Wilson Mar bio photo

Wilson Mar

Hello. Hire me!

Email me Calendar Skype call 310 320-7878

LinkedIn Twitter Gitter Google+ Instagram Youtube

Github Stackoverflow Pinterest

The basics of how to get into and around the Azure cloud

Overview

This is a step-by-step hands-on approach to getting you up and running on Azure cloud.

  1. Get an email adddress from hotmail.com or outlook.com

    https://signup.live.com/signup

    You’ll need a email address that you can share and transfer to other people.

    PROTIP: Don’t use an email that you use for your own banking, shopping, social media, etc.

    If you’re at a company, you will need to give someone else the password so that if you’re ever “run over a bus”, your organization can continue.

  2. Make up an adult birthdate: 2018 - 22 = 1996

    PROTIP: Write it down for account recovery, such as in a 1Password entry. Also write down the date you created the account.

  3. You’ll need a phone number for 3FA (three Factor Authentication).

    PROTIP: Give Googgle Voice the cell number that you’ve been giving out to people. Then get a new phone number from your cell carrier (Verizon, ATT, etc.). In Google Voice have that new number ring when someone calls you at your original number. Give that new number only to Microsoft. This enables you to transfer that new number to someone else without making your friends wonder where you went.

    PROTIP: It’s best security that for 3FA you use someone else’s phone. But as my wife will tell you this can get annoying if you work while she’s sleeping with her phone next to her.

  4. You’ll need a credit card number.

    Many companies have a company (corporate) credit card.

  5. Pay for a subscription.

    Two Azure portals

Right off the bat, know that Microsoft has been transitioning from the “classic” (older) Azure Service Management (ASM) to the Azure Resource Manager (ARM).

Product Sign-up page Console page
ASM account.windowsazure.com/signup manage.windowsazure.com
ARM azure.com
azure.microsoft.com/en-us/
portal.azure.com

ASM has “Cloud Services” and “Affinity Groups” which is structured with Resource Groups (logical containers) providing a single-resource point-of-view [i.e. manage a single resource at a time]

ARM includes parallelization when creating resources for faster deployment of complex, interdependent solutions. ARM also includes granular access control, and the ability to tag resources with metadata.

Services NOT available in the newer ARM portal:

Also, instead of 2 racks, ARM resources can span 3 racks.

See: Which portal supports each Azure service, listed alphabetically

ASM Sign-up

The older steps to “Create an API gateway and Developer Portal in minutes”:

  1. https://account.windowsazure.com/signup

  2. If you have a BizSpark account, activate the $25/month Azure credit at
    https://myprodscussu1.app.vssubscriptions.visualstudio.com/Dashboard

    NOTE: This can be done by the AZ CLI command “az account create” for those who have a MS-AZR-0017P (EnterpriseAgreement) or MS-AZR-0148P (EnterpriseAgreement devTest).

  3. Verfication by text message or call does not use land-line VOIP phone numbers, only cellular numbers.

  4. Input credit card (even though it’s free).

  5. Click “Start Managing my service” for https://portal.azure.com

ARM Sign-up at Azure.com

  1. If you are not logged in, type azure.com in your browser’s address.

    You’ll get sent to a marketing page such as:
    https://azure.microsoft.com/en-us/?v=17.14

  2. Click the portal link at the upper right corner.

    This redirects you a list of Microsoft accounts that have been used on your computer.

  3. Click the account name (email) you use for Azure.

  4. Enter the password.

    You redirected to various URLs until you land on a URL such as this containing your Tenant ID GUID:

    https://portal.azure.com/#dashboard/private/a7a02378-1e4b-4017-972e-9dfe53bc2b2f

    This is the Dashboard.

ARM Dashboard Tour

At https://portal.azure.com

  1. Click the “hamburger” icon at the upper-left corner for English descriptions of each icon on the left edge.

  2. Click it again. It’s a toggle.

  3. Click the “>” at the lower-left corner to manage which icons appear on the left edge.

  4. Scroll down the long list to get a sense of the categories:

    • GENERAL
    • COMPUTE
    • NETWORKING
    • STORAGE
    • DATABASES
    • INTELLIGENCE + ANALYTICS
    • INTERNET OF THINGS
    • ENTERPRISE INTEGRATION
    • SECURITY + IDENTITY
    • DEVELOPER TOOLS
    • MONITORING + MANAGEMENT
    • ADD-ONS
    • OTHER

  5. Click the star to control items that appear as icons on the left of the page.

  6. Drag an icon and drop it to reorder the icons.

    PROTIP: I drag the “Billing” icon to the top so I manage the money involved.

    BTW, billing is associated with Management Subscriptions with names such as “Pay-as-you-go…”

    Help + Support

  7. Scroll down to click Help + Support (the person icon in blue). Notice the URL change:

    https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview

    Panes that appear on the right are called “blades”.

