AZ-101 정리

Cloud/Azure 2019. 3. 21. 23:48
728x90

QTKJL1N0MHYDELQP10


https://github.com/MicrosoftLearning/AZ-101-MicrosoftAzureIntegrationandSecurity

마이그레이션 목표
하드웨어의 노후화로 교체주기 해결
미리 구매하여 리소스 확보모델 탈피
IT 민첩성 확보
핵심역량(서비스개발)에 집중
글로벌 서비스 유지 비용감소
재해복구(DR) 시나리오 활성화

프로젝트 만들기
azure portal 에서 온프레미스 vm 의 메타데이터를 가져 올 azure migrate 프로젝트를 생성
하나의 프로젝트에서 최재 1500개

Collector 생성
.ova 형식의 단일 파일이다.
온 프레미스 환경에 .ova 파일을 import 한다.

준비상황 평가
검색된 각 vm의 상태가 표시된다.
Ready for Azure(green)
ready with condition(Orange)
Not ready for azure (Red)
Readiness in unknown (Blue)


vm 크기 조정 평가
Azure Migrate 의 performance-based sizing 는 온프레미스 vm 을 azure vm 크기에 매핑한다
온프레미스 sizing 은 vm 의 과도한 할당 또는 낮은 사용률을 고려
 Storage
 Network
 Compute

비용견적
총 월별 컴퓨팅 및 스토리지 비용으로 인한 비용 평가 보기

평가 사용자 정의


2번째 시간 ======
ASR
Azure Site Recovery
3중암호
파일을 암호화 사용자 키로 암호화 그리고 두개(파일암호화키 + 사용자키)를 합쳐서 또 암호화
ASR 사용 :

인프라구성 요구사항
마이그레이션 서버와 같은 버전이어야 함.
Disk2vhd v2.01
NAS 는 불가능 드라이버로마운트 되어있어야한다.
Hyper-V 를 가져올꼉우 Hyper-V 가 올라가 있는 호스트 서버에 접속하여 vm 목록을 읽어와 마이그레이션 대상으로 삼는다.

 

** 마이크레이션 프로세스
- 컴프레션서버의 사이즈, 대역폭이 중요하다.
- 인터넷으로 넘어가는것 asr 과 통신
- 가속화 방법 : 전용선 = 컨피그 서버화 캐시 스토리지 계정 간의 속도를 가속화 하는게 좋다.
- 복구 계획 사용자 정의 - 이부분은 알아서 정의하고 처리해야한다.
- 마이그레이션 시 뜨는 시간이 존재 할수 있다. db 쪽은 데이터베이스 마이그레이션 서비스가 따로 있다. 거의 실시간.. dr 용으로는 사용하지 않음
-


** 데이터베이스 마이그레이션
- 대상 환경에서 작동하도록 원본 스키마 변환 - 이기종 데이터 베이스간의 마이그레이션시
- Pass : 관리를 완전히 대신해 주는것
- 관리형 서비스 : 관리를 대신 - 사용자 책임도 있다.
- 즐겨찾기 키?
- 비트락커
-


{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "adminUsername": {
      "value": "Student"
    },
    "adminPassword": {
      "value": "Pa55w.rd1234"
    }
  }
}

* Advanced Tool => https://kjunapp.scm.azurewebsites.net/

 


* https://github.com/MicrosoftLearning/AZ-101-MicrosoftAzureIntegrationandSecurity/blob/master/Instructions/az-101-02__instructions.md
https://kjun-webapp-staging.scm.azurewebsites.net:443/kjun-webapp.git

$kjun-webapp__staging
DAvmg1d1qJpY7lvFnDmnmRnEDQo99bPmDN08lgJtc0p850M713u6wHbeMzRM

kjun
Pa55w.rd1234

 

https://github.com/krazure/workshop-itpro-101/

https://github.com/krazure/workshop-itpro-101/blob/master/source/arm_templates/arm_template_deploy.md

az group create -g kjun-az10102 -l southeastasia
curl -O https://raw.githubusercontent.com/krazure/workshop-itpro-101/master/source/arm_templates/azure_template.json
curl -O https://raw.githubusercontent.com/krazure/workshop-itpro-101/master/source/arm_templates/parameters.json
az group deployment create -g kjun-az10102 --name deploy_wordpress_on_mysql --template-file azure_template.json --parameters parameters.json

오토스케일링 : 지연이 발생된다. - 앱을 배포할때 오토 스케일링이 되는 경우.


