forked from erjosito/azcli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sqlmi.azcli
46 lines (34 loc) · 3.55 KB
/
sqlmi.azcli
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# From https://docs.microsoft.com/en-us/azure/sql-database/scripts/sql-database-create-configure-managed-instance-cli
randomIdentifier=$RANDOM
resource="sqlmi"
location="westeurope"
vnet="vnet-$randomIdentifier"
subnet="subnet-$randomIdentifier"
nsg="nsg-$randomIdentifier"
route="route-$randomIdentifier"
instance="instance-$randomIdentifier"
login="azure"
password='samplePassword123!'
echo "Using resource group $resource with login: $login, password: $password..."
echo "Creating $resource..."
az group create --name $resource --location "$location"
echo "Creating $vnet with $subnet..."
az network vnet create --name $vnet --resource-group $resource --location "$location" --address-prefixes 10.0.0.0/16
az network vnet subnet create --name $subnet --resource-group $resource --vnet-name $vnet --address-prefixes 10.0.0.0/24
echo "Creating $nsg..."
az network nsg create --name $nsg --resource-group $resource --location "$location"
az network nsg rule create --name "allow_management_inbound" --nsg-name $nsg --priority 100 --resource-group $resource --access Allow --destination-address-prefixes 10.0.0.0/24 --destination-port-ranges 9000 9003 1438 1440 1452 --direction Inbound --protocol Tcp --source-address-prefixes '*' --source-port-ranges '*'
az network nsg rule create --name "allow_misubnet_inbound" --nsg-name $nsg --priority 200 --resource-group $resource --access Allow --destination-address-prefixes 10.0.0.0/24 --destination-port-ranges '*' --direction Inbound --protocol '*' --source-address-prefixes 10.0.0.0/24 --source-port-ranges '*'
az network nsg rule create --name "allow_health_probe_inbound" --nsg-name $nsg --priority 300 --resource-group $resource --access Allow --destination-address-prefixes 10.0.0.0/24 --destination-port-ranges '*' --direction Inbound --protocol '*' --source-address-prefixes AzureLoadBalancer --source-port-ranges '*'
az network nsg rule create --name "allow_management_outbound" --nsg-name $nsg --priority 1100 --resource-group $resource --access Allow --destination-address-prefixes AzureCloud --destination-port-ranges 443 12000 --direction Outbound --protocol Tcp --source-address-prefixes 10.0.0.0/24 --source-port-ranges '*'
az network nsg rule create --name "allow_misubnet_outbound" --nsg-name $nsg --priority 200 --resource-group $resource --access Allow --destination-address-prefixes 10.0.0.0/24 --destination-port-ranges '*' --direction Outbound --protocol '*' --source-address-prefixes 10.0.0.0/24 --source-port-ranges '*'
echo "Creating $route..."
az network route-table create --name $route --resource-group $resource --location "$location"
az network route-table route create --address-prefix 0.0.0.0/0 --name "primaryToMIManagementService" --next-hop-type Internet --resource-group $resource --route-table-name $route
az network route-table route create --address-prefix 10.0.0.0/24 --name "ToLocalClusterNode" --next-hop-type VnetLocal --resource-group $resource --route-table-name $route
echo "Configuring $subnet with $nsg and $route..."
az network vnet subnet update --name $subnet --network-security-group $nsg --route-table $route --vnet-name $vnet --resource-group $resource
az network vnet subnet update --resource-group $resource --name $subnet --vnet-name $vnet --delegations Microsoft.Sql/managedInstances
# az network vnet subnet update --resource-group $resource --name $subnet --vnet-name $vnet --remove delegations
echo "Creating $instance with $vnet and $subnet..."
az sql mi create --admin-password $password --admin-user $login --name $instance --resource-group $resource --subnet $subnet --vnet-name $vnet --location "$location"