Automating the Azure infrastructure using a command-line interface
Clockwork
Microsoft Azure [1] is increasingly merging with local infrastructures, whether for testing purposes or to allow for expansion of the production environment. For administrators, merging the cloud with local resources means great flexibility and many opportunities – but also the challenge of automating routine tasks to include cloud support. Fortunately, Microsoft has thought about the administrator's daily worries and has provided some useful automation tools.
Although the Azure environment includes GUI-based portals (see the "Choose your Portal" box), if you're serious about automation, you'll eventually want to integrate the cloud environment with custom scripts, which will require some knowledge of Azure's command-line interfaces (CLIs).
Microsoft mostly uses Windows PowerShell for its automation examples, but the Azure environment also provides a command-line interface that will work on Windows, Mac OS, and Linux systems.
At the Command Line
The CLI plays a focal role in automating tasks in Azure. Microsoft offers installation packages for Windows, OS X, and Linux.
In this case, I will try out the Azure CLI using a Mac. After you have downloaded the installation package from the Azure Portal [3], the intuitive setup is performed straight away – assuming you have the rights to manage the Mac. In the Terminal window, first open a connection to your Azure subscription.
You'll need to provide your credentials. Enter the azure download command, which opens the browser of your choice to save a file with the logon data from Azure, along with a management certificate. Store this file in a safe place or preferably delete it, after you are done importing it with the following command:
azure account import filename
An alternative way to provide your credentials is to log in interactively to Azure. For more information, see the Azure documentation center [4].
For an overview of commands, type azure help (Figure 1). The list of commands depends on which deployment model you are using. When you display the list of commands, you will see which model is currently is use (Current Mode). If you are using the traditional deployment model (Service Management), you can switch to the Resource Manager with the azure config set mode arm command. If you output the list of commands again, it now looks very different.
Activities always begin with the azure keyword, followed by the command and the option. The command structure is always the same, and administrators will quickly become accustomed to it. In case of questions on syntax, the -h parameter for each command provides details. For example, if you want to know what options the command for managing virtual machines (VMs) offers, the command azure vm-h will help. The following command
azure vm create -h
gives you more information on the procedure for creating a VM.
Resource groups are very helpful for management and can be created quickly using the CLI. You can collectively perform administrative activities for a group, such as shutting down all the computers in the group. If the resource group is deleted later on, all the objects in the group conveniently disappear. If you create multiple VMs and do not specify a resource group, the runtime might create a separate group for each VM, which makes it difficult to manage the servers later on.
Creating New Objects
I am still at the command line on the Mac. Use the following command to create a new resource group:
> azure group create ita-resgroup westeurope
Note that this command (Figure 2) is based on the Resource Manager model. If the Terminal responds to the command with a statement that group is not an azure command, you may not be using the Resource Manager mode and might need to change.
There are several ways to create virtual servers. For example, azure vm quick-create is useful for quickly creating a computer. The complete command looks like the following:
> azure vm quick-create -g ita-resgroup -n ita-server2016 -l westeurope -Q microsoftwindowsserver:WindowsServer:2016-Technical-Preview-with-Containers:2016.0.20151118 -y Windows -u klaus -p Passw0rd!
No matter how you create a server in Azure, with one of the CLIs, the PowerShell, or in the portal, you must always specify an underlying image. The following command generates a list of all images by the publisher MicrosoftWindowsServer:
> azure vm image list westeurope microsoftwindowsserver
Use the clipboard to take the name of the image from the Urn column, and paste it in azure vm quick-create after the -Q parameter. For a more specific setup command, use azure vm create, which offers more parameters.
Using Azure PowerShell
The CLIs are great for managing Azure services on Linux or Mac platforms. If you work exclusively on a Windows PC, PowerShell will be your interface of choice. You can download the Azure PowerShell package from the Azure website [5], and the installation is easy. Newcomers (and more advanced users) will find the reference in the documentation center a useful resource for tips on using cmdlets.
The cmdlets for the resource manager come with their own modules. Switching between the traditional deployment model and the resource manager model is no longer necessary in Azure PowerShell version 1.0, because separate cmdlets exist for activities related to the resource manager. These commands use the notation "Verb-AzureRm." If you want to shut down the server you just created on the Mac, for example, the cmdlet is as follows:
> Stop-AzureRmVM -ResourceGroupName "ita-resgroup" -Name "ita-srv2016" -force
JSON Templates
Imagine you repeatedly need to provide a network configuration to a specific environment, consisting of a domain controller, a SQL server, and web servers. You could create sophisticated scripts with the help of either the CLI or PowerShell to set up environment.
