commit bb87fc2f4892fd00764182234d504f7af1dd8d47
parent 29bd90794931e829fa1da9e774d1554cccc3e4ef
Author: pyratebeard <root@pyratebeard.net>
Date: Tue, 13 Nov 2018 15:26:57 +0000
changes
Diffstat:
1 file changed, 30 insertions(+), 53 deletions(-)
diff --git a/technology/cloud/azure.md b/technology/cloud/azure.md
@@ -1,21 +1,11 @@
# azure
-[aries](https://aries.ward.ie/x/YgFk)
-## toc
-
-
-## ward accounts (keepass)
- * dudley@wardazureward.onmicrosoft.com
- - non-prod (uat/dev)
- * dburrows@warddemo.onmicrosoft.com
- - prod
-
-## personal accounts
+## accounts
* blahthing@icloud.com
* dudleyburrows@ward.ie
## az cli
-[docs](https://docs.microsoft.com/en-gb/cli/azure/get-started-with-azure-cli?view=azure-cli-latest)
+[docs][]
### useful cmds
- show list of resource groups
@@ -27,26 +17,12 @@
az resource list -g <group_name> --output table
```
-
-create an Ubuntu vm called PP-WRD-TEST01 in the group P-WRD-RGRP on the PP-WRD-VNET vnet with no additional network security group, using username dburrows and public key for ssh
-```
-az vm create -g P-WRD-RGRP -n PP-WRD-TEST01 \
---vnet-name PP-WRG-VNET \
---nsg "" \
---image UbuntuLTS \
---ssh-key-value .ssh/dburrows.pub \
---admin-username dburrows
-```
-
-create debian machine with no private ip and in subnet
+create debian machine with no public ip and in prebuilt subnet, with tags
```
-az vm create -g P-WRD-WIKI-RGRP -n P-WRD-WIKI-VM01 --vnet-name P-WRD-WIKI-VNET --nsg "" --image Debian --ssh-key-value .ssh/dburrows.pub --admin-username dburrows --tags created-by=dburrows --public-ip-address "" --subnet P-WRD-WIKI-SUBN
+az vm create -g my-resource-group -n my-debian-vm --vnet-name my-vnet --nsg "" --image Debian --ssh-key-value .ssh/id_rsa.pub --admin-username pyratebeard --tags created-by=pyratebeard --public-ip-address "" --subnet my-subnet
```
-
-
-
-install the azure cli command `{{az}}` by running the following
+install the azure cli command `az` by running the following
```
curl -L https://aka.ms/InstallAzureCLI | bash
```
@@ -63,7 +39,7 @@ az logout
then run the login command again.
-all the following steps _can_ be run from the portal cli as well as your local machine once you have installed {{az}}.
+all the following steps _can_ be run from the portal cli as well as your local machine once you have installed `az`.
### changing subscriptions
@@ -79,7 +55,7 @@ az account show
then to change subscriptions run
```
-az account set --subscription "Ward MS Partner Account"
+az account set --subscription "My Other Subscription"
```
### show vm images
@@ -89,7 +65,7 @@ az image list
### getting started
-here is a quick run through of spinning up a [centos](https://www.centos.org/) virtual machine
+here is a quick run through of spinning up a [centos][] virtual machine
- create resource group
```
@@ -101,14 +77,14 @@ here is a quick run through of spinning up a [centos](https://www.centos.org/) v
```
- create a network rule in an existing security group
```
- az network nsg rule create --resource-group D-TST-RGRP --nsg-name D-TST-NSGP --name allow-ward --description "Allow all traffic from Ward public range" --access Allow --protocol Tcp --direction Inbound --priority 102 --source-address-prefix "93.94.119.240/28" --source-port-range "*" --destination-address-prefix "*" --destination-port-range "*"
+ az network nsg rule create --resource-group D-TST-RGRP --nsg-name D-TST-NSGP --name allow-access --description "Allow all traffic from my public range" --access Allow --protocol Tcp --direction Inbound --priority 102 --source-address-prefix "97.108.19.240/28" --source-port-range "*" --destination-address-prefix "*" --destination-port-range "*"
```
- create a virtual machine
```
az vm create -g D-TST-RGRP -n D-TST-LAPP01 --image CentOS --generate-ssh-keys
```
-once the VM is successfully created it will output some json. make note of the "publicIpAddress" value, and use this to {{ssh}} to the server.
