Wilson Mar bio photo

Wilson Mar

Hello!

Calendar YouTube Github

LinkedIn

Do anything you want!

US (English)   Norsk (Norwegian)   Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Estonian   اَلْعَرَبِيَّةُ (Egypt Arabic)   Napali   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean

Overview

This tutorial describes the install and coding of automation within the Azure cloud, using PowerShell, CLI, ARM templates in JSON, etc.

This is one of a series about Azure on my blog:

  • Azure Onramp (obtaining accounts)
  • Azure PowerShell install and coding
  • Azure CLI install and coding
  • Azure-specific Automation
  • Azure Compute (VM)
  • Azure Storage
  • Azure Functions (Serverless)
  • Azure Monitoring


MacOS Install

  1. Install PowerShell as described on my blog:

    wilsonmar.github.io/powershell-install-coding

  2. These if errors below:

    Update NuGet
    Install-PackageProvider -Name NuGet -Force
    Exit
    
    Update PowerShellGet
    Install-Module -Name PowerShellGet -Force
    Exit
    

    Install PowerShell Scripts

    Run from the Powershell Gallery the Workflow to Download All Gallery Modules:

  3. Click the “Deploy” button or:

    Install-Script -Name Download-AllGalleryModules
    

    Response:

    Untrusted repository
    You are installing the scripts from an untrusted repository. If you trust
    this repository, change its InstallationPolicy value by running the
    Set-PSRepository cmdlet. Are you sure you want to install the scripts from
    'PSGallery'?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
    
  4. Press A to accept install of all modules from an untrusted source.

    BLAH: Response: See https://github.com/Azure/azure-powershell/issues/11772

    Install-Package: /usr/local/microsoft/powershell/7/Modules/PowerShellGet/PSModule.psm1:10044                             Line 10044 |
       | … talledPackages = PackageManagement\Install-Package @PSBoundParameters
       | The specified script file
       | '/var/folders/r7/_4wzn4hn6yb2xxlms995lnkc0000gn/T/1269304408/Download-AllGalleryModules.0.1.0/Download-AllGalleryModules.ps1' has parse errors, try again after fixing the parse errors.
    
  5. Click the “Deploy” button. You should see Azure’s Custon Deployment bolt with Parameters:

  6. Type in for new Resource Group name “Download-AllGalleryModules”.
  7. Click Create to see error icons.
  8. Click Edit parameters.
  9. Select your Resource group location (such as “East US 2”).
  10. Click Review legal terms then click Purchase.
  11. Click Create.

PowerShell Prompt

To specify a carriage return and new line, instead of the \n on Linux, on PowerShell we use the back-tick key in rn.

I use that to customize my PowerShell prompt to be at the same location every time.

  1. There are <a target=”_blank” href=”https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-7.1”“>several profile .ps1 files</a>. For a list of them, within PowerShell:

    $PROFILE | Get-Member -Type NoteProperty
  2. To test whether a file has been created:

    Test-Path -Path $PROFILE.AllUsersAllHosts

  3. On a Mac, edit the ~/.profile file (which is automatically run when PowerShell is started) to add my custom prompt:

    function Prompt
    {
    $env:COMPUTERNAME + "`r`n  $(Get-Date) " + (Get-Location) + "`r`n> "
    }
    

The PowerShell $PSHOME folder is different depending on operating system:


CLI AZ Versions & Upgrade

  1. List Azure Verbs

    az
    

    Response:

    Welcome to the cool new Azure CLI!
  2. List Azure version:

    az --version
    
    azure-cli                         2.19.1 *
    core                              2.19.1 *
    telemetry                          1.0.6
    Extensions:
    azure-cli-iot-ext                  0.8.7
    Python location '/usr/local/Cellar/azure-cli/2.19.1/libexec/bin/python'
    Extensions directory '/Users/wilson_mar/.azure/cliextensions'
    Python (Darwin) 3.8.8 (default, Feb 21 2021, 08:26:42) 
    [Clang 12.0.0 (clang-1200.0.32.29)]
    Legal docs and information: aka.ms/AzureCliLegal
    You have 2 updates available. Consider updating your CLI installation with 'az upgrade'
     
