Archive for the ‘Azure’ Category

Azure Automation

Posted: November 21, 2017 in Azure

Microsoft Azure Automation provides a way to automate the manual, long-running, and frequently repeated tasks.

In this post we’ll automate turning off Azure VM

We first need to create automation account

An Automation account serves as a container of automation components, such as Azure PowerShell modules, scripts, and workflows, or credentials and
certificates used to connect to other Azure services

In Azure portal click New-Monitring + Management-Automation

1

Specify name,check Create Azure Run AS account

2

In account properties click Variables under Shared Resources

3

In values specify VM name

4

Create another variable for resource group

5

6

Creating runbooks

A runbook is a set of tasks that perform some automated process in Azure Automation. It may be a simple process such as starting a virtual machine and creating a log entry, or you may have a complex runbook that combines other smaller runbooks to perform a complex process across multiple resources or even multiple clouds and on-premises environments.It’s based on Windows PowerShell or Windows PowerShell Workflow, so they do anything that PowerShell can do.

In Automation account properties click Runbooks under Process Automation-Add a runbook

7

I imported powershell script which stops Azure VM

workflow Stop-AzureVMs-Workflow
{
$c = Get-AutomationConnection -Name 'AzureRunAsConnection'
Add-AzureRmAccount -ServicePrincipal -Tenant $c.TenantID -ApplicationID $c.ApplicationID -CertificateThumbprint $c.CertificateThumbprint
$vm0 = Get-AutomationVariable -Name 'VM00'
$vm1 = Get-AutomationVariable -Name 'VM01'
$rg = Get-AutomationVariable -Name 'ResourceGroup'
Parallel
{
Stop-AzureRmVM -Name $vm0 -ResourceGroupName $rg -Force
Stop-AzureRmVM -Name $vm1 -ResourceGroupName $rg -Force
}
}

 

8.PNG

 

In runbook properties click Edit

 

9

Click publish

 

10

Click Start

 

11

Click output

 

12

Output from Runbook is shown-VM is shutdown

 

13

 

 

14.PNG

Advertisements

Swarm Azure Container Service

Posted: November 16, 2017 in Azure

In one of my previous posts i described Kubernetes Azure cluster, in this one we’ll create Swarm container.

As i already described in Kubernetes post, we need to create public/private key, so i won’t go into much details here,we need to use PuTTy generator, save private key also.

2.jpg

New-Containers-Azure-Container Service

1.png

Copy public key from PuTTy generator, specify username

3.PNG

4.png

Agent count: For Docker Swarm and Kubernetes, this value is the initial number of agents in the agent scale set. For DC/OS, it is the initial number of agents in a private scale set. Additionally, a public scale set is created for DC/OS, which contains a predetermined number of agents. The number of agents in this public scale set is determined by the number of masters in the cluster: one public agent for one master, and two public agents for three or five masters

After Cluster is installed, we need to get public DNS name, on cluster properties click Overview

5.png

In PuTTY specify this name and port 2200

5-2.PNG

and specify private key saved in same step when creating public key

5-3.PNG

Check Swarm agent configuration:

docker -H 172.16.0.5:2375 info

root@swarm-master-BBDA4078-0:/home/ja# docker -H 172.16.0.5:2375 info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Role: primary
Strategy: spread
Filters: health, port, dependency, affinity, constraint
Nodes: 2
swarm-agent-BBDA4078000000: 10.0.0.4:2375
└ Status: Healthy
└ Containers: 0
└ Reserved CPUs: 0 / 2
└ Reserved Memory: 0 B / 4.036 GiB
└ Labels: executiondriver=, kernelversion=3.19.0-65-generic, operatingsystem=Ubuntu 14.04.4 LTS, storagedriver=overlay
└ Error: (none)
└ UpdatedAt: 2017-11-16T19:45:33Z
swarm-agent-BBDA4078000001: 10.0.0.5:2375
└ Status: Healthy
└ Containers: 0
└ Reserved CPUs: 0 / 2
└ Reserved Memory: 0 B / 4.036 GiB
└ Labels: executiondriver=, kernelversion=3.19.0-65-generic, operatingsystem=Ubuntu 14.04.4 LTS, storagedriver=overlay
└ Error: (none)
└ UpdatedAt: 2017-11-16T19:45:37Z
Plugins:
Volume:
Network:
Log:
Swarm:
NodeID:
Is Manager: false
Node Address:
Kernel Version: 3.19.0-65-generic
Operating System: linux
Architecture: amd64
CPUs: 4
Total Memory: 8.073GiB
Name: 23325e0bd3f7
Docker Root Dir:
Debug Mode (client): false
Debug Mode (server): false
Experimental: false
Live Restore Enabled: false

