Deployment on Windows
- 13th April 2018 - az 2.0.31 is the latest
# Installing az curl -L https://aka.ms/InstallAzureCli | bash Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'
azure-cli2-commands
$ azure login $ azure account set "" $ azure config mode arm # Create resource group and set tags az group update --name devtoapp --set tags.Details='{"Environment":"dev"}' # Display all Azure regions az account list-locations --query [*].[displayName,name] -o table # Show your tenandId $ az account show --query "{tenantId:tenantId}" -o tsv 77777777-8666-1111-1111-2d7cd011dbdb # Useful for an quick overview of what services may be configured in your subscription az group list --query '[].{ ResourceGroup: name, Location:location }' -o tsv # Opening up a firewall rule $ az vm open-port -g u16041-rg -n u16041 --port 20000 --priority 1001 # Modifying the NSG $ az network nsg rule create --nsg-name --resource-group -n pacman-nonstandard-8889 --direction 'Inbound' \ --priority 2001 --access Allow --source-address-prefixes '*' --source-port-ranges '*' --destination-address-prefixes '*' \ --destination-port-range 8889 --protocol tcp --debug # Deploy a VM from an ARM Template az group deployment create --template-file azuredepoy.json --parameters '@vmparams.json' --resource-group myvms --output table ## View public IP az vm show -d --resource-group myResourceGroup --name linuxVM --query publicIps -o tsv # View Azure VM Types available in SouthEastAsia regin (Singapore) az vm list-sizes --location southeastasia --query "[].name" -o tsv ### VM Images # View publishers of SKU's az vm image list-publishers --location southeastasia --output table # View RedHat offers (SKU's) - RHEL, rhel-byol, RHEL-SAP-HANA, az vm image list-offers --publisher RedHat --location southeastasia # List SKU's - 7.3, 7.2, 7.1 az vm image list-skus --offer RHEL --publisher RedHat --location southeastasia --output table # View all RHEL SKU's az vm image list --location southeastasia --offer RHEL --publisher RedHat --sku 7.3 --all --output table # List all UbuntuServer SKUs az vm image list-skus --offer UbuntuServer --publisher Canonical --location southeastasia --output table # Display image info on RHEL 7.3 - The image name is : 7.3.2017090723 az vm image show --location southeastasia --publisher RedHat --offer RHEL --sku 7.3 --version 7.3.2017090723 # View all Azure VM Types which can be used to VM Re-Sizing az vm list-vm-resize-options --name ubuntu1710 --resource-group ubuntu1710-rg --output table # View Ubuntu Urn's az vm image list --location southeastasia --offer UbuntuServer --publisher Canonical --sku 18.04 --all --output table # View Ubuntu Image Specs az vm image show --location westus --publisher Canonical --offer UbuntuServer --sku 16.04-LTS --version 16.04.201801260 # View Urn and UrnAlias of all images in a region - may timeout $ az vm image list -o table --location southeastasia --all You are viewing an offline list of images, use --all to retrieve an up-to-date list Offer Publisher Sku Urn UrnAlias Version ------------- ---------------------- ------------------ -------------------------------------------------------------- ------------------- --------- WindowsServer MicrosoftWindowsServer 2016-Datacenter MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest Win2016Datacenter latest WindowsServer MicrosoftWindowsServer 2012-R2-Datacenter MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest Win2012R2Datacenter latest WindowsServer MicrosoftWindowsServer 2008-R2-SP1 MicrosoftWindowsServer:WindowsServer:2008-R2-SP1:latest Win2008R2SP1 latest WindowsServer MicrosoftWindowsServer 2012-Datacenter MicrosoftWindowsServer:WindowsServer:2012-Datacenter:latest Win2012Datacenter latest UbuntuServer Canonical 16.04-LTS Canonical:UbuntuServer:16.04-LTS:latest UbuntuLTS latest CentOS OpenLogic 7.3 OpenLogic:CentOS:7.3:latest CentOS latest openSUSE-Leap SUSE 42.2 SUSE:openSUSE-Leap:42.2:latest openSUSE-Leap latest RHEL RedHat 7.3 RedHat:RHEL:7.3:latest RHEL latest SLES SUSE 12-SP2 SUSE:SLES:12-SP2:latest SLES latest Debian credativ 8 credativ:Debian:8:latest Debian latest CoreOS CoreOS Stable CoreOS:CoreOS:Stable:latest CoreOS latest
