Changes in bb87fc2: changes

				technology/cloud/azure.md
			
          @@ -1,21 +1,11 @@

           # azure

          -[aries](https://aries.ward.ie/x/YgFk)

          -## toc

          -

          -

          -## ward accounts (keepass)

          -  * dudley@wardazureward.onmicrosoft.com

          -    - non-prod (uat/dev)

          -  * dburrows@warddemo.onmicrosoft.com

          -    - prod

          -

          -## personal accounts

          +## accounts

             * blahthing@icloud.com

             * dudleyburrows@ward.ie

           ## az cli

          -[docs](https://docs.microsoft.com/en-gb/cli/azure/get-started-with-azure-cli?view=azure-cli-latest)

          +[docs][]

           ### useful cmds

             - show list of resource groups

          @@ -27,26 +17,12 @@

               az resource list -g <group_name> --output table

               ```

          -

          -create an Ubuntu vm called PP-WRD-TEST01 in the group P-WRD-RGRP on the PP-WRD-VNET vnet with no additional network security group, using username dburrows and public key for ssh

          -```

          -az vm create -g P-WRD-RGRP -n PP-WRD-TEST01 \

          ---vnet-name PP-WRG-VNET \

          ---nsg "" \

          ---image UbuntuLTS \

          ---ssh-key-value .ssh/dburrows.pub \

          ---admin-username dburrows

          -```

          -

          -create debian machine with no private ip and in subnet

          +create debian machine with no public ip and in prebuilt subnet, with tags

           ```

          -az vm create -g P-WRD-WIKI-RGRP -n P-WRD-WIKI-VM01 --vnet-name P-WRD-WIKI-VNET --nsg "" --image Debian --ssh-key-value .ssh/dburrows.pub --admin-username dburrows --tags created-by=dburrows --public-ip-address "" --subnet P-WRD-WIKI-SUBN

          +az vm create -g my-resource-group -n my-debian-vm --vnet-name my-vnet --nsg "" --image Debian --ssh-key-value .ssh/id_rsa.pub --admin-username pyratebeard --tags created-by=pyratebeard --public-ip-address "" --subnet my-subnet

           ```

          -

          -

          -

          -install the azure cli command `{{az}}` by running the following

          +install the azure cli command `az` by running the following

           ```

           curl -L https://aka.ms/InstallAzureCLI | bash

           ```

          @@ -63,7 +39,7 @@ az logout

           then run the login command again.

          -all the following steps _can_ be run from the portal cli as well as your local machine once you have installed {{az}}.

          +all the following steps _can_ be run from the portal cli as well as your local machine once you have installed `az`.

           ### changing subscriptions

          @@ -79,7 +55,7 @@ az account show

           then to change subscriptions run

           ```

          -az account set --subscription "Ward MS Partner Account"

          +az account set --subscription "My Other Subscription"

           ```

           ### show vm images

          @@ -89,7 +65,7 @@ az image list

           ### getting started

          -here is a quick run through of spinning up a [centos](https://www.centos.org/) virtual machine

          +here is a quick run through of spinning up a [centos][] virtual machine

             - create resource group

               ```

          @@ -101,14 +77,14 @@ here is a quick run through of spinning up a [centos](https://www.centos.org/) v

               ```

             - create a network rule in an existing security group

               ```

          -    az network nsg rule create --resource-group D-TST-RGRP --nsg-name D-TST-NSGP --name allow-ward --description "Allow all traffic from Ward public range" --access Allow --protocol Tcp --direction Inbound --priority 102 --source-address-prefix "93.94.119.240/28" --source-port-range "*" --destination-address-prefix "*" --destination-port-range "*"

          +    az network nsg rule create --resource-group D-TST-RGRP --nsg-name D-TST-NSGP --name allow-access --description "Allow all traffic from my public range" --access Allow --protocol Tcp --direction Inbound --priority 102 --source-address-prefix "97.108.19.240/28" --source-port-range "*" --destination-address-prefix "*" --destination-port-range "*"

               ```

             - create a virtual machine

               ```

               az vm create -g D-TST-RGRP -n D-TST-LAPP01 --image CentOS --generate-ssh-keys

               ```

          -once the VM is successfully created it will output some json. make note of the "publicIpAddress" value, and use this to {{ssh}} to the server.

          +once the VM is successfully created it will output some json. make note of the "publicIpAddress" value, and use this to `ssh` to the server.

