Archive for the ‘Azure’ Category

In previous post we collected Subscription ID, tenant ID,Client ID and Client secret.Now it’s time to use it.

terraform.tfvars (all sensitive data are stored in this file, it shouldn’t be publicly accessible, here are stored credentials for virtual machine

AZURE_SUBSCRIPTION_ID="some ID"
AZURE_CLIENT_ID="client id"
AZURE_CLIENT_SECRET="secret"
AZURE_TENANT_ID="tenant id"
VM_ADMIN="ja"
VM_PASSWORD="Passw0rd01234!"

vars.tf  (variables are declared in this file)

variable "AZURE_SUBSCRIPTION_ID" {}
variable "AZURE_CLIENT_ID" {}
variable "AZURE_CLIENT_SECRET" {}
variable "AZURE_TENANT_ID" {} 

#to get all sizes:https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-general

variable "vm_size" {
// Get-AzureRmVMSize -Location 'uksouth' | select name, NumberOfCores, MemoryInMB, ResourceDiskSizeInMB | ft
//https://azure.microsoft.com/en-us/documentation/articles/cloud-services-sizes-specs/
//https://azure.microsoft.com/en-gb/documentation/articles/virtual-machines-windows-sizes/
//https://azure.microsoft.com/en-us/pricing/details/virtual-machines/windows/
description = "VM instance size"
default = "Standard_B1ms"
}

variable "vm_image_publisher" {
// Get-AzureRmVMImagePublisher -Location 'uksouth' | Select PublisherName
description = "vm image vendor"
default = "MicrosoftWindowsServer"
}
variable "vm_image_offer" {
//Get-AzureRMVMImageOffer -Location 'uksouth' -Publisher 'MicrosoftWindowsServer' | Select Offer
description = "vm image vendor's VM offering"
default = "WindowsServer"
}

variable "vm_image_sku" {
default = "2016-Datacenter"
}

variable "vm_image_version" {
description = "vm image version"
default = "latest"
}
variable "VM_ADMIN" {
//Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".
}

variable "VM_PASSWORD" {
}

provider.tf (used to connect and authorize terraform agains Azure)

provider "azurerm" {
subscription_id="${var.AZURE_SUBSCRIPTION_ID}"
client_id="${var.AZURE_CLIENT_ID}"
client_secret="${var.AZURE_CLIENT_SECRET}"
tenant_id="${var.AZURE_TENANT_ID}"
}

storage.tf (storage account is defined here)

resource "azurerm_storage_account" "storage_acc" {
name = "mystorageaccount201801"
resource_group_name = "${azurerm_resource_group.res_group.name}"
location = "${azurerm_resource_group.res_group.location}"
account_tier = "Standard"
account_replication_type = "LRS"

tags {
environment = "Storage-Acount-Test"
}
}

rg.tf (resource group is specified here)

resource "azurerm_resource_group" "res_group" {
  name     = "myrg1"
  location = "West Europe"
}

virtual_network.tf-in this file virtual network,public IP and subnets are specified

#Create Public IP

resource "azurerm_public_ip" "datasourceip" {
name = "testPublicIp"
location="${azurerm_resource_group.res_group.location}"
resource_group_name = "${azurerm_resource_group.res_group.name}"
public_ip_address_allocation="dynamic"
}

 

# Create a virtual network within the resource group
resource "azurerm_virtual_network" "my_virt_net" {
name = "production-network"
address_space = ["10.0.0.0/16"]
location = "${azurerm_resource_group.res_group.location}"
resource_group_name = "${azurerm_resource_group.res_group.name}"

}

#create subnets
resource "azurerm_subnet" "test1" {
name = "subnet1"
resource_group_name = "${azurerm_resource_group.res_group.name}"
virtual_network_name="${azurerm_virtual_network.my_virt_net.name}"
address_prefix = "10.0.1.0/24"
}

resource "azurerm_subnet" "test2" {
name = "subnet2"
resource_group_name = "${azurerm_resource_group.res_group.name}"
virtual_network_name="${azurerm_virtual_network.my_virt_net.name}"
address_prefix = "10.0.2.0/24"
}

resource "azurerm_subnet" "test3" {
name = "subnet3"
resource_group_name = "${azurerm_resource_group.res_group.name}"
virtual_network_name="${azurerm_virtual_network.my_virt_net.name}"
address_prefix = "10.0.3.0/24"
}