## Build out VM az group create --name ubuntu-rg --location southeastasia az vm create \ --resource-group ubuntu-rg \ --name ubuntuVM1 \ --location southeastasia \ --image UbuntuLTS \ --ssh-key-value ~/.ssh/id_rsa.pub \ --admin-username azureuser az vm create --resource-group rg1 --location westeurope --name fedora26 --os-type linux \ --admin-username username --ssh-key-value ~/.ssh/id_rsa.pub --attach-os-disk fedora26managed \ --size Standard_DS1 --data-disk-sizes-gb 5 # Create a managed disk, using Azure CLI 2.0 in this example: az disk create --resource-group rg1 --name fedora26managed --source https://username.blob.core.windows.net/container1/fedora26.vhd # Verify its really there: az disk list -g resourcegroup1 --output=table # Or run az from a container (did'nt work when last tested due to Python dependency's) docker run -v ${HOME}:/root -it azuresdk/azure-cli-python:latest # Display subscription ID and Tenant ID $ az account show --query "{subscriptionId:id, tenantId:tenantId}" $ az group list | grep '"name":' "name": "my-rg", $ az vm list --show-details -d --output jsonc | egrep '(powerState|offer|sku|vmName|resourceGroupName|Ips)' "powerState": "VM running", "privateIps": "10.200.200.5", "publicIps": "", "resourceGroupName": "MYRG", "vmName": "k8s-master-6F3AE52A-0", "offer": "UbuntuServer", "sku": "16.04.0-LTS", $ az vm list --show-details -d --output table Name ResourceGroup PowerState Fqdns Location PublicIps --------------------- --------------- -------------- ------------------------------------------- ------------- ------------- WINSERVER2016 2016SERVER-RG VM deallocated win2016.southeastasia.cloudapp.azure.com southeastasia k8s-agent-6F3AE52A-0 DAZK8SRG VM running southeastasia k8s-agent-6F3AE52A-1 DAZK8SRG VM running southeastasia k8s-agent-6F3AE52A-2 DAZK8SRG VM running southeastasia k8s-master-6F3AE52A-0 DAZK8SRG VM running southeastasia RHEL73 RHEL73_RG VM running southeastasia 12.200.200.13 $ az vm list --query "[?provisioningState=='Succeeded'].{ name: name, os: storageProfile.osDisk.osType }" $ az vm restart --resource-group myrg --name "k8s-agent-6F3AE52A-2" { "endTime": "2017-07-06T06:00:24.997282+00:00", "error": null, "name": "37ebeef3-d174-4c81-b566-8d902f2d1af8", "startTime": "2017-07-06T06:00:24.872255+00:00", "status": "Succeeded" } # Your metadata is stored outside of the VM and includes the external IP address, amongst other data. curl -H Metadata:true http://169.254.169.254/metadata/instance?api-version=2017-03-01 # View your Azure VM Type curl -H Metadata:true http://169.254.169.254/metadata/instance?api-version=2017-12-01 2>/dev/null | jq -c '.[] | {vmSize}' {"vmSize":"Standard_D2s_v3"} # To update the failed network interface: az network nic update -g RG-NAME -n NIC-NAME # Display Azure VM Types (SKU's) within a region az vm list-skus --location southeastasia --query '[].name' -o table # List the name of the resource group in table output format: az group list --query '[].name' -o table # Deploying a soution from Azure Marketplace using Azure CLI https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/virtual-machines/linux/cli-ps-findimage.md # Show Account Subscription az account list --query '[?isDefault].id' -o tsv # Query all Service Principal's by Account Subscription az