Working for my current employer, I have an MSDN subscription and access to Microsoft azure. I also have a nice amount of credits to spend, so it's good opportunity to get warm with Azure.
But before starting with Microsoft azure, it might be good to understand the different entities Azure offers. As always a good starting point is the official documentation. At this point I don’t need to know all resources but the most common ones. My goal is to setup a could environment with a Jenkins instance (master) and 2 connected Jenkins slaves.
Also important is the following important note which I have seen in the Azure documentation as of
Before you work with Azure resources, it’s important to understand that Azure currently has two deployment models: Azure Resource Manager and classic. Make sure you understand deployment models and tools before you work with any Azure resource. You can view the documentation for different tools by clicking the tabs at the top of this article.
Preparation
The easiest way to work with Azure is using the WebPortal, but working with Linux, I want to try the cli client. On Arch Linux you can find the cli client in the AUR repsoitory. After installing there are two things to do:
As recommended we will switch the cli to Resource Manager mode by running azure config mode arm
Enable auto complete for azure
Resource Groups
The first resource you need is a resource group. Resource groups are containers which holds Azure resources (VMs, web apps, virtual networks, …) and which you can manage as a group. This includes resource allocation as well as access control. Resource groups can be created via the portal or the Powershell/cli. A group needs a name and a location and optionally also tags. The location specify where where that metadata is stored, which is an an important compliance aspect. For my private use it does not really matter, but I prefer westeurope.
Virtual networks are logically isolated networks within the cloud and can be fully controlled by you. Not only that they are fully isolated, but they also provide a lot of features like accessibility trough public Internet, name resolution, security mechanisms to secure incoming and outgoing traffic. The VNets can be interconnected with each other and also to your on-premises network. The azure infrastructure plays the role of the router which makes this possible. It is recommended to plan your virtual network with care and it is highly recommended to read trough Article “Plan and design Azure Virtual Networks”
However, as drawn above, I have very simple setup with a single network with only few host addresses. Therefore I have chosen 111.111.111.0/24. Now let’s create this.
For now this is all I need. Further configuration may come later if needed.
Virtual Machines
Yeah, we know what virtual machines are (I hope at least) so I will not bother with this topic too much. You can create Windows or Linux VMs or event containers. Checkout the related documentation
We need to provide either a virtual disk (vhd) with an already installed system or we create a vm based on an image. Azure marketplace already offers a lot of images or you can build and use your own image. I will use an image from the Marketplace as I want to use a standard Ubuntu 16.04 LTS. Therefore let’s check if Canonical is one of the available publishers in my region
Ok, here we go, let’s install Ubuntu 16.04.0-LTS. But for this we need to now the image-urn, which is not shown above. So let’s run another command
Let’s use the latest update. We use the resource group previously created.
As you can see, the command fails cause we are missing a NIC. We also see, that a storage account has been created. I will come to that later.
NICs (Network Interfaces) and Subnets
That an VM can communicate with other resources it needs a network interface. The network interface is associated to a subnet. Currently I don’t have neither one of them. Therefore, let’s first create the subnet. Remember that I have a vnet 111.111.111.0/24 and I don’t really need to further divide this, so I just use the whole as my subnet
Now I should be able to create my network interface
It seems I need a subnet. So let’s first understand what is a subnet
Subnet is a range of IP addresses in the VNet, you can divide a VNet into multiple subnets for organization and security. VMs and PaaS role instances deployed to subnets (same or different) within a VNet can communicate with each other without any extra configuration. You can also configure route tables and NSGs to a subnet.
There is no limit on the number of subnets you use within a VNet. All the subnets must be fully contained in the virtual network address space and should not overlap with one another.
Azure reserves some IP addresses within each subnet. The first and last IP addresses of the subnets are reserved for protocol conformance, along with 3 more addresses used for Azure services.
The smallest subnet we support is a /29 and the largest is a /8 (using CIDR subnet definitions).
