An alternative way to landscaping in Azure… Terraform!

Introduction

In the past I’ve noticed a lot of people are afraid of “Azure Resource Manager Templates“. I can imagine that a bulk of JSON code isn’t always that user friendly… So today we’ll take a look at another IaC (Infrastructure-as-Code) approach you might like. We’re going to do a small demo where we’ll be using “Terraform” to deploy a network on Azure. So how to get started?

  • We’ll be creating a kind of service user in Azure which Terraform will use to log in.
  • We’ll be authoring a small configuration file that will serve as the input for our network
  • We’ll be applying that configuration file.

2017-03-01-11_48_07-select-windows-powershell

Seem simple enough? Let’s get started!

Continue reading “An alternative way to landscaping in Azure… Terraform!”

Azure : Mixing LogicApps & Functions as a periodic data retriever

Introduction

There are various articles/blogs/etc that compare logicapps vs flow vs functions vs azure automation, etc… Though there was one use case where I often struggled what to use ;

What to use when I want to retrieve a file from X on a Y timed interval?

Azure Functions? Great abstraction, though the output files have random names. Sometimes / Often I want to be able to control that.

Flow? Doesn’t allow the customization I was looking for. More to integrate existing / popular services.

Azure Automation? Very good and gets the job done. The only downside, you need to code a lot of logic yourself.

Azure Logic Apps? Shows potential, but doesn’t let you include custom functions. Or does it…?!?

You can link Azure Functions to Logic Apps and create some the flow I was looking for.

 

The Flow

So what do I want to do?

  • On a daily basis
  • Retrieve content from an authenticated API
  • Save the content to a Blob storage

And afterwards I’ll use other services to process that data. 🙂

 

The Proof-of-Concept

What do I want to achieve? On a daily basis I want to retrieve data from a service provider that serves sports data. And if you are looking for such a thing, check out MySportsFeed! So back to our proof-of-concept; how will this look in Logic Apps?

2017-01-20-21_10_27-inputs-microsoft-azure

Let’s dissect this flow…

Continue reading “Azure : Mixing LogicApps & Functions as a periodic data retriever”

Azure : Auto Shutdown of Servers

Did you know that the “Dev/Test Labs” service in Azure had a neat feature where you could schedule the shutdown of servers? No, or yes… Now this features has been integrated in all virtual machines. Nice!

So just go to the details blade of a virtual machine and click on the “Auto-Shutdown”-tile. Here you can enable / schedule a shutdown.

2016-12-05-19_22_16-auto-shutdown-microsoft-azure

Via this method, you configure it per VM. You can always use Azure automation / runbooks and do it per resource groups.

Why do this? In Azure you are billed per minute for your compute runtime. So shutting down (and deallocating) will safe you a great bunch!

Azure : Using PHP to go all oauth2 on the management API!

Introduction

As a hobby effort, I wanted to create a small poc where any user would be able to login with their AAD user, grant access to an application, after which that application could query their subscriptions.

In all honesty, I’ve been struggling more than I like to admit with getting this working… So this post will cover all the steps that you need to do to get this working!

 

Oauth & Azure AD

Before getting our hands dirty, read up on the following post ; Authorize access to web applications using OAuth 2.0 and Azure Active Directory

Ready it thoroughly! To be honest, I didn’t at first and it cost me a lot of time. 😉

Anyhow, the flow looks as follows…

active-directory-oauth-code-flow-native-app

So basically;

  • We’ll redirect the user to sign-in (and if this hasn’t been done, grant our application access)
  • If all went well, we’ll receive an authorization code
  • We’ll use this code to get a bearer (and refresh) token
  • Next up we’ll use the bearer code to connect to the Azure REST API for getting the list of subscriptions for that user.

Continue reading “Azure : Using PHP to go all oauth2 on the management API!”

Domain Join : ARM Extension versus Azure Automation DSC

Introduction

So you’ve already deployed Windows based systems in Azure. Very good! You’ve probably joined those systems into a domain, as you’ve always done this by going through the GUI. Did you know you can join a machine without logging into the machine? No? Then today’s post will be very interesting for you!

If you knew this was possible, then I’ll show you that there are various methods of doing so. And that each approach will have clear advantages and even disadvantages. So let’s get ready to domainjoin those systems!

 

Continue reading “Domain Join : ARM Extension versus Azure Automation DSC”

Enforcing your DSC config on Linux

Introduction

In the previous post we talked about configuring a Linux host with DSC via Azure Automation. When using the default settings, as we did in that post, a node configuration will be set to “apply & monitor”. Today we’ll take a look at how you can force compliancy with a certain config.