           ## advanced tools

          @@ -119,36 +95,36 @@ you can check your current role with the cli. first you need to make a note of t

           az account show

           {

             "environmentName": "AzureCloud",

          -  "id": "b1447c5c-db40-4a01-9fc3-d56a740047b5",

          +  "id": "",

             "isDefault": true,

          -  "name": "Ward MS Partner Account",

          +  "name": "My Subscription",

             "state": "Enabled",

          -  "tenantId": "89252e5d-2862-422f-8279-7d0a49e32e6a",

          +  "tenantId": "",

             "user": {

          -    "name": "dudley@wardazureward.onmicrosoft.com",

          +    "name": "dudley@onmicrosoft.com",

               "type": "user"

             }

           }

           ```

          -copy the value from {{"user": "name":}}, then run the following replacing {{<value>}} with the username (usually an email address)

          +copy the value from `"user": "name":`, then run the following replacing `<value>` with the username (usually an email address)

           ```

           az role assignment list --assignee <value>

           [

             {

          -    "id": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5/providers/Microsoft.Authorization/roleAssignments/85f38488-d3f3-423b-afb7-77d8cadddd32",

          -    "name": "85f38488-d3f3-423b-afb7-77d8cadddd32",

          +    "id": "/subscriptions/providers/Microsoft.Authorization/roleAssignments/",

          +    "name": "",

               "properties": {

          -      "principalId": "5ad99088-9605-4a83-843c-71bc51bf53f6",

          -      "principalName": "dudley@wardazureward.onmicrosoft.com",

          -      "roleDefinitionId": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",

          +      "principalId": "",

          +      "principalName": "dudley@onmicrosoft.com",

          +      "roleDefinitionId": "/subscriptions/providers/Microsoft.Authorization/roleDefinitions/",

                 "roleDefinitionName": "Contributor",

          -      "scope": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5"

          +      "scope": "/subscriptions/"

               },

               "type": "Microsoft.Authorization/roleAssignments"

             }

           ]

           ```

          -your current role is under {{"properties": "roleDefinitionName":}}

          +your current role is under `"properties": "roleDefinitionName":`

           ## show all resources in your subscription

           ```

          @@ -157,13 +133,13 @@ az group list --output table

           ## deploy a kubernetes cluster

          -we add the {{aks}} option to manage azure kubernetes services. Currently aks is only available in west europe

          +we add the `aks` option to manage azure kubernetes services. Currently aks is only available in west europe

           ```

           az group create --name D-K8S-RGRP --location westeurope

           az aks create --name D-K8S-KCLU --resource-group D-K8S-RGRP --generate-ssh-keys

           az aks get-credentials --name D-K8S-KCLU --resource-group D-K8S-RGRP

           az aks browse --name D-K8S-KCLU --resource-group D-K8S-RGRP

          -az aks show --resource-group dudley-container-demo-rg --name dudley-container-demo-clu --query "servicePrincipalProfile.clientId" --output tsv

          +az aks show --resource-group pyratebeard-container-demo-rg --name pyratebeard-container-demo-clu --query "servicePrincipalProfile.clientId" --output tsv

           ```

           ## deploy webapp and enable for webhooks

          @@ -177,7 +153,7 @@ az webapp deployment container show-cd-url -n D-TST-APP-SRV -g D-TST-APP-RG

           run script tool on VMs (under 'Operation')

          -## create vpn - [ref1][]

          +## create vpn - [fortinet_cookbook][]

           * virtual network

           * virtual network gateway

           * local network gateway

          @@ -189,8 +165,9 @@ run script tool on VMs (under 'Operation')

           * connect through gateway to website (using peering?)

          -[auto tagging][]

          +[auto_tagging][]

          -## ref

          -[ref1]: https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-54/

          -[auto tagging]: https://gallery.technet.microsoft.com/scriptcenter/Automatically-Azure-fc5f1443

          +[centos]: https://www.centos.org/

          +[fortinet_cookbook]: https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-54/

          +[auto_tagging]: https://gallery.technet.microsoft.com/scriptcenter/Automatically-Azure-fc5f1443

          +[docs]: https://docs.microsoft.com/en-gb/cli/azure/get-started-with-azure-cli?view=azure-cli-latest

