|
|
| (14 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| = Azure tools = | | = Install Az PowerShell module = |
| * az - Azure CLI
| | Note <tt>az</tt> replaced <tt>AzureRM</tt> that is backwards compatible but both shouldn't be installed at the same time. [https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azurermps-6.12.0 Official installation guide] might come here very handy. Otherwise follow quick steps: |
| * Powershell AZModule eg. to copy files - requires PS 5.1+
| |
| * blob storage .msi
| |
| * Powershell DSC Desired State Configuration system
| |
| * VMagent custom script extension - runs on Azure VMs, allows to run one-off scripts
| |
| | |
| == [https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest az] - Azure CLI ==
| |
| [https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest Install Az cli]
| |
| <source>
| |
| # Linux
| |
| curl -L https://aka.ms/InstallAzureCli | bash
| |
| | |
| #Windows - download and install msi
| |
| PS C:> wget https://aka.ms/installazurecliwindows
| |
| PS C:> wget https://azurecliprod.blob.core.windows.net/msi/azure-cli-2.0.63.msi
| |
| </source> | |
| | |
| Login and basic commands
| |
| <source>
| |
| PS C:> az login
| |
| PS C:> az account show --output table
| |
| EnvironmentName IsDefault Name State TenantId
| |
| ----------------- ----------- --------------------------- ------- ------------------------------------
| |
| AzureCloud True Microsoft Azure Sponsorship Enabled aaaaaaaa-bbbb-4a1a-9b26-bac3cb7dcccc
| |
| </source> | |
| | |
| | |
| == Powershell AZModule ==
| |
| <source> | |
| PS C:> Get-InstalledModule -Name Az -AllVersions | select Name,Version
| |
| PS C:> Install-Module -Name Az -AllowClobber
| |
| PS C:> Connect-AzAccount # connect
| |
| </source> | |
| | |
| == VMagent custom script extension ==
| |
| Windows
| |
| <source lang="powershell">
| |
| $fileUri = @("https://xxxxxxx.blob.core.windows.net/buildServer1/1_Add_Tools.ps1",
| |
| "https://xxxxxxx.blob.core.windows.net/buildServer1/2_Add_Features.ps1",
| |
| "https://xxxxxxx.blob.core.windows.net/buildServer1/3_CompleteInstall.ps1")
| |
| | |
| $Settings = @{"fileUris" = $fileUri};
| |
| | |
| $storageaccname = "xxxxxxx"
| |
| $storagekey = "1234ABCD"
| |
| $ProtectedSettings = @{"storageAccountName" = $storageaccname; "storageAccountKey" = $storagekey; "commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File 1_Add_Tools.ps1"};
| |
| | |
| #run command
| |
| Set-AzureRmVMExtension -ResourceGroupName myRG `
| |
| -Location myLocation `
| |
| -VMName myVM `
| |
| -Name "buildserver1" `
| |
| -Publisher "Microsoft.Compute" `
| |
| -ExtensionType "CustomScriptExtension" `
| |
| -TypeHandlerVersion "1.9" `
| |
| -Settings $Settings `
| |
| -ProtectedSettings $ProtectedSettings
| |
| </source>
| |
| [[File:Set-VMAzureCustomScriptExtension_example.PNG|900px|none|left|Set-VMAzureCustomScriptExtension_example]]
| |
| | |
| Linux
| |
| <source lang="bash">
| |
| az vm extension set \
| |
| --resource-group myResourceGroup \
| |
| --vm-name myVM --name customScript \
| |
| --publisher Microsoft.Azure.Extensions \
| |
| --settings ./script-config.json
| |
| </source>
| |
| | |
| == Resources ==
| |
| *[https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows Custom Script for Windows]
| |
| | |
| = Access and login methods =
| |
| == Azure Service Principal ==
| |
| You can give an application access to Azure Stack resources by creating a service principal that uses Azure Resource Manager. A service principal lets you delegate specific permissions using role-based access control.
| |
| Steps
| |
| # Register an app with Azure AD
| |
| # Create identity for the app, this identity is called Service Principle (SP)
| |
| # Alternatively you can use Managed Service Identity (MSI)
| |
| | |
| Eg. If AKS needs to pull an image from ACR it needs permissions to do so. The Service Principal controls the access.