 

Register.py

When we take a look at the Register.py, we notice that there is an option to change the “ConfigurationMode”.

root@docker02:/opt/microsoft/dsc# /opt/microsoft/dsc/Scripts/Register.py --help
Usage: Register.py [OPTIONS]
OPTIONS (case insensitive):
--RegistrationKey KEY
--ServerURL URL
--ConfigurationName NAME
--RefreshFrequencyMins NUM default=30
--ConfigurationModeFrequencyMins NUM default=15
--ConfigurationMode (ApplyAndMonitor,ApplyAndAutoCorrect,ApplyOnly) default=ApplyAndMonitor
--RefreshMode (Pull|Push) default=Pull
--Help

 

The default

By default it is set to “ApplyAndMonitor”… So when I would manually mess with the system, by removing a required package. Then that node would become “Non Compliant”.

2016-09-20-20_06_47-9_20_2016-4_30-pm-microsoft-azure

So our reporting will indicate that something is odd. But there will be no remediation.

 

Enforce!

By using the “ApplyAndAutoCorrect” option, we can ensure that DSC will take action when a system is non-compliant. To set this mode, use the following command ;

root@docker02:~# /opt/microsoft/dsc/Scripts/Register.py --RegistrationKey my-secret-key --ServerURL https://we-agentservice-prod-1.azure-automation.net/accounts/accountid --ConfigurationMode ApplyAndAutoCorrect

 

“The Test”

Let’s take a look what the node will do when we remove one of the packages that has been included in the node configuration. To speed up my process, I reduced the refresh frequencyso I don’t have to wait endlessly… 😉

–RefreshFrequencyMins 5
–ConfigurationModeFrequencyMins 5

Anyhow, all looks good!

2016-09-20-20_19_59-9_20_2016-8_16-pm-microsoft-azure

So now let’s screw up this node…

root@docker02:/opt/microsoft/dsc# date && htop --help
Die Sep 20 20:16:38 CEST 2016
htop 2.0.1 - (C) 2004-2016 Hisham Muhammad
...
root@docker02:/opt/microsoft/dsc# date && apt-get remove htop -y
Die Sep 20 20:17:01 CEST 2016
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
htop
...

And the testing took a bit, longer as I noticed that the ConfigurationModeFrequencyMins option did not get set…

root@docker02:/opt/microsoft/dsc# Scripts/GetDscLocalConfigurationManager.py
instance of GetMetaConfiguration
{
ReturnValue=0
MetaConfiguration= instance of MSFT_DSCMetaConfiguration
{
ConfigurationModeFrequencyMins=30
RebootNodeIfNeeded=false
ConfigurationMode=ApplyAndAutoCorrect
Credential=NULL
RefreshMode=Pull
CertificateID=NULL
ConfigurationID=NULL
DownloadManagerName=NULL
DownloadManagerCustomData=NULL
RefreshFrequencyMins=1
AllowModuleOverwrite=false
LocalConfigurationManagerState=NULL
ConfigurationDownloadManagers=
{

 

… *waiting* …

Wait for it… and it’s back!

root@docker02:/opt/microsoft/dsc# date && htop --help
Die Sep 20 20:45:30 CEST 2016
htop 2.0.1 - (C) 2004-2016 Hisham Muhammad
Released under the GNU GPL.
...

2016-09-20-20_46_27-9_20_2016-8_45-pm-microsoft-azure

 

TL;DR

  • By default a non-compliant node will be reported, though no remediation will be done.
  • It is possible to configure the node to run in a mode where compliancy is enforced.

Managing Linux hosts with Desired State Configuration via Azure Automation

Introduction

For this post I’ll be assuming you know the basics of Desired State Configuration (or DSC in short). The objective of today is to test what Azure Automation can bring to the table in terms of managing Linux hosts. We all know about Puppet, Chef, Ansible, … but is Azure Automation a viable alternative? 

cmts1

 

First things first… Azure Automation Account

When getting started with DSC on linux, check out this documentation page as a reference. First up, we’ll create an Azure Automation account.

2016-09-15-14_05_03-inbox-karim-vaesxylos-com-outlook

Copy one of the keys and the URL, as we’ll need it to manually register our “OnPremise” host.

Continue reading “Managing Linux hosts with Desired State Configuration via Azure Automation”