QTKJL1N0MHYDELQP10
https://github.com/MicrosoftLearning/AZ-101-MicrosoftAzureIntegrationandSecurity
마이그레이션 목표
하드웨어의 노후화로 교체주기 해결
미리 구매하여 리소스 확보모델 탈피
IT 민첩성 확보
핵심역량(서비스개발)에 집중
글로벌 서비스 유지 비용감소
재해복구(DR) 시나리오 활성화
프로젝트 만들기
azure portal 에서 온프레미스 vm 의 메타데이터를 가져 올 azure migrate 프로젝트를 생성
하나의 프로젝트에서 최재 1500개
Collector 생성
.ova 형식의 단일 파일이다.
온 프레미스 환경에 .ova 파일을 import 한다.
준비상황 평가
검색된 각 vm의 상태가 표시된다.
Ready for Azure(green)
ready with condition(Orange)
Not ready for azure (Red)
Readiness in unknown (Blue)
vm 크기 조정 평가
Azure Migrate 의 performance-based sizing 는 온프레미스 vm 을 azure vm 크기에 매핑한다
온프레미스 sizing 은 vm 의 과도한 할당 또는 낮은 사용률을 고려
Storage
Network
Compute
비용견적
총 월별 컴퓨팅 및 스토리지 비용으로 인한 비용 평가 보기
평가 사용자 정의
2번째 시간 ======
ASR
Azure Site Recovery
3중암호
파일을 암호화 사용자 키로 암호화 그리고 두개(파일암호화키 + 사용자키)를 합쳐서 또 암호화
ASR 사용 :
인프라구성 요구사항
마이그레이션 서버와 같은 버전이어야 함.
Disk2vhd v2.01
NAS 는 불가능 드라이버로마운트 되어있어야한다.
Hyper-V 를 가져올꼉우 Hyper-V 가 올라가 있는 호스트 서버에 접속하여 vm 목록을 읽어와 마이그레이션 대상으로 삼는다.
** 마이크레이션 프로세스
- 컴프레션서버의 사이즈, 대역폭이 중요하다.
- 인터넷으로 넘어가는것 asr 과 통신
- 가속화 방법 : 전용선 = 컨피그 서버화 캐시 스토리지 계정 간의 속도를 가속화 하는게 좋다.
- 복구 계획 사용자 정의 - 이부분은 알아서 정의하고 처리해야한다.
- 마이그레이션 시 뜨는 시간이 존재 할수 있다. db 쪽은 데이터베이스 마이그레이션 서비스가 따로 있다. 거의 실시간.. dr 용으로는 사용하지 않음
-
** 데이터베이스 마이그레이션
- 대상 환경에서 작동하도록 원본 스키마 변환 - 이기종 데이터 베이스간의 마이그레이션시
- Pass : 관리를 완전히 대신해 주는것
- 관리형 서비스 : 관리를 대신 - 사용자 책임도 있다.
- 즐겨찾기 키?
- 비트락커
-
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUsername": {
"value": "Student"
},
"adminPassword": {
"value": "Pa55w.rd1234"
}
}
}
* Advanced Tool => https://kjunapp.scm.azurewebsites.net/
* https://github.com/MicrosoftLearning/AZ-101-MicrosoftAzureIntegrationandSecurity/blob/master/Instructions/az-101-02__instructions.md
https://kjun-webapp-staging.scm.azurewebsites.net:443/kjun-webapp.git
$kjun-webapp__staging
DAvmg1d1qJpY7lvFnDmnmRnEDQo99bPmDN08lgJtc0p850M713u6wHbeMzRM
kjun
Pa55w.rd1234
https://github.com/krazure/workshop-itpro-101/
az group create -g kjun-az10102 -l southeastasia
curl -O https://raw.githubusercontent.com/krazure/workshop-itpro-101/master/source/arm_templates/azure_template.json
curl -O https://raw.githubusercontent.com/krazure/workshop-itpro-101/master/source/arm_templates/parameters.json
az group deployment create -g kjun-az10102 --name deploy_wordpress_on_mysql --template-file azure_template.json --parameters parameters.json
오토스케일링 : 지연이 발생된다. - 앱을 배포할때 오토 스케일링이 되는 경우.
2일차 ================================================================================================================
https://kjunwebapp.scm.azurewebsites.net:443/kjunwebapp.git
https://microsoft.com/devicelogin
emoving intermediate container 95b7f48b003f
---> 10be8a916243
Step 5/5 : CMD /usr/sbin/apache2ctl -D FOREGROUND
---> Running in c8a2749346e6
Removing intermediate container c8a2749346e6
---> 13768fd59b46
Successfully built 13768fd59b46
Successfully tagged wordpress:latest
wpadmin@kjun-az10102vm:/var/www$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wordpress latest 13768fd59b46 36 seconds ago 365MB
wpinit latest be863c51ecec 20 minutes ago 281MB
ubuntu 16.04 9361ce633ff1 3 days ago 118MB
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code H7NBRKMQW to authenticate.
sudo az acr login --name kjunContainer
az acr show --name kjunContainer --query loginServer
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HCH726DNP to authenticate.
