-1

This is a known 'issue' from what I've gathered (https://github.com/Azure/azure-quickstart-templates/issues/2786)

I've build a python script that takes in a .csv and builds out an environment. All works fine. I have a second .csv that does peering, it works but making any changes to virtualNetworks after the fact (and not again specifying the subnets) deletes all subnets that were already there. You'd think I could just update my code to create the peerings on the fly in the same script, but I can't...incremental mode doesn't work. I'd like it to be a more dynamic and separate process.

Note: I'm also doing this across subscriptions, so that adds a bit of fun to the mix

Need some help understanding how I can go in after the fact and setup peerings:

Options I see:

  1. Specify again the subnets when doing the peerings - issue with this is that my code will end up getting a lot larger AND the .csv files will be ugly. Not very efficient but it'll work, I think.

  2. Use some kind of conditional in Python that'll perform the peerings at the time of initial build -- chicken and egg issue here and I still can't go back in and peer after the fact. Not to mention that I have a hub/spoke situation going on... so that'll be a lot to work through.

  3. Can you even do this with nesting?

Also, a 'feature' of my script is that it'll spit out all of the completed ARM templates and parameters files when it is done. The whole idea is to make the initiator only have to fill out the .csv to make it all go.

Hopefully I'm missing something. Can post code but there is a lot and it's fairly straight forward.

EDIT: Remove child-parent comment I made which seemed to make it difficult to understand the issue.

Nathan
  • 91
  • 2
  • 10
  • not sure what are talking about when you say `peering is a child of virtualNetworks and subnets are not`. they are both childs of the virtual network and applying peering doesnt affect subnets at all – 4c74356b41 Aug 21 '19 at 13:59
  • Maybe I've got the wording wrong, but the issue is that you cannot do peering independently. If you make a change to a virtualNetwork and do not re-specify the subnets that are already configured, they are completely deleted. Unlike other features where the 'incremental' switch will allow only changed items to propagate. It's in the github link. – Nathan Aug 21 '19 at 17:18
  • And why with the downvote? What could I do better to make this more clear? Feedback is always appreciated. – Nathan Aug 21 '19 at 17:20
  • i have no idea who downvoted you, you can do peering independently – 4c74356b41 Aug 21 '19 at 17:33
  • Doesn't appear to be working. You are able to create a vnet with one ARM template, then return with a completely separate template and do peering only without re-specifying the subnets within the vnet? – Nathan Aug 21 '19 at 17:37
  • yes, you can do that. if you want that, i can share the template – 4c74356b41 Aug 21 '19 at 17:38
  • That would be fantastic if you wouldn't mind. – Nathan Aug 21 '19 at 17:47

1 Answers1

0

this is how you create a peering without modifying other vnet properties:

{
    "apiVersion": "2017-04-01",
    "name": "%vnetname%/%peeringName%",
    "location": "%location%",
    "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
    "properties": {
        "remoteVirtualNetwork": {
            "id": "[resourceId('Microsoft.Network/virtualNetworks', '%vnetName%')]"
        },
        "allowVirtualNetworkAccess": true,
        "allowForwardedTraffic": false,
        "allowGatewayTransit": false,
        "useRemoteGateways": false
    }
}

note, you need to do this twice, one time for each vnet. doing it only on one vnets doesnt achieve anything really.

4c74356b41
  • 59,484
  • 5
  • 63
  • 109
  • That works. I had additional configuration elements mixed. Learning! Thanks for the assist. – Nathan Aug 21 '19 at 18:14