...	...	@@ -1,21 +1,11 @@
1	1	# azure
2		-[aries](https://aries.ward.ie/x/YgFk)
3	2
4		-## toc
5		-
6		-
7		-## ward accounts (keepass)
8		- * dudley@wardazureward.onmicrosoft.com
9		- - non-prod (uat/dev)
10		- * dburrows@warddemo.onmicrosoft.com
11		- - prod
12		-
13		-## personal accounts
	3	+## accounts
14	4	* blahthing@icloud.com
15	5	* dudleyburrows@ward.ie
16	6
17	7	## az cli
18		-[docs](https://docs.microsoft.com/en-gb/cli/azure/get-started-with-azure-cli?view=azure-cli-latest)
	8	+[docs][]
19	9
20	10	### useful cmds
21	11	- show list of resource groups
...	...	@@ -27,26 +17,12 @@
27	17	az resource list -g <group_name> --output table
28	18	```
29	19
30		-
31		-create an Ubuntu vm called PP-WRD-TEST01 in the group P-WRD-RGRP on the PP-WRD-VNET vnet with no additional network security group, using username dburrows and public key for ssh
32		-```
33		-az vm create -g P-WRD-RGRP -n PP-WRD-TEST01 \
34		---vnet-name PP-WRG-VNET \
35		---nsg "" \
36		---image UbuntuLTS \
37		---ssh-key-value .ssh/dburrows.pub \
38		---admin-username dburrows
39		-```
40		-
41		-create debian machine with no private ip and in subnet
	20	+create debian machine with no public ip and in prebuilt subnet, with tags
42	21	```
43		-az vm create -g P-WRD-WIKI-RGRP -n P-WRD-WIKI-VM01 --vnet-name P-WRD-WIKI-VNET --nsg "" --image Debian --ssh-key-value .ssh/dburrows.pub --admin-username dburrows --tags created-by=dburrows --public-ip-address "" --subnet P-WRD-WIKI-SUBN
	22	+az vm create -g my-resource-group -n my-debian-vm --vnet-name my-vnet --nsg "" --image Debian --ssh-key-value .ssh/id_rsa.pub --admin-username pyratebeard --tags created-by=pyratebeard --public-ip-address "" --subnet my-subnet
44	23	```
45	24
46		-
47		-
48		-
49		-install the azure cli command `{{az}}` by running the following
	25	+install the azure cli command `az` by running the following
50	26	```
51	27	curl -L https://aka.ms/InstallAzureCLI \| bash
52	28	```
...	...	@@ -63,7 +39,7 @@ az logout
63	39
64	40	then run the login command again.
65	41
66		-all the following steps _can_ be run from the portal cli as well as your local machine once you have installed {{az}}.
	42	+all the following steps _can_ be run from the portal cli as well as your local machine once you have installed `az`.
67	43
68	44	### changing subscriptions
69	45
...	...	@@ -79,7 +55,7 @@ az account show
79	55
80	56	then to change subscriptions run
81	57	```
82		-az account set --subscription "Ward MS Partner Account"
	58	+az account set --subscription "My Other Subscription"
83	59	```
84	60
85	61	### show vm images
...	...	@@ -89,7 +65,7 @@ az image list
89	65
90	66	### getting started
91	67
92		-here is a quick run through of spinning up a [centos](https://www.centos.org/) virtual machine
	68	+here is a quick run through of spinning up a [centos][] virtual machine
93	69
94	70	- create resource group
95	71	```
...	...	@@ -101,14 +77,14 @@ here is a quick run through of spinning up a [centos](https://www.centos.org/) v
101	77	```
102	78	- create a network rule in an existing security group
103	79	```
104		- az network nsg rule create --resource-group D-TST-RGRP --nsg-name D-TST-NSGP --name allow-ward --description "Allow all traffic from Ward public range" --access Allow --protocol Tcp --direction Inbound --priority 102 --source-address-prefix "93.94.119.240/28" --source-port-range "" --destination-address-prefix "" --destination-port-range "*"
	80	+ az network nsg rule create --resource-group D-TST-RGRP --nsg-name D-TST-NSGP --name allow-access --description "Allow all traffic from my public range" --access Allow --protocol Tcp --direction Inbound --priority 102 --source-address-prefix "97.108.19.240/28" --source-port-range "" --destination-address-prefix "" --destination-port-range "*"
105	81	```
106	82	- create a virtual machine
107	83	```
108	84	az vm create -g D-TST-RGRP -n D-TST-LAPP01 --image CentOS --generate-ssh-keys
109	85	```
110	86
111		-once the VM is successfully created it will output some json. make note of the "publicIpAddress" value, and use this to {{ssh}} to the server.
	87	+once the VM is successfully created it will output some json. make note of the "publicIpAddress" value, and use this to `ssh` to the server.
112	88
113	89	## advanced tools
114	90