[
{
"cloudName": "AzureCloud",
"id": "2ca3303c-3b27-4fd9-b768-6b77718f8929",
"isDefault": true,
"name": "Azure Pass - 스폰서쉽",
"state": "Enabled",
"tenantId": "a3ba6a60-2561-4d3b-9bd0-84f25acd256a",
"user": {
"name": "junijuniya@naver.com",
"type": "user"
}
}
]
wpadmin@kjun-az10102vm:/var/www$ sudo az acr login --name kjunContainer
Login Succeeded
WARNING! Your password will be stored unencrypted in /home/wpadmin/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
wpadmin@kjun-az10102vm:/var/www$ az acr show --name kjunContainer --query loginServer
"kjuncontainer.azurecr.io"
sudo docker tag wordpress kjuncontainer.azurecr.io/wordpress
sudo docker push kjuncontainer.azurecr.io/wordpress
az acr repository list --name kjunContainer
az aks get-credentials --resource-group kjun-az10102 --name kjunKuber
kubectl create secret docker-registry acr-auth --docker-server <acr-login-server> --docker-username <service-principal-ID> --docker-password <service-principal-password> --docker-email <email-address>
function 은 한대의 컴퓨터에서 실행되는게 아니라 여러 리소스를 활용하여 실행된다.
prob 네트워크 앤지니어가 쓰는 핼스체크
trace router 가 불가능하다.
네트워크에 대해서 많이 알아야 대응이 가능하다.
transit 라우팅 지원한다.
구독정보에 접근 정책이 종속된다.
https://docs.microsoft.com/ko-kr/learn/modules/secure-azure-resources-with-rbac/
덤프
AZ-101 V12.75.pdf
참고자료
az-101-01_azuredeploy.parameters.json
AZ-101-MicrosoftAzureIntegrationandSecurity-master.zip
putty 실습내용----------------------------------------------------------------------------------------------------------------
20190315 교육 putty
login as: wpadmin
Authenticating with public key "rsa-key-20180221"
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.15.0-1040-azure x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
wpadmin@kjun-az10102vm:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wpinit latest be863c51ecec 15 minutes ago 281MB
ubuntu 16.04 9361ce633ff1 3 days ago 118MB
wpadmin@kjun-az10102vm:~$ cd /var/www/
wpadmin@kjun-az10102vm:/var/www$ ls -al
total 16
drwxr-xr-x 3 root root 4096 Mar 15 00:47 .
drwxr-xr-x 14 root root 4096 Mar 15 00:43 ..
-rw-r--r-- 1 root root 171 Mar 15 00:47 Dockerfile
drwxrwxr-x 5 www-data www-data 4096 Mar 15 00:47 html
wpadmin@kjun-az10102vm:/var/www$ sudo docker build -t wordpress .
Sending build context to Docker daemon 43.49MB
Step 1/5 : FROM wpinit
---> be863c51ecec
Step 2/5 : COPY ./html /var/www/html
---> 41230971ca70
Step 3/5 : RUN chown -R www-data:www-data /var/www/html && chmod -R g+w /var /www/html
---> Running in 657d8928630c
Removing intermediate container 657d8928630c
---> 0fe517b888d5
Step 4/5 : EXPOSE 80
---> Running in 95b7f48b003f
Removing intermediate container 95b7f48b003f
---> 10be8a916243
Step 5/5 : CMD /usr/sbin/apache2ctl -D FOREGROUND
---> Running in c8a2749346e6
Removing intermediate container c8a2749346e6
---> 13768fd59b46
Successfully built 13768fd59b46
Successfully tagged wordpress:latest
wpadmin@kjun-az10102vm:/var/www$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wordpress latest 13768fd59b46 36 seconds ago 365MB
wpinit latest be863c51ecec 20 minutes ago 281MB
ubuntu 16.04 9361ce633ff1 3 days ago 118MB
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code H7NBRKMQW to authenticate.
^Cwpadmin@kjun-az10102vm:/var/www$ ^C
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code H3A9DB48A to authenticate.
^Cwpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HQRJNDLGL to authenticate.
https://microsoft.com/deviceloginemoving intermediate container 95b7f48b003f
---> 10be8a916243
Step 5/5 : CMD /usr/sbin/apache2ctl -D FOREGROUND
---> Running in c8a2749346e6
Removing intermediate container c8a2749346e6
---> 13768fd59b46
Successfully built 13768fd59b46
Successfully tagged wordpress:latest
wpadmin@kjun-az10102vm:/var/www$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wordpress latest 13768fd59b46 36 seconds ago 365MB
wpinit latest be863c51ecec 20 minutes ago 281MB
ubuntu 16.04 9361ce633ff1 3 days ago 118MB
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code H7NBRKMQW to authenticate.
^Cwpadmin@kjun-az10102vm:/var/www$ ^C
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code H3A9DB48A to authenticate.
^Cwpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HQRJNDLGL to authenticate.
https://microsoft.com/devicelogin
^[[A^Z
[1]+ Stopped az login
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HCH726DNP to authenticate.
[
{
"cloudName": "AzureCloud",
"id": "2ca3303c-3b27-4fd9-b768-6b77718f8929",
"isDefault": true,
"name": "Azure Pass - 스폰서쉽",
"state": "Enabled",
"tenantId": "a3ba6a60-2561-4d3b-9bd0-84f25acd256a",
"user": {
"name": "junijuniya@naver.com",
"type": "user"
}
}
]
wpadmin@kjun-az10102vm:/var/www$ sudo az acr login --name kjunContainer
Login Succeeded
WARNING! Your password will be stored unencrypted in /home/wpadmin/.docker/confi g.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
wpadmin@kjun-az10102vm:/var/www$ az acr show --name kjunContainer --query loginS erver
"kjuncontainer.azurecr.io"
wpadmin@kjun-az10102vm:/var/www$ ^C
wpadmin@kjun-az10102vm:/var/www$ wpadmin@kjun-az10102vm:/var/www$ az login
"isDefault": true,
"name": "Azure Pass - 스폰서쉽",
"state": "Enabled",
"tenantId": "a3ba6a60-2561-4d3b-9bd0-84f25acd256a",
"user": {
"name": "junijuniya@naver.com",
"type": "user"
}
}
]
wpadmin@kjun-az10102vm:/var/www$ sudo az acr login --name kjunContainer
Login Succeeded
WARNING! Your password will be stored unencrypted in /home/wpadmin/.docker/confi g.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
wpadmin@kjun-az10102vm:/var/www$ az acr show --name kjunContainer --query loginS erver
"kjuncontainer.azurecr.io"
-bash: wpadmin@kjun-az10102vm:/var/www$: No such file or directory
wpadmin@kjun-az10102vm:/var/www$ To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HCH726DNP to authenticate.
To: command not found
wpadmin@kjun-az10102vm:/var/www$ [
-bash: [: missing `]'
wpadmin@kjun-az10102vm:/var/www$ {
> "cloudName": "AzureCloud",
> "id": "2ca3303c-3b27-4fd9-b768-6b77718f8929",
> "isDefault": true,
> "name": "Azure Pass - 스폰서쉽",
> "state": "Enabled",
> "tenantId": "a3ba6a60-2561-4d3b-9bd0-84f25acd256a",
> "user": {
> "name": "junijuniya@naver.com",
> "type": "user"
> }
^C
wpadmin@kjun-az10102vm:/var/www$ sudo docker tag wordpress kjuncontainer.azurecr .io/wordpress
wpadmin@kjun-az10102vm:/var/www$ sudo docker images
REPOSITORY TAG IMAGE ID CRE ATED SIZE
wordpress latest 13768fd59b46 10 minutes ago 365MB
kjuncontainer.azurecr.io/wordpress latest 13768fd59b46 10 minutes ago 365MB
wpinit latest be863c51ecec 29 minutes ago 281MB
ubuntu 16.04 9361ce633ff1 3 d ays ago 118MB
wpadmin@kjun-az10102vm:/var/www$ sudo docker push kjuncontainer.azurecr.io/wordp ress
The push refers to repository [kjuncontainer.azurecr.io/wordpress]
e47c2291eb16: Pushed
7747908e63a7: Pushed
be5e577c2810: Pushed
297fd071ca2f: Pushed
2f0d1e8214b2: Pushed
7dd604ffa87f: Pushed
aa54c2bc1229: Pushed
latest: digest: sha256:1c39d8ab1c6f67a294ac610bd36eebf508527acc9c345c7d878acf632 a0ebebe size: 1786
wpadmin@kjun-az10102vm:/var/www$ az acr repository list --name kjunContainer
[
"wordpress"
]
wpadmin@kjun-az10102vm:/var/www$ curl -s https://packages.cloud.google.com/apt/d oc/apt-key.gpg | sudo apt-key add -
OK
wpadmin@kjun-az10102vm:/var/www$ sudo touch /etc/apt/sources.list.d/kubernetes.l ist
wpadmin@kjun-az10102vm:/var/www$ echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
wpadmin@kjun-az10102vm:/var/www$ sudo apt-get update
Hit:1 https://packages.microsoft.com/repos/azure-cli xenial InRelease
Hit:2 http://azure.archive.ubuntu.com/ubuntu xenial InRelease
Get:3 http://azure.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Get:4 http://azure.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
Get:6 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
Get:5 https://packages.cloud.google.com/apt kubernetes-xenial InRelease [8,993 B]
Get:7 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 Packages [24.1 kB]
Fetched 358 kB in 1s (305 kB/s)
Reading package lists... Done
wpadmin@kjun-az10102vm:/var/www$ sudo apt-get install -y kubectl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
kubectl
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 7,858 kB of archives.
