Posted by Dana Epp
Azure CLI Fundamentals : HOW TO COMMAND YOUR AZURE CLOUD SHELL
If you are new to the Azure CLI, or don’t feel like a cloud shell ninja, we've put together an introduction to help you get started. Command your cloud from the console.
You know, early in my career as an administrator, I volunteered to help build a free internet provider in Western Canada, to help connect communities together. This was in the early 90s, when Gopher was king, and you searched with Veronica, because Google didn't even exist then. There was an event that helped define who I would become as an administrator. I got locked into a server room, and it changed my life forever.
Dana Epp here, welcome to the channel dedicated to aspiring Azure administrators like you and me that are looking to know ops, and well, master the Microsoft Cloud. Thanks for being here.
There are a few defining moments in everyone's career. Mine was in the early 1990s. I was asked to help build out in Western Canada access to the internet for lots of smaller communities, and part of my job was to rack, stack, and cable infrastructure, and then get it connected up to a backbone. We normally would get access to the local schools, or universities, and they would give us shared space that would allow us to get in.
Well, there was one late night where I was at a school setting up new infrastructure, and someone didn't tell the janitors, and we had propped open the doors to the server room that we were given access to, we were not given keys, and we were told that once we were done setting everything up, please let ourselves out.
Well a janitor didn't know that, and they, well, locked me in, and it was really late on a Friday night, and I had no way out.
And it was an interesting problem, because although the infrastructure was up and running, I wasn't the head administrator that actually knew the software environment. And I was stuck in a place where the system wasn't yet connected up, and we needed to get it online. I was used to Unix environments, but I was used to certain editors that would allow me to use the system in a way that I understood it. I used Pine for mail, and I used Pico as my editor, and none of that existed on this system. It was an SCO Unix based system that only had vi, and I didn't know how to use it. And it had a shell that I had never seen before, but that didn't matter, I was stuck in a room that I couldn't get out of, and I needed to get this thing up and running. I was forced to learn a new shell.
And as part of that, it was a very late night, but I was able to learn vi, learn the man-pages, get the system up and running just enough so I could get connected to the other infrastructure, so that I could wall a message out for someone to come and get me out. And that was one of my best experiences, because I had to learn skills that I now still have with me to this day, that I use regularly to give me access to systems that I need.
And what was interesting, was I noticed in some of the feedback that I was getting from the last episode, that a lot of you don't even know about the Azure Cloud Shell, and how to use the Azure CLI, and that's really too bad, because there's so much power that's available there if you know it, and understand it. So I thought maybe today we would go into the cloud shell again, and I would teach you the basics of how to use the Azure CLI, and learn your way around Azure.
Okay, so, to get started with the Azure Cloud Shell, there's a couple ways we can go about it.
Obviously we can just go up to a browser and head over to shell.azure.com, or another way would be to just click the shell icon inside of the Azure portal. But I wanna show you another way to do it where you don't need to get all the overhead of having a browser window always running. And it's a little more streamlined and a little cleaner to work with. And that is to use the Windows Terminal on your desktop to connect directly to the cloud. Head over to the Microsoft store, and install the Windows Terminal. When you do that you'll have this new icon here where if you launch it, it will launch a default PowerShell window for you. But if you take a look, if you click on the dropdown arrow, you'll also have the ability to run command, or any other shells you might have installed. So you can see here I have KALI Linux, because I have WSL installed as well, and of course, here you can see the Azure Cloud Shell. And when you go to launch it for the first time, it's gonna need a device login, or provided device code.
So if we were to just copy this, head over to that browser, it'll give us an option to enter in a device code. So we take that device code that's here, and now it's gonna require me to do a login. At this point, we've now linked up this particular instance, and then because I have multiple tenants, it's gonna ask me which one do I wanna log into, I'm gonna say I want to log into my Vulscan account, and I'm gonna say this connection string so that in the future, I don't need to do this all the time. So what this will end up doing for me, is it actually will store my access tokens for the shell, and make it much easier for me to access this in the future. So now if I was to close down this shell window, and restart it, and viola, I now have my shell.
