ng-firewall" -Skus "hourly"
  30.  
  31. #
  32. # Creates the VM
  33. #
  34.  
  35. # First creates the config
  36. $availibilitySet = New-AzureAvailabilitySet -Name $availabilitySetName -ResourceGroupName $ResourceGN -Location $LocationIPR
  37. $availibilitySet = Get-AzureAvailabilitySet -Name $availabilitySetName -ResourceGroupName $ResourceGN
  38. $vm1 = New-AzureVMConfig -VMName $FWName -VMSize $instanceSize -AvailabilitySetId $availibilitySet.Id
  39. $cred = Get-Credential -Message "Enter credentials for new admin user. User name is ignored by Barracuda FW. Avoid 'Admin' as it is not allowed by Azure."
  40. Set-AzureVMOperatingSystem -VM $vm1 -Linux -Credential $cred -ComputerName $FWName
  41. Set-AzureVMSourceImage -VM $vm1 -PublisherName $image[0].PublisherName -Offer $image[0].Offer -Skus $image[0].Skus -Version $image[0].Version
  42.  
  43. # Set Plan (did not find any cmdlet for that)
  44. # Need to check valuse...
  45. $vm1.Plan = @{"name"= ""; "publisher"= $image.PublisherName; "product" = $image.Offer}
  46.  
  47. # Set the OS Disk storage account (retrieve storage account uri, generate a new one for os disk in blob container)
  48. $storageAccount = Get-AzureStorageAccount -ResourceGroupName $storageAccountResourceGroupName -Name $StorageAccountName
  49. $osDiskURI = $storageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $diskName + ".vhd"
  50. Set-AzureVMOSDisk -VM $vm1 -Name $diskName -VhdUri $osDiskURI -CreateOption fromImage
  51.  
  52. # Then define endpoints
  53. Add-AzureEndpoint -Protocol tcp -LocalPort 22 -PublicPort 22 -Name "SSH" -VM $vm1
  54. Add-AzureEndpoint -Protocol tcp -LocalPort 807 -PublicPort 807 -Name "MGMT" -VM $vm1
  55. Add-AzureEndpoint -Protocol tcp -LocalPort 691 -PublicPort 691 -Name "TINAVPN" -VM $vm1
  56.  
  57. # Configure first NIC in Web Facing subnet
  58.  
  59. # What's our VNET config?
  60. $vnet = Get-AzureVirtualNetwork -Name $VnetName -ResourceGroupName $ResourceGN
  61. $subnetFront = Get-AzureVirtualNetworkSubnetConfig -Name $subnetFrontName -VirtualNetwork $vnet
  62. $subnetBack = Get-AzureVirtualNetworkSubnetConfig -Name $subnetBackName -VirtualNetwork $vnet
  63.  
  64. # We need a public IP first
  65. $publicIP = New-AzurePublicIpAddress -name $FWPublicIPName -ResourceGroupName $ResourceGN -Location $LocationIPR -AllocationMethod Dynamic
  66. $frontNIC = New-AzureNetworkInterface -Name $publicNICName -ResourceGroupName $ResourceGN -Location $LocationIPR -PrivateIpAddress $frontIP `
  67.             -SubnetId $subnetFront.Id -PublicIpAddressId $publicIP.Id
  68.             
  69. Add-AzureVMNetworkInterface -VM $vm1 -Id $frontNIC.id -Primary
  70.  
  71. # Configure internal NIC
  72. $backNIC = New-AzureNetworkInterface -Name $privateNICName -ResourceGroupName $ResourceGN -Location $LocationIPR -PrivateIpAddress $backIP `
  73.             -SubnetId $subnetBack.Id
  74.  
  75. Add-AzureVMNetworkInterface -VM $vm1 -Id $backNIC.id
  76.  
  77. # Creates the VM
  78. New-AzureVM -ResourceGroupName $ResourceGN -VM $vm1 -Location $LocationIPR -Verbose $true -Debug $true

 



#2 Tobias Witek

Tobias Witek
  • Barracuda Team Members
  • 14 posts

Posted 04 December 2015 - 03:45 AM

Hello,

 

In ARM Mode:

  • In order to get the "Publisher":  Get-AzureVMImagePublisher -Location <location> | Where-Object { $_.PublisherName -match "barracuda" }
  • With the publisher, you can get the "Offer":  Get-AzureVMImageOffer -Location <location> -PublisherName barracudanetworks
  • With the "Publisher" and the "Offer", you can get the SKU (in case you need that, too):  Get-AzureVMImageSku -Location <location> -PublisherName barracudanetworks -Offer barracuda-ng-firewall 

I have never used "Set-AzureVMOSDisk" yet, but it's possible that "Name" actually refers to the "Offer" and "Product" to the SKU. At least in the ARM templates, that (+ Publisher) are the 3 pieces of information you need to instantiate a new VM.

 

I hope this information is helpful!

 

Best regards,

 

Tobias



#3 ekawka

ekawka
  • Members
  • 3 posts

Posted 04 December 2015 - 04:14 AM

Hello Tobias,

 

Thanks for your help. Late last night, I finally found the solution. I came to the same conclusion than you: product is the offer (got it with Get-AzureVMImageOffer) and publisher is the publisher name (got it with Get-AzureVMImagePublisher). 

 

However, the name is not the SKU :(. I finally got it by creating a FW instance with the preview portal and then get the vm information in powershell with get-AzureVm cmdlet.

 

In my case, name should be set to "hourly" as I am in pay as you go mode.

 

I think that's not the best way to get the information, but it works. If you have any idea on how to get it programatically, I'm still interrestd ;)

 



#4 Tobias Witek

Tobias Witek
  • Barracuda Team Members
  • 14 posts

Posted 04 December 2015 - 04:23 AM

Hello,

 

1. Happy to hear you got it to work :-)
 

2. That actually does look like the SKU:

PS C:\> Get-AzureVMImageSku -Location westeurope -PublisherName barracudanetworks -Offer barracuda-ng-firewall

Skus                    Offer                   PublisherName           Location                Id
----                    -----                   -------------           --------                --
byol                    barracuda-ng-firewall   barracudanetworks       westeurope              /Subscriptions/bde58...
hourly                  barracuda-ng-firewall   barracudanetworks       westeurope              /Subscriptions/bde58...

Cheers,

 

Tobias



#5 ekawka

ekawka
  • Members
  • 3 posts

Posted 04 December 2015 - 04:32 AM   Best Answer

Tobias,

 

Correct, I missed that :wacko: . Thanks!