AZURE-CLI: mudanças entre as edições

De Wiki Clusterlab.com.br
Ir para navegação Ir para pesquisar
(Sem diferença)

Edição das 16h06min de 13 de dezembro de 2018

Manage Orphans Resources

Get Orphans Disks

az disk list --query "[?managedBy==null].[name,id]" -o table

Delete Orphans Disks

az disk list --query "[?managedBy==null]|[].id" -o table |grep ^\/|xargs -i echo az disk delete --ids {} -y

Remove the "echo" command to execute the action of delete

Get Orphans NetworkDevices

az network nic list --query "[?virtualMachine==null].[name,id]" -o table

Delete Orphans NetworkDevices

az network nic list --query "[?virtualMachine==null].id" -o table| grep ^\/ | xargs -i echo az network nic delete --ids {}

Remove the "echo" command to execute the action of delete

List Storage Container

az storage container list  --query "[].name" -o table

Remove Storage Container

az storage container list  --query "[].name" -o table |xargs -i echo az storage container delete  -n {} --fail-not-exist

Get VirtualMachine With Boot Diagnostics enabled

az vm list --query "[?diagnosticsProfile.bootDiagnostics!=null].[name,id,vmId,diagnosticsProfile.bootDiagnostics.storageUri]" -o table

Disable VirtualMachine Boot Diagnostics

az vm list --query "[?diagnosticsProfile.bootDiagnostics!=null].id" -o table | grep ^\/ | xargs -i echo az vm boot-diagnostics disable --ids {}

RBAC

App Key

Criar app key para Terraform 

az ad sp create-for-rbac --role="Contributor" --name "<name>" --scopes="/subscriptions/SUBSCRIPTION_ID"

Roles

  • Listing Roles
az role definition list --query "[].[roleName]" -o tsv
  • Listar Grupos
az ad group list
  • Listar App Keys
az ad sp list

azure role list --json | jq
azure role list --json | jq '.[] | {"Name", "Description"}'
az role definition list| jq '.[]|{"properties"}'| jq '.[]|{"roleName"}' > roles.json
  • Exibindo propriedades de uma role:
azure role show "Role_Name" --json | jq
  • Listar Resource Groups
az group list
  • Listar Roles de um resource group
azure role assignment list --resource-group "imagens-comum" --json | jq
  • Listando permissões de um usuário, inclusive herdadas por um grupo
azure role assignment list --expandPrincipalGroups --signInName usuario@dominio --json
  • Criar uma Role
azure role create --inputfile NS_CriarImagens.json
    • Criar uma role com AZ CLI
az role definition create --role-definition @stopstart.json

stopstart.json 

{
	"Name": "StopStartVm",
	"Description": "Can read, stop, start, restart and deallocate vm",
	"Actions": [
		"Microsoft.Compute/virtualMachines/start/action",
		"Microsoft.Compute/virtualMachines/restart/action",
		"Microsoft.Compute/virtualMachines/deallocate/action",
		"Microsoft.Compute/virtualMachines/*/read",
		"*/read"
  ],
  "AssignableScopes": ["/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
        }

NS_CriarImagens.json 

  {
    "Name": "CriarImagens",
    "Actions": [
      "Microsoft.Compute/images/*"
    ],
    "NotActions": [],
    "AssignableScopes": [
      "/subscriptions/0000000000000000000000000000"
    ],
    "Description": "Permite gerenciar imagens de VirtualMachines.",
    "IsCustom": "true"
  }
  • Alterar uma role
azure role set --inputfile <file path>
  • Adicionar uma Role em um Resource Group para um grupo de usuários
azure role assignment create \
--objectId <id do grupo de usuário> \
--roleName "<nome da role>" \
--resource-group "<nome do resource Group>"

az role assignment create  \
--assignee <ID/nome do grupo> \
--role <nome da role> \
--resource-group <nome do resource group>

Virtual Machine images

List Images

List images from a subscription

az image  list  --query "[].[location,name,resourceGroup]" -o tsv | column -t

List images from marketplace

  • Listing publisher:
az vm  image list-publishers --location brazilsouth --query "[].[name]" -o tsv
  • Listing images from publisher:
az vm image list-offers -l brazilsouth -p MicrosoftRServer
  • List SKU image:
az vm image list-skus -l brazilsouth -p MicrosoftRServer -f RServer-WS2016 --query "[].[name,id]" -o tsv