The Resource Manager provides a means for using templates to define all the parameters for configuring the target environment (Figure 3). The templates are Java Script Object Notation (JSON). Because JSON is a standard, you do not need to use a specific tool. Instead the JSON files can be edited and transported with the various utilities depending on the task. You could edit JSON files with Visual Studio or even a plain old text editor, although a text editor is not likely to be suitable in everyday practice because JSON files are quite extensive and not at all forgiving of syntax errors.
Another easy tool for working with templates is the Azure Resource Manager Template Visualizer (Armviz – Figure 4). You will find the Armviz project on Github [6], along with a video tutorial to get you started.
Armviz provides "Quick Start Templates" to help you create a configuration. Browsing and learning is pretty easy given the number of templates. The other buttons should be largely self-explanatory. Click Open existing template to read a JSON file on the administrator's PC and display the file graphically for editing.
The Edit parameter definitions command lets you define variables that are queried and filled when processing a JSON file. In this way, for example, you can prompt for passwords to admin accounts and thus avoid storing them in plain text in JSON files. Things get very exciting when you double-click on one of the icons in the workspace. You can edit the object; of course, everything is in JSON syntax and there is an option for checking your input directly for correct notation. You will find a rich collection of JSON templates in the Azure Documentation Center [7]. In the menubar at the top, look for Resources and then go to Templates, where you will find many examples waiting for download. Once you are finished with the design of the template and want to implement it in Azure, you have several options depending on your system and command interface. For instance, at the Mac command line, enter the following:
> azure group deployment create ita-resgroup ita-deployment -f /users/klaus/jsonfiles/Testlab.json
See the Microsoft documentation for a discussion of how to apply a template using PowerShell [8]. For an environment consisting of a domain controller, SQL Server, a web server, and a member server, deployment takes about 20 minutes, and if you're using a proven JSON template, you have the assurance that the deployment will be correct.
Automation Needed
If you are working on automating tasks in Azure, there is no escape from the Azure Automation service. You need an Automation account, which is part of your Azure subscription, and you can then perform actions on a defined set of servers using what are known as runbooks. Runbooks are based on PowerShell and can include anything from simple tasks, such as starting servers, to arbitrarily complex scenarios. You have the possibility to create new runbooks or select runbooks from the catalog to suit your needs.
PowerShell Desired State Configuration (DSC) may be a familiar term to most administrators. You can use DSC to configure the desired state for specific targets. Incorporating DSC into Azure Automation gives you additional punching power. Technical articles on the topic of automation [9] are available with many details.
Azure Automation is not limited to machines in Azure; even on-premise servers can include this type of automation. Like Azure Active Directory, Azure Automation is one of those services that is free of charge up to a certain usage limit, and then available for a fee after that. Given a job execution time of less than 500 minutes and less than five nodes for DSC, you are still in the free zone. Even if you need more, the costs are still manageable: At around EUR5 (~$5) per month for the use of unlimited nodes in DSC and EUR0.00017 per minute for order execution, the costs are bearable if you compare the benefits.
Shutting Down Servers Correctly
Every minute you run a VM on Azure costs money. What often causes surprises is the fact that servers that are shut down are still billed if you forget to deallocate the storage. If you shut down a server with the following CLI command
> azure vm stop -n ita-srv2016 -g ita-resgroup
it may no longer be running, but its storage allocation in Azure is maintained and is still billed against your subscription. It takes the following command
> azure vm deallocate -n ita-srv2016 -g ita-resgroup
to free up the allocated resources and stop the cost clock from ticking. The same applies if you are logged on to a server via RDP and then shut it down. The memory is not released. A final look at the portal is worthwhile to check the status of the VMs or preferably run a script to shut down all servers.
Conclusion
Managing a successful Azure infrastructure exclusively through the GUI portals is impossible. The options and the opportunities are too many, and you'll eventually need to deal with the topic of automation. The tool you choose for managing automation in Azure will depend upon the scenario and your personal preferences. Fortunately there is something out there for everyone. You can put together your own toolbox, including scripts from Azure Automation, templates for Resource Manager, and other elements.
The techniques shown in this article just scratch the surface of the available options and are intended to help you develop your own ideas. If you open a free Azure account for testing purposes, not much can go wrong, and changing scripts from one subscription to another is also very easy. If you're looking for additional information on automation, check out Microsoft's Channel 9 [10], where you'll find a treasure trove with videos on all topics. A search for "Azure Automation," for example, will reveal pages full of results. The Microsoft Virtual Academy [11] is another good source with a broad spectrum of training for Azure.