WARNING: No kernel memory limit support

To avoid specifying target socket (172.16.0.5:2375) every time we’ll set environmental variable

export DOCKER_HOST=172.16.0.5:2375

Deploy web server:

docker run -d -p 80:80 nginx

 

7.PNG

Browse Swarm agent’s Public DNS,it will be used as connection point to our nginx container,in Swarm Cluster properties click on agents,copy public DNS

 

5-1.PNG

And use it for connection to container

6.PNG

Protecting data with Azure Backup

Posted: November 16, 2017 in Azure

Azure Backup is the Azure-based service you can use to back up (or protect) and restore your data in the Microsoft cloud.

In this post we’ll backup data from on-premises to the cloud

First, we need to create backup vault

In Azure portal click New-Storage-Backup and Site Recovery (OMS)

 

2.png

 

Give name to the vault

 

3.PNG

 

After vault is created from All resources-click on vault-Backup

 

4.png

 

Click Prepare infrastructure then click on link to download and install Backup agent

 

5.png

 

After agent is downloaded, on Prepare Infrastructure page, download and install vault credentials from Azure, we’ll need it to configure Backup application we’ve just downloaded

 

6.png

After we installed Azure recovery agent click Proceed to registration

 

7.png

 

On Vault credentials page browse to Vault credentials we just downloaded

 

8.png

Then generate passphrase

 

9.PNG

 

Now it’s time to schedule backup, Click Schedule Backup

 

10

Choose data for backup

 

11.PNG

 

12.PNG

 

 

13.PNG

 

14

After backup schedule is done,click backup now

 

15

 

 

16.PNG

 

I deleted folder i just backed up and initiated restore

 

17.png

 

 

18.PNG

 

19.PNG

Click Mount

 

20.PNG

Then click Browse to see choose what to restore

 

21.png

 

22.PNG

In this post we created Azure Web application and mapped it to our custom domain name,in this one we’ll secure our site with SSL certificate.In real world we should use SSL cert from commercial trusted Certification Authorities, in this example i used self-signed certificate , just for testing purposes.

Create certification request, create file with inf or txt extension

[NewRequest]

Subject = "CN=ASTRAHOME.XYZ"
Exportable = TRUE
KeyLength = 2048
KeySpec = 1
KeyUsage = 0xA0
Provider	Name="Microsoft RSA Channel Cryptographic Provider"
ProviderType = 12
HashAlgorithm = SHA256
RequestType = Cert
ValidityPeriod = Years
ValidityPeriodUnits = 1
MachineKeySet = true
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1

Open CMD as admin and type:

certreq -new ssl.inf ssl.crt

 

1

 

Now open Certificate manager-Computer account

 

2

 

Our certificate should be created under Personal-Certificates

3.PNG

Now, export it:

 

4

Export Private key

5

Select Include all certificates in the certification path if possible

and Export all Extended properties

 

6

And save it somewhere

In Web app properties click SSL Certificates-Upload certificates

 

7

Browse to path where you exported certificate

 

 

9

Click Add binding

 

8

 

Select hostname and certificate,leave SSL type-click Add binding

 

10

 

Because it’s self-signed certificate we get warnings, but we can access to web app using HTTPS access

 

11.PNG

 

 

12.png

 

 

 

 

 

Add Azure public DNS name to your DNS manager (i’m using GoDaddy)
1
Create CNAME record and map it to Azure public DNS name
2
Now introduce Azure about these changes:In Azure Web Application properties click Custom domains-Add hostname-type your domain name (with www part)-Validate-Add hostname
3.png
Try to type http://www.your-dns-name in browser
4.PNG
If we want to remove www part we need to add Azure public IP into our DNS manager (preferably static public IP)
4-1
Create host A record and map Azure public IP to it
4-2
Create TXT record and map it to Azure public DNS name
5
Again, propagate these changes to Azure,same procedure as before:
In Web app properties click custom domains-Add hostname-enter hostname (without WWW part)-Validate-Add hostname
6.png
7
Now, in browser enter http://your-dns-name (without WWW part)
8.PNG

Azure Container Service for Kubernetes

Posted: November 4, 2017 in Azure

Azure Container Service for Kubernetes is used to create, configure, and manage a cluster of virtual machines that are preconfigured to run containerized applications.

