Wilson Mar bio photo

Wilson Mar

Hello!

Email me Calendar Skype call

LinkedIn Twitter Gitter Instagram Youtube

Github Stackoverflow Pinterest

Do anything you want!

US (English)   Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Cyrillic Russian   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean

Overview

This tutorial describes the install and coding of automation within the Azure cloud, using PowerShell, CLI, ARM templates in JSON, etc.

This is one of a series about Azure on my blog:

  • Azure Onramp (obtaining accounts)
  • Azure PowerShell install and coding
  • Azure CLI install and coding
  • Azure-specific Automation
  • Azure Compute (VM)
  • Azure Storage
  • Azure Functions (Serverless)
  • Azure Monitoring


MacOS Install

  1. Install PowerShell as described on my blog:

    wilsonmar.github.io/powershell-install-coding

  2. These if errors below:

    Update NuGet
    Install-PackageProvider -Name NuGet -Force
    Exit
    
    Update PowerShellGet
    Install-Module -Name PowerShellGet -Force
    Exit
    

    Install PowerShell Scripts

    Run from the Powershell Gallery the Workflow to Download All Gallery Modules:

  3. Click the “Deploy” button or:

    Install-Script -Name Download-AllGalleryModules
    

    Response:

    Untrusted repository
    You are installing the scripts from an untrusted repository. If you trust
    this repository, change its InstallationPolicy value by running the
    Set-PSRepository cmdlet. Are you sure you want to install the scripts from
    'PSGallery'?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
    
  4. Press A to accept install of all modules from an untrusted source.

    BLAH: Response: See https://github.com/Azure/azure-powershell/issues/11772

    Install-Package: /usr/local/microsoft/powershell/7/Modules/PowerShellGet/PSModule.psm1:10044                             Line 10044 |
       | … talledPackages = PackageManagement\Install-Package @PSBoundParameters
       | The specified script file
       | '/var/folders/r7/_4wzn4hn6yb2xxlms995lnkc0000gn/T/1269304408/Download-AllGalleryModules.0.1.0/Download-AllGalleryModules.ps1' has parse errors, try again after fixing the parse errors.
    
  5. Click the “Deploy” button. You should see Azure’s Custon Deployment bolt with Parameters:

  6. Type in for new Resource Group name “Download-AllGalleryModules”.
  7. Click Create to see error icons.
  8. Click Edit parameters.
  9. Select your Resource group location (such as “East US 2”).
  10. Click Review legal terms then click Purchase.
  11. Click Create.

PowerShell Prompt

To specify a carriage return and new line, instead of the \n on Linux, on PowerShell we use the back-tick key in rn.

I use that to customize my PowerShell prompt to be at the same location every time.

  1. There are <a target=”_blank” href=”https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-7.1”“>several profile .ps1 files</a>. For a list of them, within PowerShell:

    $PROFILE | Get-Member -Type NoteProperty
  2. To test whether a file has been created:

    Test-Path -Path $PROFILE.AllUsersAllHosts

  3. On a Mac, edit the ~/.profile file (which is automatically run when PowerShell is started) to add my custom prompt:

    function Prompt
    {
    $env:COMPUTERNAME + "`r`n  $(Get-Date) " + (Get-Location) + "`r`n> "
    }
    

The PowerShell $PSHOME folder is different depending on operating system:


CLI AZ Versions & Upgrade

  1. List Azure Verbs

    az
    

    Response:

    Welcome to the cool new Azure CLI!
  2. List Azure version:

    az --version
    
    azure-cli                         2.19.1 *
    core                              2.19.1 *
    telemetry                          1.0.6
    Extensions:
    azure-cli-iot-ext                  0.8.7
    Python location '/usr/local/Cellar/azure-cli/2.19.1/libexec/bin/python'
    Extensions directory '/Users/wilson_mar/.azure/cliextensions'
    Python (Darwin) 3.8.8 (default, Feb 21 2021, 08:26:42) 
    [Clang 12.0.0 (clang-1200.0.32.29)]
    Legal docs and information: aka.ms/AzureCliLegal
    You have 2 updates available. Consider updating your CLI installation with 'az upgrade'
     