    Please let us know how we are doing: https://aka.ms/azureclihats
    and let us know if you're interested in trying out our newest features: https://aka.ms/CLIUXstudy
    
  3. Upgrade Azure:

    az upgrade
    
    This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
    Your current Azure CLI version is 2.19.1. Latest version available is 2.20.0.
    Please check the release notes first: https://docs.microsoft.com/cli/azure/release-notes-azure-cli
    
  4. List Regions = Locations with Providers:

    $FormatEnumerationLimit=-1 
     Get-AzLocation
    

    PROTIP: The format command expands elipsis (…) See https://greiginsydney.com/viewing-truncated-powershell-output/

    Location    : eastasia
    DisplayName : East Asia
    Providers   : {Microsoft.Security, 84codes.CloudAMQP, LiveArena.Broadcast, Microsoft.AAD…}
    

Install for ARM Declarative Templates

declarative syntax are defined in Resource Manager templates used by ARM to enable infrastructure configurations to be defined (much like Puppet).


Install Azure Module

  1. Within pwsh :

    Install-Module -Name Az -AllowClobber
  2. Type A to respond:

    Untrusted repository
    You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you 
    want to install the modules from 'PSGallery'?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): 
    

    Azure .NET Core Deprecated

NOTE: We don’t use “AzureRM….” modules/commands any more.

  1. Establish admin rights on MacOS:

    sudo -v

  2. Install Azure PowerShell for .NET Core:

    Install-Module AzureRM.NetCore

    No response is expected when successful.

  3. Load the module into your PowerShell session. Modules are loaded using the Import-Module cmdlet:

    Import-Module AzureRM.Netcore
    WARNING: AzureRM.Netcore has been deprecated.  Use the 'Az' module instead.  The 'Az' module is avalable from the PSGallery https://www.powershellgallery.com/packages/Az/. You can find information about getting started with 'Az' at https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az. To uninstall AzureRM.Netcore you can use the provided 'Uninstall-AzureRMNetcore' cmdlet.
    

    http://www.signalwarrant.com/automate-creating-lab-virtual-machines-in-azure-with-powershell/

    Azure Environments (Clouds)

    READ:

  4. Get a list of Resoure Manager Environments available:

    Get-AzureRmEnvironment | Select-Object Name

    Sample response:

    AzureCloud
    AzureChinaCloud
    AzureUSGovernment
    AzureGermanCloud
    
  5. Create an Azure Service Principal if you don’t have one

    READ:

  6. Get your TenantId from your subscription after logging in interactively:

    Get-AzureRmSubscription

    CAUTION: This sample response exposes senstive information:

    Environment           : AzureCloud
    Account               : username@contoso.com
    TenantId              : XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
    SubscriptionId        : XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
    SubscriptionName      : My Production Subscription
    CurrentStorageAccount :
    
  7. Get the dialog box asking for your Azure credentials to login interactively at https://aka.ms/devicelogin:

    Login-AzureRmAccount -EnvironmentName AzureCloud

    Alternately, login by specifying an Azure Service Principle:

    Login-AzureRmAccount -ServicePrincipal -ApplicationId “http://my-app” -Credential $pscredential -TenantId $tenantid

    PROTIP: Some put the above command in a command file with a short name.

  8. Pop-up help for a command to a different window for multiple windows:

    help Get-AzureSubscription -ShowWindow
    

Alternative automation

VIDEO

Pulumi

Pulumi enables programmatic access to Azure in JavaScript for use by application-building devs.

Pulumi does not generate templates.

Azure Bicep

is an ARM DSL developed by the Azure team like Terraform

Farmer

Use simplified “.fs” DSL code that runs to spit out ARM template JSON files.

