AZURE-CLI

De Wiki Clusterlab.com.br
Revisão de 20h56min de 8 de maio de 2020 por Damato (discussão | contribs) (→‎example)
Ir para navegação Ir para pesquisar

Manage Orphans Resources

Get Orphans Disks

az disk list --query "[?managedBy==null].[name,id]" -o table

Delete Orphans Disks

az disk list --query "[?managedBy==null]|[].id" -o table |grep ^\/|xargs -i echo az disk delete --ids {} -y

Remove the "echo" command to execute the action of delete

Get Orphans NetworkDevices

az network nic list --query "[?virtualMachine==null].[name,id]" -o table

Delete Orphans NetworkDevices

az network nic list --query "[?virtualMachine==null].id" -o table| grep ^\/ | xargs -i echo az network nic delete --ids {}

Remove the "echo" command to execute the action of delete

List Storage Container

az storage container list  --query "[].name" -o table

Remove Storage Container

az storage container list  --query "[].name" -o table |xargs -i echo az storage container delete  -n {} --fail-not-exist

Get VirtualMachine With Boot Diagnostics enabled

az vm list --query "[?diagnosticsProfile.bootDiagnostics!=null].[name,id,vmId,diagnosticsProfile.bootDiagnostics.storageUri]" -o table

Disable VirtualMachine Boot Diagnostics

az vm list --query "[?diagnosticsProfile.bootDiagnostics!=null].id" -o table | grep ^\/ | xargs -i echo az vm boot-diagnostics disable --ids {}

RBAC

Create Service Principal

az ad sp create-for-rbac --role="Contributor" --name "<name>" --scopes="/subscriptions/SUBSCRIPTION_ID"

Roles

  • Listing Roles
az role definition list --query "[].[roleName]" -o tsv
  • Listar Grupos
az ad group list
  • Listar App Keys
az ad sp list

azure role list --json | jq
azure role list --json | jq '.[] | {"Name", "Description"}'
az role definition list| jq '.[]|{"properties"}'| jq '.[]|{"roleName"}' > roles.json
  • Exibindo propriedades de uma role:
azure role show "Role_Name" --json | jq
  • Listar Resource Groups
az group list
  • Listar Roles de um resource group
azure role assignment list --resource-group "imagens-comum" --json | jq
  • Listando permissões de um usuário, inclusive herdadas por um grupo
azure role assignment list --expandPrincipalGroups --signInName usuario@dominio --json
  • Criar uma Role
azure role create --inputfile NS_CriarImagens.json
    • Criar uma role com AZ CLI
az role definition create --role-definition @stopstart.json

stopstart.json 

{
	"Name": "StopStartVm",
	"Description": "Can read, stop, start, restart and deallocate vm",
	"Actions": [
		"Microsoft.Compute/virtualMachines/start/action",
		"Microsoft.Compute/virtualMachines/restart/action",
		"Microsoft.Compute/virtualMachines/deallocate/action",
		"Microsoft.Compute/virtualMachines/*/read",
		"*/read"
  ],
  "AssignableScopes": ["/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
        }

NS_CriarImagens.json 

  {
    "Name": "CriarImagens",
    "Actions": [
      "Microsoft.Compute/images/*"
    ],
    "NotActions": [],
    "AssignableScopes": [
      "/subscriptions/0000000000000000000000000000"
    ],
    "Description": "Permite gerenciar imagens de VirtualMachines.",
    "IsCustom": "true"
  }
  • Alterar uma role
azure role set --inputfile <file path>
  • Adicionar uma Role em um Resource Group para um grupo de usuários
azure role assignment create \
--objectId <id do grupo de usuário> \
--roleName "<nome da role>" \
--resource-group "<nome do resource Group>"

az role assignment create  \
--assignee <ID/nome do grupo> \
--role <nome da role> \
--resource-group <nome do resource group>

Virtual Machine images

List Images

List images from a subscription

az image  list  --query "[].[location,name,resourceGroup]" -o tsv | column -t

List images from marketplace

  • Listing publisher:
az vm  image list-publishers --location brazilsouth --query "[].[name]" -o tsv
  • Listing images from publisher:
az vm image list-offers -l brazilsouth -p MicrosoftRServer
  • List SKU image:
az vm image list-skus -l brazilsouth -p MicrosoftRServer -f RServer-WS2016 --query "[].[name,id]" -o tsv