 

#Create network interface

resource "azurerm_network_interface" "my_int" {
name = "myWindowsServer_NIC"
location = "${azurerm_resource_group.res_group.location}"
resource_group_name = "${azurerm_resource_group.res_group.name}"
#network_security_group_id = "${var.vm_security_group_id}"
ip_configuration {
name = "Server2016"
subnet_id = "${azurerm_subnet.test1.id}"
private_ip_address_allocation = "dynamic"
public_ip_address_id = "${azurerm_public_ip.datasourceip.id}"
}
}

vm.tf – Virtual machine details are specified here, 2 additional disks will be attached

resource "azurerm_managed_disk" "test" {
name = "datadisk_existing"
location="${azurerm_resource_group.res_group.location}"
resource_group_name = "${azurerm_resource_group.res_group.name}"
storage_account_type = "Standard_LRS"
create_option = "Empty"
disk_size_gb = "1023"
}

resource "azurerm_virtual_machine" "test" {
name = "myvm"
location="${azurerm_resource_group.res_group.location}"
resource_group_name = "${azurerm_resource_group.res_group.name}"
network_interface_ids = ["${azurerm_network_interface.my_int.id}"]
vm_size = "Standard_DS1_v2"
delete_os_disk_on_termination = "true"
delete_data_disks_on_termination = "true"

storage_image_reference {
publisher = "${var.vm_image_publisher}"
offer = "${var.vm_image_offer}"
sku = "${var.vm_image_sku}"
version = "${var.vm_image_version}"
}

storage_os_disk {
name = "datadisk_new_2018_01"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type="Standard_LRS"
}

# Adding additional disk 1

storage_data_disk {
name = "datadisk_new"
managed_disk_type = "Standard_LRS"
create_option = "Empty"
lun = 0
disk_size_gb = "1023"
}

#Additional disk 2

storage_data_disk {
name = "${azurerm_managed_disk.test.name}"
managed_disk_id = "${azurerm_managed_disk.test.id}"
create_option = "Attach"
lun = 1
disk_size_gb = "${azurerm_managed_disk.test.disk_size_gb}"
}

#define credentials
os_profile {
computer_name = "SERVER2016"
admin_username = "${var.VM_ADMIN}"
admin_password = "${var.VM_PASSWORD}"
}

os_profile_windows_config {
provision_vm_agent = "true"
enable_automatic_upgrades = "true"
winrm {
protocol = "http"
certificate_url =""
}
}

}

#get public IP
data "azurerm_public_ip" "test" {
name = "${azurerm_public_ip.datasourceip.name}"
resource_group_name = "${azurerm_resource_group.res_group.name}"
depends_on = ["azurerm_virtual_machine.test"]
}

output "ip_address" {
value = "${data.azurerm_public_ip.test.ip_address}"
}

 

1.PNG

 

2.PNG

 

Advertisements

In order for terraform to deploy resources to Azure, it has to be authenticated

Creating Application registration

In Azure portal click Azure Active Directory-App registration-New Application registration

 

1.png

 

Give it name and specify URL

 

2.PNG

After application is created,click on it-settings-Required permissions

 

3.png

Click Add-in Step 1 click on Windows Azure Service Management API

 

4.png

In step 2 click on Access Azure Service Management as organization users (preview)

 

5.PNG

 

Assigning a Role for Terraform App

 

Cost management+Billing-Subscription

 

8.png

 

Click on subscription ID-Access control (IAM)-Add

 

9.png

For role specify Contributor-Assign access to Azure AD user,group,or application-Select terraform application-Save

 

10.PNG

 

Get Azure Subscription ID

Cost management+Billing-Subscription-locate and copy Subscription ID to file

 

11.png

 

Get Azure Client ID

Client ID is in fact Application ID

Azure Active Directory-Enterprise applications-locate terraform application and get ID (copy it to file)

 

 

12.png

 

13.png

 

Get Azure Client Secret

Client Secret is Application key,to get it click Azure Active Directory-App registration-click on terraform application (of you don’t see anything, from drop-down menu select All apps and click on Terraform application

 

14.PNG

Give key a name and select duration-click Save

 

16.PNG

Copy key to file

 

17.PNG

Get Azure Tenant ID

Azure Active Directory-Properties-Directory ID

 

18.png

 

  • Subscription ID
  • Client ID
  • Client Secret
  • and Tenant ID is needed for terraform to connect and authenticate in Azure

Azure Automation

Posted: November 21, 2017 in Azure

Microsoft Azure Automation provides a way to automate the manual, long-running, and frequently repeated tasks.

