-
Notifications
You must be signed in to change notification settings - Fork 9
/
migration_graph_query.txt
67 lines (67 loc) · 7.6 KB
/
migration_graph_query.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
resources
| where type == 'microsoft.network/loadbalancers' and sku.name == 'Basic'
| project fes = properties.frontendIPConfigurations, bes = properties.backendAddressPools,['id'],['tags'],subscriptionId,resourceGroup,name
| extend backendPoolCount = array_length(bes)
| extend internalOrExternal = iff(isnotempty(fes),iff(isnotempty(fes[0].properties.privateIPAddress),'Internal','External'),'None')
| join kind=leftouter hint.strategy=shuffle (
resources
| where type == 'microsoft.network/publicipaddresses'
| where properties.publicIPAddressVersion == 'IPv6'
| extend publicIPv6LBId = tostring(split(properties.ipConfiguration.id,'/frontendIPConfigurations/')[0])
| distinct publicIPv6LBId
) on $left.id == $right.publicIPv6LBId
| join kind = leftouter hint.strategy=shuffle (
resources
| where type == 'microsoft.network/networkinterfaces' and isnotempty(properties.virtualMachine.id)
| extend vmNICHasNSG = isnotnull(properties.networkSecurityGroup.id)
| extend vmNICSubnetIds = tostring(extract_all('(/subscriptions/[a-f0-9-]+?/resourceGroups/[a-zA-Z0-9-_]+?/providers/Microsoft.Network/virtualNetworks/[a-zA-Z0-9-_]+?/subnets/[a-zA-Z0-9-_]*)',tostring(properties.ipConfigurations)))
| mv-expand ipConfigs = properties.ipConfigurations
| extend vmPublicIPId = extract('/subscriptions/[a-f0-9-]+?/resourceGroups/[a-zA-Z0-9-_]+?/providers/Microsoft.Network/publicIPAddresses/[a-zA-Z0-9-_]*',0,tostring(ipConfigs))
| where isnotempty(ipConfigs.properties.loadBalancerBackendAddressPools)
| mv-expand bes = ipConfigs.properties.loadBalancerBackendAddressPools
| extend nicLoadBalancerId = tostring(split(bes.id,'/backendAddressPools/')[0])
| summarize vmNICsNSGStatus = make_set(vmNICHasNSG) by nicLoadBalancerId,vmPublicIPId,vmNICSubnetIds
| extend allVMNicsHaveNSGs = set_has_element(vmNICsNSGStatus,False)
| summarize publicIpCount = dcount(vmPublicIPId) by nicLoadBalancerId, allVMNicsHaveNSGs, vmNICSubnetIds
) on $left.id == $right.nicLoadBalancerId
| join kind = leftouter (
resources
| where type == 'microsoft.compute/virtualmachinescalesets'
| extend vmssSubnetIds = tostring(extract_all('(/subscriptions/[a-f0-9-]+?/resourceGroups/[a-zA-Z0-9-_]+?/providers/Microsoft.Network/virtualNetworks/[a-zA-Z0-9-_]+?/subnets/[a-zA-Z0-9-_]*)',tostring(properties.virtualMachineProfile.networkProfile.networkInterfaceConfigurations)))
| mv-expand nicConfigs = properties.virtualMachineProfile.networkProfile.networkInterfaceConfigurations
| extend vmssNicHasNSG = isnotnull(properties.networkSecurityGroup.id)
| mv-expand ipConfigs = nicConfigs.properties.ipConfigurations
| extend vmssHasPublicIPConfig = iff(tostring(ipConfigs) matches regex @'publicIPAddressVersion',true,false)
| where isnotempty(ipConfigs.properties.loadBalancerBackendAddressPools)
| mv-expand bes = ipConfigs.properties.loadBalancerBackendAddressPools
| extend vmssLoadBalancerId = tostring(split(bes.id,'/backendAddressPools/')[0])
| summarize vmssNICsNSGStatus = make_set(vmssNicHasNSG) by vmssLoadBalancerId, vmssHasPublicIPConfig, vmssSubnetIds
| extend allVMSSNicsHaveNSGs = set_has_element(vmssNICsNSGStatus,False)
| distinct vmssLoadBalancerId, vmssHasPublicIPConfig, allVMSSNicsHaveNSGs, vmssSubnetIds
) on $left.id == $right.vmssLoadBalancerId
| extend subnetIds = set_difference(todynamic(coalesce(vmNICSubnetIds,vmssSubnetIds)),dynamic([])) // return only unique subnet ids
| mv-expand subnetId = subnetIds
| extend subnetId = tostring(subnetId)
| project-away vmNICSubnetIds, vmssSubnetIds, subnetIds
| extend backendType = iff(isnotempty(bes),iff(isnotempty(nicLoadBalancerId),'VMs',iff(isnotempty(vmssLoadBalancerId),'VMSS','Empty')),'Empty')