    Please let us know how we are doing: https://aka.ms/azureclihats
    and let us know if you're interested in trying out our newest features: https://aka.ms/CLIUXstudy
    
  3. Upgrade Azure:

    az upgrade
    
    This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
    Your current Azure CLI version is 2.19.1. Latest version available is 2.20.0.
    Please check the release notes first: https://docs.microsoft.com/cli/azure/release-notes-azure-cli
    
  4. List Regions = Locations with Providers:

    $FormatEnumerationLimit=-1 
     Get-AzLocation
    

    PROTIP: The format command expands elipsis (…) See https://greiginsydney.com/viewing-truncated-powershell-output/

    Location    : eastasia
    DisplayName : East Asia
    Providers   : {Microsoft.Security, 84codes.CloudAMQP, LiveArena.Broadcast, Microsoft.AAD…}
    

Install for ARM Declarative Templates

declarative syntax are defined in Resource Manager templates used by ARM to enable infrastructure configurations to be defined (much like Puppet).


Install Azure Module

  1. Within pwsh :

    Install-Module -Name Az -AllowClobber
  2. Type A to respond:

    Untrusted repository
    You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you 
    want to install the modules from 'PSGallery'?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): 
    

    Azure .NET Core Deprecated

NOTE: We don’t use “AzureRM….” modules/commands any more.

  1. Establish admin rights on MacOS:

    sudo -v

  2. Install Azure PowerShell for .NET Core:

    Install-Module AzureRM.NetCore

    No response is expected when successful.

  3. Load the module into your PowerShell session. Modules are loaded using the Import-Module cmdlet:

    Import-Module AzureRM.Netcore
    WARNING: AzureRM.Netcore has been deprecated.  Use the 'Az' module instead.  The 'Az' module is avalable from the PSGallery https://www.powershellgallery.com/packages/Az/. You can find information about getting started with 'Az' at https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az. To uninstall AzureRM.Netcore you can use the provided 'Uninstall-AzureRMNetcore' cmdlet.
    

    http://www.signalwarrant.com/automate-creating-lab-virtual-machines-in-azure-with-powershell/

    Azure Environments (Clouds)

    READ:

  4. Get a list of Resoure Manager Environments available:

    Get-AzureRmEnvironment | Select-Object Name

    Sample response:

    AzureCloud
    AzureChinaCloud
    AzureUSGovernment
    AzureGermanCloud
    
  5. Create an Azure Service Principal if you don’t have one

    READ:

  6. Get your TenantId from your subscription after logging in interactively:

    Get-AzureRmSubscription

    CAUTION: This sample response exposes senstive information:

    Environment           : AzureCloud
    Account               : username@contoso.com
    TenantId              : XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
    SubscriptionId        : XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
    SubscriptionName      : My Production Subscription
    CurrentStorageAccount :
    
  7. Get the dialog box asking for your Azure credentials to login interactively at https://aka.ms/devicelogin:

    Login-AzureRmAccount -EnvironmentName AzureCloud

    Alternately, login by specifying an Azure Service Principle:

    Login-AzureRmAccount -ServicePrincipal -ApplicationId “http://my-app” -Credential $pscredential -TenantId $tenantid

    PROTIP: Some put the above command in a command file with a short name.

  8. Pop-up help for a command to a different window for multiple windows:

    help Get-AzureSubscription -ShowWindow
    

Alternative automation

VIDEO

Pulumi

Pulumi enables programmatic access to Azure in JavaScript for use by application-building devs.

Pulumi does not generate templates.

Azure Bicep

is an ARM DSL developed by the Azure team like Terraform

Farmer

Use simplified “.fs” DSL code that runs to spit out ARM template JSON files.

