Azure Disk Encryption + Linux VM = ??

Just a quick script to automate creating a linux VM and excrypting it. Requires you to be logged with proper rights (to create all the things and access KeyVault)

Reference:

https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption

https://github.com/Azure/azure-quickstart-templates/tree/master/201-encrypt-running-linux-vm

Creating a Key Encrypting Key (KEK)

Self Signed Certificate Creation

Explore Azure Disk Encryption with Azure Powershell

Explore Azure Disk Encryption with Azure PowerShell – Part 2

Azure Backup without Powershell aka REST API

Lets say you wanted to manage Azure Backup programmatically, but you are using Azure Cli, or Cli 2, or Python SDK, well, not Powershell, you only resort would be Azure Rest API (sigh). Well let’s use what we can.

Rest Api calls are documented, but pretty poorly.

Lets say you want to delete a VM from protection. Seems easy enough:

Well, only several slight nuances. WTH is fabricname? containername?  Notice how it doesn’t give any hint at ALL how to construct a proper query. Well, turns out you either have to guess, or get a list of protectable items (if you would want to get a single item you would be facing the same challenge).

Conveniently, a list of Protectable items (https://docs.microsoft.com/en-us/rest/api/recoveryservices/protectableitems) has instructions how to query it (not obvious, but if you scroll down to filter you will find those). So after some struggle you come up with this:

I believe those IaasVMContainer;iaasvmcontainerv2; and ,code>VM;iaasvmcontainerv2; are constant if you are working with Azure VM’s that are added to Azure Backup. Which leads you to this:

You can use armclient (to test) to invoke those (or any other way you like, but arm client seems the most legitimate way for testing). After that it is pretty straight forward. Rough Python SDK code to do that:

Add autoscale to VMSS (Virtual Machine Scale Set)

Obviously, you can tweak the rules as you want.

Powershell:

ARM:

Add vm extension to already deployed Virtual Machine Scale Set (VMSS)

Basically, I’m going to show 2 ways of doing that powershell and ARM.

Powershell:

ARM:

Send message to Telegram Channel with Azure Function

Turns out its pretty easy and straight forward:

  1. Create a bot (https://core.telegram.org/bots#6-botfather)
  2. Join it to a chat and get chat id
  3. Send messages 😉

First two are pretty straight forward, I’ve added the link to the Bot creation tutorial, to get the chat ID after you’ve added the bot do this: https://api.telegram.org/bot<YourBOTToken>/getUpdates and look for the chat object in the resulting JSON, it will have a node property, chatid is a negative number.

To work with Bot I’ve created the following Function using C# (you can use anything you want), this function will take http input and send it to Telegram chat, you can create any trigger you like:

My Config for Function:

You would also need to configure CORS, to allow for requests from your site\source and add projects.json (should be in your function directory, refer: https://docs.microsoft.com/en-us/azure/azure-functions/functions-reference#a-idfileupdatea-how-to-update-function-app-files) to install dependency:

Create auto-shutdown policy for an Azure VM with Powershell

Recently Microsoft announced the ability to create auto-shutdown policies for ARM VM’s, but there’s no capacity to automate this, or is there?

Lets create a following hashtable in Powershell:

How to work with ARM Templates without going mad

ARM Templates are meant for automating deployments, for better understanding of the ARM concepts consult this document. I’m writing this under the assumption that you are interested in writing your own ARM templates and got lost at some point.

Obviously consult ARM syntax. And general ARM guidelines. But this shouldn’t be your case. But this document might help you, design patterns for Azure Resource Manager templates when deploying complex solutions.

Basics. Where do I start?

Well, if you are not interested in inventing the wheel again, I’d recommend starting by finding some relevant examples on the web.

There are 3 main sources of ARM Templates:

  1. Github ARM examples repository
  2. Search engine (thou, seldom this does work)
  3. Your own collection of templates (well…)

Once you’ve found something that looks like what you need (or almost looks like that) you can start working on it. If not, try other ways of making your life easier:

  1. “Automation Script” button on the Azure Portal
  2. Look through already deployed templates and export them
  3. Azure Explorer
  4. Azure Automation option

All of these are doing exactly the same, they are giving you a way to export existing resources you have in Azure into ARM Template. So obviously you should have those resources in Azure before you export them, but that is pretty easy to do.

But bear in mind, all of these ways are nowhere near perfect, they cannot export certain things\properties\parameters, so after you’ve exported a template, read through it (or try deploying) and figure out if something is missing from the template.

