One-click provisioning in Microsoft Azure using Azure PowerShell. Migration of existing on-premisses platform to IaaS.

1. Развертывания и настройка окружений,
автоматизация и шаблонизация,
инструменты и сценарии,
Azure PowerShell
Provisioning в
Microsoft Azure
Eugene Ilagin https://github.com/ilagin/

2. • Что такое Provisioning?
• Зачем это знать и где применять?
• Ручная настройка окружения или
автоматическая?
• Provisioning как элемент Continuous
Delivery.
Введение

3. Hands-on пример
API Server Web Server
Database Server Replication Server
Web API Web App
Replicated
Database
Database
Transactional Replication
• Миграция web-
приложения с on-
premises на IaaS
• Набор скриптов,
позволяющий
сделать все в один
клик

4. • Azure PowerShell – open source модуль для
Windows PowerShell
• Azure Account. Subscription
• Способы подключения к Azure подписке
• Azure AD
• Сертификат
https://github.com/Azure/azure-powershell/releases
Установка Azure PowerShell и
подключение подписки

5. Создание Storage Account
Шаг 1.

6. $commonLocation = "North Europe"
$storageAccountName = "ilagin"
$subscriptionName = Get-AzureSubscription | Select SubscriptionName
New-AzureStorageAccount -StorageAccountName $storageAccountName -Label
"TestStorage" -Location $commonLocation
Select-AzureSubscription $subscriptionName.SubscriptionName.ToString()
Set-AzureSubscription -SubscriptionName
$subscriptionName.SubscriptionName.ToString() -CurrentStorageAccount
$storageAccountName

7. • Объединение виртуальных машин в LAN
• Доступ к ресурсам в пределах LAN
• Организация VPN
• Создание VNet перед созданием VM
Шаг 2. Создание Виртуальной Сети

9. <NetworkConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration">
<VirtualNetworkConfiguration>
<Dns />
<VirtualNetworkSites>
<VirtualNetworkSite name="MyVirtualNetwork" Location="North Europe">
<AddressSpace>
<AddressPrefix> 10.0.0.1/26</AddressPrefix>
</AddressSpace>
<Subnets>
<Subnet name="Subnet1">
<AddressPrefix> 10.0.0.1/26</AddressPrefix>
</Subnet>
</Subnets>
</VirtualNetworkSite>
</VirtualNetworkSites>
</VirtualNetworkConfiguration>
</NetworkConfiguration>

10. Set-AzureVNetConfig -ConfigurationPath
"D:NetworkConfig.netcfg"

11. • Доступные образы: Get-AzureVMImage.
• Vmdepot.com
• Выбор конфигурации. A0-A11. D1- D14.
• VM с MS SQL стоят дороже.
• Операции создания и provisioning’a
занимают относительно длительное время
Шаг 3.
Создание Виртуальных Машин

12. $commonLocation = "North Europe"
$webServerImageName = "bd507d3a70934695bc2128e3e5a255ba__RightImage-Windows-
2012-x64-iis8-v14.2"
$dbServerImageName = "fb83b3509582419d99629ce476bcb5c8__SQL-Server-2012-SP2-
11.0.5569.0-Ent-ENU-Win2012-cy15su02"
$virtualNetworkName = "MyVirtualNetwork"
$subnetName = "Subnet1"
$vmNames = @("ilgonetest", "ilgtwotest", "ilgthreetest", "ilgfourtest")
$pwd = "Super Secure Password1"
$instanceSize = "Large"
$userName = "eugene"
$vm0 = New-AzureVMConfig -Name $vmNames[0] -InstanceSize $instanceSize -Image
$webServerImageName
$vm0 | Add-AzureProvisioningConfig -Windows -AdminUserName $userName -Password
$pwd | Set-AzureSubnet $subnetName
$vm0 | New-AzureVM -ServiceName $vmNames[0] -VNetName $virtualNetworkName –
Location $commonLocation