So I need a subnet for my vnet1 and as I do not need to divide my vnet1 in further subnets, I create a subnet using the whole range of my vnet1
Now I can provide the subnet-id as parameter when creating the nic
As you can see, the nicmaster has a dynamic ip allocation but I actually want a fixed ip. So I have to change that. Let’s first show my ip configuration.
You can see that I have a configuration called “default-ip-config” which was created automatically. As the output of the command reveals, you might have multiple ip configurations per NIC. You may find more information about this here: https://azure.microsoft.com/en-us/documentation/articles/virtual-network-multiple-ip-addresses-powershell/. I only have one configuration, the default one, which I want to change. But as the first and the last address are reserved, I will use 111.111.111.10 as static ip instead:
Virtual Maschine (again)
After I have done the necessary configuration for the NIC, I try to create the vm again:
Two things you may have observed in the log above. First, another storage account has been created. Not nice, but this could have been probably avoided, specifying storage parameters to the vm create command. Second, the NIC “nicmaster” does not have a publicIP configured, but this is no big deal for now. Let’s check in the portal what I have created so far:
Storage Accounts
As already mentioned above, when you create (or try to create) a vm, a storage account is created. A storage account gives you access to the Azure Storage service like Tables, Queues, Files, Blobs and Azure virtual machine disks. As always, checkout for details in the official documentation.
The storage account list can be queried in order to see more details. It usually has an unique name and is associated to a Resource Group and a location. As the storage account was implicitly created it took the same location as the vm we create earlier.
We can even dig further and get more details:
So how the storage is used then. When quering the disks using the disk command for the vm there is actually no disk shown.
This is cause the disk command only queries for data disks. But what actually was created was an os disk as the documentation reveals:
Just like any other computer, virtual machines in Azure use disks as a place to store an operating system, applications, and data. All Azure virtual machines have at least two disks – a Linux operating system disk (in the case of a Linux VM) and a temporary disk. The operating system disk is created from an image, and both the operating system disk and the image are actually virtual hard disks (VHDs) stored in an Azure storage account. Virtual machines also can have one or more data disks, that are also stored as VHDs. This article is also available for Windows virtual machines.
Later we can read
The VHDs used in Azure are .vhd files stored as page blobs in a standard or premium storage account in Azure. For details about page blobs, see Understanding block blobs and page blobs.
Before we continues, remember the picture above, where you can see that blobs are stored in containers. So let’s query to see whether we have also a container for the recently created storage account.
We have to set some environment variables. The AZURE_STORAGE_ACCOUNT we already have, but we are missing the access key. Access keys are provided for each storage account and can be easily queried.
So we need to set the necessary environment variables and then we can query the container.
So we have actually two containers. The first one - bootdiagnostics - contains boot diagnostics data, an option which is enabled by default for newly created VMs. The bootdiagnostics can be easily seen in the Azure portal but I did not yet check how to handle (read) the boot log from cli. The second container is called vhds and contains the actual OS disk
Status and Next Steps
So I have created my first resources and my first vm is up and running.
I also have a better picture of the setup with the different azure resources. But as you can see, I’m not yet done and there are some more steps ahead of me
Connect to the VM
Create missing VMs node1 and node2
Deploy Jenkins and Jenkins-Slaves
Conclusion (so far)
Just starting to create your resources ad-hoc is fine for just playing around. But when you want to use Azure in your company environment, carefully think about the main resources and plan them carefully in advance.
Resource groups: They serve as a container for your resources and enable managing them as a group e.g. for access permissions. Plan the carefully according to your resource needs and your company structure.
Virtual Networks: Think about what isolated networks you need, how they shall or shall not be inter-connected and also connected to your on-premise network. Do also not forget to think about the regional location of your network resources and network security groups.
Storage: Think about your storage needs and distribution of the storage among locations
Keep in mind the prices - especially for VMs and storage - and think carefully what do you really need. The higher the resources, the higher the prices.