Working with Azure Explorer is pretty intuitive, so I won’t explain it. It could help you out if you are looking for some specific property that didn’t get exported with “Automation Script”, also looking at already deployed templates could work when “Automation Script” doesn’t.

Azure automation option can be used when you are creating resource in Azure using the portal, when you are about to deploy it, you can notice “Automation option” button near the deploy button.

Azure Automation Options

The thing with “Automation option” most of the time it uses a slightly different template to deploy stuff, which can help you.

How do I fix missing properties? ARM Schemas!

ARM Templates have a JSON schema, and that schema is well defined, I’ve linked the schema definitions repository. You can work your way through the schema to create a Template from scratch, but I doubt any sane person could handle all the humiliation they would have to go through to do that. Luckily, there are ways to ease the pain:

  1. Visual Studio code with Azure Resource Manager Tools and ARM Snippets
  2. Visual Studio with Azure SDK

Also some usefull hotkeys for VS Code: Alt+Shift+F – format the JSON template, so it looks pretty and easier to read, Ctrl+Shift+M – find errors and show them. If you select the language of the file as JSON, VS Code will offer intellisense when working with ARM Templates (if you’ve installed extensions). Pretty sure Visual Studio has the same capabilities, I haven’t really worked with it a lot.

More information on both: VS Code and Visual Studio.

Sometimes, intellisense doesn’t help, and to fix that you could consult the schema. Say you want to know, what parameters are there for VM OSProfile, you go to the “schema master” and search for the entity you are interested in. Since we want a Virtual Machine property we will look for virtual machine schema under “resources” and there we will find reference schema (“http://schema.management.azure.com/schemas/2015-08-01/Microsoft.Compute.json#/resourceDefinitions/virtualMachines”). You download that schema and look through it to find relevant information, this time its OSProfile (this is where Alt+Shift+F hotkey comes in handy, as those definitions are minimized, so not readable):

As you probably noticed, some of those are links to another objects in the schema, they could easily be located with a quicl Ctrl+F, unless they link to another schema file, in that case, look in that file.

TLDR \\ Short Summary

I recommend using this “workflow” when working with ARM Templates:

  1. Look for existing examples on the web
  2. Export existing resources to create a base template (if you cant find an example, or if you are missing a lot of properties)
  3. Consult the schema and intellisense when working your way through the template, use appropriate free tools, don’t make your life harder
  4. Try deploying your template and see what the errors are and fix them, errors can be obtained in the portal or using powershell\cli (and probably all the sdk’s)

Hints:

  1. Always check for known errors
  2. Enable degub mode
  3. Sometimes ARM engine will throw something like: “Error at line 1, column 2356”, easiest way to handle such an error – minify your JSON and look for character 2356 in the result.
  4. Use official MS guidance to troubleshoot ARM deployments

Fancy:

There exists an ArmWiz (and an old version) fancy thing which might help someone someday, I do not see much value in it, as it has got no intellisense, doesn’t create meaningful resources when you add them, but it can help you make sense of an existing big template. Reference.

Windows Jenkins container

In the jenkins folder you would want jenkins.war, jre and git (well, i figured jenkins is useless without git).
For COPY command to work you would have to invoke docker build from the directory containing jenkins directory.

To build I’m using:

Also, currently my windows docker containers are not getting proper dns resolution, so I had to work around that.

So to run that, I use:

So I’m aware there’s the ENV directive in the dockerfile, but it won’t work for me with windows containers, for some reason. Or you could specify full path to java executable in the CMD directive of the dockerfile and you would also have to specify full path to git inside Jenkins in that case. Also, there’s a hack to skip certificate verification. So probably not suitable for production use 😉

.NET core and IIS DSC Configuration

Ok, so I’ve put together a DSC Configuration to setup basic .NET core app on IIS.

So to run this just copy it to the target server, copy dependencies (xPSDesiredStateConfiguration and xWebAdministration) and put them into “C:\Program Files\WindowsPowerShell\Modules”. After that, you open powershell_ise and load this DSC configuration there and run it. Tt will créate a mof and meta.mof files (the output will show where they were created), after that you invoke:

It should work fine after all of this if you’ve assembled it properly. Check this link for details https://weblog.west-wind.com/posts/2016/Jun/06/Publishing-and-Running-ASPNET-Core-Applications-with-IIS