  1. In the folder containing the .fs file you want to run:

    dotnet run

https://compositionalit.github.io/farmer/

https://github.com/compositionalit/farmer


Sign Into Azure

zzz

Connect-AzAccount with credentials

  1. Obtain a browser URL to sign into your Azure account:

    Connect-AzAccount

    or

    Connect-AzureRmAccount

    Alternately, to get prompted in the CLI:

    Login-AzAccount -Credential (Get-Credential)

    Response:

    PowerShell credential request
    Enter your credentials.
    User: 
    
  2. On your default browser, pick (click on) the Microsoft account you want

    Authentication complete. You can return to the application. Feel free to close this browser tab.
  3. Switch back to the Terminal to see Account (email), SubscriptionName, TenantId (GUI), Environment (“AzureCloud”)

  4. See https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az?view=azps-5.6.0

Authenticate into Azure Cloud

  1. The easiest way:

    az login
    

    The response:

    The default web browser has been opened at https://login.microsoftonline.com/common/oauth2/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.
    
  2. Pick an account in your default internet browser.
  3. If you have MFA, answer it.
  4. You should see on the browser:

    You have logged into Microsoft Azure!
    You can close this window, or we will redirect you to the Azure CLI documents in 10 seconds.
    

    The URL to Azure CLI documents is:

    https://docs.microsoft.com/en-us/cli/azure

  5. Switch back to the CLI (on macOS: press command+tab).

Resources

  1. doc.microsoft.com: What is PowerShell?

  2. Pluralsight VIDEO: “PowerShell 7.0.3: Getting Started” 3h 4m 14 Sep 2020 by Michael Bender (@MichaelBender, itsallgeek2mike.com)

  3. https://docs.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app

  4. https://www.oneidentity.com/products/active-roles/

    Generate a visual diagram

  5. Use VSCode “ARM Viewer” to generate a visual diagram

    VIDEO: Generate an Architecture Diagramusing diagrams.net

    https://rules.ssw.com.au/architecture-diagram

    https://rules.ssw.com.au/azure-resources-diagram

    https://rules.ssw.com.au/azure-resources-creating

More on DevSecOps

This is one of a series on DevSecOps:

  1. DevOps_2.0
  2. ci-cd (Continuous Integration and Continuous Delivery)
  3. User Stories for DevOps
  4. Enterprise Software)

  5. Git and GitHub vs File Archival
  6. Git Commands and Statuses
  7. Git Commit, Tag, Push
  8. Git Utilities
  9. Data Security GitHub
  10. GitHub API
  11. TFS vs. GitHub

  12. Choices for DevOps Technologies
  13. Pulumi Infrastructure as Code (IaC)
  14. Java DevOps Workflow
  15. Okta for SSO & MFA

  16. AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)
  17. AWS server deployment options
  18. AWS Load Balancers

  19. Cloud services comparisons (across vendors)
  20. Cloud regions (across vendors)
  21. AWS Virtual Private Cloud

  22. Azure Cloud Onramp (Subscriptions, Portal GUI, CLI)
  23. Azure Certifications
  24. Azure Cloud

  25. Azure Cloud Powershell
  26. Bash Windows using Microsoft’s WSL (Windows Subsystem for Linux)
  27. Azure KSQL (Kusto Query Language) for Azure Monitor, etc.

  28. Azure Networking
  29. Azure Storage
  30. Azure Compute
  31. Azure Monitoring

  32. Digital Ocean
  33. Cloud Foundry

  34. Packer automation to build Vagrant images
  35. Terraform multi-cloud provisioning automation
  36. Hashicorp Vault and Consul to generate and hold secrets

  37. Powershell Ecosystem
  38. Powershell on MacOS
  39. Powershell Desired System Configuration

  40. Jenkins Server Setup
  41. Jenkins Plug-ins
  42. Jenkins Freestyle jobs
  43. Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile

  44. Docker (Glossary, Ecosystem, Certification)
  45. Make Makefile for Docker
  46. Docker Setup and run Bash shell script
  47. Bash coding
  48. Docker Setup
  49. Dockerize apps
  50. Docker Registry

  51. Maven on MacOSX

  52. Ansible
  53. Kubernetes Operators
  54. OPA (Open Policy Agent) in Rego language

  55. MySQL Setup

  56. Threat Modeling
  57. SonarQube & SonarSource static code scan

  58. API Management Microsoft
  59. API Management Amazon

  60. Scenarios for load
  61. Chaos Engineering