13. $vm1 = New-AzureVMConfig -Name $vmNames[1] -InstanceSize $instanceSize -
Image $webServerImageName
$vm1 | Add-AzureProvisioningConfig -Windows -AdminUserName $userName -
Password $pwd | Set-AzureSubnet $subnetName
$vm1 | New-AzureVM -ServiceName $vmNames[1] -VNetName $virtualNetworkName
–Location $commonLocation
$vm2 = New-AzureVMConfig -Name $vmNames[2] -InstanceSize $instanceSize -
Image $dbServerImageName
$vm2 | Add-AzureProvisioningConfig -Windows -AdminUserName $userName -
Password $pwd | Set-AzureSubnet $subnetName
$vm2 | New-AzureVM -ServiceName $vmNames[2] -VNetName $virtualNetworkName
–Location $commonLocation
$vm3 = New-AzureVMConfig -Name $vmNames[3] -InstanceSize $instanceSize -
Image $dbServerImageName
$vm3 | Add-AzureProvisioningConfig -Windows -AdminUserName $userName -
Password $pwd | Set-AzureSubnet $subnetName
$vm3 | New-AzureVM -ServiceName $vmNames[3] -VNetName $virtualNetworkName
–Location $commonLocation

14. • Потеря IP адреса после выключения
• Зависимость ресурсов от IP адреса
Шаг 4. Присвоение статических IP

15. $vmNames = @("ilgonetest", "ilgtwotest", "ilgthreetest",
"ilgfourtest")
$staticIPs = @("10.0.0.4", "10.0.0.5", "10.0.0.6", "10.0.0.7")
for($i=0; $i -le 3; $i++)
{
Get-AzureVM -ServiceName $vmNames[$i] -Name $vmNames[$i] |
Set-AzureStaticVNetIP -IPAddress $staticIPs[$i] | Update-AzureVM
}

16. Шаг 5.
Добавление Endpoint’ов к
виртуальным машинам
• Что такое endpoint?
• 2 endpoint’а по умолчанию: RDP, PowerShell
• HTTP(80), SQL(1433) и другие - закрыты

17. $webVmNames = @("ilgonetest", "ilgtwotest")
foreach($vm in $webVmNames)
{
Get-AzureVM -ServiceName $vm -Name $vm | Add-AzureEndpoint -Name
"HttpIn" -Protocol "tcp" -PublicPort 80 -LocalPort 80 | Update-AzureVM
}

18. Шаг 6.
Отключение Windows Firewall

19. $vmNames = @("ilgonetest", "ilgtwotest", "ilgthreetest", "ilgfourtest")
$userName = "eugene"
$pwd = "Super Secure Password1"
$securePassword = ConvertTo-SecureString $pwd -AsPlainText -Force
$credential = New-Object
System.Management.Automation.PSCredential($userName, $securePassword)
foreach($vm in $vmNames)
{
$uri = Get-AzureWinRMUri -ServiceName $vm -Name $vm
$sessionOption = New-PSSessionOption -SkipCACheck:$true -
SkipCNCheck:$true -SkipRevocationCheck:$true
$session = New-PSSession -ConnectionUri $uri -Credential
$credential -SessionOption $sessionOption
Invoke-Command -Session $session -ScriptBlock {Get-
NetFirewallProfile | Set-NetFirewallProfile –Enabled False}
$session | Remove-PSSession
}

20. • Обзор доступных вариантов
• VHD – Virtual Hard Drive
• Azure Blob Storage
Шаг 7. Загрузка файлов на VM

21. $vmNames = @("ilgonetest", "ilgtwotest", "ilgthreetest", "ilgfourtest")
$volumePath = "D:FileStorage.vhd"
$folderToCopy = "D:PRJ"
$azureStoragePaths =
("http://ilagin.blob.core.windows.net/vhdstore/FileStorage0.vhd",
"http://ilagin.blob.core.windows.net/vhdstore/FileStorage1.vhd",
"http://ilagin.blob.core.windows.net/vhdstore/FileStorage2.vhd",
"http://ilagin.blob.core.windows.net/vhdstore/FileStorage3.vhd")
$volume = new-vhd -Path $volumePath -SizeBytes 40MB | `
Mount-VHD -PassThru | `
Initialize-Disk -PartitionStyle mbr -Confirm:$false -PassThru | `
New-Partition -UseMaximumSize -AssignDriveLetter -MbrType IFS | `
Format-Volume -NewFileSystemLabel "VHD" -Confirm:$false
Copy-Item $folderToCopy "$($volume.DriveLetter):" -Recurse
Dismount-VHD $volumePath

