Exercise - Test and deploy your converted template
You created a Bicep file to represent the virtual machine that runs the toy truck services. Before you commit to using the file in your pipelines, you need to verify that the file accurately represents your current Azure environment. In this module, you'll test and then deploy your Bicep file over your existing Azure resources.
During the process, you'll do the following tasks:
- Run the what-if command to determine the effects of your deployment.
- Deploy the template and verify the deployment status.
Run what-if
Run the what-if command before you deploy your new Bicep file. This command verifies that your Bicep file is valid. The command also provides a list of changes that will occur in your Azure environment when you deploy the file.
Note
In a real migration, you should run the what-if command against your production and non-production environments with the appropriate set of parameters for each environment. Doing so helps you detect any differences in configuration that you might not have uncovered. In this example, you use a single environment, so you only run the what-if operation against that environment.
Caution
The deployment mode you use for the what-if command and the subsequent template deployment might introduce risk. Complete mode deletes any resources defined in the resource group that aren't specified in your template. Often, this is a good practice because it helps you ensure that your Bicep code is complete. However, this option comes with some risk because you might have missed a resource in your migration.
In this exercise, you run the what-if command by using complete mode so that any resources you might have missed are detected. You then run the deployment in incremental mode.
In the Visual Studio Code terminal, run the following command:
az deployment group what-if \ --mode Complete \ --resource-group ToyTruck \ --template-file main.bicep \ --parameters main.parameters.production.jsonWhen prompted, enter a secure password for the
virtualMachineAdminPasswordparameter value.
In the Visual Studio Code terminal, run the following command:
New-AzResourceGroupDeployment ` -WhatIf ` -Mode Complete ` -ResourceGroupName ToyTruck ` -TemplateFile main.bicep ` -TemplateParameterFile main.parameters.production.jsonWhen prompted, enter a secure password for the
virtualMachineAdminPasswordparameter value.
Review the what-if output
Review the what-if output, which looks like the following example:
Note: The result may contain false positive predictions (noise).
You can help us improve the accuracy of the result by opening an issue here: https://aka.ms/WhatIfIssues.
Resource and property changes are indicated with these symbols:
- Delete
~ Modify
x NoEffect
= NoChange
The deployment will update the following scope:
Scope: /subscriptions/f0750bbe-ea75-4ae5-b24d-a92ca601da2c/resourceGroups/TOYTRUCK
- Microsoft.Compute/disks/ToyTruckServer_disk1_23e6a144c4ea4049b3e2be24b78a9e81
id: "/subscriptions/f0750bbe-ea75-4ae5-b24d-a92ca601da2c/resourceGroups/TOYTRUCK/providers/Microsoft.Compute/disks/ToyTruckServer_disk1_23e6a144c4ea4049b3e2be24b78a9e81"
location: "westus3"
managedBy: "/subscriptions/f0750bbe-ea75-4ae5-b24d-a92ca601da2c/resourceGroups/ToyTruck/providers/Microsoft.Compute/virtualMachines/ToyTruckServer"
name: "ToyTruckServer_disk1_23e6a144c4ea4049b3e2be24b78a9e81"
sku.name: "Premium_LRS"
sku.tier: "Premium"
type: "Microsoft.Compute/disks"
~ Microsoft.Network/networkInterfaces/toytruckserver123 [2022-05-01]
- kind: "Regular"
- properties.allowPort25Out: true
~ properties.ipConfigurations: [
~ 0:
- properties.privateIPAddress: "10.0.0.4"
- properties.publicIPAddress.properties.deleteOption: "Detach"
- properties.publicIPAddress.sku:
name: "Basic"
tier: "Regional"
]
x properties.ipConfigurations[0].properties.primary: true
= Microsoft.Compute/virtualMachines/ToyTruckServer [2022-08-01]
x properties.storageProfile.osDisk.managedDisk.storageAccountType: "Premium_LRS"
= Microsoft.Network/networkSecurityGroups/ToyTruckServer-nsg [2022-05-01]
= Microsoft.Network/publicIPAddresses/ToyTruckServer-ip [2022-05-01]
= Microsoft.Network/virtualNetworks/ToyTruck-vnet [2022-05-01]
Resource changes: 1 to delete, 1 to modify, 4 no change.