Now that's how much nicer we have it, 'cause now I have this very lightweight shell environment directly on my desktop. So now that we're in the Azure Cloud Shell, directly from my Windows 10, what can we do with it? Well if you don't anything about the Azure CLI, the best way to get started is to just to typically hit AZ minus H, Microsoft provides a very deep help system, which you can easily access from almost anywhere by just passing in a minus H. So if I do this to get started, what you'll see is a whole bunch of options that we can see from the system get go. And there are a ton of them here.
First one I wanna show you though is AZ account, 'cause that's by far the first thing you'll have to do. Of course if you decide to install the Azure CLI natively on your system, maybe you're on a Mac, or on a Linux, or you just wanna install this CLI to run in PowerShell on your local machine, the first thing you'll have to do is an AZ login, but because we're using the cloud shell, and we've created a device trust already, there's no need to do that. But in our case here, if I wanted to look at our account information, this'll tell you that this gives us the ability to manage the different subscriptions that we have tied to this specific tenant, so if I was to type AZ account list, I have the ability to see everything that's there.
Now, by default, when things are listed out, it's shown in a JSON format, which is quite helpful if you're a developer and you know how to read this stuff, but if you're not, there's an easier way, which is to display it in a format which is a little easier to consume. And here you can see a bunch of them, and if I wanted to change the subscription, you can see the default ones right now is my Visual Studio Enterprise, which is my MSDN account, I'm gonna stick with that one right now, but if I wanted to move across, all I have to do is do AZ account set, and of course if I don't know how to do it, I hit minus H, and it will then explain to me what I need to do, such as pass in my subscription ID.
Okay, so we've now got our account set up, we've moved into the subscription we want to, the next thing we might wanna do is work with groups, so if I was to go to AZ group, minus H, you can see that I have the ability to create, delete, export, list, show, tons of different options that are there, so if I was to type AZ group list, we can see the resource groups that are tied to this specific subscription. And if I wanted to create one, it would be just as easy by going AZ group create. And what you'll notice is, if you don't know the commands, again, minus H will show you a list of what's there. Now, you might notice that in some cases, they'll use a minus minus name, but you'll notice there's a short form, where you can use a minus N, and this is very common for a lot of global arguments.
So instead of going minus minus resource group, which is a lot of extra keystrokes, you can just do a minus G, so in my case here let's just create AZ group create, with a name of, let's go with KnowOps. And then I'm going to have to put it in a location, so minus L, westus2. And now you can see that that has been created for me. 'course if I wanted to do an AZ resource list, that means just show me all resources in this group, 'course I'll have nothing here, because I haven't put anything in there yet. So let's go put some sort of resource in this group so that we can work with it. Let's do something like a VM. And because this is a Linux server, we'll have it generate a set of SSH keys that I'll need a password to log into it. And in a couple of moments we'll have a new Linux server running in the cloud, and there we go.
Now to connect to it, we can see there's a public IP already defined there, so if we were just to go and SSH into it using that admin user, obviously you have to trust the RSA keys, and we're in, and now we're in that actual Ubuntu server. But, it's not just a matter of being able to create these servers, it's also really helpful if we have the ability to take a look at it using AZ commands. We don't know what it is, 'course we can use the minus H. That'll give us a list of all the different things that you can do in the system. So in our case here, let's just do VM show. And this will give us a list again in JSON format of what this resource is.
Now what's kinda fun is if you know how to read JSON and you understand how things nest in there, you can pull out specific pieces of information by just using queries, so if I was to do minus minus query, say hardwareProfile.vmSize, I'd be able to pull exactly out of that JSON what has been deployed by default. So in this case it's a Standard_DS1_V2. If I wanted to know, let's say, maybe who was the admin for this VM, I'd have the ability to do that under OS profile. Admin username. And of course that's gonna be me.
But as you can see it's not that hard to get information that's in there. But if you look a little closer at the help information, there's actually a whole bunch of other things, like if we wanna get instance information about the VM, like how it's functioning, if you know where to look, it's not that difficult. We can say as an example, get instance view. And there happens to be a set of statuses that we wanna grab, and we're gonna use a minus O table just to make it a little easier to read. But what you can see from that is that it's in a power state of actually running, and a display state of VM's running, so that's kinda good to know, 'course if I needed to find the VM IP address, if I didn't know it, I could do things like AZ VM list. And there we can see that, those IP addresses. 'Course, if I wanna stop a VM, and in a couple seconds it'll be stopped. And if I then run that command where I was looking at the current statuses, you can now see it's in a stopped state.