2일차 ================================================================================================================


https://kjunwebapp.scm.azurewebsites.net:443/kjunwebapp.git


* ppk 파일
https://raw.githubusercontent.com/krazure/workshop-itpro-101/master/source/key-pair/vm_privatekey.ppk

https://microsoft.com/devicelogin


emoving intermediate container 95b7f48b003f
 ---> 10be8a916243
Step 5/5 : CMD /usr/sbin/apache2ctl -D FOREGROUND
 ---> Running in c8a2749346e6
Removing intermediate container c8a2749346e6
 ---> 13768fd59b46
Successfully built 13768fd59b46
Successfully tagged wordpress:latest
wpadmin@kjun-az10102vm:/var/www$ sudo docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
wordpress           latest              13768fd59b46        36 seconds ago      365MB
wpinit              latest              be863c51ecec        20 minutes ago      281MB
ubuntu              16.04               9361ce633ff1        3 days ago          118MB
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code H7NBRKMQW to authenticate.


sudo az acr login --name kjunContainer
az acr show --name kjunContainer --query loginServer


wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HCH726DNP to authenticate.
[
  {
    "cloudName": "AzureCloud",
    "id": "2ca3303c-3b27-4fd9-b768-6b77718f8929",
    "isDefault": true,
    "name": "Azure Pass - 스폰서쉽",
    "state": "Enabled",
    "tenantId": "a3ba6a60-2561-4d3b-9bd0-84f25acd256a",
    "user": {
      "name": "junijuniya@naver.com",
      "type": "user"
    }
  }
]
wpadmin@kjun-az10102vm:/var/www$ sudo az acr login --name kjunContainer
Login Succeeded
WARNING! Your password will be stored unencrypted in /home/wpadmin/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

wpadmin@kjun-az10102vm:/var/www$ az acr show --name kjunContainer --query loginServer
"kjuncontainer.azurecr.io"

sudo docker tag wordpress kjuncontainer.azurecr.io/wordpress

sudo docker push kjuncontainer.azurecr.io/wordpress


az acr repository list --name kjunContainer

 

az aks get-credentials --resource-group kjun-az10102 --name kjunKuber

kubectl create secret docker-registry acr-auth --docker-server <acr-login-server> --docker-username <service-principal-ID> --docker-password <service-principal-password> --docker-email <email-address>

 

function 은 한대의 컴퓨터에서 실행되는게 아니라 여러 리소스를 활용하여 실행된다.

prob 네트워크 앤지니어가 쓰는 핼스체크

trace router 가 불가능하다.

네트워크에 대해서 많이 알아야 대응이 가능하다.

transit 라우팅 지원한다.

구독정보에 접근 정책이 종속된다.


https://docs.microsoft.com/ko-kr/learn/modules/secure-azure-resources-with-rbac/

덤프

AZ-101 V12.75.pdf

 

참고자료

az-101-01_azuredeploy.json

az-101-01_azuredeploy.parameters.json

AZ-101-MicrosoftAzureIntegrationandSecurity-master.zip

vm_privatekey.zip

 

putty 실습내용----------------------------------------------------------------------------------------------------------------

20190315 교육 putty

login as: wpadmin
Authenticating with public key "rsa-key-20180221"
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.15.0-1040-azure x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.