In this post we’ll automate turning off Azure VM

We first need to create automation account

An Automation account serves as a container of automation components, such as Azure PowerShell modules, scripts, and workflows, or credentials and
certificates used to connect to other Azure services

In Azure portal click New-Monitring + Management-Automation

1

Specify name,check Create Azure Run AS account

2

In account properties click Variables under Shared Resources

3

In values specify VM name

4

Create another variable for resource group

5

6

Creating runbooks

A runbook is a set of tasks that perform some automated process in Azure Automation. It may be a simple process such as starting a virtual machine and creating a log entry, or you may have a complex runbook that combines other smaller runbooks to perform a complex process across multiple resources or even multiple clouds and on-premises environments.It’s based on Windows PowerShell or Windows PowerShell Workflow, so they do anything that PowerShell can do.

In Automation account properties click Runbooks under Process Automation-Add a runbook

7

I imported powershell script which stops Azure VM

workflow Stop-AzureVMs-Workflow
{
$c = Get-AutomationConnection -Name 'AzureRunAsConnection'
Add-AzureRmAccount -ServicePrincipal -Tenant $c.TenantID -ApplicationID $c.ApplicationID -CertificateThumbprint $c.CertificateThumbprint
$vm0 = Get-AutomationVariable -Name 'VM00'
$vm1 = Get-AutomationVariable -Name 'VM01'
$rg = Get-AutomationVariable -Name 'ResourceGroup'
Parallel
{
Stop-AzureRmVM -Name $vm0 -ResourceGroupName $rg -Force
Stop-AzureRmVM -Name $vm1 -ResourceGroupName $rg -Force
}
}

 

8.PNG

 

In runbook properties click Edit

 

9

Click publish

 

10

Click Start

 

11

Click output

 

12

Output from Runbook is shown-VM is shutdown

 

13

 

 

14.PNG

Swarm Azure Container Service

Posted: November 16, 2017 in Azure

In one of my previous posts i described Kubernetes Azure cluster, in this one we’ll create Swarm container.

As i already described in Kubernetes post, we need to create public/private key, so i won’t go into much details here,we need to use PuTTy generator, save private key also.

2.jpg

New-Containers-Azure-Container Service

1.png

Copy public key from PuTTy generator, specify username

3.PNG

4.png

Agent count: For Docker Swarm and Kubernetes, this value is the initial number of agents in the agent scale set. For DC/OS, it is the initial number of agents in a private scale set. Additionally, a public scale set is created for DC/OS, which contains a predetermined number of agents. The number of agents in this public scale set is determined by the number of masters in the cluster: one public agent for one master, and two public agents for three or five masters

After Cluster is installed, we need to get public DNS name, on cluster properties click Overview

5.png

In PuTTY specify this name and port 2200

5-2.PNG

and specify private key saved in same step when creating public key

5-3.PNG

Check Swarm agent configuration:

docker -H 172.16.0.5:2375 info

root@swarm-master-BBDA4078-0:/home/ja# docker -H 172.16.0.5:2375 info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Role: primary
Strategy: spread
Filters: health, port, dependency, affinity, constraint
Nodes: 2
swarm-agent-BBDA4078000000: 10.0.0.4:2375
└ Status: Healthy
└ Containers: 0
└ Reserved CPUs: 0 / 2
└ Reserved Memory: 0 B / 4.036 GiB
└ Labels: executiondriver=, kernelversion=3.19.0-65-generic, operatingsystem=Ubuntu 14.04.4 LTS, storagedriver=overlay
└ Error: (none)
└ UpdatedAt: 2017-11-16T19:45:33Z
swarm-agent-BBDA4078000001: 10.0.0.5:2375
└ Status: Healthy
└ Containers: 0
└ Reserved CPUs: 0 / 2
└ Reserved Memory: 0 B / 4.036 GiB
└ Labels: executiondriver=, kernelversion=3.19.0-65-generic, operatingsystem=Ubuntu 14.04.4 LTS, storagedriver=overlay
└ Error: (none)
└ UpdatedAt: 2017-11-16T19:45:37Z
Plugins:
Volume:
Network:
Log:
Swarm:
NodeID:
Is Manager: false
Node Address:
Kernel Version: 3.19.0-65-generic
Operating System: linux
Architecture: amd64
CPUs: 4
Total Memory: 8.073GiB
Name: 23325e0bd3f7
Docker Root Dir:
Debug Mode (client): false
Debug Mode (server): false
Experimental: false
Live Restore Enabled: false

