AZURE-CLI: mudanças entre as edições
Ir para navegação
Ir para pesquisar
Linha 258: | Linha 258: | ||
##MOVE virtual machines IMAGES BETWEEN REGIONS | ##MOVE virtual machines IMAGES BETWEEN REGIONS | ||
# | # | ||
# | #!/bin/bash -x | ||
az snapshot create --resource-group $ | |||
# | export RG= | ||
export | export SNAPNAME= | ||
# | export LOCATION=eastus | ||
az storage blob copy start --destination-blob $ | export DISKNAME= | ||
# | export VHDNAME=osdisk.vhd | ||
az storage blob show --container-name $ | export CONTAINER= | ||
export SANAME= | |||
export SAKEY="" | |||
#Create VM disk snapshot | |||
az snapshot create \ | |||
--resource-group $RG \ | |||
--name $SNAPNAME \ | |||
--location $LOCATION \ | |||
--source $DISKNAME | |||
#Export SAS URL from the snapshot | |||
export SAS=$(az snapshot grant-access \ | |||
--resource-group $RG \ | |||
--name $SNAPNAME \ | |||
--duration-in-seconds 7200 --query [accessSas] -o tsv) | |||
#Transfer SAS objet to a storage account | |||
az storage blob copy start \ | |||
--destination-blob $VHDNAME \ | |||
--destination-container $CONTAINER \ | |||
--account-name $SANAME \ | |||
--account-key $SAKEY \ | |||
--source-uri $SAS | |||
#Check operation progress | |||
while true | |||
do | |||
az storage blob show \ | |||
--container-name $CONTAINER \ | |||
-n $VHDNAME \ | |||
--account-name $SANAME \ | |||
--account-key $SAKEY \ | |||
--query "properties.copy.status" | |||
sleep 90 | |||
clear | |||
done | |||
#criar snapshot | #criar snapshot | ||
az snapshot create --resource-group common-images --name $SNAPSHOTDISKNAME --location eastus2 --source https://XXXXXXX.blob.core.windows.net/XXXXXXXXXX/$SNAPSHOTDISKNAME | az snapshot create --resource-group common-images --name $SNAPSHOTDISKNAME --location eastus2 --source https://XXXXXXX.blob.core.windows.net/XXXXXXXXXX/$SNAPSHOTDISKNAME |
Edição das 21h08min de 8 de maio de 2020
Manage Orphans Resources
Get Orphans Disks
az disk list --query "[?managedBy==null].[name,id]" -o table
Delete Orphans Disks
az disk list --query "[?managedBy==null]|[].id" -o table |grep ^\/|xargs -i echo az disk delete --ids {} -y
Remove the "echo" command to execute the action of delete
Get Orphans NetworkDevices
az network nic list --query "[?virtualMachine==null].[name,id]" -o table
Delete Orphans NetworkDevices
az network nic list --query "[?virtualMachine==null].id" -o table| grep ^\/ | xargs -i echo az network nic delete --ids {}
Remove the "echo" command to execute the action of delete
List Storage Container
az storage container list --query "[].name" -o table
Remove Storage Container
az storage container list --query "[].name" -o table |xargs -i echo az storage container delete -n {} --fail-not-exist
Get VirtualMachine With Boot Diagnostics enabled
az vm list --query "[?diagnosticsProfile.bootDiagnostics!=null].[name,id,vmId,diagnosticsProfile.bootDiagnostics.storageUri]" -o table
Disable VirtualMachine Boot Diagnostics
az vm list --query "[?diagnosticsProfile.bootDiagnostics!=null].id" -o table | grep ^\/ | xargs -i echo az vm boot-diagnostics disable --ids {}
RBAC
Create Service Principal
az ad sp create-for-rbac --role="Contributor" --name "<name>" --scopes="/subscriptions/SUBSCRIPTION_ID"
Roles
- role-based-access-built-in-roles
- role-based-access-control-manage-access-powershell
- resource-manager-policy
- Listing Roles
az role definition list --query "[].[roleName]" -o tsv
- Listar Grupos
az ad group list
- Listar App Keys
az ad sp list
azure role list --json | jq azure role list --json | jq '.[] | {"Name", "Description"}' az role definition list| jq '.[]|{"properties"}'| jq '.[]|{"roleName"}' > roles.json
- Exibindo propriedades de uma role:
azure role show "Role_Name" --json | jq
- Listar Resource Groups
az group list
- Listar Roles de um resource group
azure role assignment list --resource-group "imagens-comum" --json | jq
- Listando permissões de um usuário, inclusive herdadas por um grupo
azure role assignment list --expandPrincipalGroups --signInName usuario@dominio --json
- Criar uma Role
azure role create --inputfile NS_CriarImagens.json
- Criar uma role com AZ CLI
az role definition create --role-definition @stopstart.json
stopstart.json
{
"Name": "StopStartVm",
"Description": "Can read, stop, start, restart and deallocate vm",
"Actions": [
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Compute/virtualMachines/*/read",
"*/read"
],
"AssignableScopes": ["/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
}
NS_CriarImagens.json
{