Resource Groups

Listing Resoruce Grops

az group list  --query "[].[name,location]" -o tsv | column -t| sort -k1

example

#Variables declaration
export AZURE_STORAGE_ACCESS_KEY=
export AZURE_STORAGE_ACCOUNT=
export AZ_VMNAME=machine
export AZ_RG=test
export AZ_REGION=eastus2
export AZ_DISTYPE=Standard_LRS
export AZ_SUBSCRIPTION=
export AZ_VNET=virtual-us
export AZ_SUBNET=subnet01
export AZ_CONTAINER=upload
export AZ_STOACCOUNT=stor01
export AZ_VMSIZE=Standard_D3_v2 

function UPLOAD_VHD() {
	az storage blob upload \
		--container-name $AZ_CONTAINER \
		--file $AZ_VMNAME.vhd \
		--name $AZ_VMNAME.vhd  \
		--account-name $AZ_STOACCOUNT \
		--max-connections 16
}

function CREATE_NIC() {
	az network nic create \
		--resource-group $AZ_RG \
		--name $AZ_VMNAME-nic \
		--subnet $AZ_SUBNET \
		--vnet-name $AZ_VNET
}
function BLOB_LIST() {
	az storage blob list \
		--account-name $AZ_STOACCOUNT \
		--container-name $AZ_CONTAINER \
		-o table |\
			grep -i ned | \
			awk '{print $1}' | \
			while read valor
			do  
				echo az disk create \
					--resource-group $AZ_RG 
					-n $(echo $valor | awk -F . '{print $1}') 
					--source https://$AZ_STOACCOUNT.blob.core.windows.net/$AZ_CONTAINER/$valor 
					--sku $AZ_DISTYPE
			done
}
function CREATE_DISK() {
	az disk create \
		--resource-group $AZ_RG \
		-n $AZ_VMNAME \
		--source https://$AZ_STOACCOUNT.blob.core.windows.net/$AZ_CONTAINER/$AZ_VMNAME.vhd \
		--sku $AZ_DISTYPE
}
function CREATE_VM() {
	az vm create \
		--name $AZ_VMNAME \
		--resource-group $AZ_RG \
		--attach-os-disk $AZ_VMNAME \
		--attach-data-disks $AZ_VMNAME-asm01 $AZ_VMNAME-asm02  \
		--nics $AZ_VMNAME-nic \
		--location $AZ_REGION \
		--os-type linux \
		--size $AZ_VMSIZE 
}

function CREATE_DISK_AND_ATTACH() {
	seq 1 9 | while read serial
		do
			az disk create \
			--resource-group $AZ_RG \
			--name $AZ_VMNAME-asm0$serial \
			--sku $AZ_DISTYPE \
			--size-gb 1023
			rc=$?
			if [ $rc -eq 0 ] 
			then
				az vm disk attach \
				--disk $AZ_VMNAME-asm0$serial \
				--resource-group $AZ_RG \
				--vm-name $AZ_VMNAME \
				--lun $serial
			fi
		done
}

#https://blogs.msdn.microsoft.com/nicole_welch/2017/09/moving-files-between-azure-storage-and-rhel/
#
##MOVE virtual machines IMAGES BETWEEN REGIONS
#
#Criar Snapshot
az snapshot create --resource-group $AZ_RG --name $snapshotName --location $AZ_REGION --source $SNAPSHOTDISKNAME
#Gerar URL do snapshot
export sas=$(az snapshot grant-access --resource-group $AZ_RG --name $snapshotName --duration-in-seconds 7200 --query [accessSas] -o tsv)
#Copiar snapshot para storage account
az storage blob copy start --destination-blob $destinationVHDFileName --destination-container $storageContainerName --account-name $storageAccountName --account-key $storageAccountKey --source-uri $sas
#Ver status da copia
az storage blob show --container-name $storageContainerName -n $destinationVHDFileName --account-name $storageAccountName --account-key $storageAccountKey --query "properties.copy.status"
#criar snapshot
az snapshot create --resource-group common-images --name $SNAPSHOTDISKNAME --location eastus2 --source https://XXXXXXX.blob.core.windows.net/XXXXXXXXXX/$SNAPSHOTDISKNAME
#Criar image from snapshot
az image create --resource-group common-images --name $SNAPSHOTDISKNAME --source /subscriptions/XXXXXXXXXXXXXXXXXXXXXX/resourceGroups/XXXXXXX/providers/Microsoft.Compute/snapshots/$SNAPSHOTDISKNAME --os-type linux --location eastus2
Disponível em “https://wiki.clusterlab.com.br/index.php?title=AZURE-CLI&oldid=444