WARNING: No kernel memory limit support

To avoid specifying target socket (172.16.0.5:2375) every time we’ll set environmental variable

export DOCKER_HOST=172.16.0.5:2375

Deploy web server:

docker run -d -p 80:80 nginx

 

7.PNG

Browse Swarm agent’s Public DNS,it will be used as connection point to our nginx container,in Swarm Cluster properties click on agents,copy public DNS

 

5-1.PNG

And use it for connection to container

6.PNG

Protecting data with Azure Backup

Posted: November 16, 2017 in Azure

Azure Backup is the Azure-based service you can use to back up (or protect) and restore your data in the Microsoft cloud.

In this post we’ll backup data from on-premises to the cloud

First, we need to create backup vault

In Azure portal click New-Storage-Backup and Site Recovery (OMS)

 

2.png

 

Give name to the vault

 

3.PNG

 

After vault is created from All resources-click on vault-Backup

 

4.png

 

Click Prepare infrastructure then click on link to download and install Backup agent

 

5.png

 

After agent is downloaded, on Prepare Infrastructure page, download and install vault credentials from Azure, we’ll need it to configure Backup application we’ve just downloaded

 

6.png

After we installed Azure recovery agent click Proceed to registration

 

7.png

 

On Vault credentials page browse to Vault credentials we just downloaded

 

8.png

Then generate passphrase

 

9.PNG

 

Now it’s time to schedule backup, Click Schedule Backup

 

10

Choose data for backup

 

11.PNG

 

12.PNG

 

 

13.PNG

 

14

After backup schedule is done,click backup now

 

15

 

 

16.PNG

 

I deleted folder i just backed up and initiated restore

 

17.png

 

 

18.PNG

 

19.PNG

Click Mount

 

20.PNG

Then click Browse to see choose what to restore

 

21.png

 

22.PNG

In this post we created Azure Web application and mapped it to our custom domain name,in this one we’ll secure our site with SSL certificate.In real world we should use SSL cert from commercial trusted Certification Authorities, in this example i used self-signed certificate , just for testing purposes.

Create certification request, create file with inf or txt extension

[NewRequest]

Subject = "CN=ASTRAHOME.XYZ"
Exportable = TRUE
KeyLength = 2048
KeySpec = 1
KeyUsage = 0xA0
Provider	Name="Microsoft RSA Channel Cryptographic Provider"
ProviderType = 12
HashAlgorithm = SHA256
RequestType = Cert
ValidityPeriod = Years
ValidityPeriodUnits = 1
MachineKeySet = true
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1

Open CMD as admin and type:

certreq -new ssl.inf ssl.crt

 

1

 

Now open Certificate manager-Computer account

 

2

 

Our certificate should be created under Personal-Certificates

3.PNG

Now, export it:

 

4

Export Private key

5

Select Include all certificates in the certification path if possible

and Export all Extended properties

 

6

And save it somewhere

In Web app properties click SSL Certificates-Upload certificates

 

7

Browse to path where you exported certificate

 

 

9

Click Add binding

 

8

 

Select hostname and certificate,leave SSL type-click Add binding

 

10

 

Because it’s self-signed certificate we get warnings, but we can access to web app using HTTPS access

 

11.PNG

 

 

12.png

 

 

 

 

 

Add Azure public DNS name to your DNS manager (i’m using GoDaddy)
1
Create CNAME record and map it to Azure public DNS name
2
Now introduce Azure about these changes:In Azure Web Application properties click Custom domains-Add hostname-type your domain name (with www part)-Validate-Add hostname
3.png
Try to type http://www.your-dns-name in browser
4.PNG
If we want to remove www part we need to add Azure public IP into our DNS manager (preferably static public IP)
4-1
Create host A record and map Azure public IP to it
4-2
Create TXT record and map it to Azure public DNS name
5
Again, propagate these changes to Azure,same procedure as before:
In Web app properties click custom domains-Add hostname-enter hostname (without WWW part)-Validate-Add hostname
6.png
7
Now, in browser enter http://your-dns-name (without WWW part)
8.PNG