"Name": "CriarImagens",
"Actions": [
"Microsoft.Compute/images/*"
],
"NotActions": [],
"AssignableScopes": [
"/subscriptions/0000000000000000000000000000"
],
"Description": "Permite gerenciar imagens de VirtualMachines.",
"IsCustom": "true"
}
- Alterar uma role
azure role set --inputfile <file path>
- Adicionar uma Role em um Resource Group para um grupo de usuários
azure role assignment create \ --objectId <id do grupo de usuário> \ --roleName "<nome da role>" \ --resource-group "<nome do resource Group>" az role assignment create \ --assignee <ID/nome do grupo> \ --role <nome da role> \ --resource-group <nome do resource group>
Virtual Machine images
List Images
List images from a subscription
az image list --query "[].[location,name,resourceGroup]" -o tsv | column -t
List images from marketplace
- Listing publisher:
az vm image list-publishers --location brazilsouth --query "[].[name]" -o tsv
- Listing images from publisher:
az vm image list-offers -l brazilsouth -p MicrosoftRServer
- List SKU image:
az vm image list-skus -l brazilsouth -p MicrosoftRServer -f RServer-WS2016 --query "[].[name,id]" -o tsv
Resource Groups
Listing Resoruce Grops
az group list --query "[].[name,location]" -o tsv | column -t| sort -k1
example
#Variables declaration
export AZURE_STORAGE_ACCESS_KEY=
export AZURE_STORAGE_ACCOUNT=
export AZ_VMNAME=machine
export AZ_RG=test
export AZ_REGION=eastus2
export AZ_DISTYPE=Standard_LRS
export AZ_SUBSCRIPTION=
export AZ_VNET=virtual-us
export AZ_SUBNET=subnet01
export AZ_CONTAINER=upload
export AZ_STOACCOUNT=stor01
export AZ_VMSIZE=Standard_D3_v2
function UPLOAD_VHD() {
az storage blob upload \
--container-name $AZ_CONTAINER \
--file $AZ_VMNAME.vhd \
--name $AZ_VMNAME.vhd \
--account-name $AZ_STOACCOUNT \
--max-connections 16
}
function CREATE_NIC() {
az network nic create \
--resource-group $AZ_RG \
--name $AZ_VMNAME-nic \
--subnet $AZ_SUBNET \
--vnet-name $AZ_VNET
}
function BLOB_LIST() {
az storage blob list \
--account-name $AZ_STOACCOUNT \
--container-name $AZ_CONTAINER \
-o table |\
grep -i ned | \
awk '{print $1}' | \
while read valor
do
echo az disk create \
--resource-group $AZ_RG
-n $(echo $valor | awk -F . '{print $1}')
--source https://$AZ_STOACCOUNT.blob.core.windows.net/$AZ_CONTAINER/$valor
--sku $AZ_DISTYPE
done
}
function CREATE_DISK() {
az disk create \
--resource-group $AZ_RG \
-n $AZ_VMNAME \
--source https://$AZ_STOACCOUNT.blob.core.windows.net/$AZ_CONTAINER/$AZ_VMNAME.vhd \
--sku $AZ_DISTYPE
}
function CREATE_VM() {
az vm create \
--name $AZ_VMNAME \
--resource-group $AZ_RG \
--attach-os-disk $AZ_VMNAME \
--attach-data-disks $AZ_VMNAME-asm01 $AZ_VMNAME-asm02 \
--nics $AZ_VMNAME-nic \
--location $AZ_REGION \
--os-type linux \
--size $AZ_VMSIZE
}
function CREATE_DISK_AND_ATTACH() {
seq 1 9 | while read serial
do
az disk create \
--resource-group $AZ_RG \
--name $AZ_VMNAME-asm0$serial \
--sku $AZ_DISTYPE \
--size-gb 1023
rc=$?
if [ $rc -eq 0 ]
then
az vm disk attach \
--disk $AZ_VMNAME-asm0$serial \
--resource-group $AZ_RG \
--vm-name $AZ_VMNAME \
--lun $serial
fi
done
}
#https://blogs.msdn.microsoft.com/nicole_welch/2017/09/moving-files-between-azure-storage-and-rhel/
#
##MOVE virtual machines IMAGES BETWEEN REGIONS
#
#!/bin/bash -x
export RG=
export SNAPNAME=
export LOCATION=eastus
export DISKNAME=
export VHDNAME=osdisk.vhd
export CONTAINER=
export SANAME=
export SAKEY=""
#Create VM disk snapshot
az snapshot create \
--resource-group $RG \
--name $SNAPNAME \
--location $LOCATION \
--source $DISKNAME
#Export SAS URL from the snapshot
export SAS=$(az snapshot grant-access \
--resource-group $RG \
--name $SNAPNAME \
--duration-in-seconds 7200 --query [accessSas] -o tsv)
#Transfer SAS objet to a storage account
az storage blob copy start \
--destination-blob $VHDNAME \
--destination-container $CONTAINER \
--account-name $SANAME \
--account-key $SAKEY \
--source-uri $SAS
#Check operation progress
while true
do
az storage blob show \
--container-name $CONTAINER \
-n $VHDNAME \
--account-name $SANAME \
--account-key $SAKEY \
--query "properties.copy.status"
sleep 90
clear
done
#criar snapshot
az snapshot create --resource-group common-images --name $SNAPSHOTDISKNAME --location eastus2 --source https://XXXXXXX.blob.core.windows.net/XXXXXXXXXX/$SNAPSHOTDISKNAME
#Criar image from snapshot
az image create --resource-group common-images --name $SNAPSHOTDISKNAME --source /subscriptions/XXXXXXXXXXXXXXXXXXXXXX/resourceGroups/XXXXXXX/providers/Microsoft.Compute/snapshots/$SNAPSHOTDISKNAME --os-type linux --location eastus2