1 – Prepare scripting environment

Recently I delivered a very hands-on technical training in 8 parts in class room style. I’m going to share them here with some comments. The first part starts with the very basic, which is getting the tools installed for scripting, logging on and essential navigation in the scripting languages.

And if you notice that it was a while since my last post – yes that is true. Just didn’t have time for it. Sorry for that.

Installing the scripting tools for Azure

You can download the Azure Powershell and Azure CLI from this link https://azure.microsoft.com/en-us/downloads/ (all the way to the bottom you’ll find Command-line tools) and on your Windows you download both Powershell and the CLI, since you need to master both, and on your Mac you only download the CLI. On Windows this will launch the Web Installer and when that is completed you can open a Powershell command prompt (find “powershell” in the Start menu) and run it as administrator (right click on menu item). You don’t run powershell as admin in your day-to-day work, but during installation you need to.

Powershell – installation

At the Powershell prompt, then try the command

Install-Module PowerShellGet –Force

If you get an error saying that it doesn’t understand that command, you have a too old version of powershell installed. In this case you need to download and install something called “Windows Management Framework 5.1” from here https://www.microsoft.com/en-us/download/details.aspx?id=54616. This will take some time but when it is completed, the above command should succeed.

Next thing is to run the below command to import the Azure module

Import-Module –Name AzureRM

The final check that you’re all good to go is by running the below command. It should emit a red error message complaining that your not logged in and that you should do that with “Login-AzureRmAccount”. The Get-AzureRmVm command is choosen by random and you could pick any Azure command just to see that everything is installed ok.

Get-AzureRmVm

CLI – installation

The Azure CLI installation should be no problem and it is done with brew on a Mac or the normal install tool on your Linux distribution. It is documented here https://docs.microsoft.com/sv-se/cli/azure/install-azure-cli-macos?view=azure-cli-latest

Mac

brew update && brew install azure-cli

Ubuntu Linux

AZ_REPO=$(lsb_release -cs)
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | \
sudo tee /etc/apt/sources.list.d/azure-cli.list

sudo apt-key adv --keyserver packages.microsoft.com --recv-keys 52E16F86FEE04B979B07E28DB02C46DF417A0893
curl -L https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
sudo apt-get install -y apt-transport-https
sudo apt-get update && sudo apt-get install azure-cli

If you already have the CLI installed, upgrade if it’s below 2.0. To check version, do command az –version and you’ll get something like “azure-cli (2.0.29)” as the first line of output.

Logging in

You need to authenticate with Azure AD in order to do something with the scripting languages and that process is going to involve Azure AD and probably your company’s Identity Provider (IDP). In powershell you issue the command

Login-AzureRmAccount

This command was previously called Add-AzureRmAccount and is being renamed into Connect-AzureRmAccount, but never mind that. It is all the same. This command will kick off and interactive login session that may include your company’s Multi-Factor Authentication process.

The equivalent in Azure CLI is below, but there is a big difference here, since the implementation here

az login

needs to be platform independent. In order to perform a secure login, the CLI will ask you to navigate to https://microsoft.com/devicelogin and ask you to punch in the short code that the CLI outputed.

It is worth noting that both login procedures have command line options that enables you to specify userid/password on the command line. For the CLI, you can specify -u and enter your password in a secure prompt. For security purposes, I never do that personally.

az login -u basil@fawltytowers2.com

Both commands have other options, like logging in a service principal, via certificate, etc, but that is more advanced than is needed to get going.

Scripting basics

Who am I? Which subscription am I in?

Get-AzureRmContext
az account show

Which subscriptions do I have access to?

Get-AzureRmSubscription
az account list

Switch active subscription

Set-AzureRmContext -Subscription <name>
Set-AzureRmContext -SubscriptionId {guid}
az account set -s {guid}

Help?

Get-Help Get-AzureRmContext  # substitute for the command you want help with
# type as much as you know and append -h to get help
az account -h
az account show -h

Change output format

Powershell handles this within the normal scripting language. This is a good article to start with https://docs.microsoft.com/en-us/powershell/azure/formatting-output

In CLI there is a -o (–output) argument you can pass to each command that determinds the type of output you want. The default is JSON, but you can change it to table and tsv (tab separated values)

az ... -o json|table|tsv
az account list -o table
DBSRV=$(az mysql server show -g $rgname -n $SERVERNAME --query "fullyQualifiedDomainName" -o tsv)
FTPURL=$(az webapp deployment list-publishing-profiles -g $rgname -n $webappname 
           --query "[1].publishUrl" -o tsv)

The tsv format is often used in conjunction with the -q (–query) argument where you want a single value return that you need later in your script.

Do’s and Don’ts

Scripting language is powerfull and can be your best friend but also your enemy. Alot of examples out there are written with Login-AzureRmAccount and also do change the active subscription. I’m no big fan of that since if you change active subscription mid flight, you need to be very carfull that you don’t do anything dangerous afterwards in the command prompt. To always know where I am, I have a little powershell snippet that I run before I do something

$sub = Get-AzureRmContext
$host.ui.RawUI.WindowTitle = "PS Azure - $($sub.Account.Id) - $($sub.Subscription.Name)"

What this little sucker does is changing the Window Title of the Powershell command prompt to help me know where I am.

Speaking of command prompts. If I ever do anything that is in a production subscription, or production-like, I always open a fresh window, carry on my duty and then close the window. I don’t want to inherit surprises and I don’t want a lingering command prompt.

Summary

This was the first post in a series of 8 where I’ll try to get you ready for hands-on duty on Azure. It’s nothing you can’t anywhere else, but I’ve tried to summarize it in a way that gets you off the ground.