    Support requests can ALSO be reached another way.

  8. Click the question mark icon at the upper-right corner.

    azure help upper right 220x267

    Notice Support options are also listed behind the smily face icon.

    Moreover, there is also a “Help + Support” box on the Dashboard.

    That’s now 3 places you can find it.

  9. Right-click on the “Help + Support” box on the Dashboard and select “unpin” becuase you now know you can reach it (in two places).

    Keyboard Shortcuts

  10. Click Keyboard shortcuts in the menu.

    BLAH: I have no idea what G means. See:

    https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-keyboard-shortcuts

    Marketplace

  11. Right-click on the “Marketplace” box on the Dashboard and select “unpin” becuase you can reach it this way:

  12. Click on the green + icon for a list in the Marketplace. Additional categories are:

    • Web + Mobile
    • Containers
    • Blockchain

    Click “Web + Mobile” to create a Web App on Azure is a common use case.

  13. Click the X to close a blade.

AZ API

  1. Sign-up for an email to use.

    Account ID and password

  2. Sign-up for a Microsoft Azure account with a password to your email account name.

  3. Use the automation bash script for MacOS at https://github.com/wilsonmar/mac-install-all

    The “mac-install-all.sh” script places a secrets.sh file in your machine’s home folder.

    The script takes care of installing the azure CLI

  4. Edit the file there (not in the repo directory).

TRYOUT “az-vm”

If in the secrets.sh file the TRYOUT string is edited to contain a known value for a module, that would be executed. To execute all modules:

TRYOUT=”az-vm”

To execute only one or a few modules, for example:

TRYOUT=”az-vm”

… the Bash script has been programmed to create an instance using az cli commands rather than manually copied and pasted onto a Azure Cloud Shell instance launched on an internet browser as described (using command+shift+V) at:

https://docs.microsoft.com/en-us/cli/azure/azure-cli-vm-tutorial?view=azure-cli-latest

  • Log in
  • Create a resource group
  • Create a virtual machine
  • Get VM information with queries
  • Set environment variables from CLI output
  • Create the new VM on an existing public subnet (contoso.ws)
  • Verify public access to one-page static page (like isitchristmas.com)
  • Cleanup (remove vm instance if TRYOUT_KEEP is not specified)
  • Display cost of above

Alternately, if in the secrets.sh file the TRYOUT string is edited to contain this:

TRYOUT=”az-func”

This creates an Azure (Serverless) Function, as described in commands listed at:

Azure Functions

The unique aspect of the mac-install-all.sh script is that it does NOT require you to go from screen to screen typing steps by step starting from
https://azure.microsoft.com/en-us/services/functions

The script executes a set of commands for you automatically so you get past the installation and configuration confusion, bringing your laptop to a point where you can work on changing the sample to the app you want. You can then re-run the script, and any changes to the underlying framework would be upgraded if needed.

Since Azure provides a small amount of free time to all accounts each month under their Consumption Plan, you can do several runs each month without spending any cash. See their Pricing.

The “az-func” TRYOUT does all the following:

Account Password > Login > Tenant > Principal > APP_ID > Roles > Template > stop

  1. The script uses this command to log you in:

    az login -u "$AZ_USER" -p "$AZ_PASSWORD"

    If you have not signed up for a subscription, you’ll get an error such as: “No subscriptions were found for ‘None’. If this is expected, use ‘–allow-no-subscriptions’ to have tenant level accesses”

    CAUTION: Logging in online imbues you with a full set of permissions that a login using the az command does not fully possess.

    Tenant ID

  2. Once you have logged in, when you sign up for a Microsoft cloud service, Microsoft assigns to your account a Tenant ID. To obtain it:

    AZ_TENANT=$(az account show --query 'tenantId' -o tsv)

    echo $AZ_TENANT to yield something like: a7a02378-1e4b-4017-972e-9dfe53bc2b2f

    See: Multi-tenant architecture

    Resource groups (RGs) are used for RBAC, Automated Deployments, and Billing/Monitoring purposes.

    az-ad-analogy-480x483-28094

  3. Put the Tenant ID value in the secrets.sh file so that future script runs can check whether that value has already been created.