22. for($i=0; $i -le 3; $i++)
{
Add-AzureVhd -Destination $azureStoragePaths[$i] -
LocalFilePath $volumePath
Get-AzureVM $vmNames[$i] $vmNames[$i] | Add-AzureDataDisk
-ImportFrom -MediaLocation $azureStoragePaths[$i] -DiskLabel "EXT"
-LUN 0 | Update-AzureVM
}

23. Шаг 8.
Удаленное конфигурирование IIS

24. $webVmNames = @("ilgonetest", "ilgtwotest")
$webPaths = @("E:PRJAPI", "E:PRJWeb")
$userName = "eugene"
$pwd = "Super Secure Password1"
$securePassword = ConvertTo-SecureString $pwd -AsPlainText -Force
$credential = New-Object
System.Management.Automation.PSCredential($userName, $securePassword)
$i = 0
foreach($vm in $webVmNames)
{
$uri = Get-AzureWinRMUri -ServiceName $vm -Name $vm
$sessionOption = New-PSSessionOption -SkipCACheck:$true -
SkipCNCheck:$true -SkipRevocationCheck:$true

25. $session = New-PSSession -ConnectionUri $uri -Credential $credential -
SessionOption $sessionOption
Invoke-Command -Session $session -ScriptBlock {
param($path, $user, $password)
Set-ExecutionPolicy RemoteSigned
Import-Module WebAdministration
if (!(Test-Path $path))
{
$path = $path.Replace("E:", "F:")
}
Remove-Item IIS:AppPoolsAdminAppPool -Force -Recurse
$appPool = New-WebAppPool -Name "AdminAppPool"
$appPool.processModel.userName = $user
$appPool.processModel.password = $password
$appPool.processModel.identityType = "SpecificUser"
$appPool | Set-Item
}

26. Remove-Item IIS:Sites"Default Web Site" -Force -Recurse
Remove-Item IIS:SitesAzureProvisioning -Force -Recurse
New-Item IIS:SitesAzureProvisioning -physicalPath $path -
bindings @{protocol="http";bindingInformation=":80:"}
Set-ItemProperty IIS:SitesAzureProvisioning -name
applicationPool -value AdminAppPool
} -Args $webPaths[$i], $userName, $pwd
$session | Remove-PSSession
$i++
}

27. Шаг 9.
Добавление Windows пользователей

28. $sqlVmNames = @("ilgthreetest", "ilgfourtest")
$userName = "eugene"
$pwd = "Super Secure Password1"
$securePassword = ConvertTo-SecureString $pwd -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($userName,
$securePassword)
$newUserName = "Replication"
foreach($vm in $sqlVmNames)
{
$uri = Get-AzureWinRMUri -ServiceName $vm -Name $vm
$sessionOption = New-PSSessionOption -SkipCACheck:$true -
SkipCNCheck:$true -SkipRevocationCheck:$true
$session = New-PSSession -ConnectionUri $uri -Credential $credential -
SessionOption $sessionOption
Invoke-Command -Session $session -ScriptBlock {

29. param($vmName, $userToCreate, $userPassword)
$Computer = [ADSI]("WinNT://" + $vmName)
$LocalAdmin = $Computer.Create("User", $userToCreate)
$LocalAdmin.SetPassword($userPassword)
$LocalAdmin.SetInfo()
$LocalAdmin.FullName = "Azure Provisioning Demo"
$LocalAdmin.SetInfo()
$LocalAdmin.UserFlags = 64 + 65536 #
ADS_UF_PASSWD_CANT_CHANGE + ADS_UF_DONT_EXPIRE_PASSWD
$LocalAdmin.SetInfo()
$objOU = [ADSI]("WinNT://" + $vmName +
"/Administrators,group")
$objOU.add("WinNT://" + $vmName +"/" + $userToCreate)
} -Args $vm, $newUserName, $pwd
$session | Remove-PSSession
}

