Automating Your Azure Environment

Automating Your Azure Environment

Michael S. CollierCloud Solution Architect,

Microsoft

Level: Intermediate

Michael S. CollierCloud Solution ArchitectMicrosoft

[email protected]

@MichaelCollierwww.MichaelSCollier.comhttp://aka.ms/csablog

http://aka.ms/fundamentalsofazure

Today’s Agenda1. Why Automation in Azure?

2. Azure Management Library

3. Azure PowerShella) Azure Service Managementb) Azure Resource Manager

4. Azure Automation

Why Automate in Azure?

Why Automation?• Time to provision full environments

– Compute, storage, etc.

• Deployment to multiple geographies– Change only configuration / parameters

Why Automation?#1 source of failed projects (IMO)

Humans TERRIBLE at repetitive tasks

A Few Options

REST API• Service

Management• Resource

Manager

A Few Options

REST API• Service

Management• Resource

Manager

Azure Management Library

A Few Options

REST API• Service

Management• Resource Manager


PowerShell• Invoke REST• Service


A Few Options

REST API• Service





XPlat CLI• ??

A Few Options

REST API• Service





XPlat CLI• ??

Azure Automation

Azure Management Library• Consistent modern libraries over the Azure

REST API– NET, Java, Python, Go, & Ruby

Source: http://www.BradyGaster.com

Azure Management Library• Scenarios

– Integration Testing– Custom provisioning of services (SaaS)– Dev/Test– Resource Governance

• Almost anything you may want to automate

Azure Management Library• Microsoft.WindowsAzure.*

– Older RDFE version– Not recommended

• Microsoft.Azure.*– Based on new Azure Resource Manager (ARM)– Recommended

Azure Management Library• Get all or

just the ones you need

Authentication• Azure Active Directory

• Create a service principal– Password (PowerShell or CLI)– Certificate (PowerShell)

• Assign necessary ROLE to the service principal

Create the Service PrincipalSwitch-AzureMode AzureResourceManager

Select-AzureSubscription -SubscriptionName “My MSDN Azure”

$appName = "VSLiveNYC2015"$appHomePage = "http://localhost"$appUri = "http://localhost"$pwd = "test!123"

# Create a new Azure AD application$azureAdApp = New-AzureADApplication -DisplayName $appName -HomePage $appHomePage -IdentifierUris $appUri -Password $pwd -Verbose

# Create a service principalNew-AzureADServicePrincipal -ApplicationId $azureAdApp.ApplicationId

# Assign a role to the service principalNew-AzureRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApp.ApplicationId

# Get the subscription for the role assignment$subscription = Get-AzureSubscription | where { $_.IsCurrent }

# Create a new credential object to contain the credentials$creds = Get-Credential -UserName $azureAdApp.ApplicationId -Message "enter your creds"

Add-AzureAccount -Credential $creds -ServicePrincipal -Tenant $subscription.TenantId

Get this at http://aka.ms/uognfb

Get the Authentication Token

private const string SubscriptionId = “[YOUR_AZURE_SUBSCRIPTION_ID]";private const string TenantId = “[YOUR_AZURE_AD_TENANT_ID]";private const string ApplicationId = “[YOUR_NEWLY_REGISTERED_APP_id]";private const string ApplicationPwd = "test!123";

public static string GetAToken(){ var authenticationContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", TenantId)); var credential = new ClientCredential(clientId: ApplicationId, clientSecret: ApplicationPwd); var result = authenticationContext.AcquireToken(resource: "https://management.core.windows.net/", clientCredential: credential);

if (result == null) { throw new InvalidOperationException("Failed to obtain the JWT token"); }

string token = result.AccessToken; return token;}

Get this at http://aka.ms/uognfb

DemoAuthenticate and Browse

Demo Recap1. Create a Service Principal in Azure AD2. Get the JWT authentication token3. Create a credential object with token and

subscription4. Create a resource client5. Execute actions against the client

PowerShell Cmdlets• Get the goods

http://azure.microsoft.com/en-us/downloads/ https://github.com/Azure/azure-powershell/releases

PowerShell• Use cmdlets and/or REST APIs• Ability to script complex environments

– Template with an XML parameters file– PowerShell learning curve– Your responsibility to handle errors & ensure

consistency• Consistent Deployments

– Build server or developer machine

Authentication Options• Interactive

– Azure ADPS C:\> Add-AzureAccount

* Tip – Profile data stored in C:\Users\<user>\AppData\Roaming\Windows Azure Powershell

Authentication Options• Interactive

– Azure ADPS C:\> Add-AzureAccountVERBOSE: Account "[email protected]" has been added.VERBOSE: Subscription "MSFT Azure Internal - Collier" is selected as the default subscription.VERBOSE: To view all the subscriptions, please use Get-AzureSubscription.VERBOSE: To switch to a different subscription, please use Select-AzureSubscription.

