2021-09-01

Azure Application Gateway change subnet

It is possible to change subnet in which is azure application gateway running without need to delete the whole instance and do all configuration from the beggining. It would be faster with recreation than going via process described below. This require quite long service break. I had reserved 2 hours and with little bit of trial-and-fix I managed to fit in.

  

Web UI way

Step 1 set application gateway to be manually scaled.

Step 2 stop application gateway via console command "az network application-gateway stop"

wait to proceeed

Step 3 open appgw page in portal.azure.com

modify URL from

https://portal.azure.com/#@CUSTOMER.onmicrosoft.com/resource/subscriptions/SUBSCRIPTIONID/resourceGroups/RESOURCEGROUP/providers/Microsoft.Network/applicationGateways/APPLICATIONGATEWAY/overview

modify URL to

https://resources.azure.com/#@CUSTOMER.onmicrosoft.com/resource/subscriptions/SUBSCRIPTIONID/resourceGroups/RESOURCEGROUP/providers/Microsoft.Network/applicationGateways/APPLICATIONGATEWAY

Step 4 open modified page

Step 5 click get and search in page "subnet". We are going to modify this value only.

Step 6 switch to read/write mode on top of the page

Step 7 click on button edit

Step 8 find again "subnet" and modify name or path to subnet which you want to use

Step 9 click press PUT and wait for green tick on the screen

Step 10 if there is an orange warning, scroll to bottom of the page and there is additional text area explaining what is causing problem. Fix it and repeat.

Step 11 wait till update is done. There is no need to start application gateway again, because update will start it.

Azure Cloud Shell

Alternatively it's possible to do it with commands via Azure cloud shell or similar.

Check settings

az network application-gateway show --subscription <SUBSCRIPTIONID> --resource-group <RESOURCEGROUP> --name <APPLICATIONGATEWAY> --query gatewayIpConfigurations

Stop AppGw

az network application-gateway stop --subscription <SUBSCRIPTIONID> --resource-group <RESOURCEGROUP> --name <APPLICATIONGATEWAY>

Get JSON 

az network application-gateway show --subscription <SUBSCRIPTIONID> --resource-group <RESOURCEGROUP> --name <APPLICATIONGATEWAY> --output json

Prepare JSON by modify the value of subnet. Next stop shrink it to one line (visual studio code and shift+tab) and put as one liner. 

Post it

az network application-gateway update --subscription <SUBSCRIPTIONID> --resource-group <RESOURCEGROUP> --name  <APPLICATIONGATEWAY> --set gatewayIpConfigurations[0].subnet.id='[{"id": "/subscriptions/<SUBSCRIPTIONID>/resourceGroups/<RESOURCEGROUP>/providers/Microsoft.Network/applicationGateways/ <APPLICATIONGATEWAY>/gatewayIPConfigurations/appGatewayFrontendIP","name": "appGatewayFrontendIP","provisioningState": "Succeeded","resourceGroup": "<RESOURCEGROUP>","subnet": {"id": "/subscriptions/<SUBSCRIPTIONID>/resourceGroups/<RESOURCEGROUP>/providers/Microsoft.Network/virtualNetworks/<VNET>/subnets/<SUBNET>","resourceGroup": "<RESOURCEGROUP>"},"type": "Microsoft.Network/applicationGateways/gatewayIPConfigurations"}]'

Start

az network application-gateway start --subscription <SUBSCRIPTIONID> --resource-group <RESOURCEGROUP> --name <APPLICATIONGATEWAY>

Beware

There is some leftover network device after application gateway migration, so you cannot easily delete subnet you used for migration. See output of trial of deleting that subnet:

az network vnet subnet delete --ids /subscriptions/<SUBSCRIPTIONID>/resourceGroups/<RESOURCEGROUP>/providers/Microsoft.Network/virtualNetworks/<VNET>/subnets/<SUBNET>

(InUseSubnetCannotBeDeleted) Subnet <SUBNET> is in use by subscriptions/<SUBSCRIPTIONID>/resourceGroups/<WEIRDRESOURCEGROUPARMRG>/providers/Microsoft.Network/networkInterfaces/|providers|Microsoft.Compute|virtualMachineScaleSets|appgw|virtualMachines|1|networkInterfaces|custnic and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet.

This I could resolve without help of Microsoft Support, so I created a ticket. Here is solution summary:

It was due to an error i.e. when the App GW was moved to other subnet from these subnet it was not completely removed in the backend due to which you were not able to delete the subnet   

  • Initially I informed you that all the delegations and the service endpoints need to be removed before proceeding with the deletion of the subnet.
  • You confirmed that you removed all the delegations and the service endpoints and I could see the same from my end that they got removed.
  • I suggested you to try the deletion again but the deletion still kept failing.
  • I asked for the error messages that you were receiving for reference.
  • Upon further troubleshooting we could see that the traces of Network Interface card of the AppGW that was previously present in those subnet were not deleted properly in the backend.
  • We engaged the backend team to do a manual cleanup of the traces left.
  • PG team completed the manual cleanup after which I requested you to try the deletion again and you confirmed that the deletion was successful.
  • You informed us that the ticket can be archived. 
It was quite exhausing process in the end, but thankfully working even it took several days to close it.

Žádné komentáře :

Okomentovat

Dotaz, připomínka, oprava?
(pokud máte problém s vložením příspěvku, vyzkoušejte to v prohlížeči Chrome)