  4. Also note that before getting here the script created a pem file PROTIP: Create a .pem file from the rsa.pub file named $SSH_USER created for GitHub:

    ssh-keygen -f ~/.ssh/$SSH_USER -m 'PEM' -e > $SSH_USER.pem
    chmod 600 $SSH_USER.pem
    

    This is recommended instead of the alternative of asking Azure to –create-cert in command:

  5. We next Create a Service Principal using Conventions for naming principals under RBAC (role-based access control):

    This Azure CLI (command az) has the subcommand ad (for Active Directory) to create Service Principals (sp’s). We capture the response (in JSON format) in the variable return.

    return=$(az ad sp create-for-rbac --name "$AZ_PRINCIPAL" \
    --role owner \
    --create-cert \
    --query ['fileWithCertAndPrivateKey, appId, tenant]
    )

    This JSON file the command puts in your $HOME folder:

    {
      "appId": "username",
      "displayName": "ServicePrincipalName",
      "name": "http://your app address",
      "password": passkey,
      "tenant": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
    }
    

    The additional –query attribute makes

    The first of three fields (fileWithCertAndPrivateKey) requested in the query is parsed using this command:

    echo return | tr -d "[ ] \" \"" | awk -F, '{ print $1 }'
    

    To obtain the first part of the response, “/user/wisdom/tmpf14zjme.pem”, which is used in subsequent commands.

    AZ_PEM_LOC=”echo return | tr -d “[ ] " "” | awk -F, ‘{ print $2 }’”

    The second item in the query in the command above yields the APP_ID:

    AZ_APP_ID=”echo $return tr -d “[ ] " "” awk -F, ‘{ print $2 }’”

    The third item is the Tenant ID. Both of these are GUIDs.

    The command has additional options:

    az ad sp create-for-rbac -n “lnx” \ –role contributor \ –scopes /subscriptions/ssssssss-ssss-ssss-ssss-ssssssssssss </pre>

    Login for sure

  6. Now we take the NOTE:

    az login –service-principal -u “$AZ_APP_ID” \ -p “$AZ_PEM_LOC” –tenant “$AZ_TENANT”

    https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/api-catalog is the older version of Microsoft Graph at https://developer.microsoft.com/en-us/graph https://dev.office.com/blogs/microsoft-graph-or-azure-ad-graph

    BLAH: The name of the file created contains something like “tmpcgzysdch”, a random set of characters. So the script needs to figure out that file name. Thus we create the pem file and tell Azure.

  7. TODO: Obtain the password text from within the file

    Create a folder $HOME/certs/

  8. Put the contents in a file name containing the value in $AZ_APP_ID, in the $HOME folder so that it won’t have a chance to get pushed to GitHub.

  9. Login using credentials built above:

    az login --service-principal $AZ_PRINCIPAL \
    --username "$AZ_APP_ID" \
    --role owner \
    --tenant "$AZ_TENANT" \
    --password "$HOME/certs/$SSH_USER.pem"
    

    BLAH: The APP_ID and username are the same. Whatever.

  10. Assign a role named “Reader” to the APP ID (username):

    az role assignment create \
    --assignee "$AZ_APP_ID" \
    --role reader
  11. List what resources were assigned to a APP_ID:

    az role assignment list --assignee $AZ_APP_ID

    If your APP_ID has not already been created:

TRYOUT

To specify a module to run (not just install): If in the secrets.sh file the TRYOUT string is edited to contain “az”:

TRYOUT=”az”

QUESTION: limits to total concurrent executions across all functions within a given region to 100?

Batch commands

Azure provides a way to perform the same process on many at once. See: https://docs.microsoft.com/en-us/cli/azure/batch?view=azure-cli-latest

Azure has “Web Jobs” for Azure Functions background jobs.

Videos

Microsoft Azure: The Big Picture 1h 50m Mar 10, 2016 by Matt Milner makes use of VS 2010, which is rather obsolete now.

More on DevOps

This is one of a series on DevOps:

  1. DevOps_2.0
  2. ci-cd (Continuous Integration and Continuous Delivery)
  3. User Stories for DevOps

  4. Git and GitHub vs File Archival
  5. Git Commands and Statuses
  6. Git Commit, Tag, Push
  7. Git Utilities
  8. Data Security GitHub
  9. GitHub API
  10. TFS vs. GitHub

  11. Choices for DevOps Technologies
  12. Java DevOps Workflow
  13. AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)
  14. AWS server deployment options

  15. Cloud regions
  16. AWS Virtual Private Cloud
  17. Azure Cloud Onramp
  18. Azure Cloud
  19. Azure Cloud Powershell
  20. Bash Windows using Microsoft’s WSL (Windows Subystem for Linux)

  21. Digital Ocean
  22. Cloud Foundry

  23. Packer automation to build Vagrant images
  24. Terraform multi-cloud provisioning automation

  25. Powershell Ecosystem
  26. Powershell on MacOS
  27. Powershell Desired System Configuration

  28. Jenkins Server Setup
  29. Jenkins Plug-ins
  30. Jenkins Freestyle jobs
  31. Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile

  32. Dockerize apps
  33. Docker Setup
  34. Docker Build

  35. Maven on MacOSX

  36. Ansible

  37. MySQL Setup

  38. SonarQube static code scan

  39. API Management Microsoft
  40. API Management Amazon

  41. Scenarios for load