And just as easily as starting and stopping, just a matter of that, so this is just one example of how to do this with VMs, but you can do this all over the place, so you can do this with web apps, you can do this with your storage accounts, you can do this with your balancers, everything has an AZ command, and again it's just a matter of finding out what it is, just AZ minus H, pipe more, and you can start seeing all the different components that are available, like getting access to your billing, or to your bot, or to your cash, or to your cognitive services, there's just tons of different options available, and I encourage you to continue to look through them, and just explore them, using the minus H command, and just doing a show or a list, just to see and explore your own shell environment.
Of course, you'll notice one of the things I was doing quite a bit, was typing the minus G all the time to do the group that we wanted, the KnowOps one, and there was also minus O table. If I'm kinda getting tired of doing it all the time, there are ways to set up a configuration which you can set up in your cloud shells so that you don't always have to do that. And it's located in the .Azure folder, if you take a look, there's a config file. And by default, if you were to, as an example, just head on down to the end of core, you could type in output equals table, and if you put that under core, then what it'll do is it will always start by using an output of type table. So if I write that out, and now I type something like AZ resource list, and I group that by the KnowOps, I'm gonna get a list of all resources that are in the KnowOps group. And you'll notice it came back in a table view and I did not have to type minus O table. If I wanted it in a JSON format though, a matter of doing minus O JSON. Then I could have it in it's default way. So I still have it available to me, but if I just don't wanna always type in minus O all the time, that's available.
Now, what if I always know I'm gonna be in this KnowOps group, that's my default group, I just wanna always use that as mine? Well that was an option, if you head on down and create a new defaults, you can set the group to be what you would like. And now, you'll see it automatically used the group by defined as my default, and it also did in an output table. So there's a whole bunch of different commands, you can go look in Microsoft's documentation, where you can update the config, so you're not always having to type all that out. And we're in a pretty good spot now to be able to do one of my favorite commands, and that's the ability to delete everything in a single pass, AZ group delete minus G KnowOps.
Now here's the thing, if I hit this, what's gonna end up happening is it will delete everything that is in that specific group. It may take a while, since I gotta shut down the VM, and destroy those VNETs and those network security groups, and all of the storage and everything related to that, and it's very destructive, but it's an easy way to get going. So if you ever need to get back or keep going in the shell, there is this option where you can go minus minus no wait, and force a prompt to say yes, and what this will do is schedule that in the background, and then conduct it's work.
So now if I do an AZ group list, what you'll see is they'll be in a status of deleting. But at this point, we can walk away and know that that virtual machine and all of it's attached resources related to it will all be destroyed. And this is pretty much what you need to know to get started on there, just know that you can AZ command, minus H to pretty much anything, and you have the ability to create, to list, to edit, and to delete virtually any type of resource that is in the Azure Cloud.
So there you have it, I hope that was helpful for you. Getting to use Azure Cloud Shell, even if you're using it in the browser, directly in the cloud, or even if you use it through Windows terminal, local on your Windows 10 desktop, having that access to the backend systems allows you to very rapidly jump in and fix things when you need it. And don't forget, if you have a smartphone that has the Azure app installed, you can jump into the Azure Cloud Shell directly from there. That's probably for another episode to go deep into that, but it's so easy to gain access to the backend systems. Learn how to use them, so that in a pinch, you can control anything.
Everyone has defining moments in their careers. Mine was getting stuck in that server room and having to learn a shell to get my way out. What's yours, leave a comment, let me know, I'd really like to understand what you guys are up to, and what got you here. Hit like and let me know that this content is something you enjoy, and smash that subscribe button so that when new videos come out, we can let you know. In the meantime, I hope you have a great day, and we'll see you in the next episode.
Getting to use Azure Cloud Shell, even if you're using it in the browser... having that access to the backend systems allows you to very rapidly jump in and fix things when you need it. #knowops @auditwolf