...	...	@@ -119,36 +95,36 @@ you can check your current role with the cli. first you need to make a note of t
119	95	az account show
120	96	{
121	97	"environmentName": "AzureCloud",
122		- "id": "b1447c5c-db40-4a01-9fc3-d56a740047b5",
	98	+ "id": "",
123	99	"isDefault": true,
124		- "name": "Ward MS Partner Account",
	100	+ "name": "My Subscription",
125	101	"state": "Enabled",
126		- "tenantId": "89252e5d-2862-422f-8279-7d0a49e32e6a",
	102	+ "tenantId": "",
127	103	"user": {
128		- "name": "dudley@wardazureward.onmicrosoft.com",
	104	+ "name": "dudley@onmicrosoft.com",
129	105	"type": "user"
130	106	}
131	107	}
132	108	```
133		-copy the value from {{"user": "name":}}, then run the following replacing {{<value>}} with the username (usually an email address)
	109	+copy the value from `"user": "name":`, then run the following replacing `<value>` with the username (usually an email address)
134	110	```
135	111	az role assignment list --assignee <value>
136	112	[
137	113	{
138		- "id": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5/providers/Microsoft.Authorization/roleAssignments/85f38488-d3f3-423b-afb7-77d8cadddd32",
139		- "name": "85f38488-d3f3-423b-afb7-77d8cadddd32",
	114	+ "id": "/subscriptions/providers/Microsoft.Authorization/roleAssignments/",
	115	+ "name": "",
140	116	"properties": {
141		- "principalId": "5ad99088-9605-4a83-843c-71bc51bf53f6",
142		- "principalName": "dudley@wardazureward.onmicrosoft.com",
143		- "roleDefinitionId": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
	117	+ "principalId": "",
	118	+ "principalName": "dudley@onmicrosoft.com",
	119	+ "roleDefinitionId": "/subscriptions/providers/Microsoft.Authorization/roleDefinitions/",
144	120	"roleDefinitionName": "Contributor",
145		- "scope": "/subscriptions/b1447c5c-db40-4a01-9fc3-d56a740047b5"
	121	+ "scope": "/subscriptions/"
146	122	},
147	123	"type": "Microsoft.Authorization/roleAssignments"
148	124	}
149	125	]
150	126	```
151		-your current role is under {{"properties": "roleDefinitionName":}}
	127	+your current role is under `"properties": "roleDefinitionName":`
152	128
153	129	## show all resources in your subscription
154	130	```
...	...	@@ -157,13 +133,13 @@ az group list --output table
157	133
158	134	## deploy a kubernetes cluster
159	135
160		-we add the {{aks}} option to manage azure kubernetes services. Currently aks is only available in west europe
	136	+we add the `aks` option to manage azure kubernetes services. Currently aks is only available in west europe
161	137	```
162	138	az group create --name D-K8S-RGRP --location westeurope
163	139	az aks create --name D-K8S-KCLU --resource-group D-K8S-RGRP --generate-ssh-keys
164	140	az aks get-credentials --name D-K8S-KCLU --resource-group D-K8S-RGRP
165	141	az aks browse --name D-K8S-KCLU --resource-group D-K8S-RGRP
166		-az aks show --resource-group dudley-container-demo-rg --name dudley-container-demo-clu --query "servicePrincipalProfile.clientId" --output tsv
	142	+az aks show --resource-group pyratebeard-container-demo-rg --name pyratebeard-container-demo-clu --query "servicePrincipalProfile.clientId" --output tsv
167	143	```
168	144
169	145	## deploy webapp and enable for webhooks
...	...	@@ -177,7 +153,7 @@ az webapp deployment container show-cd-url -n D-TST-APP-SRV -g D-TST-APP-RG
177	153
178	154	run script tool on VMs (under 'Operation')
179	155
180		-## create vpn - [ref1][]
	156	+## create vpn - [fortinet_cookbook][]
181	157	* virtual network
182	158	* virtual network gateway
183	159	* local network gateway
...	...	@@ -189,8 +165,9 @@ run script tool on VMs (under 'Operation')
189	165	* connect through gateway to website (using peering?)
190	166
191	167
192		-[auto tagging][]
	168	+[auto_tagging][]
193	169
194		-## ref
195		-[ref1]: https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-54/
196		-[auto tagging]: https://gallery.technet.microsoft.com/scriptcenter/Automatically-Azure-fc5f1443
	170	+[centos]: https://www.centos.org/
	171	+[fortinet_cookbook]: https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-54/
	172	+[auto_tagging]: https://gallery.technet.microsoft.com/scriptcenter/Automatically-Azure-fc5f1443
	173	+[docs]: https://docs.microsoft.com/en-gb/cli/azure/get-started-with-azure-cli?view=azure-cli-latest