 

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

wpadmin@kjun-az10102vm:~$ sudo docker images
REPOSITORY          TAG                 IMAGE ID            CREATED                           SIZE
wpinit              latest              be863c51ecec        15 minutes ago                    281MB
ubuntu              16.04               9361ce633ff1        3 days ago                        118MB
wpadmin@kjun-az10102vm:~$ cd /var/www/
wpadmin@kjun-az10102vm:/var/www$ ls -al
total 16
drwxr-xr-x  3 root     root     4096 Mar 15 00:47 .
drwxr-xr-x 14 root     root     4096 Mar 15 00:43 ..
-rw-r--r--  1 root     root      171 Mar 15 00:47 Dockerfile
drwxrwxr-x  5 www-data www-data 4096 Mar 15 00:47 html
wpadmin@kjun-az10102vm:/var/www$ sudo docker build -t wordpress .
Sending build context to Docker daemon  43.49MB
Step 1/5 : FROM wpinit
 ---> be863c51ecec
Step 2/5 : COPY ./html /var/www/html
 ---> 41230971ca70
Step 3/5 : RUN chown -R www-data:www-data /var/www/html     && chmod -R g+w /var              /www/html
 ---> Running in 657d8928630c
Removing intermediate container 657d8928630c
 ---> 0fe517b888d5
Step 4/5 : EXPOSE 80
 ---> Running in 95b7f48b003f
Removing intermediate container 95b7f48b003f
 ---> 10be8a916243
Step 5/5 : CMD /usr/sbin/apache2ctl -D FOREGROUND
 ---> Running in c8a2749346e6
Removing intermediate container c8a2749346e6
 ---> 13768fd59b46
Successfully built 13768fd59b46
Successfully tagged wordpress:latest
wpadmin@kjun-az10102vm:/var/www$ sudo docker images
REPOSITORY          TAG                 IMAGE ID            CREATED                           SIZE
wordpress           latest              13768fd59b46        36 seconds ago                    365MB
wpinit              latest              be863c51ecec        20 minutes ago                    281MB
ubuntu              16.04               9361ce633ff1        3 days ago                        118MB
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin               and enter the code H7NBRKMQW to authenticate.
^Cwpadmin@kjun-az10102vm:/var/www$ ^C
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin               and enter the code H3A9DB48A to authenticate.
^Cwpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin               and enter the code HQRJNDLGL to authenticate.
https://microsoft.com/deviceloginemoving intermediate container 95b7f48b003f
 ---> 10be8a916243
Step 5/5 : CMD /usr/sbin/apache2ctl -D FOREGROUND
 ---> Running in c8a2749346e6
Removing intermediate container c8a2749346e6
 ---> 13768fd59b46
Successfully built 13768fd59b46
Successfully tagged wordpress:latest
wpadmin@kjun-az10102vm:/var/www$ sudo docker images
REPOSITORY          TAG                 IMAGE ID            CREATED                           SIZE
wordpress           latest              13768fd59b46        36 seconds ago                    365MB
wpinit              latest              be863c51ecec        20 minutes ago                    281MB
ubuntu              16.04               9361ce633ff1        3 days ago                        118MB
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin               and enter the code H7NBRKMQW to authenticate.
^Cwpadmin@kjun-az10102vm:/var/www$ ^C
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin               and enter the code H3A9DB48A to authenticate.
^Cwpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin               and enter the code HQRJNDLGL to authenticate.
https://microsoft.com/devicelogin
^[[A^Z
[1]+  Stopped                 az login
wpadmin@kjun-az10102vm:/var/www$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin               and enter the code HCH726DNP to authenticate.
[
  {
    "cloudName": "AzureCloud",
    "id": "2ca3303c-3b27-4fd9-b768-6b77718f8929",
    "isDefault": true,
    "name": "Azure Pass - 스폰서쉽",
    "state": "Enabled",
    "tenantId": "a3ba6a60-2561-4d3b-9bd0-84f25acd256a",
    "user": {
      "name": "junijuniya@naver.com",
      "type": "user"
    }
  }
]
wpadmin@kjun-az10102vm:/var/www$ sudo az acr login --name kjunContainer
Login Succeeded
WARNING! Your password will be stored unencrypted in /home/wpadmin/.docker/confi              g.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