Id Type Subscriptions Tenants-- ---- ------------- [email protected] User 0bbbc191-0023-aaaa-yyyy-xxxxxxxxxxxx 9b6b07ee-3eb1-aaaa-yyyy-xxxxxxxxxxxx 278b93db-29ab-aaaa-yyyy-xxxxxxxxxxxx 715f4ed0-544a-aaaa-yyyy-xxxxxxxxxxxx 3acf171d-3d34-aaaa-yyyy-xxxxxxxxxxxx 72f988bf-86f1-aaaa-yyyy-xxxxxxxxxxxx c68d7703-d6ed-aaaa-yyyy-xxxxxxxxxxxx 20acfbf0-4318-aaaa-yyyy-xxxxxxxxxxxx 57c8cb4e-3ce2-aaaa-yyyy-xxxxxxxxxxxx a28aed54-1dc8-aaaa-yyyy-xxxxxxxxxxxx b5fb8dfb-3e0b-aaaa-yyyy-xxxxxxxxxxxx 362755da-bfb2-aaaa-yyyy-xxxxxxxxxxxx 9a94b816-e790-aaaa-yyyy-xxxxxxxxxxxx 7805bdb6-17da-aaaa-yyyy-xxxxxxxxxxxx cd978409-0ac9-aaaa-yyyy-xxxxxxxxxxxx

* Tip – Profile data stored in C:\Users\<user>\AppData\Roaming\Windows Azure Powershell

Authentication Options• Programmatic

– Management certificate– New –credentials option

$userName = "<your work/school account user name>"

$securePassword = ConvertTo-SecureString -String "<your work/school account password>" -AsPlainText -Force

$cred = New-Object System.Management.Automation.PSCredential($userName, $securePassword)

Add-AzureAccount -Credential $cred

http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/

DemoCreate a VM with Custom Script ExtensionDeploy a Cloud Service

Demo Recap1. Authenticate PowerShell with Azure2. Upload to blob storage a .ps1 script to format

drives3. Provision new Azure VM via PowerShell.

a) Custom script extension to format data disks

4. Create Cloud Service (web role) project5. PowerShell script to upload and deploy

Azure Resource ManagerWhat is Azure Resource Manager?

Resource Group

Unit of Management• Lifecycle• Identity• Grouping

One Resource -> One Resource Group

ARM BenefitsDesired-state deployment

Faster deployment

Role-based access control (RBAC)

Resource-provider model

Orchestration

Resource configuration

SQL - A Website VirtualMachines

SQL-AWebsite[SQL CONFIG] VM (2x)

DEPENDS ON SQLDEPENDS ON SQL

SQLCONFIG

Image source - http://channel9.msdn.com/Events/Build/2014/2-607

Cache

Consistent Management Layer

Azure Resource Manager

Website VM SQL DB

Resource Provider

…..

Provider Contract

https://management.azure.com/subscriptions/{{subscriptionId}}/providers?api-version={{apiVersion}}

Tools

?

REST API

ARM FunctionsARM Templates supports small set of built-in functions

parameters, variablesreference, resourceGroup, resourceIdbase64, concat, padLeft, padLeft, replace, toLower, toUpperdeployment, provider, subscriptionlistKeys

Not supportedUser-defined functionsControl constructs – if, while, etc.

Loops and Nested TemplatesLoops

Provide basic copy capabilityUseful in cloning resource configurationFor example, deploying multiple VMs

Nested TemplatesOne template can invoke anotherSimplifies creation of sophisticated templatesSupports parametersSupports output variables

ARM Deployment LogsLogs

ProviderResource groupResource

AvailabilityKept for 15 daysDefault is last hour (PowerShell)Filter by Status e.g., Failed

PowerShellGet-AzureResourceProviderLogGet-AzureResourceGroupLogGet-AzureResourceLog

DemoCreate a new Azure Web App + SQL DB

Demo Recap1. Get latest Azure SDK for Visual Studio2. Create new ‘Azure Resource Group’ project3. Add Web App + SQL template4. Provide parameters5. Deploy via PowerShell

What is Azure Automation?• IT process automation solution for Azure

– Creation, monitoring, deployment, & maintenance

– Runbooks & Assets– Leverage existing PowerShell scripts

Runbook Types• PowerShell Workflow

– Windows Workflow Foundation• Checkpoint, suspend, & resume

– Parallel or serial execution– Compilation (time increases as complexity increases)

• PowerShell (native)– No checkpoint, suspend, or resume– Serial execution only– No compile step! Fast!

DemoStop VMs nightly

Demo Recap1. Create Azure Automation account

a) Create an AAD user for Azure Automationb) Create an Azure Connection Asset

2. Create Runbook to Stop VMs1. Connect to Azure subscription2. Iterate over all services and VMs

3. Test Runbook4. Publish Runbook5. Link Runbook to a Schedule

Choices . . . When to UseMAML

• PCL (WinPhone/WinStore)• Higher level languages

PowerShell

• DevOps• Templates• Build Servers• Quicker than portal

Azure Automation

• Schedule Tasks• Integrate with Other Services• System Center scripts

Azure Resource Manager

• Future for Azure API• New, well-defined topology• Unable to export from cloud

Resources• Azure Resource Manager Preview SDKs

– https://azure.microsoft.com/en-us/blog/azure-resource-manager-preview-sdks/

• Authenticating a service principal with Azure Resource Manager– https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-

service-principal/

• Keith Mayer’s blog posts on Azure Automation– http://

blogs.technet.com/b/keithmayer/archive/2014/04/04/step-by-step-getting-started-with-windows-azure-automation.aspx

https://azure.microsoft.com/en-us/blog/azure-resource-manager-preview-sdks/

http://blogs.technet.com/b/keithmayer/archive/2014/04/04/step-by-step-getting-started-with-windows-azure-automation.aspx



Questions?

Thank You!

Michael S. Collier@MichaelCollier | www.michaelscollier.com

[email protected] | [email protected]

Automating Your Azure Environment

Technology

Transcript of Automating Your Azure Environment