| |
|
| |
|
| = Install az PowerShell module =
| |
| Note <tt>az</tt> replaced <tt>AzureRM</tt> that is backwards compatible but both shouldn't be installed at the same time. [https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azurermps-6.12.0 Official installation guide] might come here very handy. Otherwise follow quick steps:
| |
|
| |
|
| | Install Az module and login to Azure cloud |
| <syntaxhighlightjs lang="PowerShell"> | | <syntaxhighlightjs lang="PowerShell"> |
| # Install | | # Verify |
| C:\> $PSVersionTable.PSVersion #check required version PowerShell 5.x or 6.x | | C:\> $PSVersionTable.PSVersion #check required version PowerShell 5.x or 6.x |
| C:\> Install-Module -Name Az -AllowClobber #admin rights required | | C:\> Get-InstalledModule -Name Az -AllVersions | select Name,Version |
| | Name Version |
| | ---- ------- |
| | Az 4.4.0 |
|
| |
|
| # Sign in | | # Install and import |
| | C:\> Install-Module -Name Az -AllowClobber # admin rights required |
| C:\> Import-Module Az # Import the module into the PowerShell session | | C:\> Import-Module Az # Import the module into the PowerShell session |
| | C:\> Get-Command *az* # List all available PShell commands |
| | |
| | # Login |
| C:\> Connect-AzAccount # Connect to Azure with a browser sign in token | | C:\> Connect-AzAccount # Connect to Azure with a browser sign in token |
| WARNING: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DUNAAABBB | | WARNING: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DAAAAAAAA |
| to authenticate. | | to authenticate. |
|
| |
|
| Line 106: |
Line 32: |
| </syntaxhighlightjs> | | </syntaxhighlightjs> |
|
| |
|
| = List of Vnets = | | == Using the module commands to manage resources == |
| <source lang="bash"> | | <syntaxhighlightjs lang="PowerShell"> |
| $ az network vnet list -o table
| | PS> help New-AzVM |
| # List of VNETs within resource group
| | PS> New-AzVM -Name test-1 -ResourceGroupName 1-149a69-playground-sandbox |
| $ az network vnet list --resource-group infra_rg -o tsv | cut -f9
| | cmdlet New-AzVM at command pipeline position 1 |
| </source>
| | Supply values for the following parameters: |
| = List of all subnets =
| | Credential |
| <source lang="bash">
| | User: devops |
| #!/bin/bash
| | Password for user devops: ********** |
| for ResourceGroup in $(az group list -o tsv | cut -f4); do
| |
| for VNET in $(az network vnet list --resource-group $ResourceGroup -o tsv | cut -f9); do
| |
| echo "### ResourceGroup: $ResourceGroup VNET: $VNET"
| |
| az network vnet subnet list --resource-group $ResourceGroup --vnet-name $VNET -o tsv | cut -f1,9,13 | column -t
| |
| done
| |
| done
| |
| </source>
| |
| = List of SQL servers =
| |
| <source lang="bash">
| |
| # List of Ms.SQL servers
| |
| az sql server list --resource-group infra-euw1 -o tsv | cut -f1,6-10,12-13
| |
|
| |
|
| # List all database servers
| | PS> Get-AzVM |
| for AzureResourceGroup in $(az group list -o tsv | cut -f4); do
| | ResourceGroupName Name Location VmSize OsType NIC ProvisioningState Zone |
| echo "### $VNET ResourceGroup: $AzureResourceGroup"
| | ----------------- ---- -------- ------ ------ --- ----------------- ---- |
| az sql server list --resource-group $AzureResourceGroup -o tsv | cut -f1,6-10,12-13
| | SANDBOX test-1 westus Standard_DS1_v2 Windows test-1 Succeeded |
| done
| | </syntaxhighlightjs> |
|
| |
|
| #List all databases
| | == Install on [https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest Linux] == |
| for AzureResourceGroup in $(az group list -o tsv | cut -f4); do
| | Worked on U20.04 |
| for DbServer in $(az sql server list --resource-group $AzureResourceGroup -o tsv | cut -f1,6-10,12-13); do
| | <syntaxhighlightjs lang="bash"> |
| echo "### Dbserver: $DbServer, ResourceGroup: $AzureResourceGroup"
| | sudo apt-get update |
| az sql db list --resource-group $AzureResourceGroup --server $DbServer
| | sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg |
| done
| |
| done
| |
|
| |
|
| az resource list -o table --query "[?type=='Microsoft.DBforMySQL/servers'].{name:name, group:resourceGroup}"
| | curl -sL https://packages.microsoft.com/keys/microsoft.asc | |
| az resource list -o table | grep 'Microsoft.DBforMySQL/servers'
| | gpg --dearmor | |
| az resource list -o table | grep -i 'sql' | sort -k4
| | sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null |
| </source>
| |
|
| |
|
| = List of Virtual Gateways = | | AZ_REPO=$(lsb_release -cs) |
| <source lang="bash">
| | echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | |
| # List all vpn virtual gateways
| | sudo tee /etc/apt/sources.list.d/azure-cli.list |
| for AzureResourceGroup in $(az group list -o tsv | cut -f4); do
| |
| echo "### $VNET ResourceGroup: $AzureResourceGroup"
| |
| az network vnet-gateway list -g $AzureResourceGroup -o table | grep -ve '---'
| |
| done
| |
| </source>
| |
|
| |
|
| = List scale sets =
| | sudo apt-get update |
| <source lang="bash">
| | sudo apt-get install azure-cli |
| ### VMScaleSets
| |
| # List VMSS
| |
| az vmss list --resource-group client1 -o table
| |
| Name ResourceGroup Location Zones Capacity Overprovision UpgradePolicy
| |
| ----------------------- --------------- ---------- ------- ---------- --------------- ---------------
| |
| client1_external_vmss client1 westeurope 1 2 3 2 True Manual
| |
| client1_internal_vmss client1 westeurope 1 2 3 1 True Manual
| |
| client1_worker_vmss client1 westeurope 1 2 3 1 True Manual
| |
|
| |
|
| # List VMSS instances
| | az login |
| az vmss list-instances --resource-group client1 --name client1_external_vmss -o table | | </syntaxhighlightjs> |
| az vmss nic list -g client1 --vmss-name client1_external_vmss --query [].{ip:ipConfigurations[0].privateIpAddress} -o tsv
| |
| | |
| # Get VMs ip addresses in VMSS sets
| |
| $ cat > list-all-vmss-ips.sh <<'EOF'
| |
| #!/bin/bash
| |
| for AzureResourceGroup in $(az group list -o tsv | cut -f4)
| |
| do
| |
| for vmss in $(az vmss list --resource-group $AzureResourceGroup -o tsv | cut -f4)
| |
| do
| |
| echo "### $VNET ResourceGroup: $AzureResourceGroup ScaleSet: $vmss"
| |
| az vmss nic list -g $AzureResourceGroup --vmss-name $vmss --query [].{ip:ipConfigurations[0].privateIpAddress} -o tsv
| |
| done
| |
| done
| |
| EOF
| |
| </source>
| |
| | |
| = Resources =
| |
| * [https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart Install Azure Cloud Bash shell]
| |
| | |
| [[Category:azure]] [[Category:windows]]
| |
Install Az PowerShell module
Note az replaced AzureRM that is backwards compatible but both shouldn't be installed at the same time. Official installation guide might come here very handy. Otherwise follow quick steps:
Install Az module and login to Azure cloud
<syntaxhighlightjs lang="PowerShell">
- Verify
C:\> $PSVersionTable.PSVersion #check required version PowerShell 5.x or 6.x
C:\> Get-InstalledModule -Name Az -AllVersions | select Name,Version
Name Version
-------
Az 4.4.0
- Install and import
C:\> Install-Module -Name Az -AllowClobber # admin rights required
C:\> Import-Module Az # Import the module into the PowerShell session
C:\> Get-Command *az* # List all available PShell commands
- Login
C:\> Connect-AzAccount # Connect to Azure with a browser sign in token
WARNING: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DAAAAAAAA
to authenticate.
Account : john@example.com
SubscriptionName : Microsoft Azure Sponsorship
SubscriptionId : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
TenantId : bbbbbbbb-cccc-dddd-eeee-ffffffffffff
Environment : AzureCloud
- Update module
C:\> Update-Module -Name Az
</syntaxhighlightjs>
Using the module commands to manage resources
<syntaxhighlightjs lang="PowerShell">
PS> help New-AzVM
PS> New-AzVM -Name test-1 -ResourceGroupName 1-149a69-playground-sandbox
cmdlet New-AzVM at command pipeline position 1
Supply values for the following parameters:
Credential
User: devops
Password for user devops: **********
PS> Get-AzVM
ResourceGroupName Name Location VmSize OsType NIC ProvisioningState Zone
---- -------- ------ ------ --- ----------------- ----
SANDBOX test-1 westus Standard_DS1_v2 Windows test-1 Succeeded
</syntaxhighlightjs>
Install on Linux
Worked on U20.04
<syntaxhighlightjs lang="bash">
sudo apt-get update
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
curl -sL https://packages.microsoft.com/keys/microsoft.asc |
gpg --dearmor |
sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
AZ_REPO=$(lsb_release -cs)
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |
sudo tee /etc/apt/sources.list.d/azure-cli.list
sudo apt-get update
sudo apt-get install azure-cli
az login
</syntaxhighlightjs>