azure.md (5359B)
1 # azure 2 3 ## az cli 4 [docs][] 5 6 ### useful cmds 7 - show list of resource groups 8 ``` 9 az group list --output table 10 ``` 11 - list resources in a resource group 12 ``` 13 az resource list -g <group_name> --output table 14 ``` 15 16 create debian machine with no public ip and in prebuilt subnet, with tags 17 ``` 18 az vm create -g my-resource-group -n my-debian-vm --vnet-name my-vnet --nsg "" --image Debian --ssh-key-value .ssh/id_rsa.pub --admin-username pyratebeard --tags created-by=pyratebeard --public-ip-address "" --subnet my-subnet 19 ``` 20 21 install the azure cli command `az` by running the following 22 ``` 23 curl -L https://aka.ms/InstallAzureCLI | bash 24 ``` 25 26 once installed login in to your account with 27 ``` 28 az login 29 ``` 30 31 to switch to a different account run 32 ``` 33 az logout 34 ``` 35 36 then run the login command again. 37 38 all the following steps _can_ be run from the portal cli as well as your local machine once you have installed `az`. 39 40 ### changing subscriptions 41 42 check your subscriptions 43 ``` 44 az account list --output table 45 ``` 46 47 show which subscription you're currently using 48 ``` 49 az account show 50 ``` 51 52 then to change subscriptions run 53 ``` 54 az account set --subscription "My Other Subscription" 55 ``` 56 57 ### show vm images 58 ``` 59 az image list 60 ``` 61 62 ### getting started 63 64 here is a quick run through of spinning up a [centos][] virtual machine 65 66 - create resource group 67 ``` 68 az group create --name D-TST-RGRP --location northeurope 69 ``` 70 - create Network Security Group 71 ``` 72 az network nsg create --resource-group D-TST-RGRP --name D-TST-LAPP01 73 ``` 74 - create a network rule in an existing security group 75 ``` 76 az network nsg rule create --resource-group D-TST-RGRP --nsg-name D-TST-NSGP --name allow-access --description "Allow all traffic from my public range" --access Allow --protocol Tcp --direction Inbound --priority 102 --source-address-prefix "97.108.19.240/28" --source-port-range "*" --destination-address-prefix "*" --destination-port-range "*" 77 ``` 78 - create a virtual machine 79 ``` 80 az vm create -g D-TST-RGRP -n D-TST-LAPP01 --image CentOS --generate-ssh-keys 81 ``` 82 83 once the VM is successfully created it will output some json. make note of the "publicIpAddress" value, and use this to `ssh` to the server. 84 85 ## advanced tools 86 87 the following are a collection of tools which have been played around with. some of these tools may require escalated privileges which your account may not have. if you are unable to action anything and really desperately need to then speak to one of the azure admins. 88 89 you can check your current role with the cli. first you need to make a note of the username for the subscription you're using 90 ``` 91 az account show 92 { 93 "environmentName": "AzureCloud", 94 "id": "", 95 "isDefault": true, 96 "name": "My Subscription", 97 "state": "Enabled", 98 "tenantId": "", 99 "user": { 100 "name": "dudley@onmicrosoft.com", 101 "type": "user" 102 } 103 } 104 ``` 105 copy the value from `"user": "name":`, then run the following replacing `<value>` with the username (usually an email address) 106 ``` 107 az role assignment list --assignee <value> 108 [ 109 { 110 "id": "/subscriptions/providers/Microsoft.Authorization/roleAssignments/", 111 "name": "", 112 "properties": { 113 "principalId": "", 114 "principalName": "dudley@onmicrosoft.com", 115 "roleDefinitionId": "/subscriptions/providers/Microsoft.Authorization/roleDefinitions/", 116 "roleDefinitionName": "Contributor", 117 "scope": "/subscriptions/" 118 }, 119 "type": "Microsoft.Authorization/roleAssignments" 120 } 121 ] 122 ``` 123 your current role is under `"properties": "roleDefinitionName":` 124 125 ## show all resources in your subscription 126 ``` 127 az group list --output table 128 ``` 129 130 ## deploy a kubernetes cluster 131 132 we add the `aks` option to manage azure kubernetes services. Currently aks is only available in west europe 133 ``` 134 az group create --name D-K8S-RGRP --location westeurope 135 az aks create --name D-K8S-KCLU --resource-group D-K8S-RGRP --generate-ssh-keys 136 az aks get-credentials --name D-K8S-KCLU --resource-group D-K8S-RGRP 137 az aks browse --name D-K8S-KCLU --resource-group D-K8S-RGRP 138 az aks show --resource-group pyratebeard-container-demo-rg --name pyratebeard-container-demo-clu --query "servicePrincipalProfile.clientId" --output tsv 139 ``` 140 141 ## deploy webapp and enable for webhooks 142 ``` 143 az group create --name webapp-rg -l northeurope 144 az appservice plan create -g webapp-rg -n webapp-srvplan --is-linux 145 az webapp create -g webapp-rg -p webapp-srvplan -n webapp -i pyratebeard/container-webhook-demo 146 az webapp deployment container config -n webapp -g webapp-rg --enable-cd true 147 az webapp deployment container show-cd-url -n D-TST-APP-SRV -g D-TST-APP-RG 148 ``` 149 150 run script tool on VMs (under 'Operation') 151 152 ## create vpn - [fortinet_cookbook][] 153 * virtual network 154 * virtual network gateway 155 * local network gateway 156 * public ip 157 * connection (under virtual network gateway) 158 * vpn not coming up in fortigate 159 * running network watcher troubleshooting 160 * need to add address space to connection 161 * connect through gateway to website (using peering?) 162 163 164 [auto_tagging][] 165 166 [centos]: https://www.centos.org/ 167 [fortinet_cookbook]: https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-54/ 168 [auto_tagging]: https://gallery.technet.microsoft.com/scriptcenter/Automatically-Azure-fc5f1443 169 [docs]: https://docs.microsoft.com/en-gb/cli/azure/get-started-with-azure-cli?view=azure-cli-latest