Before starting creating Azure Container Cluster (ACS) we need first to create Service Principal Client ID and password

We can either using Azure CLI for Windows or using Azure CLI from Azure portal

0.png

az account set --subscription "subscription-id"
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/mySubscriptionID"

Now create ssh-keys, (i used PuTTY)

Start PuTTY generator and save private Key (will be used for connecting to Kubernetes),leave PuTTY generator opened

4.PNG

From Azure portal click New-Containers-Azure Container Service

1.png

Specify name and resource group

2.PNG

Specify Kubernetes as Orchestrator

3.png

Set username, copy SSH public key from PuTTY Key Generator and ID and password from Azure CLI (generated in first step)

6.PNG

5

Connecting to Cluster

Again, i used PuTTY

Connection-SSH-Auth-browse for saved private keys

9

Specify DNS cluster name

7.PNG

Test connectivity to the ACS Kubernetes cluster,

kubectl get nodes

10.PNG

Deploy container to Azure Cluster

kubectl run nginx-test --image=nginx --replicas=1 --port=80

Check container is deployed:

kubectl get deployment

11.PNG

Make the container available from Internet

kubectl expose deployment nginx-test –port=80 –type=LoadBalancer

NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.0.0.1  443/TCP 25m
nginx-test 10.0.30.9  80:30495/TCP 12s

Check the public IP address has been provisioned:

kubectl get services
NAME               CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE
NAME               CLUSTER-IP    EXTERNAL-IP    PORT(S)        AGE
kubernetes         10.0.0.1               443/TCP        25m
nginx-test         10.0.30.9           80:30495/TCP   12s

It takes some time to get Public IP, run get services until “pending” disappear

NAME               CLUSTER-IP    EXTERNAL-IP    PORT(S)        AGE
kubernetes         10.0.0.1               443/TCP        21m
nginx-test         10.0.30.9     13.81.216.198   80:30495/TCP   2m

Test connectivity

12.PNG

Scale out container

kubectl scale --replicas=2 deployment/nginx-test
2017-11-04 15:14:37.535906 I | proto: duplicate proto type registered: google.protobuf.Any
2017-11-04 15:14:37.535967 I | proto: duplicate proto type registered: google.protobuf.Duration
2017-11-04 15:14:37.535984 I | proto: duplicate proto type registered: google.protobuf.Timestamp
deployment "nginx-test" scaled

Check another container instance is created:

kubectl get pods
NAME                         READY     STATUS    RESTARTS   AGE
nginx-test-861205578-ghpd9   1/1       Running   0          49s
nginx-test-861205578-lh32t   1/1       Running   0          4m

To remove deployments type

kubectl delete deployment nginx-test</pre>

Implementing Azure Container Registry

Posted: November 2, 2017 in Azure

Container registry is “store” for container images (I already touched this topic before)

In Azure new-Containers-Azure Container Registry

1

Enable Admin user (this allows you to use the registry name as username and admin user access key as password to docker login to the registry)

2.png

In access key section we can see username/password

3

Install docker for Windows 

1.png

And login to newly created Azure registry (use credentials from Access Keys section)

4

docker login --username user --password password mytestazureregistry.azurecr.io

I searched for windows images

5

and installed one of them,because this image doesn’t exists in our registry it will be downloaded from docker hub

docker pull microsoft/azure-cli
Using default tag: latest
latest: Pulling from microsoft/azure-cli
9f0706ba7422: Pull complete
99b6c0e3989b: Pull complete
35e890954c0c: Pull complete
7c081089dee1: Pull complete
Digest: sha256:4e84d954e3b7adecf3b5085d8baba32409fbe8b51d511a2bb2f2bc545531cfdb
Status: Downloaded newer image for microsoft/azure-cli:latest

I removed image:

docker rmi microsoft/azure-cli -f
Untagged: microsoft/azure-cli:latest
Untagged: microsoft/azure-cli@sha256:4e84d954e3b7adecf3b5085d8baba32409fbe8b51d511a2bb2f2bc545531cfdb

And i installed it again

docker pull microsoft/azure-cli
Using default tag: latest
latest: Pulling from microsoft/azure-cli
Digest: sha256:4e84d954e3b7adecf3b5085d8baba32409fbe8b51d511a2bb2f2bc545531cfdb
Status: Image is up to date for microsoft/azure-cli:latest

Because this time image is already stored in registry it takes less time to deploy

docker run -it microsoft/azure-cli
root@29f1f01b49e4:/# ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

To leave container running press CTL+Q or CTRL+P