The output includes three important pieces of information. Let's review each one.
The what-if command detects that the managed disk will be deleted. This output isn't accurate. Managed disks are created automatically when you create virtual machines. Although managed disks appear in the list of resources to be deleted, the virtual machine prevents their deletion. However, adopting a cautious approach is always advisable, so in the next steps you'll run the actual deployment in incremental mode to mitigate the risk of anything going wrong.
The what-if command detects that the
privateIPAddressproperty of thenetworkInterfaceresource is removed. This result is OK, because you removed that property intentionally. TheprivateIPAllocationMethodproperty is set toDynamic, so removing theprivateIPAddressproperty won't have any effect, even though it's a change.The what-if command detects that two properties for the
publicIPAddressof thenetworkInterfaceresource will be deleted. You'll add these properties to fix the problem.
Update the template
In main.bicep, update the networkInterface resource to include the publicIPAddress properties for deleteOption and sku:
resource networkInterface 'Microsoft.Network/networkInterfaces@2022-05-01' = {
name: networkInterfaceName
location: location
properties: {
ipConfigurations: [
{
name: 'ipconfig1'
properties: {
privateIPAllocationMethod: 'Dynamic'
publicIPAddress: {
id: publicIPAddress.id
properties: {
deleteOption: 'Detach'
}
sku: {
name: 'Basic'
tier: 'Regional'
}
}
subnet: {
id: virtualNetwork::defaultSubnet.id
}
primary: true
privateIPAddressVersion: 'IPv4'
}
}
]
enableAcceleratedNetworking: true
enableIPForwarding: false
disableTcpStateTracking: false
networkSecurityGroup: {
id: networkSecurityGroup.id
}
nicType: 'Standard'
}
}
Run the what-if command again
In the Visual Studio Code terminal, run the following command:
az deployment group what-if \ --mode Complete \ --resource-group ToyTruck \ --template-file main.bicep \ --parameters main.parameters.production.jsonWhen prompted, enter a secure password for the
virtualMachineAdminPasswordparameter value.After the operation is finished, review the output. The output will look like the following sample. The
deleteOptionandskuproperties aren't shown in the output.Note: The result may contain false positive predictions (noise). You can help us improve the accuracy of the result by opening an issue here: https://aka.ms/WhatIfIssues. Resource and property changes are indicated with these symbols: - Delete ~ Modify x NoEffect = NoChange The deployment will update the following scope: Scope: /subscriptions/f0750bbe-ea75-4ae5-b24d-a92ca601da2c/resourceGroups/TOYTRUCK - Microsoft.Compute/disks/ToyTruckServer_disk1_23e6a144c4ea4049b3e2be24b78a9e81 id: "/subscriptions/f0750bbe-ea75-4ae5-b24d-a92ca601da2c/resourceGroups/TOYTRUCK/providers/Microsoft.Compute/disks/ToyTruckServer_disk1_23e6a144c4ea4049b3e2be24b78a9e81" location: "westus3" managedBy: "/subscriptions/f0750bbe-ea75-4ae5-b24d-a92ca601da2c/resourceGroups/ToyTruck/providers/Microsoft.Compute/virtualMachines/ToyTruckServer" name: "ToyTruckServer_disk1_23e6a144c4ea4049b3e2be24b78a9e81" sku.name: "Premium_LRS" sku.tier: "Premium" type: "Microsoft.Compute/disks" ~ Microsoft.Network/networkInterfaces/toytruckserver123 [2022-05-01] - kind: "Regular" - properties.allowPort25Out: true ~ properties.ipConfigurations: [ ~ 0: - properties.privateIPAddress: "10.0.0.4" ] x properties.ipConfigurations[0].properties.primary: true = Microsoft.Compute/virtualMachines/ToyTruckServer [2022-08-01] x properties.storageProfile.osDisk.managedDisk.storageAccountType: "Premium_LRS" = Microsoft.Network/networkSecurityGroups/ToyTruckServer-nsg [2022-05-01] = Microsoft.Network/publicIPAddresses/ToyTruckServer-ip [2022-05-01] = Microsoft.Network/virtualNetworks/ToyTruck-vnet [2022-05-01] Resource changes: 1 to delete, 1 to modify, 4 no change.
