Create point-to-site connection for all web apps slots using powershell

1
votes

I'm following the tutorial from here https://azure.microsoft.com/pl-pl/documentation/articles/app-service-vnet-integration-powershell/ where I've a script which allows me to connect multiple web apps with VNet.

The issue is our web apps have few deployment slots and when this script is run it only updates currently used slot. I wasn't able to get web app from different slot by the name, also I don't see any parameter which would apply my configuration to all slots.

Script for the reference: 

function ConnectWebAppWithVNet()
{
    param(
            $SubscriptionId,
            $VNetResourceGroupName,
            $AppResourceGroupName,
            $WebAppName,
            $VNetName,
            $GatewayName,
            $P2SRootCertName2,
            $MyP2SCertPubKeyBase64_2
    )
    $webApp = Get-AzureRmResource -ResourceName $WebAppName -ResourceType "Microsoft.Web/sites" -ApiVersion 2015-08-01 -ResourceGroupName $AppResourceGroupName
    $location = $webApp.Location

    $vnet = Get-AzureRmVirtualNetwork -name $VNetName -ResourceGroupName $VNetResourceGroupName

    $gateway = Get-AzureRmVirtualNetworkGateway -ResourceGroupName $vnet.ResourceGroupName -Name $GatewayName

    # validate gateway types, etc.
    if($gateway.GatewayType -ne "Vpn")
    {
        Write-Error "This gateway is not of the Vpn type. It cannot be joined to an App."
        return
    }

    if($gateway.VpnType -ne "RouteBased")
    {
        Write-Error "This gateways Vpn type is not RouteBased. It cannot be joined to an App."
        return
    }

    if($gateway.VpnClientConfiguration -eq $null -or $gateway.VpnClientConfiguration.VpnClientAddressPool -eq $null)
    {
        Write-Host "This gateway does not have a Point-to-site Address Range. Please specify one in CIDR notation, e.g. 10.0.0.0/8"
        return
    }

    Write-Host "Creating App association to VNET"
    $propertiesObject = @{
     "vnetResourceId" = "/subscriptions/$($subscriptionId)/resourceGroups/$($vnet.ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/$($vnetName)"
    }

    $virtualNetwork = New-AzureRmResource -Location $location -Properties $propertiesObject -ResourceName "$($webAppName)/$($vnet.Name)" -ResourceType "Microsoft.Web/sites/virtualNetworkConnections" -ApiVersion 2015-08-01 -ResourceGroupName $AppResourceGroupName -Force

    # We need to check if the certificate here exists in the gateway.
    $certificates = $gateway.VpnClientConfiguration.VpnClientRootCertificates

    $certFound = $false
    foreach($certificate in $certificates)
    {
        if($certificate.PublicCertData -eq $virtualNetwork.Properties.CertBlob)
        {
            $certFound = $true
            break
        }
    }

    if(-not $certFound)
    {
        Write-Host "Adding certificate"
        Add-AzureRmVpnClientRootCertificate -ResourceGroupName $VNetResourceGroupName -VpnClientRootCertificateName "AppServiceCertificate.cer" -PublicCertData $virtualNetwork.Properties.CertBlob -VirtualNetworkGatewayName $gateway.Name
    }

    # Now finish joining by getting the VPN package and giving it to the App
    Write-Host "Retrieving VPN Package and supplying to App"
    $packageUri = Get-AzureRmVpnClientPackage -ResourceGroupName $vnet.ResourceGroupName -VirtualNetworkGatewayName $gateway.Name -ProcessorArchitecture Amd64

    # Put the VPN client configuration package onto the App
    $PropertiesObject = @{
    "vnetName" = $vnet.Name; "vpnPackageUri" = $packageUri
    }

    New-AzureRmResource -Location $location -Properties $propertiesObject -ResourceName "$($webAppName)/$($vnet.Name)/primary" -ResourceType "Microsoft.Web/sites/virtualNetworkConnections/gateways" -ApiVersion 2015-08-01 -ResourceGroupName $AppResourceGroupName -Force

    Write-Host "Finished!"
}
2
azure-powershellazure-virtual-network
Did you manage to solve this? I'm having the same issue.Kenneth
@Kenneth I've described my situation in answer nowTomasz Gawlik

2 Answers

1
votes

If your web app is already connected to VPN there is a way to connect also its slot.

$webAppName = "name_of_app_service"
$resourceGroup = "name_of_resource_group"
$vnetName = "name_of_vnet"
$slotName = "staging"


$resName = $webAppName + "/" + $slotName
$WebAppConfig = Get-AzureRmResource -ResourceGroupName $resourceGroup -ResourceType Microsoft.Web/sites/slots/config -ResourceName $resName -ApiVersion 2016-08-01
$WebAppConfig.Properties.vnetName = $vnetName
Set-AzureRmResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion 2016-08-01 # -Force
0
votes

I've manged to get help from Azure support and we've found out the problem:

I've created secondary slot without cloning the configuration settings from main slot. If this setting would be selected, secondary slot would be connected automatically. In my case I couldn't recreate slot so I needed to manually connect secondary slot after swapping.