ad sp list --query "[?contains(id, '123456-fafb-4353-828b-ab5083d12345')]" # Query by SP name az ad sp list --query "[?contains(displayName, 'lnx')]" # Remove the Service Principal az ad sp delete --id "Fabmedical-sp" # Creating an Azure Container Registry - ACR az acr create --name fabmedicaldaz --sku Standard --resource-group fabmedical-daz-rg --location eastus --admin-enabled az acr show --name fabmedicaldaz --resource-group fabmedical-daz-rg az acr credential show --name fabmedicaldaz --resource-group fabmedical-daz-rg -o table # Execute commands as root from outside of the VM. # When the sudoers file has become corrupt and you don't have a root password you can easily fix this. az vm extension set -g ubuntu1710-rg --vm-name ubuntu1710 -n customScript --publisher Microsoft.Azure.Extensions --version 2.0 \ --settings '{"commandToExecute": "chmod o+w /etc/sudoers"}' Control-c after 30 seconds $ ls -l /etc/sudoers -r--r---w- 1 root root 755 Jun 13 2017 /etc/sudoers $ az vm extension delete -h ubunty1710-rg --vm-name ubuntu1710 $ az resource list --resource-type "Microsoft.Storage/storageAccounts" # Explore JSON path interactively $ pip install jmespath-terminal $ az vm list --output json | jpterm $ az vm list --query '[].{name:name, resourceGroup:resourceGroup, image:storageProfile.imageReference.offer}' -o tsv fabmedical-daz FABMEDICAL-DAZ-RG UbuntuServer # To view if your VM's have maintenance scheduled or require a reboot # https://docs.microsoft.com/en-us/azure/virtual-machines/linux/maintenance-notifications # https://channel9.msdn.com/Shows/Tuesdays-With-Corey/Combine-Azure-scheduled-events-with-Event-Grid Alternate method to do this $ az vm list --query '[].{name:name, resourceGroup:resourceGroup}' -o tsv | xargs -t -n 2 sh -c 'az vm get-instance-view -n $0 -g $1' | grep maintenanceRedeployStatus
AKS - Howto view the expiry on the AKS SP
# List AKS clusters within your subscription
$ az resource list --resource-type "Microsoft.ContainerService/managedClusters"
# Display all details on your AKS cluster including clientId
$ az resource show -n my-aks -g my-aks-rg --resource-type "Microsoft.ContainerService/managedClusters"
$ az ad sp list --spn <clientId> | grep appId
# Show expiry date on your SP and search on endDate. Ignore characters after the T.
$ az ad app show --id <appId> | grep endDate
# Reset credential for 1 more year
$ az ad sp reset-credentials --name <appId>
Service Principals
- https://markheath.net/post/create-service-principal-azure-cli
- Service Principals in Azure expire after 1 year by default
# Creating a SP
azure ad sp create --applicationId $CLIENT_ID
# Show expiry date on your SP and search on EndDate
az ad app show --id <appId>
# get the app id
appId=$(az ad app list --display-name $appName --query [].appId -o tsv)
# To see the expiration date on a SP through the portal
Azure Portal / App Registrations / DisplayName / Settings / Keys / Expires
Disk Management
Expanding an Azure data disk - Requires you to power-off the VM
# Display managed disks within a resource group, size is in GiB
az disk list -g rhel75-rg --output table
Name ResourceGroup Location Zones Sku SizeGb ProvisioningState OsType
------------------------------------------------ --------------- ------------- ------- ----------- -------- ------------------- --------
rhel75_disk2_7c2ffb9dd9f94fc68ac0fc976d58436f rhel75-rg southeastasia Premium_LRS 5 Succeeded
rhel75_disk3_09713040473f426c952aae77c67fe95c rhel75-rg southeastasia Premium_LRS 5 Succeeded
rhel75_OsDisk_1_43958238a75444199b25b7d8336bb939 rhel75-rg southeastasia Premium_LRS 32 Succeeded Linux
# Deallocate disk from VM (Switches it off)
az vm deallocate --resource-group myResourceGroupDisk --name myVM
