It is possible to change subnet in which is azure application gateway running without need to delete the whole instance and do all configuration from the beggining. It would be faster with recreation than going via process described below. This require quite long service break. I had reserved 2 hours and with little bit of trial-and-fix I managed to fit in.
Web UI way
Step 1 set application gateway to be manually scaled.
Step 2 stop application gateway via console command "az network application-gateway stop"
wait to proceeed
Step 3 open appgw page in portal.azure.com
modify URL from
https://portal.azure.com/#@CUSTOMER.onmicrosoft.com/resource/subscriptions/SUBSCRIPTIONID/resourceGroups/RESOURCEGROUP/providers/Microsoft.Network/applicationGateways/APPLICATIONGATEWAY/overview
modify URL to
https://resources.azure.com/#@CUSTOMER.onmicrosoft.com/resource/subscriptions/SUBSCRIPTIONID/resourceGroups/RESOURCEGROUP/providers/Microsoft.Network/applicationGateways/APPLICATIONGATEWAY
Step 4 open modified page
Step 5 click get and search in page "subnet". We are going to modify this value only.
Step 6 switch to read/write mode on top of the page
Step 7 click on button edit
Step 8 find again "subnet" and modify name or path to subnet which you want to use
Step 9 click press PUT and wait for green tick on the screen
Step 10 if there is an orange warning, scroll to bottom of the page and there is additional text area explaining what is causing problem. Fix it and repeat.
Step 11 wait till update is done. There is no need to start application gateway again, because update will start it.
Azure Cloud Shell
Alternatively it's possible to do it with commands via Azure cloud shell or similar.
Check settings
az network application-gateway show --subscription <SUBSCRIPTIONID> --resource-group <RESOURCEGROUP> --name <APPLICATIONGATEWAY> --query gatewayIpConfigurations
Stop AppGw
az network application-gateway stop --subscription <SUBSCRIPTIONID> --resource-group <RESOURCEGROUP> --name <APPLICATIONGATEWAY>
Get JSON
az network application-gateway show --subscription <SUBSCRIPTIONID> --resource-group <RESOURCEGROUP> --name <APPLICATIONGATEWAY> --output json
Prepare JSON by modify the value of subnet. Next stop shrink it to one line (visual studio code and shift+tab) and put as one liner.
Post it
az network application-gateway update --subscription <SUBSCRIPTIONID> --resource-group <RESOURCEGROUP> --name <APPLICATIONGATEWAY> --set gatewayIpConfigurations[0].subnet.id='[{"id": "/subscriptions/<SUBSCRIPTIONID>/resourceGroups/<RESOURCEGROUP>/providers/Microsoft.Network/applicationGateways/ <APPLICATIONGATEWAY>/gatewayIPConfigurations/appGatewayFrontendIP","name": "appGatewayFrontendIP","provisioningState": "Succeeded","resourceGroup": "<RESOURCEGROUP>","subnet": {"id": "/subscriptions/<SUBSCRIPTIONID>/resourceGroups/<RESOURCEGROUP>/providers/Microsoft.Network/virtualNetworks/<VNET>/subnets/<SUBNET>","resourceGroup": "<RESOURCEGROUP>"},"type": "Microsoft.Network/applicationGateways/gatewayIPConfigurations"}]'
Start
az network application-gateway start --subscription <SUBSCRIPTIONID> --resource-group <RESOURCEGROUP> --name <APPLICATIONGATEWAY>
Beware
There is some leftover network device after application gateway migration, so you cannot easily delete subnet you used for migration. See output of trial of deleting that subnet:
az network vnet subnet delete --ids /subscriptions/<SUBSCRIPTIONID>/resourceGroups/<RESOURCEGROUP>/providers/Microsoft.Network/virtualNetworks/<VNET>/subnets/<SUBNET>
(InUseSubnetCannotBeDeleted) Subnet <SUBNET> is in use by subscriptions/<SUBSCRIPTIONID>/resourceGroups/<WEIRDRESOURCEGROUPARMRG>/providers/Microsoft.Network/networkInterfaces/|providers|Microsoft.Compute|virtualMachineScaleSets|appgw|virtualMachines|1|networkInterfaces|custnic and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet.
This I could resolve without help of Microsoft Support, so I created a ticket. Here is solution summary:
It was due to an error i.e. when the App GW was moved to other subnet from these subnet it was not completely removed in the backend due to which you were not able to delete the subnet
- Initially I informed you that all the delegations and the service endpoints need to be removed before proceeding with the deletion of the subnet.
- You confirmed that you removed all the delegations and the service endpoints and I could see the same from my end that they got removed.
- I suggested you to try the deletion again but the deletion still kept failing.
- I asked for the error messages that you were receiving for reference.
- Upon further troubleshooting we could see that the traces of Network Interface card of the AppGW that was previously present in those subnet were not deleted properly in the backend.
- We engaged the backend team to do a manual cleanup of the traces left.
- PG team completed the manual cleanup after which I requested you to try the deletion again and you confirmed that the deletion was successful.
- You informed us that the ticket can be archived.
Žádné komentáře :
Okomentovat
Dotaz, připomínka, oprava?
(pokud máte problém s vložením příspěvku, vyzkoušejte to v prohlížeči Chrome)