+once the VM is successfully created it will output some json. make note of the "publicIpAddress" value, and use this to `ssh` to the server.
## advanced tools
@@ -119,36 +95,36 @@ you can check your current role with the cli. first you need to make a note of t
az account show
{
"environmentName": "AzureCloud",
- "id": "b1447c5c-db40-4a01-9fc3-d56a740047b5",
+ "id": "",
"isDefault": true,
- "name": "Ward MS Partner Account",
+ "name": "My Subscription",
"state": "Enabled",
- "tenantId": "89252e5d-2862-422f-8279-7d0a49e32e6a",
+ "tenantId": "",
"user": {
- "name": "dudley@wardazureward.onmicrosoft.com",
+ "name": "dudley@onmicrosoft.com",
"type": "user"
}
}
```
-copy the value from {{"user": "name":}}, then run the following replacing {{<value>}} with the username (usually an email address)
+copy the value from `"user": "name":`, then run the following replacing `<value>` with the username (usually an email address)
```
az role assignment list --assignee <value>
[
{
- "id": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5/providers/Microsoft.Authorization/roleAssignments/85f38488-d3f3-423b-afb7-77d8cadddd32",
- "name": "85f38488-d3f3-423b-afb7-77d8cadddd32",
+ "id": "/subscriptions/providers/Microsoft.Authorization/roleAssignments/",
+ "name": "",
"properties": {
- "principalId": "5ad99088-9605-4a83-843c-71bc51bf53f6",
- "principalName": "dudley@wardazureward.onmicrosoft.com",
- "roleDefinitionId": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
+ "principalId": "",
+ "principalName": "dudley@onmicrosoft.com",
+ "roleDefinitionId": "/subscriptions/providers/Microsoft.Authorization/roleDefinitions/",
"roleDefinitionName": "Contributor",
- "scope": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5"
+ "scope": "/subscriptions/"
},
"type": "Microsoft.Authorization/roleAssignments"
}
]
```
-your current role is under {{"properties": "roleDefinitionName":}}
+your current role is under `"properties": "roleDefinitionName":`
## show all resources in your subscription
```
@@ -157,13 +133,13 @@ az group list --output table
## deploy a kubernetes cluster
-we add the {{aks}} option to manage azure kubernetes services. Currently aks is only available in west europe
+we add the `aks` option to manage azure kubernetes services. Currently aks is only available in west europe
```
az group create --name D-K8S-RGRP --location westeurope
az aks create --name D-K8S-KCLU --resource-group D-K8S-RGRP --generate-ssh-keys
az aks get-credentials --name D-K8S-KCLU --resource-group D-K8S-RGRP
az aks browse --name D-K8S-KCLU --resource-group D-K8S-RGRP
-az aks show --resource-group dudley-container-demo-rg --name dudley-container-demo-clu --query "servicePrincipalProfile.clientId" --output tsv
+az aks show --resource-group pyratebeard-container-demo-rg --name pyratebeard-container-demo-clu --query "servicePrincipalProfile.clientId" --output tsv
```
## deploy webapp and enable for webhooks
@@ -177,7 +153,7 @@ az webapp deployment container show-cd-url -n D-TST-APP-SRV -g D-TST-APP-RG
run script tool on VMs (under 'Operation')
-## create vpn - [ref1][]
+## create vpn - [fortinet_cookbook][]
* virtual network
* virtual network gateway
* local network gateway
@@ -189,8 +165,9 @@ run script tool on VMs (under 'Operation')
* connect through gateway to website (using peering?)
-[auto tagging][]
+[auto_tagging][]
-## ref
-[ref1]: https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-54/
-[auto tagging]: https://gallery.technet.microsoft.com/scriptcenter/Automatically-Azure-fc5f1443
+[centos]: https://www.centos.org/
+[fortinet_cookbook]: https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-54/
+[auto_tagging]: https://gallery.technet.microsoft.com/scriptcenter/Automatically-Azure-fc5f1443
+[docs]: https://docs.microsoft.com/en-gb/cli/azure/get-started-with-azure-cli?view=azure-cli-latest