Resource Groups

Listing Resoruce Grops

az group list  --query "[].[name,location]" -o tsv | column -t| sort -k1

example

#Variables declaration
export AZURE_STORAGE_ACCESS_KEY=
export AZURE_STORAGE_ACCOUNT=
export AZ_VMNAME=machine
export AZ_RG=test
export AZ_REGION=eastus2
export AZ_DISTYPE=Standard_LRS
export AZ_SUBSCRIPTION=
export AZ_VNET=virtual-us
export AZ_SUBNET=subnet01
export AZ_CONTAINER=upload
export AZ_STOACCOUNT=stor01
export AZ_VMSIZE=Standard_D3_v2 

function UPLOAD_VHD() {
	az storage blob upload \
		--container-name $AZ_CONTAINER \
		--file $AZ_VMNAME.vhd \
		--name $AZ_VMNAME.vhd  \
		--account-name $AZ_STOACCOUNT \
		--max-connections 16
}

function CREATE_NIC() {
	az network nic create \
		--resource-group $AZ_RG \
		--name $AZ_VMNAME-nic \
		--subnet $AZ_SUBNET \
		--vnet-name $AZ_VNET
}
function BLOB_LIST() {
	az storage blob list \
		--account-name $AZ_STOACCOUNT \
		--container-name $AZ_CONTAINER \
		-o table |\
			grep -i ned | \
			awk '{print $1}' | \
			while read valor
			do  
				echo az disk create \
					--resource-group $AZ_RG 
					-n $(echo $valor | awk -F . '{print $1}') 
					--source https://$AZ_STOACCOUNT.blob.core.windows.net/$AZ_CONTAINER/$valor 
					--sku $AZ_DISTYPE
			done
}
function CREATE_DISK() {
	az disk create \
		--resource-group $AZ_RG \
		-n $AZ_VMNAME \
		--source https://$AZ_STOACCOUNT.blob.core.windows.net/$AZ_CONTAINER/$AZ_VMNAME.vhd \
		--sku $AZ_DISTYPE
}
function CREATE_VM() {
	az vm create \
		--name $AZ_VMNAME \
		--resource-group $AZ_RG \
		--attach-os-disk $AZ_VMNAME \
		--attach-data-disks $AZ_VMNAME-asm01 $AZ_VMNAME-asm02  \
		--nics $AZ_VMNAME-nic \
		--location $AZ_REGION \
		--os-type linux \
		--size $AZ_VMSIZE 
}

function CREATE_DISK_AND_ATTACH() {
	seq 1 9 | while read serial
		do
			az disk create \
			--resource-group $AZ_RG \
			--name $AZ_VMNAME-asm0$serial \
			--sku $AZ_DISTYPE \
			--size-gb 1023
			rc=$?
			if [ $rc -eq 0 ] 
			then
				az vm disk attach \
				--disk $AZ_VMNAME-asm0$serial \
				--resource-group $AZ_RG \
				--vm-name $AZ_VMNAME \
				--lun $serial
			fi
		done
}

#https://blogs.msdn.microsoft.com/nicole_welch/2017/09/moving-files-between-azure-storage-and-rhel/
#
##MOVE virtual machines IMAGES BETWEEN REGIONS
#
#Criar Snapshot
az snapshot create --resource-group $AZ_RG --name $snapshotName --location $AZ_REGION --source $SNAPSHOTDISKNAME
#Gerar URL do snapshot
export sas=$(az snapshot grant-access --resource-group $AZ_RG --name $snapshotName --duration-in-seconds 7200 --query [accessSas] -o tsv)
#Copiar snapshot para storage account
az storage blob copy start --destination-blob $destinationVHDFileName --destination-container $storageContainerName --account-name $storageAccountName --account-key $storageAccountKey --source-uri $sas
#Ver status da copia
az storage blob show --container-name $storageContainerName -n $destinationVHDFileName --account-name $storageAccountName --account-key $storageAccountKey --query "properties.copy.status"
#criar snapshot
az snapshot create --resource-group common-images --name $SNAPSHOTDISKNAME --location eastus2 --source https://XXXXXXX.blob.core.windows.net/XXXXXXXXXX/$SNAPSHOTDISKNAME
#Criar image from snapshot
az image create --resource-group common-images --name $SNAPSHOTDISKNAME --source /subscriptions/XXXXXXXXXXXXXXXXXXXXXX/resourceGroups/XXXXXXX/providers/Microsoft.Compute/snapshots/$SNAPSHOTDISKNAME --os-type linux --location eastus2
Disponível em “https://wiki.clusterlab.com.br/index.php?title=AZURE-CLI&oldid=882