After this operation, 39.3 MB of additional disk space will be used.
Get:1 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 kubectl amd64 1.13.4-00 [7,858 kB]
Fetched 7,858 kB in 0s (10.6 MB/s)
Selecting previously unselected package kubectl.
(Reading database ... 112354 files and directories currently installed.)
Preparing to unpack .../kubectl_1.13.4-00_amd64.deb ...
Unpacking kubectl (1.13.4-00) ...
Setting up kubectl (1.13.4-00) ...
wpadmin@kjun-az10102vm:/var/www$ kubectl
kubectl controls the Kubernetes cluster manager.
Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/
Basic Commands (Beginner):
create Create a resource from a file or from stdin.
expose Take a replication controller, service, deployment or pod and
expose it as a new Kubernetes Service
run Run a particular image on the cluster
set Set specific features on objects
Basic Commands (Intermediate):
explain Documentation of resources
get Display one or many resources
edit Edit a resource on the server
delete Delete resources by filenames, stdin, resources and names, or
by resources and label selector
Deploy Commands:
rollout Manage the rollout of a resource
scale Set a new size for a Deployment, ReplicaSet, Replication
Controller, or Job
autoscale Auto-scale a Deployment, ReplicaSet, or ReplicationController
Cluster Management Commands:
certificate Modify certificate resources.
cluster-info Display cluster info
top Display Resource (CPU/Memory/Storage) usage.
cordon Mark node as unschedulable
uncordon Mark node as schedulable
drain Drain node in preparation for maintenance
taint Update the taints on one or more nodes
Troubleshooting and Debugging Commands:
describe Show details of a specific resource or group of resources
logs Print the logs for a container in a pod
attach Attach to a running container
exec Execute a command in a container
port-forward Forward one or more local ports to a pod
proxy Run a proxy to the Kubernetes API server
cp Copy files and directories to and from containers.
auth Inspect authorization
Advanced Commands:
diff Diff live version against would-be applied version
apply Apply a configuration to a resource by filename or stdin
patch Update field(s) of a resource using strategic merge patch
replace Replace a resource by filename or stdin
wait Experimental: Wait for a specific condition on one or many
resources.
convert Convert config files between different API versions
Settings Commands:
label Update the labels on a resource
annotate Update the annotations on a resource
completion Output shell completion code for the specified shell (bash or
zsh)
Other Commands:
api-resources Print the supported API resources on the server
api-versions Print the supported API versions on the server, in the form of
"group/version"
config Modify kubeconfig files
plugin Provides utilities for interacting with plugins.
version Print the client and server version information
Usage:
kubectl [flags] [options]
Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all
commands).
wpadmin@kjun-az10102vm:/var/www$ az aks get-credentials --resource-group kjun-az10102 --name kjunKuber
The Resource 'Microsoft.ContainerService/managedClusters/kjunKuber' under resource group 'kjun-az10102' was not found.
wpadmin@kjun-az10102vm:/var/www$ az aks get-credentials --resource-group kjun-az10102 --name kjunKuber
Merged "kjunKuber" as current context in /home/wpadmin/.kube/config
wpadmin@kjun-az10102vm:/var/www$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
aks-agentpool-18232030-0 Ready agent 2m58s v1.12.6
aks-agentpool-18232030-1 Ready agent 3m v1.12.6
aks-agentpool-18232030-2 Ready agent 3m7s v1.12.6
wpadmin@kjun-az10102vm:/var/www$ ls --resource-group kjun-az10102 --name kjunKuber
ls: unrecognized option '--resource-group'
Try 'ls --help' for more information.
wpadmin@kjun-az10102vm:/var/www$
'Cloud > Azure' 카테고리의 다른 글
| Azure Service Fabric (0) | 2019.04.05 |
|---|---|
| Azure portal app (0) | 2019.03.28 |
| AZ-203 정리 (0) | 2019.03.22 |
| Azure 자격증 관련 설명된 사이트 (0) | 2019.03.21 |
| AZ-100 정리 (0) | 2019.03.07 |