30. Шаг 10.
Добавление SQL пользователей

31. $sqlVmNames = @("ilgthreetest", "ilgfourtest")
$userName = "eugene"
$pwd = "Super Secure Password1"
$securePassword = ConvertTo-SecureString $pwd -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($userName,
$securePassword)
$newUserName = "Replication"
foreach($vm in $sqlVmNames)
{
$uri = Get-AzureWinRMUri -ServiceName $vm -Name $vm
$sessionOption = New-PSSessionOption -SkipCACheck:$true -SkipCNCheck:$true -
SkipRevocationCheck:$true
$session = New-PSSession -ConnectionUri $uri -Credential $credential -
SessionOption $sessionOption

32. Invoke-Command -Session $session -ScriptBlock {
param($vmName, $userName, $userPassword)
Set-ExecutionPolicy RemoteSigned
Import-Module SQLPS -DisableNameChecking
$SQLInstanceName = "(local)"
$Server = New-Object -TypeName
Microsoft.SqlServer.Management.Smo.Server -ArgumentList $SQLInstanceName
if ($Server.Logins.Contains($userName))
{
$Server.Logins[$userName].Drop()
}
$Login = New-Object -TypeName
Microsoft.SqlServer.Management.Smo.Login -ArgumentList $Server, $userName
$Login.LoginType =
[Microsoft.SqlServer.Management.Smo.LoginType]::SqlLogin
$Login.PasswordExpirationEnabled = $false
$Login.Create($userPassword)
$Login.AddToRole("sysadmin")
$Login.Alter()

33. $replicationWindowsUser = $vmName + "Replication"
if ($Server.Logins.Contains($replicationWindowsUser))
{
$Server.Logins[$replicationWindowsUser].Drop()
}
$Login = New-Object -TypeName
Microsoft.SqlServer.Management.Smo.Login -ArgumentList $Server,
$replicationWindowsUser
$Login.LoginType =
[Microsoft.SqlServer.Management.Smo.LoginType]::WindowsUser
$Login.PasswordExpirationEnabled = $false
$Login.Create($userPassword)
$Login.AddToRole("sysadmin")
$Login.Alter()
} -Args $vm, $newUserName, $pwd
$session | Remove-PSSession
}

34. Шаг 11.
Изменение режима проверки
подлинности SQL сервера.
Включение SQL Server Agent.

35. $sqlVmNames = @("ilgthreetest", "ilgfourtest")
$userName = "eugene"
$pwd = "Super Secure Password1"
$securePassword = ConvertTo-SecureString $pwd -AsPlainText -Force
$credential = New-Object
System.Management.Automation.PSCredential($userName, $securePassword)
$newUserName = "Replication"
foreach($vm in $sqlVmNames)
{
$uri = Get-AzureWinRMUri -ServiceName $vm -Name $vm
$sessionOption = New-PSSessionOption -SkipCACheck:$true -
SkipCNCheck:$true -SkipRevocationCheck:$true
$session = New-PSSession -ConnectionUri $uri -Credential $credential
-SessionOption $sessionOption
Invoke-Command -Session $session -ScriptBlock {
param($vmName)

36. Set-ExecutionPolicy RemoteSigned
Import-Module SQLPS -DisableNameChecking
$sqlServer = new-object
('Microsoft.SqlServer.Management.Smo.Server') '(local)'
$sqlServer.Settings.LoginMode =
[Microsoft.SqlServer.Management.SMO.ServerLoginMode]::Mixed
$sqlServer.Alter()
CD SQLSERVER:SQL$vmName
$Wmi = (get-item .).ManagedComputer
$sqlInstance = $Wmi.Services['MSSQLSERVER']
$sqlInstance.Stop()
Start-Sleep -s 10
$sqlInstance.Start()
$agent = $Wmi.Services['SQLSERVERAGENT']
$agent.Start()
} -Args $vm
$session | Remove-PSSession
}

