grimoire

personal wiki
git clone git://git.pyratebeard.net/grimoire.git
Log | Files | Refs

commit bb87fc2f4892fd00764182234d504f7af1dd8d47
parent 29bd90794931e829fa1da9e774d1554cccc3e4ef
Author: pyratebeard <root@pyratebeard.net>
Date:   Tue, 13 Nov 2018 15:26:57 +0000

changes

Diffstat:
Mtechnology/cloud/azure.md | 83+++++++++++++++++++++++++++++--------------------------------------------------
1 file changed, 30 insertions(+), 53 deletions(-)

diff --git a/technology/cloud/azure.md b/technology/cloud/azure.md @@ -1,21 +1,11 @@ # azure -[aries](https://aries.ward.ie/x/YgFk) -## toc - - -## ward accounts (keepass) - * dudley@wardazureward.onmicrosoft.com - - non-prod (uat/dev) - * dburrows@warddemo.onmicrosoft.com - - prod - -## personal accounts +## accounts * blahthing@icloud.com * dudleyburrows@ward.ie ## az cli -[docs](https://docs.microsoft.com/en-gb/cli/azure/get-started-with-azure-cli?view=azure-cli-latest) +[docs][] ### useful cmds - show list of resource groups @@ -27,26 +17,12 @@ az resource list -g <group_name> --output table ``` - -create an Ubuntu vm called PP-WRD-TEST01 in the group P-WRD-RGRP on the PP-WRD-VNET vnet with no additional network security group, using username dburrows and public key for ssh -``` -az vm create -g P-WRD-RGRP -n PP-WRD-TEST01 \ ---vnet-name PP-WRG-VNET \ ---nsg "" \ ---image UbuntuLTS \ ---ssh-key-value .ssh/dburrows.pub \ ---admin-username dburrows -``` - -create debian machine with no private ip and in subnet +create debian machine with no public ip and in prebuilt subnet, with tags ``` -az vm create -g P-WRD-WIKI-RGRP -n P-WRD-WIKI-VM01 --vnet-name P-WRD-WIKI-VNET --nsg "" --image Debian --ssh-key-value .ssh/dburrows.pub --admin-username dburrows --tags created-by=dburrows --public-ip-address "" --subnet P-WRD-WIKI-SUBN +az vm create -g my-resource-group -n my-debian-vm --vnet-name my-vnet --nsg "" --image Debian --ssh-key-value .ssh/id_rsa.pub --admin-username pyratebeard --tags created-by=pyratebeard --public-ip-address "" --subnet my-subnet ``` - - - -install the azure cli command `{{az}}` by running the following +install the azure cli command `az` by running the following ``` curl -L https://aka.ms/InstallAzureCLI | bash ``` @@ -63,7 +39,7 @@ az logout then run the login command again. -all the following steps _can_ be run from the portal cli as well as your local machine once you have installed {{az}}. +all the following steps _can_ be run from the portal cli as well as your local machine once you have installed `az`. ### changing subscriptions @@ -79,7 +55,7 @@ az account show then to change subscriptions run ``` -az account set --subscription "Ward MS Partner Account" +az account set --subscription "My Other Subscription" ``` ### show vm images @@ -89,7 +65,7 @@ az image list ### getting started -here is a quick run through of spinning up a [centos](https://www.centos.org/) virtual machine +here is a quick run through of spinning up a [centos][] virtual machine - create resource group ``` @@ -101,14 +77,14 @@ here is a quick run through of spinning up a [centos](https://www.centos.org/) v ``` - create a network rule in an existing security group ``` - az network nsg rule create --resource-group D-TST-RGRP --nsg-name D-TST-NSGP --name allow-ward --description "Allow all traffic from Ward public range" --access Allow --protocol Tcp --direction Inbound --priority 102 --source-address-prefix "93.94.119.240/28" --source-port-range "*" --destination-address-prefix "*" --destination-port-range "*" + az network nsg rule create --resource-group D-TST-RGRP --nsg-name D-TST-NSGP --name allow-access --description "Allow all traffic from my public range" --access Allow --protocol Tcp --direction Inbound --priority 102 --source-address-prefix "97.108.19.240/28" --source-port-range "*" --destination-address-prefix "*" --destination-port-range "*" ``` - create a virtual machine ``` az vm create -g D-TST-RGRP -n D-TST-LAPP01 --image CentOS --generate-ssh-keys ``` -once