Differences between revisions 1 and 15 (spanning 14 versions)

Azure Cloud (Microsoft)

Link SaltCloudAzure , Azure/Kubernetes, k8s/Azure

AZ cli tool

AZ cli

$ docker run -it microsoft/azure-cli
az login

In the AZ cli, create a principal account to be used by automation https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest

AZ cli SP (Service Principal)

SP is userid used by a app with limited access.

List roles for ID:"06a.....68" on subscription "Non-prod"

az role assignment list --all --assignee "06a.....68" --subscription "Non-prod"

Logged in to AZ with your own account you can create a SP and give it access to a RG e.g.

az role assignment list --assignee "06a.....68" --resource-group rg-k8s --subscription "Non-prod"

AZ find all public IP's / VM's

az network public-ip list --subscription <abc>
az vm list-usage  --location australiaeast -o table
export azsub=<"subscription">
az vm show --show-details --ids $(az vm list --subscription "$azsub" --query "[].id" -o tsv) | jq .

AZ find a image

2018 - https://docs.microsoft.com/en-us/cli/azure/vm/image?view=azure-cli-latest
az configure --defaults location=
az vm image list-publishers --location

Powershell

Powershell on Linux using docker
- $ docker pull mcr.microsoft.com/powershell
- $ docker run -it microsoft/powershell

Run azure

https://shell.azure.com/

$ azure login
info:    Executing command login
- Authenticating...info:    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HAY8K6VD6 to authenticate.
info:    Added subscription Free Trial
+
info:    login command OK
pieter@Azure:~$

Get details
```
$ az account show
```

Create a service account

$ az ad sp create-for-rbac --name "SALT-ADMIN"
{
  "appId": "a0a000-0000-00000-0000-20",
  "displayName": "SALT-ADMIN",
  "name": "http://SALT-ADMIN",
  "password": "20000000-0000-0000-0000-000000000005",
  "tenant": "20000000-0000-0000-0000-000000000003"
}

# az ad sp show --id http://SALT-ADMIN

# az ad sp credential reset --name http://SALT-ADMIN

create ResourceGroup

az group create -n testRG -l "Australia East"

saltazurekeyringsecret ...

-  ⇤ ← Revision 1 as of 2018-06-19 03:20:14 → 
  Size: 210
  Editor: PieterSmit
  Comment:
+   ← Revision 15 as of 2020-01-23 21:03:39 → ⇥
  Size: 2456
  Editor: PieterSmit
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 4:
+ * Link [[SaltCloudAzure]] , [[Azure/Kubernetes]], [[k8s/Azure]]

== AZ cli tool ==

 * AZ cli {{{
$ docker run -it microsoft/azure-cli
az login
   }}}
 * In the AZ cli, create a principal account to be used by automation [[https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest]]

=== AZ cli SP (Service Principal) ===
 * SP is userid used by a app with limited access.
 * List roles for ID:"06a.....68"  on subscription "Non-prod" {{{
az role assignment list --all --assignee "06a.....68" --subscription "Non-prod"
}}}
 * Logged in to AZ with your own account you can create a SP and give it access to a RG e.g. {{{
az role assignment list --assignee "06a.....68" --resource-group rg-k8s --subscription "Non-prod"
}}}

== AZ find all public IP's / VM's ==
 * {{{
az network public-ip list --subscription <abc>
az vm list-usage  --location australiaeast -o table
export azsub=<"subscription">
az vm show --show-details --ids $(az vm list --subscription "$azsub" --query "[].id" -o tsv) | jq .
}}}

=== AZ find a image ===
 * 2018 - https://docs.microsoft.com/en-us/cli/azure/vm/image?view=azure-cli-latest
 * az configure --defaults location=
 * az vm image list-publishers --location


== Powershell ==
-Line 8:
+Line 42:
+ * Run azure
   * https://shell.azure.com/
     {{{ 
$ azure login
info:    Executing command login
- Authenticating...info:    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HAY8K6VD6 to authenticate.
info:    Added subscription Free Trial
+
info:    login command OK
pieter@Azure:~$
     }}}
   * Get details {{{
$ az account show
     }}}


   * Create a service account {{{
$ az ad sp create-for-rbac --name "SALT-ADMIN"
{
  "appId": "a0a000-0000-00000-0000-20",
  "displayName": "SALT-ADMIN",
  "name": "http://SALT-ADMIN",
  "password": "20000000-0000-0000-0000-000000000005",
  "tenant": "20000000-0000-0000-0000-000000000003"
}
}}}
    {{{
# az ad sp show --id http://SALT-ADMIN
}}}
    {{{
# az ad sp credential reset --name http://SALT-ADMIN
}}}
  * create ResourceGroup {{{
az group create -n testRG -l "Australia East"
    }}}

saltazurekeyringsecret