37. Шаг 12.
Восстановление бэкапа базы

38. $sqlVmNames = @("ilgthreetest", "ilgfourtest")
$userName = "eugene"
$pwd = "Super Secure Password1"
$securePassword = ConvertTo-SecureString $pwd -AsPlainText -Force
$credential = New-Object
System.Management.Automation.PSCredential($userName, $securePassword)
foreach($vm in $sqlVmNames)
{
$uri = Get-AzureWinRMUri -ServiceName $vm -Name $vm
$sessionOption = New-PSSessionOption -SkipCACheck:$true -
SkipCNCheck:$true -SkipRevocationCheck:$true
$session = New-PSSession -ConnectionUri $uri -Credential
$credential -SessionOption $sessionOption
Invoke-Command -Session $session -ScriptBlock {
Set-ExecutionPolicy RemoteSigned
Import-Module SQLPS -DisableNameChecking

39. $srv = new-Object Microsoft.SqlServer.Management.Smo.Server("(local)")
$db = New-Object
Microsoft.SqlServer.Management.Smo.Database($srv, "AzureProvisioning")
$db.Create()
$backupFilePath = "E:PRJdb.bak"
if (!(Test-Path $backupFilePath))
{
$backupFilePath = "F:PRJdb.bak"
}
Restore-SqlDatabase -ServerInstance "(local)" -Database
AzureProvisioning -BackupFile $backupFilePath -ReplaceDatabase
}
$session | Remove-PSSession
}

40. Шаг 13.1
Создание репликации.
Конфигурация publisher’а

41. $distributorVm = "ilgthreetest"
$userName = "eugene"
$pwd = "Super Secure Password1"
$securePassword = ConvertTo-SecureString $pwd -AsPlainText -Force
$credential = New-Object
System.Management.Automation.PSCredential($userName,
$securePassword)
$uri = Get-AzureWinRMUri -ServiceName $distributorVm -Name
$distributorVm
$sessionOption = New-PSSessionOption -SkipCACheck:$true -
SkipCNCheck:$true -SkipRevocationCheck:$true
$session = New-PSSession -ConnectionUri $uri -Credential $credential
-SessionOption $sessionOption
Invoke-Command -Session $session -ScriptBlock {
Set-ExecutionPolicy RemoteSigned
Import-Module SQLPS -DisableNameChecking

42. $publicationFilePath = "E:PRJpublication.sql"
if (!(Test-Path $publicationFilePath))
{
$publicationFilePath = "F:PRJpublication.sql"
}
Invoke-SqlCmd -InputFile $publicationFilePath -
ServerInstance "(local)"
}
$session | Remove-PSSession

43. Шаг 13.2
Создание репликации.
Копирование базы

44. $sqlSubscriberVM = "ilgfourtest"
$userName = "eugene"
$pwd = "Super Secure Password1"
$securePassword = ConvertTo-SecureString $pwd -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($userName,
$securePassword)
$uri = Get-AzureWinRMUri -ServiceName $sqlSubscriberVM -Name $sqlSubscriberVM
$sessionOption = New-PSSessionOption -SkipCACheck:$true -SkipCNCheck:$true -
SkipRevocationCheck:$true
$session = New-PSSession -ConnectionUri $uri -Credential $credential -
SessionOption $sessionOption

45. Invoke-Command -Session $session -ScriptBlock {
$pathToShare = "E:PRJ"
if (!(Test-Path $pathToShare))
{
$pathToShare = $pathToShare.Replace("E:", "F:")
}
$netSharePath = "PRJ=" + $pathToShare
net user guest /active:yes
net share $netSharePath "/GRANT:Everyone,FULL"
}
$session | Remove-PSSession

46. $session | Remove-PSSession
$sqlPublisherVM = "ilgthreetest"
$userName = "eugene"
$pwd = "Super Secure Password1"
$securePassword = ConvertTo-SecureString $pwd -AsPlainText -Force
$credential = New-Object
System.Management.Automation.PSCredential($userName, $securePassword)
$uri = Get-AzureWinRMUri -ServiceName $sqlPublisherVM -Name
$sqlPublisherVM
$sessionOption = New-PSSessionOption -SkipCACheck:$true -SkipCNCheck:$true
-SkipRevocationCheck:$true
$session = New-PSSession -ConnectionUri $uri -Credential $credential -
SessionOption $sessionOption

