azure

Automating azure powershell cmdlets

Administering your azure subscription via powershell cmdlets is a great option for automating tasks such as starting and stopping vms, downloading blobs, etc. In the past I used the Azure-AddAccount cmdlet to authenticate. This is great but not the best option for scheduling your powershell scripts as it requires you to input your azure login credentials. The best option for automating your scripts is to authenticate via an X509 certificate. There are a couple steps to accomplish this:

  1. Download and install Azure Powershell cmdlets
  2. Generate  X509 cert (management cert) for Azure
  3. Upload the cer file to Azure
  4. Create authenticate powershell script

Lets get started, shall we?

Download and install Azure Powershell cmdlets

Grab the latest version of Azure Powershell cmdlets from: http://azure.microsoft.com/en-us/downloads/

Generate X509 cert (management cert) for Azure

Fire up Visual Studio 2010 or 2012 command prompt (run as Administrator) and run the following command, change SampleCompany to a name you can recognize:

makecert -sky exchange -r -n "CN=SampleCompany" -pe -a sha1 -len 2048 -ss My "SampleCompany.cer"

Upload the cert file to Azure

Login to your azure account by heading to http://manage.windowsazure.com, browse to Settings on the left side, then click on Management Certificates:

2015-04-09_1107

Click on Upload at the button and specify the .cer file you generated in the previous step.

After the certificate has been uploaded, take a note of the thumbprint property, we will use this later.

For more detailed instructions on this step, see this page: https://msdn.microsoft.com/en-us/library/azure/gg551722.aspx

Create authenticate powershell script

Now that we have our generated certificate uploaded to Azure we can go ahead and create a script to authenticate with that certificate. Fire up your favorite text editor and place the following in there:

$ThumbPrint = "<CERT THUMBPRINT>"
$SubscriptionId = "<SUBSCRIPTION ID>"
$SubscriptionName = "<SUBSCRIPTION NAME>"
$myCert = Get-Item cert:\\CurrentUser\My\$ThumbPrint

Set-AzureSubscription -SubscriptionName $SubscriptionName -SubscriptionId $SubscriptionId -Certificate $myCert
Select-AzureSubscription -SubscriptionName $SubscriptionName

Replace the value for the $Thumbprint variable from the information we noted in the previous step.

You can get your subscription id and subscription name from the settings page in Azure as well.

Save the file as “Authenticate.ps1”

In a powershell console, browse to the location where you saved Authenticate.ps1 and run the following command:

.\Authenticate.ps1

Now that you have authenticated, you can run any azure powershell cmdlet such as:

Get-AzureWebsite

See the Azure Cmdlet reference by browsing to: https://msdn.microsoft.com/en-us/library/azure/jj554330.aspx for a full listing of commands you can now run.

If you have any questions, please feel free to contact me.

By |April 9th, 2015|Coding|0 Comments

Using Azure Powershell to start and stop a VM

Using an Azure VM is a convenient way to test new software without having to corrupt your own terminal or using more resources for a virtual instance using Virtual Box, VMWare, etc.

As you may already know if a VM is stopped there are no charges for computing cost. However you will still incur a charge for the storage used by the VM (which is significantly less). Using a powershell script to manage the state of these VMs are helpful. I have the shutdown powershell script on a scheduler that runs nightly.

In order to use azure powershell you must do the following:

  • Install Azure PowerShell.
  • Connect to your subscription within Azure Powershell

Fortunately Microsoft has documented this process in an article located at: http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell

After installing feel free to try the following code (make sure to replace “MY_COMPUTER” with the name of your VM:

Start-AzureVM -ServiceName "MY_COMPUTER" -Name "MY_COMPUTER"

Stop-AzureVM -ServiceName "MY_COMPUTER" -Name "MY_COMPUTER" -Force
By |July 16th, 2014|Coding|0 Comments

Logging off WS-Federation by creating a wsignout1.0 message

Recently I integrated my web app with Azure ACS but was having a difficult time signing out of ACS (deleting my cookie off the .accesscontrol.windows.net server). The following code will create a wsignout1.0 message. Essentially it will construct a url with the action parameter set to “wsignout1.0”. An additional parameter “wreply” allows you to specify a url to redirect to after you have been signed out:

public ActionResult LogOff()
{
    // Load Identity Configuration
    FederationConfiguration config = FederatedAuthentication.FederationConfiguration;
 
    // Get wtrealm from WsFederationConfiguation Section
    string wtrealm = config.WsFederationConfiguration.Realm;
    string wreply;
 
    // Construct wreply value from wtrealm (This will be the return URL to your app)
    wreply = wtrealm;
 
    // Read the ACS Ws-Federation endpoint from web.Config
    // something like "https://<your-namespace>.accesscontrol.windows.net/v2/wsfederation"
    string wsFederationEndpoint = ConfigurationManager.AppSettings["ida:Issuer"];
 
    SignOutRequestMessage signoutRequestMessage = new SignOutRequestMessage(new Uri(wsFederationEndpoint));
 
    signoutRequestMessage.Parameters.Add("wreply", wreply);
    signoutRequestMessage.Parameters.Add("wtrealm", wtrealm);
 
    FederatedAuthentication.SessionAuthenticationModule.SignOut();
 
    string signoutUrl = signoutRequestMessage.WriteQueryString();
 
    return this.Redirect(signoutUrl);
}

Got a question? Send me a message on twitter: @tekguy

By |July 5th, 2014|Coding|0 Comments

Command line utility to copy files to Azure’s blob storage

I am in the process of moving a client’s site from a traditional web hosting platform to azure’s cloud service. The web app uses a sql database that has a file name reference to images in a physical folder on the web server. I need to get these images into an Azure’s blob storage.

To get these images uploaded I decided to use a command line tool called “AzCopy”. You can learn more about the project at: http://blogs.msdn.com/b/windowsazurestorage/archive/2012/12/03/azcopy-uploading-downloading-files-for-windows-azure-blobs.aspx.

The link to download the utility is located on Github.

Here is a sample command:

AzCopy C:webrootiisimages.site.comwwwrootuploads 
https://CONTAINER_NAME.blob.core.windows.net/uploads/ /destkey:[AZURE KEY]

Enjoy!

By |June 14th, 2013|Coding|0 Comments