In the Visual Studio Code terminal, run the following command:
New-AzResourceGroupDeployment ` -WhatIf ` -Mode Complete ` -ResourceGroupName ToyTruck ` -TemplateFile main.bicep ` -TemplateParameterFile main.parameters.production.jsonWhen prompted, enter a secure password for the
virtualMachineAdminPasswordparameter value.After the operation is finished, review the output. The output will look like the following sample. The
deleteOptionandskuproperties aren't shown in the output.Note: The result may contain false positive predictions (noise). You can help us improve the accuracy of the result by opening an issue here: https://aka.ms/WhatIfIssues. Resource and property changes are indicated with these symbols: - Delete ~ Modify x NoEffect = NoChange The deployment will update the following scope: Scope: /subscriptions/f0750bbe-ea75-4ae5-b24d-a92ca601da2c/resourceGroups/TOYTRUCK - Microsoft.Compute/disks/ToyTruckServer_disk1_23e6a144c4ea4049b3e2be24b78a9e81 id: "/subscriptions/f0750bbe-ea75-4ae5-b24d-a92ca601da2c/resourceGroups/TOYTRUCK/providers/Microsoft.Compute/disks/ToyTruckServer_disk1_23e6a144c4ea4049b3e2be24b78a9e81" location: "westus3" managedBy: "/subscriptions/f0750bbe-ea75-4ae5-b24d-a92ca601da2c/resourceGroups/ToyTruck/providers/Microsoft.Compute/virtualMachines/ToyTruckServer" name: "ToyTruckServer_disk1_23e6a144c4ea4049b3e2be24b78a9e81" sku.name: "Premium_LRS" sku.tier: "Premium" type: "Microsoft.Compute/disks" ~ Microsoft.Network/networkInterfaces/toytruckserver123 [2022-05-01] - kind: "Regular" - properties.allowPort25Out: true ~ properties.ipConfigurations: [ ~ 0: - properties.privateIPAddress: "10.0.0.4" ] x properties.ipConfigurations[0].properties.primary: true = Microsoft.Compute/virtualMachines/ToyTruckServer [2022-08-01] x properties.storageProfile.osDisk.managedDisk.storageAccountType: "Premium_LRS" = Microsoft.Network/networkSecurityGroups/ToyTruckServer-nsg [2022-05-01] = Microsoft.Network/publicIPAddresses/ToyTruckServer-ip [2022-05-01] = Microsoft.Network/virtualNetworks/ToyTruck-vnet [2022-05-01] Resource changes: 1 to delete, 1 to modify, 4 no change.
Deploy your template
You know that your Bicep file is valid, and the what-if operation indicates that your template provides the results you expect. You're now ready to deploy your template. If this step succeeds, you should see no effect.
In the Visual Studio Code terminal, run the following command:
az deployment group create \ --resource-group ToyTruck \ --template-file main.bicep \ --parameters main.parameters.production.jsonWhen prompted, enter a secure password for the
virtualMachineAdminPasswordparameter value.Within a few seconds, the deployment finishes successfully.
In the Azure portal, open the resource group. Select 2 Succeeded to view the list of deployments:
The deployment succeeded:
In the Visual Studio Code terminal, run the following command:
New-AzResourceGroupDeployment ` -ResourceGroupName ToyTruck ` -TemplateFile main.bicep ` -TemplateParameterFile main.parameters.production.jsonWhen prompted, enter a secure password for the
virtualMachineAdminPasswordparameter value.Within a few seconds, the deployment finishes successfully.
In the Azure portal, open the resource group. Select the 2 Succeeded link to view the list of deployments:
The deployment succeeded:
Tip
In a real migration, you should also run smoke tests to verify that your resources are still working correctly. A smoke test is a final check to ensure that you didn't make unintentional changes.
Clean up the resources
Now that you've completed the exercise, you can remove the resources so that you aren't billed for them.
In the Visual Studio Code terminal, run the following command:
az group delete --resource-group ToyTruck --yes --no-wait
The resource group and all its resources are deleted in the background.
Remove-AzResourceGroup -Name ToyTruck -Force