the VM is successfully created it will output some json. make note of the "publicIpAddress" value, and use this to {{ssh}} to the server. +once the VM is successfully created it will output some json. make note of the "publicIpAddress" value, and use this to `ssh` to the server. ## advanced tools @@ -119,36 +95,36 @@ you can check your current role with the cli. first you need to make a note of t az account show { "environmentName": "AzureCloud", - "id": "b1447c5c-db40-4a01-9fc3-d56a740047b5", + "id": "", "isDefault": true, - "name": "Ward MS Partner Account", + "name": "My Subscription", "state": "Enabled", - "tenantId": "89252e5d-2862-422f-8279-7d0a49e32e6a", + "tenantId": "", "user": { - "name": "dudley@wardazureward.onmicrosoft.com", + "name": "dudley@onmicrosoft.com", "type": "user" } } ``` -copy the value from {{"user": "name":}}, then run the following replacing {{<value>}} with the username (usually an email address) +copy the value from `"user": "name":`, then run the following replacing `<value>` with the username (usually an email address) ``` az role assignment list --assignee <value> [ { - "id": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5/providers/Microsoft.Authorization/roleAssignments/85f38488-d3f3-423b-afb7-77d8cadddd32", - "name": "85f38488-d3f3-423b-afb7-77d8cadddd32", + "id": "/subscriptions/providers/Microsoft.Authorization/roleAssignments/", + "name": "", "properties": { - "principalId": "5ad99088-9605-4a83-843c-71bc51bf53f6", - "principalName": "dudley@wardazureward.onmicrosoft.com", - "roleDefinitionId": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", + "principalId": "", + "principalName": "dudley@onmicrosoft.com", + "roleDefinitionId": "/subscriptions/providers/Microsoft.Authorization/roleDefinitions/", "roleDefinitionName": "Contributor", - "scope": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5" + "scope": "/subscriptions/" }, "type": "Microsoft.Authorization/roleAssignments" } ] ``` -your current role is under {{"properties": "roleDefinitionName":}} +your current role is under `"properties": "roleDefinitionName":` ## show all resources in your subscription ``` @@ -157,13 +133,13 @@ az group list --output table ## deploy a kubernetes cluster -we add the {{aks}} option to manage azure kubernetes services. Currently aks is only available in west europe +we add the `aks` option to manage azure kubernetes services. Currently aks is only available in west europe ``` az group create --name D-K8S-RGRP --location westeurope az aks create --name D-K8S-KCLU --resource-group D-K8S-RGRP --generate-ssh-keys az aks get-credentials --name D-K8S-KCLU --resource-group D-K8S-RGRP az aks browse --name D-K8S-KCLU --resource-group D-K8S-RGRP -az aks show --resource-group dudley-container-demo-rg --name dudley-container-demo-clu --query "servicePrincipalProfile.clientId" --output tsv +az aks show --resource-group pyratebeard-container-demo-rg --name pyratebeard-container-demo-clu --query "servicePrincipalProfile.clientId" --output tsv ``` ## deploy webapp and enable for webhooks @@ -177,7 +153,7 @@ az webapp deployment container show-cd-url -n D-TST-APP-SRV -g D-TST-APP-RG run script tool on VMs (under 'Operation') -## create vpn - [ref1][] +## create vpn - [fortinet_cookbook][] * virtual network * virtual network gateway * local network gateway @@ -189,8 +165,9 @@ run script tool on VMs (under 'Operation') * connect through gateway to website (using peering?) -[auto tagging][] +[auto_tagging][] -## ref -[ref1]: https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-54/ -[auto tagging]: https://gallery.technet.microsoft.com/scriptcenter/Automatically-Azure-fc5f1443 +[centos]: https://www.centos.org/ +[fortinet_cookbook]: https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-54/ +[auto_tagging]: https://gallery.technet.microsoft.com/scriptcenter/Automatically-Azure-fc5f1443 +[docs]: https://docs.microsoft.com/en-gb/cli/azure/get-started-with-azure-cli?view=azure-cli-latest