| extend lbHasIPv6PublicIP = iff(isnotempty(publicIPv6LBId),true,false)
| project-away fes, bes, nicLoadBalancerId, vmssLoadBalancerId, publicIPv6LBId, subnetId
| extend vmsHavePublicIPs = iff(publicIpCount > 0,true,false)
| extend vmssHasPublicIPs = iff(isnotempty(vmssHasPublicIPConfig),vmssHasPublicIPConfig,false)
| extend warnings = dynamic([])
| extend errors = dynamic([])
| extend warnings = iff(vmssHasPublicIPs,array_concat(warnings,dynamic(['VMSS instances have Public IPs: VMSS Public IPs will change during migration','VMSS instances have Public IPs: NSGs will be required for internet access through VMSS instance public IPs once upgraded to Standard SKU'])),warnings)
| extend warnings = iff(vmsHavePublicIPs,array_concat(warnings,dynamic(['VMs have Public IPs: NSGs will be required for internet access through VM public IPs once upgraded to Standard SKU'])),warnings)
| extend warnings = iff((backendType == 'VMs' and internalOrExternal == 'Internal' and not(vmsHavePublicIPs)),array_concat(warnings,dynamic(['Internal Load Balancer: LB is internal and VMs do not have Public IPs. Unless internet traffic is already being routed through an NVA, VMs will have no internet connectivity post-migration without additional action.'])),warnings)
| extend warnings = iff((backendType == 'VMSS' and internalOrExternal == 'Internal' and not(vmssHasPublicIPs)),array_concat(warnings,dynamic(['Internal Load Balancer: LB is internal and VMSS instances do not have Public IPs. Unless internet traffic is already being routed through an NVA, VMSS instances will have no internet connectivity post-migration without additional action.'])),warnings)
| extend warnings = iff((internalOrExternal == 'External' and backendPoolCount > 1),array_concat(warnings,dynamic(['External Load Balancer: LB is external and has multiple backend pools. Outbound rules will not be created automatically.'])),warnings)
| extend warnings = iff((backendType == 'VMs' and (vmsHavePublicIPs or internalOrExternal == 'External') and not(allVMNicsHaveNSGs)),array_concat(warnings,dynamic(['VMs Missing NSGs: Not all VM NICs or subnets have associated NSGs. An NSG will be created to allow load balanced traffic, but it is preferred that you create and associate an NSG before starting the migration.'])),warnings)
| extend warnings = iff((backendType == 'VMSS' and (vmssHasPublicIPs or internalOrExternal == 'External') and not(allVMSSNicsHaveNSGs)),array_concat(warnings,dynamic(['VMSS Missing NSGs: Not all VMSS NICs or subnets have associated NSGs. An NSG will be created to allow load balanced traffic, but it is preferred that you create and associate an NSG before starting the migration.'])),warnings)
| extend warnings = iff((bag_keys(tags) contains 'resourceType' and tags['resourceType'] == 'Service Fabric'),array_concat(warnings,dynamic(['Service Fabric LB: LB appears to be in front of a Service Fabric Cluster. Unmanaged SF clusters may take an hour or more to migrate; managed are not supported'])),warnings)
| extend warningCount = array_length(warnings)
| extend errors = iff((internalOrExternal == 'External' and lbHasIPv6PublicIP),array_concat(errors,dynamic(['External Load Balancer has IPv6: LB is external and has an IPv6 Public IP. Basic SKU IPv6 public IPs cannot be upgraded to Standard SKU'])),errors)
| extend errors = iff((id matches regex @'/(kubernetes|kubernetes-internal)^' or (bag_keys(tags) contains 'aks-managed-cluster-name')),array_concat(errors,dynamic(['AKS Load Balancer: Load balancer appears to be in front of a Kubernetes cluster, which is not supported for migration'])),errors)
| extend errorCount = array_length(errors)
| project id,internalOrExternal,warnings,errors,warningCount,errorCount,subscriptionId,resourceGroup,name
| sort by errorCount,warningCount
| project-away errorCount,warningCount