47. Invoke-Command -Session $session -ScriptBlock {
Set-ExecutionPolicy RemoteSigned
Import-Module SQLPS -DisableNameChecking
$path = "E:PRJ"
if (!(Test-Path $path))
{
$path = $path.Replace("E:", "F:")
}
$backupPath = $path + "new.bak"
Backup-SqlDatabase -ServerInstance '(local)' -Database
"AzureProvisioning" -BackupFile $backupPath

48. $pass="Super Secure Password1"|ConvertTo-SecureString -
AsPlainText -Force
$cred = New-Object
System.Management.Automation.PsCredential("ILGFOURTESTeugene",$pass)
New-PSDrive -Name R -Root "10.0.0.7PRJ" -PSProvider
FileSystem -Credential $cred
Copy-Item $backupPath "R:"
}
$session | Remove-PSSession

49. Шаг 13.3
Создание репликации.
Восстановление базы
publisher’а

50. $uri = Get-AzureWinRMUri -ServiceName $sqlSubscriberVM -Name
$sqlSubscriberVM
$sessionOption = New-PSSessionOption -SkipCACheck:$true -SkipCNCheck:$true
-SkipRevocationCheck:$true
$session = New-PSSession -ConnectionUri $uri -Credential $credential -
SessionOption $sessionOption
Invoke-Command -Session $session -ScriptBlock {
Set-ExecutionPolicy RemoteSigned
Import-Module SQLPS -DisableNameChecking
$srv = new-Object
Microsoft.SqlServer.Management.Smo.Server("(local)")
$db = New-Object Microsoft.SqlServer.Management.Smo.Database($srv,
"AzureProvisioning")
$db.Create()
$backupPath = "E:PRJnew.bak"

51. if (!(Test-Path $backupPath))
{
$backupPath = $backupPath.Replace("E:", "F:")
}
Restore-SqlDatabase -ServerInstance "(local)" -Database
AzureProvisioning -BackupFile $backupPath -ReplaceDatabase
}

52. Шаг 13.3
Создание репликации.
Настройка подписки

53. $session | Remove-PSSession
$distributorVm = "ilgthreetest"
$userName = "eugene"
$pwd = "Super Secure Password1"
$securePassword = ConvertTo-SecureString $pwd -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($userName,
$securePassword)
$uri = Get-AzureWinRMUri -ServiceName $distributorVm -Name $distributorVm
$sessionOption = New-PSSessionOption -SkipCACheck:$true -SkipCNCheck:$true -
SkipRevocationCheck:$true
$session = New-PSSession -ConnectionUri $uri -Credential $credential -
SessionOption $sessionOption
Invoke-Command -Session $session -ScriptBlock {

54. Set-ExecutionPolicy RemoteSigned
Import-Module SQLPS -DisableNameChecking
$supscriptionFilePath = "E:PRJsubscription.sql"
if (!(Test-Path $supscriptionFilePath))
{
$supscriptionFilePath = $supscriptionFilePath.Replace("E:", "F:")
}
Invoke-SqlCmd -InputFile $supscriptionFilePath -ServerInstance "(local)"
}
$session | Remove-PSSession

55. Шаг 14.
Опциональный
Удаление окружения

56. $vmNames = @("ilgonetest", "ilgtwotest", "ilgthreetest", "ilgfourtest")
$storageAccountName = "ilagin"
foreach($vm in $vmNames)
{
Remove-AzureDeployment -ServiceName $vm -Slot Production -DeleteVHD
-Force
Remove-AzureService -ServiceName $vm -Force
}
Remove-AzureVNetConfig
Start-Sleep -s 30
Remove-AzureStorageAccount -StorageAccountName $storageAccountName

57. Заключение
Provisioning в один клик.
Fun или необходимость?

58. Спасибо за внимание!
eugene.ilagin@gmail.com
https://github.com/ilagin/AzureProvisioning