  1. In the folder containing the .fs file you want to run:

    dotnet run

https://compositionalit.github.io/farmer/

https://github.com/compositionalit/farmer


Sign Into Azure

zzz

Connect-AzAccount with credentials

  1. Obtain a browser URL to sign into your Azure account:

    Connect-AzAccount

    or

    Connect-AzureRmAccount

    Alternately, to get prompted in the CLI:

    Login-AzAccount -Credential (Get-Credential)

    Response:

    PowerShell credential request
    Enter your credentials.
    User: 
    
  2. On your default browser, pick (click on) the Microsoft account you want

    Authentication complete. You can return to the application. Feel free to close this browser tab.
  3. Switch back to the Terminal to see Account (email), SubscriptionName, TenantId (GUI), Environment (“AzureCloud”)

  4. See https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az?view=azps-5.6.0

Authenticate into Azure Cloud

  1. The easiest way:

    az login
    

    The response:

    The default web browser has been opened at https://login.microsoftonline.com/common/oauth2/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.
    
  2. Pick an account in your default internet browser.
  3. If you have MFA, answer it.
  4. You should see on the browser:

    You have logged into Microsoft Azure!
    You can close this window, or we will redirect you to the Azure CLI documents in 10 seconds.
    

    The URL to Azure CLI documents is:

    https://docs.microsoft.com/en-us/cli/azure

  5. Switch back to the CLI (on macOS: press command+tab).

Resources

  1. doc.microsoft.com: What is PowerShell?

  2. Pluralsight VIDEO: “PowerShell 7.0.3: Getting Started” 3h 4m 14 Sep 2020 by Michael Bender (@MichaelBender, itsallgeek2mike.com)

  3. https://docs.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app

  4. https://www.oneidentity.com/products/active-roles/

    Generate a visual diagram

  5. Use VSCode “ARM Viewer” to generate a visual diagram

    VIDEO: Generate an Architecture Diagramusing diagrams.net

    https://rules.ssw.com.au/architecture-diagram

    https://rules.ssw.com.au/azure-resources-diagram

    https://rules.ssw.com.au/azure-resources-creating

More on DevSecOps

This is one of a series on DevSecOps:

  1. DevOps_2.0
  2. ci-cd (Continuous Integration and Continuous Delivery)
  3. User Stories for DevOps
  4. Enterprise Software)

  5. Git and GitHub vs File Archival
  6. Git Commands and Statuses
  7. Git Commit, Tag, Push
  8. Git Utilities
  9. Data Security GitHub
  10. GitHub API
  11. TFS vs. GitHub

  12. Choices for DevOps Technologies
  13. Pulumi Infrastructure as Code (IaC)
  14. Java DevOps Workflow
  15. Okta for SSO & MFA

  16. AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)
  17. AWS server deployment options

  18. Cloud services comparisons (across vendors)
  19. Cloud regions (across vendors)
  20. AWS Virtual Private Cloud

  21. Azure Cloud Onramp (Subscriptions, Portal GUI, CLI)
  22. Azure Certifications
  23. Azure Cloud

  24. Azure Cloud Powershell
  25. Bash Windows using Microsoft’s WSL (Windows Subystem for Linux)
  26. Azure KSQL (Kusto Query Language) for Azure Monitor, etc.

  27. Azure Networking
  28. Azure Storage
  29. Azure Compute
  30. Azure Monitoring

  31. Digital Ocean
  32. Cloud Foundry

  33. Packer automation to build Vagrant images
  34. Terraform multi-cloud provisioning automation
  35. Hashicorp Vault and Consul to generate and hold secrets

  36. Powershell Ecosystem
  37. Powershell on MacOS
  38. Powershell Desired System Configuration

  39. Jenkins Server Setup
  40. Jenkins Plug-ins
  41. Jenkins Freestyle jobs
  42. Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile

  43. Docker (Glossary, Ecosystem, Certification)
  44. Make Makefile for Docker
  45. Docker Setup and run Bash shell script
  46. Bash coding
  47. Docker Setup
  48. Dockerize apps
  49. Docker Registry

  50. Maven on MacOSX

  51. Ansible

  52. MySQL Setup

  53. SonarQube & SonarSource static code scan

  54. API Management Microsoft
  55. API Management Amazon

  56. Scenarios for load