wpadmin@kjun-az10102vm:/var/www$ az acr show --name kjunContainer --query loginS              erver
"kjuncontainer.azurecr.io"
wpadmin@kjun-az10102vm:/var/www$ ^C
wpadmin@kjun-az10102vm:/var/www$ wpadmin@kjun-az10102vm:/var/www$ az login
    "isDefault": true,
    "name": "Azure Pass - 스폰서쉽",
    "state": "Enabled",
    "tenantId": "a3ba6a60-2561-4d3b-9bd0-84f25acd256a",
    "user": {
      "name": "junijuniya@naver.com",
      "type": "user"
    }
  }
]
wpadmin@kjun-az10102vm:/var/www$ sudo az acr login --name kjunContainer
Login Succeeded
WARNING! Your password will be stored unencrypted in /home/wpadmin/.docker/confi              g.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

wpadmin@kjun-az10102vm:/var/www$ az acr show --name kjunContainer --query loginS              erver
"kjuncontainer.azurecr.io"
-bash: wpadmin@kjun-az10102vm:/var/www$: No such file or directory
wpadmin@kjun-az10102vm:/var/www$ To sign in, use a web browser to open the page               https://microsoft.com/devicelogin and enter the code HCH726DNP to authenticate.
To: command not found
wpadmin@kjun-az10102vm:/var/www$ [
-bash: [: missing `]'
wpadmin@kjun-az10102vm:/var/www$   {
>     "cloudName": "AzureCloud",
>     "id": "2ca3303c-3b27-4fd9-b768-6b77718f8929",
>     "isDefault": true,
>     "name": "Azure Pass - 스폰서쉽",
>     "state": "Enabled",
>     "tenantId": "a3ba6a60-2561-4d3b-9bd0-84f25acd256a",
>     "user": {
>       "name": "junijuniya@naver.com",
>       "type": "user"
>     }
^C
wpadmin@kjun-az10102vm:/var/www$ sudo docker tag wordpress kjuncontainer.azurecr              .io/wordpress
wpadmin@kjun-az10102vm:/var/www$ sudo docker images
REPOSITORY                           TAG                 IMAGE ID            CRE              ATED             SIZE
wordpress                            latest              13768fd59b46        10               minutes ago      365MB
kjuncontainer.azurecr.io/wordpress   latest              13768fd59b46        10               minutes ago      365MB
wpinit                               latest              be863c51ecec        29               minutes ago      281MB
ubuntu                               16.04               9361ce633ff1        3 d              ays ago          118MB
wpadmin@kjun-az10102vm:/var/www$ sudo docker push kjuncontainer.azurecr.io/wordp              ress
The push refers to repository [kjuncontainer.azurecr.io/wordpress]
e47c2291eb16: Pushed
7747908e63a7: Pushed
be5e577c2810: Pushed
297fd071ca2f: Pushed
2f0d1e8214b2: Pushed
7dd604ffa87f: Pushed
aa54c2bc1229: Pushed
latest: digest: sha256:1c39d8ab1c6f67a294ac610bd36eebf508527acc9c345c7d878acf632              a0ebebe size: 1786
wpadmin@kjun-az10102vm:/var/www$ az acr repository list --name kjunContainer
[
  "wordpress"
]
wpadmin@kjun-az10102vm:/var/www$ curl -s https://packages.cloud.google.com/apt/d              oc/apt-key.gpg | sudo apt-key add -
OK
wpadmin@kjun-az10102vm:/var/www$ sudo touch /etc/apt/sources.list.d/kubernetes.l              ist
wpadmin@kjun-az10102vm:/var/www$ echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
wpadmin@kjun-az10102vm:/var/www$ sudo apt-get update
Hit:1 https://packages.microsoft.com/repos/azure-cli xenial InRelease
Hit:2 http://azure.archive.ubuntu.com/ubuntu xenial InRelease
Get:3 http://azure.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Get:4 http://azure.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
Get:6 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
Get:5 https://packages.cloud.google.com/apt kubernetes-xenial InRelease [8,993 B]
Get:7 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 Packages [24.1 kB]
Fetched 358 kB in 1s (305 kB/s)
Reading package lists... Done
wpadmin@kjun-az10102vm:/var/www$ sudo apt-get install -y kubectl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  kubectl
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 7,858 kB of archives.
After this operation, 39.3 MB of additional disk space will be used.
Get:1 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 kubectl amd64 1.13.4-00 [7,858 kB]
Fetched 7,858 kB in 0s (10.6 MB/s)
Selecting previously unselected package kubectl.
(Reading database ... 112354 files and directories currently installed.)
Preparing to unpack .../kubectl_1.13.4-00_amd64.deb ...
Unpacking kubectl (1.13.4-00) ...
Setting up kubectl (1.13.4-00) ...
wpadmin@kjun-az10102vm:/var/www$ kubectl
kubectl controls the Kubernetes cluster manager.

Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/

Basic Commands (Beginner):
  create         Create a resource from a file or from stdin.
  expose         Take a replication controller, service, deployment or pod and
expose it as a new Kubernetes Service
  run            Run a particular image on the cluster
  set            Set specific features on objects

Basic Commands (Intermediate):
  explain        Documentation of resources
  get            Display one or many resources
  edit           Edit a resource on the server
  delete         Delete resources by filenames, stdin, resources and names, or
by resources and label selector

Deploy Commands:
  rollout        Manage the rollout of a resource
  scale          Set a new size for a Deployment, ReplicaSet, Replication
Controller, or Job
  autoscale      Auto-scale a Deployment, ReplicaSet, or ReplicationController

Cluster Management Commands:
  certificate    Modify certificate resources.
  cluster-info   Display cluster info
  top            Display Resource (CPU/Memory/Storage) usage.
  cordon         Mark node as unschedulable
  uncordon       Mark node as schedulable
  drain          Drain node in preparation for maintenance
  taint          Update the taints on one or more nodes

Troubleshooting and Debugging Commands:
  describe       Show details of a specific resource or group of resources
  logs           Print the logs for a container in a pod
  attach         Attach to a running container
  exec           Execute a command in a container
  port-forward   Forward one or more local ports to a pod
  proxy          Run a proxy to the Kubernetes API server
  cp             Copy files and directories to and from containers.
  auth           Inspect authorization

Advanced Commands:
  diff           Diff live version against would-be applied version
  apply          Apply a configuration to a resource by filename or stdin
  patch          Update field(s) of a resource using strategic merge patch
  replace        Replace a resource by filename or stdin
  wait           Experimental: Wait for a specific condition on one or many
resources.
  convert        Convert config files between different API versions

Settings Commands:
  label          Update the labels on a resource
  annotate       Update the annotations on a resource
  completion     Output shell completion code for the specified shell (bash or
zsh)

Other Commands:
  api-resources  Print the supported API resources on the server
  api-versions   Print the supported API versions on the server, in the form of
"group/version"
  config         Modify kubeconfig files
  plugin         Provides utilities for interacting with plugins.
  version        Print the client and server version information

Usage:
  kubectl [flags] [options]

Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all
commands).
wpadmin@kjun-az10102vm:/var/www$ az aks get-credentials --resource-group kjun-az10102 --name kjunKuber
The Resource 'Microsoft.ContainerService/managedClusters/kjunKuber' under resource group 'kjun-az10102' was not found.
wpadmin@kjun-az10102vm:/var/www$ az aks get-credentials --resource-group kjun-az10102 --name kjunKuber
Merged "kjunKuber" as current context in /home/wpadmin/.kube/config
wpadmin@kjun-az10102vm:/var/www$ kubectl get nodes
NAME                       STATUS   ROLES   AGE     VERSION
aks-agentpool-18232030-0   Ready    agent   2m58s   v1.12.6
aks-agentpool-18232030-1   Ready    agent   3m      v1.12.6
aks-agentpool-18232030-2   Ready    agent   3m7s    v1.12.6
wpadmin@kjun-az10102vm:/var/www$ ls --resource-group kjun-az10102 --name kjunKuber
ls: unrecognized option '--resource-group'
Try 'ls --help' for more information.
wpadmin@kjun-az10102vm:/var/www$

 

 

728x90

'Cloud > Azure' 카테고리의 다른 글

Azure Service Fabric  (0) 2019.04.05
Azure portal app  (0) 2019.03.28
AZ-203 정리  (0) 2019.03.22
Azure 자격증 관련 설명된 사이트  (0) 2019.03.21
AZ-100 정리  (0) 2019.03.07
Posted by kjun.kr
,