# Resize a disk - Enter the new size
az disk update --name myDataDisk --resource-group myResourceGroupDisk --size-gb 1023
# Start VM
az vm start --resource-group myResourceGroup --name myVM
# Un-mount disk, if auto-mounted when VM starts
sudo parted /dev/sdc
(parted) resizepart
Partition number? 1
End? [107GB]? 215GB
sudo e2fsck -f /dev/sdc1
sudo resize2fs /dev/sdc1
sudo mount /dev/sdc1 /datadrive
df -h /datadrive1
Test random R/W to view IOPS and Throughput performance - Creates a file on the existing file-system
df -h /datadrive3
sudo fio -filename=/datadrive3/test -iodepth=8 -ioengine=libaio -direct=1 -rw=randwrite -bs=4k \
-numjobs=1 -runtime=30 -group_reporting -name=test-randwrite -size 479G
Un-attach a Disk from a VM and delete Azure Data Disk
Backup Data before destroying disk
az disk list --resource-group ubuntu1710-rg -o table
# Stop any app using the file-system
umount /datadrive3
# Remove entry from /etc/fstab
# This will remove the owner flag from the disk which is the name of the VM where the disk is imported
az vm disk detach --name myDataDisk3 -g ubuntu1710-rg --vm-name ubuntu1710
az disk delete --name myDataDisk3 --resource-group ubuntu1710-rg --no-wait
Storage troubleshooting
- Maximum throughput and IOPS are based on the VM limits, not on the disk limits.
- Cross reference throughput required as indicated in the Premium Disk with the Azure VM Type.
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/premium-storage#premium-storage-scalability-and-performance-targets
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes-general
Azure Locks
$ az group lock create --resource-group test -n test-CanNotDelete --lock-type CanNotDelete
{
"id": "/subscriptions/<snip>/resourceGroups/test/providers/Microsoft.Authorization/locks/test-CanNotDelete",
"level": "CanNotDelete",
"name": "test-CanNotDelete",
"notes": null,
"owners": null,
"resourceGroup": "test",
"type": "Microsoft.Authorization/locks"
}
$ az group lock delete -g test -n test-CanNotDelete
$ az group delete --resource-group test --yes
The scope '/subscriptions/<snip>/resourcegroups/test' cannot perform delete operation because following scope(s) are locked: '/subscriptions/<snip>/resourceGroups/test'. Please remove the lock and try again.
$ az group lock list -g test
[
{
"id": "/subscriptions/<snip>/resourceGroups/test/providers/Microsoft.Authorization/locks/test-CanNotDelete",
"level": "CanNotDelete",
"name": "test-CanNotDelete",
"notes": null,
"owners": null,
"resourceGroup": "test",
"type": "Microsoft.Authorization/locks"
}
]
$ az group lock show -g test -n test-CanNotDelete
{
"id": "/subscriptions/<snip>/resourceGroups/test/providers/Microsoft.Authorization/locks/test-CanNotDelete",
"level": "CanNotDelete",
"name": "test-CanNotDelete",
"notes": null,
"owners": null,
"resourceGroup": "test",
"type": "Microsoft.Authorization/locks"
}
Report CPU usage of less than 20% in Azure Advisor
az advisor configuration update -l 20
az advisor configuration show
Using MSI with SQL Server
$az webapp identity assign --resource-group MyApp --name MyaddresssBook
{
"principalId": "addeebee-1c21-4e8f-bf0f-5e4b07b363d7"
"tenantId" "0ec02b79-d89f-48c4-9870-da4a7498d887"
"type:" "SystemAssigned"
}
$ az sql server ad-admin create --resource-group MyApp --server-name zaalion --display-name msiadmin --object-id addeebee-1c21-4e8f-bf0f-5e4b07b363d7
Increasing VM's within a VM ScaleSet
az vmss scale --resource-group 'labs-rg' --name labsvmss --new-capacity 4
Use a Single Placement Group
az vmss update -n <vmss name> -g <vmss rg> --set singlePlacementGroup=true
Links
https://github.com/Azure/azure-cli
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-manage
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-manage-vm